auditproof

Documentation

Overview

Package auditproof implements a commit-then-prove reproducible audit.

Model: an audit report is computed from per-node compute-unit data. A SHA-256 commitment is taken over the canonical serialization of the per-node incentives that are DERIVED from that data. A verifier independently recomputes the incentives from the same compute-unit data, recomputes the commitment, and confirms it MATCHES the original commitment (proving the report was not tampered). If the underlying data is altered, the recomputed commitment will not match, so tampering is detected.

The package is pure Go (stdlib crypto/sha256 only), deterministic, and performs no network/host/cgo access. The canonical serialization sorts node identifiers so the commitment is independent of Go map iteration order — a non-canonical (map-order-dependent) serialization would yield a non-deterministic commitment.

Index

• func Commit(incentives map[string]float64) [32]byte
• func CommitReport(data Report) [32]byte
• func ComputeIncentives(data Report) map[string]float64
• func Verify(data Report, commitment [32]byte) bool
• type Report

Functions

func Commit

func Commit(incentives map[string]float64) [32]byte

Commit returns the SHA-256 commitment over the canonical serialization of the incentive map. The same incentive map always yields the same commitment (determinism), regardless of map iteration order.

func CommitReport

func CommitReport(data Report) [32]byte

CommitReport is a convenience that derives incentives from the report and commits to them in one step. The returned commitment is what an honest auditor would publish alongside the report.

func ComputeIncentives

func ComputeIncentives(data Report) map[string]float64

ComputeIncentives derives the per-node incentive map from the report's compute-unit data. The incentive for a node is its compute-unit count scaled by incentiveRatePerUnit. The result is purely a function of the input data; no value is hardcoded per node.

A nil ComputeUnits map yields an empty (non-nil) incentive map.

func Verify

func Verify(data Report, commitment [32]byte) bool

Verify independently recomputes the incentives from data, recomputes the commitment, and reports whether it MATCHES the supplied commitment.

It returns true only when the recomputed commitment equals commitment byte for byte. If the underlying data has been altered relative to what produced commitment, the recomputed commitment differs and Verify returns false (tamper detected). Verify never trusts the supplied commitment as an oracle: the answer is a function of data, not of commitment.

Types

type Report

type Report struct {
	ComputeUnits map[string]float64
}

Report is the audit input: per-node compute-unit measurements.

ComputeUnits maps a node identifier to the number of compute units that node contributed during the audited window. Incentives are derived from these values; nothing about the incentive is stored here.