Composable Attestation: A Generalized Framework for Continuous and Incremental Trust in AI-Driven Distributed Systems

TL;DR

This paper introduces a generalized cryptographic framework called composable attestation, enabling scalable, modular, and cryptographically secure trust verification in distributed AI systems and supply chains, supporting incremental updates and dynamic configurations.

Contribution

It establishes a rigorous mathematical foundation for composable attestation, explores various cryptographic constructions, and demonstrates their properties and applications in AI and distributed systems.

Findings

Merkle trees enable efficient composable attestation proofs.

Alternative schemes like accumulators and multi-signatures offer performance-security trade-offs.

Formal analysis confirms adherence to core properties of the framework.

Abstract

This paper presents composable attestation as a generalized cryptographic framework for Continuous and Incremental Trust in Distributed Systems,such as Artificial Intelligence (AI) computation, and Open Source Software (OSS) supply chain verification. We establish a rigorous mathematical foundation which is defining core properties of such attestation systems: composability, order independence, transitivity, determinism, inclusion, and dynamic component verification. In contrast to traditional attestation methodologies relying on monolithic verification, composable attestation facilitates modular, scalable, and cryptographically secured integrity verification adaptable to evolving system configurations. This work introduces generalized attestation proof generation and verification functions, implementable via a variety of cryptographic constructions, in which Merkle trees plays vital role in constructing the composable attestation proof. Alternative constructions, including accumulator-based schemes and multi-signature approaches, are also explored, each presenting distinct trade-offs in performance, security, and functionality. Formal analysis demonstrates the adherence of these implementations to the fundamental properties . The framework's utility extends to applications such as secure AI model integrity verification , federated learning, and runtime trust assurance. The concept of attestation inclusion is introduced, permitting incremental integration of new components without necessitating full system re-attestation. This generalized approach reinforce trust in AI computation and broader distributed computing environments through cryptographically verifiable proof mechanisms, building upon foundational concepts of bootstrapping trust.