Transparency

The public audit ledger.

Name: Fiduciary Public Audit Ledger
Creator: Fiduciary
License: https://fiduciary.technology/terms

Every compliance event Fiduciary issues is signed with post-quantum cryptography and hash-chained into a tamper-evident ledger. The integrity of the whole chain is public and provable — without exposing any record's contents.

Signed events

—

hash-chained, immutable

Signature standard

ML-DSA-65

NIST FIPS 204 · post-quantum

Signing key id

—

public key →

Chain head

—

latest seal

What this proves

Tamper-evidence. Each event embeds the hash of the previous one. Altering any past record breaks every hash after it — detectable by anyone.

Authenticity. Each record is signed with ML-DSA-65 (NIST FIPS 204). Signatures verify against a published public key — no trust in this service required.

Privacy by design. This page exposes only counts and the chain head. Record contents are never public; a record is retrievable only by its holder via its audit_id.

Court-admissibility. Signed electronic evidence is admissible under RA 8792 §7 (Philippine E-Commerce Act). Each retrieval re-verifies the stored signature.

Verify it yourself

No trust required — the math is checkable. Fetch the published key and verify any response signature:

import { ml_dsa65 } from '@noble/post-quantum/ml-dsa.js';

const pub = await (await fetch('https://fiduciary.technology/.well-known/ml-dsa65-public.json')).json();
const publicKey = Uint8Array.from(atob(pub.public_key_b64), c => c.charCodeAt(0));

// `signature` is "ML-DSA-65:<base64>"; `message` is the canonical signed record.
const sig = Uint8Array.from(atob(signature.split(':')[1]), c => c.charCodeAt(0));
ml_dsa65.verify(sig, new TextEncoder().encode(message), publicKey);  // → true

Retrieve and re-verify any single event you hold: GET /v1/audit/{audit_id} → signature_valid: true. Live stats: /api/ledger/stats →