Hash-Chained Triple PQ-Signed Merkle-Anchored Tamper-Evident

You Don't Need Logs.
You Need Proof.

Most systems produce logs. Logs can be modified, deleted, incomplete, impossible to verify. That's not an audit trail. That's a record you have to trust. Cachee makes systems provable.

31ns
Cached Reads
3
PQ Signatures
SHA3
Hash-Chained Audit
Merkle
Root Anchoring
Provable Infrastructure

What Provable Means

Every computation result that passes through Cachee emerges as a self-contained, independently verifiable artifact. Not a log entry. Not a record. A cryptographic proof that the computation happened, with these inputs, producing this output, at this time.

The Provable Computation Pipeline

Every SET. Every computation. Every time.

Input
Compute
🔎
Fingerprint
🔑
Sign (3x PQ)
📦
Bundle
Verify

Every computation result is:

  • Fingerprinted — SHA3-256 hash of inputs, operation, parameters, and output. Deterministic. Anyone can recompute it.
  • Signed by 3 post-quantum families — ML-DSA-65 (lattice), FALCON-512 (NTRU), SLH-DSA (hash-based). Three independent mathematical hardness assumptions.
  • Packaged into a self-contained verifiable bundle — The Computation Attestation Bundle (CAB). 24KB. Portable. No network required to verify.
  • Reproducible without access to the original system — The bundle contains everything needed to independently verify the result. Kill the server. The proof survives.

You don't just record what happened. You can prove it. This only works because every result is backed by a tamper-proof audit trail.

The CAB Bundle

Not Logs. Evidence.

A log says "this happened." A Computation Attestation Bundle proves it. Each computation is stored as a portable, verifiable artifact — an audit artifact, not just a cache entry.

Computation Attestation Bundle (CAB) ~24 KB total
🔎 Computation Fingerprint SHA3-256(inputs || operation || params || output) 32 B
🔗 Input/Output Binding Deterministic serialization of inputs and result var
🔒 ML-DSA-65 Signature Lattice-based (MLWE). NIST FIPS 204. 3,309 B
🔐 FALCON-512 Signature NTRU lattice-based. Distinct hardness assumption. 656 B
🔑 SLH-DSA Signature Stateless hash-based. No lattice assumptions. FIPS 205. 17,088 B
🕑 Deterministic Metadata Timestamp, sequence, version, chain position 128 B
Key Distinction

A log file requires you to trust the system that produced it. A CAB requires you to trust nothing. The fingerprint is deterministic — anyone can recompute it. The signatures are independently verifiable. The bundle travels with the data. Trust shifts from institution to mathematics. Every result we store starts as verifiable computation.

Tamper Evidence

The Hash-Chained Audit Log

Every event is fingerprinted, hash-chained, and tamper-evident. Modification of any entry invalidates the entire chain from that point forward.

// Every audit entry is linked to the previous entry current_hash = SHA3-256( prev_hash // hash of the previous entry || event_data // the event payload || timestamp // nanosecond-precision timestamp || sequence_number // monotonic counter ) // Break one link → every subsequent hash changes
Seq #0 — Genesis
0x00...00
Chain initialized
Seq #1
a3f7...c912
SET user:1001
Seq #2
7e2b...41d8
GET user:1001
Seq #3
f19c...a304
SET user:1001
Seq #4
b5d1...e7f2
DEL user:1001
Deletion
Detectable

Missing link breaks the chain. Next entry's prev_hash points to a gap.

🔄
Reordering
Detectable

Sequence numbers and hash links are order-dependent. Swap two entries and both hashes break.

Modification
Detectable

Changing event data changes the hash. Every entry downstream cascades into a different hash.

Merkle Root Anchoring

Periodically, Cachee computes a Merkle tree over batches of audit entries and produces a single root hash. This root can be published to an external ledger, timestamped by a third party, or stored in a separate trust domain. The Merkle root anchors the entire batch — proving not just individual entries, but the complete set and order of all entries in the batch.

// Walk the entire chain. Validate every link. AUDITVERIFY --full // Output: Chain length: 14,203 entries Genesis hash: 0x00...00 Current hash: b5d1...e7f2 Broken links: 0 Missing entries: 0 Merkle roots: 47 (verified) Status: CHAIN INTACT
Time Travel

Reconstruct Any State. At Any Point In Time.

Every key maintains a full lifecycle history. Query any key at any point in time. Reconstruct the state of the entire cache at any timestamp. Full audit visibility from genesis to now.

