Remote ATtestation procedureS D. Condrey Internet-Draft WritersLogic Intended status: Experimental 16 February 2026 Expires: 20 August 2026 Proof of Process (PoP): Architecture and Evidence Format draft-condrey-rats-pop-protocol-04 Abstract This document specifies the Proof of Process (PoP) Evidence Framework, a specialized profile of Remote Attestation Procedures (RATS) designed to validate the provenance of effort in digital authorship. Unlike traditional provenance, which tracks file custody, PoP attests to the continuous physical process of creation. The protocol defines a cryptographic mechanism for generating Evidence Packets utilizing a composite Sequential Work Function (SWF) to enforce temporal monotonicity and Cross-Domain Constraint Entanglement (CDCE) to bind behavioral entropy (human jitter) and physical state to the document. Technical specifications for wire formats, sequential work functions, and hardware-anchored trust are provided. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 20 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. Condrey Expires 20 August 2026 [Page 1] Internet-Draft PoP Protocol February 2026 This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 3. System Model . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1. RATS Entity Roles . . . . . . . . . . . . . . . . . . . . 4 3.2. Compatibility with RATS Architecture . . . . . . . . . . 5 4. Threat Model . . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Adversarial Attester Model . . . . . . . . . . . . . . . 5 4.2. Security Goals . . . . . . . . . . . . . . . . . . . . . 6 4.3. Attack Taxonomy . . . . . . . . . . . . . . . . . . . . . 7 4.3.1. Retype Attack . . . . . . . . . . . . . . . . . . . . 7 4.3.2. Replay Attack . . . . . . . . . . . . . . . . . . . . 8 4.3.3. Relay Attack . . . . . . . . . . . . . . . . . . . . 8 4.3.4. SWF Acceleration Attack . . . . . . . . . . . . . . . 8 4.3.5. AE Spoofing . . . . . . . . . . . . . . . . . . . . . 8 4.3.6. Diversion Attack . . . . . . . . . . . . . . . . . . 8 4.4. Out-of-Scope Threats . . . . . . . . . . . . . . . . . . 8 5. Core Principles and Claims . . . . . . . . . . . . . . . . . 9 6. Protocol Rationale and Terminology . . . . . . . . . . . . . 9 7. Attester State Machine . . . . . . . . . . . . . . . . . . . 10 8. Evidence Content Tiers . . . . . . . . . . . . . . . . . . . 10 9. Attestation Assurance Levels . . . . . . . . . . . . . . . . 10 9.1. Tier T1: Software-Only . . . . . . . . . . . . . . . . . 11 9.2. Tier T2: Attested Software . . . . . . . . . . . . . . . 11 9.3. Tier T3: Hardware-Bound . . . . . . . . . . . . . . . . . 11 9.4. Tier T4: Hardware-Hardened . . . . . . . . . . . . . . . 11 10. Profile Architecture . . . . . . . . . . . . . . . . . . . . 11 10.1. Conformance Requirements . . . . . . . . . . . . . . . . 12 11. Evidence Format and CDDL . . . . . . . . . . . . . . . . . . 12 11.1. Checkpoint Hash Computation . . . . . . . . . . . . . . 15 12. Sequential Work Function . . . . . . . . . . . . . . . . . . 15 12.1. Construction . . . . . . . . . . . . . . . . . . . . . . 16 12.2. Verification Protocol . . . . . . . . . . . . . . . . . 16 12.3. Security Bound . . . . . . . . . . . . . . . . . . . . . 16 12.4. Hardware-Anchored Time (HAT) . . . . . . . . . . . . . . 16 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 13.1. CBOR Tags . . . . . . . . . . . . . . . . . . . . . . . 17 13.2. SMI Private Enterprise Number . . . . . . . . . . . . . 17 Condrey Expires 20 August 2026 [Page 2] Internet-Draft PoP Protocol February 2026 13.3. EAT Profile . . . . . . . . . . . . . . . . . . . . . . 17 13.4. Media Types . . . . . . . . . . . . . . . . . . . . . . 17 14. Security Considerations . . . . . . . . . . . . . . . . . . . 17 14.1. Primary Threat: Adversarial Attester . . . . . . . . . . 17 14.2. Retype Attack Defenses . . . . . . . . . . . . . . . . . 18 14.3. Relay and Replay Attack Defenses . . . . . . . . . . . . 18 14.4. SWF Acceleration Defenses . . . . . . . . . . . . . . . 19 14.5. Trust Gradation by Tier . . . . . . . . . . . . . . . . 19 14.6. Forgery Cost Bounds . . . . . . . . . . . . . . . . . . 20 14.7. Denial of Service . . . . . . . . . . . . . . . . . . . 20 14.8. Implementation Security Requirements . . . . . . . . . . 20 15. Privacy Considerations . . . . . . . . . . . . . . . . . . . 21 15.1. Data Minimization . . . . . . . . . . . . . . . . . . . 21 15.2. Behavioral Fingerprinting . . . . . . . . . . . . . . . 21 15.3. Physical State Leakage . . . . . . . . . . . . . . . . . 21 15.4. Unlinkability . . . . . . . . . . . . . . . . . . . . . 21 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 16.1. Normative References . . . . . . . . . . . . . . . . . . 