hashiverse-lib 1.0.7-rc2

Core protocol library for Hashiverse — your open-source decentralized X/Twitter replacement.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390

//! # Peer records — identity, reputation, and PoW credentials for gossip
//!
//! Three types make up a peer's on-the-wire reputation:
//!
//! - [`Peer`] — the self-signed identity record gossiped through the Kademlia DHT. Carries
//!   the peer's Ed25519 public key, post-quantum commitment, network address, and
//!   **three** PoW tokens (see [`PeerPow`]): the initial "birth certificate", the best
//!   PoW observed during the current rolling day, and during the current rolling month.
//!   Rolling PoW means a peer that has continued to do work recently is weighted higher
//!   than one that submitted a good initial PoW and went quiet, without every peer
//!   having to redo heavy work on every gossip cycle.
//! - [`PeerPow`] — a PoW token bound to a specific `content_hash` and timestamp. Because
//!   the content_hash is part of the proof, these tokens can't be replayed to sign a
//!   *different* message.
//! - [`ClientPow`] — bundles a peer's public key + PQ commitment with its *hardest-ever*
//!   PoW, used to gate trust-sensitive operations (healing, feedback amplification).
//!
//! Every field uses compact `#[serde(rename)]` wire keys so gossiped peer blobs stay
//! small even at DHT scale.

use crate::tools::server_id::ServerId;
use crate::tools::time::{MILLIS_IN_DAY, MILLIS_IN_MONTH, TimeMillis, TimeMillisBytes};
use crate::tools::time_provider::time_provider::TimeProvider;
use crate::tools::types::{Hash, Id, PQCommitmentBytes, Pow, Salt, Signature, SignatureKey, VerificationKey, VerificationKeyBytes};
use crate::tools::{config, hashing, signing, tools};
use crate::{anyhow_assert_eq, anyhow_assert_ge};
use serde::{Deserialize, Serialize};
use std::fmt;

/// A proof-of-work token sponsored by a specific peer and bound to a specific request body.
///
/// `PeerPow` is the standard "I did work, and I did it for *this* request" credential. It
/// fixes four things into the PoW input: the sponsor's peer [`Id`], the time the work was
/// performed, a `content_hash` over the request body, and a [`Salt`] that the worker varied
/// to find a solution. Pinning the content hash is what prevents an attacker from replaying
/// a valid PoW against a different request — re-using the same `salt` against a new body
/// would produce a different hash and fail verification.
///
/// `PeerPow` is worn by [`Peer`] itself (three of them: the initial identity PoW plus
/// rolling day/month "best-effort" PoWs) and by every authenticated RPC (see
/// [`crate::protocol::rpc`]). Because its inputs are canonical and verification is cheap,
/// receivers can re-derive and compare the PoW without keeping state.
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone)]
pub struct PeerPow {
    #[serde(rename = "sp")]
    pub sponsor_id: Id,
    #[serde(rename = "t")]
    pub timestamp: TimeMillis,
    #[serde(rename = "ch")]
    pub content_hash: Hash, // This is the hash of the content of the request that the pow is protecting.  Stops replay attacks with the same pow being used for different requests.
    #[serde(rename = "s")]
    pub salt: Salt,
    #[serde(rename = "z")]
    pub pow: Pow,
}

impl PeerPow {
    pub fn new(sponsor_id: Id, verification_key: &VerificationKeyBytes, pq_commitment_bytes: &PQCommitmentBytes, timestamp: TimeMillis, content_hash: Hash, salt: Salt) -> anyhow::Result<PeerPow> {
        let (pow, _) = Self::pow(&sponsor_id, verification_key, pq_commitment_bytes, &timestamp.encode_be(), &content_hash, &salt)?;
        Ok(Self {
            sponsor_id,
            timestamp,
            content_hash,
            salt,
            pow,
        })
    }

    pub fn zero() -> Self {
        PeerPow {
            sponsor_id: Id::zero(),
            timestamp: TimeMillis::zero(),
            content_hash: Hash::zero(),
            salt: Salt::zero(),
            pow: Pow(0),
        }
    }

