| Internet-Draft | SCITT-VCP | January 2026 |
| Kamimura | Expires 9 July 2026 | [Page] |
This document defines a profile of the SCITT (Supply Chain Integrity, Transparency, and Trust) architecture for creating tamper-evident audit trails of AI-driven algorithmic trading decisions and executions. The VeritasChain Protocol (VCP) applies the SCITT framework to address the specific requirements of financial markets, including high-precision timestamps, regulatory compliance considerations (EU AI Act, MiFID II), and privacy-preserving mechanisms (crypto-shredding) compatible with GDPR. This profile specifies how VCP events are encoded as SCITT Signed Statements, registered with Transparency Services, and verified using COSE Receipts.¶
This note is to be removed before publishing as an RFC.¶
The latest version of this document, along with implementation resources and test vectors, can be found at https://github.com/veritaschain/vcp-spec.¶
Discussion of this document takes place on the SCITT Working Group mailing list (scitt@ietf.org).¶
Changes from -01:¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 9 July 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The SCITT (Supply Chain Integrity, Transparency, and Trust) architecture [I-D.ietf-scitt-architecture] provides a framework for creating tamper-evident logs of digital artifacts through Transparency Services. While SCITT was initially designed for software supply chain use cases, its core primitives—Signed Statements, Receipts, and Transparency Services—are applicable to any domain requiring verifiable audit trails.¶
This document specifies a SCITT profile for AI-driven algorithmic trading systems in financial markets. The VeritasChain Protocol (VCP) applies the SCITT architecture with domain-specific extensions:¶
VCP serves as an "AI Flight Recorder" for algorithmic trading, enabling post-incident reconstruction of system behavior with cryptographic proof of integrity.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document is a profile of the SCITT architecture. It:¶
This profile does not define a new protocol; it specifies how existing SCITT primitives are applied to the financial trading domain.¶
This document specifies:¶
This document does not specify:¶
This document uses terminology from [I-D.ietf-scitt-architecture]. The following terms are specific to this profile:¶
The following table maps VCP concepts to SCITT terminology:¶
| VCP Concept | SCITT Equivalent | Notes |
|---|---|---|
| VCP Event | Signed Statement | VCP Event is the payload of a Signed Statement |
| VCP Issuer | Issuer | Trading system or AI model |
| VCP Transparency Service | Transparency Service | With VCP Registration Policy |
| VCP Receipt | Receipt | COSE Receipt with Merkle inclusion proof |
| Hash Chain (Optional) | Append-only Log | VCP optionally adds per-Actor chaining |
| External Anchor | Merkle Tree Root | Periodic commitment supporting completeness verification |
VCP builds upon the SCITT architecture with domain-specific extensions for financial trading:¶
+------------------+ +-------------------------+
| VCP Issuer | | VCP Transparency |
| (Trading System) | | Service |
+--------+---------+ +------------+------------+
| |
| 1. Create VCP Event |
| 2. Sign as COSE_Sign1 |
| |
+------ Signed Statement ----->|
| (via SCRAPI) |
| | 3. Validate against
| | Registration Policy
| |
| | 4. Append to Log
| |
|<-------- VCP Receipt --------+
| (COSE Receipt) |
| |
+--------+---------+ +------------+------------+
| Verifier | | External Anchor |
| (Auditor/Regul.) | | (Timestamp/Blockchain) |
+------------------+ +-------------------------+
¶
VCP MAY maintain per-Actor hash chains in addition to SCITT's global append-only log. When implemented, each VCP Event includes a PrevHash field containing the hash of the previous event from the same Actor. This enables efficient verification of a single Actor's event sequence without downloading the entire log.¶
Note: Per-Actor hash chains are OPTIONAL. When external anchoring is deployed, it provides the primary mechanism for completeness verification. Hash chains serve as a complementary local integrity mechanism.¶
Actor A: Event_A1 --hash--> Event_A2 --hash--> Event_A3 Actor B: Event_B1 --hash--> Event_B2 Global Log: [Event_A1, Event_B1, Event_A2, Event_B2, Event_A3, ...]¶
VCP defines a three-layer architecture that separates concerns and clarifies where integrity guarantees originate:¶
| Layer | Component | Guarantee | Protocol Requirement |
|---|---|---|---|
