A SCITT Profile for Verifiable Audit Trails in Algorithmic Trading: The VeritasChain Protocol (VCP) VeritasChain Standards Organization
Japan kamimura@veritaschain.org https://veritaschain.org
Security Supply Chain Integrity, Transparency, and Trust SCITT audit trail algorithmic trading AI transparency financial services transparency service signed statement profile This document defines a profile of the SCITT (Supply Chain Integrity, Transparency, and Trust) architecture for creating tamper-evident audit trails of AI-driven algorithmic trading decisions and executions. The VeritasChain Protocol (VCP) applies the SCITT framework to address the specific requirements of financial markets, including high-precision timestamps, regulatory compliance considerations (EU AI Act, MiFID II), and privacy-preserving mechanisms (crypto-shredding) compatible with GDPR. This profile specifies how VCP events are encoded as SCITT Signed Statements, registered with Transparency Services, and verified using COSE Receipts. About This Document The latest version of this document, along with implementation resources and test vectors, can be found at . Discussion of this document takes place on the SCITT Working Group mailing list (scitt@ietf.org). Changes from -01:
  • Updated to align with VCP Specification v1.1
  • Clarified that external anchoring is a certification policy requirement, not a protocol-level mandate
  • PrevHash changed from REQUIRED to OPTIONAL
  • Added Three-Layer Architecture description (Section 3.3)
  • Clarified Policy Identification field requirements
  • Updated title to explicitly indicate this is a SCITT profile
Introduction The SCITT (Supply Chain Integrity, Transparency, and Trust) architecture provides a framework for creating tamper-evident logs of digital artifacts through Transparency Services. While SCITT was initially designed for software supply chain use cases, its core primitives—Signed Statements, Receipts, and Transparency Services—are applicable to any domain requiring verifiable audit trails. This document specifies a SCITT profile for AI-driven algorithmic trading systems in financial markets. The VeritasChain Protocol (VCP) applies the SCITT architecture with domain-specific extensions:
  • A schema for encoding trading events as SCITT Signed Statements
  • Registration policies for financial audit trails
  • Conformance tiers (Silver, Gold, Platinum) with varying requirements for timing precision and cryptographic guarantees
  • Privacy mechanisms compatible with GDPR data erasure requirements
  • A completeness-aware design that enables omission detection through external anchoring
VCP serves as an "AI Flight Recorder" for algorithmic trading, enabling post-incident reconstruction of system behavior with cryptographic proof of integrity.
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Relationship to SCITT This document is a profile of the SCITT architecture. It:
  • REQUIRES compliance with
  • REQUIRES use of SCRAPI for Transparency Service interactions
  • RECOMMENDS COSE Receipts for inclusion proofs
  • DEFINES domain-specific extensions for financial trading
This profile does not define a new protocol; it specifies how existing SCITT primitives are applied to the financial trading domain.
Scope This document specifies:
  • VCP Event schema as SCITT Signed Statement payload
  • Registration Policy requirements for VCP Transparency Services
  • Mapping of VCP concepts to SCITT terminology
  • Three conformance tiers with specific requirements
  • Crypto-shredding mechanism for privacy compliance
  • Three-layer integrity architecture
This document does not specify:
  • General SCITT architecture (see )
  • SCRAPI endpoints (see )
  • COSE Receipt format (see )
  • Specific regulatory mapping (covered in companion documents)
  • Mandatory anchoring services (deployment-specific)
Terminology This document uses terminology from . The following terms are specific to this profile:
VCP Event
A single auditable record in the VeritasChain Protocol, encoded as a SCITT Signed Statement. Consists of Header, Payload, and Security metadata.
VCP Issuer
An algorithmic trading system, AI model, or human operator that generates VCP Events. Corresponds to SCITT Issuer.
VCP Transparency Service
A SCITT Transparency Service configured with VCP-specific Registration Policies. Operates a VCP-compliant append-only log.