21 16.2. Informative References . . . . . . . . . . . . . . . . . 23 Appendix A: SWF Test Vectors . . . . . . . . . . . . . . . . . . 23 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 24 1. Introduction The rapid proliferation of generative artificial intelligence has created an authenticity crisis in digital discourse. While traditional provenance tracks the "custody of pixels," it fails to attest to the human-driven process of creation. This document specifies the Proof of Process (PoP) protocol, which extends the RATS architecture [RFC9334] to validate the "provenance of effort." Unlike traditional attestation which captures static system state, PoP attests to a continuous physical process. It introduces Proof of Biological Space-Time (PoBST) to enforce temporal monotonicity and Cross-Domain Constraint Entanglement (CDCE) to bind behavioral entropy (human jitter) and physical state (thermodynamics) to the document's evolution. By entangling content hashes with these physical constraints, this protocol enables an Attester to generate an Evidence Packet (.pop) that imposes quantifiable cost on forgery of authorship claims, preserving privacy by design without disclosing document content. Condrey Expires 20 August 2026 [Page 3] Internet-Draft PoP Protocol February 2026 2. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. System Model This section defines the PoP system model in terms of the RATS architecture [RFC9334] and identifies where PoP diverges from standard remote attestation assumptions. 3.1. RATS Entity Roles PoP maps to RATS entity roles as follows: Attester: The authoring application and its host platform. The Attester generates Evidence Packets (.pop) containing behavioral entropy, physical state markers, and SWF proofs. Unlike traditional RATS deployments, the Attester in PoP is operated by the entity whose claims are being verified (the author). Attesting Environment (AE): The software and hardware components that collect telemetry and generate cryptographic bindings. This includes the authoring application, operating system interfaces for entropy collection, and hardware Secure Elements (TPM/SE) when available. Verifier: An entity that appraises Evidence Packets and produces Attestation Results (WAR). Verifiers may be operated by publishers, platforms, or independent third parties. Verifier logic is specified in [PoP-Appraisal]. Relying Party: Consumers of WAR Results who make trust decisions based on the appraisal. This includes publishers, readers, or automated systems that need authenticity assurance. Endorser: Entities that provide Reference Values for verification. In PoP, this includes hardware manufacturers (TPM endorsement certificates) and the PoP specification itself (defining expected behavioral patterns). Condrey Expires 20 August 2026 [Page 4] Internet-Draft PoP Protocol February 2026 3.2. Compatibility with RATS Architecture PoP implements a specialized RATS profile with a critical trust inversion: in traditional remote attestation, the Attester is a device whose owner (Relying Party) wants assurance about its state. The adversary is typically external -- malware, network attackers, or supply chain threats. In PoP, the Attester is operated by the author, and the Relying Party (publisher, reader) has no privileged access to the authoring environment. The primary adversary is the Attester operator themselves. This fundamental inversion shapes the entire security model: * Evidence must be unforgeable by the entity generating it * Temporal claims must be bound to physical constraints the Attester cannot circumvent * Behavioral entropy must be computationally expensive to simulate * Hardware attestation provides value only when the hardware root of trust is genuinely inaccessible to the Attester operator Despite this inversion, PoP maintains compatibility with RATS message flows and data formats, enabling integration with existing RATS infrastructure where appropriate. 4. Threat Model This section defines the adversary model following the methodology of [RFC3552] and incorporating insights from RATS security analysis [Sardar-RATS]. The threat model assumes a Dolev-Yao style adversary [Dolev-Yao] with domain-specific constraints. 