pub fn signing_preimage(o: &VerifyOutcome) -> StringExpand description
The exact byte string that gets HMAC-signed. Deliberately float-free
— only hex hashes, integer counts, and the verdict — so any language
reproduces it byte-for-byte (no float-formatting parity problems between
Rust and a Python/JS consumer). One key=value per line, fixed order,
trailing newline. The consumer re-derives this from the receipt fields,
recomputes HMAC-SHA256(key, preimage), and compares to signature.
Documented in docs/src/verify.md.
The signed fields are exactly the security-critical bindings: which
problem (nl_sha256), which solution (sol_sha256), the problem
dimensions, and the verdict. The numeric violations in the receipt are
supporting evidence; trust flows from the hashes + verified flag.