AUDITLOG user:1001 // Full lifecycle from genesis to now: [1] 2026-05-01T09:14:22.331Z CREATED value=<initial> sig=ML-DSA+FALCON+SLH [2] 2026-05-01T09:14:22.334Z ATTESTED bundle=CAB-a3f7c9 anchor=seq#1 [3] 2026-05-01T14:07:11.892Z UPDATED value=<v2> sig=ML-DSA+FALCON+SLH [4] 2026-05-01T14:07:11.895Z ATTESTED bundle=CAB-f19ca3 anchor=seq#3 [5] 2026-05-02T02:30:00.001Z SUPERSEDED by user:1001:v3 [6] 2026-05-02T11:45:33.770Z REVOKED reason=gdpr_erasure proof=CAB-b5d1e7
2026-05-01 09:14:22 UTC
Created
Initial value set. Fingerprint computed. Triple-signed. Chain position: seq #1.
2026-05-01 14:07:11 UTC
Active (Updated)
Value updated to v2. New fingerprint. New signatures. Previous version preserved in chain. Chain position: seq #3.
2026-05-02 02:30:00 UTC
Superseded
New version (v3) created. This version marked superseded. Accessible via time-travel queries.
2026-05-02 11:45:33 UTC
Revoked
GDPR erasure request. Value deleted. Revocation proof generated and signed. The fact of deletion is itself auditable.

Time-travel audit: query any key at any point in time. GETVERSION user:1001 AT 2026-05-01T14:07:11Z returns exactly the value and attestation bundle that existed at that moment. The past is not overwritten. It is preserved, hash-chained, and provable. You can reconstruct system state at any point in time.

Compliance Frameworks

Built for Real Compliance

Cachee doesn't just store data. It produces the cryptographic evidence that compliance frameworks actually require. Six frameworks. Specific capabilities. Not checkbox theater.

SOX
Transaction replay with computation provenance. Every financial calculation independently re-verifiable from its CAB. Deterministic audit trail satisfies Section 404 internal control requirements.
Read: SOX + Cachee →
HIPAA
Tamper-evident ePHI access audit trail. Every data access event fingerprinted and hash-chained. Meets 45 CFR 164.312(b) audit controls. Access verification without exposing protected data.
Read: HIPAA + Cachee →
SOC 2
Processing integrity evidence via computation fingerprinting. Availability proof through Merkle-anchored uptime records. Change detection via hash-chained configuration audit.
Read: SOC 2 + Cachee →
FedRAMP
Authorization boundary reduction through cryptographic isolation. FIPS 204/205 compliant PQ signatures. Continuous monitoring evidence via hash-chained system state.
Read: FedRAMP + Cachee →
CMMC
CUI handling evidence with cryptographic access control audit. Every access to controlled unclassified information fingerprinted, signed, and independently verifiable.
Read: CMMC + Cachee →
GDPR
Right to erasure proof — cryptographic evidence that data was deleted, when, and by whom. Data lineage tracking via hash-chained provenance. Consent audit trail.
Read: GDPR + Cachee →
Live Demo

Prove It. Don't Trust It.

Run a computation. Get a proof bundle. Kill the system. Verify anyway. Tamper with the result. Watch it fail.

cachee-audit-demo
## Step 1: Run a computation
$ cachee SET invoice:9042 '{"total":14280.50,"tax":1285.25}' --attest
OK fingerprint=a3f7c912...e4d1 bundle=CAB-a3f7c9
 
## Step 2: Cachee generates the attestation bundle
Fingerprint: SHA3-256(inputs || op || params || output) = a3f7c912...e4d1
ML-DSA-65: signed (3,309 B)
FALCON-512: signed (656 B)
SLH-DSA: signed (17,088 B)
Bundle size: 24,182 B — saved to CAB-a3f7c9.cab
 
## Step 3: Kill the system
$ systemctl stop cachee
Cachee offline. No network. No server.
 
## Step 4: Verify anyway (offline, no Cachee account needed)
$ cachee-verify CAB-a3f7c9.cab
ML-DSA-65: VALID
FALCON-512: VALID
SLH-DSA: VALID
Fingerprint: MATCH
Result: VERIFIED. Computation intact.
 
## Step 5: Tamper with the result
$ sed -i 's/14280.50/99999.99/' CAB-a3f7c9.cab
$ cachee-verify CAB-a3f7c9.cab
Fingerprint: MISMATCH expected=a3f7c912 got=7b22e041
VERIFICATION FAILED. Data has been tampered with.

You didn't trust Cachee. You verified it.

cachee-audit-history
## Step 6: View full audit history
$ cachee AUDITLOG invoice:9042
 
[seq#1] 2026-05-02T09:14:22.331Z CREATED total=14280.50
fingerprint=a3f7c912 chain=0x00..00 → a3f7..c912
[seq#2] 2026-05-02T09:14:22.334Z ATTESTED bundle=CAB-a3f7c9
sigs=3/3 valid merkle_batch=#47
[seq#3] 2026-05-02T14:07:11.892Z ACCESSED by=auditor@corp.com
read_only=true fingerprint=a3f7c912
 
$ cachee AUDITVERIFY invoice:9042
Chain: 3 entries. 0 broken links. INTACT.
No Tradeoff

Fast Systems Usually Sacrifice Auditability.
Cachee Does Both.

You don't choose between speed and proof. The audit pipeline runs asynchronously on the write path. Reads are unaffected. 31 nanoseconds and independently verifiable.