4.1. Adversarial Attester Model The PRIMARY threat in PoP is an adversarial Attester -- an author who controls the Attesting Environment and seeks to generate Evidence for content they did not authentically author. This inverts the standard RATS trust assumption where the Attester is trusted to report honestly. The adversarial Attester has the following capabilities: * *Full software control:* Can modify, instrument, or replace any software component including the authoring application and operating system Condrey Expires 20 August 2026 [Page 5] Internet-Draft PoP Protocol February 2026 * *Timing manipulation:* Can adjust system clocks, virtualize execution environments, and attempt to compress or expand apparent time * *Entropy injection:* Can inject synthetic behavioral data (keystroke timing, jitter sequences) from pre-recorded or generated sources * *Content pre-generation:* Can generate document content using AI tools or other assistance before initiating the attestation session * *Parallel execution:* Can run multiple attestation sessions simultaneously or use distributed resources The adversary is constrained by: * *Physics:* Cannot violate thermodynamic laws or accelerate hardware beyond physical limits * *Memory bandwidth:* MHSF computations are bounded by available memory bandwidth * *Hardware isolation:* In T3/T4 tiers, cannot extract keys from Secure Elements without physical tampering * *Economic rationality:* Will not expend resources exceeding the value of successful forgery 4.2. Security Goals PoP provides the following authentication properties, defined in terms of adversary advantage: Temporal Authenticity: Given Evidence claiming authorship duration D, an adversary cannot produce valid Evidence in time significantly less than D. Formally: Adv_temporal = Pr[Verify(E) = accept AND Time(Generate(E)) < D - epsilon] is negligible for meaningful epsilon. Behavioral Authenticity: Given Evidence containing behavioral entropy B, an adversary cannot efficiently generate synthetic entropy that is indistinguishable from biological origin. The cost of generating synthetic behavioral data satisfying all forensic constraints MUST exceed a defined threshold. Content Binding: Evidence E is cryptographically bound to document D Condrey Expires 20 August 2026 [Page 6] Internet-Draft PoP Protocol February 2026 such that E cannot be repurposed to attest a different document D'. This property is unconditional given collision resistance of SHA-256. Non-repudiation (T3/T4): In hardware-bound tiers, Evidence is signed with keys that the Attester cannot extract or duplicate, providing non-repudiation of the attestation act. 4.3. Attack Taxonomy The following attacks are in scope for PoP defenses: 4.3.1. Retype Attack The canonical forgery attack against PoP: an adversary generates content using AI or other assistance, then retypes the pre-existing content while collecting "authentic" behavioral telemetry. This attack exploits the gap between typing existing text and composing original text. PoP defends against retype attacks through: * *Cognitive Load Correlation:* Authentic composition exhibits increased inter-keystroke intervals during high-complexity passages. Retyping known text shows uniform timing regardless of content complexity. Evidence with semantic-timing correlation r < 0.2 is flagged for additional scrutiny (see Section 14.2). * *Error Topology:* Authentic authoring exhibits characteristic error patterns (hesitations, deletions near recent insertions, self-corrections). Retyping from reference exhibits either unnaturally low error rates or artificially injected errors lacking positional correlation. * *Semantic-Temporal Binding:* The SWF proof binds the document's semantic evolution to wall-clock time. Retyping requires real- time effort proportional to document length, even if content was pre-generated. Retype attacks remain economically viable for short documents. The forgery cost scales with document length and checkpoint frequency, providing graduated assurance rather than binary security. Condrey Expires 20 August 2026 [Page 7] Internet-Draft PoP Protocol February 2026 4.3.2. Replay Attack Attempting to reuse previously valid Evidence for new claims. Defeated by Physical Freshness anchors that bind Evidence to non- reproducible physical state (thermal trajectories, kernel entropy samples). 4.3.3. Relay Attack Forwarding challenges or Evidence between a legitimate author and an adversary's session. In PoP, this manifests as claiming credit for another author's work. Defeated by hardware-bound signing (T3/T4) and out-of-band presence challenges that verify physical proximity. 4.3.4. SWF Acceleration Attack Using specialized hardware to compute SWF proofs faster than consumer hardware. Mitigated by Argon2id's memory-hardness (computation bounded by memory bandwidth, not ALU throughput) and Hardware- Anchored Time in T3/T4 tiers. 4.3.5. AE Spoofing Presenting a virtualized or modified Attesting Environment as genuine. In T1/T2 tiers, this is possible and Evidence should be weighted accordingly. T3/T4 tiers require hardware attestation that is difficult to spoof without physical access to the Secure Element. 