{"schema":"rawctx.trust.proof.v1","public_spec_version":"rawctx.trust.public_verifier.v1","canonical_json":{"encoding":"utf-8","object_keys":"sorted lexicographically before JSON serialization","separators":"compact JSON without insignificant whitespace","hash":"sha256:<hex digest of canonical JSON bytes>"},"merkle":{"algorithm":"sha256-merkle-v1","empty_tree_hash_payload":{"algorithm":"sha256-merkle-v1","leaves":[],"type":"empty_tree"},"leaf_hash":{"input":"proof.leaf.canonical_payload","formula":"canonical_hash({ payload: canonical_payload, type: \"trust_log_leaf\" })"},"parent_hash":{"formula":"canonical_hash({ algorithm: \"sha256-merkle-v1\", left: ensure_hash(left), right: ensure_hash(right), type: \"node\" })","odd_leaf_rule":"when a level has an odd number of nodes, duplicate the final node as its right sibling"},"inclusion_proof":{"leaf_index":"1-based","step_shape":"{ position: \"left\" | \"right\", hash: \"sha256:...\" }","verification":"fold proof.leaf.leaf_hash through proof.inclusion_proof and compare with proof.signed_tree_head.root_hash"}},"signed_tree_head":{"payload_binding":"signed_tree_head.signed_payload.root_hash/tree_size must match signed_tree_head.root_hash/tree_size","signature_payload_hash":{"formula":"canonical_hash({ payload: signed_tree_head.signed_payload, purpose: \"rawctx.trust.signed_tree_head\" })","binding":"signed_tree_head.metadata.signature_payload_hash and signed_tree_head.metadata.signature_signed_material.digest, when present, must equal this hash"},"signature_digest":"AWS KMS ECDSA signatures are verified over signature_payload_hash, not over canonical_hash(signed_payload) alone"},"signed_checkpoint":{"checkpoint_hash":{"formula":"canonical_hash({ payload: checkpoint_payload, type: \"rawctx.trust.checkpoint.v1\" })"},"signed_checkpoint_hash":{"formula":"canonical_hash({ checkpoint_hash, signature, type: \"rawctx.trust.signed_checkpoint\" })"},"signature_digest":"checkpoint_statement.signature.signed_material.digest, when present, must equal checkpoint_hash","receipt_statement_hash":"receipt_json.statement_hash, when present, must equal canonical_hash(checkpoint_statement)"},"inference_proofs":{"sidecar_schema":"rawctx.inference.proof.bundle.v1","proof_hash":{"formula":"canonical_hash({ proof, type: \"rawctx.inference.proof.v1\" })","binding":"sidecar.proof_hash and sidecar.statement.proof_hash must both equal the recomputed proof hash"},"statement_hash":{"v1_formula":"canonical_hash({ statement, type: \"rawctx.inference.proof.statement.v1\" })","v2_formula":"canonical_hash({ statement, type: \"rawctx.inference.proof.statement.v2\" })","binding":"sidecar.statement_hash must equal the formula selected by statement.schema"},"verification_hash":{"formula":"canonical_hash({ verification, type: \"rawctx.inference.proof.verification.v1\" })","binding":"v2 statements must carry statement.verification_hash equal to this recomputed hash"},"merkle_binding":"sidecar.trust_leaf.leaf_hash must recompute from sidecar.trust_leaf.canonical_payload and its inclusion_proof must fold to signed_tree_head.root_hash","subject_binding":"the inference proof trust leaf subject must commit inference_proof_hash, statement_hash, answer_hash, answer_log_id, commitment_hash, status, backend, and proof_type","public_statuses":["adapter_verified","commitment_bound"],"public_backends":["ezkl_v1","hash_only","mock_v1","provider_attested"]},"public_bundle_fields":["version","subject","payload_statement","leaf","inclusion_proof","signed_tree_head","anchor_receipts","witness_receipts","policy","retention","verification","inference_commitment","inference_proofs"],"public_external_checks":{"bitcoin":{"block_hash_url":"https://blockstream.info/api/block-height/{height}","block_url":"https://blockstream.info/api/block/{block_hash}","check":"claimed block hash and merkle_root match the OpenTimestamps attestation"},"rekor":{"entry_url":"https://rekor.sigstore.dev/api/v1/log/entries?logIndex={log_index}","check":"entry body data hash and Rekor witness signature bind to the rawctx signed checkpoint"}},"signatures":{"aws_kms_ecdsa_sha256":{"message_type":"DIGEST","digest_input":"32-byte SHA-256 digest identified by the displayed sha256:<hex> value","signature_encoding":"ASN.1 DER ECDSA signature over the precomputed digest","public_key_source":"public_key_pem_b64 embedded in the signed tree head or signed checkpoint"},"aws_kms_ml_dsa_shake256":{"message_type":"RAW","digest_input":"canonical JSON signing material containing the displayed sha256:<hex> value and purpose","signature_encoding":"ML-DSA signature returned by AWS KMS","public_key_source":"public_key_der_b64 embedded in the signed tree head or signed checkpoint","offline_verification":"reported as SKIP and trust_status=SIGNATURE_UNVERIFIED until the public verifier ships ML-DSA verification"}},"commitments":{"hmac_sha256":"public privacy commitments use hmac-sha256:<key-id>:<hex digest>; the public verifier checks the shape and internal binding but cannot recompute HMACs without the tenant secret","sha256":"public non-secret reference hashes use sha256:<hex digest>"},"privacy_boundary":["The public verifier spec exposes algorithms, public receipt fields, hashes, and public transparency-log lookup templates.","It does not expose tenant-private raw question text, raw answer text, media files, storage keys, or workspace session data.","Inference commitments are exposed as rawctx.inference.commitment.public.v1 summaries; raw model_ref, runtime, provider attestations, and proof artifact URIs are not public proof material."]}