Protocol for verifiable computational experiments
K-Veritas binds experiment metadata to tamper-evident records so any reviewer can independently verify what was executed.
Core Principles
Passivity
Observers monitor execution without mutating original experiment logic.
Data boundaries
Captured evidence focuses on metadata and telemetry, not proprietary datasets.
Environment integrity
Dependencies and runtime fingerprints are recorded to detect drift.
Tamper-Evidence
Any modification to the signed report invalidates verification.
Data Models
Experiment UUID, machine fingerprint, attestation token, project root
Command, duration, exit status, stdout and stderr hashes
Canonical data hash, RSA-PSS signature, nonce, timestamp
Cryptographic Signing
payload = "{data_hash}:{nonce}:{signed_at}"
signature = RSA-PSS-SHA256(payload, salt=MAX, key=4096)The DataHash is a canonical SHA-256 digest of captured execution state. The signer validates machine identity and token context before sealing.
Metric Capture
K-Veritas captures telemetry from real-time output streams. Each metric remains linked to traceable execution context.
KVERITAS_METRIC name=<id> value=<float> [step=<label>]
Example (Python): print(f"KVERITAS_METRIC name=accuracy value={acc}")
Example (Bash): echo "KVERITAS_METRIC name=loss value=0.24"
Standard Workflow
init
Client registers with the server using a machine fingerprint.
run
Experiment executes while runtime outputs are monitored and hashed.
seal
Session is finalized and cryptographically signed.
verify
Independent audit of the embedded signature and metrics.