Home  /  Standards  /  The R-Series

🛡 The R-Series · open trust standard

Don't just trust AI. Prove it.

The R-Series is an open standard that turns every action your AI takes into a receipt anyone can verify — from a single result to a cryptographic proof on-chain.

See how it works Verify a receipt
SIGNED · VERIFIABLE · AUDITABLE R+1 timestamp R+2 provenance R+3 audit export R+4 zk verification signed: key: dcs-receipts-2026-05 algo: ed25519
How a receipt works

From an action to a proof anyone can check

Every result your AI produces moves through the same five steps — watch it happen, step by step.

Step 1

Action

An AI agent does something — a build, a decision, a transaction.

🧾
R+2 · Sign

Receipt

The action is signed into a canonical, tamper-proof receipt.

📦
R+3 · Bundle

Audit

Receipts are bundled into a Merkle-proofed audit export.

🔐
R+4 · Prove

Proof

A zero-knowledge proof is generated — correct, without exposing data.

Step 5

Verify

Anyone verifies the result — checked on Base, on-chain.

R+2 · Provenance

Every action becomes a signed receipt.

The moment an agent does something, R+2 records it as a canonical receipt — signed with Ed25519, written in a strict canonical form so the same action always produces the same receipt. A receipt for the work, the way a payment leaves a receipt.

  • Ed25519 digital signatures on every receipt
  • RFC 8785 canonical form — deterministic and comparable
  • Open standard, published on GitHub
sign-receipt.ts See example
import { signReceipt } from "@dcs/r2"; const receipt = signReceipt({ action: "site.build", actor: "agent://orchestrator", input: { brief: "a bakery in Lisbon" }, output: { pages: 12, url: "lisbon-bakery.dcsai.app" }, }); // canonical form (RFC 8785), then Ed25519-signed return receipt.id; // "#a17f9c..."
receipt #a17f9c — signed
🧾 Receipt
actionsite.build
signatureEd25519 ✓
statusverified
R+3 · Audit

Thousands of receipts, one tamper-evident bundle.

R+3 collects receipts into an audit export built on a SHA-256 Merkle tree. Change one entry — even a single character — and the root hash changes, so the whole bundle visibly breaks. An audit trail that can't be quietly edited.

  • SHA-256 Merkle tree over every receipt
  • One root hash proves the whole bundle
  • Export, share and re-verify offline
audit-bundle.ts See example
import { buildAuditBundle } from "@dcs/r3"; const bundle = buildAuditBundle(receipts); // SHA-256 Merkle tree over every receipt export const auditRoot = bundle.merkleRoot; // one tampered entry changes the root bundle.verify(); // re-checks every leaf
1,024 entries — sealed
R+4 · Zero-knowledge

Prove a result is correct — without showing the data.

R+4 generates a zero-knowledge proof: a small cryptographic object that proves a result was produced correctly, without revealing the input behind it. The proof is checked by an on-chain verifier live on Base mainnet — anyone, anywhere, can confirm it.

  • Groth16 proofs over the BN254 curve
  • Verified by a production verifier on Base mainnet
  • Trusted-setup ceremony (v0.1) — publicly chained
verify-proof.ts See example
import { verifyProof } from "@dcs/r4-zk"; // Groth16 proof over the BN254 curve const ok = await verifyProof(proof, publicSignals); // → true, without revealing the underlying data // the same proof is checked on-chain: await verifier.verifyOnBase(proof);
proof verified on Base mainnet
Trust stack · Reputation

A portable trust mark for every agent.

The Trust SKU turns a track record of verified receipts into a single, portable reputation mark — recorded on-chain. Anyone deciding whether to rely on an agent can check its trust score instantly, instead of taking it on faith.

  • Built from a history of R+2 / R+3 / R+4 verified work
  • Recorded on Base — portable across products
  • Three tiers: verified, verified plus, sovereign
🛡 Trust SKU — agent://orchestrator
verified receipts4,812
audit bundles sealed96
zero-knowledge proofs1,204
tierverified plus
trust score4.9 / 5
Federation · the network

Verified across a network, not just one node.

A result shouldn't be trusted because one server says so. Federation lets independent nodes hold the same epoch chain and co-sign the audit record — so a result is confirmed by a quorum of nodes, not a single point of trust.

  • Quorum-certified consensus across independent nodes
  • A shared epoch chain & signed membership set
  • R+3 Merkle roots anchored across the network
🖥
Node A
🖥
Node B
🖥
Node C
🖥
Node D
↓  each node co-signs  ↓
Quorum certificate the result is confirmed by independent nodes — not one server
Open standards

Published in the open, not a black box.

R+2, R+3 and R+4 are open specifications — published on GitHub with reference verifiers. Anyone can read the spec, audit the code and verify a receipt without asking us for anything.

  • r2 / r3 / r4 standards published on GitHub
  • Open-source reference verify libraries
  • No proprietary format — no lock-in
install
$ npm install @dcs/r2-verify # Node $ pip install dcs-r2 # Python $ git clone github.com/dcs/r2-standard # open spec — read it, audit it, verify anything
3 open standards — r2 · r3 · r4
On-chain · Base

A verifier that lives on the blockchain.

