We've just released the VCP v1.1 Official Implementation Guide — a comprehensive resource for developers building cryptographic audit trails for algorithmic trading and AI-driven financial systems.
📖 Full documentation: github.com/veritaschain/vcp-docs/standards/vcp/v1.1
What is VCP?
VeritasChain Protocol (VCP) is an open standard for creating tamper-evident, cryptographically verifiable audit trails. Think of it as a "flight recorder for algorithms" — every decision, order, and execution is logged in a way that can be independently verified without trusting the log producer.
┌─────────────────────────────────────┐
│ Your Trading System │
│ [Algo] → [Order] → [Execution] │
└──────────────┬──────────────────────┘
│
▼
┌─────────────────────────────────────┐
│ VCP Sidecar │
│ [Hash] → [Merkle] → [Anchor] │
└─────────────────────────────────────┘
│
▼
Verifiable Audit Trail
The core principle: "Verify, Don't Trust."
What's New in v1.1?
1. Three-Layer Architecture
VCP v1.1 introduces a clear separation of concerns:
┌─────────────────────────────────────────────┐
│ LAYER 3: External Verifiability │
│ → Digital Signatures + External Anchoring │
├─────────────────────────────────────────────┤
│ LAYER 2: Collection Integrity │
│ → Merkle Trees (RFC 6962) │
├─────────────────────────────────────────────┤
│ LAYER 1: Event Integrity │
│ → SHA-256 EventHash │
└─────────────────────────────────────────────┘
Each layer has a specific purpose:
- Layer 1: Individual events are hashed
- Layer 2: Events are batched into Merkle trees
- Layer 3: Merkle roots are anchored externally (blockchain/TSA)
2. External Anchoring Now Required for All Tiers
The biggest change: Silver tier must now anchor externally.
| Tier | Anchor Frequency | Recommended |
|---|---|---|
| Platinum | 10 minutes | Ethereum / RFC 3161 |
| Gold | 1 hour | RFC 3161 TSA |
| Silver | 24 hours | OpenTimestamps (FREE) |
This means even retail traders using MT4/MT5 get cryptographic proof that their logs haven't been tampered with.
3. Policy Identification
Every event now declares its verification policy:
{
"policy_identification": {
"version": "1.1",
"policy_id": "com.example:trading-algo-v1",
"conformance_tier": "SILVER",
"verification_depth": {
"hash_chain_validation": false,
"merkle_proof_required": true,
"external_anchor_required": true
}
}
}
This tells verifiers exactly what guarantees to expect.
4. Hash Chain Now Optional
In v1.0, prev_hash linking was required. In v1.1, it's optional.
Why? Because Merkle trees + external anchoring provide equivalent (or stronger) integrity guarantees, and removing the hash chain requirement simplifies implementation for Silver tier.
Quick Start: Silver Tier in 50 Lines
Here's a minimal Python implementation:
import hashlib
import json
import uuid
from datetime import datetime, timezone
class MerkleTree:
def __init__(self):
self.leaves = []
def add(self, event_hash: str):
leaf = hashlib.sha256(b'\x00' + bytes.fromhex(event_hash)).digest()
self.leaves.append(leaf)
def root(self) -> str:
if not self.leaves:
return "0" * 64
nodes = self.leaves.copy()
while len(nodes) > 1:
if len(nodes) % 2:
nodes.append(nodes[-1])
nodes = [
hashlib.sha256(b'\x01' + nodes[i] + nodes[i+1]).digest()
for i in range(0, len(nodes), 2)
]
return nodes[0].hex()
class VCPClient:
def __init__(self, policy_id: str):
self.policy_id = policy_id
self.tree = MerkleTree()
def log(self, event_type: str, payload: dict) -> dict:
now = datetime.now(timezone.utc)
event = {
"header": {
"event_id": str(uuid.uuid4()),
"event_type": event_type,
"timestamp_iso": now.isoformat(),
"vcp_version": "1.1"
},
"payload": payload,
"policy_identification": {
"version": "1.1",
"policy_id": self.policy_id,
"conformance_tier": "SILVER"
}
}
canonical = json.dumps(
{"header": event["header"], "payload": event["payload"]},
sort_keys=True, separators=(',', ':')
)
event_hash = hashlib.sha256(canonical.encode()).hexdigest()
event["security"] = {"event_hash": event_hash}
self.tree.add(event_hash)
return event
def anchor(self) -> str:
"""Call daily. Returns Merkle root for external anchoring."""
