Sulkta-Coop/mithril-go
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11 commits 1 branch 2 tags 127 KiB
Commit graph

8 commits

Author SHA1 Message Date
Kayos
599085eaa9 wrap: chain verify + manifest verify + LICENSE + final docs 
- internal/chain: end-to-end chain verification. Walks head → genesis,
  verifies every cert (Ed25519 or STM as appropriate), and checks
  continuity at every boundary:
    epoch:    same or +1 from previous
    hash:     current.previous_hash == previous.hash
    AVK:      same epoch  → equal aggregate_verification_key
              new epoch   → matches previous.protocol_message.next_aggregate_verification_key
- cmd: 'verify chain' subcommand + 'verify manifest <dir>' for SHA-checking
  downloaded immutable files
- internal/manifest: per-file SHA-256 verification against the digests.json
  shipped in the snapshot's digests archive
- MCP: 8th tool 'mithril_verify_chain' for agent-driven full-chain verify
- README: complete rewrite — status table, architecture, gotchas, MCP
  tool surface, exit code contract, build instructions
- LICENSE: Apache-2.0 (matches upstream Mithril)

Verified end to end against live networks:
  preprod  chain  90 certs (89 STM + 1 genesis)  1124 wins   ✓
  mainnet  chain  89 certs (88 STM + 1 genesis)  210921 wins ✓

That's the wrap. Pure-Go consensus-correct Mithril client, single 10 MB
static binary, MCP-native, no CGo, no upstream Rust runtime.
 2026-04-23 16:15:47 -07:00
Kayos
920d7cf177 STM full verification landing — milestones C/D/E complete 
Implemented the remaining STM verification layers:

- internal/stm/lottery.go: EvaluateSigma (Blake2b-512 lottery draw) +
  IsLotteryWon with Taylor-series threshold comparison (ported from
  mithril-stm::eligibility), big.Rat-based to match Rust's num_bigint/
  num_rational path
- internal/stm/merkle.go: Blake2b-256 Merkle batch-proof verification,
  faithful port of mithril-stm's verify_leaves_membership_from_batch_path
  including the 'current is left/right child' branch logic and the
  1-byte zero pad for missing siblings
- internal/stm/verify.go: top-level stm.Verify(msg, ms, avk, params)
  glues all four checks: k-threshold, lottery, Merkle, BLS aggregate
- cmd: 'verify head' now runs full STM verification; JSON output shows
  signers, wins, params, verified flag
- MCP: new 'mithril_verify_certificate' tool dispatches genesis Ed25519
  vs STM by cert kind

Verified against live networks:
  mainnet head cert bc00b551…  epoch=626  59 signers  1972/16948 wins  ✓
  mainnet genesis   25acfcfe…  epoch=539  Ed25519 ✓
  preprod head      dd9c4fcb…  epoch=284   2 signers    11/100 wins   ✓
  preprod genesis   69bc3bdf…  epoch=196  Ed25519 ✓

This is a consensus-correct pure-Go Mithril client. Single binary,
CGo-free, no upstream Rust dependency.

Next: full chain verification (walk head → genesis, check continuity).
 2026-04-23 15:58:44 -07:00
Kayos
32f0057700 STM BLS verification WORKING against live preprod (milestones A, B, partial C) 
Key findings from upstream:
- Mithril's BLS msg is NOT signed_message alone — it's
  msgp = signed_message_ascii_bytes || mt_commitment_root_32_bytes
- Mithril uses EMPTY DST for hash-to-G1 (not the IETF BLS suite string)
- Aggregation is NOT plain summation — it's MuSig-style weighted:
  t_i = Blake2b-128(Blake2b-128(sigs_concat) || be_u64(i))
  aggr_sig = Σ t_i · sig_i      (in G1)
  aggr_vk  = Σ t_i · vk_i       (in G2)
  This blocks rogue-key attacks.