R+4 zero-knowledge proofs are checked by a production verifier contract deployed on Base mainnet. A proof isn't trusted because a DCS server says so — it's confirmed by a smart contract that anyone, anywhere, can call.

  • Groth16 verifier contract — live on Base mainnet
  • Permissionless — anyone can verify a proof on-chain
  • Trusted-setup ceremony (v0.1), publicly chained
on-chain.ts See example
import { verifyOnBase } from "@dcs/r4-zk"; // the verifier contract is live on Base mainnet const ok = await verifyOnBase(proof, signals); // → confirmed by a smart contract, not a server
proof verified on Base mainnet
Future-proof · post-quantum

Built to outlast the algorithms.

Cryptography ages. R+2 receipts and R+3 Merkle bundles can each carry a detached ML-DSA-65 (FIPS 204) post-quantum hybrid co-signature — deployed behind the R2_PQ_ENABLED flag and verified by an 8-verifier regression matrix; rollout follows a staged soak — so a chain stays verifiable even as the threat model changes.

  • R+2 and R+3 both PQ co-signed — domain-separated bundle root
  • Detached signature — the base receipt format is unchanged
  • FIPS 204 ML-DSA-65 — flag-gated deploy, regression-verified across 8 verifier implementations
  • Research reference — no quantum-product claim until the wider standard lands
pq-receipt.tsR2_PQ_ENABLED · flag-gated
import { signReceipt } from "@dcs/r2"; import { signBundle } from "@dcs/r3"; // R+2 — per-action receipt + PQ co-signature const r2 = signReceipt(action, { pqCoSign: true, // ML-DSA-65 (FIPS 204) }); // R+3 — Merkle bundle root + PQ co-signature const r3 = signBundle(leaves, { pqCoSign: true, // domain-separated bundle root }); // Ed25519 today + ML-DSA-65 alongside, both verifiable
R+2 + R+3 dual-signed — classical + PQ
Cryptographic choices, named and justified

Every primitive picked deliberately

The R-Series doesn't hide behind buzzwords. Each layer's cryptography is chosen on the record — with the reasons stated and the migration path written down.

R+2 · SIGNATURES

Ed25519 (RFC 8032)

Deterministic EdDSA over Curve25519. No catastrophic failure from a bad RNG; 32-byte keys, 64-byte signatures, fast batch verify, ~128-bit classical security.

R+2 · CANONICALISATION

RFC 8785 JCS

A signature only means something if signer and verifier agree byte-for-byte on what was signed. JCS fixes a single deterministic JSON encoding, reproducible by any independent verifier.

R+2 / R+3 · HASHING

SHA-256 chain & tree

Hash-chained per-receipt; SHA-256 binary Merkle for R+3 bundles. Ubiquitous, hardware-accelerated, strong collision-resistance record.

R+4 · ZK PROOFS

Groth16 over BN254

Constant ~200-byte proof, <1ms verify. Classical security only on BN254 today. R+4 v0.1 ships behind a documented future-proofing roadmap, not a "quantum-safe" claim.

Honest about ageing. BN254's pairing security shrinks under newer attacks; the crypto roadmap commits to a migration window (BLS12-381 / BLS24-318) and adds the ML-DSA-65 PQ co-signature on R+2 and R+3 so the audit trail survives a future cryptographic break. No quantum-product claim until the wider standard lands.
The whole picture

How the R-Series fits together

Every action your AI takes flows through one layer — and comes out the other side verifiable by anyone, anywhere.

What your AI does
Agent actionsbuilds, edits, decisions
Transactionspayments & on-chain moves
Workflowsmulti-step automations
receipts
The R-Series layer
R+2 → R+3 → R+4sign · bundle · prove
Federationquorum-certified across nodes
proofs
Anyone can verify
Verify SDKany language, open spec
On-chainBase mainnet verifier
Auditors & regulatorstamper-evident audit export
R+2 · anatomy

Inside a receipt

Every receipt is a small, canonical record — signed, hashed and chained. Here is what's in one.

receipt #a17f9c
actionsite.build
actoragent://orchestrator
input"a bakery in Lisbon"
output12 pages · deployed
hashsha256:9f3c1a…
prev#a17f9b
Ed25519 signature — valid
🧾
Canonical form

RFC 8785 ordering — the same action always produces the same receipt.

Ed25519 signature

Proves who produced it and that it hasn't been altered.

#
Content hash

A SHA-256 fingerprint of the exact action and its result.

🔗
Chained

Each receipt links to the one before it — an unbroken history.

R+3 · tamper-evidence

Tamper one entry — the whole bundle breaks

R+3 hashes receipts into a Merkle tree. Watch what happens when a single receipt is altered — the change climbs straight to the root.

receipt #a17f
receipt #b204
receipt #c8e1
receipt #d3f0
↑  paired & hashed  ↑
hash AB
hash CD
↑  hashed  ↑
Merkle root 0x9f3c…

Change one receipt and its hash changes — and so does every hash above it, all the way to the root. Nothing can be edited quietly.

