SSM-Clock Stamp – Append-only Chain (1.4)

Purpose. Define the append-only chain that makes ordering tamper-evident in SSM-Clock Stamp. All rules are plain ASCII and offline-verifiable.

Construction (must)

  • Core (everything before the chain):
    stamp_core = "SSMCLOCK1|" + iso_utc + "|" + rasi_idx + "|" + theta_deg + "|" + h_file
  • Seed tip: chain_0 = "0"*64
  • Step rule (record k in local order):
    chain_k = H_chain( ascii(chain_{k-1} + "|" + stamp_core_k) )
    where H_chain is kv:chain_algo else sha256.
  • Emit as lowercase 64-hex in the chain field.

Properties (why it works)

  • Order immutability. Deleting or reordering any prior record changes every subsequent chain_k; tampering is immediately exposed.
  • ASCII determinism. The concatenation hashed is exactly the ASCII bytes of chain_{k-1} + "|" + stamp_core_k (7-bit ASCII; no Unicode punctuation, no spaces).
  • Algorithm agility. chain_algo may be sha256, sha3_256, or blake2b-256; per-stamp selection is allowed and recorded via kv: (still 256-bit → 64-hex).

Verification (two modes)

  • Isolated stamp (no previous tip):
    • Validate shape: chain ∈ [0-9a-f]{64} and all other fields pass (file digest, angles, etc.).
    • Ordering cannot be proven without chain_{k-1} (or a ledger). Keep for later rewalk.
  • Ledger rewalk (preferred):
    • Initialize tip = chain_0.
    • For each stamp k in recorded local order:
      tip = H_chain_k( ascii(tip + "|" + stamp_core_k) )
      Require: tip == chain_k. First mismatch → FAIL.
    • Note: H_chain_k uses the declared kv:chain_algo on that specific stamp.

Multi-device / merges (practical)

  • Use optional provenance keys to avoid collisions:
    kv:chain_id = <8 hex>, kv:device = <ascii_token> ([A-Za-z0-9._-]{1,32}).
  • These do not affect math/verification; they help you keep per-device chains distinct before any policy-driven merge.
  • To anchor a day’s set publicly, compute the daily roll-up separately (see anchors):
    rollup_D = sha256( ascii(Stamp_1 "|" ... "|" Stamp_n) ) with canonical sort by (iso_utc, stamp_core, chain).

Acceptance (must checks)

  • chain is lowercase 64-hex.
  • If previous tip is available, rewalk must reproduce chain_k exactly using the per-stamp chain_algo.
  • All concatenations hashed are ASCII of the literal strings shown.

Common pitfalls

  • Adding spaces or using Unicode separators in the hashed string.
  • Printing chain in uppercase hex.
  • Forgetting that chain_algo can vary per stamp (rewalk must use each stamp’s own declared algorithm).

Navigation
Back: SSM-Clock Stamp – File Hash (1.3)
Next: SSM-Clock Stamp – Canonical Formatting Rules (1.5)