SiGR™ · Signed inference Guarantee Receipt

Every package gets
a receipt.
Every inference
should too.

SiGR™ makes every AI inference call cryptographically accountable — a post-quantum signed receipt that proves exactly what the model saw, when, and which backend signed it. Verifiable by anyone. Forgeable by no one.

ML-DSA-65 · FIPS 204 ~7ms sign-before-act Base L1 · USDC settled Zero-secret verification
The artifact
SiGR // INFERENCE RECEIPT UNSIGNED
modelllama-3.3-70b-instruct
payload_hash0x9f3a…c7e1
captured_at2026-06-18T14:22:07.118Z
backendhw-pqc-fpga · attested
hash_strengthSHA-384
anchorBase · 0x4d…a9 · USDC
ml_dsa_sigpending…
awaiting commitment
SIGNED
BEFORE
ACT

The model acts.
The receipt proves it.

Four properties bound inside one signature. Alter any field and the proof breaks — no NDA, no shared secret, no trust required.

01Sign-before-act
The exact input and state the model saw is committed and signed before the model acts — not reconstructed after.
02Post-quantum signature
ML-DSA-65 (NIST FIPS 204) over the payload in ~7ms. Built for the Q-day liability horizon, not today's.
03Honest backend attestation
The receipt names which signer ran. A selected-but-unconnected hardware backend fails closed — no silent software fallback.
043-tier temporal proof
Capture → soft-commitment → L1 finality, bound inside the signature. Altering any attested time breaks the proof.
Why this is no longer optional

Right now, your platform can't prove
what it served. That's the liability.

When an enterprise customer, an auditor, or a regulator asks "what did the model actually see, and is this the model we paid for?" — logs are not proof. Logs are editable. A signature is not.

Inference without SiGR

  • Bills are unauditable — "trust our meter"
  • Silent model or quantization swaps are undetectable
  • No proof of what the agent saw before it acted
  • "We don't train on your data" is a clause, not a proof
  • Every incident becomes your word against theirs

Inference with SiGR

  • Every billed unit is bound into a verifiable receipt
  • Weights + config provenance proven per call
  • Signed, ordered, tamper-evident agent action trail
  • Cryptographic data-boundary attestation
  • The receipt settles the dispute before it starts

The first platform that emits SiGRs makes the ones that don't look negligent by comparison.

Usage-based · embedded at the API edge

Priced to disappear into your margin.

$0.00003/ signed inference at scale  ·  graduated from $0.0002

A SiGR™ is a per-call header on your existing OpenAI-compatible API. You pay only for what you sign. Material-fragment signing (AFIR-S™) signs only the risk-bearing spans — tool calls, PII, decisions — and issues signed absence proofs for the rest, so you never pay to sign noise.

Monthly volumeBase receiptAFIR-S material fragmentSiGR surcharge on mid-model call
0 – 10M$0.00020$0.0004027.8%
10M – 1B$0.00010$0.0002013.9%
1B – 10B$0.00005$0.000106.9%
10B+$0.00003$0.000064.2%

Graduated tiers — each band priced at its own rate, like cloud egress. Platform pilot floor $2,500/mo. Material ratio assumed ~15% of calls in the model below; adjust to your traffic.

What SiGR earns on your traffic

Drag to your monthly inference volume. This is the revenue line SiGR adds to your platform — and the cost line you bill through to enterprise customers who demand proof.

Monthly inference volume30,000,000,000
Material-fragment ratio (AFIR-S)15%
SiGR revenue / year
$22.6M
$1.88M / month
Effective rate / inference
$0.0000628
blended across base + fragments
The category, not the line item

Signed inference is a new rail.
The first to lay it owns the toll.

SiGR is not a feature you bolt on. It is the trust and accountability layer the platforms serving inference at scale will be forced to adopt to stay credible. Here's the revenue at stake as it spreads.

One challenger cloud
$22.6M
ARR from a single platform at 30B inferences/month, blended across base receipts and AFIR-S fragments.
Three adopt
$67.8M
Once one challenger ships provable inference, the procurement requirement propagates to its peers within an RFP cycle.
Category-wide · 10 platforms
$226M
When SiGR is the default, the platforms that don't emit receipts are the exception that has to explain itself.
The forcing function

Why the first mover wins,
and why that should be you.

01

You ship a signed-receipt header

A drop-in on your existing OpenAI-compatible API. Customers opt in per call. Zero change to your inference path beyond the ~7ms signing step, which fails closed.

02

You win an enterprise deal because the bill is provable

A regulated buyer chooses you over a hyperscaler specifically because you can prove what you served and what you charged. Trust becomes your differentiator, not your liability.

03

The requirement propagates upward

That win puts "can you emit verifiable receipts?" into every subsequent RFP. Your competitors now field a question they can't answer — and the category tips.

04

SiGR becomes the default, and you were first

You're not the platform scrambling to add accountability after an incident. You're the one who defined what accountable inference looks like. Inevitable, and yours.

The wedge

Be the platform that can
say "prove it" — and mean it.

A 30-day pilot on one model family. We instrument your API edge, you emit live SiGRs on opt-in traffic, and we put a verifiable receipt in front of your most demanding enterprise prospect. If the bill, the provenance, and the timeline don't verify in front of them, you owe us nothing.

Pilot floor $2,500/mo Live in 30 days Scale rate $0.00003/inference