# MVG Verifiable Diligence — Two-layer commitment (v1.0.0) **Status:** public-safe specification (format + verification logic). **Effective:** 2026-02-11T00:00:00Z This document describes how MVG publishes a **public commitment** to a diligence pack without revealing the pack hash (or counterparty identifiers), while allowing a counterparty to prove inclusion later using a **private receipt**. ## Goals - Procurement-grade: deterministic verification, offline-first. - Lawsuit-proof guardrails: avoid unnecessary public disclosures. - Avoid pipeline leakage: the public log does **not** reveal pack hashes. ## Objects ### 1) Diligence pack ZIP A diligence pack is a ZIP containing a contents manifest: - `diligence_pack_manifest.json` with schema_id `mvg.diligence.pack_manifest@1` - Each file entry includes `{path, sha256, bytes}`. - The verifier may verify all declared files and fail on extras/missing entries. ### 2) Private receipt (DSSE) Counterparties receive a **private receipt** (DSSE envelope): - DSSE payloadType: `application/vnd.mvg.diligence.private_receipt+json` - DSSE payload schema_id: `mvg.diligence.private_receipt@1` Required payload fields: - `pack_sha256` (hex) - `pack_bytes` (integer) - `nonce_b64u` (base64url, 32 bytes recommended) - `public_commitment_sha256` (hex) - `issued_utc` The receipt is **signed** with Ed25519 DSSE signatures and may include witnesses. ### 3) Public commitment log (append-only) MVG may publish a public append-only log with entries: - schema_id `mvg.diligence.commitment_log@1` - Entry schema_id `mvg.diligence.commitment_log_entry@1` Each entry contains: - `public_commitment_sha256` (hex) - `issued_utc` - `prev_entry_sha256` (hash chain) - `entry_sha256` (sha256 of canonical entry core) The log head is signed as DSSE: - payloadType `application/vnd.mvg.diligence.commitment_log_head+json` - payload schema_id `mvg.diligence.commitment_log_head@1` ## Commitment algorithm The public commitment is computed as: ``` public_commitment = sha256( pack_sha256_ascii || nonce_bytes ) ``` where: - `pack_sha256_ascii` is the lowercase hex string of the pack ZIP sha256 encoded as ASCII bytes. - `nonce_bytes` are the raw bytes of the nonce (decoded from nonce_b64u). The nonce is shared privately with the counterparty (via the private receipt). Publishing the public commitment does **not** reveal the underlying pack hash. ## Verification (offline) A verifier can perform: 1) Compute ZIP sha256 + bytes. 2) Verify private receipt DSSE signatures against pinned trust anchors. 3) Compare computed ZIP sha256/bytes to receipt fields. 4) Recompute `public_commitment` using `pack_sha256` and `nonce_b64u` in the receipt. 5) Optionally verify inclusion in a public commitment log and verify the signed log head. **PASS** requires all enabled checks to succeed. **HOLD** may be used when optional evidence is missing (e.g., no log provided when log enforcement is enabled). **FAIL** indicates a mismatch or signature failure. ## Boundary language (recommended) - Not an offer; non-binding unless signed. - No patent license by publication. - Not legal advice; not certification. - Claim charts (if any) are illustrative analysis aids only.