pqrascv-hardware 1.0.0-rc.5

Hardware-rooted trust and distributed verifier consensus for PQ-RASCV
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163

//! Full-system consistency validation pass.
//!
//! Detects divergence drift, missing anchors, invalid epoch transitions,
//! and broken quorum lineage by validating the global `AuditTrace` against
//! the current federation state.

use crate::audit_trace::{AuditTrace, TraceEvent};
use crate::digest::TypedDigest;

/// Validates the global consistency of the federation.
pub struct ConsistencyChecker;

impl ConsistencyChecker {
    /// Performs a full-system consistency validation pass.
    ///
    /// Checks that:
    /// 1. The `AuditTrace` is structurally sound and cryptographically verified.
    /// 2. The latest root in the `AuditTrace` matches the expected federation state root.
    /// 3. Epoch transitions are strictly monotonic and unbroken.
    /// 4. No anchors are missing (e.g., `SnapshotSealed` events are properly sequenced).
    ///
    /// # Errors
    /// Returns a `&'static str` detailing the inconsistency if one is found.
    pub fn validate_system_consistency(
        trace: &AuditTrace,
        expected_state_root: &TypedDigest,
    ) -> Result<(), &'static str> {
        // 1. Structural integrity
        if !trace.verify_integrity() {
            return Err("AuditTrace structural integrity verification failed");
        }

        // 2. Divergence drift check
        if &trace.latest_root != expected_state_root {
            return Err("Divergence drift detected: trace latest root does not match the expected state root");
        }

        let mut last_epoch = None;
        let mut has_quorum = false;

        // 3 & 4. Epoch monotonicity and lineage checks
        for event in &trace.events {
            match event {
                TraceEvent::QuorumFormed { epoch, .. } => {
                    if let Some(last) = last_epoch {
                        if *epoch <= last {
                            return Err("Invalid epoch transition: non-monotonic or duplicate epoch detected");
                        }
                    }
                    last_epoch = Some(*epoch);
                    has_quorum = true;
                }
                TraceEvent::SnapshotSealed {
                    finality_state,
                    confirmation_depth,
                    ..
                } => {
                    if !has_quorum {
                        return Err("Broken quorum lineage: SnapshotSealed without a preceding QuorumFormed");
                    }
                    if finality_state == "PendingAnchor" || finality_state == "Included" {
                        return Err("Finalized state assumption rejected: commitment is below StrongFinality");
                    }
                    if finality_state == "WeakFinality" {
                        return Err(
                            "Divergence warning: WeakFinality state used as canonical root",
                        );
                    }
                    if confirmation_depth.unwrap_or(0) == 0 {
                        return Err("Missing explicit confirmation depth validation for closure");
                    }
                }
                _ => {}
            }
        }

        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::digest::DigestAlgorithm;

    #[test]
    fn test_valid_consistency() {
        let genesis = TypedDigest::new(DigestAlgorithm::Sha3_256, [1; 32]);
        let mut trace = AuditTrace::new(genesis);

        trace.append_event(TraceEvent::QuorumFormed {
            epoch: 1,
            quorum_hash: TypedDigest::new(DigestAlgorithm::Sha3_256, [2; 32]),
        });

        trace.append_event(TraceEvent::SnapshotSealed {
            snapshot_id: [3; 32],
            snapshot_hash: TypedDigest::new(DigestAlgorithm::Sha3_256, [4; 32]),
            anchor_height: Some(100),
            confirmation_depth: Some(6),
            finality_state: alloc::string::String::from("IrreversibleFinality"),
        });

        assert_eq!(
            ConsistencyChecker::validate_system_consistency(&trace, &trace.latest_root),
            Ok(())
        );
    }

    #[test]
    fn test_divergence_drift() {
        let genesis = TypedDigest::new(DigestAlgorithm::Sha3_256, [1; 32]);
        let trace = AuditTrace::new(genesis);

        let wrong_root = TypedDigest::new(DigestAlgorithm::Sha3_256, [99; 32]);

        assert_eq!(
            ConsistencyChecker::validate_system_consistency(&trace, &wrong_root),
            Err("Divergence drift detected: trace latest root does not match the expected state root")
        );
    }

    #[test]
    fn test_non_monotonic_epoch() {
        let genesis = TypedDigest::new(DigestAlgorithm::Sha3_256, [1; 32]);
        let mut trace = AuditTrace::new(genesis);

        trace.append_event(TraceEvent::QuorumFormed {
            epoch: 5,
            quorum_hash: TypedDigest::new(DigestAlgorithm::Sha3_256, [2; 32]),
        });

        trace.append_event(TraceEvent::QuorumFormed {
            epoch: 4, // Invalid!
            quorum_hash: TypedDigest::new(DigestAlgorithm::Sha3_256, [3; 32]),
        });

        assert_eq!(
            ConsistencyChecker::validate_system_consistency(&trace, &trace.latest_root),
            Err("Invalid epoch transition: non-monotonic or duplicate epoch detected")
        );
    }

    #[test]
    fn test_broken_quorum_lineage() {
        let genesis = TypedDigest::new(DigestAlgorithm::Sha3_256, [1; 32]);
        let mut trace = AuditTrace::new(genesis);

        // Snapshot sealed without a quorum formed first!
        trace.append_event(TraceEvent::SnapshotSealed {
            snapshot_id: [3; 32],
            snapshot_hash: TypedDigest::new(DigestAlgorithm::Sha3_256, [4; 32]),
            anchor_height: Some(100),
            confirmation_depth: Some(6),
            finality_state: alloc::string::String::from("IrreversibleFinality"),
        });

        assert_eq!(
            ConsistencyChecker::validate_system_consistency(&trace, &trace.latest_root),
            Err("Broken quorum lineage: SnapshotSealed without a preceding QuorumFormed")
        );
    }
}