Struct ProofCache 

pub struct ProofCache { /* private fields */ }

Secure proof cache with TTL, single-use nonces, and bounded size.

Implements SEC-002 security requirements:

• 100ms TTL for cache entries
• Single-use nonce consumption
• Maximum 64 entries
• Entries scoped to (mutation_hash, nonce) pairs

Implementations

impl ProofCache

pub const fn new() -> Self

Creates a new empty proof cache.

pub const fn len(&self) -> usize

Returns the number of active entries in the cache.

pub const fn is_empty(&self) -> bool

Returns true if the cache is empty.

pub const fn is_full(&self) -> bool

Returns true if the cache is full (64 entries).

pub fn insert( &mut self, mutation_hash: [u8; 32], nonce: u64, proof_id: u32, current_time_ns: u64, ) -> Result<(), CacheError>

Inserts a new proof into the cache.

Arguments

• mutation_hash - Hash of the mutation being authorized
• nonce - Single-use nonce for this proof
• proof_id - Unique identifier for this proof
• current_time_ns - Current time in nanoseconds

Errors

• CacheError::DuplicateEntry if an entry with the same (mutation_hash, nonce) exists
• CacheError::CacheFull if the cache is at capacity and no expired entries can be evicted

pub fn verify_and_consume( &mut self, mutation_hash: &[u8; 32], nonce: u64, current_time_ns: u64, ) -> Result<u32, CacheError>

Verifies and consumes a proof from the cache.

This is the primary security-critical function. It:

1. Finds the entry matching (mutation_hash, nonce)
2. Checks that TTL has not expired
3. Marks the entry as consumed (single-use)
4. Removes the entry from the cache
5. Returns the proof_id

Arguments

• mutation_hash - Hash of the mutation being verified
• nonce - Nonce that was used when the proof was created
• current_time_ns - Current time in nanoseconds

Returns

The proof_id if verification succeeds.

Errors

• CacheError::NotFound if no matching entry exists
• CacheError::Expired if the entry’s TTL has passed
• CacheError::NonceConsumed if the nonce was already used

pub fn exists( &self, mutation_hash: &[u8; 32], nonce: u64, current_time_ns: u64, ) -> bool

Checks if a proof exists in the cache without consuming it.

This is useful for pre-validation before attempting a mutation. Note: This does NOT consume the nonce.

pub fn evict_expired(&mut self, current_time_ns: u64)

Removes all expired entries from the cache.

This can be called periodically to clean up the cache.

pub fn clear(&mut self)

Clears all entries from the cache.

pub fn stats(&self, current_time_ns: u64) -> ProofCacheStats

Returns statistics about the cache.

Trait Implementations

impl Debug for ProofCache

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for ProofCache

fn default() -> Self

Returns the “default value” for a type.