Table of Contents
Fetching ...

Witnessd: Proof-of-process via Adversarial Collapse

David Condrey

TL;DR

The paper argues that cryptographic signatures prove key possession, not authorship, leaving process provenance unresolved. It defines proof-of-process as evidence that a physical interaction produced a digital artifact, and introduces the jitter seal as a concrete primitive binding keystroke dynamics to document states via $J_i$ derived from $S$, $i$, and $H_i$. The Witnessd architecture stacks Verifiable Delay Functions, external timestamp anchors, dual-source keystroke validation, and TPM/Secure Enclave attestation to force allegations across independent trust boundaries, guided by the Adversarial Collapse Principle. Evaluation over $31{,}000$ verification trials shows deterministic rejection of invalid proofs, demonstrating robustness while acknowledging that the system cannot fully prevent forgery but narrows plausible explanations to falsifiable, testable claims.

Abstract

Digital signatures prove key possession, not authorship. An author who generates text with AI, constructs intermediate document states post-hoc, and signs each hash produces a signature chain indistinguishable from genuine composition. We address this gap between cryptographic integrity and process provenance. We introduce proof-of-process, a primitive category for evidence that a physical process, not merely a signing key, produced a digital artifact. Our construction, the jitter seal, injects imperceptible microsecond delays derived via HMAC from a session secret, keystroke ordinal, and cumulative document hash. Valid evidence requires that real keystrokes produced the document through those intermediate states. We propose the Adversarial Collapse Principle as an evaluation criterion: evidence systems should be judged by whether disputing them requires a conjunction of specific, testable allegations against components with independent trust assumptions. We present Witnessd, an architecture combining jitter seals with Verifiable Delay Functions, external timestamp anchors, dual-source keystroke validation, and optional hardware attestation. Each layer forces allegations at different capability levels; disputing authentic evidence requires coordinated claims across independent trust boundaries. The system does not prevent forgery: a kernel-level adversary can defeat it, and typing AI-generated content produces valid evidence. The contribution is converting vague doubt into falsifiable allegations. We evaluate across 31,000 verification trials with deterministic rejection of invalid proofs.

Witnessd: Proof-of-process via Adversarial Collapse

TL;DR

The paper argues that cryptographic signatures prove key possession, not authorship, leaving process provenance unresolved. It defines proof-of-process as evidence that a physical interaction produced a digital artifact, and introduces the jitter seal as a concrete primitive binding keystroke dynamics to document states via derived from , , and . The Witnessd architecture stacks Verifiable Delay Functions, external timestamp anchors, dual-source keystroke validation, and TPM/Secure Enclave attestation to force allegations across independent trust boundaries, guided by the Adversarial Collapse Principle. Evaluation over verification trials shows deterministic rejection of invalid proofs, demonstrating robustness while acknowledging that the system cannot fully prevent forgery but narrows plausible explanations to falsifiable, testable claims.

Abstract

Digital signatures prove key possession, not authorship. An author who generates text with AI, constructs intermediate document states post-hoc, and signs each hash produces a signature chain indistinguishable from genuine composition. We address this gap between cryptographic integrity and process provenance. We introduce proof-of-process, a primitive category for evidence that a physical process, not merely a signing key, produced a digital artifact. Our construction, the jitter seal, injects imperceptible microsecond delays derived via HMAC from a session secret, keystroke ordinal, and cumulative document hash. Valid evidence requires that real keystrokes produced the document through those intermediate states. We propose the Adversarial Collapse Principle as an evaluation criterion: evidence systems should be judged by whether disputing them requires a conjunction of specific, testable allegations against components with independent trust assumptions. We present Witnessd, an architecture combining jitter seals with Verifiable Delay Functions, external timestamp anchors, dual-source keystroke validation, and optional hardware attestation. Each layer forces allegations at different capability levels; disputing authentic evidence requires coordinated claims across independent trust boundaries. The system does not prevent forgery: a kernel-level adversary can defeat it, and typing AI-generated content produces valid evidence. The contribution is converting vague doubt into falsifiable allegations. We evaluate across 31,000 verification trials with deterministic rejection of invalid proofs.
Paper Structure (36 sections, 1 theorem, 5 equations, 14 tables, 3 algorithms)

This paper contains 36 sections, 1 theorem, 5 equations, 14 tables, 3 algorithms.

Key Result

Theorem 1

For any PPT adversary $\mathcal{A}$ making at most $q$ queries: where $R = J_{\max} - J_{\min}$ is the jitter range.

Theorems & Definitions (7)

  • Definition 1: Proof-of-Process
  • Definition 2: Trust Independence
  • Definition 3: Unforgeability
  • Definition 4: Document-Binding
  • Theorem 1: Unforgeability
  • proof
  • Definition 5: Validated Keystroke