TL;DR
- Solving the "black box problem" in AI trading with cryptographically verifiable audit trails
- SHA-256 hash chains + Ed25519 signatures = tamper-proof event logs
- Delete one line → verification fails - tamper detection demo included
- Zero external dependencies - Python standard library only, works offline
- GitHub: veritaschain/vcp-rta-reference
Introduction: The AI Trading Accountability Gap
As AI and algorithmic trading systems increasingly influence financial markets, their internal decision-making processes typically remain opaque and difficult to audit after the fact.
- "Why did it make this trading decision?"
- "Did it really submit the order at this timestamp?"
- "Has the log been tampered with?"
Regulators and auditors currently lack reliable means to verify these questions post-hoc.
The VeritasChain Protocol (VCP) provides a technical solution to this problem.
What is VCP?
VeritasChain Protocol (VCP) is an open specification for standardizing audit trails in algorithmic trading systems.
Core Concept
"Verify, Don't Trust"
Generate audit trails that third parties can independently verify without trusting the system operator.
VCP Module Architecture
| Module | Purpose |
|---|---|
| VCP-CORE | Event IDs, Timestamps, Hash Chain |
| VCP-TRADE | Order/Execution Recording |
| VCP-GOV | AI Decision Transparency (multi-model voting) |
| VCP-RISK | Risk Parameters (TP/SL/TTL) |
| VCP-SEC | Cryptographic Signatures, Key Management |
VCP-RTA: Technical Deep Dive
Architecture Overview
┌─────────────────────────────────────────────────────────────┐
│ VCP-RTA Architecture │
├─────────────────────────────────────────────────────────────┤
│ │
│ AI Models (5x) Trading Platform VCP Logger │
│ ┌─────────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ Gemini │ │ │ │ │ │
│ │ GPT │─────▶│ Order │─────▶│ SIG/ORD/ │ │
│ │ Claude │ │ Execution │ │ ACK/EXE/ │ │
│ │ Grok │ │ │ │ CLS │ │
│ │ Perplexity │ └──────────────┘ └────────────┘ │
│ └─────────────┘ │ │
│ │ ▼ │
│ │ Consensus Hash Chain │
│ ▼ (SHA-256) │
│ ┌─────────────┐ │ │
│ │ VCP-GOV │ ▼ │
│ │ (AI Votes) │ Ed25519 Sign │
│ └─────────────┘ │ │
│ ▼ │
│ Merkle Root │
└─────────────────────────────────────────────────────────────┘
Event Chain Structure
Each trade lifecycle is recorded as 5 event types:
TraceID: 20251118_022757_BUY
│
├── SIG (EventTypeCode: 1) ─ AI Consensus Signal
│
├── ORD (EventTypeCode: 2) ─ Order Submission
│
├── ACK (EventTypeCode: 3) ─ Broker Acknowledgment
│
├── EXE (EventTypeCode: 4) ─ Execution
│
└── CLS (EventTypeCode: 9) ─ Position Close
Hash Chain Implementation
Each event references the hash of the previous event, forming a cryptographic chain:
def compute_event_hash(header: dict, payload: dict, prev_hash: str) -> str:
"""
EventHash = SHA-256(canonical(Header) + canonical(Payload) + PrevHash)
"""
canonical_header = canonical_json(header) # RFC 8785 JCS
canonical_payload = canonical_json(payload)
hash_input = canonical_header + canonical_payload + prev_hash.encode('utf-8')
return hashlib.sha256(hash_input).hexdigest()
RFC 8785 (JSON Canonicalization Scheme) ensures identical data always produces identical hashes:
def canonical_json(obj: dict) -> bytes:
"""Sort keys and serialize without whitespace"""
def sort_keys(item):
if isinstance(item, dict):
return {k: sort_keys(v) for k, v in sorted(item.items())}
elif isinstance(item, list):
return [sort_keys(i) for i in item]
return item
sorted_obj = sort_keys(obj)
return json.dumps(sorted_obj, ensure_ascii=False, separators=(',', ':')).encode('utf-8')
Ed25519 Digital Signatures
VCP-RTA signs every event with Ed25519:
from nacl.signing import SigningKey
def sign_event(signing_key: SigningKey, event_hash: str) -> str:
"""Generate Ed25519 signature for EventHash"""
message = bytes.fromhex(event_hash)
signed = signing_key.sign(message)
return signed.signature.hex()
Signed Event Example
{
"Header": {
"EventID": "019a92db-ece7-73df-a65c-af1ffd18e198",
"TraceID": "20251118_022757_BUY",
"Timestamp": 1763400477927,
"EventType": "SIG",
"Symbol": "USDJPY",
"VCPVersion": "1.0",
"Tier": "SILVER"
},
"Payload": {
"VCP_GOV": {
"AlgoID": "VCP-RTA",
"DecisionType": "AI_CONSENSUS",
"AIModels": {
"gemini": {"direction": "BUY", "confidence": 0.85},
"gpt": {"direction": "BUY", "confidence": 0.70},
"claude": {"direction": "BUY", "confidence": 0.85},
"grok": {"direction": "SELL", "confidence": 0.75},
"pplx": {"direction": "BUY", "confidence": 0.80}
},
"ConsensusDirection": "BUY",
"ConsensusScore": 0.779
}
},
"Security": {
"EventHash": "affda6b3709b7bfefaba6832...",
"PrevHash": "00000000000000000000000000000000...",
"SignAlgo": "ED25519",
"Signature": "41075972152e3fe18dfe6dbe2eaf2591...",
"KeyID": "vcp-rta-key-2025-001"
}
}
Key Point: Each AI model's judgment (direction) and confidence score are recorded. This enables post-hoc verification of "why this trading decision was made."
