Constant-Size Cryptographic Evidence Structures for Regulated AI Workflows

Regulated AI workflows (such as clinical trials, medical decision support, and financial compliance) must satisfy strict auditability and integrity requirements. Existing audit-trail mechanisms rely on variable-length records, bulky cryptographic transcripts, or ad-hoc schemas, suffering from metadata leakage, irregular performance, and weak alignment with formal security notions.This paper introduces constant-size cryptographic evidence structures, a general abstraction for verifiable audit evidence in regulated AI workflows. Each evidence item is a fixed-size tuple of cryptographic fields designed to (i) bind strongly to workflow events and configurations, (ii) support constant-size storage and uniform verification cost per event, and (iii) compose cleanly with hash-chain and Merkle-based audit constructions. We formalize a model of regulated AI workflows, define syntax and algorithms for evidence structures, and prove security properties (evidence binding, tamper detection, and non-equivocation) via game-based definitions under standard assumptions (collision-resistant hashing and EUF-CMA signatures).We present a generic hash-and-sign construction using a collision-resistant hash function and a standard signature scheme, and show how to integrate it with hash-chained logs, Merkle-tree anchoring, and trusted execution environments. We implement a prototype library and report microbenchmarks on commodity hardware, demonstrating that per-event overhead is small and predictable. This work aims to provide a foundation for standardized audit mechanisms in regulated AI, with implications for clinical trial management, pharmaceutical compliance, and medical AI governance.