P175 — AIEP — Evidence Hash Chain Integrity Verification Protocol

Publication Date: 2026-03-27 Status: Open Source Prior Art Disclosure Licence: Apache License 2.0 Author/Organisation: Phatfella Ltd Schema: AIEP_OS_SPEC_TEMPLATE v1.0.1 — https://aiep.dev/schemas/aiep-os-spec-template/v1.0.1

Framework Context

[0001] This disclosure operates within an Architected Instruction and Evidence Protocol (AIEP) environment as defined in United Kingdom patent application number GB2519711.2, filed 20 November 2025, the entire contents of which are incorporated herein by reference.

[0002] The present disclosure defines a protocol for continuously and retrospectively verifying the content integrity of every evidence artefact held in an AIEP evidence corpus through a HashChain — a deterministic, ordered sequence of artefact content hashes chained together such that any undetected modification to any artefact or to the ordering of artefacts produces a verifiable deviation in the HashChain.

Field of the Disclosure

[0003] This disclosure relates to cryptographic integrity verification protocols for large, continuously growing evidence corpora in distributed artificial intelligence governance systems.

[0004] More particularly, the disclosure concerns: a HashChain construction algorithm that incrementally extends a running chain digest as artefacts are admitted to the corpus; a periodic batch verification scheduler; a HashChainCertificate format enabling cross-node integrity attestation; a HashChainDeviation record published when a deviation is detected; and the relationship between HashChain verification and the ProvenanceChain (P150) and audit log (P171) mechanisms.

Background

[0005] Evidence corpora are long-term assets in AIEP systems. An artefact admitted to the corpus in 2026 may be retrieved for reasoning in 2030. Without a mechanism for detecting persistent content modification — whether due to storage corruption, malicious tampering, or software defect — a reasoning chain has no assurance that the artefact content it receives is identical to the content that was admitted, normalised, and classified at ingestion time.

[0006] Individual artefact content hashes stored at ingestion (P150 ProvenanceChain, INGEST step) provide per-artefact protection but require lookups proportional to corpus size to verify. A HashChain provides a constant-size proof of corpus integrity: a single comparison of the current chain digest against a known-good reference verifies the integrity of the entire corpus, in order, to that point.

[0007] HashChains also detect reordering attacks: an attacker removing a legitimate artefact and inserting a replacement in its position would produce a valid hash for the replacement but an invalid chain digest at every subsequent position — immediately detectable.

Summary of the Disclosure

[0008] HashChainEntry: Each time an artefact is admitted to the corpus (after ingestion, normalisation, and classification are complete), the HashChain admits a new entry:

• entry_index — monotonically increasing integer (zero-based; first entry = 0)
• deid — the Distributed Evidence Identity of the admitted artefact (P162)
• content_hash — SHA-256 of the canonical content of the artefact (P10 normalised form)
• previous_chain_digest — the chain_digest of the immediately preceding entry (or 0x00...00 for entry index 0)
• chain_digest — SHA-256 of entry_index || deid || content_hash || previous_chain_digest
• admitted_at — ISO 8601 timestamp

[0009] ChainHead: The most recent HashChainEntry is the ChainHead. The ChainHead’s chain_digest is the integrity summary of the entire corpus in admission order. Any node holding a copy of the corpus and the ChainHead can independently verify corpus integrity by recomputing the chain from entry 0.

[0010] HashChainCertificate: Periodically (by default: every 24 hours, configurable) the HashChain node issues a HashChainCertificate:

• certificate_id — SHA-256 of canonical serialisation
• issued_by — node fingerprint (P46)
• issued_at — ISO 8601 timestamp
• chain_head_index — entry_index of the ChainHead at issuance time
• chain_head_digest — chain_digest of the ChainHead at issuance time
• total_entries — total number of entries since genesis
• certificate_signature — cryptographic signature by the issuing node

[0011] HashChainCertificate Distribution: Certificates are published to all registered mirror nodes (P60–P63) and to the AuditLog (P171). Nodes retaining corpus mirrors may independently verify their local copies against received certificates by recomputing their local chain digests.