4.3.6. Diversion Attack An adversary redirects Evidence intended for one Verifier to a different Verifier or Relying Party context. PoP Evidence Packets do not inherently bind to a specific Verifier identity. When conveyed over TLS, implementations SHOULD use Exported Keying Material [RFC9266] to bind Evidence to the transport session. For offline verification, Relying Parties MUST evaluate Evidence provenance through out-of-band channels. 4.4. Out-of-Scope Threats The following threats are explicitly out of scope: * *Nation-state HSM compromise:* Adversaries capable of extracting keys from certified HSMs via invasive physical attacks * *Physics-level laboratory spoofing:* Adversaries capable of simulating thermal trajectories and entropy sources at sub- microsecond precision Condrey Expires 20 August 2026 [Page 8] Internet-Draft PoP Protocol February 2026 * *Quantum computation:* Attacks requiring large-scale quantum computers (SHA-256 collision, Argon2id inversion) 5. Core Principles and Claims Building on the threat model defined above, PoP operates on five primary constraints: * Physics-based Cost: Memory-Hard Sequential Functions (MHSF) establish an economic lower bound on forgery, ensuring consumer hardware remains competitive with specialized ASICs. * Physical Freshness: Replay and simulation attacks are defeated by anchoring sessions to irreversible physical markers (Thermal Trajectories and Kernel Entropy pools). Every session incorporates Non-deterministic Physical Freshness sampled within the AE at the start of the sequential work function execution. * Biological Binding: Captured human motor-signal randomness (jitter) serves as the non-deterministic seed for the spacetime proof. * Out-of-Band Presence: Utilizing secondary physical devices (e.g., smartphone QR scans) to bridge the digital-physical gap and ensure a human is in the loop. * Asymmetric Verification: The sequential work function allows proofs to be verified probabilistically via Merkle-sampled audit proofs, ensuring scalability and DoS resistance. 6. Protocol Rationale and Terminology The Proof of Process (PoP) framework follows the RATS architecture while introducing domain-specific extensions for physical process attestation. PoP Evidence Packet (.pop): An Attester artifact containing Merkle trees, PoBST traces, and physical liveness markers (CBOR tag 1347571280, encoding ASCII "POP "). WAR Result (.war): A Verifier Attestation Result containing signed EAT claims and forensic assessments (CBOR tag 1463894560). The WAR format is specified in [PoP-Appraisal]. PoBST: Proof of Biological Space-Time. A memory-hard sequential function with probabilistic verification, entangled with human jitter. Condrey Expires 20 August 2026 [Page 9] Internet-Draft PoP Protocol February 2026 CDCE: Cross-Domain Constraint Entanglement. The method of weaving jitter and thermodynamics into the cryptographic chain. SWF: Sequential Work Function. The composite construction combining Argon2id and iterated SHA-256 (see Section 12). 7. Attester State Machine The Attesting Environment (AE) MUST implement the following formal state machine: * RECORDING: AE captures semantic events and physical telemetry into a hash-linked buffer. Events are appended and the block hash is updated. * PENDING_CHECK: The current event block is frozen to prepare for a checkpoint. No new events are accepted into this block. * CHECKPOINT: AE computes the SWF over the entangled seed (previous hash + current jitter + physical markers). * SEALING: The Attester generates a final snapshot, signs the transcript root with a hardware Secure Element (TPM/SE), and prepares the transport container (.pop). 8. Evidence Content Tiers PoP Evidence packets are classified by the depth of behavioral and forensic data collected: CORE (Tier Value 1): Checkpoint chain with PoBST proofs, SHA-256 content binding, and physical freshness anchors. Proves temporal ordering and content integrity. ENHANCED (Tier Value 2): All CORE components plus behavioral entropy capture (Jitter Seals) and intra-checkpoint correlation. Adds evidence of interactive authoring behavior. MAXIMUM (Tier Value 3): All ENHANCED components plus CDCE, error topology analysis, and forgery cost bounds. Provides the strongest available evidence. 