VCP Receipt
A COSE Receipt issued by a VCP Transparency Service, proving inclusion of a VCP Event in the log.
Actor
An entity (algorithm, human operator, or system) identified by ActorID that generates VCP Events.
Crypto-Shredding
A privacy technique where encrypted payload data is rendered permanently unrecoverable by destroying the encryption key, while preserving the cryptographic integrity proofs (hashes and Receipts).
Conformance Tier
One of three implementation levels (Silver, Gold, Platinum) with increasing requirements for timing precision, anchoring frequency, and cryptographic guarantees.
External Anchor
A cryptographic commitment (typically a Merkle root) published to an external, independent system (e.g., public blockchain, timestamping authority). External anchoring supports omission detection and enables third-party completeness verification.
Policy Identification
A field within the VCP Event that explicitly identifies the applicable Registration Policy and conformance tier.
SCITT Terminology Mapping The following table maps VCP concepts to SCITT terminology: VCP to SCITT Terminology Mapping
VCP Concept SCITT Equivalent Notes
VCP Event Signed Statement VCP Event is the payload of a Signed Statement
VCP Issuer Issuer Trading system or AI model
VCP Transparency Service Transparency Service With VCP Registration Policy
VCP Receipt Receipt COSE Receipt with Merkle inclusion proof
Hash Chain (Optional) Append-only Log VCP optionally adds per-Actor chaining
External Anchor Merkle Tree Root Periodic commitment supporting completeness verification
Architecture VCP builds upon the SCITT architecture with domain-specific extensions for financial trading: | | (via SCRAPI) | | | 3. Validate against | | Registration Policy | | | | 4. Append to Log | | |<-------- VCP Receipt --------+ | (COSE Receipt) | | | +--------+---------+ +------------+------------+ | Verifier | | External Anchor | | (Auditor/Regul.) | | (Timestamp/Blockchain) | +------------------+ +-------------------------+ ]]>
Event Flow
  1. Event Generation: VCP Issuer creates a VCP Event containing trading decision or execution data.
  2. Signing: Event is signed using COSE_Sign1 with the Issuer's private key.
  3. Registration: Signed Statement is submitted to VCP Transparency Service via SCRAPI POST /entries.
  4. Validation: Transparency Service validates against VCP Registration Policy.
  5. Logging: Valid statement is appended to the append-only log.
  6. Receipt: COSE Receipt with Merkle inclusion proof is returned to Issuer.
  7. External Anchoring (when deployed): Merkle root MAY be periodically anchored to an external system, enabling omission detection by third parties.
Per-Actor Hash Chain (Optional) VCP MAY maintain per-Actor hash chains in addition to SCITT's global append-only log. When implemented, each VCP Event includes a PrevHash field containing the hash of the previous event from the same Actor. This enables efficient verification of a single Actor's event sequence without downloading the entire log. Note: Per-Actor hash chains are OPTIONAL. When external anchoring is deployed, it provides the primary mechanism for completeness verification. Hash chains serve as a complementary local integrity mechanism. Event_A2 --hash--> Event_A3 Actor B: Event_B1 --hash--> Event_B2 Global Log: [Event_A1, Event_B1, Event_A2, Event_B2, Event_A3, ...] ]]>
Three-Layer Integrity Architecture VCP defines a three-layer architecture that separates concerns and clarifies where integrity guarantees originate: VCP Three-Layer Architecture
Layer Component Guarantee Protocol Requirement
Layer 1 Event Integrity Individual event authenticity via digital signature REQUIRED
Layer 2 Collection Integrity Merkle tree over event collection REQUIRED
Layer 3 External Verifiability Merkle root anchored to external system OPTIONAL (see note)
Note: Layer 3 (External Verifiability) is OPTIONAL at the protocol level. However, VCP certification policies (VC-Certified program) require external anchoring at tier-specific frequencies. This separation allows the protocol to remain flexible while certification programs can mandate stronger guarantees. External anchoring enables omission detection: without it, a log producer could theoretically withhold events before publishing a Merkle root. When deployed, anchoring allows third parties to verify that the published root matches the expected state, supporting "Verify, Don't Trust" principles.
