Trustless Provenance Trees: A Game-Theoretic Framework for Operator-Gated Blockchain Registries

Ian C. Moore

arxiv: 2604.03434 · v1 · submitted 2026-04-03 · 💻 cs.GT · cs.CR

Trustless Provenance Trees: A Game-Theoretic Framework for Operator-Gated Blockchain Registries

Ian C. Moore This is my paper

Pith reviewed 2026-05-13 18:06 UTC · model grok-4.3

classification 💻 cs.GT cs.CR

keywords provenance treesblockchain registriesoperator trust problemNash equilibriumcryptographic commitmentstree poisoninggame theorytrustless reconstruction

0 comments

The pith

A dual-layer cryptographic commitment scheme makes honest registration the unique Nash equilibrium in operator-gated blockchain registries.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper formalizes provenance trees as directed acyclic graphs of artifact registrations anchored on a public blockchain. It identifies the operator trust problem, in which a single privileged operator submitting all registrations leaves the on-chain record unable to distinguish user-initiated actions from unilateral operator changes. The authors resolve this with a dual-layer commitment scheme derived from one client-side secret key that binds the key both to the tree root and to each registration identifier, turning false attribution into a strictly dominated strategy. They prove that honest behavior is the unique Nash equilibrium under standard cryptographic assumptions and show that a full integrity model against tree-poisoning attacks requires three interlocking mechanisms—cryptographic priority, governance cascade, and contract enforcement—none of which suffices alone.

Core claim

The paper establishes that a dual-layer cryptographic commitment scheme, in which two commitments derived from a single client-side secret key bind the key to both the tree root and each unique registration identifier, renders false attribution claims strictly dominated strategies. Under standard cryptographic assumptions, this construction makes honest behavior the unique Nash equilibrium without any reliance on operator trust. It further proves that complete protection against tree poisoning (fraudulent root registration, malicious child attachment, and identity spoofing) requires the simultaneous presence of cryptographic priority, governance cascade, and contract enforcement, with each机制

What carries the argument

The dual-layer cryptographic commitment scheme that binds a single client-side secret key to both the provenance tree root and each registration identifier, combined with the three-mechanism integrity model of cryptographic priority, governance cascade, and contract enforcement.

Load-bearing premise

Users can securely generate, store, and use client-side secret keys without compromise or loss, and the blockchain supplies immutable, publicly queryable event logs sufficient for trustless reconstruction.

What would settle it

An explicit attack in which an operator fabricates a registration, attributes it to a user, and the dual commitments fail to reveal the fabrication when verified against the public event log, or a tree-poisoning attack succeeds when any one of the three mechanisms is removed.

read the original abstract

We present a formal treatment of provenance trees, directed acyclic graphs of artifact registrations anchored immutably on a public blockchain, and introduce the operator trust problem: when a single privileged operator submits all on-chain registrations on behalf of users, the on-chain record alone cannot distinguish user-initiated registrations from unilateral operator actions. We resolve this through a dual-layer cryptographic commitment scheme in which two commitments derived from a single client-side secret key, binding the key to the tree root and to each unique registration identifier, make false attribution claims strictly dominated strategies. We prove correctness under standard cryptographic assumptions and establish honest behavior as the unique Nash equilibrium without relying on operator trust. We further introduce and analyze the tree poisoning problem: adversarial attacks on users' provenance trees via fraudulent root registration, malicious child attachment, and tree identity spoofing. We characterize the closure properties of each attack variant and prove that a complete provenance tree integrity model requires three distinct mechanisms: cryptographic priority, governance cascade, and contract enforcement, each necessary and none individually sufficient. The construction is deployed on Base (Ethereum L2) as AnchorRegistry, an immutable on-chain provenance registry. We provide gas complexity analysis demonstrating O(1) cost invariant to registry scale, and a trustless reconstruction algorithm recovering the complete registry from public event logs alone.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a clean dual-commitment construction that makes operator misattribution a dominated strategy and proves three mechanisms are each necessary for provenance-tree integrity, backed by a working Base deployment.

read the letter

The core advance is the dual-layer commitment from one client secret that binds both the tree root and each registration ID, turning false attribution into a strictly dominated move and yielding honest play as the unique Nash equilibrium under standard assumptions. They also map out the tree-poisoning attacks and show that cryptographic priority, governance cascade, and contract enforcement are each required and none sufficient on its own. That necessity argument is the part that feels fresh relative to the cited literature. The deployed AnchorRegistry on Base with O(1) gas and a log-only reconstruction algorithm gives the claims some concrete grounding that pure theory papers often lack. The main practical limitation is the usual one: users must keep their client-side keys safe, which the model treats as external rather than something the protocol fixes. The game setup itself stays straightforward and avoids circularity or hidden fitting. This is useful reading for anyone working on decentralized provenance or supply-chain verification on blockchains. It has enough formal structure and an actual artifact to justify sending it to referees for a detailed check on the dominance proof and the closure properties.