9. Attestation Assurance Levels The attestation tier system maps to established assurance frameworks including NIST SP 800-63B Authenticator Assurance Levels (AAL), ISO/ IEC 29115 Levels of Assurance (LoA), and Entity Attestation Token (EAT) security levels as defined in [RFC9711]. Condrey Expires 20 August 2026 [Page 10] Internet-Draft PoP Protocol February 2026 9.1. Tier T1: Software-Only Binding Strength: none or hmac_local NIST AAL Mapping: AAL1 Security Properties: * SWF timing provides temporal ordering * Hash chains provide tamper evidence * Jitter entropy provides behavioral binding * No hardware root of trust; keys stored in software 9.2. Tier T2: Attested Software T2 extends T1 with optional hardware attestation hooks. The AE attempts to use platform security features (Keychain, DeviceCheck) but degrades gracefully. Maps to AAL2. 9.3. Tier T3: Hardware-Bound Requires TPM 2.0 or platform Secure Enclave key binding. Evidence generation MUST fail if hardware is unavailable. Maps to AAL3. 9.4. Tier T4: Hardware-Hardened Discrete TPM + PUF binding + Enclave execution. Anti-tamper evidence required. Exceeds AAL3 requirements; maps to ISO/IEC 29115 LoA4. 10. Profile Architecture The PoP specification defines three implementation profiles that establish Mandatory-to-Implement (MTI) requirements for interoperability. Condrey Expires 20 August 2026 [Page 11] Internet-Draft PoP Protocol February 2026 +============+======================+======+==========+=========+ | Feature ID | Feature Name | CORE | ENHANCED | MAXIMUM | +============+======================+======+==========+=========+ | 1 | swf-argon2id-sha256 | M | M | M | +------------+----------------------+------+----------+---------+ | 2 | content-binding | M | M | M | +------------+----------------------+------+----------+---------+ | 4 | checkpoint-chain | M | M | M | +------------+----------------------+------+----------+---------+ | 50 | behavioral-entropy | O | M | M | +------------+----------------------+------+----------+---------+ | 105 | hardware-attestation | O | O | M | +------------+----------------------+------+----------+---------+ Table 1 10.1. Conformance Requirements A conforming Attester MUST implement at least the CORE profile. A conforming Verifier MUST be capable of validating all three profiles. Verifiers encountering unknown fields MUST ignore them and proceed with validation of known fields. 11. Evidence Format and CDDL Evidence Packets are CBOR-encoded [RFC8949] and identified by semantic tag 1347571280. The CDDL notation [RFC8610] is used to define the wire format. ; Primary structures evidence-packet = { 1 => uint, ; version (MUST be 1) 2 => tstr, ; profile-uri 3 => uuid, ; packet-id 4 => pop-timestamp, ; created 5 => document-ref, ; document 6 => [+ checkpoint], ; checkpoints ? 7 => attestation-tier, ; T1-T4 ? 8 => [* tstr], ; limitations ? 9 => profile-declaration, ; profile ? 10 => [+ presence-challenge], ; QR/OOB proofs ? 18 => physical-liveness, ; CDCE markers } checkpoint = { 1 => uint, ; sequence (monotonic) 2 => uuid, ; checkpoint-id 3 => pop-timestamp, ; timestamp (local) Condrey Expires 20 August 2026 [Page 12] Internet-Draft PoP Protocol February 2026 4 => hash-value, ; content-hash 5 => uint, ; char-count 6 => edit-delta, ; delta 7 => hash-value, ; prev-hash 8 => hash-value, ; checkpoint-hash 9 => process-proof, ; SWF proof 10 => jitter-binding, ; behavioral-entropy 11 => physical-state, ; CDCE Weave 12 => bstr .size 32, ; entangled-mac } document-ref = { 1 => hash-value, ; content-hash ? 2 => tstr, ; filename 3 => uint, ; byte-length 4 => uint, ; char-count ? 5 => hash-salt-mode, ; salting mode ? 6 => bstr, ; salt-commitment } process-proof = { 1 => proof-algorithm, ; algorithm id 2 => proof-params, ; SWF params 3 => bstr, ; input (seed) 4 => bstr, ; output (root) 5 => [+ merkle-proof], ; sampled proofs 6 => float32, ; claimed-duration } ; Subsidiary type definitions attestation-tier = &( software-only: 1, attested-software: 2, hardware-bound: 3, hardware-hardened: 4, ) proof-algorithm = &( sha256-chain: 1, pobst-argon2id: 20, ) hash-salt-mode = &( unsalted: 0, author-salted: 1, ) proof-params = { Condrey Expires 20 August 2026 [Page 13] Internet-Draft PoP Protocol February 2026 1 => uint, ; time-cost (t) 2 => uint, ; memory-cost (m, KiB) 3 => uint, ; parallelism (p) 4 => uint, ; iterations } jitter-binding = { 1 => [+ float32], ; intervals (ms) 2 => float32, ; entropy-estimate (bits) 3 => bstr .size 32, ; jitter-seal (HMAC) } merkle-proof = { 1 => uint, ; leaf-index 2 => [+ bstr .size 32], ; sibling-path 3 => bstr .size 32, ; leaf-value } edit-delta = { 1 => int, ; chars-added 2 => int, ; chars-deleted 3 => uint, ; op-count ? 4 => [* edit-position], ; positions } edit-position = [ uint, ; offset int, ; change (+/-) ] physical-state = { 1 => [+ float32], ; thermal (relative) 2 => uint, ; entropy-delta ? 