root = self.tree.root()
self.tree = MerkleTree() # Reset
return root
Usage:
vcp = VCPClient("com.mycompany:algo-v1")
# Log events
vcp.log("ORD", {"order_id": "123", "symbol": "EURUSD", "side": "BUY"})
vcp.log("EXE", {"order_id": "123", "price": "1.0850", "qty": "100000"})
# Daily anchor (use OpenTimestamps for free Bitcoin anchoring)
merkle_root = vcp.anchor()
# → Anchor this to OpenTimestamps, RFC 3161 TSA, or blockchain
External Anchoring with OpenTimestamps
For Silver tier, OpenTimestamps provides free Bitcoin-backed timestamps:
pip install opentimestamps-client
import opentimestamps
def anchor_to_bitcoin(merkle_root: str):
timestamp = opentimestamps.stamp(bytes.fromhex(merkle_root))
with open(f"anchor_{merkle_root[:16]}.ots", 'wb') as f:
f.write(timestamp.serialize())
return {"status": "pending", "confirms_in": "~2 hours"}
That's it. Your audit trail is now anchored to the Bitcoin blockchain.
Sidecar Architecture: Zero Trading Impact
VCP is designed as a sidecar — it runs alongside your trading system without modifying it:
[Your Trading System] ────────────▶ [Broker]
│
│ (copy events)
▼
[VCP Sidecar] → [Hash] → [Merkle] → [Anchor]
Key principles:
- Non-invasive: No changes to trading logic
- Fail-safe: VCP failure doesn't affect trading
- Async-first: No latency impact
The implementation guide includes patterns for:
- REST API interception
- FIX protocol integration
- Kafka/Redis message queue tapping
- MT4/MT5 EA integration (with full MQL5 code)
Documentation Structure
The v1.1 implementation guide is organized as:
standards/vcp/v1.1/
├── README.md ← Start here
├── architecture.md ← Three-layer design
├── integrity-and-anchoring.md
├── policy-identification.md
├── completeness-guarantees.md
├── error-events.md ← Standardized ERR_* types
├── vcp-xref.md ← Dual logging (optional)
├── migration-from-v1.0.md
└── sidecar/
├── overview.md
├── mt5.md ← Full MQL5 implementation
└── generic.md ← REST, FIX, Kafka patterns
Why This Matters
In 2024-2025, over 80 prop trading firms collapsed amid disputes over trade verification. The common thread: no independent way to verify what actually happened.
VCP provides that verification layer. When both parties log with VCP (using the optional VCP-XREF dual logging), disputes become cryptographically resolvable.
Beyond trading, the same architecture applies to:
- AI decision logging (EU AI Act compliance)
- Algorithmic content moderation
- Autonomous system audit trails
Get Started
📖 Implementation Guide: github.com/veritaschain/vcp-docs/standards/vcp/v1.1
📋 Specification: github.com/veritaschain/vcp-spec
🔧 IETF Draft: draft-kamimura-scitt-vcp
🌐 Website: veritaschain.org
Certification Deadlines
If you're targeting VC-Certified status:
| Requirement | Deadline |
|---|---|
| Policy Identification | 2026-03-25 |
| External Anchor (Silver) | 2026-06-25 |
Questions? Open an issue on GitHub or reach out at technical@veritaschain.org.
Verify, Don't Trust. 🔐
Top comments (0)