VeritasChain Standards Organization (VSO)

Posted on Jan 6

We Open-Sourced a Cryptographic Audit Trail for FIX Trading — Here's How to Verify It

#fix #fintech #opensource

TL;DR

We just released a complete, cryptographically verifiable evidence pack for FIX Protocol trading:

git clone https://github.com/veritaschain/vcp-fix-rta-reference
cd vcp-fix-rta-reference
python verify.py

Output:

VCP v1.1 Compliance Check: ✓ FULLY COMPLIANT
Overall: ✓ CRYPTOGRAPHICALLY VERIFIED

That's it. 27 trading events, 18 FIX messages, three-layer cryptographic integrity — all independently verifiable.

Why This Matters

Every algo trading shop has logs. But can you prove they haven't been tampered with?

Traditional answer: "Trust us."

Our answer: "Here's the math."

The VeritasChain Protocol (VCP) creates tamper-evident audit trails using:

SHA-256 hash chains (event integrity)
RFC 6962 Merkle trees (batch completeness)
Ed25519 signatures (non-repudiation)
External anchoring (third-party verifiability)

This reference implementation shows exactly how it works with real FIX 4.4 trading workflows.

What's in the Repository

vcp-fix-rta-reference/
├── events.json           # 27 VCP events with cryptographic hashes
├── fix_messages.jsonl    # 18 source FIX messages
├── batches.json          # Merkle tree with RFC 6962 proofs
├── anchors.json          # External anchor record
├── verify.py             # One-command verification script
├── mapping.md            # FIX Tag → VCP Field transformations
├── certificates/         # Event certificates with inclusion proofs
├── keys/                 # Ed25519 public key (demo)
└── verifier_outputs/     # Pre-computed verification results

The Evidence Pack Structure

This is based on production FIX trading activity — a complete order lifecycle from signal generation to execution, cancellation, and rejection.

FIX Message	VCP Event	Count
NewOrderSingle (D)	ORD	5
ExecutionReport - New (8/150=0)	ACK	4
ExecutionReport - Fill (8/150=2)	EXE	3
ExecutionReport - Partial (8/150=1)	PRT	1
ExecutionReport - Canceled (8/150=4)	CXL	1
ExecutionReport - Replaced (8/150=5)	MOD	1
ExecutionReport - Rejected (8/150=8)	REJ	1
OrderCancelRequest (F)	CXL	1
OrderCancelReplaceRequest (G)	MOD	1

The Three-Layer Architecture

VCP v1.1 mandates a three-layer cryptographic architecture. Here's how each layer works:

Layer 1: Event Integrity

Every event gets a SHA-256 hash computed from its canonical JSON representation:

def verify_event_hash(event):
    # Extract header without EventHash
    header = {k: v for k, v in event['Header'].items() if k != 'EventHash'}
    payload = {k: v for k, v in event.items() if k != 'Header'}

    # Canonical JSON: sorted keys, minimal separators
    canonical = json.dumps(header, sort_keys=True, separators=(',', ':'))
    canonical += json.dumps(payload, sort_keys=True, separators=(',', ':'))

    computed = hashlib.sha256(canonical.encode()).hexdigest()
    return computed == event['Header']['EventHash']

Plus optional PrevHash linking — break the chain, and it's instantly detectable.

Layer 2: Collection Integrity

Events are batched into Merkle trees following RFC 6962 (Certificate Transparency):

{
  "batch_id": "batch_20250106_001",
  "merkle_root": "a37e4204f962a7b65070807cdf9b8892a031831b0bef3ec7c51f7aa20c2ecb4e",
  "leaf_count": 25,
  "inclusion_proofs": [
    {
      "event_id": "019b91a8-9d69-7b94-3149-742c279f7719",
      "leaf_index": 2,
      "proof": ["hash1...", "hash2...", "hash3..."]
    }
  ]
}

This proves which events were included at anchor time — no retroactive additions possible.

Layer 3: External Verifiability

The Merkle root is anchored externally:

{
  "anchor_id": "anchor_20250106_001",
  "merkle_root": "a37e4204f962a7b65070807cdf9b8892a031831b0bef3ec7c51f7aa20c2ecb4e",
  "anchor_target": "LOCAL_FILE",
  "anchor_timestamp": "2025-01-06T18:30:02.000000Z"
}

Production deployments would use a Timestamping Authority (TSA) or blockchain anchor. This PoC uses LOCAL_FILE for simplicity.

FIX to VCP Mapping

The sidecar transforms FIX messages into VCP events. Here's the actual mapping from mapping.md:

Lossless Fields (1:1 preservation)

FIX Tag	FIX Name	VCP Field	Notes
11	ClOrdID	order_id	Primary order identifier
37	OrderID	broker_order_id	Broker-assigned ID
17	ExecID	execution_id	Unique execution ID
55	Symbol	symbol	Instrument identifier
54	Side	side	1=Buy, 2=Sell
38	OrderQty	quantity	Order quantity
44	Price	price	Limit price
31	LastPx	fill_price	Execution price
32	LastQty	fill_quantity	Fill size
60	TransactTime	timestamp	Event timestamp

Derived Fields (computed by sidecar)

VCP Field	Source	Computation
EventHash	All fields	SHA-256 of canonical JSON
PrevHash	Previous event	Chain linkage
EventType	MsgType + ExecType	SIG/ORD/ACK/EXE/etc.

