stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
e9aeadc04084353889b1c9dbf4487f5316f4421e
git.stella-ops.org/docs/features/checked/attestor/enhanced-rekor-proof-building-with-inclusion-proofs.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.6 KiB
Raw Blame History

Enhanced Rekor Proof Building with Inclusion Proofs

Module

Attestor

Status

VERIFIED

Description

Full Rekor proof builder with build, validate, and inclusion proof types for transparency log verification.

Implementation Details

  • Enhanced Rekor Proof Builder: src/Attestor/__Libraries/StellaOps.Attestor.ProofChain/Rekor/EnhancedRekorProofBuilder.cs -- main builder class with partials:
    • .Build -- constructs Rekor proofs from transparency log entries
    • .Validate -- validates proof integrity
  • Enhanced Rekor Proof: Rekor/EnhancedRekorProof.cs -- proof model with inclusion proof and verification data.
  • Rekor Inclusion Proof: Rekor/RekorInclusionProof.cs -- Merkle inclusion proof for transparency log entries.
  • Rekor Integration: Pipeline/RekorEntry.cs -- Rekor entry in the proof chain pipeline.
  • Merkle Proof Verifier: StellaOps.Attestor.Core/Verification/MerkleProofVerifier.cs -- verifies Merkle inclusion proofs.
  • Rekor Verification Service: StellaOps.Attestor.Core/Verification/RekorVerificationService.cs, IRekorVerificationService.cs -- orchestrates Rekor verification.
  • Offline Receipt Verifier: StellaOps.Attestor.Core/Verification/RekorOfflineReceiptVerifier.cs -- verifies Rekor receipts offline.
  • Verification Pipeline Step: __Libraries/StellaOps.Attestor.ProofChain/Verification/RekorInclusionVerificationStep.cs -- pipeline step for inclusion proof verification.
  • Tests: __Tests/StellaOps.Attestor.Types.Tests/Rekor/RekorInclusionProofTests.cs, StellaOps.Attestor.Core.Tests/Rekor/RekorReceiptTests.cs, __Tests/StellaOps.Attestor.Conformance.Tests/InclusionProofParityTests.cs

E2E Test Plan

  • Build an enhanced Rekor proof via EnhancedRekorProofBuilder.Build from a transparency log entry and verify the proof contains an inclusion proof
  • Validate the proof via EnhancedRekorProofBuilder.Validate and verify it passes
  • Verify the inclusion proof via MerkleProofVerifier and confirm the computed root matches the checkpoint root
  • Verify a Rekor receipt offline via RekorOfflineReceiptVerifier using embedded inclusion proof
  • Run RekorInclusionVerificationStep in the verification pipeline and verify it passes for valid entries
  • Tamper with the inclusion proof sibling hashes and verify verification fails
  • Run conformance parity tests to verify inclusion proof verification matches reference implementation

Verification

Check Result
Tier 0 - Source Verification PASS
Tier 1 - Build + Code Review PASS
Tier 2 - Behavioral Verification PASS
Verified Date 2026-02-13
Run ID run-001