31ns
Cached Read Latency
In-process L1 cache. No network hop. No serialization. Hash lookup and pointer dereference. The same speed as a system with zero audit overhead.
24KB
Self-Contained Proof Bundle
Every result carries its own verification evidence. Fingerprint, three PQ signatures, chain position, Merkle anchor. Portable. Offline-verifiable. Court-admissible.

Most audit systems add latency, require separate log infrastructure, and produce records that are only as trustworthy as the system that wrote them. Cachee's audit trail is a byproduct of its architecture, not an afterthought bolted on top. Every result carries full data lineage verification.

// Write path: attestation is async, doesn't block the caller SET key value // returns in <1us | async: fingerprint (SHA3) // 31ns async: sign (ML-DSA) // 35us async: sign (FALCON) // 12us async: sign (SLH-DSA) // 340us async: chain link // 31ns async: merkle batch // periodic // Read path: zero audit overhead GET key // 31ns — attestation already computed
FAQ

Frequently Asked Questions

What is a verifiable audit trail?
A verifiable audit trail is a cryptographic record of system events where every entry is fingerprinted, signed, and hash-chained so that any modification, deletion, or reordering is mathematically detectable. Unlike traditional logs which rely on trust in the logging system, a verifiable audit trail produces independently checkable proof that events occurred in a specific order with specific content. Cachee generates verifiable audit trails automatically for every computation, using SHA3-256 fingerprinting, three post-quantum signature families (ML-DSA-65, FALCON-512, SLH-DSA), and Merkle root anchoring.
How does a hash-chained audit log prevent tampering?
A hash-chained audit log links every entry to the previous entry via a cryptographic hash: current_hash = SHA3-256(prev_hash || event_data || timestamp || sequence_number). Modifying any entry changes its hash, which breaks the chain at that point and every subsequent entry. Deleting an entry removes a link. Reordering entries produces different hashes. The AUDITVERIFY command walks the entire chain and validates every link, detecting any form of tampering. This is the same principle behind blockchain immutability, applied to audit infrastructure.
Can Cachee audit trails satisfy SOX and HIPAA compliance requirements?
Yes. For SOX, Cachee provides transaction replay capability and computation provenance — every financial computation can be independently re-verified from its cryptographic bundle without access to the original system. For HIPAA, Cachee provides a tamper-evident ePHI access audit trail where every data access event is fingerprinted, signed, and hash-chained, meeting 45 CFR 164.312(b) audit control requirements. Each compliance framework maps to specific Cachee capabilities.
What is the difference between traditional logs and cryptographic audit evidence?
Traditional logs are append-only text records that can be modified, deleted, or fabricated by anyone with filesystem access. They require trust in the system that produced them. Cryptographic audit evidence — what Cachee calls a Computation Attestation Bundle (CAB) — is a self-contained, portable proof package containing the computation fingerprint, input/output binding, three post-quantum signatures, and deterministic serialization. A CAB can be verified by anyone, anywhere, without network access. Logs say "this happened." A CAB proves it.
Does verifiable auditing add latency to cache operations?
Cachee reads remain at 31 nanoseconds. The audit trail, fingerprinting, and signature generation happen asynchronously on the write path. A SET operation with full attestation completes in under 400 microseconds — dominated by the SLH-DSA signature at 340 microseconds. Reads are unaffected because the verification bundle is pre-computed at write time and stored alongside the cached value. You do not choose between speed and proof. You get both.
Knowledge Base

Explore Verifiable Computation Infrastructure

Every page in the Cachee knowledge base. Proven computation, not cached data.

Post-Quantum Caching
The category definition. Run computation once, serve forever. Cache Attestation
Signed cache entries. Three PQ families per SET. Computation Fingerprinting
Identity for results. Provenance, not just output. ZK Caching
Cache STARK and SNARK verification at 85ns. FHE Output Caching
Run encrypted computation once. Cache the result at 31ns. Proof Reuse
Verify once, serve forever. Architecture for verified results. PQ Key Size Reference
Every post-quantum key, ciphertext, and signature size. Redis vs In-Process L1
31ns vs 1ms. The network hop you do not need. Cache Bottleneck
Why your cache is slower than your compute.

Compliance Deep Dives

SOX Compliance with Verifiable Computation HIPAA Audit Trails: From Logs to Cryptographic Evidence SOC 2 Processing Integrity via Computation Fingerprinting FedRAMP Authorization Boundary Reduction with PQ Crypto CMMC CUI Handling with Tamper-Evident Audit Trails GDPR Right to Erasure: Proving Deletion Cryptographically Traditional Logs vs Hash-Chained Audit: A Technical Comparison Merkle Anchoring for Audit Entry Batches

Start Proving. Not Trusting.

Every computation fingerprinted. Triple PQ-signed. Hash-chained. Merkle-anchored.
Install Cachee and make your infrastructure provable.

Start Free Trial Install Cachee Read the Docs