    pub fn random() -> Self {
        Self {
            sponsor_id: Id::random(),
            timestamp: TimeMillis::random(),
            content_hash: Hash::random(),
            salt: Salt::random(),
            pow: Pow(tools::random_u8()),
        }
    }

    pub fn verify(&self, verification_key: &VerificationKeyBytes, pq_commitment_bytes: &PQCommitmentBytes) -> anyhow::Result<()> {
        let (pow, _) = Self::pow(&self.sponsor_id, verification_key, pq_commitment_bytes, &self.timestamp.encode_be(), &self.content_hash, &self.salt)?;
        match pow == self.pow {
            true => Ok(()),
            false => Err(anyhow::anyhow!("pow does not match inputs: {} != {}", self.pow, pow)),
        }
    }

    pub fn pow_decayed_day(&self, current_time_millis: TimeMillis) -> f64 {
        let pow_halflife_millis = MILLIS_IN_DAY;
        let elapsed_millis = current_time_millis - self.timestamp;
        (self.pow.0 as f64) / 2.0f64.powf(elapsed_millis.0 as f64 / pow_halflife_millis.0 as f64)
    }

    pub fn pow_decayed_month(&self, current_time_millis: TimeMillis) -> f64 {
        let pow_halflife_millis = MILLIS_IN_MONTH;
        let elapsed_millis = current_time_millis - self.timestamp;
        (self.pow.0 as f64) / 2.0f64.powf(elapsed_millis.0 as f64 / pow_halflife_millis.0 as f64)
    }

    pub fn pow(sponsor_id: &Id, verification_key: &VerificationKeyBytes, pq_commitment_bytes: &PQCommitmentBytes, timestamp: &TimeMillisBytes, hash: &Hash, salt: &Salt) -> anyhow::Result<(Pow, Hash)> {
        ServerId::pow_measure(sponsor_id, verification_key, pq_commitment_bytes, timestamp, hash, salt)
    }

    pub fn own_pow(&self, verification_key: &VerificationKeyBytes, pq_commitment_bytes: &PQCommitmentBytes) -> anyhow::Result<(Pow, Hash)> {
        Self::pow(&self.sponsor_id, verification_key, pq_commitment_bytes, &self.timestamp.encode_be(), &self.content_hash, &self.salt)
    }
}

/// A client-side best-ever proof-of-work token, used as a reputation credential in the
/// trust-sensitive parts of the protocol.
///
/// Unlike [`PeerPow`], which is scoped to a single request, `ClientPow` is the *hardest*
/// PoW a particular client has ever produced against a canonical sponsor target. It is
/// carried on feedback and healing requests — the operations that let peers influence what
/// content is propagated or suppressed — so the recipient can weight the sender's opinion
/// by how much work they have ever invested in an identity. This makes Sybil-style attacks
/// expensive: voting with many fresh clients means doing all that work many times.
///
/// The struct bundles the peer's verification key, PQ commitment, and the underlying
/// [`PeerPow`] so a verifier has everything it needs in one place.
#[derive(Serialize, Deserialize, Debug, PartialEq, Clone)]
pub struct ClientPow {
    pub peer_verification_key: VerificationKeyBytes,
    pub peer_pq_commitment_bytes: PQCommitmentBytes,
    pub peer_pow: PeerPow,
}

impl ClientPow {
    pub fn measure(peer_verification_key: &VerificationKeyBytes, peer_pq_commitment_bytes: &PQCommitmentBytes, sponsor_id: &Id, timestamp: TimeMillis, content_hash: &Hash, salt: &Salt) -> anyhow::Result<Self> {
        let (pow, _) = ServerId::pow_measure(sponsor_id, peer_verification_key, peer_pq_commitment_bytes, &timestamp.encode_be(), content_hash, salt)?;
        Ok(Self {
            peer_verification_key: *peer_verification_key,
            peer_pq_commitment_bytes: *peer_pq_commitment_bytes,
            peer_pow: PeerPow {
                sponsor_id: *sponsor_id,
                timestamp,
                content_hash: *content_hash,
                salt: *salt,
                pow,
            },
        })
    }

    pub fn verify(&self) -> anyhow::Result<()> {
        self.peer_pow.verify(&self.peer_verification_key, &self.peer_pq_commitment_bytes)
    }
}

impl fmt::Display for PeerPow {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "timestamp={} hash={} salt={} pow={}", self.timestamp, hex::encode(self.content_hash), hex::encode(self.salt), self.pow,)
    }
}

/// A single node's self-signed identity record, gossiped through the Kademlia DHT.
///
/// `Peer` is the unit of peer discovery. Each server publishes one: its [`Id`], its Ed25519
/// verification key, its post-quantum commitment, its current network address, its build
/// version, and three [`PeerPow`] tokens — one fixed "initial" PoW that was produced at
/// startup and never changes (so it acts as a long-term identity credential), plus rolling
/// "best seen this day" and "best seen this month" PoWs that keep the record fresh and let
/// other peers weight trust by recent work. The whole thing is covered by a `signature`
/// so tampering is detectable.
///
/// Other peers store, forward, and compare `Peer` records to decide who to talk to, which
/// is why the PoW fields have time decay built in (`pow_decayed_day`, `pow_decayed_month`)
/// — stale records age out naturally.
#[derive(Serialize, Deserialize, PartialEq, Clone)]
pub struct Peer {
    pub id: Id,

    #[serde(rename = "vkb")]
    pub verification_key_bytes: VerificationKeyBytes,
    #[serde(rename = "pqcb")]
    pub pq_commitment_bytes: PQCommitmentBytes,

    #[serde(rename = "pi")]
    pub pow_initial: PeerPow, // The pow generated when the server first started up.  Never changes.
    #[serde(rename = "pcd")]
    pub pow_current_day: PeerPow, // The best pow seen this day (approximately)
    #[serde(rename = "pcm")]
    pub pow_current_month: PeerPow, // The best pow seen this month (approximately)

    #[serde(rename = "ver")]
    pub version: String, // The compile version of the Peer
    #[serde(rename = "addr")]
    pub address: String, // The last known public address at which this server knows itself.

    #[serde(rename = "ts")]
    pub timestamp: TimeMillis, // The last time this record was updated - used for other Peers to overwrite stale records.

    #[serde(rename = "sig")]
    pub signature: Signature, // sign( hash ( id, pow_initial.pow(signature_pub), pow_current.pow(signature_pub), address, signature_timestamp ) )
}

impl fmt::Debug for Peer {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        fmt::Display::fmt(self, f)
    }
}

impl fmt::Display for Peer {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "[ id={} version={} address={} pows=[ {} {} {} ] timestamp={} ]",
            self.id, self.version, self.address, self.pow_initial.pow, self.pow_current_day.pow, self.pow_current_month.pow, self.timestamp
        )

        // write!(
        //     f,
        //     "[ id={} signature_pub={} encryption_pub={} pow_initial={} pow_current={} address={} signature_timestamp={} signature={} ]",
        //     hex::encode(self.id),
        //     hex::encode(self.signature_pub),
        //     hex::encode(self.encryption_pub),
        //     self.pow_initial,
        //     self.pow_current,
        //     self.address,
        //     self.signature_timestamp,
        //     hex::encode(self.signature),
        // )
    }
}

impl Peer {
    pub fn zero() -> Peer {
        Peer {
            id: Id::zero(),
            verification_key_bytes: VerificationKeyBytes::zero(),
            pq_commitment_bytes: PQCommitmentBytes::zero(),

            pow_initial: PeerPow::zero(),
            pow_current_day: PeerPow::zero(),
            pow_current_month: PeerPow::zero(),

            version: env!("CARGO_PKG_VERSION").to_string(),
            address: String::new(),

            timestamp: TimeMillis::zero(),

            signature: Signature::zero(),
        }
    }

    pub fn signature_hash_generate(&self) -> anyhow::Result<Hash> {
        Ok(hashing::hash_multiple(&[
            self.id.as_ref(),
            self.verification_key_bytes.as_ref(),
            self.pq_commitment_bytes.as_ref(),
            self.pow_initial.own_pow(&self.verification_key_bytes, &self.pq_commitment_bytes)?.1.as_ref(),
            self.pow_current_day.own_pow(&self.verification_key_bytes, &self.pq_commitment_bytes)?.1.as_ref(),
            self.pow_current_month.own_pow(&self.verification_key_bytes, &self.pq_commitment_bytes)?.1.as_ref(),
            self.address.as_bytes(),
            self.timestamp.encode_be().as_ref(),
        ]))
    }