Shipped:
- internal/stm/types.go: MultiSig + AVK decoders (hex-of-ASCII-JSON wrapping,
  polymorphic tuple JSON handling via ByteArray + custom UnmarshalJSON)
- internal/stm/bls.go: BlsVerify (pairing check with gnark-crypto)
- internal/stm/aggregate.go: MuSig-style AggregateBLS + BlsAggregateVerify
- synthetic test + live test (build tag 'live') both green

Live preprod head cert (epoch 284, cert 175051cf…):
- 2 signers, 11 total lottery wins
- aggregate verify: PASS ✓
- single-signer verify: PASS ✓

Next: lottery threshold check, Merkle batch-proof verification, glue into
top-level Verify(msg, multi_sig, avk, params) + wire to 'verify' subcommand.
 2026-04-23 15:53:00 -07:00
Kayos
8e3a46e90f MCP stdio server with 6 tools 
- internal/mcp: minimal JSON-RPC 2.0 over newline-delimited JSON, stdio
  transport. Handles initialize / tools/list / tools/call / ping /
  notifications. No deps — stdlib only.
- cmd: 'mithril-go mcp' subcommand brings up the server. Tools:
    mithril_info
    mithril_list_snapshots
    mithril_show_snapshot
    mithril_get_certificate
    mithril_walk_cert_chain
    mithril_verify_genesis
- verified end-to-end against mainnet via tools/call: verify_genesis walks
  the 89-cert chain and returns verified=true

Any MCP client (Claude Code, Cursor, Zed, etc.) can now point at this
binary and get a discoverable, typed tool surface.
 2026-04-23 15:40:34 -07:00
Kayos
97a9434106 genesis Ed25519 verification — working against live mainnet + preprod 
- verify package: ComputeProtocolMessageHash mirrors Rust's BTreeMap-ordered
  SHA256 over key||value concatenation (enum declaration order, not alpha)
- DecodeGenesisVerifyKey unpacks Mithril's 'hex of ASCII [b0,b1,...,b31]'
  wrapping convention; also accepts plain 64-char hex
- Genesis() verifies the Ed25519 signature over the ASCII BYTES of the
  signed_message HEX string (critical subtlety from upstream)
- networks: real genesis vkeys for mainnet + preprod + preview from
  mithril-infra/configuration/*/genesis.vkey
- cmd: 'verify genesis' walks head→genesis chain, verifies the terminal cert;
  'verify head' and 'verify <hash>' also wired; JSON output supported
- exit codes honored: 3 network, 4 integrity, 5 bad sig

verified:
  mainnet  genesis cert 25acfcfe…  epoch 539  Ed25519 ✓
  preprod  genesis cert 69bc3bdf…  epoch 196  Ed25519 ✓

next: STM BLS12-381 aggregate verification (the big one)
 2026-04-23 15:33:41 -07:00
Kayos
f897e80c95 certificate chain walker + progress bar fix 
- aggregator.CertChain: walks previous_hash from head until genesis_signature
- cmd: 'cert' subcommand, -chain flag for full walk, 'head' shortcut resolves
  latest snapshot's certificate_hash
- ProgressFn now signals both bytes-read and total-from-Content-Length so
  percent is computed against the actual transfer size, not the uncompressed
  target
- verified against preprod: 90-cert chain head→genesis, Ed25519 genesis cert
  shape (64-byte sig over 32-byte signed_message, protocol_message carries
  next_aggregate_verification_key for BLS), STM-signed non-genesis certs

pipeline is now verification-sprint ready
 2026-04-23 15:20:32 -07:00
Kayos
e557d85d5a download + extract pipeline 
- artifact.Download: resumable HTTP with optional SHA256 check + progress cb
- artifact.ExtractZstdTar: streamed zstd+tar with tar-slip defense
- aggregator client matches real API shape (digests/immutables/ancillary blocks
  with URIHolder polymorphism for templated immutable URIs)
- cmd: show + download subcommands wired up
- end-to-end verified against preprod: digests archive pulls cleanly, yields
  16836-entry SHA manifest ready for verification sprint

deps: github.com/klauspost/compress (pure-go zstd)
 2026-04-23 15:16:48 -07:00
Kayos
f87b7fc3c4 initial scaffold 
- module layout: cmd/mithril-go, internal/{aggregator,artifact,verify,networks}
- aggregator REST client, list command working against mainnet
- download/extract/verify stubbed
- no deps yet, pure stdlib
 2026-04-23 15:12:39 -07:00