vauban-claim

Vauban Claim Algebra — reference implementation of the IETF Internet-Draft draft-vauban-claim-algebra-00.

A vauban-claim::Claim is the irreducible sealed sextuplet

Subject · Predicate · Evidence · TemporalFrame · RevelationMask · Anchor

Six non-negotiable properties — Auditable · Verifiable · Composable · Privacy-preserving · Post-quantum · Sovereignty-preserving — and five composition operators forming a closed algebra:

Operator	Symbol	Semantics
Conjunction	`∧`	Two claims about the same subject combined
Delegation	`→`	Authority transferred to another subject
Aggregation	`⊕`	Multiple issuers attesting independently
Restriction	`▷`	Narrower temporal/scope projection
Revocation	`¬`	Sticky negation that cannot be re-composed

The crate ships:

The six primitive types with full CDDL-derived structural invariants (CDDL §5, I-1 … I-5, T-1 … T-4, M-1, A-1).
The five composition operators with their algebraic + validity rules.
Canonical CBOR encoder/decoder (RFC 8949 §4.2.1 — sorted map keys, no floats, no indefinite-length items) and a JSON codec.
A content-addressed ClaimRef (SHA-256 over canonical CBOR by default; Poseidon-felt252 reserved for ZK-aggregation contexts under the poseidon feature).
A 71-vector deterministic conformance suite (12 adversarial vectors: subject mismatch, scope overflow, issuer-key collision, mask monotonicity violation, revocation replay, CBOR float injection, content-addressing tamper detection, etc.).

Quick start

[dependencies]
vauban-claim = "0.1"

use vauban_claim::{
    ClaimBuilder, Subject, SubjectType, SubjectId,
    Predicate, PredicateType, Evidence, EvidenceScheme,
    TemporalFrame, RevelationMask, Anchor, AnchorEntry, AnchorType,
    codec,
};

let subject = Subject::new(
    SubjectType::Wallet,
    SubjectId::Bytes(vec![0x12; 32]),
    None,
)?;
let predicate = Predicate::new(PredicateType::Equality, "urn:vauban:age-over-18", vec![0x01])?;
let evidence  = Evidence::new(EvidenceScheme::Stark, vec![0x01; 8], None)?;
let temporal  = TemporalFrame::new(1_700_000_000, Some(1_700_000_000), Some(1_700_100_000))?;
let mask      = RevelationMask::new(vec!["age".into()], vec![], None)?;
let anchor    = Anchor::new(vec![AnchorEntry {
    anchor_type: AnchorType::StarknetL3,
    r#ref: vec![0xa1; 32],
    epoch: Some(123),
    nullifier: None,
    meta: None,
}])?;

let claim = ClaimBuilder::new()
    .subject(subject)
    .predicate(predicate)
    .evidence(evidence)
    .temporal_frame(temporal)
    .revelation_mask(mask)
    .anchor(anchor)
    .build()?;

let cbor = codec::to_cbor_canonical(&claim)?;
let back: vauban_claim::Claim = codec::from_cbor(&cbor)?;
assert_eq!(claim, back);

See examples/dump_json.rs for a runnable demo.

Scope (v0.1.0)

The crate is the grammar + algebra layer of the Vauban Proof Stack — it owns claim structure, codec, composition validity, and content addressing. It is not a verifier core:

Cryptographic verification of Evidence payloads (Circle-STARK / Stwo, BBS+, SD-JWT-VC, mdoc, TLS-Notary, TEE attestations) is out of scope and handled by separate prover/verifier crates.
On-chain Anchor resolution (Starknet, Ethereum L2s, IPFS) is delegated to per-chain adapter crates.

Cryptographic posture

Property	Choice	Why
Hash	SHA-256 (default), Poseidon (opt-in)	RFC 6234 + ZK-friendly
Signatures	Out of scope — verified via `Evidence` envelopes	Crate stays codec-pure
Post-quantum	STARKs only (Circle-STARK / Stwo)	Collision-resistant, no trusted setup
SNARKs	Explicitly excluded	Trusted-setup risk, not post-quantum

Features

Feature	Default	Effect
`std`	✅	Enables `std::error::Error` impls and panics. Disable for `no_std`.
`poseidon`	⛔	Adds `starknet-crypto`-backed Poseidon `ClaimRef` computation.
`transcript-v2`	⛔	Adds the dual-transcript dispatcher (T1 Merlin + T2 Poseidon). Implies `poseidon`.

MSRV

Rust 1.75.0. The CI matrix covers Linux + macOS on stable + MSRV.

Status

0.1.0 — pre-publication reference implementation. The wire format (canonical CBOR per RFC 8949 §4.2.1) is stable and pinned by the IETF draft + IACR companion paper. The Rust API is 0.x — breaking changes are still possible before 1.0; see CHANGELOG.md for the deferred items and stability matrix.

Specification & references

IETF Internet-Draft: draft-vauban-claim-algebra-00
IACR ePrint companion paper: specs/iacr-companion/paper.md
Normative CDDL grammar: specs/cddl/claim.cddl
TranscriptT1 adversarial vectors: specs/security/02-adversarial-vectors.md
Composition algebra rationale: governance standards 04

Security

This crate forbids unsafe_code workspace-wide and runs cargo-audit, cargo-deny, and cargo-vet on every push. Release artefacts carry a Sigstore keyless cosign signature. See SECURITY.md (if present) or open a private advisory on GitHub for vulnerability reports.

License

Dual-licensed under either of:

Apache License, Version 2.0 (LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or https://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual-licensed as above, without any additional terms or conditions.

vauban-claim 0.1.0