We present a formal treatment of provenance trees, directed acyclic graphs of artifact registrations anchored immutably on a public blockchain, and introduce the operator trust problem: when a single privileged operator submits all on-chain registrations on behalf of users, the on-chain record alone cannot distinguish user-initiated registrations from unilateral operator actions. We resolve this through a dual-layer cryptographic commitment scheme in which two commitments derived from a single client-side secret key, binding the key to the tree root and to each unique registration identifier, make false attribution claims strictly dominated strategies. We prove correctness under standard cryptographic assumptions and establish honest behavior as the unique Nash equilibrium without relying on operator trust. We further introduce and analyze the tree poisoning problem: adversarial attacks on users' provenance trees via fraudulent root registration, malicious child attachment, and tree identity spoofing. We characterize the closure properties of each attack variant and prove that a complete provenance tree integrity model requires three distinct mechanisms: cryptographic priority, governance cascade, and contract enforcement, each necessary and none individually sufficient. The construction is deployed on Base (Ethereum L2) as AnchorRegistry, an immutable on-chain provenance registry. We provide gas complexity analysis demonstrating O(1) cost invariant to registry scale, and a trustless reconstruction algorithm recovering the complete registry from public event logs alone.

翻译：本文对溯源树（一种在公共区块链上不可篡改锚定的制品注册有向无环图）进行了形式化处理，并引入操作者信任问题：当单一特权操作者代表用户提交所有链上注册时，仅凭链上记录无法区分用户发起的注册与单方操作者行为。我们通过双层密码承诺方案解决该问题：从单个客户端密钥派生出两个承诺，将密钥分别绑定至树根与各唯一注册标识符，使得虚假归属声明成为严格劣策略。我们在标准密码学假设下证明其正确性，并证明无需依赖操作者信任即可使诚实行为成为唯一纳什均衡。进一步引入并分析树投毒问题——通过伪造根注册、恶意子节点附加及树身份欺骗对用户溯源树发起的对抗性攻击。我们刻画了各攻击变体的闭包性质，并证明完备的溯源树完整性模型需三种独立机制：密码学优先级、治理级联与合约执行，三者均为必要且无一单独充分。该构建已部署于Base（以太坊二层网络）上的AnchorRegistry——一个不可篡改的链上溯源注册表。我们提供的Gas复杂度分析表明注册规模无关的O(1)成本，以及仅通过公开事件日志即可恢复完整注册表的无条件信任重建算法。