Skip to main content

Module transparency_log

aion_context

Module transparency_log 

Source
Expand description

Aion-native transparency log — RFC-0025.

Append-only Merkle log over BLAKE3, RFC-6962-compatible in structure (split-point MTH, audit-path inclusion proofs) and domain-separated from every other aion signed object.

Phase A, this module: in-memory log + inclusion proofs + operator-signed tree heads, all offline. Phase B adds frontier caching, consistency proofs, and persistence. Phase C adds a Rekor adapter for wire interop.

§Example

use aion_context::transparency_log::{TransparencyLog, LogEntryKind, verify_inclusion_proof};
use aion_context::crypto::SigningKey;

let mut log = TransparencyLog::new();
let payload = b"attestation bytes";
let seq = log.append(LogEntryKind::VersionAttestation, payload, 42).unwrap();

// Self-contained verification: a verifier holding the log and a
// pinned root needs no access to the original payload.
let proof = log.inclusion_proof(seq).unwrap();
let leaf = log.leaf_hash_at(seq).unwrap();
verify_inclusion_proof(
    leaf,
    proof.leaf_index,
    proof.tree_size,
    &proof.audit_path,
    log.root_hash(),
).unwrap();

let operator = SigningKey::generate();
log.set_operator(operator.verifying_key());
let sth = log.sign_tree_head(&operator);
assert!(log.verify_tree_head(&sth).is_ok());

Structs§

InclusionProof
An inclusion proof: the siblings along the path from a leaf to the Merkle root, innermost first.
LogEntry
One leaf in the transparency log.
SignedTreeHead
A tree head signed by the log operator.
TransparencyLog
Append-only Merkle log.

Enums§

LogEntryKind
What kind of object is recorded in a log leaf.

Constants§

LOG_EMPTY_DOMAIN
Domain separator for the empty-tree sentinel root.
LOG_LEAF_DOMAIN
Domain separator for leaf-data hashing.
LOG_NODE_DOMAIN
Domain separator for internal-node hashing.
LOG_STH_DOMAIN
Domain separator for signed tree heads.

Functions§

leaf_hash
Compute the canonical leaf-data bytes and return their domain-tagged BLAKE3 hash.
verify_inclusion_proof
Verify an inclusion proof: given a leaf hash, the leaf’s index, the tree size at proof-generation time, the audit path, and the pinned root hash, check that the leaf is in the tree.