Struct Commitment 

pub struct Commitment {
    pub version: u8,
    pub protocol_id: [u8; 32],
    pub mpc_root: Hash,
    pub contract_id: Hash,
    pub previous_commitment: Hash,
    pub transition_payload_hash: Hash,
    pub seal_id: Hash,
    pub domain_separator: [u8; 32],
}

A V2 commitment binding state to an anchor.

A commitment is the core data structure in CSV. It captures everything needed to verify a state transition:

• Which protocol it belongs to (protocol_id)
• What state it represents (mpc_root, contract_id)
• Where it came from (previous_commitment)
• What changed (transition_payload_hash)
• What seal was consumed (seal_id)
• Which chain context it’s valid in (domain_separator)

Commitment Chain

Commitments form a linked chain: each commitment references the hash of the previous one via previous_commitment. Clients validate the entire chain from genesis to the current state without querying the blockchain for each step.

Collision Resistance

Each field is hashed with a unique domain tag (e.g., "commitment-version", "commitment-protocol-id") using csv_tagged_hash. This prevents cross-field and cross-protocol collision attacks where an attacker could rearrange field bytes to forge a valid-looking commitment.

Fields

version: u8

Format version. Currently always COMMITMENT_VERSION.

protocol_id: [u8; 32]

Protocol identifier this commitment belongs to.

This is a 32-byte namespace that isolates commitments from different protocols sharing the same anchoring layer. For example:

• Bitcoin adapter: b"CSV-BTC-\x00\x00..." (magic bytes padded)
• Ethereum adapter: b"CSV-ETH-\x00\x00..."

mpc_root: Hash

Merkle root of the MPC tree for multi-protocol witnessing.

When multiple protocols share a single witness (e.g., a threshold signature spanning Bitcoin and Ethereum), this root commits to all participating protocols’ individual roots.

For single-protocol use (the common case), this is set to a deterministic empty root: SHA256("csv-empty-mpc-root").

contract_id: Hash

Unique contract/right identifier.

For NFTs, this is the token ID. For credentials, this is the credential hash. For assets, this is the asset identifier.

Must be unique within the protocol namespace.

previous_commitment: Hash

Hash of the previous commitment in the chain.

For the first commitment (genesis), this is typically Hash::zero(). For subsequent commitments, this is previous_commitment.hash().

This forms the commitment chain that clients validate independently.

transition_payload_hash: Hash

SHA-256 hash of the state transition payload.

This commits to the actual data being transitioned (e.g., new owner, metadata update, transfer details). Clients must verify this hash matches the payload they expect.

seal_id: Hash

SHA-256 hash of the consumed seal reference.

This binds the commitment to the specific seal that was consumed to authorize this transition. The seal reference includes the chain-specific identifier (UTXO txid, object ID, etc.) and the seal’s nonce/value.

domain_separator: [u8; 32]

Domain separator for chain-specific commitment isolation.

Prevents cross-chain replay attacks by ensuring a commitment created on one chain cannot be used on another. Typically constructed as H(chain_id || network || protocol_version).

Implementations

impl Commitment

pub fn new( protocol_id: [u8; 32], mpc_tree: &MpcTree, contract_id: Hash, previous_commitment: Hash, transition_payload_hash: Hash, seal_ref: &SealRef, domain_separator: [u8; 32], ) -> Self

Create a commitment

This creates a V2 (MPC-aware) commitment. All adapters should use this constructor. The protocol_id should uniquely identify the protocol (e.g., “CSV-BTC-” for Bitcoin, “CSV-ETH-” for Ethereum).

pub fn simple( contract_id: Hash, previous_commitment: Hash, transition_payload_hash: Hash, seal_ref: &SealRef, domain_separator: [u8; 32], ) -> Self

Create a commitment without MPC tree (for simple single-protocol use)

This is a convenience constructor that uses a default empty MPC root. For multi-protocol use cases, use Commitment::new instead.

pub fn v1( contract_id: Hash, previous_commitment: Hash, transition_payload_hash: Hash, seal_ref: &SealRef, domain_separator: [u8; 32], ) -> Self

👎Deprecated since 0.2.0:

Use Commitment::simple instead

Backwards-compatible alias for Commitment::simple.

pub fn hash(&self) -> Hash

Compute the commitment hash

pub fn version(&self) -> u8

Get the version

pub fn contract_id(&self) -> Hash

Get the contract ID

pub fn seal_id(&self) -> Hash

Get the seal ID hash

pub fn domain_separator(&self) -> [u8; 32]

Get the domain separator

pub fn to_canonical_bytes(&self) -> Vec<u8>

Serialize commitment using canonical encoding

pub fn from_canonical_bytes(bytes: &[u8]) -> Result<Self, &'static str>

Deserialize commitment from canonical bytes

Only V2 format is supported. Legacy V1 format was removed.

Trait Implementations

impl Clone for Commitment

fn clone(&self) -> Commitment

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Commitment

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Commitment

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl PartialEq for Commitment

fn eq(&self, other: &Commitment) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Commitment

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for Commitment

impl StructuralPartialEq for Commitment