Proof of Process (PoP): Forensic Appraisal and Security Model

Internet-Draft	PoP Appraisal	February 2026
Condrey	Expires 18 August 2026	[Page]

Abstract

This document specifies the forensic appraisal methodology and quantitative security model for the Proof of Process (PoP) framework. It defines how Verifiers evaluate behavioral entropy, perform liveness detection (SNR and Cognitive Load Correlation), and calculate forgery cost bounds. Additionally, it establishes the taxonomy for Absence Proofs and the Tool Receipt protocol for AI attribution within the linear human authoring process.¶

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 18 August 2026.¶

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

1. Introduction

The value of Proof of Process (PoP) evidence lies in the Verifier's ability to distinguish biological effort from algorithmic simulation. This document provides the normative framework for forensic appraisal, defining the appraisal logic required to generate a Writers Authenticity Report (WAR).¶

2. Jitter Seal: Captured Behavioral Entropy

Verifiers appraisal behavioral entropy (jitter) to establish a biological binding to the document.¶

2.1. Entropy Thresholds

For a checkpoint to be considered "Biologically Bound," the JitterDigest MUST contain at least a minimum threshold of min-entropy (H_min). For ENHANCED profiles, this protocol RECOMMENDS H_min = 128 bits per 1,000 characters of input.¶

3. Semantic Event Definitions

Verifiers use canonical semantic events to reconstruct the authorship topology:¶

INS (Insert):: Content addition at specific offsets.¶
DEL (Delete):: Range-based content removal (error correction analysis).¶
MOV (Move):: Content restructuring (high cognitive load indicator).¶
PASTE (Import):: External source integration (AI agent attribution).¶

4. Forensic Assessment Mechanisms

SNR (Signal-to-Noise Ratio) Analysis:: Verifying the 1/f fractal noise signature of human motor signals to detect machine-clocked synthetic injection.¶
Cognitive Load Correlation (CLC):: To defeat high-fidelity deepfake jitter, Verifiers MUST correlate timing cadence with semantic complexity (IKIs for complex vs simple segments).¶
Mechanical Turk Detection:: Analyzing intra-checkpoint correlation (C_intra) to detect "robotic pacing" in automated systems.¶
QR Presence Challenge (OOB-PC):: Bridging the digital-physical gap via secondary physical devices to ensure a human is in the loop.¶

5. Forgery Cost Bounds

Verifiers calculate the quantified economic cost (C_total) required to forge an Evidence Packet:¶

  C_total = C_vdf + C_entropy + C_hardware

C_vdf: Electricity and pro-rated hardware cost for sequential VDF computation.¶
C_entropy: Effort required to synthesize biological noise that satisfies SNR and CLC constraints.¶

[RFC2119]: Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174]: Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC9334]: Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, January 2023, <https://www.rfc-editor.org/info/rfc9334>.

8.2. Informative References

[Goodman2007]: Goodman, A. and V. Zabala, "Using Stylometry for Biometric Keystroke Dynamics", 2007, <https://doi.org/10.1007/978-3-540-77343-6_14>.
[Monrose2000]: Monrose, F. and A. Rubin, "Keystroke dynamics as a biometric for authentication", 2000, <https://doi.org/10.1145/351427.351438>.
[PoP-Protocol]: Condrey, D., "Proof of Process (PoP): Architecture, Evidence Format, and VDF", Work in Progress, Internet-Draft, draft-condrey-rats-pop-protocol-01, 2026, <https://datatracker.ietf.org/doc/html/draft-condrey-rats-pop-protocol-01>.
[Sardar-RATS]: Sardar, M.U., "Security Considerations for Remote ATtestation procedureS (RATS)", May 2024, <https://www.researchgate.net/publication/380430034_Security_Considerations_for_Remote_ATtestation_procedureS_RATS>.

Proof of Process (PoP): Forensic Appraisal and Security Model

Abstract

Status of This Memo

Copyright Notice

Table of Contents

1. Introduction

2. Jitter Seal: Captured Behavioral Entropy

2.1. Entropy Thresholds

3. Semantic Event Definitions

4. Forensic Assessment Mechanisms

5. Forgery Cost Bounds

6. Absence Proofs and Tool Receipts

7. Privacy and Inclusivity

8. References

8.1. Normative References

8.2. Informative References

Author's Address