PROOF
draft-kya-proof-01
Signed invocation proofs.
Cryptographic action logs.
Non-repudiable execution.
1. Proof Model
Every action generates a cryptographic proof. The agent signs what it did. The service signs what it executed. Both are bound together.
Agent signs invocation ↓ Service validates ↓ Service executes ↓ Service signs result ↓ Both proofs stored
2. Invocation Proof
Agent-generated proof of intent:
{
"type": "InvocationProof",
"agentDid": "did:key:z6Mk...",
"action": "tools/call",
"tool": "read_calendar",
"arguments": { "date": "2025-01-29" },
"timestamp": "2025-01-29T12:00:00Z",
"nonce": "abc123",
"delegationRef": "eyJ...",
"proof": {
"type": "Ed25519Signature2020",
"proofValue": "z58DAdFfa9..."
}
}
3. Execution Proof
Service-generated proof of execution:
{
"type": "ExecutionProof",
"serviceDid": "did:key:z6Mk...",
"invocationRef": "sha256:...",
"result": "success",
"timestamp": "2025-01-29T12:00:01Z",
"proof": {
"type": "Ed25519Signature2020",
"proofValue": "z58DAdFfa9..."
}
}
4. Proof Binding
Invocation and execution proofs are cryptographically bound. The execution proof references the invocation hash. Neither can be modified without detection.
invocationRef = sha256(canonicalize(invocationProof)) executionProof.invocationRef = invocationRef
5. Verification
Steps to verify a proof chain:
1. Verify invocation proof signature 2. Verify agent DID matches delegation 3. Verify delegation is valid 4. Verify execution proof signature 5. Verify invocationRef matches 6. Verify timestamps are sequential
6. Replay Protection
Nonces prevent replay attacks.
Timestamps enforce temporal ordering.
Services MUST reject duplicate nonces.