[tleb_]

What cryptography are you referring to when talking about append-only logs? To me, an AOL is just a list of records that has a single operation, append. It could be implemented as a file that is only opened in append mode, multiple files (eg logrotate), a lib that works in memory, a process that exposes an API, etc. I don't see any cryptography here.

[MertsA]

In general, yes, an append only log might be weakly "append only". If you want a cryptographic approach look at how forward secure sealing works with systemd. Basically you make a cryptographic ratchet on the system doing the logging such that given some arbitrary key you can find out what the next key is but not the previous one. You generate a verification key that you take off of the system in question at the start and the verification key can be used to efficiently check any part of that series. During operation you sign the log segment you just wrote out on some regular interval and then ratchet the key forward and delete the old key in memory to where even if the system was completely compromised it no longer holds a key that could rewrite the previous log segment.

[drdeca]

There is something called an authenticated append only skip list, which I think is kinda neat. It is basically what it sounds like. Iirc it allows certificates showing that something has a particular place in the list, given the assumption of the latest thing added to it, in length at most logarithmic in the length of the list.