Skip to main content

Module commitment

Module commitment 

Source
Expand description

Storage-bound audit via piggybacked commitments.

Implements the v12 storage-bound audit design: it closes the storage-binding holes where a node could pass audits while holding chunk addresses (not bytes), or answer against a commitment it never gossiped.

§What this module provides

  • StorageCommitment — the wire type sent on neighbour-sync gossip and embedded in commitment-bound audit responses. ML-DSA-65 signed over (root, key_count, sender_peer_id) with explicit domain separation.
  • MerkleTree — an in-memory Merkle tree over (key, BLAKE3(bytes)) leaves. Rebuilt by the responder when its key set changes; produces inclusion paths used in audit responses.
  • commitment_hash — the auditor’s pin: a BLAKE3 digest over the full signed commitment blob. Audit challenges carry this; audit responses must include a commitment that hashes to the same value.
  • verify_path — auditor’s per-key check: rebuilds the leaf from (key, bytes_hash) and verifies the inclusion path against the committed root.

Nothing else (responder gossip loop, auditor verify path, reward-eligibility cache) lives here yet — that’s the next phase.

Structs§

MerkleTree
In-memory Merkle tree over the responder’s claimed keys.
StorageCommitment
Signed storage commitment.

Enums§

CommitmentError
Errors from commitment construction or verification.

Constants§

DOMAIN_COMMITMENT
Domain-separation tag for the commitment signature.
DOMAIN_COMMITMENT_HASH
Domain-separation tag for the auditor’s pin: BLAKE3 over (this tag || canonical commitment blob).
DOMAIN_LEAF
Domain-separation tag for Merkle leaves: BLAKE3(this || key || H(bytes)).
DOMAIN_NODE
Domain-separation tag for Merkle internal nodes: BLAKE3(this || left || right).
MAX_COMMITMENT_KEY_COUNT
Maximum number of keys a single commitment may cover.

Functions§

commitment_hash
The auditor’s pin: BLAKE3(DOMAIN_COMMITMENT_HASH || postcard(commitment)).
leaf_hash
Compute the Merkle leaf hash for (key, bytes_hash).
node_hash
Combine two child hashes into a Merkle internal-node hash.
sign_commitment
Sign a commitment’s (root, key_count, sender_peer_id, sender_public_key) with secret_key.
verify_commitment_signature
Verify a commitment’s signature using the embedded sender_public_key.
verify_commitment_signature_with_key
Verify a commitment’s signature against an externally provided key.
verify_path
Verify an inclusion path against a commitment of size key_count.