[0012] Periodic Batch Verification: The BatchVerifier runs on each node holding corpus storage, triggered by a configurable schedule (default: weekly) or by receipt of a HashChainCertificate. The BatchVerifier recomputes content hashes for all artefacts in the local corpus and reconstructs the HashChain from entry 0, comparing the computed chain digest at each position against the stored chain_digest for that entry. Deviation at any position produces a HashChainDeviationRecord.

[0013] HashChainDeviationRecord: A deviation record is published when the BatchVerifier or any client detects a mismatch:

• deviation_id — SHA-256 of canonical serialisation
• detected_by — node fingerprint (P46)
• detected_at — ISO 8601 timestamp
• first_failing_index — entry_index of the first HashChainEntry where the computed digest does not match the stored digest
• first_failing_deid — DEID of the artefact at first_failing_index
• expected_digest — the stored chain_digest for that entry
• computed_digest — the recomputed digest
• severity — SINGLE_ARTEFACT (only one artefact’s content hash is wrong; chain is otherwise intact) or CHAIN_BREAK (chain digest failure propagates from first_failing_index forward, indicating reordering or insertion)
• remediation_status — OPEN, UNDER_INVESTIGATION, RESOLVED_QUARANTINE (artefact quarantined per P155), RESOLVED_RESTORED

[0014] Integration with ProvenanceChain: The INGEST step in the ProvenanceChain (P150) records the artefact’s content_hash. The HashChain uses the same content_hash value. A deviation detected by the HashChain can be cross-referenced with the ProvenanceChain to determine whether the content was already incorrect at ingestion or was modified post-ingestion.

ASCII Architecture

Artefact Admission
(post-normalisation, post-classification)
        │
        ▼
┌───────────────────────────┐
│  HashChain Append         │
│  compute content_hash     │
│  chain_digest = SHA-256(  │
│    index || deid ||       │
│    content_hash ||        │
│    prev_chain_digest)     │
└──────────┬────────────────┘
           │
           ▼ (every 24h)
┌───────────────────────────┐    ┌──────────────────────────┐
│  HashChainCertificate     │───▶│  Mirrors (P60-P63)       │
│  (head_index, head_digest)│    │  AuditLog (P171)         │
└───────────────────────────┘    └──────────────────────────┘
           │
           ▼ (weekly batch)
┌───────────────────────────┐
│  BatchVerifier            │
│  recompute all hashes     │
│  reconstruct chain        │
│  compare stored digests   │
└──────────┬────────────────┘
           │ deviation detected
           ▼
┌───────────────────────────┐
│  HashChainDeviationRecord │───▶ Quarantine (P155)
│  (severity, DEID, index)  │     AuditLog (P171)
└───────────────────────────┘     Notify (P180)

Operational Detail

[0015] Incremental Chain Extension: On high-throughput nodes admitting large numbers of artefacts per day, chain extension is performed atomically as part of the admission transaction. Chain extension must be serialised (no parallel chain extension) to guarantee monotonic entry_index assignment. Where parallel admission pipelines exist, artefacts are batched and admitted to the HashChain in atomic, serialised transactions with well-defined intra-batch ordering (e.g. deterministic canonical sort of DEIDs within a batch).

[0016] Corpus Completeness Guarantee: The HashChain covers only artefacts in active status (not quarantined artefacts, not redacted artefacts). Quarantined artefacts (P155) are removed from the chain at position by inserting a QUARANTINE_TOMBSTONE entry at the position of the quarantined artefact, which records the quarantine decision audit reference but contributes a fixed content indicating the quarantine event rather than the original artefact content.

[0017] Cross-Node Chain Comparison: Two nodes independently operating HashChains for the same corpus scope may compare chain digests at specific entry indices (identified by DEID) to verify mutual consistency without exchanging the full corpus. A BinarySearch protocol over the chain allows efficient identification of the first divergence point between two nodes’ chains in O(log n) exchanges.

Claims-Exclusion Notice

This specification is published as open-source prior art. No patent claims are asserted by the author in respect of the mechanisms described. Any third party seeking to patent mechanisms substantially equivalent to those described herein is placed on notice of this prior art disclosure.