    pub fn sign(&mut self, time_provider: &dyn TimeProvider, signature_key: &SignatureKey) -> anyhow::Result<()> {
        self.timestamp = time_provider.current_time_millis();

        let signature_hash = self.signature_hash_generate()?;
        self.signature = signing::sign(signature_key, signature_hash.as_ref());
        Ok(())
    }

    pub fn verify(&self) -> anyhow::Result<()> {
        self.verify_signature()?;
        self.verify_server_id()?;
        self.verify_pows()?;
        Ok(())
    }

    fn verify_signature(&self) -> anyhow::Result<()> {
        let signature_hash = self.signature_hash_generate()?;
        signing::verify(&VerificationKey::from_bytes(&self.verification_key_bytes)?, &self.signature, signature_hash.as_ref())?;

        Ok(())
    }

    fn verify_server_id(&self) -> anyhow::Result<()> {
        let (pow, pow_hash) = ServerId::pow_measure(
            &self.pow_initial.sponsor_id,
            &self.verification_key_bytes,
            &self.pq_commitment_bytes,
            &self.pow_initial.timestamp.encode_be(),
            &self.pow_initial.content_hash,
            &self.pow_initial.salt,
        )?;
        anyhow_assert_ge!(&pow, &config::SERVER_KEY_POW_MIN, "insufficient server_id pow");

        let id = ServerId::server_pow_hash_to_id(pow_hash)?;

        anyhow_assert_eq!(&self.id, &id, "served_id mismatch");

        Ok(())
    }

    fn verify_pows(&self) -> anyhow::Result<()> {
        self.pow_initial.verify(&self.verification_key_bytes, &self.pq_commitment_bytes)?;
        self.pow_current_day.verify(&self.verification_key_bytes, &self.pq_commitment_bytes)?;
        self.pow_current_month.verify(&self.verification_key_bytes, &self.pq_commitment_bytes)?;
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use crate::protocol::peer::{Peer, PeerPow};
    use crate::tools::server_id::ServerId;
    use crate::tools::time::TimeMillis;
    use crate::tools::time_provider::time_provider::RealTimeProvider;
    use crate::tools::pow_generator::single_threaded_pow_generator::SingleThreadedPowGenerator;
    use crate::tools::tools;
    use crate::tools::types::{Pow, VerificationKeyBytes};

    async fn get_random_ingredients() -> anyhow::Result<(ServerId, Peer)> {
        let time_provider = RealTimeProvider;
        let pow_generator = SingleThreadedPowGenerator::new();
        let server_id = ServerId::new("own_pow", &time_provider, Pow(0), true, &pow_generator).await?;

        let mut peer = server_id.to_peer(&time_provider)?;
        peer.pow_current_day = PeerPow::random();
        peer.pow_current_month = PeerPow::random();
        peer.address = tools::random_base64(16);

        // Sign again now that we have changed some of the data
        peer.sign(&time_provider, &server_id.keys.signature_key)?;

        Ok((server_id, peer))
    }

    #[tokio::test]
    async fn signing_test() -> anyhow::Result<()> {
        let (_, peer) = get_random_ingredients().await?;

        // Now verify the signature
        peer.verify_signature()?;
        Ok(())
    }

    #[tokio::test]
    async fn signing_fail_test() -> anyhow::Result<()> {
        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.verification_key_bytes = VerificationKeyBytes::zero();
            peer.verify_signature().unwrap_err();
        }

        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.pow_initial = PeerPow::random();
            peer.verify_signature().unwrap_err();
        }

        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.pow_current_day = PeerPow::random();
            peer.verify_signature().unwrap_err();
        }

        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.pow_current_month = PeerPow::random();
            peer.verify_signature().unwrap_err();
        }

        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.address = tools::random_base64(16);
            peer.verify_signature().unwrap_err();
        }

        {
            let (_, mut peer) = get_random_ingredients().await?;
            peer.timestamp = TimeMillis::random();
            peer.verify_signature().unwrap_err();
        }

        Ok(())
    }
}