vauban-claim 0.1.0

Vauban Claim Algebra — reference implementation of draft-vauban-claim-algebra-00 (post-quantum claim sextuplet + 5 composition operators, canonical CBOR/JSON codec).
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

//! Revelation Mask primitive (CDDL §5.5).

use alloc::collections::BTreeSet;
use alloc::string::String;
use alloc::vec::Vec;
use serde::{Deserialize, Serialize};

use crate::error::CompositionError;

/// Allowed digest algorithms for committed fields (CDDL `hash-alg-tag`).
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")]
pub enum HashAlgTag {
    /// Default — ZK-friendly Poseidon over the Starknet base field.
    #[serde(rename = "poseidon-felt252")]
    PoseidonFelt252,
    /// Stwo native Mersenne-31 Poseidon variant.
    #[serde(rename = "poseidon-mersenne31")]
    PoseidonMersenne31,
    /// SHA-256 — non-privacy commitments only.
    #[serde(rename = "sha-256")]
    Sha256,
}

impl Default for HashAlgTag {
    fn default() -> Self {
        Self::PoseidonFelt252
    }
}

/// One committed field record (CDDL `committed-field`).
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct CommittedField {
    /// JSONPath-like dotted reference to the source field.
    pub path: String,
    /// Per-field salt (32 bytes, never reused).
    #[serde(with = "serde_bytes")]
    pub salt: Vec<u8>,
    /// `Hash(salt || canonical-encode(value))` — 32 bytes per the chosen alg.
    #[serde(with = "serde_bytes")]
    pub digest: Vec<u8>,
}

impl CommittedField {
    /// Validate salt and digest are 32 bytes (CDDL `bstr .size 32`).
    pub fn validate_shape(&self) -> Result<(), CompositionError> {
        if self.salt.len() != 32 {
            return Err(CompositionError::Invariant(
                "committed-field.salt must be 32 bytes",
            ));
        }
        if self.digest.len() != 32 {
            return Err(CompositionError::Invariant(
                "committed-field.digest must be 32 bytes",
            ));
        }
        Ok(())
    }
}

/// Revelation Mask (CDDL §5.5).
///
/// M-1 (`disclosed ∩ committed = ∅`) is enforced at construction and
/// re-checked on every operator that mutates the mask (notably ▷).
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct RevelationMask {
    /// Field paths revealed verbatim to the Verifier.
    pub disclosed: Vec<String>,
    /// Committed fields (Poseidon-felt252 by default).
    pub committed: Vec<CommittedField>,
    /// Optional URI of a human-readable disclosure policy.
    #[serde(rename = "policy-uri", default, skip_serializing_if = "Option::is_none")]
    pub policy_uri: Option<String>,
    /// Hash algorithm used for `committed.digest`. Default Poseidon-felt252.
    #[serde(rename = "hash-alg", default, skip_serializing_if = "Option::is_none")]
    pub hash_alg: Option<HashAlgTag>,
}

impl RevelationMask {
    /// Construct and enforce M-1 + per-field shape.
    pub fn new(
        disclosed: Vec<String>,
        committed: Vec<CommittedField>,
        hash_alg: Option<HashAlgTag>,
    ) -> Result<Self, CompositionError> {
        let m = Self {
            disclosed,
            committed,
            policy_uri: None,
            hash_alg,
        };
        m.validate_shape()?;
        Ok(m)
    }

    /// Validate M-1 disjointness and CommittedField shapes.
    pub fn validate_shape(&self) -> Result<(), CompositionError> {
        for cf in &self.committed {
            cf.validate_shape()?;
        }
        let disclosed: BTreeSet<&String> = self.disclosed.iter().collect();
        for cf in &self.committed {
            if disclosed.contains(&cf.path) {
                return Err(CompositionError::MaskDisjointnessViolation);
            }
        }
        Ok(())
    }

    /// Disclosed field paths (for CDDL validation).
    pub fn disclosed(&self) -> &[String] { &self.disclosed }

    /// Committed field paths (for CDDL validation).
    pub fn committed_paths(&self) -> Vec<&str> {
        self.committed.iter().map(|cf| cf.path.as_str()).collect()
    }

    /// Whether `self` is a (non-strict) refinement of `other` (R-1 monotonicity).
    /// `self.disclosed ⊆ other.disclosed`.
    pub fn refines(&self, other: &Self) -> bool {
        let s: BTreeSet<&String> = self.disclosed.iter().collect();
        let o: BTreeSet<&String> = other.disclosed.iter().collect();
        s.is_subset(&o)
    }
}