3 => bstr .size 32, ; kernel-commitment } physical-liveness = { 1 => [+ thermal-sample], ; thermal trajectory 2 => bstr .size 32, ; entropy-anchor } thermal-sample = [ pop-timestamp, ; sample time float32, ; temperature delta ] presence-challenge = { 1 => bstr, ; challenge-nonce Condrey Expires 20 August 2026 [Page 14] Internet-Draft PoP Protocol February 2026 2 => bstr, ; device-signature 3 => pop-timestamp, ; response-time } profile-declaration = { 1 => tstr, ; profile-id 2 => [+ uint], ; feature-flags } ; Base types uuid = bstr .size 16 pop-timestamp = #6.1(number) hash-value = { 1 => hash-algorithm, 2 => bstr, } hash-algorithm = &( sha256: 1, sha384: 2, sha512: 3, ) 11.1. Checkpoint Hash Computation The checkpoint-hash field MUST be computed as follows: checkpoint-hash = SHA-256( prev-hash || content-hash || CBOR-encode(edit-delta) || CBOR-encode(jitter-binding) || CBOR-encode(physical-state) || process-proof.output ) Where || denotes concatenation and CBOR-encode produces deterministic CBOR per Section 4.2 of [RFC8949]. 12. Sequential Work Function PoP uses a composite Sequential Work Function (SWF) combining Argon2id [RFC9106] for memory-hardness with iterated SHA-256 for sequential ordering. This construction is NOT a Verifiable Delay Function in the formal sense [Boneh2018]; it does not provide efficient public verification of the delay claim from the output alone. Condrey Expires 20 August 2026 [Page 15] Internet-Draft PoP Protocol February 2026 Instead, verification relies on Merkle-sampled audit proofs: the Attester commits to a Merkle tree over intermediate states, and the Verifier checks a random subset of state transitions. This provides probabilistic verification in O(k * log n) time where k is the sample count and n is the iteration count. 12.1. Construction The SWF is computed as follows: state_0 = Argon2id(seed, salt=seed, t=1, m=65536, p=1, len=32) for i in 1..iterations: state_i = SHA-256(state_{i-1}) output = state_iterations The salt for Argon2id MUST be set equal to the seed value to ensure deterministic output. Implementations MUST NOT use a random salt. 12.2. Verification Protocol The Verifier MUST: 1. Recompute Argon2id from the declared seed to obtain state_0 2. For each sampled proof in the Merkle tree, verify the sibling path against the committed root and recompute SHA-256(state_i) to compare against state_{i+1} 3. Verify the final state matches the declared output A minimum of 20 sampled proofs is REQUIRED for CORE profile. ENHANCED profile requires 50 proofs. MAXIMUM profile requires 100 proofs. 12.3. Security Bound An adversary who skips fraction f of iterations will be detected with probability 1-(1-f)^k where k is the number of sampled proofs. With k=20 and f=0.1, detection probability exceeds 0.878. With k=100 and f=0.05, detection probability exceeds 0.994. 12.4. Hardware-Anchored Time (HAT) In T3/T4 tiers, the AE MUST anchor the SWF seed to the TPM Monotonic Counter. This prevents "SWF Speed-up" attacks by ensuring that the temporal proof is bound to the hardware's internal perception of time. Condrey Expires 20 August 2026 [Page 16] Internet-Draft PoP Protocol February 2026 13. IANA Considerations This document requests the following IANA registrations: 13.1. CBOR Tags Registration of CBOR tag 1347571280 (encoding ASCII "POP ") for PoP Evidence Packets and tag 1463894560 (encoding ASCII "WAR ") for WAR Results. 13.2. SMI Private Enterprise Number This document uses SMI PEN 65074, which has been requested from IANA for WritersLogic Inc. Registration is pending confirmation. 13.3. EAT Profile Registration of the EAT profile URI: urn:ietf:params:rats:eat:profile:pop:1.0 13.4. Media Types Requests registration of: * application/vnd.writerslogic-pop+cbor * application/vnd.writerslogic-war+cbor 14. Security Considerations This section provides security analysis following [RFC3552] guidelines. The threat model is defined in Section 4 with the adversarial Attester as the primary threat actor. Detailed forensic security analysis is provided in [PoP-Appraisal]. 14.1. Primary Threat: Adversarial Attester Unlike traditional remote attestation where external adversaries threaten system integrity, PoP's primary threat is the Attester operator themselves. The author controls the Attesting Environment and has incentive to claim authenticity for AI-generated or assisted content. This threat model inversion has fundamental implications: * Software-only attestation (T1) provides minimal assurance since the Attester controls all software Condrey Expires 20 August 2026 [Page 17] Internet-Draft PoP Protocol February 2026 * Cryptographic proofs must be bound to physical constraints the Attester cannot circumvent * Behavioral entropy must be economically expensive to forge, not merely