DEV Community

Cover image for Signed Records: The CBOR Ledger Format
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

Signed Records: The CBOR Ledger Format

Signed Records: The CBOR Ledger Format

By Micky Irons, founder and CEO of Mickai.

Most systems remember what they did in prose. A log line here, a database row there, a metric somewhere else, all of it human-readable and none of it provable. When a regulator, an auditor or an insurer asks whether an action really happened the way the record claims, the honest answer is usually a shrug dressed up as a screenshot. We built Mickai so that the answer is never a shrug. It is a signed record you can hand over, replay and verify without trusting us at all.

The heart of that guarantee is the CBOR ledger: a format in which every committed action is serialised into compact binary, hashed, chained to the action before it, and signed. It is small enough to sit on constrained hardware and strict enough that a single altered byte breaks the chain. This is the substrate beneath the Operation Attestation Record, our OAR, and it is what turns Mickai from a system that does things into a system that can prove what it did.

Why prose logs fail the moment they matter

A conventional log is a story told by the thing being investigated. It can be edited, truncated, reordered or quietly rewritten, and nothing about the file resists that. Timestamps drift between servers. Fields mean different things in different releases. Two teams reconstructing the same incident from the same logs routinely reach different conclusions, because the log was never designed to be evidence, only to be read.

Under the European Union Artificial Intelligence Act (the EU AI Act), the Digital Operational Resilience Act (DORA) and the Network and Information Security Directive (NIS2), that softness is now a liability. These regimes expect an operator to demonstrate what an automated system decided, when, on what inputs and under whose authority. A folder of text files does not demonstrate anything. It asserts. We decided early that Mickai would produce evidence rather than assertions, and that meant choosing a record format built for proof, not for reading.

A colossal sombre marble figure pouring water that vanishes into darkness, lit by a thin gold rim of light against black.

Lethe is the river that erases; a signed ledger is the promise that nothing committed can be forgotten unnoticed.

Why CBOR, and why it is deliberate not fashionable

CBOR, the Concise Binary Object Representation defined in the internet standard RFC 8949, is our on-the-wire and on-the-disk format for records. We chose it for unglamorous reasons that matter enormously once cryptography is involved. It is compact, so a record costs bytes rather than kilobytes and can live comfortably on air-gapped, resource-constrained hardware the customer owns. It is deterministic when encoded in canonical form, which means the same action always produces exactly the same bytes, and that is the entire game when you intend to hash and sign the result.

Determinism is the quiet hero here. A signature only means something if the thing signed is fixed. Text formats invite ambiguity: whitespace, key order, number formatting, encoding quirks. Canonical CBOR forbids that wiggle room. Every field is ordered, every integer encoded one way, every map key sorted by a fixed rule. When two independent machines serialise the same committed action, they produce byte-identical output, so they compute the same hash and can check the same signature. Verification becomes arithmetic rather than interpretation.

The anatomy of a committed record

A record is created only when an action commits, never on intent alone. It carries the essentials: which brain or studio acted, the operation it performed, the inputs it consumed by reference and digest, the outcome it produced, the authority under which it ran, and a precise monotonic sequence position. Sensitive payloads are not copied wholesale into the ledger; they are represented by their SHA-3-512 digest, so the record proves what was processed without becoming a second copy of the secret.

A serene colossal marble figure binding many fine gold cords into one taut woven strand against a black background.

Harmonia binds many strands into one; canonical CBOR binds every field into a single fixed order that cannot drift.

Those fields are encoded in canonical CBOR, then hashed with SHA-3-512. The hash of each record folds in the hash of the record before it, producing a hash-linked chain in the spirit of a Merkle structure. Change one field in one historical record and its hash changes, which breaks the link to every record that followed. The ledger does not merely store history. It makes history rigid: you cannot quietly rewrite the past without the break announcing itself at the very next link.

Signing: from tamper-evident to tamper-proof of origin

Hash-chaining makes tampering visible. Signing makes forgery infeasible and pins authorship. Every committed record, and every checkpoint over a run of records, is signed with post-quantum signatures using FIPS 204 ML-DSA-65, the module-lattice signature scheme standardised to withstand attack by future quantum computers as well as present classical ones. We chose a post-quantum scheme deliberately: an audit record is supposed to still mean something in a decade, and a signature that a later machine can trivially forge is worse than no signature, because it lends false confidence.

This is where the OAR earns its name. The Operation Attestation Record signs before the action executes, not after, so the ledger captures a commitment to act under a stated authority, followed by the signed record of what that act produced. High-stakes operations require more than one signature: multiple brains and, where policy demands, a voice-biometric approval, so that no single subsystem can sign the system into an action alone. The ledger stores all of it, in order, as one continuous cryptographic account.

A towering three-faced marble figure holding a single unbroken gold thread that recedes link by link into darkness.

The Moirai spin one continuous thread; the hash chain links each record to the last so the past cannot be quietly unpicked.

Replay: proving it again, on someone else's machine

A signed record is only as valuable as an outsider's ability to check it without trusting the author. Because our records are canonical CBOR, hash-linked and signed with published public keys, anyone holding the ledger and the keys can replay it end to end: re-encode each action, recompute each hash, re-verify each signature, and confirm the chain is unbroken from the first record to the last. No network call to us. No live system. No cooperation from the operator required.

That offline verifiability is the property regulated buyers actually need. An auditor can take a ledger export to their own equipment and satisfy themselves independently. An investigator can reconstruct exactly what happened, in what order, months after the hardware was powered down. And because brains are revocable, a compromised or retired subsystem's authority can be withdrawn while its historical records remain verifiable, so revoking trust going forward never erases the accountable past.

Where this sits in the sovereign boundary

None of this leaves the customer's control. The ledger is written, hashed and signed on hardware they own, air-gapped or on-premise, with zero data egress. That is the whole point of a Sovereign Intelligence Operating System: the public cloud giants, who are allies operating a different layer, cannot cross the regulated boundary on the customer's own terms, so we built the evidence-producing substrate to live inside that boundary rather than in someone else's account. The proof and the data never part company with their owner.

A majestic colossal marble titaness holding a great sealed glowing gold tablet, gazing steadily into darkness.

Mnemosyne is memory made permanent; a signed record lets anyone replay the account and verify it offline, years later.

The 104 filed UK patent applications behind Mickai, about 2,340 claims owned by Mickai LTD, describe capabilities like this one: attestation before execution, hash-linked signed ledgers, post-quantum offline verification and multi-party approval. We frame them by what they contain rather than by any status they have not reached, because the capability is what a customer under the General Data Protection Regulation (GDPR), DORA, the EU AI Act or ISO 42001 actually has to demonstrate.

The bottom line

A CBOR ledger record is a small, stubborn thing: a canonical binary serialisation of one committed action, hashed with SHA-3-512, chained to its predecessor, and signed with FIPS 204 ML-DSA-65. Together those records form a tamper-evident, cryptographically signed account that anyone can replay and verify offline, long after the machine that made it goes quiet. It is the difference between a system that tells you what it did and a system that lets you prove it. Under the regulations now landing across Europe and beyond, that difference is not a nicety. It is the requirement, and it is built and live inside Mickai today.


Written by Micky Irons. Originally published at https://mickai.co.uk/articles/signed-records-the-cbor-ledger. More from Micky Irons and Mickai at mickai.co.uk.

Top comments (0)