Security & Cryptographic Compliance
All algorithms approved by international standards bodies (NIST, BSI, ANSSI, CRYPTREC, SOG-IS). No custom cryptography.
Security Principles
Three principles govern the cryptographic architecture.
No Custom Cryptography
All algorithms are standard NIST/IETF choices implemented via Node.js crypto (OpenSSL). The system contributes architecture, not cryptography.
Three-Layer Integrity
Hash chains ensure records cannot be altered. Digital signatures (Ed25519) prove who created each record. Canonical JSON (JCS) ensures consistent formatting.
No Secrets in Verification
Certificate verification requires only a public key. No platform account, library, or cooperation needed. Anyone verifies independently.
Cryptographic Algorithm Suite
The system supports 30 algorithm combinations. Each record chain selects its algorithms at creation — they cannot be changed afterward.
| Algorithm | Standard | Security |
|---|---|---|
| SHA-256 | FIPS 180-4 | 128-bit |
| SHA-384 | FIPS 180-4 | 192-bit |
| SHA-512 | FIPS 180-4 | 256-bit |
| SHA3-256 | FIPS 202 | 128-bit |
| SHA3-384 | FIPS 202 | 192-bit |
| SHA3-512 | FIPS 202 | 256-bit |
| Algorithm | Standard | Security |
|---|---|---|
| Ed25519 | RFC 8032 | 128-bit |
| Ed448 | RFC 8032 | 224-bit |
| ECDSA P-256 | FIPS 186-5 | 128-bit |
| ECDSA P-384 | FIPS 186-5 | 192-bit |
| ECDSA P-521 | FIPS 186-5 | 256-bit |
30 combinations (6 hashes × 5 signatures × 1 standard format) — each chain locks its algorithms at creation.
Research Foundation
The cryptographic architecture is grounded in a formal threat model derived from a systematic review of academic and industry agent accountability approaches.
AEGIS: AI Agent Accountability Threat Model
Defines 8 threat classes (T1–T8) and 7 evaluation dimensions (D1–D7), providing the rationale for the hash chain, signature, and verification architecture.
Read the full paperDOI: 10.5281/zenodo.18955103
LLM Exposure Monitoring: Platform Openness & Recording Depth
Systematic analysis of AI platform recording capabilities across openness tiers. Establishes the evidence basis for the attestation source model (gateway_observed, platform_verified, agent_reported, cross_verified).
Read the full paperDOI: 10.5281/zenodo.19112060
International Compliance
All algorithms are recognized by the following national and international cryptographic standards bodies.
National Institute of Standards and Technology
All algorithms approved
Bundesamt für Sicherheit in der Informationstechnik
All algorithms recommended
Agence nationale de la sécurité des systèmes d'information
All algorithms recommended
Cryptography Research and Evaluation Committees
All algorithms recommended
Senior Officials Group Information Systems Security
All algorithms agreed
Legal Framework Alignment
Designed to meet legal evidence requirements across jurisdictions.
EU AI Act
Art. 12, 19, 26, 73
Automatic logging, retention, incident reporting
eIDAS
Art. 26 (Advanced Electronic Signatures)
Ed25519 satisfies advanced e-signature requirements
China E-Signature Law
Article 13
Compatible with electronic signature recognition
Open Specification & Verification
The provenance specification is open source. Anyone can inspect the cryptographic architecture, build independent verifiers, or audit the protocol.
Open Provenance Specification
Complete specification for hash chains, certificates, verification protocols, and event schemas. Published under Apache 2.0 with Issuance Rights.
Cryptographic Compliance Statement
Detailed compliance tables for every algorithm against BSI, CRYPTREC, NIST, ANSSI, and SOG-IS standards.