Context
PROOF-PROGRAMME §3.2. The attestation chain (src/attestation/{intent,evidence,seal,chain,envelope}.rs) binds Intent → Evidence → Seal, where the Seal carries an Ed25519 signature over (Intent, Evidence).
Goal
A new Idris2 module under src/abi/ (sibling to PatternCompleteness.idr / ClassificationSoundness.idr / Stripping.idr) that models the chain with abstract Hash / Sig operations and derives:
- Integrity — tampering with
Intent or Evidence invalidates the Seal.
- Authenticity — only the holder of the signing key can produce a valid
Seal.
- Non-repudiation — a valid
Seal is publicly verifiable.
Constraints
- Must
Qed-close. The cryptographic assumption (Ed25519 EUF-CMA) is taken as a hypothesis / interface parameter, not a postulate — panic-attack's own ProofDrift detector (PA021) bans postulate/believe_me/Admitted. So this is a conditional theorem: "given EUF-CMA, unforgeability holds."
- Match the assumption to the
ed25519-dalek API the Rust code uses.
Notes
https://claude.ai/code/session_01K2TJLeQSyz4tpydZ18aRcb
Context
PROOF-PROGRAMME §3.2. The attestation chain (
src/attestation/{intent,evidence,seal,chain,envelope}.rs) binds Intent → Evidence → Seal, where theSealcarries an Ed25519 signature over(Intent, Evidence).Goal
A new Idris2 module under
src/abi/(sibling toPatternCompleteness.idr/ClassificationSoundness.idr/Stripping.idr) that models the chain with abstractHash/Sigoperations and derives:IntentorEvidenceinvalidates theSeal.Seal.Sealis publicly verifiable.Constraints
Qed-close. The cryptographic assumption (Ed25519 EUF-CMA) is taken as a hypothesis / interface parameter, not apostulate— panic-attack's own ProofDrift detector (PA021) banspostulate/believe_me/Admitted. So this is a conditional theorem: "given EUF-CMA, unforgeability holds."ed25519-dalekAPI the Rust code uses.Notes
https://claude.ai/code/session_01K2TJLeQSyz4tpydZ18aRcb