Verification Tool: Zero Dependencies
The verification script runs on Python standard library only:
git clone https://github.com/veritaschain/vcp-rta-reference.git
cd vcp-rta-reference
# Run verification (no pip install required!)
python tools/verifier/vcp_verifier.py evidence/01_sample_logs/vcp_rta_demo_events.jsonl
Output Example
============================================================
VCP Chain Verification Report
============================================================
File: vcp_rta_demo_events.jsonl
Total Events: 150
Unique TraceIDs: 30
Event Types:
ACK: 30
CLS: 30
EXE: 30
ORD: 30
SIG: 30
Verification Results:
Genesis: PASS
Hash Chain: PASS
Timestamp Monotonicity: PASS
Signatures: PASS (150/150 valid)
============================================================
VERIFICATION: PASS - Chain integrity verified
============================================================
Merkle Root: e0a1a56c35c63b0ea33754f000ecdc73c1130c2cb9997b5deb728ba1a2ba69b9
Tamper Detection Demo: Delete One Line → FAIL
The real power of VCP is its tamper detection capability.
Run the Demo
cd evidence/03_tamper_demo
python tamper_demo.py
What Happens
- Delete line 5 from the 150-line event log
- Run verification
- Immediate FAIL with exact inconsistency location identified
======================================================================
VCP Tamper Detection Demo
======================================================================
[Step 1] Verifying Original Chain
--------------------------------------------------
Events: 150
Result: PASS
[Step 2] Creating Tampered Chain
--------------------------------------------------
Operation: Deleted line 5
Original Events: 150
After Tampering: 149
[Step 3] Verifying Tampered Chain
--------------------------------------------------
Result: FAIL
Detected: PrevHash mismatch at line 5
======================================================================
Conclusion: Deleting ONE line breaks the entire hash chain.
Any tampering is immediately detected.
======================================================================
Why Detection Works
Original Chain:
Event #4 → EventHash: abc123...
Event #5 → EventHash: def456... (PrevHash: abc123...)
Event #6 → EventHash: ghi789... (PrevHash: def456...)
After Deleting Event #5:
Event #4 → EventHash: abc123...
Event #6 → EventHash: ghi789... (PrevHash: def456... ← doesn't exist!)
^^^^^^^^^^^^^^^^
MISMATCH DETECTED
Merkle Tree and Timestamp Anchoring
A Merkle Root is computed from all 150 event hashes:
def compute_merkle_root(event_hashes: list) -> str:
"""RFC 6962 Certificate Transparency method"""
def leaf_hash(h: str) -> str:
return hashlib.sha256(b'\x00' + bytes.fromhex(h)).hexdigest()
def internal_hash(left: str, right: str) -> str:
return hashlib.sha256(b'\x01' + bytes.fromhex(left) + bytes.fromhex(right)).hexdigest()
current = [leaf_hash(h) for h in event_hashes]
while len(current) > 1:
next_level = []
for i in range(0, len(current), 2):
if i + 1 < len(current):
next_level.append(internal_hash(current[i], current[i+1]))
else:
next_level.append(current[i])
current = next_level
return current[0]
Merkle Root
e0a1a56c35c63b0ea33754f000ecdc73c1130c2cb9997b5deb728ba1a2ba69b9
This root hash can be anchored to the Bitcoin blockchain via OpenTimestamps, proving "this log existed at this point in time":
# Anchor with OpenTimestamps
ots stamp merkle_root.txt
# Verify
ots verify merkle_root.txt.ots
Evidence Pack Structure
The public repository includes:
evidence/
├── 00_raw/ # Anonymized raw data
├── 01_sample_logs/
│ ├── vcp_rta_demo_events.jsonl # 150 events (30 trade cycles)
│ └── README_sample_log.md
├── 02_verification/
│ ├── VERIFY.md # Verification procedures
│ └── expected_outputs/ # Expected output examples
├── 03_tamper_demo/
│ ├── tamper_demo.py # Tamper detection demo
│ ├── screenshot_pass.png # Verification success screenshot
│ └── screenshot_fail.png # Tamper detection screenshot
├── 04_anchor/
│ ├── merkle_root.txt # Merkle root
│ └── public_key.json # Ed25519 public key
└── 05_environment/
└── ENVIRONMENT.md # Execution environment specs
Important Disclaimer
⚠️ VCP-RTA is not a product, certification, or compliance determination.
It is provided solely as an educational and technical reference to demonstrate how VCP can be implemented in practice.
No claims are made regarding trading performance, regulatory approval, or live market deployment.
Summary
| Feature | Implementation |
|---|---|
| Hash Algorithm | SHA-256 |
| Signature Algorithm | Ed25519 |
| JSON Canonicalization | RFC 8785 JCS |
| Merkle Tree | RFC 6962 CT |
| External Dependencies | None (stdlib only) |
| Offline Verification | Supported |
VCP aims to establish an open standard for ensuring "accountability" in AI trading systems through cryptographic verification.
Links
- GitHub: veritaschain/vcp-rta-reference
- VCP Specification: veritaschain/vcp-spec
- Website: veritaschain.org
Feedback Welcome
Issues, PRs, questions, and suggestions are all welcome!
Verify, Don't Trust.
VCP - Establishing Truth in Algorithmic Trading
Top comments (0)