Regulated AI workflows (such as clinical trials, medical decision support, and financial compliance) must satisfy strict auditability and integrity requirements. Existing audit-trail mechanisms rely on variable-length records, bulky cryptographic transcripts, or ad-hoc schemas, suffering from metadata leakage, irregular performance, and weak alignment with formal security notions.This paper introduces constant-size cryptographic evidence structures, a general abstraction for verifiable audit evidence in regulated AI workflows. Each evidence item is a fixed-size tuple of cryptographic fields designed to (i) bind strongly to workflow events and configurations, (ii) support constant-size storage and uniform verification cost per event, and (iii) compose cleanly with hash-chain and Merkle-based audit constructions. We formalize a model of regulated AI workflows, define syntax and algorithms for evidence structures, and prove security properties (evidence binding, tamper detection, and non-equivocation) via game-based definitions under standard assumptions (collision-resistant hashing and EUF-CMA signatures).We present a generic hash-and-sign construction using a collision-resistant hash function and a standard signature scheme, and show how to integrate it with hash-chained logs, Merkle-tree anchoring, and trusted execution environments. We implement a prototype library and report microbenchmarks on commodity hardware, demonstrating that per-event overhead is small and predictable. This work aims to provide a foundation for standardized audit mechanisms in regulated AI, with implications for clinical trial management, pharmaceutical compliance, and medical AI governance.

翻译：受监管人工智能工作流（如临床试验、医疗决策支持与金融合规）必须满足严格的审计性与完整性要求。现有审计追踪机制依赖变长记录、庞大加密记录或临时方案，存在元数据泄露、性能不稳定及与形式化安全概念契合度不足等问题。本文提出恒定大小加密证据结构——一种适用于受监管人工智能工作流中可验证审计证据的通用抽象。每个证据项均为固定大小的加密字段元组，其设计目标为：（1）与工作流事件及配置建立强绑定关系；（2）支持恒定大小存储与统一的事件验证开销；（3）与哈希链及Merkle树审计结构实现简洁组合。我们形式化建立了受监管人工智能工作流模型，定义了证据结构的语法与算法，并通过基于博弈的定义在标准假设（抗碰撞哈希与EUF-CMA签名）下证明了安全特性（证据绑定、篡改检测与不可抵赖性）。我们提出采用抗碰撞哈希函数与标准签名方案的通用哈希-签名构造，并展示其与哈希链日志、Merkle树锚定及可信执行环境的集成方案。通过实现原型库并在商用硬件上进行微基准测试，证明单事件开销小且可预测。本工作旨在为受监管人工智能领域的标准化审计机制奠定基础，对临床试验管理、制药合规及医疗人工智能治理具有重要影响。