106 lines
2.3 KiB
Markdown
106 lines
2.3 KiB
Markdown
|
# PER/SIGNATURE/1 -- PER Signature Layout
|
||
|
|
|
||
|
|
Status: Draft
|
||
|
|
Owner: Architecture
|
||
|
|
Version: 0.1.0
|
||
|
|
SoT: No
|
||
|
|
Last Updated: 2025-01-17
|
||
|
|
Tags: [per, signatures, determinism]
|
||
|
|
|
||
|
|
**Document ID:** `PER/SIGNATURE/1`
|
||
|
|
**Layer:** L2 -- Execution receipt signatures (no encoding)
|
||
|
|
|
||
|
|
**Depends on (normative):**
|
||
|
|
|
||
|
|
* `ASL/DAM/1`
|
||
|
|
* `ASL/LOG/1`
|
||
|
|
|
||
|
|
**Informative references:**
|
||
|
|
|
||
|
|
* `ASL/POLICY-HASH/1`
|
||
|
|
* `TGK/1` -- linking signatures via edges
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 0. Conventions
|
||
|
|
|
||
|
|
The key words **MUST**, **MUST NOT**, **REQUIRED**, **SHOULD**, and **MAY** are to be interpreted as in RFC 2119.
|
||
|
|
|
||
|
|
PER/SIGNATURE/1 defines the logical signature payload and validation steps for PER artifacts. It does not define encodings.
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 1. Purpose
|
||
|
|
|
||
|
|
A PER signature certifies that a deterministic execution occurred under a specific snapshot, with specific inputs, producing a specific output.
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 2. Canonical Signing Payload
|
||
|
|
|
||
|
|
```text
|
||
|
|
PERSignaturePayload {
|
||
|
|
domain_id : DomainID
|
||
|
|
snapshot_id : SnapshotID
|
||
|
|
per_artifact_id : ArtifactID
|
||
|
|
input_artifact_ids[] : ArtifactID (sorted)
|
||
|
|
program_id : ProgramID
|
||
|
|
logseq : u64
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 3. Canonicalization Rules (Normative)
|
||
|
|
|
||
|
|
1. Byte order: big-endian
|
||
|
|
2. Arrays: sorted lexicographically by ArtifactID
|
||
|
|
3. No optional fields
|
||
|
|
4. No timestamps or environment data
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 4. Signature Object
|
||
|
|
|
||
|
|
```text
|
||
|
|
PERSignature {
|
||
|
|
payload_hash : Hash
|
||
|
|
public_key : PublicKey
|
||
|
|
signature : Signature
|
||
|
|
algorithm : SigAlgorithm
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 5. Validation Procedure (Normative)
|
||
|
|
|
||
|
|
To validate a PER:
|
||
|
|
|
||
|
|
1. Load snapshot
|
||
|
|
2. Resolve DAM
|
||
|
|
3. Recompute canonical payload
|
||
|
|
4. Verify signature against `public_key`
|
||
|
|
5. Verify `public_key` is in DAM and has `execute` role
|
||
|
|
6. Verify `snapshot_id` and `logseq` match visibility constraints
|
||
|
|
|
||
|
|
If any step fails, the PER MUST be rejected as authoritative.
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 6. Failure Modes
|
||
|
|
|
||
|
|
| Condition | Result |
|
||
|
|
| ------------------ | ------------------------- |
|
||
|
|
| Missing signature | PER is informational only |
|
||
|
|
| Invalid signature | Reject PER |
|
||
|
|
| Key not in DAM | Reject PER |
|
||
|
|
| Snapshot mismatch | Reject PER |
|
||
|
|
| Input mismatch | Reject PER |
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 7. Summary
|
||
|
|
|
||
|
|
PER/SIGNATURE/1 defines a minimal, deterministic signature payload and validation procedure for PER artifacts.
|