Hash-chain metadata provides ordered tamper evidence.

Hash chaining is optional in v1. A receipt may omit hashChain when standalone integrity (signatures/content hash) is sufficient for the use case.

Core fields:

  • chainId - logical ledger identifier.
  • sequence - monotonically increasing position.
  • hash - digest of current receipt envelope payload.
  • prevHash - digest of previous chain entry.

When hashChain is present, all core fields above are required.

Optional Merkle fields support compact inclusion proofs:

  • merkleRoot
  • merkleProof.siblings + merkleProof.directions

integrity can carry verifier-computed chain health (valid, gaps, last verified sequence).

Verification Checklist

For adjacent entries in one chain:

  1. Confirm chainId matches expected ledger identity.
  2. Confirm sequence monotonicity.
  3. Confirm current prevHash equals previous hash.
  4. Recompute and compare entry hash according to implementation rules.
  5. Record gap or mismatch evidence in integrity.

Threat Model Clarification

What a hash chain proves:

  • Order integrity: entries are linked in a deterministic sequence via prevHash.
  • Tamper evidence: mutation of a committed entry changes downstream hashes.
  • Gap detection (when sequence policy is enforced): missing sequence numbers are detectable.

What a hash chain does not prove by itself:

  • Independent publication: a single operator can still rewrite private history before external observers see it.
  • Wall-clock truth: sequence order does not prove real-world event time without external timestamping.
  • Actor authenticity: chain linkage alone does not replace signature verification and key trust management.

What is required for independently auditable history:

  • Integrate with an append-only transparency log (for example, CT-style or Rekor-style) and publish chain heads/checkpoints externally.
  • Require verifiers to validate inclusion + consistency proofs against that external log, not only local chain state.

Without a transparency-log style anchor, hash-chain integrity is operator-local tamper evidence, not globally independently verifiable auditability.