Expand description
Storage-bound audit via piggybacked commitments.
Implements the v12 storage-bound audit design: it closes the storage-binding holes where a node could pass audits while holding chunk addresses (not bytes), or answer against a commitment it never gossiped.
§What this module provides
StorageCommitment— the wire type sent on neighbour-sync gossip and embedded in commitment-bound audit responses.ML-DSA-65signed over(root, key_count, sender_peer_id)with explicit domain separation.MerkleTree— an in-memory Merkle tree over(key, BLAKE3(bytes))leaves. Rebuilt by the responder when its key set changes; produces inclusion paths used in audit responses.commitment_hash— the auditor’s pin: aBLAKE3digest over the full signed commitment blob. Audit challenges carry this; audit responses must include a commitment that hashes to the same value.verify_path— auditor’s per-key check: rebuilds the leaf from(key, bytes_hash)and verifies the inclusion path against the committed root.
Nothing else (responder gossip loop, auditor verify path, reward-eligibility cache) lives here yet — that’s the next phase.
Structs§
- Merkle
Tree - In-memory Merkle tree over the responder’s claimed keys.
- Storage
Commitment - Signed storage commitment.
Enums§
- Commitment
Error - Errors from commitment construction or verification.
Constants§
- DOMAIN_
COMMITMENT - Domain-separation tag for the commitment signature.
- DOMAIN_
COMMITMENT_ HASH - Domain-separation tag for the auditor’s pin: BLAKE3 over (this tag || canonical commitment blob).
- DOMAIN_
LEAF - Domain-separation tag for Merkle leaves:
BLAKE3(this || key || H(bytes)). - DOMAIN_
NODE - Domain-separation tag for Merkle internal nodes:
BLAKE3(this || left || right). - MAX_
COMMITMENT_ KEY_ COUNT - Maximum number of keys a single commitment may cover.
Functions§
- commitment_
hash - The auditor’s pin:
BLAKE3(DOMAIN_COMMITMENT_HASH || postcard(commitment)). - leaf_
hash - Compute the Merkle leaf hash for
(key, bytes_hash). - node_
hash - Combine two child hashes into a Merkle internal-node hash.
- sign_
commitment - Sign a commitment’s
(root, key_count, sender_peer_id, sender_public_key)withsecret_key. - verify_
commitment_ signature - Verify a commitment’s signature using the embedded
sender_public_key. - verify_
commitment_ signature_ with_ key - Verify a commitment’s signature against an externally provided key.
- verify_
path - Verify an inclusion path against a commitment of size
key_count.