Skip to content

blog: reasoning about attestation chains — from TrustMee to Cerisier#53

Merged
avrabe merged 1 commit into
mainfrom
blog/cerisier-trustmee
May 12, 2026
Merged

blog: reasoning about attestation chains — from TrustMee to Cerisier#53
avrabe merged 1 commit into
mainfrom
blog/cerisier-trustmee

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 12, 2026

2657-word technical post — within 1500-2500 body target after subtracting frontmatter + references. Mid-range for the blog (peer posts at 1651 and 3599 words).

Argument arc

Sets up two recent academic papers as the two halves of a composition story for sigil's attestation chain reasoning:

  • TrustMee (Aalto, Feb 2026) — engineering pattern for shipping signed Wasm verification components alongside attestation evidence. Single-shot, no formal soundness.
  • Cerisier (Aarhus, April 2026) — Iris/Rocq program logic for modular reasoning about attestation, but only inside one capability machine. No remote, no time, no key rotation, no content-addressed storage.

Neither alone covers sigil's build-time, content-addressed, time-indexed chain. The post sketches what a sister-logic judgement over the post-quantum SLH-DSA migration would look like (one boxed judgement, glossed in English) and names the draft mapping + scenarios docs in the sigil repo (companion PR: pulseengine/sigil#114).

Companion artefacts

Status / framing

  • Internal milestone, low-cost.
  • Defers the full PLDI / OOPSLA / CCS publication to the 2027 cycle once `scripts/mythos/` has run against sigil and there is empirical material.
  • Honest framing preserved: first-pass paper reads were search-only; the sister logic does not yet exist.

@avrabe @claude
blog: reasoning about attestation chains — from TrustMee to Cerisier
82bbb82 
2657-word technical post (within the 1500-2500 target body word count
after subtracting frontmatter + refs). Sets up two recent academic
papers as the two halves of a composition story for sigil's attestation
chain reasoning:

  - TrustMee (Aalto, Feb 2026) — engineering pattern for shipping
    signed Wasm verification components alongside attestation evidence.
    Single-shot, no formal soundness.

  - Cerisier (Aarhus, April 2026) — Iris/Rocq program logic for
    modular reasoning about attestation, but only inside one
    capability machine. No remote, no time, no key rotation, no
    content-addressed storage.

Neither alone covers sigil's build-time, content-addressed, time-
indexed chain. The post sketches what a sister-logic judgement over
the post-quantum SLH-DSA migration would look like and names the draft
mapping + scenarios docs in the sigil repo.

Defers the full PLDI / OOPSLA / CCS publication to the 2027 cycle once
the Mythos bug-hunt pipeline has produced empirical material.

Honest framing preserved: first-pass paper reads, sister logic does
not yet exist.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@avrabe avrabe merged commit e084e96 into main May 12, 2026
1 check passed
@avrabe avrabe deleted the blog/cerisier-trustmee branch May 12, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe