Skip to main content

What it is

Verifiable Audit Log is a tamper-evident, post-quantum chain of business events. Append any event — a payment decision, an admin action, a config change, a compliance verdict — and it is content-addressed and recorded as a Falcon-1024-signed entry linked to the previous one. The result is an append-only log anyone can verify offline: no entry can be altered, inserted, removed, reordered, or back-dated. It is the Verifiable Archive chain generalised from documents to arbitrary events — the event is recorded inline, so it’s a lightweight, immutable system-of-record for anything an auditor needs to trust.

Tamper-evident chain

Each entry is signed and hash-linked to the one before it. Any alteration, insertion, deletion, reorder, or back-date breaks verification — and anyone can detect it from the public key.

Post-quantum, long-lived

Falcon-1024 signing means a record written now stays verifiable past the migration to post-quantum cryptography — the right horizon for retained audit logs.

Record anything

The event is an arbitrary JSON object, content-addressed and recorded inline — payments, decisions, access events, config and state changes, compliance verdicts.

Verify, don't trust

Verification is a pure function of the entries and the public key. Hand an auditor the log and the key; they verify it themselves — no service, no vendor dependency.

What you get

  • An audit trail you can prove. A database audit table can be edited by whoever owns the database. This chain is cryptographic — tampering is detectable by anyone, from the public key alone.
  • Vendor-independent verification. No service to call at audit time. The log and the public key are enough for a regulator or auditor to verify the whole history themselves.
  • Quantum-resistant retention. Records kept for years — even decades — stay verifiable past the post-quantum migration.
  • Record anything, lightweight. Events are recorded inline; there’s no blob store or encryption to operate. A pluggable store persists where you already persist.
  • Optionally Substrate 2-bound. Entries fold into the broader Substrate 2 evidence chain alongside receipts and document evidence.

How it works

StepWhat happens
AppendSubmit an event; it is content-addressed (sha256 of its canonical form).
Sign + linkThe entry is Falcon-signed and linked to the previous one (prev_entry_hash).
VerifyCheck any entry — or the whole chain’s integrity and ordering — offline.

Cryptography

  • Post-quantum signing + quantum-resistant chaining. Each entry is signed with Falcon-1024 (NIST Level 5) and linked by a SHA-256 hash chain — both resistant to quantum attack — so the log stays tamper-evident and verifiable into the post-quantum era.

Why commercial

The engine and verifier were never published as open source — there is no free tier to fall back on. It is offered as a commercial product because the value is in maintained, quantum-resistant, provable record-keeping:
  • Embed without attribution overhead. A commercial OEM licence lets you ship it inside your own product with no open-source notice obligations.
  • Enterprise terms. Support, warranty, and a defined relationship — for a records-critical dependency.
  • Maintained crypto suite. Post-quantum primitives are ongoing work, bundled into the licence.

Who it’s for

  • Regulated fintech and VASP back-offices that need an immutable, provable trail of payments, decisions, and access events.
  • SOX-scoped and public-company systems that need tamper-evident change and action logs an auditor can verify independently.
  • Security teams that want a log nobody — not even an attacker with database access — can alter undetected.
  • Anyone who needs a record an auditor or regulator can trust because nobody could have altered it.

Get Verifiable Audit Log

Verifiable Audit Log is an additional, separately-licensed package — an add-on that binds to Substrate 2, not part of Substrate 2 itself. It pairs with Verifiable Archive (documents) to form a complete verifiable evidence record. It is available self-serve as a Starter licence (see below) and as a commercial OEM SDK and is included in the AlgoVoi Enterprise and On-premise plans. It is not distributed on public package registries.

Buy Starter — $3,500

Starter licence — perpetual, self-hosted, paid in USDC on mainnet. The store issues your licence key + install command on settlement; install from the private index and set ALGOVOI_LICENSE_KEY to run. Enterprise / OEM (warranty, indemnity, SLA, multi-deployment, Substrate 2 binding): email us.