cryptographically secure * Trust in Evidence scales with the Attestation Tier and the cost of bypassing its guarantees 14.2. Retype Attack Defenses The retype attack (see Section 4.3.1) is the canonical forgery vector. Defenses are layered: Cognitive Load Correlation (CLC): Verifiers MUST analyze correlation between content complexity and typing cadence. Retyping known text produces flat cognitive load curves; authentic composition shows elevated latency during complex passages. Detection threshold: r < 0.2 correlation flags evidence for additional scrutiny. Error Topology Analysis: Authentic authoring produces characteristic error patterns: corrections localized near recent insertions, deletion-to-insertion ratios consistent with human cognitive models [Salthouse1986], and fractal self-similarity in revision patterns. Retyping produces either unnaturally low error rates or randomly distributed artificial errors. Temporal Cost: Even successful retype attacks require real-time effort. A 5,000-word document with 10-second checkpoint intervals requires 8+ hours of continuous typing effort to forge. The attack does not scale economically for high-volume forgery. Relying Parties MUST understand that retype attacks remain viable for short documents or high-value targets willing to invest real time. PoP provides graduated assurance proportional to document length and checkpoint density. 14.3. Relay and Replay Attack Defenses As defined in Section 4.3.2 and Section 4.3.3, these attacks are defeated through Physical Freshness anchors binding Evidence to non- reproducible physical state: * Thermal trajectories captured during SWF computation cannot be replayed * Kernel entropy pool deltas are bound to specific execution moments Condrey Expires 20 August 2026 [Page 18] Internet-Draft PoP Protocol February 2026 * Out-of-band presence challenges (QR scans) verify real-time physical proximity Verifiers MUST reject Evidence where physical freshness markers are stale, inconsistent with timestamps, or exhibit patterns suggesting simulation. 14.4. SWF Acceleration Defenses As analyzed in Section 4.3.4, specialized hardware attacks are mitigated by: * *Memory-hardness:* Argon2id computation is bounded by memory bandwidth (approximately 50 GB/s for DDR5), not ALU throughput. ASICs provide minimal advantage. * *Hardware-Anchored Time (T3/T4):* SWF seeds are bound to TPM monotonic counters, preventing time compression even with faster computation. * *Merkle sampling:* Skipping SWF iterations is detected probabilistically. With k=100 samples, skipping 5% of iterations has >99.4% detection probability. 14.5. Trust Gradation by Tier Relying Parties MUST interpret Evidence according to its Attestation Tier: T1 (Software-Only): Provides temporal ordering and content binding only. Adversarial Attester can forge all behavioral claims. Suitable only for low-stakes applications or as supplementary evidence. T2 (Attested Software): Adds platform attestation hooks but degrades gracefully. Provides moderate assurance against casual forgery but not determined adversaries. T3 (Hardware-Bound): Signing keys are hardware-protected. Forgery requires physical access to the Secure Element. Provides strong assurance for most applications. T4 (Hardware-Hardened): Anti-tamper evidence and PUF binding. Forgery requires invasive hardware attacks. Suitable for high- stakes legal or financial applications. Condrey Expires 20 August 2026 [Page 19] Internet-Draft PoP Protocol February 2026 14.6. Forgery Cost Bounds Implementations SHOULD report quantified forgery cost estimates in WAR Results. For CORE profile (10,000 iterations, m=65536 KiB): * Sequential computation time: approximately 45 seconds per checkpoint * Memory requirement: 64 MiB per concurrent chain * Energy cost: approximately 0.01 USD per checkpoint at consumer electricity rates For ENHANCED profile, adversary must additionally satisfy behavioral constraints (CV > 0.15, semantic correlation r > 0.3, error topology matching). These constraints are conjunctive per checkpoint and scale superlinearly with checkpoint count due to session consistency requirements. 14.7. Denial of Service SWF verification is asymmetric: Merkle-sampled proofs verify in O(k * log n) versus O(n) generation. Verifiers cannot be overwhelmed by expensive verification requests. Implementations SHOULD implement rate limiting on Evidence submission. 