Constant-size cryptographic evidence records are increasingly used to build audit trails for regulated AI workloads in clinical, pharmaceutical, and financial settings, where each execution is summarized by a compact, verifiable record of code identity, model version, data digests, and platform measurements. Existing instantiations, however, typically rely on classical signature schemes whose long-term security is threatened by quantum-capable adversaries. In this paper we formalize security notions for evidence structures in the presence of quantum adversaries and study post-quantum (PQ) instantiations and migration strategies for deployed audit logs. We recall an abstraction of constant-size evidence structures and introduce game-based definitions of Q-Audit Integrity, Q-Non-Equivocation, and Q-Binding, capturing the inability of a quantum adversary to forge, equivocate, or rebind evidence items. We then analyze a hash-and-sign instantiation in the quantum random-oracle model (QROM), assuming an existentially unforgeable PQ signature scheme against quantum adversaries, and show that the resulting evidence structure satisfies these notions under standard assumptions. Building on this, we present three migration patterns for existing evidence logs: hybrid signatures, re-signing of legacy evidence, and Merkle-root anchoring, and analyze their security, storage, and computational trade-offs. A case study based on an industrial constant-size evidence platform for regulated AI at Codebat Technologies Inc. suggests that quantum-safe audit trails are achievable with moderate overhead and that systematic migration can significantly extend the evidentiary lifetime of existing deployments.

翻译：恒定大小的密码学证据记录正日益用于构建临床、制药和金融场景中受监管人工智能工作负载的审计追踪，每次执行过程可通过代码身份、模型版本、数据摘要和平台度量的紧凑可验证记录进行概括。然而，现有实现方案通常依赖经典签名方案，其长期安全性受到具备量子计算能力攻击者的威胁。本文在量子攻击者存在的前提下形式化证据结构的安全概念，研究已部署审计日志的后量子实现方案与迁移策略。我们回顾恒定大小证据结构的抽象模型，引入基于博弈定义的Q-审计完整性、Q-不可抵赖性与Q-绑定性，刻画量子攻击者无法伪造、抵赖或重绑定证据项的能力边界。随后在量子随机预言机模型中分析哈希-签名实现方案，假设存在抗量子攻击者的存在性不可伪造后量子签名方案，并证明在标准假设下所得证据结构满足上述安全特性。在此基础上，我们提出三种现有证据日志的迁移模式：混合签名、遗留证据重签名与默克尔根锚定，并分析其安全性、存储与计算权衡。基于Codebat Technologies公司受监管人工智能工业级恒定大小证据平台的案例研究表明，量子安全的审计追踪可通过适度开销实现，系统化迁移能显著延长现有部署的证据生命周期。