niklas/amduat-api
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
amduat-api/tier1/per-signature-1.md
Carl Niklas Rydberg a5537e13d3 Add federation and trust/policy tier1 specs
2026-01-17 08:52:02 +01:00

106 lines
2.3 KiB
Markdown
Raw Blame History

# PER/SIGNATURE/1 -- PER Signature Layout
Status: Draft
Owner: Architecture
Version: 0.1.0
SoT: No
Last Updated: 2025-01-17
Tags: [per, signatures, determinism]
**Document ID:** `PER/SIGNATURE/1`
**Layer:** L2 -- Execution receipt signatures (no encoding)
**Depends on (normative):**
* `ASL/DAM/1`
* `ASL/LOG/1`
**Informative references:**
* `ASL/POLICY-HASH/1`
* `TGK/1` -- linking signatures via edges
---
## 0. Conventions
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.
PER/SIGNATURE/1 defines the logical signature payload and validation steps for PER artifacts. It does not define encodings.
---
## 1. Purpose
A PER signature certifies that a deterministic execution occurred under a specific snapshot, with specific inputs, producing a specific output.
---
## 2. Canonical Signing Payload
```text
PERSignaturePayload {
domain_id : DomainID
snapshot_id : SnapshotID
per_artifact_id : ArtifactID
input_artifact_ids[] : ArtifactID (sorted)
program_id : ProgramID
logseq : u64
}
```
---
## 3. Canonicalization Rules (Normative)
1. Byte order: big-endian
2. Arrays: sorted lexicographically by ArtifactID
3. No optional fields
4. No timestamps or environment data
---
## 4. Signature Object
```text
PERSignature {
payload_hash : Hash
public_key : PublicKey
signature : Signature
algorithm : SigAlgorithm
}
```
---
## 5. Validation Procedure (Normative)
To validate a PER:
1. Load snapshot
2. Resolve DAM
3. Recompute canonical payload
4. Verify signature against `public_key`
5. Verify `public_key` is in DAM and has `execute` role
6. Verify `snapshot_id` and `logseq` match visibility constraints
If any step fails, the PER MUST be rejected as authoritative.
---
## 6. Failure Modes
| Condition | Result |
| ------------------ | ------------------------- |
| Missing signature | PER is informational only |
| Invalid signature | Reject PER |
| Key not in DAM | Reject PER |
| Snapshot mismatch | Reject PER |
| Input mismatch | Reject PER |
---
## 7. Summary
PER/SIGNATURE/1 defines a minimal, deterministic signature payload and validation procedure for PER artifacts.
Reference in a new issue View git blame Copy permalink