ldtc.attest¶
Attest: Indicator encoding and signing.
Defines the indicator payload schema, M(dB) quantization, and Ed25519 signing for CBOR-encoded device-signed packets.
See Also
paper/main.tex — Methods: Measurement & Attestation; Exported indicators.
IndicatorConfig
dataclass
¶
Configuration for indicator encoding.
Attributes:
| Name | Type | Description |
|---|---|---|
Mmin_db |
float
|
Threshold for NC1 pass. |
profile_id |
int
|
Profile selector (0=R0, 1=R*). |
build_and_sign(priv, audit, derived, cfg, last_sc1_pass)
¶
Build CBOR indicator payload and Ed25519 signature bundle.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
priv
|
Ed25519PrivateKey
|
Ed25519 private key. |
required |
audit
|
AuditLog
|
Audit log providing last hash head. |
required |
derived
|
Dict[str, float | int | bool]
|
Derived indicators (e.g., nc1, M_db, counter, invalidated). |
required |
cfg
|
IndicatorConfig
|
Indicator configuration with profile id and thresholds. |
required |
last_sc1_pass
|
bool
|
Whether SC1 passed. |
required |
Returns:
| Type | Description |
|---|---|
Tuple[bytes, Dict]
|
Tuple of (cbor_bytes, bundle_dict) where bundle contains hex signature. |
quantize_M(M_db)
¶
Quantize loop-dominance M (dB) to a 6-bit code.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
M_db
|
float
|
Decibel loop-dominance value. |
required |
Returns:
| Type | Description |
|---|---|
int
|
Integer in the range [0, 63] using 0.25 dB steps (0..15.75 dB). |
Attest: Indicator exporter.
Rate-limited writer for device-signed indicator bundles in JSONL and CBOR, with strict enforcement of the no-raw-LREG export policy.
See Also
paper/main.tex — Methods: Measurement & Attestation; Export policy.
IndicatorExporter
¶
Rate-limited export of device-signed indicator packets.
Writes JSONL and CBOR artifacts side-by-side after signing a derived indicator payload. Enforces the no-raw-LREG policy.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
out_dir
|
str
|
Output directory for indicator artifacts. |
required |
rate_hz
|
float
|
Maximum export rate in Hz. |
2.0
|
maybe_export(priv, audit, derived, cfg, last_sc1_pass)
¶
Export a signed indicator bundle if rate limit allows.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
priv
|
Ed25519PrivateKey
|
Ed25519 private key. |
required |
audit
|
AuditLog
|
Audit log instance (provides last hash head). |
required |
derived
|
Dict[str, float | int | bool]
|
Derived indicators from LREG (no raw L fields). |
required |
cfg
|
IndicatorConfig
|
Indicator configuration including profile id. |
required |
last_sc1_pass
|
bool
|
Whether SC1 passed in the last evaluation. |
required |
Returns:
| Type | Description |
|---|---|
bool
|
Tuple |
str
|
prefix for generated artifacts. |
Attest: Key management helpers.
Load or generate Ed25519 keys stored as PEM files for device-signed indicators.
See Also
paper/main.tex — Methods: Measurement & Attestation.
KeyPaths
dataclass
¶
Filesystem locations for key files.
Attributes:
| Name | Type | Description |
|---|---|---|
priv_path |
str
|
Path to the private key PEM file. |
pub_path |
str
|
Path to the public key PEM file. |
ensure_keys(paths)
¶
Load or generate Ed25519 keys at the provided paths.
If no keys exist, generates a new keypair and writes them as PEM. If keys exist but are not Ed25519, regenerates an Ed25519 pair in place.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
paths
|
KeyPaths
|
Private and public key filesystem paths. |
required |
Returns:
| Type | Description |
|---|---|
Tuple[Ed25519PrivateKey, Ed25519PublicKey]
|
Tuple |