What is OCC

OCC — Origin Controlled Computing — is a protocol that produces portable cryptographic proof when bytes are committed through an authorized execution boundary. The proof attests that a specific digital state was demonstrably possessed and committed in a specific form, by a specific boundary, no later than a specific moment.

The core idea

Most systems produce artifacts first and try to prove things about them later — attaching signatures, metadata, timestamps, or ledger entries after the fact.

OCC inverts this. Valid proof can only exist if the artifact was committed through a protected path. The proof is not added to the artifact — it is caused by the act of committing through the authorized boundary.

If proof exists, the authorized commit path was traversed.

How it works

Authorization, cryptographic binding, and commit happen as one indivisible operation:

  1. 1. Authorize — Bytes enter a protected boundary (e.g., an AWS Nitro Enclave) that controls the only path to a valid proof.
  2. 2. Bind — Inside the boundary, a SHA-256 content hash is combined with a fresh nonce, a monotonic counter, and a signature.
  3. 3. Commit — The artifact and its proof are produced together. Fail-closed: if any step fails, nothing is produced.

What you get

An OCC proof is a JSON object (schema version occ/1) containing:

  • artifact — SHA-256 digest of the committed bytes
  • commit — fresh nonce, monotonic counter, epoch identity, optional chain link
  • signer — Ed25519 public key and signature over the canonical signed body
  • environment — enforcement tier, platform measurement (PCR0), hardware attestation
  • timestamps — optional RFC 3161 TSA timestamps from an independent time authority

Key properties

Portable

A proof is a self-contained JSON object. Any verifier can check it offline with only the public key and the original bytes.

Atomic

The commit is fail-closed. Either a complete, valid proof is produced, or nothing is. No partial proofs.

Ordered

Each proof carries a monotonic counter within its epoch. Counter + epoch + chain link establish ordering.

Measured

The proof binds to a specific execution environment via measurement (PCR0 on Nitro, MRENCLAVE on SGX).

Verifiable

Ed25519 signature, SHA-256 digest, and canonical serialization — all checkable with standard cryptographic primitives.

Enforcement tiers

TierKey LocationBoundaryUse Case
stubProcess memorySoftwareDevelopment, testing
hw-keyHSM / Secure EnclaveSoftwareKey custody
measured-teeTEE memoryHardware enclaveProduction, highest assurance

Formal properties

The commit path satisfies these structural properties:

Genesis Invariant
s′ ∈ Σauth → ∃ s ∈ Σ, e ∈ Eauth : (s, e, s′) ∈ C

If authenticated state exists, an authorized event produced it.

Closure Property
Σauth = Cl(C, Eauth)

The authenticated state space is exactly the closure under authorized genesis.

Atomicity
∀ (s, e, s′) ∈ C : authorize(e) ∧ bind(e) ∧ commit(s′)

Authorization, binding, and commit occur as one indivisible operation.

Injective Genesis
φ : Eauth → Σauth is injective

Each authorization event maps to exactly one authenticated artifact.