AuditLog.AI logoAuditLog.AI

Sentinel QMSv5 · AuditLog.AI · Technology

Deterministic Post-Export Verification Without Custody

AuditLog.AI anchors cryptographic commitments to establish verifiable timestamps for exported audit artefacts. Sentinel QMSv5 Auditor performs deterministic comparison of independently anchored states (T₀ vs T₁) using hash-only identifiers—producing PASS/FAIL outcomes and explicit cryptographic enumeration when divergence is present.

  • Evidence remains local — no patient or trial data is transferred.
  • Each artefact is represented by paired digests (SHA-256 + RIPEMD-160(SHA-256)).
  • Verification compares cryptographic invariants (integrity and evidence-set membership), not filenames or paths.
  • Anchoring commits digests to Bitcoin using SENTINEL|SESSION|<r160>|<sha8> payloads.

For the verification model and CRO-facing guide, see Documentation / Guide; for results and reproducing reported outputs, see Reproducibility; for payload examples and TXIDs, see Anchors.

End-to-end proof-of-unchanged reproducibility pipeline

End-to-End Proof-of-Unchanged Pipeline

The workflow below summarises the post-export verification model. Each step is deterministic, custody-preserving, and verifiable using hash-only artefacts.

1
Assemble & review

A QA-approved exported evidence bundle is selected for verification. No cryptographic commitments are published until the bundle is stable.

Local custody
2
Freeze & dual-hash

Each artefact is hashed locally: SHA-256 then RIPEMD-160(SHA-256). Sidecars (.hash, .2ha) and optional OTS proofs (.hash.ots) may be created.

Hash-only artefacts
3
Deterministic comparison (QMSv5 Auditor)

Two independently anchored states (T₀ vs T₁) are compared using (sha256,r160) multiset parity and evidence-set membership checks. Paths and names are ignored.

Deterministic PASS/FAIL
4
Human verification (HVT-A)

Human oversight verifies the machine-deterministic outputs and, where relevant, confirms enumerated divergence against pre-anchored ground truth keys.

Human-verified governance
5
Bitcoin anchoring

A compact payload is anchored via OP_RETURN on Bitcoin L1 (e.g., SENTINEL|SESSION|<r160>|<sha8>) to provide a public timestamp commitment.

Public verifiability

Hashing, OTS, and OP_RETURN payload

Verification uses cryptographic identifiers only:

  • File-level digests: SHA-256(bytes)RIPEMD-160(SHA-256).
  • OpenTimestamps (OTS): optional .hash.ots proofs can attest that a given hash existed before specific Bitcoin blocks.
  • Session-level payload: the frozen session log (hash-only) is reduced to a compact public commitment:

SENTINEL|SESSION|<ripemd160>|<sha8>

Anchoring provides a public timestamp commitment. Verification remains local: any verifier can recompute digests from retained exports and confirm whether an evidence state is unchanged relative to a reference state.

Tamper challenges (Stage IIIB context)

Stage IIIB used a blinded, HMAC-randomized deletion challenge to generate controlled divergence without exposing filenames or content to operators.

  • Computes a canonical identifier per artefact for challenge scoring.
  • Applies HMAC-SHA256 under a secret key to obtain deterministic rankings.
  • Selects a bounded deletion set (top-K) per arm under pre-specified caps.
  • Publishes only hash-only diffs and deterministic mismatch enumeration for verification.

These challenge mechanics are disclosed as study context. The verification model itself does not require challenge generation and is applicable to routine post-export integrity verification.