Skip to main content

What it is

Verifiable Archive is evidence-grade document archiving: prove a document existed at a point in time, hasn’t been altered, and sits in a record that can’t be back-dated, reordered, or silently deleted. Every document is content-addressed, encrypted at rest, and recorded as a post-quantum-signed entry in an append-only, hash-linked chain that anyone can verify offline. It is not a document-management system — no folders, sharing, or search. It is the evidence layer for documents: integrity, provenance, and verifiable retention, for records that must stand up to an audit or a regulator years later.

Tamper-evident chain

Each entry is signed and linked to the one before it. Any alteration, insertion, deletion, reorder, or back-date breaks verification — tampering is detectable, not deniable.

Post-quantum, both axes

Entries are Falcon-1024 signed; documents are encrypted with ML-KEM-1024 + AES-256-GCM. Records kept for decades stay verifiable and confidential past the migration to post-quantum cryptography.

Encrypted at rest, one method

Encryption happens in the engine, before storage — so a local-disk archive and an S3 archive are sealed identically. Storage only ever sees ciphertext.

Reporting & auditing built in

Signed audit reports, continuous integrity attestations, retention/compliance reports, and portable evidence packs — exported to your SIEM, Grafana, and GRC tools.

What you get

  • Evidence-grade integrity. A document’s hash is bound into a post-quantum-signed entry; the chain proves the whole archive’s order and completeness. Verification needs only the public key.
  • Encryption with one method, everywhere. ML-KEM-1024 + AES-256-GCM (a fresh per-document key) on local disk or S3 alike — the storage target is a plug-in, the cryptography is not.
  • Storage you choose. A local-filesystem backend for on-prem and air-gapped deployments, or an S3 / S3-compatible backend (Amazon S3, MinIO, Cloudflare R2, Wasabi) for durable object storage — same evidence model either way.
  • Reporting and auditing that proves continuity. A read-only auditor produces signed audit reports and continuous integrity attestations — chained “still intact as of T” proofs of custody — plus retention reports and regulator-verifiable evidence packs.
  • Feeds the tools you already run. Audit events and metrics export to SIEM (JSON-lines, syslog, CEF), Prometheus/Grafana (/metrics), and GRC/BI (CSV) — it owns the cryptography and integrates with your dashboards, rather than replacing them.
  • Optionally Substrate 2-bound. Fold archive entries and audit reports into the broader Substrate 2 evidence chain.

How it works

StepWhat happens
ArchiveHash the document, encrypt it, and record a signed entry linked to the previous one.
VerifyCheck any entry — or the whole chain’s integrity and ordering — offline, from the public key.
RetrieveFetch and decrypt a stored document, integrity-checked against its recorded hash.
AuditProduce signed reports, continuous attestations, retention reports, and evidence packs.

Packages

CapabilityWhat it is
Engine + local backendThe archive engine and a local-filesystem backend — on-prem, air-gapped.
S3 backendS3 / S3-compatible object storage (Amazon S3, MinIO, R2, Wasabi).
AuditorRead-only reporting & auditing with SIEM / Prometheus / GRC export adapters.

Backups

Notarise every backup into the archive’s tamper-evident, post-quantum chain — record just its hash (no double-storage) or encrypt and store the bytes: 
import hashlib
from algovoi_doc_archive import Archive, LocalFsBackend, HybridPqcEncryptor, signing
from algovoi_doc_archive.encryption import generate_mlkem_keypair

# One-time keys: Falcon-1024 signs entries; ML-KEM-1024 encrypts documents.
pk, sk         = signing.generate_keypair()
kem_pk, kem_sk = generate_mlkem_keypair()        # keep kem_sk offline — needed only to restore

# Public ML-KEM key only → the backup host can sign + encrypt, but cannot read past backups.
arc = Archive(secret_key=sk, public_key=pk,
              storage=LocalFsBackend("/srv/archive"),
              encryptor=HybridPqcEncryptor(kem_pk))

backup = open("db-2026-06-09.sql.gz", "rb").read()

# Hash-only: record existence + integrity, no extra storage.
e = await arc.notarize(doc_hash="sha256:" + hashlib.sha256(backup).hexdigest(),
                       title="db-2026-06-09", metadata={"host": "db01"})

# ...or encrypt-and-store the bytes (post-quantum encryption at rest):
# e = await arc.notarize(data=backup, title="db-2026-06-09", content_type="application/gzip")

assert (await arc.verify_chain()).valid          # whole-chain integrity + ordering — offline
  • Write-only nodes — give the backup host only the ML-KEM public key; the secret key lives in an offline vault and is needed only to retrieve() and restore.
  • Two modeshash-only is a signed, ordered, tamper-evident ledger of your existing backups with no extra storage; encrypt-and-store also keeps the bytes encrypted at rest (ML-KEM-1024 + AES-256-GCM).
  • Independent audit — anyone holding the Falcon public key can verify the entire chain offline, with no AlgoVoi service and no secret. Swap LocalFsBackend for the S3 backend for object storage, same chain.

Cryptography

  • Post-quantum on both axes. Entries are signed with Falcon-1024 (NIST Level 5); documents are encrypted with ML-KEM-1024 + AES-256-GCM. Both the integrity (signatures) and the confidentiality (encryption) are post-quantum — not just the signatures.
  • The append-only chain is SHA-256-linked (quantum-resistant) and verifies offline.

Why commercial

The engine, verifier, and auditor were never published as open source — there is no free tier to fall back on. It is offered as a commercial product because the value is in maintained, quantum-resistant, evidence-grade archiving:
  • Embed without attribution overhead. A commercial OEM licence lets you ship it inside your own product with no open-source notice obligations.
  • Enterprise terms. Support, warranty, and a defined relationship — for a records-critical dependency.
  • Maintained crypto suite. Post-quantum primitives and long-horizon record formats are ongoing work, bundled into the licence.

Who it’s for

  • Regulated record-keeping — broker-dealers, investment firms, and any organisation with tamper-evident, long-horizon retention obligations.
  • Legal, IP, and contracts — proof a document or invention existed on a date, unaltered.
  • Healthcare and public sector — long-lived immutable records, including air-gapped on-prem.
  • Anyone who needs records that an auditor or regulator can verify independently, without trusting the storage vendor.

Get Verifiable Archive

Verifiable Archive is an additional, separately-licensed package — an add-on that binds to Substrate 2, not part of Substrate 2 itself. It is available self-serve as a Starter licence (see below) and as a commercial OEM SDK and is included in the AlgoVoi Enterprise and On-premise plans. It is not distributed on public package registries.

Buy Starter — from $1,500

Three Starter licences — perpetual, self-hosted, paid in USDC: Verifiable Archive 4,000,S3backend4,000**, **S3 backend 1,500 (needs the Archive), Archive Auditor $3,000 (needs the Archive). The store issues your licence key + install command; set ALGOVOI_LICENSE_KEY to run. Enterprise / OEM: email us.