Skip to main content

commitment_hash

Function commitment_hash 

Source
pub fn commitment_hash(c: &StorageCommitment) -> Option<[u8; 32]>
Expand description

The auditor’s pin: BLAKE3(DOMAIN_COMMITMENT_HASH || postcard(commitment)).

Equal commitments produce equal hashes; any change to root, key_count, peer ID, or signature changes the hash because postcard’s canonical encoding includes a length prefix for signature. The audit challenge carries this value; the audit response must include a commitment that hashes to the same value, defeating fresh-commitment substitution.

Postcard encoding is the same canonical wire form the rest of the replication protocol uses (MessageCodec::encode), so an encoded commitment from a NeighborSyncRequest produces the same hash as the same commitment received in an AuditResponse.

§Errors

Returns None only if postcard fails to serialize the commitment, which in practice means the signature is somehow > isize::MAX bytes — not reachable for ML-DSA-65 (3293 bytes). Callers may safely treat None as a malformed commitment and drop it.