Open-source · Rust · Edge-native

Build logs
you can prove,
not just collect.

VeriLog turns device telemetry into a verifiable evidence stream: append-only records, signed checkpoints, privacy-aware payloads, and a clear path toward zero-knowledge integrity proofs — all in a single binary.

Explore the Prototype Research Agenda
04 Zero-Knowledge Proofs Research
03 Differential Privacy In Progress
02 Merkle Commitments Shipped
01 Signed Hash Chain Shipped
1 Single binary
deployment
4 Trust layers
combined
30 Research tracks
defined
11 Automated tests
passing
Shipping Now

What already runs

The open-source base edition provides a complete tamper-evident logging lifecycle for edge devices.

🔒

Append-Only Signed Records

Every log entry is Ed25519-signed with hash-chain linkage. Tampering with any entry breaks the chain.

🌳

Merkle Root Commitments

Fixed-height incremental Merkle tree with per-entry root updates. O(height) cost per append operation.

🔍

Membership Proofs

Generate and verify inclusion proofs for any entry without revealing other records in the log.

Full Store Verification

Deterministic re-verification of the entire hash chain, signatures, and Merkle roots from stored data.

📋

Signed Checkpoints

Portable, signed snapshots for archival anchoring, external timestamping, and third-party audit workflows.

🖥

Admin Console

Local HTTP dashboard for demo and inspection: status, proofs, checkpoints, and research instrumentation.

Structured Config

TOML configuration with sensible defaults for tree height, admin bind, privacy budgets, and retention policies.

💾

Durable Append

Explicit fsync boundaries on entries, leaves, and atomic meta writes with parent directory sync for crash safety.

Architecture

Designed for trust at the edge

Four crates, one binary. Clean separation of concerns with explicit trust boundaries.

verilogd
CLI + Admin Console + License Gate
verilog-core
LogStore · Merkle · Crypto · DP · Energy
verilog-license
Ed25519 License Verification
verilog-enterprise-api
Feature Traits & Hooks
Storage Layer
entries.bin · leaves.bin · meta.json · signing_key.json
Security

Threat model built for hostile environments

VeriLog assumes the device may be compromised after evidence is captured. The system provides tamper-evidence, not tamper-prevention.

  • Hash chain detects any modification to past entries
  • Ed25519 signatures prevent forged entries
  • Merkle roots provide compact integrity commitments
  • Rolling window hash enables forensic post-compromise analysis
  • Signed checkpoints create verifiable anchoring points
  • No required network services — offline-first by design

Adversary capabilities assumed

Log truncation after compromise
Entry modification (detected via hash chain)
Fake entry insertion (detected via signatures)
Flash bit flips / power-loss corruption
Key compromise (future: ratcheting)
Full device takeover (future: remote anchoring)
1 Raw telemetry
2 DP noise + budget
3 Signed evidence
Privacy and integrity share the same proof surface
Privacy

Differential privacy meets verifiable evidence

Privacy controls are not bolted on — they are part of the evidence pipeline. Budget tracking and noise application happen before signing.

  • Per-event Laplace noise for numeric telemetry
  • Token-bucket privacy budget management
  • Schema-driven redaction policies (planned)
  • Future: ZK proofs of correct DP application
Cryptography

Merkle frontier: compact, incremental, verifiable

A fixed-height incremental Merkle tree provides O(height) updates and compact membership proofs without storing the entire tree.

Append

O(h)

Insert a leaf and update the frontier in height steps. No rebalancing.

Proof Size

32 × h bytes

Membership proofs are a sibling path: one 32-byte hash per tree level.

Verification

O(h)

Re-hash from leaf to root using the sibling path. Compare against the committed root.

Default Height

32 levels

Supports up to 4 billion entries. Configurable at store initialization.

Research Agenda

30 research tracks driving the future of verifiable telemetry

Organized across four pillars: integrity, privacy, efficiency, and federation. Each track has defined hypotheses, milestones, and metrics.

🛡

Integrity & Zero-Knowledge

🔐

Privacy & Differential Privacy

Energy & Efficiency

🌐

Federation & Multi-Device

Novelty Program

What makes VeriLog genuinely different

Most products cover one or two of these wedges. VeriLog treats them as one protocol family.

A

Evidence-First Edge Telemetry

Not just logging — evidence capture on unreliable devices. Tamper detection after compromise, portable proof bundles, and third-party validation without device secrets.

Foundation — partially realized
B

Privacy-Preserving Observability

Differential privacy on the same proof surface as integrity. Auditors verify policy conformance without seeing raw telemetry.

In progress — base DP primitives shipped
C

Verifiable Archival & Selective Disclosure

Signed checkpoints bridge local logs to long-term archives, external timestamping, and compliance review.

Active — checkpoint system shipped
D

Multi-Device Evidence Graphs

The long-term leap: correlated evidence transcripts with verifiable forwarding and mesh synchronization.

Research — transcript formats planned
Execution

Roadmap

Phased approach: stable base edition first, enterprise research in parallel.

Phase 0 — Core Scaffolding

Foundation

  • Store initialization & key generation
  • Append-only log with signatures + hash chain
  • Incremental Merkle frontier
  • Verification, membership proofs, checkpoints
  • License verification + admin console MVP
Complete
Phase 1 — Base Hardening

Production-Ready Core

  • ✓ Power-loss safe append protocol (fsync)
  • ✓ Config system (TOML) with defaults
  • ✓ Golden vector test fixtures (8 tests)
  • Indexed proof path for large stores
  • CLI integration tests
  • Admin auth strategy
  • Storage backend abstraction
  • Benchmark harness across device classes
In Progress — 3/8 done
Phase 2 — Privacy & Energy

Trust Surface Expansion

  • DP schemas for common telemetry events
  • Per-event DP accounting tests
  • Energy policy improvements
  • Compression options
Planned
Phase 3 — Enterprise

Advanced Cryptographic Features

  • ZK proofs of integrity (Halo2/Plonky3)
  • Compliance export bundles
  • Mesh sync and forwarding
  • PSI correlation & ZK range queries
Research
Phase 4 — Publication

Standardization & Interop

  • Formal log format specification
  • Third-party verifier implementation
  • Interop test suite
Future

Ready to explore verifiable telemetry?

VeriLog is open-source and designed to be evaluated hands-on. Clone the repo, initialize a store, and see tamper-evident logging in action.

Get Started on GitHub Read the Documentation