Network Working Group K. Singh Internet-Draft Apex Intelligence Empire Intended status: Standards Track March 17, 2026 Expires: September 18, 2026 Proof of Sovereign Integrity (PSI): A Cryptographic Protocol for Verifiable AI Regulatory Compliance draft-singh-psi-00 Abstract This document specifies the Proof of Sovereign Integrity (PSI) Protocol, version 1.2, a cryptographic framework enabling organizations to prove compliance with AI regulations (including the EU AI Act 2024/1689, NIST AI RMF, UK AI Safety Institute guidelines, and equivalent frameworks) without disclosing proprietary model architectures, training data, or inference logic. PSI achieves this through a combination of SHA-256 hash-chained audit trails, Ed25519 digital signatures, Merkle inclusion proofs, Groth16-compatible zero-knowledge commitments over BN128 fields, and a 3-node Multi-Party Computation (MPC) consensus mechanism with 2/3 threshold verification. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 18, 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . 3 4. Cryptographic Primitives . . . . . . . . . . . . . . . . . . 4 5. Verification Pipeline . . . . . . . . . . . . . . . . . . . 5 6. Deterministic Pre-Flight . . . . . . . . . . . . . . . . . . 6 7. Merkle Tree Construction . . . . . . . . . . . . . . . . . . 7 8. MPC Consensus Layer . . . . . . . . . . . . . . . . . . . . 7 9. Zero-Knowledge Commitments . . . . . . . . . . . . . . . . . 8 10. Sovereign Tribunal . . . . . . . . . . . . . . . . . . . . . 9 11. Predicate Registry . . . . . . . . . . . . . . . . . . . . . 9 12. Proof Bundle Format . . . . . . . . . . . . . . . . . . . . 10 13. Legal-to-Technical Mapping . . . . . . . . . . . . . . . . . 11 14. Security Considerations . . . . . . . . . . . . . . . . . . 11 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . 12 16. Orbital Integrity Protocol (OIP) . . . . . . . . . . . . . . 13 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 1. Introduction The proliferation of artificial intelligence systems across critical sectors has created an urgent need for verifiable compliance mechanisms. The EU AI Act mandates technical conformity assessment for high-risk AI systems. Existing compliance approaches suffer from IP exposure risk, non-verifiability, and reliance on trust. The PSI Protocol addresses these limitations through cryptographic verification primitives that enable mathematical proof of compliance without disclosing protected intellectual property. PSI v1.2 introduces Deterministic Mode (blocking non-compliant actions before commit) and the Sovereign Tribunal (human ratification). 2. Terminology Commit: An atomic action submitted for compliance verification. Predicate: A machine-readable regulatory requirement (e.g. EU AI Act Article 14). Commit Hash: SHA-256(JCS(action || predicate_id || timestamp)). Merkle Root: The root hash of the binary tree containing ledger entries. MPC Node: One of three independent verification nodes. Proof Bundle: A JSON document containing all cryptographic artifacts for verification. Sovereign Tribunal: A panel of 5 independent auditors providing human ratification. PIL: Protocol Intervention Layer (runtime execution gate). 3. Protocol Overview The PSI Protocol operates as a 4-stage pipeline: Stage 1 - COMMIT: Input action and predicate. Run deterministic pre-flight check. Compute commit_hash and merkle_leaf. Stage 2 - CHALLENGE: Evaluate commit against predicate violation patterns. Compute challenge_hash and record status. Stage 3 - PROVE: Generate Merkle inclusion proof. Generate Groth16- compatible ZK commitment over BN128 fields. Stage 4 - VERIFY: 3 MPC nodes independently verify the proof. 2/3 consensus required. Sign result with Ed25519. 4. Cryptographic Primitives 4.1. Hash Function PSI uses SHA-256. Input MUST be canonicalized using RFC 8785 (JCS) before hashing. 4.2. Digital Signatures Ed25519 (RFC 8032) is used for non-repudiation of Merkle roots and auditor verdicts. 4.3. Merkle Trees Binary Merkle trees are constructed from leaf hashes. Deterministic ordering and leaf duplication for odd counts are required. 4.4. Zero-Knowledge Commitments ZK commitments use BN128 finite field arithmetic. Proof elements (pi_A, pi_B, pi_C) demonstrate knowledge of action satisfying the predicate without revealing the action. 4.5. Sequence Counter A monotonic sequence counter with gap detection prevents omission attacks on the ledger. 5. Verification Pipeline 1. Commit: Generate ID, JCS canonical hash, and persist. 2. Challenge: Match against violation patterns; assign status. 3. Prove: Generate Merkle proof path and ZK commitment. 4. Verify: MPC nodes audit integrity and sign root hash. 6. Deterministic Pre-Flight The PIL evaluates actions BEFORE commit. If action matches HIGH or UNACCEPTABLE risk patterns, the PIL blocks execution and prevents ledger entry. 7. Merkle Tree Construction Trees are computed by recursively hashing lexicographically sorted sibling pairs. ProofPath includes sibling hashes and positions. 8. MPC Consensus Layer Verification is distributed across Alpha, Beta, and Gamma nodes. Consensus ensures that no single entity can forge a compliance certificate. 9. Zero-Knowledge Commitments BN128 field operations provide the privacy layer. The system uses Groth16 elements to prove predicates without data disclosure. 10. Sovereign Tribunal Human oversight is provided by 5 auditors. 3/5 threshold is required for final ratification of automated verdicts. 11. Predicate Registry Contains machine-readable rules for EU AI Act, MiFID II, DORA, NIST AI RMF, and AU Privacy Act. 12. Proof Bundle Format Standardized JSON including merkle_root, ed25519_signature, and zk_proof points. 13. Legal-to-Technical Mapping Article 12: Immutable logging + RFC 8785. Article 14: Human Oversight PIL + Sovereign Tribunal. Article 15: MPC consensus + ZK-Integrity. 14. Security Considerations Protocol mitigates log tampering, false-negatives, and single points of failure. IP protection is guaranteed by ZK mathematics. 15. IANA Considerations Requests registration of application/psi-proof+json and the psi:// URI scheme. 16. Orbital Integrity Protocol (OIP) Extends PSI to space-based compute. Defines LAM levels for radiation-tolerant proof generation on satellite hardware. 17. References RFC 2119, RFC 8032, RFC 8785, EU 2024/1689. Authors' Addresses Kawaljeet Singh Apex Intelligence Empire Balaclava, Victoria, Australia Email: kawaljeet.singh3008@gmail.com URI: https://apex-infrastructure.com