Module proof 

Inclusion and consistency proof verification (RFC 6962 / RFC 9162).

This is the heart of Slice 1 (#327): a real verifier that recomputes Merkle roots from proofs and compares them against the supplied root. The proof MATH is implemented directly here (a verifier that delegates verification is not a verifier, per #316/#299) using the standard, well-tested decomposition from RFC 9162 §2.1.3.2 (inclusion) and §2.1.4.2 (consistency). All node hashing goes through the fixed RFC 6962 scheme in crate::merkle.

• verify_inclusion proves a leaf is committed at a given index in a tree of a given size whose head is root.
• verify_consistency proves a tree of size2 (root root2) is an append-only extension of a tree of size1 (root root1) — the anti-equivocation / tamper-evidence property.

The lower-level root_from_inclusion_proof and root_from_consistency_proof return the recomputed root(s) for callers that want to compare against a signed checkpoint themselves.

Functions

root_from_consistency_proof

Recompute the newer root (root2) implied by a consistency proof, after verifying the proof is internally consistent with root1.

root_from_inclusion_proof

Recompute the Merkle root implied by an inclusion proof.

verify_consistency

Verify an RFC 6962 / RFC 9162 consistency proof.

verify_inclusion

Verify an RFC 6962 / RFC 9162 inclusion proof.