R+4 · verification

How a proof gets verified

A zero-knowledge proof travels from the agent to an on-chain verifier — confirmed without ever revealing the data behind it.

🤖
Proverthe agent generates a proof
🔐
R+4 proofGroth16 zero-knowledge proof
Base verifierthe on-chain contract checks it
Verifiedconfirmed — no data revealed
For developers

Verify from any stack

The R-Series is an open spec — just Ed25519 signatures and SHA-256 hashes. Verify a receipt from any language, with our verify libraries or a few lines of your own.

PYTHON
NODE.JS
cURL
JAVA
PHP
GO
RUBY
RUST
PYTHON
NODE.JS
cURL
JAVA
PHP
GO
RUBY
RUST
verify.py See example
# verify a receipt — open spec, just crypto primitives from dcs_r2 import verify_receipt result = verify_receipt(receipt) # Ed25519 + RFC 8785 assert result.valid # provenance intact
valid: true — provenance intact
See it in action

Watch the R-Series verify

Verify a single result, or seal a thousand into a tamper-evident audit bundle.

verify a result
$ dcs verify receipt #a17f9c [r+2] checking Ed25519 signature… [r+3] matching Merkle audit root… [r+4] verifying zero-knowledge proof on Base…      provenance chain intact
Verified — signature, audit & proof all valid
seal an audit bundle
$ dcs audit export --last 1024 [r+3] hashing 1,024 receipts… [r+3] building SHA-256 Merkle tree… [r+3] computing the root hash…      export written to audit-2026-05.r3
Sealed — bundle root 0x9f3c… exported
Ed25519R+2 receipt signatures
SHA-256R+3 Merkle audit trees
Groth16 / BN254R+4 zero-knowledge proofs
Base mainnetOn-chain verifier, live
Works with

The rest of the trust layer

The R-Series standards power these products across the platform.

Verify

Paste a receipt or bundle and check it — free, no account.
🌐

Federation

R+3 anchoring across a quorum-certified node network.
🛡

Trust SKU

The verifiable reputation mark, built on R-Series receipts.
📦

Standards repos

r2 / r3 / r4 published as open standards on GitHub.
FAQ

Questions reviewers actually ask

The R-Series is built for technical scrutiny. Here's the short version.

Is anything in production today, or is this all spec?
R+2 v1.0 and R+3 are live in production on api.dcsai.ai — public verifier package @dcsplatform/r2-verify on npm. R+4 v0.1 (Groth16 over BN254) is the public draft with a working reference prover. The R+5 / R+6 work is internal-only and stays internal until each lands as a public draft.
Why Groth16? Won't BN254 age out?
Groth16 gives a constant ~200-byte proof and sub-millisecond verification — the right trade-off for embedding proofs in receipts. We know BN254 ages: the crypto roadmap documents the BLS12-381 / BLS24-318 migration window and the ML-DSA-65 PQ co-signature is already live on R+2 and R+3 to preserve the audit trail through any future break.
What's the trusted-setup story for R+4?
R+4 v0.1 uses a Groth16 setup. The crypto roadmap is explicit about the plan: a public, multi-party "powers of tau"-style ceremony with published transcripts. The R+4 production ceremony is scheduled and documented in the threat model.
How is PQ shipped — is it a quantum-safe product?
No quantum-product claim. What's shipped: optional detached post-quantum hybrid co-signatures (ML-DSA-65, FIPS 204) on R+2 receipts and R+3 bundle roots, deployed behind the R2_PQ_ENABLED flag and verified by an 8-verifier regression matrix; rollout follows a staged soak. It's a research reference that lets the audit trail survive even if BN254 or Ed25519 break before NIST PQ standards finalise their broader adoption story.
Can I verify a receipt without trusting DCS's servers?
Yes. verify.dcsai.ai is a client-side verifier — paste a session ID and every signature is validated in the browser against the published public key. The @dcsplatform/r2-verify package runs the same code on the command line, in CI, or inside your own server.
Does federation require trusting other pods?
No. Sovereign pods cross-attest each other's receipt chain heads with quorum certification — no shared signing key. A bad actor in the quorum can poison its own chain but not anyone else's.
Is the verifier available in my stack?
JavaScript / TypeScript today (npm @dcsplatform/r2-verify); a Rust verifier is in the works; Python and Go land next. The "Verify from any stack" section shows the matrix.
What stays internal and never appears on this page?
R+5 (Adaptive Sovereign Machine Governance, trust-algebra, CDTA as R+2-receipt) and R+6 (the v0.1 spec draft) are internal-only and will only appear on dcsai.ai when they ship as public drafts. We don't claim shipped what isn't.

Stop trusting. Start verifying.

Read the open standards, or verify a receipt for yourself — no account needed.

Read the R-Series standards Verify a receipt