Ledger Introduction
The Immutable Record Challengeβ
Organizations need to maintain records that are provably immutable and verifiable. Traditional databases, even with audit logs, can be altered by administrators or attackers. Regulatory compliance, legal discovery, and trust require stronger guarantees.
Key Challengesβ
Database Mutabilityβ
Conventional databases allow updates and deletes. Even with logging, proving that logs weren't altered is difficult.
Timestamp Manipulationβ
System clocks can be changed. Without cryptographic timestamps, proving when a record was created is unreliable.
Future-Proof Securityβ
Today's hash functions and signatures will be vulnerable to quantum computers. Records created now may need to remain valid for decades.
Third-Party Verificationβ
Auditors and regulators need to verify records independently, without trusting the record keeper.
The Ledger Solutionβ
QCOS Ledger provides a cryptographically-secured append-only record system:
Record N-2 Record N-1 Record N
ββββββββββββ ββββββββββββ ββββββββββββ
β Data β β Data β β Data β
β Hash: X ββββββ Hash: Y ββββββ Hash: Z β
β Prev: W β β Prev: X β β Prev: Y β
β Sig: ... β β Sig: ... β β Sig: ... β
β TS: ... β β TS: ... β β TS: ... β
ββββββββββββ ββββββββββββ ββββββββββββ
Each record contains:
- Data: The actual record content
- Hash: SHA3-256 hash of this record
- Prev: Hash of the previous record
- Signature: ML-DSA-65 signature
- Timestamp: Cryptographic timestamp proof
Core Propertiesβ
1. Append-Onlyβ
Records can only be added, never modified or deleted:
# This works
ledger.append(data={"event": "created"})
# This doesn't exist
ledger.update(...) # β No update operation
ledger.delete(...) # β No delete operation
2. Hash Chainingβ
Each record's hash includes the previous record's hash:
Hash(RecordN) = SHA3-256(
Data +
Hash(RecordN-1) +
Timestamp +
Metadata
)
This means:
- Altering any record changes its hash
- Which breaks the chain for all subsequent records
- Tampering is immediately detectable
3. Merkle Treesβ
Records are organized in a Merkle tree for efficient verification:
Merkle Root
/\
/ \
/ \
/ \
Hash Hash
/\ /\
/ \ / \
Rec1 Rec2 Rec3 Rec4
Benefits:
- O(log n) proof size
- Verify any record without downloading all records
- Detect tampering at any level
4. Post-Quantum Signaturesβ
All records are signed with ML-DSA-65:
- NIST FIPS 204 standardized
- 128-bit post-quantum security
- Valid even when quantum computers exist
5. Cryptographic Timestampsβ
RFC 3161 compatible timestamps prove when records were created:
- Independent of system clock
- Trusted Timestamp Authority
- Legally recognized
Record Structureβ
{
"record_id": "rec_abc123",
"sequence": 1523,
"data": {
"type": "audit_log",
"action": "user_login",
"user_id": "user_xyz"
},
"hashes": {
"data_hash": "sha3-256:abc...",
"record_hash": "sha3-256:def...",
"previous_hash": "sha3-256:xyz..."
},
"merkle": {
"root": "sha3-256:ghi...",
"path": ["sha3-256:...", "sha3-256:..."]
},
"signature": {
"algorithm": "ML-DSA-65",
"public_key_id": "pk_xyz",
"value": "base64:..."
},
"timestamp": {
"time": "2026-02-06T12:00:00.000000Z",
"authority": "softquantus-tsa",
"proof": "base64:..."
}
}
Use Casesβ
Audit Loggingβ
Immutable record of all system actions for compliance.
Evidence Preservationβ
Store evidence with cryptographic proof of when it was captured.
Regulatory Complianceβ
Meet requirements for SOX, GDPR, HIPAA, and other regulations.
Supply Chain Provenanceβ
Track goods from origin to destination with tamper-proof records.
Legal Discoveryβ
Provide verifiable records for litigation.
Research Integrityβ
Prove when research data was collected.
Verificationβ
Anyone can verify a record:
from qcos.ledger import LedgerClient
ledger = LedgerClient()
# Verify a specific record
result = ledger.verify("rec_abc123")
print(f"Valid: {result.valid}")
print(f"Checks:")
print(f" Hash chain: {result.chain_valid}")
print(f" Signature: {result.signature_valid}")
print(f" Timestamp: {result.timestamp_valid}")
print(f" Merkle proof: {result.merkle_valid}")
Third parties can verify using:
- The record and its Merkle proof
- The public key for signature verification
- The TSA certificate for timestamp verification
Integration with Other Modulesβ
With Evidenceβ
Evidence bundles are automatically stored in Ledger:
evidence = evidence_client.generate(job_id="...")
# Automatically creates ledger record
With ACOSβ
Attestations are stored in Ledger:
cert = attestation.attest(job_id="...")
# Automatically creates ledger record
With NavCoreβ
Position evidence stored in Ledger:
position = gps.get_position(evidence=True)
# Automatically creates ledger record
Getting Startedβ
Ready to add immutable records to your application?
- Quick Start Guide - Append your first record
- API Reference - Explore the Ledger API
- Verification Guide - How to verify records
- Compliance Guide - Meet regulatory requirements
Β© 2024-2026 SoftQuantus Innovative OΓ