Expand description
Ratify Protocol v1 — hybrid (Ed25519 + ML-DSA-65) crypto primitives.
Uses:
ed25519-dalek— audited Ed25519, pure Rust.pqcrypto-mldsa— PQClean-based ML-DSA-65 (FIPS 204).
Every sign produces BOTH component signatures. Every verify checks BOTH; either failure fails the whole signature.
Functions§
- chain_
hash - 32-byte SHA-256 of the concatenated delegation_sign_bytes of each cert. Used as a stable chain identity inside SessionToken — a cert rotation changes chain_hash, invalidating every token issued against the old chain.
- challenge_
sign_ bytes - Canonical bytes signed to produce ProofBundle.challenge_sig.
- challenge_
sign_ bytes_ with_ session_ context - v1.1 session-bound challenge signable bytes: challenge || big-endian uint64(ts) || session_context.
- challenge_
sign_ bytes_ with_ stream - v1.1 stream-bound challenge signable bytes. Layout:
challenge || big-endian uint64(ts) || [session_context] || stream_id || big-endian int64(stream_seq). - delegation_
sign_ bytes - Canonical bytes signed to produce DelegationCert.signature.
- derive_
id hex(SHA-256(ed25519_pub || ml_dsa_65_pub)[:16]).- generate_
agent - Generate a fresh AgentIdentity.
- generate_
challenge - 32 cryptographically random bytes from OS RNG.
- generate_
human_ root - Generate a fresh HumanRoot (public + private).
- generate_
hybrid_ keypair - Fresh hybrid keypair from OS randomness. Two independent seeds.
- issue_
delegation - issue_
key_ rotation_ statement - issue_
revocation_ list - issue_
revocation_ push - issue_
session_ token - Issue a SessionToken from a previously verified bundle’s result. Callers MUST only invoke this after verify_bundle returned valid=true.
- issue_
witness_ entry - key_
rotation_ sign_ bytes - Canonical bytes signed by both old and new keys in KeyRotationStatement.
- revocation_
push_ sign_ bytes - Canonical bytes signed to produce RevocationPush.signature.
- revocation_
sign_ bytes - Canonical bytes signed to produce RevocationList.signature.
- session_
token_ sign_ bytes - Canonical MAC-input bytes for a SessionToken. The MAC itself is excluded from the signable (a MAC cannot cover itself).
- sign_
both - Produce a hybrid signature. Both components over identical
msg. - sign_
challenge - sign_
challenge_ with_ session_ context - sign_
challenge_ with_ stream - sign_
transaction_ receipt_ party - Produce a party’s hybrid signature over the receipt’s canonical signable.
- transaction_
receipt_ sign_ bytes - Canonical bytes that every party signs to bind a TransactionReceipt. Parties are sorted lex by party_id.
- verify_
both - Verify both components. Returns Ok iff both verify; Err with diagnostic.
- verify_
challenge_ signature - verify_
challenge_ signature_ with_ session_ context - verify_
challenge_ signature_ with_ stream - verify_
delegation_ signature - verify_
delegation_ signature_ e - verify_
key_ rotation_ statement - verify_
revocation_ list - verify_
revocation_ push - verify_
session_ token - verify_
session_ token_ e - Check a SessionToken’s HMAC against session_secret and its validity
window against
now(unix seconds). Returns Ok on success. - verify_
witness_ entry - witness_
entry_ sign_ bytes - Canonical bytes signed to produce WitnessEntry.signature.