pub fn commitment_hash(c: &StorageCommitment) -> Option<[u8; 32]>Expand description
The auditor’s pin: BLAKE3(DOMAIN_COMMITMENT_HASH || postcard(commitment)).
Equal commitments produce equal hashes; any change to root, key_count,
peer ID, or signature changes the hash because postcard’s canonical
encoding includes a length prefix for signature. The audit challenge
carries this value; the audit response must include a commitment that
hashes to the same value, defeating fresh-commitment substitution.
Postcard encoding is the same canonical wire form the rest of the
replication protocol uses (MessageCodec::encode), so an encoded
commitment from a NeighborSyncRequest produces the same hash as the
same commitment received in an AuditResponse.
§Errors
Returns None only if postcard fails to serialize the commitment, which
in practice means the signature is somehow > isize::MAX bytes — not
reachable for ML-DSA-65 (3293 bytes). Callers may safely treat None as
a malformed commitment and drop it.