SSM-Clock Stamp – Chain Continuity (2.4)

Purpose. Verify tamper-evident ordering by recomputing the append-only chain across a local ledger. Result flag: CHAIN_OK.

When you can check it.

  • With a ledger: rewalk the chain (preferred).
  • Without a ledger: you can only shape-check chain (64-hex); set CHAIN_OK=na.

Definitions (ASCII, recap)

  • stamp_core_k = "SSMCLOCK1|" + iso_utc + "|" + rasi_idx + "|" + theta_deg + "|" + h_file
  • chain_0 = "0"*64
  • chain_k = H_chain_k( ascii(chain_{k-1} + "|" + stamp_core_k) )
    where H_chain_k is kv:chain_algo on that row (default sha256).

Ledger rewalk (verifier procedure)

  1. Init: tip = chain_0.
  2. Scan rows in recorded order. For each row k:
    • Rebuild stamp_core_k from the row (exact ASCII).
    • Let H_chain_k = kv:chain_algo else sha256.
    • Compute calc = H_chain_k( ascii(tip + "|" + stamp_core_k) ).
    • Require: calc == row.chain (string equal, lowercase 64-hex).
    • Set tip = calc.
  3. Membership check (optional): if you are validating a particular file’s sidecar, require a row for that file with an exact chain match.
  4. Pass/fail: first mismatch → FAIL (break position = k). If the scan completes cleanly, set CHAIN_OK=true.

Isolated stamp (no ledger available)

  • Validate shape: chain ∈ [0-9a-f]{64} and all other checks (file/clock) pass.
  • Set CHAIN_OK=na. You can verify ordering later when a ledger is available.

Why this proves ordering

  • Each chain_k commits to everything before it via chain_{k-1}.
  • Any deletion, insertion, or reordering changes all subsequent chain_k, exposing tampering immediately.

Acceptance rules (must)

  • Rewalk uses the declared kv:chain_algo per row.
  • All hash inputs are the exact ASCII bytes of the shown concatenations (literal |, no spaces, no Unicode punctuation).
  • chain fields are lowercase 64-hex.

Common pitfalls

  • Using a single algorithm for all rows when some declare a different kv:chain_algo.
  • Adding spaces or using non-ASCII separators inside hashed strings.
  • Uppercase hex in chain.
  • Rebuilding stamp_core_k with a differently formatted theta_deg (must match the recorded fixed-digits string).

Outcome

  • CHAIN_OK=true if the rewalk completes and (optionally) the target file’s row is present.
  • CHAIN_OK=false with the first failing row index and a brief reason, e.g., mismatch at k=127.
  • CHAIN_OK=na if no ledger is provided.

Navigation
Back: SSM-Clock Stamp – Clock Consistency (2.3)
Next: SSM-Clock Stamp – Anchor Verification (2.5)