# PER/SIGNATURE/1 -- PER Signature Layout Status: Draft Owner: Architecture Version: 0.1.0 SoT: No Last Updated: 2025-01-17 Tags: [per, signatures, determinism] **Document ID:** `PER/SIGNATURE/1` **Layer:** L2 -- Execution receipt signatures (no encoding) **Depends on (normative):** * `ASL/DAM/1` * `ASL/LOG/1` **Informative references:** * `ASL/POLICY-HASH/1` * `TGK/1` -- linking signatures via edges --- ## 0. Conventions The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119. PER/SIGNATURE/1 defines the logical signature payload and validation steps for PER artifacts. It does not define encodings. --- ## 1. Purpose A PER signature certifies that a deterministic execution occurred under a specific snapshot, with specific inputs, producing a specific output. --- ## 2. Canonical Signing Payload ```text PERSignaturePayload { domain_id : DomainID snapshot_id : SnapshotID per_artifact_id : ArtifactID input_artifact_ids[] : ArtifactID (sorted) program_id : ProgramID logseq : u64 } ``` --- ## 3. Canonicalization Rules (Normative) 1. Byte order: big-endian 2. Arrays: sorted lexicographically by ArtifactID 3. No optional fields 4. No timestamps or environment data --- ## 4. Signature Object ```text PERSignature { payload_hash : Hash public_key : PublicKey signature : Signature algorithm : SigAlgorithm } ``` --- ## 5. Validation Procedure (Normative) To validate a PER: 1. Load snapshot 2. Resolve DAM 3. Recompute canonical payload 4. Verify signature against `public_key` 5. Verify `public_key` is in DAM and has `execute` role 6. Verify `snapshot_id` and `logseq` match visibility constraints If any step fails, the PER MUST be rejected as authoritative. --- ## 6. Failure Modes | Condition | Result | | ------------------ | ------------------------- | | Missing signature | PER is informational only | | Invalid signature | Reject PER | | Key not in DAM | Reject PER | | Snapshot mismatch | Reject PER | | Input mismatch | Reject PER | --- ## 7. Summary PER/SIGNATURE/1 defines a minimal, deterministic signature payload and validation procedure for PER artifacts.