Referee Report

2 major / 1 minor

Summary. The manuscript introduces provenance trees as directed acyclic graphs of artifact registrations anchored immutably on a public blockchain. It defines the operator trust problem arising when a privileged operator submits all registrations, preventing distinction between user-initiated and unilateral operator actions. The authors propose a dual-layer cryptographic commitment scheme in which two commitments derived from a single client-side secret key bind the key to the tree root and to each unique registration identifier, rendering false attribution claims strictly dominated strategies. They prove correctness under standard cryptographic assumptions and establish honest behavior as the unique Nash equilibrium without relying on operator trust. The paper further analyzes the tree poisoning problem (fraudulent root registration, malicious child attachment, and identity spoofing), characterizes closure properties of each attack variant, and proves that a complete provenance tree integrity model requires three distinct mechanisms—cryptographic priority, governance cascade, and contract enforcement—each necessary and none individually sufficient. The construction is deployed on Base (Ethereum L2) as AnchorRegistry, with gas complexity analysis showing O(1) cost invariant to registry scale and a trustless reconstruction algorithm that recovers the complete registry from public event logs alone.

Significance. If the central claims hold, the work provides a substantive contribution to trustless provenance systems on operator-gated blockchains by integrating cryptographic binding with game-theoretic dominance arguments. The result that honest play forms the unique Nash equilibrium supplies a formal incentive foundation independent of operator honesty. The necessity proof for the three integrity mechanisms offers a clear, falsifiable design criterion for provenance models. The O(1) gas analysis and trustless reconstruction algorithm add practical deployability on existing L2 infrastructure, with potential relevance to supply-chain tracking, digital artifact registries, and decentralized identity applications.

major comments (2)

[Game-theoretic model] The uniqueness of the Nash equilibrium for honest behavior is load-bearing for the central claim yet the provided text does not exhibit the explicit game matrices, strategy sets, or payoff functions; without these details it is not possible to verify that false attribution is strictly dominated under the dual-commitment scheme.
[Tree poisoning and integrity model] The necessity claim that cryptographic priority, governance cascade, and contract enforcement are each required rests on the closure properties of the three attack variants; these properties must be derived explicitly (with formal statements of the attack closure sets) to support the conclusion that no proper subset of the mechanisms suffices.

minor comments (1)

[Implementation and gas analysis] The gas-complexity claim of O(1) invariance would be strengthened by an explicit table comparing per-registration costs against at least two existing on-chain registry contracts.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and the recommendation for major revision. We address each major comment below, committing to explicit additions that strengthen the verifiability of the game-theoretic claims and the integrity model without altering the core results.

read point-by-point responses

Referee: [Game-theoretic model] The uniqueness of the Nash equilibrium for honest behavior is load-bearing for the central claim yet the provided text does not exhibit the explicit game matrices, strategy sets, or payoff functions; without these details it is not possible to verify that false attribution is strictly dominated under the dual-commitment scheme.

Authors: We agree that the main text summarizes the Nash equilibrium result at a high level. The underlying model treats the operator-user interaction as a finite normal-form game with strategy sets consisting of honest registration versus false attribution (with or without the dual-commitment scheme). Payoffs are defined such that cryptographic binding makes false attribution yield strictly lower expected utility for the operator under standard assumptions. In the revised version we will insert the full strategy sets, the explicit 2x2 payoff matrix, and the dominance proof steps to permit direct verification of strict dominance. revision: yes
Referee: [Tree poisoning and integrity model] The necessity claim that cryptographic priority, governance cascade, and contract enforcement are each required rests on the closure properties of the three attack variants; these properties must be derived explicitly (with formal statements of the attack closure sets) to support the conclusion that no proper subset of the mechanisms suffices.

Authors: The manuscript already characterizes the three attack variants and their closure properties in Section 4, but we concur that the formal statements of the closure sets and the necessity argument can be stated more explicitly. The revised manuscript will include (i) formal definitions of each attack closure set, (ii) a lemma showing that omitting any single mechanism permits a non-empty attack closure, and (iii) the explicit proof that the intersection of the three mechanisms is the only non-empty integrity set. These additions will make the necessity claim fully rigorous. revision: yes

Circularity Check

0 steps flagged

No significant circularity; minor self-citation not load-bearing

full rationale

The derivation relies on standard cryptographic binding of client-side secrets and classical Nash-equilibrium analysis under explicitly stated external assumptions (secure key custody, immutable public logs). The necessity proof for the three mechanisms is presented as a closure-property argument on attack variants, without equations that reduce the claimed uniqueness or completeness result to fitted parameters or author-introduced self-definitions. The abstract and summary give no indication of self-citation chains that bear the central load or of any prediction that is statistically forced by prior fits within the paper.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 3 invented entities

The paper relies on standard cryptographic hardness assumptions and blockchain immutability properties; it introduces new modeling constructs but no fitted numerical parameters.

axioms (2)

standard math Standard cryptographic assumptions (collision resistance of hash functions, binding and hiding properties of commitment schemes).
Invoked to prove correctness of the dual-layer commitment scheme and dominance of honest strategies.
domain assumption The underlying blockchain supplies immutable, publicly accessible event logs sufficient for complete registry reconstruction.
Required for the trustless reconstruction algorithm and O(1) gas claims.