14.8. Implementation Security Requirements Conforming implementations MUST: * Use constant-time comparison for all cryptographic operations * Zero sensitive memory (keys, jitter data) after use * Validate all input lengths and formats before processing * Reject Evidence with inconsistent internal state (e.g., checkpoint-hash verification failure) T3/T4 implementations MUST additionally: * Store signing keys exclusively in hardware Secure Elements * Bind SWF seeds to TPM monotonic counters * Verify platform integrity before Evidence generation Condrey Expires 20 August 2026 [Page 20] Internet-Draft PoP Protocol February 2026 15. Privacy Considerations This section addresses privacy in accordance with [RFC6973]. 15.1. Data Minimization PoP Evidence Packets MUST NOT contain document content. Content binding uses cryptographic hashes (SHA-256) which are computationally irreversible. The author-salted mode (hash-salt-mode=1) provides additional protection by preventing rainbow-table correlation across documents. 15.2. Behavioral Fingerprinting Jitter sequences in ENHANCED and MAXIMUM profiles constitute behavioral biometrics. Verifiers MUST NOT: * Store jitter data beyond the verification session * Correlate jitter across multiple Evidence Packets to deanonymize authors * Use jitter data for any purpose other than authenticity verification Attesters SHOULD quantize jitter values to reduce fingerprinting precision while preserving statistical validity. A minimum quantization of 5ms is RECOMMENDED. 15.3. Physical State Leakage Thermal trajectories and kernel entropy deltas in the physical-state field may reveal information about the Attester's hardware configuration. Implementations SHOULD normalize thermal data to relative deltas rather than absolute values to prevent device fingerprinting. 15.4. Unlinkability Authors who wish to remain pseudonymous SHOULD use per-document signing keys and the author-salted content binding mode to prevent cross-document linkage. 16. References 16.1. Normative References Condrey Expires 20 August 2026 [Page 21] Internet-Draft PoP Protocol February 2026 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, . [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data Definition Language (CDDL): A Notational Convention to Express Concise Binary Object Representation (CBOR) and JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, June 2019, . [RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object Representation (CBOR)", STD 94, RFC 8949, DOI 10.17487/RFC8949, December 2020, . [RFC9106] Biryukov, A., Dinu, D., Khovratovich, D., and S. Josefsson, "Argon2 Memory-Hard Function for Password Hashing and Proof-of-Work Applications", RFC 9106, DOI 10.17487/RFC9106, September 2021, . [RFC9266] Whited, S., "Channel Bindings for TLS 1.3", RFC 9266, DOI 10.17487/RFC9266, July 2022, . [RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, January 2023, . Condrey Expires 20 August 2026 [Page 22] Internet-Draft PoP Protocol February 2026 [RFC9711] Lundblade, L., Mandyam, G., O'Donoghue, J., and C. Wallace, "The Entity Attestation Token (EAT)", RFC 9711, DOI 10.17487/RFC9711, April 2025, . 16.2. Informative References [Boneh2018] Boneh, D., Bonneau, J., Bunz, B., and B. Fisch, "Verifiable Delay Functions", CRYPTO 2018, 2018, . [Dolev-Yao] Dolev, D. and A. Yao, "On the Security of Public Key Protocols", IEEE Transactions on Information Theory 29(2), 198-208, 1983, . [PoP-Appraisal] Condrey, D., "Proof of Process (PoP): Forensic Appraisal and Security Model", Work in Progress, Internet-Draft, draft-condrey-rats-pop-appraisal-03, 2026, . [Salthouse1986] Salthouse, T.A., "Perceptual, Cognitive, and Motoric Aspects of Transcription Typing", Psychological Bulletin 99(3), 303-319, 1986, . [Sardar-RATS] Sardar, M.U., "Security Considerations for Remote ATtestation procedureS (RATS)", Work in Progress, Internet-Draft, draft-sardar-rats-sec-cons-02, February 2026, . Appendix A: SWF Test Vectors The following test vectors validate SWF implementations. The salt for Argon2id is set equal to the seed. Condrey Expires 20 August 2026 [Page 23] Internet-Draft PoP Protocol February 2026 Seed: "witnessd-genesis-v1" Seed (hex): 7769746e657373642d67656e657369732d7631 Salt: (same as seed) Argon2id Parameters: Time Cost (t): 1 Memory Cost (m): 65536 KiB Parallelism (p): 1 Output Length: 32 bytes Iterations: 10,000 Intermediate States: state_0 (Argon2id): 80c61705757b131005819066fad7f251a0fee7016cdae38eb753409931d1b46a state_1000: a9aa3186ec6a3cdcc299735564f46ac42e31cacb463ced34d6d7e4086625dbe3 state_5000: 4264f594f871d61029fb413715b391977bc7bb40144fa8b6e89cb04a7de0d160 state_9999: 4ece1d5c51ca6b7a5da4827416535566fca98ea260fa00b2f93e10ee63b98498 state_10000 (final): bf3883035ced837663ccc46a37d1e4fd4f324a5caeadbd17f9bf0c34004294dc Author's Address David Condrey WritersLogic Inc San Diego, California, United States Email: david@writerslogic.com Condrey Expires 20 August 2026 [Page 24]