# Claimant model ## **System^CHECKSUM** System^CHECKSUM is about the claims made by a data publisher. * **Claim^CHECKSUM**: _I, data publisher, claim that the data_: 1. has cryptographic hash X 2. is produced by no-one but myself * **Statement^CHECKSUM**: signed checksum
* **Claimant^CHECKSUM**: data publisher
The data publisher is a party that wants to publish some data to an end-user. * **Believer^CHECKSUM**: end-user
Belief is based on seeing a valid Statement^CHECKSUM. * **Verifier^CHECKSUM**: data publisher
The data publisher tries to detect unwanted statements. * **Arbiter^CHECKSUM**:
There's no official body. Invalidated claims would affect reputation. System^CHECKSUM\* can be defined to make more specific claims. Below is a reproducible builds example. ### **System^CHECKSUM-RB**: System^CHECKSUM-RB is about the claims made by a _software publisher_ that makes reproducible builds available. * **Claim^CHECKSUM-RB**: _I, software publisher, claim that the data_: 1. has cryptographic hash X 2. is the output of a reproducible build for which the source can be located using X as an identifier * **Statement^CHECKSUM-RB**: Statement^CHECKSUM * **Claimant^CHECKSUM-RB**: software publisher
* **Believer^CHECKSUM-RB**: end-user
Belief is based on seeing a valid Statement^CHECKSUM-RB. * **Verifier^CHECKSUM-RB**: any interested party
These parties try to verify the above claims. For example: * the software publisher itself (_"has my identity been compromised?"_) * rebuilders that check for locatability and reproducibility * **Arbiter^CHECKSUM-RB**:
There's no official body. Invalidated claims would affect reputation. ## **System^CHECKSUM-LOG**: System^CHECKSUM-LOG is about the claims made by a _log operator_. It adds _discoverability_ into System^CHECKSUM\*. Discoverability means that Verifier^CHECKSUM\* can see all Statement^CHECKSUM that Believer^CHECKSUM\* accept. * **Claim^CHECKSUM-LOG**: _I, log operator, make available:_ 1. a globally consistent append-only log of Statement^CHECKSUM * **Statement^CHECKSUM-LOG**: signed tree head * **Claimant^CHECKSUM-LOG**: log operator
Possible operators might be: * a small subset of data publishers * members of relevant consortia * **Believer^CHECKSUM-LOG**: Believer^CHECKSUM\* and Verifier^CHECKSUM\*
Belief is based on two factors: 1. seeing a valid Statement^CHECKSUM-LOG 2. seeing a number of valid Statement^{CHECKSUM-WITNESS} from independent instances of System^{CHECKSUM-WITNESS}. * **Verifier^CHECKSUM-LOG**: System^{CHECKSUM-WITNESS}
Witnesses verify the log's append-only property from their own local vantage point(s). * **Arbiter^CHECKSUM-LOG**:
There is no official body. The ecosystem at large should stop using an instance of System^CHECKSUM-LOG if cryptographic proofs of log misbehavior are preseneted by some Verifier^CHECKSUM-LOG. ## **System^{CHECKSUM-WITNESS}**: System^{CHECKSUM-WITNESS} is about making the claims of a log operator _trustworthy_. * **Claim^{CHECKSUM-WITNESS}**: _I, witness, claim that_: 1. System^CHECKSUM-LOG provides a locally consistent append-only log * **Statement^{CHECKSUM-WITNESS}**: signed tree head * **Claimant^{CHECKSUM-WITNESS}**: third party
Examples of parties that may take on this role include: * members of relevant consortia * non-profits and other reputable organizations * security enthusiasts and researchers * log operators (cross-ecosystem) * monitors (cross-ecosystem) * a small subset of data publishers (cross-ecosystem) * **Believer^{CHECKSUM-WITNESS}**: Believer^CHECKSUM\* and Verifier^CHECKSUM\*
Belief is based on seeing a valid Statement^{CHECKSUM-WITNESS}. * **Verifier^{CHECKSUM-WITNESS}**: n/a
Witnesses are trusted parties. Security is based on _strength in numbers_. * **Arbiter^{CHECKSUM-WITNESS}**:
There is no official body. Invalidated claims would affect reputation.