diff --git a/proof_b/src/main.nr b/proof_b/src/main.nr
index 19d6dd0..9aee8a5 100644
--- a/proof_b/src/main.nr
+++ b/proof_b/src/main.nr
@@ -55,11 +55,11 @@ global RSA_NUM_LIMBS: u32 = 18;
 
 /// Maximum size of COSE Sig_structure (CBOR encoded)
 /// Sig_structure = ["Signature1", protected_headers, external_aad, payload]
-/// ChatGPT images have large protected headers (~2000 bytes) containing full cert chain
-/// plus claim payload (~700 bytes), totaling ~2700 bytes.
-/// Adobe Photoshop images can have larger protected headers (~3400 bytes) with cert chain
-/// plus claim payload (~1000 bytes), totaling ~4400 bytes. Use 5120 for safety margin.
-global MAX_SIG_STRUCTURE_SIZE: u32 = 5120;
+/// Size is dominated by DER-encoded certificate chain in protected headers.
+/// Known sizes: ChatGPT ~2700, Adobe ~4400, CapCut ~5241 bytes.
+/// 8192 accommodates RSA-4096 chains and 4-cert enterprise chains with headroom.
+/// sha256_var only hashes actual bytes, so unused buffer costs zero constraints.
+global MAX_SIG_STRUCTURE_SIZE: u32 = 8192;
 
 /// Maximum size of C2PA claim (CBOR encoded)
 global MAX_CLAIM_SIZE: u32 = 2048;
diff --git a/proof_b_es256/src/main.nr b/proof_b_es256/src/main.nr
index 814284f..a13f53c 100644
--- a/proof_b_es256/src/main.nr
+++ b/proof_b_es256/src/main.nr
@@ -36,9 +36,9 @@ use dep::poseidon::poseidon2::Poseidon2;
 global MERKLE_TREE_DEPTH: u32 = 8;
 
 /// Maximum size of COSE Sig_structure (CBOR encoded)
-/// ES256 images typically have smaller protected headers (~2000 bytes) than RSA
-/// but we keep the same size for compatibility
-global MAX_SIG_STRUCTURE_SIZE: u32 = 5120;
+/// Size is dominated by DER-encoded certificate chain in protected headers.
+/// 8192 accommodates RSA-4096 chains and 4-cert enterprise chains with headroom.
+global MAX_SIG_STRUCTURE_SIZE: u32 = 8192;
 
 /// Maximum size of C2PA claim (CBOR encoded)
 global MAX_CLAIM_SIZE: u32 = 2048;
diff --git a/proof_b_ps256/src/main.nr b/proof_b_ps256/src/main.nr
index f882783..f463e10 100644
--- a/proof_b_ps256/src/main.nr
+++ b/proof_b_ps256/src/main.nr
@@ -42,9 +42,9 @@ global MERKLE_TREE_DEPTH: u32 = 8;
 global RSA_NUM_LIMBS: u32 = 18;
 
 /// Maximum size of COSE Sig_structure (CBOR encoded)
-/// Adobe Photoshop images have large protected headers (~3400 bytes) with cert chain
-/// plus claim payload (~1000 bytes), totaling ~4400 bytes. Use 5120 for safety margin.
-global MAX_SIG_STRUCTURE_SIZE: u32 = 5120;
+/// Size is dominated by DER-encoded certificate chain in protected headers.
+/// 8192 accommodates RSA-4096 chains and 4-cert enterprise chains with headroom.
+global MAX_SIG_STRUCTURE_SIZE: u32 = 8192;
 
 /// Maximum size of C2PA claim (CBOR encoded)
 global MAX_CLAIM_SIZE: u32 = 2048;