invented entities (3)

Provenance trees (DAGs of artifact registrations) no independent evidence
purpose: To model chained registrations with cryptographic anchoring.
Core modeling construct introduced to formalize the registry.
Operator trust problem no independent evidence
purpose: To capture the attribution ambiguity when a single operator submits all records.
Defined as the central problem the commitment scheme solves.
Tree poisoning attacks (fraudulent root, malicious child attachment, identity spoofing) no independent evidence
purpose: To classify adversarial actions against provenance integrity.
Characterized to derive the three-mechanism necessity result.

pith-pipeline@v0.9.0 · 5525 in / 1628 out tokens · 57399 ms · 2026-05-13T18:06:09.484642+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

10 extracted references · 10 canonical work pages

[1]

T. Hepp, A. Schoenhals, C. Gondek, and B. Gipp,OriginStamp: A Blockchain-Backed System for Decentralized Trusted Timestamping, it – Information Technology, 60(5-6):273–281, 2018

work page 2018
[2]

B. Gipp, N. Meuschke, and A. Gernandt,Decentralized Trusted Timestamping using the Crypto Currency Bitcoin, Proceedings of the iConference, 2015

work page 2015
[3]

Q. Wang, R. Li, Q. Wang, and S. Chen,Non-Fungible Token (NFT): Overview, Evaluation, Opportunities and Challenges, arXiv:2105.07447, 2021

work page arXiv 2021
[4]

Sporny, D

M. Sporny, D. Longley, M. Sabadello, D. Reed, O. Steele, and C. Allen,Decentralized Identifiers (DIDs) v1.0, W3C Recommendation, July 2022

work page 2022
[5]

Transaction fee mechanism design for the ethereum blockchain: An economic analysis of EIP-1559,

T. Roughgarden,Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559, arXiv:2012.00854, 2020

work page arXiv 2012
[6]

Buterin,Blockchain Resource Pricing, Ethereum Research, April 2019

V . Buterin,Blockchain Resource Pricing, Ethereum Research, April 2019

work page 2019
[7]

Layer 2 blockchain scaling: A survey

C. Sguanci, R. Spatafora, and A. M. Vergani,Layer 2 Blockchain Scaling: A Survey, arXiv:2107.10881, 2021

work page arXiv 2021
[8]

T. P. Pedersen,Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, CRYPTO 1991, LNCS 576, pp. 129–140, Springer, 1991

work page 1991
[9]

I. C. Moore,anchorregistry: Trustless Python Client for the AnchorRegistry Provenance Chain, PyPI, v0.1.3, 2026. Available:https://pypi.org/project/anchorregistry/

work page 2026
[10]

I. C. Moore,anchorregistry Documentation, ReadTheDocs, 2026. Available: https://anchorregistry. readthedocs.io/en/latest/ 11

work page 2026

[1] [1]

T. Hepp, A. Schoenhals, C. Gondek, and B. Gipp,OriginStamp: A Blockchain-Backed System for Decentralized Trusted Timestamping, it – Information Technology, 60(5-6):273–281, 2018

work page 2018

[2] [2]

B. Gipp, N. Meuschke, and A. Gernandt,Decentralized Trusted Timestamping using the Crypto Currency Bitcoin, Proceedings of the iConference, 2015

work page 2015

[3] [3]

Q. Wang, R. Li, Q. Wang, and S. Chen,Non-Fungible Token (NFT): Overview, Evaluation, Opportunities and Challenges, arXiv:2105.07447, 2021

work page arXiv 2021

[4] [4]

Sporny, D

M. Sporny, D. Longley, M. Sabadello, D. Reed, O. Steele, and C. Allen,Decentralized Identifiers (DIDs) v1.0, W3C Recommendation, July 2022

work page 2022

[5] [5]

Transaction fee mechanism design for the ethereum blockchain: An economic analysis of EIP-1559,

T. Roughgarden,Transaction Fee Mechanism Design for the Ethereum Blockchain: An Economic Analysis of EIP-1559, arXiv:2012.00854, 2020

work page arXiv 2012

[6] [6]

Buterin,Blockchain Resource Pricing, Ethereum Research, April 2019

V . Buterin,Blockchain Resource Pricing, Ethereum Research, April 2019

work page 2019

[7] [7]

Layer 2 blockchain scaling: A survey

C. Sguanci, R. Spatafora, and A. M. Vergani,Layer 2 Blockchain Scaling: A Survey, arXiv:2107.10881, 2021

work page arXiv 2021

[8] [8]

T. P. Pedersen,Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing, CRYPTO 1991, LNCS 576, pp. 129–140, Springer, 1991

work page 1991

[9] [9]

I. C. Moore,anchorregistry: Trustless Python Client for the AnchorRegistry Provenance Chain, PyPI, v0.1.3, 2026. Available:https://pypi.org/project/anchorregistry/

work page 2026

[10] [10]

I. C. Moore,anchorregistry Documentation, ReadTheDocs, 2026. Available: https://anchorregistry. readthedocs.io/en/latest/ 11

work page 2026