VCP Event Schema A VCP Event is encoded as the payload of a SCITT Signed Statement. The payload MUST be a JSON object conforming to the following schema:
Header Object The Header contains metadata common to all VCP Events:
EventID
REQUIRED. UUID v7 providing time-sortable unique identification.
TimestampISO
REQUIRED. ISO 8601 timestamp with nanosecond precision.
TimestampInt
REQUIRED. Integer timestamp in nanoseconds since Unix epoch.
EventType
REQUIRED. Three-letter code identifying the event type (see ).
ActorID
REQUIRED. Identifier of the entity generating this event.
ChainID
REQUIRED. Identifier of the per-Actor hash chain.
SequenceNum
REQUIRED. Monotonically increasing sequence number within the Actor's chain.
PolicyID
REQUIRED. URN identifying the Registration Policy and conformance tier. Format: urn:vcp:policy:{tier}:v{version}. Valid tier values: "silver", "gold", "platinum".
Payload Object The Payload contains domain-specific data organized into modules:
VCP-TRADE
Trading data: orders, executions, modifications, cancellations.
VCP-RISK
Risk management data: exposure, limits, margin.
VCP-GOV
Governance data: algorithm parameters, decision factors, operator actions.
VCP-PRIVACY
Privacy metadata: encryption keys, retention policies.
Security Object The Security object contains integrity and chaining information:
EventHash
REQUIRED. SHA-256 hash of the canonicalized Header and Payload, computed using JSON Canonicalization Scheme .
PrevHash
OPTIONAL. Hash of the previous event in this Actor's chain. If present, MUST match the EventHash of the preceding event (except for INIT events where it is absent).
MerkleRoot
OPTIONAL in individual events. Included in anchor (ANC) events when external anchoring is deployed.
SignAlgo
REQUIRED. Signature algorithm identifier. MUST be "ED25519" or "DILITHIUM3" (for post-quantum).
AnchorRef
OPTIONAL. When external anchoring is deployed, contains reference to the anchor location (e.g., blockchain transaction ID, TSA receipt ID).
Event Types VCP Event Types
Code Name Description
INITInitializationChain initialization, no PrevHash
SIGSignalTrading signal generated
ORDOrderOrder submitted
ACKAcknowledgmentOrder acknowledged by venue
EXEExecutionOrder executed (fill)
CXLCancellationOrder cancelled
MODModificationOrder modified
RSKRiskRisk event or limit breach
ERRErrorSystem error
HBTHeartbeatPeriodic liveness signal
CLSClosePosition closed
ANCAnchorMerkle anchor event (when anchoring deployed)
Registration Policy A VCP Transparency Service MUST enforce a Registration Policy that validates incoming Signed Statements.
Policy Identification The PolicyID field MUST be explicitly included in the VCP Event Header. The Transparency Service MUST validate the registration request against the referenced Registration Policy and MUST NOT infer, select, or substitute a policy on its own. Valid PolicyID formats:
  • urn:vcp:policy:silver:v1.1
  • urn:vcp:policy:gold:v1.1
  • urn:vcp:policy:platinum:v1.1
Conformance tiers (Silver, Gold, Platinum) represent additional verification depth and operational requirements applied on top of the same core Registration Policy, and do not define separate or incompatible registration policies.
