mithril-go

Sulkta-Coop/mithril-go

Fork 0

Commit graph

Author	SHA1	Message	Date
Kayos	599085eaa9	wrap: chain verify + manifest verify + LICENSE + final docs - internal/chain: end-to-end chain verification. Walks head → genesis, verifies every cert (Ed25519 or STM as appropriate), and checks continuity at every boundary: epoch: same or +1 from previous hash: current.previous_hash == previous.hash AVK: same epoch → equal aggregate_verification_key new epoch → matches previous.protocol_message.next_aggregate_verification_key - cmd: 'verify chain' subcommand + 'verify manifest <dir>' for SHA-checking downloaded immutable files - internal/manifest: per-file SHA-256 verification against the digests.json shipped in the snapshot's digests archive - MCP: 8th tool 'mithril_verify_chain' for agent-driven full-chain verify - README: complete rewrite — status table, architecture, gotchas, MCP tool surface, exit code contract, build instructions - LICENSE: Apache-2.0 (matches upstream Mithril) Verified end to end against live networks: preprod chain 90 certs (89 STM + 1 genesis) 1124 wins ✓ mainnet chain 89 certs (88 STM + 1 genesis) 210921 wins ✓ That's the wrap. Pure-Go consensus-correct Mithril client, single 10 MB static binary, MCP-native, no CGo, no upstream Rust runtime.	2026-04-23 16:15:47 -07:00
Kayos	32f0057700	STM BLS verification WORKING against live preprod (milestones A, B, partial C) Key findings from upstream: - Mithril's BLS msg is NOT signed_message alone — it's msgp = signed_message_ascii_bytes \|\| mt_commitment_root_32_bytes - Mithril uses EMPTY DST for hash-to-G1 (not the IETF BLS suite string) - Aggregation is NOT plain summation — it's MuSig-style weighted: t_i = Blake2b-128(Blake2b-128(sigs_concat) \|\| be_u64(i)) aggr_sig = Σ t_i · sig_i (in G1) aggr_vk = Σ t_i · vk_i (in G2) This blocks rogue-key attacks. Shipped: - internal/stm/types.go: MultiSig + AVK decoders (hex-of-ASCII-JSON wrapping, polymorphic tuple JSON handling via ByteArray + custom UnmarshalJSON) - internal/stm/bls.go: BlsVerify (pairing check with gnark-crypto) - internal/stm/aggregate.go: MuSig-style AggregateBLS + BlsAggregateVerify - synthetic test + live test (build tag 'live') both green Live preprod head cert (epoch 284, cert 175051cf…): - 2 signers, 11 total lottery wins - aggregate verify: PASS ✓ - single-signer verify: PASS ✓ Next: lottery threshold check, Merkle batch-proof verification, glue into top-level Verify(msg, multi_sig, avk, params) + wire to 'verify' subcommand.	2026-04-23 15:53:00 -07:00
Kayos	e557d85d5a	download + extract pipeline - artifact.Download: resumable HTTP with optional SHA256 check + progress cb - artifact.ExtractZstdTar: streamed zstd+tar with tar-slip defense - aggregator client matches real API shape (digests/immutables/ancillary blocks with URIHolder polymorphism for templated immutable URIs) - cmd: show + download subcommands wired up - end-to-end verified against preprod: digests archive pulls cleanly, yields 16836-entry SHA manifest ready for verification sprint deps: github.com/klauspost/compress (pure-go zstd)	2026-04-23 15:16:48 -07:00

Author

SHA1

Message

Date

Kayos

599085eaa9

wrap: chain verify + manifest verify + LICENSE + final docs

- internal/chain: end-to-end chain verification. Walks head → genesis,
  verifies every cert (Ed25519 or STM as appropriate), and checks
  continuity at every boundary:
    epoch:    same or +1 from previous
    hash:     current.previous_hash == previous.hash
    AVK:      same epoch  → equal aggregate_verification_key
              new epoch   → matches previous.protocol_message.next_aggregate_verification_key
- cmd: 'verify chain' subcommand + 'verify manifest <dir>' for SHA-checking
  downloaded immutable files
- internal/manifest: per-file SHA-256 verification against the digests.json
  shipped in the snapshot's digests archive
- MCP: 8th tool 'mithril_verify_chain' for agent-driven full-chain verify
- README: complete rewrite — status table, architecture, gotchas, MCP
  tool surface, exit code contract, build instructions
- LICENSE: Apache-2.0 (matches upstream Mithril)

Verified end to end against live networks:
  preprod  chain  90 certs (89 STM + 1 genesis)  1124 wins   ✓
  mainnet  chain  89 certs (88 STM + 1 genesis)  210921 wins ✓

That's the wrap. Pure-Go consensus-correct Mithril client, single 10 MB
static binary, MCP-native, no CGo, no upstream Rust runtime.

2026-04-23 16:15:47 -07:00

Kayos

32f0057700

STM BLS verification WORKING against live preprod (milestones A, B, partial C)

Key findings from upstream:
- Mithril's BLS msg is NOT signed_message alone — it's
  msgp = signed_message_ascii_bytes || mt_commitment_root_32_bytes
- Mithril uses EMPTY DST for hash-to-G1 (not the IETF BLS suite string)
- Aggregation is NOT plain summation — it's MuSig-style weighted:
  t_i = Blake2b-128(Blake2b-128(sigs_concat) || be_u64(i))
  aggr_sig = Σ t_i · sig_i      (in G1)
  aggr_vk  = Σ t_i · vk_i       (in G2)
  This blocks rogue-key attacks.

Shipped:
- internal/stm/types.go: MultiSig + AVK decoders (hex-of-ASCII-JSON wrapping,
  polymorphic tuple JSON handling via ByteArray + custom UnmarshalJSON)
- internal/stm/bls.go: BlsVerify (pairing check with gnark-crypto)
- internal/stm/aggregate.go: MuSig-style AggregateBLS + BlsAggregateVerify
- synthetic test + live test (build tag 'live') both green

Live preprod head cert (epoch 284, cert 175051cf…):
- 2 signers, 11 total lottery wins
- aggregate verify: PASS ✓
- single-signer verify: PASS ✓

Next: lottery threshold check, Merkle batch-proof verification, glue into
top-level Verify(msg, multi_sig, avk, params) + wire to 'verify' subcommand.

2026-04-23 15:53:00 -07:00

Kayos

e557d85d5a

download + extract pipeline

- artifact.Download: resumable HTTP with optional SHA256 check + progress cb
- artifact.ExtractZstdTar: streamed zstd+tar with tar-slip defense
- aggregator client matches real API shape (digests/immutables/ancillary blocks
  with URIHolder polymorphism for templated immutable URIs)
- cmd: show + download subcommands wired up
- end-to-end verified against preprod: digests archive pulls cleanly, yields
  16836-entry SHA manifest ready for verification sprint

deps: github.com/klauspost/compress (pure-go zstd)

2026-04-23 15:16:48 -07:00

3 commits