Quantum-Adversary-Resilient Evidence Structures and Migration Strategies for Regulated AI Audit Trails
Leo Kao
TL;DR
This work formalizes audit-trail security for regulated AI under quantum threats by modeling constant-size evidence structures and introducing Q-Audit Integrity, Q-Non-Equivocation, and Q-Binding. It presents a concrete post-quantum hash-and-sign instantiation in the QROM and analyzes three practical migration patterns (hybrid signatures, re-signing legacy records, Merkle-root anchoring) to render existing logs quantum-safe. A case study at Codebat Technologies demonstrates the feasibility and manageable overhead of migrating large-scale audit trails. The results offer a principled framework for designing, migrating, and evaluating quantum-resilient regulatory audit logs with clear trade-offs between security, storage, and computation.
Abstract
Constant-size cryptographic evidence records are increasingly used to build audit trails for regulated AI workloads in clinical, pharmaceutical, and financial settings, where each execution is summarized by a compact, verifiable record of code identity, model version, data digests, and platform measurements. Existing instantiations, however, typically rely on classical signature schemes whose long-term security is threatened by quantum-capable adversaries. In this paper we formalize security notions for evidence structures in the presence of quantum adversaries and study post-quantum (PQ) instantiations and migration strategies for deployed audit logs. We recall an abstraction of constant-size evidence structures and introduce game-based definitions of Q-Audit Integrity, Q-Non-Equivocation, and Q-Binding, capturing the inability of a quantum adversary to forge, equivocate, or rebind evidence items. We then analyze a hash-and-sign instantiation in the quantum random-oracle model (QROM), assuming an existentially unforgeable PQ signature scheme against quantum adversaries, and show that the resulting evidence structure satisfies these notions under standard assumptions. Building on this, we present three migration patterns for existing evidence logs: hybrid signatures, re-signing of legacy evidence, and Merkle-root anchoring, and analyze their security, storage, and computational trade-offs. A case study based on an industrial constant-size evidence platform for regulated AI at Codebat Technologies Inc. suggests that quantum-safe audit trails are achievable with moderate overhead and that systematic migration can significantly extend the evidentiary lifetime of existing deployments.