Validation Requirements The Registration Policy MUST verify:
  1. Schema Compliance: Payload conforms to VCP Event schema.
  2. PolicyID Present: Header contains a valid PolicyID field.
  3. Signature Validity: COSE_Sign1 signature is valid for the registered Issuer public key.
  4. Timestamp Validity: TimestampInt is within acceptable bounds (not in future, not too old).
  5. Chain Integrity (if PrevHash present): PrevHash matches the hash of the most recent event from this Actor.
  6. Sequence Monotonicity: SequenceNum is exactly one greater than the previous event's SequenceNum.
Tier-Specific Requirements This specification distinguishes timestamp resolution from clock accuracy. Nanosecond-resolution timestamps represent the storage format capability, while actual clock accuracy is explicitly recorded and enforced per tier. Conformance Tier Requirements
Requirement Silver Gold Platinum
Timestamp Resolution Millisecond Microsecond Nanosecond
Clock Accuracy NTP (~10ms) NTP + drift (~1ms) PTPv2 (<1μs)
Merkle Anchoring Frequency Daily (if deployed) Hourly (if deployed) Per-minute (if deployed)
Signature Algorithm Ed25519 Ed25519 Ed25519 + Dilithium (OPTIONAL)
Key Storage Software Software/HSM HSM Required
PrevHash Chain OPTIONAL OPTIONAL RECOMMENDED
Note: Silver tier is NOT intended for regulatory-grade algorithmic trading systems subject to MiFID II RTS 25, SEC Rule 17a-4, or equivalent clock synchronization requirements. Silver tier is appropriate for development, testing, backtesting analysis, and non-regulated trading scenarios.
Certification Policy Requirements This document does not mandate a specific external anchoring service. However, VCP certification programs (e.g., VC-Certified) impose additional operational requirements beyond the base protocol:
  • VC-Certified Silver: External anchoring required at minimum daily frequency.
  • VC-Certified Gold: External anchoring required at minimum hourly frequency. Multiple independent anchors RECOMMENDED.
  • VC-Certified Platinum: External anchoring required at minimum per-minute frequency. Multiple independent anchors with geographic distribution REQUIRED.
Certification requirements are defined by the VeritasChain Standards Organization and are separate from this protocol specification. Implementations MAY be protocol-compliant without obtaining certification, and certification policies MAY evolve independently of this document. When external anchoring is deployed, acceptable anchor targets include:
  • Public blockchains (e.g., Bitcoin, Ethereum)
  • Trusted timestamping authorities (TSA) per
  • Other append-only public ledgers
Crypto-Shredding for Privacy Compliance VCP supports crypto-shredding to enable GDPR-compliant data erasure while preserving audit trail integrity. This mechanism allows deletion of personal data without invalidating cryptographic proofs.
Mechanism
  1. Encryption: Sensitive payload fields are encrypted with a per-record or per-subject Data Encryption Key (DEK).
  2. Key Storage: DEK is stored separately, indexed by SubjectID.
  3. Hashing: EventHash is computed over the encrypted payload, preserving integrity.
  4. Shredding: Upon erasure request, DEK is destroyed. Encrypted data becomes unrecoverable.
  5. Verification: Receipt and hash chain remain valid—verifiers can confirm event existence and ordering without accessing decrypted content.
VCP-PRIVACY Module
SCRAPI Integration VCP Transparency Services MUST implement SCRAPI with the following VCP-specific considerations:
Registration (POST /entries) VCP Events are submitted as COSE_Sign1 Signed Statements: ]]> The Transparency Service validates the VCP Registration Policy and returns a COSE Receipt on success.
Retrieval (GET /entries/{entry_id}) Retrieve a specific VCP Event by its entry ID (derived from EventID).
Receipt (GET /entries/{entry_id}/receipt) Retrieve the COSE Receipt for a registered VCP Event, containing the Merkle inclusion proof.
Anchor Status (GET /anchors/{anchor_id}) When external anchoring is deployed, retrieve the anchor status for a Merkle root, including the external reference (e.g., blockchain transaction ID).
Security Considerations
Integrity Architecture VCP's three-layer architecture provides defense in depth:
  • Layer 1 (Event Integrity): Digital signatures on individual events prevent forgery.
  • Layer 2 (Collection Integrity): Merkle trees enable efficient proof of inclusion.
  • Layer 3 (External Verifiability): When deployed, external anchoring supports omission detection by enabling third parties to verify published Merkle roots against independent records.