Running the Verification

Option 1: Full Verification

python verify.py

This checks:

All 27 event hashes
Hash chain continuity
Merkle tree reconstruction
Anchor integrity
VCP v1.1 compliance (PolicyIdentification in every event)

Option 2: Manual Hash Check

import json, hashlib

def canonicalize(obj):
    return json.dumps(obj, sort_keys=True, separators=(',', ':'))

with open('events.json') as f:
    events = json.load(f)['events']

for event in events:
    header = {k: v for k, v in event['Header'].items() if k != 'EventHash'}
    payload = {k: v for k, v in event.items() if k != 'Header'}
    computed = hashlib.sha256(
        (canonicalize(header) + canonicalize(payload)).encode()
    ).hexdigest()

    status = "✓" if computed == event['Header']['EventHash'] else "✗"
    print(f"{status} {event['Header']['EventID'][:8]}... {event['Header']['EventType']}")

Option 3: Just Read the Results

cat verifier_outputs/verification_report.txt

Pre-computed verification is included for those who can't run Python.

VCP v1.1 Compliance

This evidence pack demonstrates full VCP v1.1 compliance:

Requirement	Section	Status
External Anchor REQUIRED	2.1	✓ LOCAL_FILE (24h window)
PolicyIdentification	5.5	✓ All 27 events
PolicyID format	5.5.3	✓ `org.veritaschain:vcp-fix-sidecar-poc-v1`
ConformanceTier	5.5.3	✓ SILVER
RegistrationPolicy.Issuer	5.5.3	✓ Present
VerificationDepth	5.5.3	✓ Present
EventHash (Layer 1)	6.1	✓ SHA-256
PrevHash (Layer 1)	6.1	✓ Included (optional)
Merkle Tree (Layer 2)	6.2	✓ RFC 6962
External Anchor (Layer 3)	6.3	✓ Present

Regulatory Alignment

Why does this matter for compliance?

Regulation	Requirement	VCP Implementation
MiFID II RTS 25	≤100μs timestamp precision	`ClockSyncStatus` field
MiFID II RTS 6	Algo decision audit trails	Complete SIG→ORD→EXE chain
EU AI Act Art. 12	Automatic logging for AI systems	`Governance.DecisionReason`
SEC Rule 17a-4	Tamper-evident records	Three-layer architecture
FCA SYSC 10A	Algorithmic trading records	Full order lifecycle capture
GDPR Art. 17	Right to erasure	Crypto-shredding ready

The EU AI Act deadline for high-risk AI systems is August 2027. Algo trading systems are likely in scope.

Architecture: Zero Latency Impact

The key insight: don't touch the hot path.

┌──────────────────────────────────────────────────────────────┐
│                    Trading System                            │
│                                                              │
│  ┌────────┐    ┌─────────┐    ┌──────────┐                  │
│  │  Algo  │───▶│  Order  │───▶│   FIX    │───▶ Venue        │
│  │ Engine │    │ Manager │    │  Engine  │                  │
│  └───┬────┘    └────┬────┘    └────┬─────┘                  │
│      │              │              │                         │
│      └──────────────┴──────────────┘                         │
│                     │                                        │
│            Event Tap (async, non-blocking)                   │
│                     ▼                                        │
│  ┌──────────────────────────────────────────────────────┐   │
│  │              VCP Sidecar Process                      │   │
│  │  ┌─────────┐  ┌──────────┐  ┌────────┐  ┌─────────┐  │   │
│  │  │ Collect │─▶│ Hash +   │─▶│ Merkle │─▶│ Anchor  │  │   │
│  │  │ Events  │  │ Chain    │  │  Tree  │  │         │  │   │
│  │  └─────────┘  └──────────┘  └────────┘  └─────────┘  │   │
│  └──────────────────────────────────────────────────────┘   │
│                              │                               │
│                              ▼                               │
│                    Evidence Pack / Auditor                   │
└──────────────────────────────────────────────────────────────┘

FIX messages flow unchanged. The sidecar receives async copies and builds the audit trail independently.

Try It Yourself

# Clone the reference implementation
git clone https://github.com/veritaschain/vcp-fix-rta-reference
cd vcp-fix-rta-reference

# Run verification
python verify.py

# Explore the data
cat events.json | python -m json.tool | head -100
cat fix_messages.jsonl | head -5

# Check the mapping
cat mapping.md

What's Next

This is a reference implementation. For production:

Replace the demo key with HSM-backed Ed25519
Use TSA or blockchain for external anchoring
Implement real-time streaming instead of batch
Add PTP sync for Gold/Platinum tier compliance

We're also working on:

IETF standardization: draft-kamimura-scitt-vcp
Multi-language SDKs: Python, TypeScript, C++, MQL5
VC-Certified certification program

Resources

Resource	Link
This Repo	github.com/veritaschain/vcp-fix-rta-reference
VCP Specification	veritaschain.org
IETF Draft	draft-kamimura-scitt-vcp
Main GitHub	github.com/veritaschain
License	Apache 2.0 (code), CC BY 4.0 (spec)

Questions?

Technical: technical@veritaschain.org
Certification: certification@veritaschain.org

If you're working on trading system compliance, I'd love to hear about your challenges. What's the hardest part of proving audit trail integrity to regulators?

Drop a comment below. 👇

VeritasChain Standards Organization (VSO) — Encoding Trust in the Algorithmic Age

DEV Community