VCT: A Verifiable Transcript System for LLM Conversations

Large language model (LLM) interaction records are increasingly vital in digital forensics and compliance auditing. However, traditional linear tamper-evident logs fail to capture the inherent non-linear evolution of LLM conversations, such as re-prompting based on historical queries, response regeneration, session deletion, multi-device concurrency, and selective sharing. To address this issue, this paper proposes Verifiable Conversation Transcript (VCT), which abstracts complex non-linear LLM semantic operations into account-level authenticated state transitions. VCT constructs a three-tier cryptographic data structure: atomic Q&A pairs form branch-level hash chains, branch tails aggregate into session-level Merkle roots, and all session roots are further aggregated into an account-level Merkle root anchored by joint signatures from both the user and the server. VCT introduces a serialized state transition protocol with deletion barriers to eliminate conflicts between deletion and modification, complemented by a deterministic state-merge protocol to preserve concurrent non-deletion incremental operations. Furthermore, incremental denial checks and a gossip protocol enable asynchronous user devices to autonomously detect view forks caused by malicious servers and generate non-repudiable forensic evidence. Security analysis demonstrates that, under standard cryptographic assumptions, VCT guarantees the integrity, consistency, verifiable shareability, and non-repudiation of account-level conversation records. Evaluation of a Python prototype shows that the cryptographic latency of core operations is within sub-millisecond to low-millisecond ranges. Under a realistic configuration with 21 KB of text, security metadata introduces a negligible storage overhead of only 0.9%, validating the deployment feasibility of VCT for high-stakes forensic review on production-grade LLM platforms.