InvoanceInvoance
Log inGet access
Traces
How it worksTraces

How Traces creates sealed, verifiable process proof

Traces groups independently anchored events into a single sealed process record. When you seal a trace, Invoance computes a composite SHA-256 hash over every event hash, signs it with Ed25519, and permanently closes the trace. The result is a single proof covering an entire multi-step process.

View developer docsProduct overview

Trace lifecycle

A trace moves through three distinct states, each with specific guarantees about the events it contains.

1
OPEN

Accepting new events, mutable

2
SEALED

Composite hash computed, Ed25519 signed, permanently closed

3
VERIFIED

Any party has independently confirmed the proof

OPEN → SEALED → VERIFIED

Step 1: Create a trace

Start by creating a trace. Provide a name and optional reference and metadata fields.

POST /v1/traces
{
  "name": "Loan Application #4021",
  "reference": "loan_app_4021",
  "metadata": {
    "applicant": "jane_doe",
    "loan_type": "commercial",
    "amount": 500000
  }
}
201 Created
{
  "id": "trc_a1b2c3d4",
  "name": "Loan Application #4021",
  "status": "open",
  "created_at": "2025-03-15T10:00:00Z"
}

Step 2: Anchor events to the trace

Events are submitted via POST /v1/events with a trace_id field. Each event is independently hashed and signed (same as standalone events). Events can be added over hours, days, or weeks.

1
application_submitted
Loan application received and registered in system.
Event hashsha256:a1b2c3d4e5f6...
Signatureed25519:7b1c...a4f9
Timestamp2025-03-15T09:14:00Z
2
credit_check_completed
Credit report pulled and analyzed by underwriting team.
Event hashsha256:a1b2c3d4e5f6...
Signatureed25519:7b1c...a4f9
Timestamp2025-03-15T11:42:00Z
3
underwriter_approved
Loan package approved by underwriter with conditions.
Event hashsha256:a1b2c3d4e5f6...
Signatureed25519:7b1c...a4f9
Timestamp2025-03-15T15:08:00Z
4
documents_signed
All required loan documents signed by applicant and lender.
Event hashsha256:a1b2c3d4e5f6...
Signatureed25519:7b1c...a4f9
Timestamp2025-03-15T16:33:00Z
5
funds_disbursed
Loan funds transferred to applicant account.
Event hashsha256:a1b2c3d4e5f6...
Signatureed25519:7b1c...a4f9
Timestamp2025-03-15T17:01:00Z

Step 3: Seal the trace

When you're ready to close the trace permanently, seal it. This triggers a deterministic cryptographic operation that binds all events together.

POST /v1/traces/trc_a1b2c3d4/seal
Collect event hashes

All event hashes are gathered in chronological order.

Compute composite hash

SHA-256(event_hash_1 + event_hash_2 + ... + event_hash_n) is computed over the concatenated event hashes.

Sign with Ed25519

Composite hash is signed with your tenant's Ed25519 private key.

Change status to sealed

Trace status is permanently changed to 'sealed'. No more events can be added.

Record sealed timestamp

The exact moment of sealing is recorded for audit purposes.

200 OK
{
  "id": "trc_a1b2c3d4",
  "status": "sealed",
  "event_count": 5,
  "composite_hash": "9f8e7d6c5b4a...",
  "signature": "a1b2c3d4e5f6...",
  "sealed_at": "2025-03-20T16:45:00Z",
  "verification_url": "https://www.invoance.com/proof/trace/trc_a1b2c3d4"
}

Proof bundle export

Once sealed, you can export the trace as a self-contained proof bundle. Two formats are available: JSON for machines and systems, PDF for auditors, regulators, and legal review.

JSON format

Machine-readable proof artifact. Contains trace metadata, all events with their hashes and signatures, composite hash, seal signature, and public keys. Ideal for programmatic verification and system integration.

PDF format

Human-readable proof document. Includes a formatted summary, event timeline, all cryptographic values in readable form, and step-by-step verification instructions. Perfect for regulatory submission.

The proof bundle is self-contained. Anyone can verify it without an Invoance account.

How verification works

Trace verification confirms that the sealed record contains exactly the events it claims, in the order recorded, with no modifications after sealing.

1
Verify each event individually
Each event hash is verified independently using the event signature and public key (same process as standalone event verification).
2
Recompute the composite hash
Hash the concatenated sequence of all event hashes in chronological order using SHA-256.
3
Compare composite hashes
Compare your recomputed composite hash against the sealed composite hash in the bundle.
4
Verify the seal signature
Verify the Ed25519 seal signature using the tenant's public key.
5
Confirm the process
If composite hash matches and seal signature is valid: the trace is confirmed. No events have been added, removed, or altered after sealing.

The critical guarantee: The sealed trace proves the complete sequence of events. Removing or inserting an event would change the composite hash, making the proof invalid. This is the strongest form of process integrity proof.

Compliance mapping

Traces provide the strongest proof model in Invoance. When a regulator asks "prove this process happened exactly as described", this is what you hand them.

SOC 2
CC6.1, CC7.2, CC8.1

Process integrity, change management, and technology infrastructure. Traces prove that authorized processes executed in documented sequence with no tampering.

HIPAA
§164.312(b), §164.312(c)

Audit controls and integrity controls. Sealed traces create immutable audit logs of all events in a healthcare process with cryptographic proof of completeness.

ISO 27001
A.12.4, A.14.2

Logging and change management. Traces document process changes with timestamps and cryptographic proof, satisfying information security logging requirements.

Financial Regulations
SOX, Basel III

Process documentation and audit trail. Traces prove regulatory-required process execution and can be exported for regulator review without Invoance infrastructure dependency.

Traces use the same cryptographic primitives as all Invoance records — SHA-256, Ed25519, and append-only storage. The composite hash binding is deterministic and verifiable offline, independent of Invoance infrastructure.

Other how-it-works topicsDeveloper documentationProduct overviewEarly access

How Traces Works — Invoance

Technical walkthrough of how Invoance Traces groups independently anchored events into sealed, cryptographically verified process proof bundles. Create a trace, add events, seal with a composite hash, and export verifiable proof bundles for auditors or regulators.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Traces
Platform
  • Why Invoance
  • For Compliance Teams
  • Pricing
  • Security
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Verification Help
  • FAQ
  • Legal Notice

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents — only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance. All rights reserved.•