The optional per-Actor hash chain provides additional local integrity guarantees but is not required for external verifiability. Mitigations against key compromise:
  • Frequent Merkle anchoring to external immutable stores (when deployed)
  • HSM-based key storage (Platinum tier requirement)
  • Key rotation with explicit ROTATE events
Quantum Resistance Ed25519 signatures are vulnerable to attacks by cryptographically relevant quantum computers. VCP provides crypto-agility to address future threats:
  • SignAlgo field enables algorithm negotiation and migration
  • Post-quantum signature algorithms (e.g., ML-DSA/Dilithium) are OPTIONAL and intended for experimental or high-assurance deployments
  • Hash chain integrity based on SHA-256 provides approximately 128-bit post-quantum security against Grover's algorithm
Implementers requiring post-quantum guarantees SHOULD monitor CFRG and PQUIP working group outputs for updated guidance on algorithm selection and migration timelines.
Timing Attacks Clock manipulation can enable backdating of events. Mitigations:
  • UUID v7 provides embedded timestamp that must match TimestampInt
  • Transparency Service enforces timestamp bounds
  • Platinum tier requires PTPv2 synchronization
  • External anchoring (when deployed) provides independent timestamp attestation
Privacy Considerations VCP Events may contain sensitive trading information. Operators SHOULD:
  • Use crypto-shredding for personal data subject to GDPR
  • Implement access controls on Transparency Service queries
  • Consider encrypted payloads for highly sensitive data
Completeness Considerations SCITT provides inclusion proofs but does not inherently guarantee completeness (i.e., that no events have been omitted). VCP addresses this through a completeness-aware design:
  • Sequence numbers enable detection of gaps within an Actor's chain
  • External anchoring (when deployed) enables third-party verification that the published Merkle root matches expectations
  • Heartbeat events (HBT) provide liveness signals that support detection of extended omission periods
These mechanisms support omission detection but do not provide absolute completeness guarantees. Deployments requiring strong completeness assurance SHOULD implement external anchoring and consider additional monitoring mechanisms.
IANA Considerations This document has no IANA actions at this time. Future versions of this specification may request:
  • Registration of media type "application/vcp+json"
  • Establishment of a VCP Event Type registry
  • COSE algorithm identifiers for VCP-specific extensions
  • URN namespace for VCP Policy IDs
 References Normative References Key words for use in RFCs to Indicate Requirement Levels Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words JSON Canonicalization Scheme (JCS) CBOR Object Signing and Encryption (COSE) Universally Unique IDentifiers (UUIDs) An Architecture for Trustworthy and Transparent Digital Supply Chains SCITT Reference APIs Informative References Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) Certificate Transparency
Complete VCP Event Example The following is a complete VCP v1.1 Event encoded as JSON, ready to be wrapped in a COSE_Sign1 Signed Statement: Note: PrevHash is OPTIONAL. AnchorRef would be included after external anchoring is performed.
JSON Schema Reference The complete JSON Schema for VCP Events is available at:
Changes from draft-kamimura-scitt-vcp-01 This section summarizes the changes from version -01 to -02:
  • Updated title to explicitly indicate this is a SCITT profile
  • Updated to align with VCP Specification v1.1
  • Clarified that external anchoring is a certification policy requirement, not a protocol-level mandate (new Section 5.4)
  • PrevHash changed from REQUIRED to OPTIONAL
  • Added Three-Layer Architecture section (Section 3.3)
  • Added PolicyID as a REQUIRED field in the Header
  • Added Completeness Considerations section (Section 8.5)
  • Clarified that this profile does not define a new protocol
  • Removed unused informative references
Acknowledgements The authors thank the members of the VeritasChain Standards Organization Technical Committee for their contributions to this specification. This work builds upon the SCITT architecture developed by the IETF SCITT Working Group, and the Certificate Transparency work in . Special thanks to the SCITT WG participants who provided feedback on draft-kamimura-scitt-vcp-01, which informed the improvements in this version.