PRIVATE.ME PLATFORM

xAudit: Distributed Audit Logs

HMAC-chained audit entries where each record is cryptographically linked to its predecessor. Entries split across storage nodes via XorIDA. No insider can tamper with the chain without detection.

Platform / Audit COMING SOON XorIDA Powered HMAC Chain

Section 01

The Problem

Centralized audit logs can be tampered with by insiders or attackers who gain admin access. There is no cryptographic guarantee of log integrity, and no way to detect selective deletion or modification of entries.

Audit logs are the foundation of compliance -- SOC 2, SOX, HIPAA, and every regulatory framework requires immutable records. Yet most audit systems store logs in a single database where a compromised admin can modify, delete, or backdate entries without detection.

Even "append-only" log systems fail when the storage administrator has root access. Database-level immutability is a software constraint, not a cryptographic guarantee. An attacker with sufficient access can always modify the underlying storage.

The Old Way

Section 02

The PRIVATE.ME Solution

Every audit entry includes an HMAC-SHA256 hash of the previous entry, creating an unbreakable cryptographic chain. Entries are split across independent storage nodes via XorIDA. Tampering with any entry breaks the chain and is immediately detectable.

xAudit combines hash chaining (each entry references its predecessor) with distributed storage (entries split across independent nodes). An attacker would need to compromise K-of-N storage nodes AND recompute the entire HMAC chain from the point of tampering -- which requires the HMAC key.

DID-based identity ensures that each log entry is signed by the originating service. The chain verifier can confirm not just that the chain is intact, but that each entry was produced by an authorized source.

The New Way

Section 03

How It Works

Append-only HMAC chain with distributed storage. Each entry includes: timestamp, event data, DID signature, and HMAC of the previous entry. The chain is verified from genesis to tip on every audit query.

Key Security Properties

Tamper evidence: Modifying any entry invalidates all subsequent HMAC links. Deletion creates a gap detectable by chain verification.
Distributed storage: XorIDA splits entries across nodes. No single admin controls the complete log.
DID provenance: Each entry signed by the originating service DID. Attribution is cryptographic, not policy-based.

Section 04

Use Cases

📋

Compliance

SOC 2 Audit Logging

Tamper-evident logs for SOC 2 Type II audits. Auditors verify chain integrity cryptographically. No trust required in the log storage administrator.

SOC 2 Type II

🏦

Finance

Transaction Auditing

Every financial transaction logged with HMAC chain integrity. Regulators verify the complete chain from genesis. SEC 17a-4 and SOX compliant immutability.

SEC 17a-4 / SOX

🏥

Healthcare

Access Logging

Patient record access logged with cryptographic proof. HIPAA audit requirements met with tamper-evident chain. Insider access abuse detectable via chain verification.

HIPAA Audit

🏛

Government

Records Management

Government records with cryptographic chain of custody. FOIA requests verifiable against the chain. No selective redaction without detectable chain break.

NARA / FOIA

Section 05

Integration

Quick Start

import { appendEntry, verifyChain } from '@private.me/xaudit';

// Append a new audit entry to the chain
const result = await appendEntry({
  action: 'record.accessed',
  actor: 'did:key:z6Mk...',
  resource: 'patient/12345',
  timestamp: Date.now(),
}, auditChain);

// Verify the entire chain is intact
const valid = await verifyChain(auditChain);
// valid.ok === true if no tampering detected

appendEntry(entry: AuditEntry, chain: AuditChain): Promise<Result<ChainEntry>>

Appends a new entry to the HMAC chain, computing the hash link to the previous entry, signing with the service DID, and distributing the entry across storage nodes via XorIDA.

verifyChain(chain: AuditChain): Promise<Result<ChainVerification>>

Walks the chain from genesis to tip, verifying each HMAC link, DID signature, and timestamp ordering. Returns the first broken link if tampering is detected, or a clean verification result.

Section 06

Security Properties

Property	Mechanism	Guarantee
Tamper Evidence	HMAC-SHA256 chain	Any modification breaks all subsequent links
Distributed Storage	XorIDA K-of-N split	No single admin controls complete log
Provenance	Ed25519 DID signatures	Cryptographic attribution per entry
Deletion Detection	Sequential chain walk	Missing entries create verifiable gaps
Integrity	HMAC per share	Share-level tamper detection

Undetectable tampering

SHA-256

Chain hash

Storage nodes

<1ms

Append latency

VERIFIED BY XPROVE

Cryptographic Proof of Correctness

This ACI's computations can be cryptographically verified by xProve — so regulators, auditors, and counterparties can confirm results without re-running the computation or accessing the underlying data.

XPROVE INTEGRATION

Tier 1: HMAC audit trail — always on, ~1.3x overhead.
Tier 2: Commit-and-reveal — anti-equivocation for Beaver triples.
Tier 3: IT-MACs — malicious-security detection between parties.
Tier 4: KKW zero-knowledge proofs — publicly verifiable, ~50 KB, post-quantum.

Read the xProve white paper →

GET STARTED

Ready to deploy xAudit?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xAudit generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xaudit
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xAudit is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →