DEOS Profile of SCITT — v1 Specification
Status: v1.1 — drafted 2026-05-04
Spec URI: https://projectmaya.deoscomputing.io/interop/scitt/v1
Maintainer: DEOS Computing (did:web:deos.computing)
Profile of: draft-ietf-scitt-architecture-22
Companion API: draft-ietf-scitt-scrapi-06
Receipt envelope: COSE_Sign1 (RFC 9052)
Inclusion proof: draft-ietf-cose-merkle-tree-proofs-18
Wire format: CBOR
Companion legacy format: JCS-JSON receipts per /receipts/format/v1, valid in parallel for one release
This document specifies the DEOS profile of SCITT: how a DEOS Trust Substrate participates as a SCITT-conformant Transparency Service (TS), how DEOS-specific concepts (UCAN-shaped capability tokens, did:deos issuers, OpenTimestamps anchors, replay-bundle pointers) ride inside the COSE_Sign1 envelope, and which subsetting and extension choices a "DEOS-profile-conformant TS" makes.
This document is normative for v1.1 SCITT-shaped receipts. The pre-existing JCS-JSON receipt format (/receipts/format/v1) remains valid in parallel for one release; v1.2 will deprecate it.
1. Goals
The profile must:
- Inherit, not invent. Every credibility primitive that SCITT already specifies (algorithm agility via COSE, IANA registries, RFC 3552 threat-model machinery, transparency-log gossip semantics, Verifiable Data Structures registry) is adopted directly. Where DEOS today carries a bespoke equivalent, the bespoke version is retired.
- Preserve all DEOS load-bearing concepts. UCAN-shaped capability chains, did:deos identity derivation, OpenTimestamps anchoring, and replay-bundle pointers all survive — they ride as profile-private CWT claims, not as new top-level fields.
- Round-trip cleanly with existing JCS-JSON receipts. A v1.0 JCS-JSON receipt projects to a v1.1 SCITT Transparent Statement and back, losslessly, via the
deos-cose-receipt-rsadapter. Existing tooling that consumes v1.0 JSON keeps working until v1.2. - Cross-verify with non-DEOS SCITT implementations. A DEOS-issued Transparent Statement MUST verify against Microsoft
scitt-ccf-ledgerand DataTrails clients running their public verifiers, modulo the DEOS-private claims those clients don't interpret. - Be implementable from this document alone without reading any DEOS source code, by any party already familiar with SCITT.
The profile explicitly does not:
- Subsume the UCAN spec — capability chains stay UCAN-v1.0-shaped (re-pinned per backlog UCAN1.1-7) and are opaque to non-DEOS verifiers.
- Adopt the SCITT CCF profile (
draft-ietf-scitt-receipts-ccf-profile). Patent 18/260763 was found in-scope for that profile only and out-of-scope forcose-merkle-tree-proofs. We stay on the latter.
2. Statement structure
A DEOS Signed Statement is a COSE_Sign1 over a CBOR payload, built per draft-ietf-scitt-architecture-22 §6.
2.1 Protected header (REQUIRED)
| Label | Name | Value |
|---|---|---|
| 1 | alg |
-8 (EdDSA, RFC 9053 §2.2). v1.1 issuers MUST sign with Ed25519. v2 issuers MAY use -50 (ML-DSA-65) per draft-ietf-cose-dilithium-11 once registered. |
| 3 | content type |
application/deos-receipt-v1+cose (text-form per RFC 9052 §3.1) |
| 4 | kid |
UTF-8 bytes of the issuer key id (DID URL with fragment, e.g. did:deos:user-maya#sig-1). Mutually exclusive with the x5* family below in v1.1; v1.2 may add x5chain for cross-substrate interop (CC-12h). |
| 15 | CWT_Claims |
CBOR map; see §2.3. |
Profile-private headers MUST use the negative integer range -65537..-65540 (private use per RFC 9052 §1.4) and MUST NOT collide with future IANA-registered labels.
2.2 Unprotected header
Empty in v1.1. SCITT places the inclusion proof in the Receipt's unprotected header, not the Statement's.
2.3 CWT_Claims map (REQUIRED, label 15)
Mirrors draft-ietf-scitt-architecture-22 §6.11.
| CWT label | Name | Source | Notes |
|---|---|---|---|
| 1 | iss |
DEOS receipt issuer |
DID URI, e.g. did:deos:substrate-alpha-1 |
| 2 | sub |
DEOS receipt subject |
Agent DID, e.g. did:deos:agent-maya-2026 |
| 6 | iat |
DEOS receipt issued_at (ns → s) |
Unix seconds; v1 receipts use ns, divide by 10^9 with rounding rules in §3.2 |
-65537 |
deos_principal |
DEOS receipt principal |
DID; the entity ultimately accountable. Not a SCITT-native concept. |
-65538 |
deos_capability |
DEOS receipt capability |
CBOR map: {id, chain, scope}. UCAN-shaped chain is opaque to non-DEOS verifiers; DEOS Registration Policy validates it before admission. |
-65539 |
deos_replay |
DEOS receipt replay |
CBOR map: {deterministic, bundle_uri?, bundle_hash?}. Producer-managed in v1.1 per RFV1.1-7 resolution. |
-65540 |
deos_log_meta |
DEOS receipt log |
CBOR map: {tree_id, leaf_index, root?}. The substrate's MMR log identity; redundant with the SCITT Receipt's VDS metadata but preserved for v1.0 round-trip. |
2.4 Payload (REQUIRED)
A CBOR map representing the action being attested:
deos-action = {
"type" : tstr, ; per /receipts/format/v1 §6
"code_hash" : bstr .size 32, ; BLAKE3-256
"inputs_hash" : bstr .size 32,
"outputs_hash" : bstr .size 32,
"metadata" : { tstr => any }, ; action-type-specific
}
The DEOS-canonical concept "action" is the SCITT "Statement payload" — it is what the issuer is asserting happened. Hashes are CBOR byte strings (32 raw bytes each), not hex strings, to avoid double-encoding overhead. The legacy v1.0 lowercase-hex strings convert via deos-cose-receipt-rs::project_to_v1_json().
3. Signing
3.1 Sig_structure (RFC 9052 §4.4)
Sig_structure = [
context: "Signature1",
body_protected: bstr, ; encoded protected header
external_aad: bstr (empty),
payload: bstr, ; encoded action map
]
The context is "Signature1" per RFC 9052; the DEOS-specific domain-separation tag "deos-receipt-v1:" is dropped in the SCITT profile. SCITT's COSE structure is itself the domain separator.
3.2 iat derivation from issued_at
DEOS v1.0 receipts carry issued_at in unix nanoseconds. CWT iat is unix seconds. The conversion is:
iat = floor(issued_at_ns / 1_000_000_000)
The full nanosecond precision is preserved separately in the projection back to JCS-JSON, but for SCITT-conformant verifiers, iat is seconds. The profile does not introduce a CWT nbf claim; UCAN tokens carry their own nbf/exp.
4. The Receipt (SCITT)
A SCITT Receipt is a separate COSE_Sign1 emitted by the Transparency Service after registration, per draft-ietf-cose-merkle-tree-proofs-18 §5.2.1.
4.1 Protected header (REQUIRED)
| Label | Name | Value |
|---|---|---|
| 1 | alg |
-8 (EdDSA); the substrate's signing key, distinct from the issuer's |
| 4 | kid |
substrate DID URL with fragment, e.g. did:deos:substrate-alpha-1#sig-1 |
| 395 | vds |
Verifiable Data Structure identifier; see §4.3 |
4.2 Unprotected header (REQUIRED)
| Label | Name | Value |
|---|---|---|
| 396 | vdp |
Verifiable Data Proof; for DEOS this is an inclusion proof against the substrate's MMR. Encoded per §4.4. |
-65541 |
deos_anchors |
CBOR array of OpenTimestamps anchor records, one per OTS calendar configured. Profile-private; non-DEOS verifiers ignore. |
4.3 VDS identifier
In v1.1, DEOS substrates use a profile-private VDS identifier -65542 denoting "DEOS-MMR-SHA256". This is documented here pending standardization.
The standardization path (CC-12f) is to revive draft-bryce-cose-merkle-mountain-range-proofs (currently expired individual draft, May 2025) and co-author the registration with Robin Bryce at DataTrails so that v1.2 can use a real IANA-assigned MMR VDS identifier.
Substrates MUST NOT use 1 (RFC9162_SHA256) unless they actually maintain an RFC 9162 binary tree; the DEOS log is post-order MMR and disagreements on the underlying structure produce silent verification failures.
4.4 Inclusion-proof encoding (vdp)
The DEOS post-order MMR inclusion proof maps to the cose-merkle-tree-proofs §5.2.1 inclusion-proof shape as:
deos-inclusion-proof = {
-1: uint, ; leaf-index (0-based)
-2: uint, ; leaf-count
-3: [* bstr], ; siblings (hash path to peak)
-4: [* bstr], ; bag_peaks_left
-5: [* bstr], ; bag_peaks_right
}
The four arrays match the structure documented in /merkle/log/v1. All hashes are 32 raw bytes (SHA-256 of the leaf sub-tree, see §5.1).
4.5 Payload
The Receipt's payload is the SHA-256 hash of the registered Statement's encoded COSE_Sign1 bytes. This is consistent with cose-merkle-tree-proofs §3.2.
5. Dual-hash strategy
DEOS v1.0 uses BLAKE3-256 as its hash function throughout. SCITT/COSE Receipts mandate SHA-256 (no algorithm-agile hash field exists in cose-merkle-tree-proofs as of -18). The profile adopts a dual-hash scheme so we don't lose BLAKE3's content-addressing properties:
5.1 SCITT-facing hash: SHA-256
- The MMR leaf input is
SHA-256(COSE_Sign1_bytes). - The MMR internal-node combiner is
SHA-256(left || right), matchingcose-merkle-tree-proofs§3. - All
vdpsiblings/peaks/leaf-hashes are 32-byte SHA-256 outputs.
5.2 DEOS-internal hash: BLAKE3-256
- Action
code_hash,inputs_hash,outputs_hash(inside the Statement payload, §2.4) remain BLAKE3-256. These are content addresses for objects stored in DEOS CAS, not transparency-log hashes — keeping BLAKE3 here preserves zero-copy content addressing. - The legacy JCS-JSON receipt id (
id = lowercase_hex(BLAKE3-256(JCS(receipt minus {id, signatures})))) is still computable from the projection back to JCS-JSON.
5.3 Standardization path
CC-12g requests a BLAKE3-in-COSE registration with the COSE WG. Once a BLAKE3-256 algorithm is registered and a matching VDS hash-agility extension lands, v1.2 substrates MAY swap the SCITT-facing hash to BLAKE3 and drop the dual computation. Until then, the cost is one extra SHA-256 per leaf — negligible.
6. Transparency Service (DEOS substrate as TS)
A DEOS substrate is a SCRAPI-conformant Transparency Service per draft-ietf-scitt-scrapi-06.
6.1 SCRAPI endpoints (REQUIRED)
| Method | Path | Purpose |
|---|---|---|
| GET | /.well-known/scitt-keys |
TS verifying-key set as a COSE Key Set (RFC 9052 §7). Body is application/cose-key-set+cbor. |
| GET | /.well-known/scitt-keys/{kid} |
Single TS verifying key. |
| POST | /entries |
Register a Signed Statement. Body: application/cose. Returns 201 (sync) or 303 → /entries/{operation_id} (async). |
| GET | /entries/{operation_id} |
Poll asynchronous registration. |
| GET | /entries/{entry_id} |
Retrieve a persisted Receipt. Body: application/cose. |
6.2 Legacy v1 endpoints (PRESERVED)
The pre-SCITT endpoints in /attestation/api/v1 (/attestation/v1/*) remain available in parallel for one release. They emit JCS-JSON receipts. Internally, the substrate runs the same MMR; the two endpoint families are two views over the same log.
6.3 Registration Policy
draft-ietf-scitt-architecture-22 §5.1.1.1 requires a Transparency Service to authenticate Signed Statements via a documented Registration Policy. The DEOS profile defines:
- Issuer authentication. The
kidin the Statement's protected header MUST resolve to a public key via:- The DEOS DID resolver (did:deos chain), if it returns a key for the kid; OR
- The hybrid resolver's web fallback (did:web), if configured; OR
- The substrate's pre-registered allow-list of issuer DIDs (production deployments).
- Signature verification.
COSE_Sign1overSig_structureMUST verify with the resolved public key underalg. - Capability-chain admission (DEOS-specific). The
deos_capability.chain(CWT label-65538) MUST be a non-empty UCAN-v1.0-shaped chain that:- Has
chain[0].iss == deos_principalandchain[last].aud == sub. - Validates per
/ucan/tokens/v1§4 (per-token signatures, continuity, time bounds, attenuation narrowing, caveat satisfaction against the action payload). - Has no token in the substrate's revocation log at-or-before
iat.
- Has
- Tree id check. The
deos_log_meta.tree_id(CWT label-65540) MUST equal the substrate's configured tree id, per/receipts/format/v1§2.1. - Capability id check. The
deos_capability.idMUST equalBLAKE3-256(canonicalize(deos_capability.chain[0]))per/receipts/format/v1§5.4.
A DEOS substrate that fails any of (1)–(5) MUST reject the registration with HTTP 400 and a SCITT-conformant cwt_claims error (per SCRAPI §3.2 error format). Non-DEOS SCITT TSs that lack the UCAN/DID layer SHOULD register the Statement on signature/issuer trust alone (rules 1 + 2); the DEOS-specific rules (3–5) are profile-private admission control.
7. Transparent Statement
Per architecture §7, a Transparent Statement is the original Signed Statement with the Receipt embedded in its unprotected header under label 394 (receipt). DEOS profile binding:
deos-transparent-statement = COSE_Sign1 {
protected : <as §2.1>,
unprotected : { 394 : COSE_Sign1 (the Receipt, §4) },
payload : <as §2.4>,
signature : bstr,
}
This is the artifact a DEOS verifier hands to a third party. It contains everything needed for offline verification: issuer signature, substrate signature, inclusion proof, OTS anchors. The full UCAN chain rides inside deos_capability for DEOS-aware verifiers; non-DEOS verifiers see only the SCITT-conformant outer shell and verify what they can.
8. JSON projection (legacy interop)
The deos-cose-receipt-rs::project_to_v1_json() function losslessly converts a Transparent Statement to a JCS-JSON v1.0 receipt. The mapping is field-by-field per §2.3 plus the inverse of §3.2 (multiplying iat back to nanoseconds requires either fetching the original issued_at_ns from a profile-private extension or accepting one-second precision loss for receipts that don't preserve ns).
To round-trip ns precision losslessly, v1.1 issuers SHOULD include a profile-private claim -65543 = deos_issued_at_ns carrying the full nanosecond value as a CBOR uint. v1.0 → v1.1 conversions populate this; v1.1 → v1.0 conversions read it.
9. Conformance
A "DEOS profile of SCITT" implementation MUST:
- Conform to
draft-ietf-scitt-architecture-22§6 (Statement structure) for issuer-side code. - Conform to
draft-ietf-scitt-scrapi-06§2 (the SCRAPI endpoints listed in §6.1) for substrate-side code. - Conform to
draft-ietf-cose-merkle-tree-proofs-18§5.2 (Receipt structure) for both sides. - Implement the dual-hash scheme of §5.
- Implement the Registration Policy of §6.3 in the substrate.
- Round-trip cleanly to and from JCS-JSON v1.0 receipts via §8.
- Verify against the conformance test-vector suite (CC-6) which covers: Statement build/sign/verify, Receipt issuance, full Transparent Statement verification, JSON projection round-trip, mis-canonicalization rejection, mis-issuance rejection, capability-chain rejection, tree-id mismatch rejection, capability-id mismatch rejection.
A DEOS substrate is not required to also implement the SCITT CCF profile (draft-ietf-scitt-receipts-ccf-profile) and SHOULD NOT do so until the IPR situation around patent 18/260763 is resolved (CC-12i).
10. Security considerations
This section satisfies the RFC 3552 requirement and supplements draft-ietf-scitt-architecture-22 §10.
10.1 Threat model summary (STRIDE)
Inherited verbatim from architecture §10–§12, plus the following DEOS-specific deltas.
10.2 DEOS-specific threats
- UCAN chain forgery. Mitigated by Registration Policy rule 3 (per-token signature verification + chain continuity). A substrate that admits a forged chain produces an INVALID Transparent Statement under any DEOS-aware verifier.
- Capability id mis-binding. Mitigated by Registration Policy rule 5 (BLAKE3 recompute). A substrate that admits a mismatched id is buggy or malicious; verifiers fail closed.
- Tree id substitution. A substrate that signs a receipt with a tree id different from its configured one is bug or malicious; mitigated by Policy rule 4 plus the substrate publishing its tree id in
/.well-known/scitt-keysmetadata (and in the legacy/trust-rootendpoint). - OpenTimestamps calendar collusion. Single-rail OTS is a single-point-of-failure for time anchoring. Mitigated by ANCH1.1-5 (multi-rail anchors) and CC-12i (avoiding the CCF profile's IPR-encumbered timestamping). Until ANCH1.1-2 (Bitcoin block-header verification) ships, the OTS attestation in
deos_anchorsis a calendar-server promise, not a Bitcoin consensus statement; verification-guide.md is updated to reflect this. - Cross-substrate equivocation. A malicious substrate can present root R1 to one verifier and a non-extension R2 to another. Mitigated by MMR1.1-4 (gossip protocol) and MMR1.1-6 (log-of-logs cross-witnessing). Both are open backlog items in v1.1.
10.3 Algorithm agility
alg is a COSE-registered identifier; v1.1 issuers use -8 (EdDSA). Migration to ML-DSA-65 is a one-field change at the issuer (alg = -50) with no protocol or wire-format break. The dual-hash scheme of §5 isolates BLAKE3 (DEOS-internal) from the SCITT-facing SHA-256 so that future hash agility (BLAKE3-in-COSE registration, CC-12g) likewise lands as a single VDS-identifier swap, not a wire-format break.
10.4 Privacy considerations
- Statement payloads are visible to anyone who fetches the Transparent Statement. Receipts referencing PHI/PII via input/output hashes are safe (hashes don't leak content); receipts referencing PHI in
metadataare not. DEOS healthcare deployments MUST treatmetadataas sensitive and route those receipts through a privacy-preserving issuer that hashes-or-redacts before signing. - did:deos resolution in the issuer-authentication step (Policy rule 1) reveals which DID is being used. Production DEOS substrates running multi-tenant deployments SHOULD avoid leaking tenant information through DID structure; CC-10 (multi-tenant deployment topology) addresses this normatively.
11. IANA considerations
This profile uses CBOR labels in the private use range (negative integers below -65536) for DEOS-specific extensions. The labels chosen are:
| Label | Name | Where |
|---|---|---|
-65537 |
deos_principal |
Statement protected header CWT_Claims |
-65538 |
deos_capability |
Statement protected header CWT_Claims |
-65539 |
deos_replay |
Statement protected header CWT_Claims |
-65540 |
deos_log_meta |
Statement protected header CWT_Claims |
-65541 |
deos_anchors |
Receipt unprotected header |
-65542 |
DEOS-MMR-SHA256 VDS | vds (label 395) value, until standardized via CC-12f |
-65543 |
deos_issued_at_ns |
optional profile-private claim for ns precision |
Should any of these be standardized in the future, this profile will rev to use the IANA-assigned labels and treat the private-use values as deprecated aliases for one release.
12. References
Normative
draft-ietf-scitt-architecture-22— SCITT Architecturedraft-ietf-scitt-scrapi-06— SCITT Reference APIs (SCRAPI)draft-ietf-cose-merkle-tree-proofs-18— Concise Encoding for Merkle Tree Proofs- RFC 9052 — CBOR Object Signing and Encryption (COSE)
- RFC 9053 — CBOR Object Signing and Encryption (COSE): Initial Algorithms
- RFC 8949 — Concise Binary Object Representation (CBOR)
- RFC 8392 — CBOR Web Token (CWT)
/receipts/format/v1— DEOS legacy v1 receipt format/ucan/tokens/v1— DEOS UCAN-shaped capability tokens/merkle/log/v1— DEOS post-order MMR log/did/deos/v1— did:deos method/revocation/v1— DEOS revocation log/anchor/v1— DEOS OpenTimestamps anchoring
Informative
draft-bryce-cose-merkle-mountain-range-proofs-02— MMR profile (expired individual draft; CC-12f revival path)draft-ietf-cose-dilithium-11— ML-DSA in COSE (PQ migration target)draft-ietf-scitt-receipts-ccf-profile-01— CCF profile (NOT adopted; IPR concerns)
13. Open questions for v1.2
- Should
deos_capabilitybe split into two claims (deos_capability_chainanddeos_capability_scope) so that downstream consumers can fetch just the scope without ingesting the full UCAN chain? - Once
cose-merkle-tree-proofsships hash agility, drop the dual-hash scheme. - Once an MMR VDS is standardized, retire the private-use VDS identifier
-65542. - Should DEOS profile add a CWT
cticlaim (token id) to give a stable per-Statement identifier, parallel to the v1.0 receiptid?
These do not block v1.1 ship.