cpop-jitter 0.2.1

Timing entropy primitive for human process attestation

Part of the Cryptographic Proof of Process (CPoP) specification — an LF Decentralized Trust Lab

Overview

cpop-jitter provides cryptographic proof-of-process through timing jitter, producing tamper-evident evidence that content was created through a human typing process rather than generated or pasted. Two engines are available:

PureJitter — HMAC-based, deterministic, no_std compatible. Uses externally-provided timestamps for environments without OS timing.
PhysJitter — Hardware entropy collection via CPU timing (TSC). Requires std for OS timing primitives.
HybridEngine — Automatic fallback from PhysJitter to PureJitter.

Quick Start

[dependencies]
cpop-jitter = "0.2"

use cpop_jitter::{HybridEngine, JitterEngine, Session};

let engine = HybridEngine::new(b"my-secret-key");
let mut session = Session::new(engine);

session.record_keystroke(b'H', None);
session.record_keystroke(b'i', None);

let evidence = session.finalize();
assert!(evidence.verify().is_ok());

Features

Feature	Default	Description
`std`	Yes	Standard library — enables Session, timing, serde_json
`hardware`	No	Hardware entropy collection (TSC)
`rand`	No	Random secret generation

For no_std environments, use PureJitter with explicit timestamps:

[dependencies]
cpop-jitter = { version = "0.2", default-features = false }

Architecture

PureJitter (HMAC-SHA256, deterministic)
    ↓ fallback
PhysJitter (hardware TSC entropy)
    ↓ combined
HybridEngine → Session → Evidence

Each keystroke is bound to a timing jitter measurement. The evidence chain is HMAC-linked, making insertion, deletion, or reordering of events cryptographically detectable.

Contributing

See CONTRIBUTING.md for DCO sign-off requirements and contribution workflow.

License

Apache License, Version 2.0. See LICENSE.

Part of the proof-of-process repository.