feat(release): v0.9.1 Crypto Hardening (spec_version 113)#25
Open
imzzaidd wants to merge 16 commits into
Open
Conversation
…pliance Add domain-separated SHA-256 functions alongside existing Blake2-256 to meet NIST FIPS 180-4 regulatory requirements for DePIN deployments. New functions: sha256_with_domain, sha256_raw, sha256_hash_pair, nist_key_fingerprint. Five NIST domain constants with 7ay:nist: prefix ensure separation between hash families. Includes 12 unit tests.
Reduce nesting depth in reconstruct() by extracting the Lagrange basis polynomial computation into a dedicated helper method. Fixes clippy excessive_nesting warning.
…tor, device Introduce seveny-runtime-api crate with 4 runtime API traits and typed response structs. Implement presence_getState, epoch_current, validator_status, and device_health RPC methods bridging pallet storage to jsonrpsee endpoints. Document equivocation reporting status.
Add #[benchmarks] module to each pallet with representative extrinsic benchmarks. Wire all 16 pallets into runtime define_benchmarks! and enable runtime-benchmarks feature flags. Replaces hand-estimated weights with measurable benchmark infrastructure.
Add 30 integration tests exercising the real Presence, Epoch, and Validator pallets wired together (no mocks). Cover full lifecycle flow, epoch binding, state monotonicity, terminal state immutability, quorum edge cases, and cross-pallet error propagation for INV1,7-11,14,16-17,46.
Mark the "Foundation Complete" milestone with workspace version 0.9.0 and runtime spec_version 112. This version adds SHA-256 NIST dual-hash, DePIN RPC endpoints, FRAME benchmarks, and cross-pallet integration tests.
Implement PSS refresh polynomial generation (pss_generate_refresh) and delta application (pss_apply_refresh) over GF(2^8) Shamir shares, enabling share rotation without changing the underlying secret. Add Schnorr-style ShareKnowledgeProof for proving share knowledge without revealing values. New domain constants: DOMAIN_PSS_REFRESH, DOMAIN_SCHNORR_SHARE. Verifier currently fails-closed pending algebraic commitment upgrade.
Add submit_epoch_vrf extrinsic for validators to contribute VRF evaluations during active epochs. Seeds chain across epochs via PreviousEpochSeed propagation on finalization. Multiple submissions mix cumulatively using domain-separated hashing (DOMAIN_VRF_EPOCH). New storage: EpochSeed, PreviousEpochSeed. New event: EpochVrfSubmitted. New errors: VrfSubmissionNotActive, VrfEpochMismatch. Includes 6 unit tests.
Implement Bulletproofs-style range proofs using BN254 G1 curve with Pedersen commitments (C = v*G + r*H). Includes bit-decomposition range proofs with OR-proof Sigma protocol per bit, Fiat-Shamir non-interactivity, and minimum-value proofs (stake >= MinStake). New module: bulletproofs.rs with pedersen_commit, prove_range, verify_range, prove_minimum, verify_minimum. 10 unit tests.
Add DistanceCircuit (proves distance <= max_km from latency without revealing coordinates) and EpochCircuit (proves valid Scheduled->Active ->Closed->Finalized state transition). Both use MiMC hash and BN254 R1CS constraints via ark-relations.
Fix benchmark scaffolding to use proper newtype wrappers (ActorId, ValidatorId, EpochId) instead of bare H256. Add missing weight functions to octopus pallet (record_device_observation, record_position_confirmation, heartbeat_with_device_proof, set_fusion_weights). Add frame-benchmarking dep to triangulation and device-scanner crates.
StorageCircuit (INV72): proves data hash matches stored commitment bound to epoch and actor. RotationCircuit (INV78): proves new key is validly derived from old key via MiMC derivation chain. ClusterCircuit (INV63): proves subnode membership in octopus cluster via MiMC Merkle inclusion. All circuits follow existing R1CS pattern with MiMC-3/161 hash. 13 new unit tests across the 3 circuits.
Mark the "Crypto Hardening" milestone with workspace version 0.9.1 and runtime spec_version 113. This version adds PSS share refresh, Schnorr share proofs, VRF epoch randomness, Pedersen/range proofs, and 5 new ZK circuits (distance, epoch, storage, rotation, cluster).
- Add missing runtime API trait imports in node/src/rpc.rs (PresenceApi, EpochApi, ValidatorApi, DeviceApi) to fix E0599 compile errors - Fix cargo fmt violation in rotation.rs (join two-line statement) - Suppress RUSTSEC-2026-0037 (quinn-proto DoS) and RUSTSEC-2026-0049 (rustls-webpki CRL matching) in both ci.yml and security.yml - these are transitive deps from polkadot-stable2503 SDK
Benchmark ResultsBenchmark results not available for this run. |
…imports - Rename benchmark fn to set_scan_data and use _() macro pattern - Remove unused pallet::* imports from epoch, lifecycle, triangulation, and device-scanner benchmarking modules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v0.9.1 "Crypto Hardening" — Proactive Secret Sharing, VRF epoch randomness, Pedersen range proofs, and 5 new ZK circuits.
Crypto Primitives
pss_generate_refreshandpss_apply_refreshfor share rotation over GF(2^8) without changing the underlying secretprove_share_knowledge/verify_share_knowledgefor proving share ownership without revealing values (verifier fails-closed pending algebraic commitment upgrade)DOMAIN_PSS_REFRESH,DOMAIN_SCHNORR_SHARE,DOMAIN_VRF_EPOCHVRF Epoch Randomness
submit_epoch_vrf(epoch_id, vrf_output, vrf_proof)— validators submit VRF evaluations during Active epochsEpochSeed<T>(per-epoch),PreviousEpochSeed<T>(propagated on finalization)Pedersen Commitment & Range Proofs
pallets/zk/src/bulletproofs.rs— BN254 G1 Pedersen commitments with bit-decomposition range proofspedersen_commit,prove_range,verify_range,prove_minimum,verify_minimumZK Circuits (5 new)
DistanceCircuitEpochCircuitStorageCircuitRotationCircuitClusterCircuitBenchmark Fixes
Test Results
Test plan
cargo test -p seveny-primitives— 92 passedcargo test -p pallet-epoch— 30 passedcargo test -p pallet-zk— 231 passedcargo clippy --all-targets -- -D warnings— cleancargo fmt --all -- --check— clean