| Layer 1 | Event Integrity | Individual event authenticity via digital signature | REQUIRED |
| Layer 2 | Collection Integrity | Merkle tree over event collection | REQUIRED |
| Layer 3 | External Verifiability | Merkle root anchored to external system | OPTIONAL (see note) |
Note: Layer 3 (External Verifiability) is OPTIONAL at the protocol level. However, VCP certification policies (VC-Certified program) require external anchoring at tier-specific frequencies. This separation allows the protocol to remain flexible while certification programs can mandate stronger guarantees.¶
External anchoring enables omission detection: without it, a log producer could theoretically withhold events before publishing a Merkle root. When deployed, anchoring allows third parties to verify that the published root matches the expected state, supporting "Verify, Don't Trust" principles.¶
Layer 1: Event Integrity
+--------+ +--------+ +--------+
| Event1 | | Event2 | | Event3 |
| (sig) | | (sig) | | (sig) |
+---+----+ +---+----+ +---+----+
| | |
v v v
Layer 2: Collection Integrity (Merkle Tree)
+------------------------------------------+
| Merkle Root |
+---------------------+--------------------+
|
v (when deployed)
Layer 3: External Verifiability
+------------------------------------------+
| External Anchor (Blockchain/TSA/etc.) |
+------------------------------------------+
¶
A VCP Event is encoded as the payload of a SCITT Signed Statement. The payload MUST be a JSON object conforming to the following schema:¶
The Header contains metadata common to all VCP Events:¶
{
"Header": {
"EventID": "01961e5f-5c0d-7000-8000-123456789abc",
"TimestampISO": "2026-03-15T09:30:00.123456789Z",
"TimestampInt": 1742034600123456789,
"EventType": "ORD",
"ActorID": "algo-momentum-001",
"ChainID": "chain-actor-001",
"SequenceNum": 42,
"PolicyID": "urn:vcp:policy:silver:v1.1"
}
}
¶
The Payload contains domain-specific data organized into modules:¶
{
"Payload": {
"VCP-TRADE": {
"OrderID": "ord-2026-001",
"Symbol": "AAPL",
"Side": "BUY",
"Quantity": "100",
"Price": "185.50",
"OrderType": "LIMIT"
},
"VCP-GOV": {
"AlgoID": "momentum-v2.3",
"DecisionFactors": ["RSI_oversold", "volume_spike"],
"ConfidenceScore": 0.87
}
}
}
¶
The Security object contains integrity and chaining information:¶
{
"Security": {
"EventHash": "sha256:a1b2c3d4...",
"PrevHash": "sha256:f6e5d4c3...",
"MerkleRoot": "sha256:1234abcd...",
"SignAlgo": "ED25519",
"AnchorRef": "eth:0x1234...@12345678"
}
}
¶
| Code | Name | Description |
|---|---|---|
| INIT | Initialization | Chain initialization, no PrevHash |
| SIG | Signal | Trading signal generated |
| ORD | Order | Order submitted |
| ACK | Acknowledgment | Order acknowledged by venue |
| EXE | Execution | Order executed (fill) |
| CXL | Cancellation | Order cancelled |
| MOD | Modification | Order modified |
| RSK | Risk | Risk event or limit breach |
| ERR | Error | System error |
| HBT | Heartbeat | Periodic liveness signal |
| CLS | Close | Position closed |
| ANC | Anchor | Merkle anchor event (when anchoring deployed) |
A VCP Transparency Service MUST enforce a Registration Policy that validates incoming Signed Statements.¶
The PolicyID field MUST be explicitly included in the VCP Event Header. The Transparency Service MUST validate the registration request against the referenced Registration Policy and MUST NOT infer, select, or substitute a policy on its own.¶
Valid PolicyID formats:¶
Conformance tiers (Silver, Gold, Platinum) represent additional verification depth and operational requirements applied on top of the same core Registration Policy, and do not define separate or incompatible registration policies.¶
The Registration Policy MUST verify:¶
This specification distinguishes timestamp resolution from clock accuracy. Nanosecond-resolution timestamps represent the storage format capability, while actual clock accuracy is explicitly recorded and enforced per tier.¶
| Requirement | Silver | Gold | Platinum |
|---|---|---|---|
| Timestamp Resolution | Millisecond | Microsecond | Nanosecond |
| Clock Accuracy | NTP (~10ms) | NTP + drift (~1ms) | PTPv2 (<1μs) |
| Merkle Anchoring Frequency | Daily (if deployed) | Hourly (if deployed) | Per-minute (if deployed) |
| Signature Algorithm | Ed25519 | Ed25519 | Ed25519 + Dilithium (OPTIONAL) |
| Key Storage | Software | Software/HSM | HSM Required |
| PrevHash Chain | OPTIONAL | OPTIONAL | RECOMMENDED |
Note: Silver tier is NOT intended for regulatory-grade algorithmic trading systems subject to MiFID II RTS 25, SEC Rule 17a-4, or equivalent clock synchronization requirements. Silver tier is appropriate for development, testing, backtesting analysis, and non-regulated trading scenarios.¶
This document does not mandate a specific external anchoring service. However, VCP certification programs (e.g., VC-Certified) impose additional operational requirements beyond the base protocol:¶
Certification requirements are defined by the VeritasChain Standards Organization and are separate from this protocol specification. Implementations MAY be protocol-compliant without obtaining certification, and certification policies MAY evolve independently of this document.¶
When external anchoring is deployed, acceptable anchor targets include:¶
VCP supports crypto-shredding to enable GDPR-compliant data erasure while preserving audit trail integrity. This mechanism allows deletion of personal data without invalidating cryptographic proofs.¶
{
"VCP-PRIVACY": {
"EncryptedFields": ["VCP-TRADE.ClientID", "VCP-TRADE.AccountID"],
"KeyID": "dek-2026-001-subject-12345",
"Algorithm": "AES-256-GCM",
"RetentionPolicy": "GDPR-5Y"
}
}
¶
VCP Transparency Services MUST implement SCRAPI [I-D.ietf-scitt-scrapi] with the following VCP-specific considerations:¶
VCP Events are submitted as COSE_Sign1 Signed Statements:¶
POST /entries HTTP/1.1 Host: vcp-ts.example.com Content-Type: application/cose <COSE_Sign1 containing VCP Event payload>¶
The Transparency Service validates the VCP Registration Policy and returns a COSE Receipt on success.¶
Retrieve a specific VCP Event by its entry ID (derived from EventID).¶
Retrieve the COSE Receipt for a registered VCP Event, containing the Merkle inclusion proof.¶
When external anchoring is deployed, retrieve the anchor status for a Merkle root, including the external reference (e.g., blockchain transaction ID).¶
VCP's three-layer architecture provides defense in depth:¶
The optional per-Actor hash chain provides additional local integrity guarantees but is not required for external verifiability.¶
Mitigations against key compromise:¶
Ed25519 signatures are vulnerable to attacks by cryptographically relevant quantum computers. VCP provides crypto-agility to address future threats:¶
Implementers requiring post-quantum guarantees SHOULD monitor CFRG and PQUIP working group outputs for updated guidance on algorithm selection and migration timelines.¶
Clock manipulation can enable backdating of events. Mitigations:¶
VCP Events may contain sensitive trading information. Operators SHOULD:¶
SCITT provides inclusion proofs but does not inherently guarantee completeness (i.e., that no events have been omitted). VCP addresses this through a completeness-aware design:¶
These mechanisms support omission detection but do not provide absolute completeness guarantees. Deployments requiring strong completeness assurance SHOULD implement external anchoring and consider additional monitoring mechanisms.¶
This document has no IANA actions at this time.¶
Future versions of this specification may request:¶
The following is a complete VCP v1.1 Event encoded as JSON, ready to be wrapped in a COSE_Sign1 Signed Statement:¶
{
"Header": {
"EventID": "01961e5f-5c0d-7000-8000-123456789abc",
"TimestampISO": "2026-03-15T09:30:00.123456789Z",
"TimestampInt": 1742034600123456789,
"EventType": "ORD",
"ActorID": "algo-momentum-001",
"ChainID": "chain-actor-001",
"SequenceNum": 42,
"PolicyID": "urn:vcp:policy:gold:v1.1"
},
"Payload": {
"VCP-TRADE": {
"OrderID": "ord-2026-001",
"Symbol": "AAPL",
"Side": "BUY",
"Quantity": "100",
"Price": "185.50",
"OrderType": "LIMIT",
"TimeInForce": "DAY"
},
"VCP-GOV": {
"AlgoID": "momentum-v2.3",
"DecisionFactors": ["RSI_oversold", "volume_spike"],
"ConfidenceScore": 0.87,
"RiskCheckPassed": true
}
},
"Security": {
"EventHash": "sha256:a1b2c3...",
"PrevHash": "sha256:f6e5d4...",
"SignAlgo": "ED25519"
}
}
¶
Note: PrevHash is OPTIONAL. AnchorRef would be included after external anchoring is performed.¶
The complete JSON Schema for VCP Events is available at:¶
This section summarizes the changes from version -01 to -02:¶
The authors thank the members of the VeritasChain Standards Organization Technical Committee for their contributions to this specification. This work builds upon the SCITT architecture developed by the IETF SCITT Working Group, and the Certificate Transparency work in [RFC6962].¶
Special thanks to the SCITT WG participants who provided feedback on draft-kamimura-scitt-vcp-01, which informed the improvements in this version.¶