support split bagging in qmdb-current

Author: roberto-bayardo

storage/conformance.toml

@@ -168,35 +168,35 @@ hash = "320162dfeef0511822a1c7f4f17535b939beb2dd73e61d639b6300eed2068973"
 
 ["commonware_storage::qmdb::conformance::CurrentMmbOrderedFixedConf"]
 n_cases = 200
-hash = "f265ca1f2f7f571230ef4e576b949d3699b619f108cb0a4e2e28c352f7b32aee"
+hash = "c13c9100d657cd01fdf4cff19985bba9e65b7c057391785c5d401a13c976b0af"
 
 ["commonware_storage::qmdb::conformance::CurrentMmbOrderedVariableConf"]
 n_cases = 200
-hash = "74d3a4b1721216ed1bdfc564f5ae07759476b0ceae7dbd1e953c35538a1b0755"
+hash = "8fed62bd40fa5ef36f6aebff5152e37d1089e4a66f8dfb9eec8cb00132487efb"
 
 ["commonware_storage::qmdb::conformance::CurrentMmbUnorderedFixedConf"]
 n_cases = 200
-hash = "92b2d71ff19a0f24f337a934d43ee06e3f81a155cd4adc97c58b27cef5cde435"
+hash = "81fb100d508803580ae22a96b76955b6480f3526254703c9d75ebb56f0f053f1"
 
 ["commonware_storage::qmdb::conformance::CurrentMmbUnorderedVariableConf"]
 n_cases = 200
-hash = "bad7ded44c7cedc95d202dc3334e3de88877d3aeb63b5808b18bd12c2f59c0d9"
+hash = "c46b60791c970b54e936d47a8e2eaae45e9e34c9fb0e1278e678f378392a02f1"
 
 ["commonware_storage::qmdb::conformance::CurrentMmrOrderedFixedConf"]
 n_cases = 200
-hash = "95dc738adeb88d6546c62828e448213fe723d600f57bb4660ecf982ee76e29ef"
+hash = "c343e3779b03cb33bba2b8e8fc3e7f4e333bd6dda919bc52bdc6c8385e0fa6dc"
 
 ["commonware_storage::qmdb::conformance::CurrentMmrOrderedVariableConf"]
 n_cases = 200
-hash = "a52a284b8aec813f99234a0545d7c8e651b6f6c93d1912394be3e46075a2681d"
+hash = "6cb0dd9ab52acd83bab9d20f69aa0ef18c6e61020ce8ea118601f608f751f6cd"
 
 ["commonware_storage::qmdb::conformance::CurrentMmrUnorderedFixedConf"]
 n_cases = 200
-hash = "537f4c63d903b112fc045ed47f0127da3e2ca70e38c8406e6535a94b2dddc693"
+hash = "dfebe6590b0c02f3441ae6f76d5ee11d148839a847884df2f18032c46f1b9fc9"
 
 ["commonware_storage::qmdb::conformance::CurrentMmrUnorderedVariableConf"]
 n_cases = 200
-hash = "93926373351527268aead35fc1884ff27ae2a154df38309dbed50c2c388d4870"
+hash = "092416c17d1a0bb69234756ff8cf83e2b4ca8fec2a97c5ca2ecdf20b53b913ef"
 
 ["commonware_storage::qmdb::conformance::ImmutableMmbCompactFixedConf"]
 n_cases = 200

storage/fuzz/fuzz_targets/current_ordered_operations.rs

@@ -54,6 +54,8 @@ enum CurrentOperation {
         bad_digests: Vec<[u8; 32]>,
         max_ops: NonZeroU64,
         bad_chunks: Vec<[u8; 32]>,
+        bad_prefix_peaks: Vec<[u8; 32]>,
+        bad_suffix_peaks: Vec<[u8; 32]>,
     },
     GetSpan {
         key: RawKey,
@@ -270,7 +272,14 @@ fn fuzz_family<F: Graftable + Bagging>(data: &FuzzInput, suffix: &str) {
                     }
                 }
 
-                CurrentOperation::ArbitraryProof {start_loc, bad_digests, max_ops, bad_chunks} => {
+                CurrentOperation::ArbitraryProof {
+                    start_loc,
+                    bad_digests,
+                    max_ops,
+                    bad_chunks,
+                    bad_prefix_peaks,
+                    bad_suffix_peaks,
+                } => {
                     let current_op_count = db.bounds().await.end;
                     if current_op_count == 0 {
                         continue;
@@ -314,6 +323,36 @@ fn fuzz_family<F: Graftable + Bagging>(data: &FuzzInput, suffix: &str) {
                                 &root
                             ), "proof with bad chunks should not verify");
                         }
+
+                        let bad_prefix_peaks =
+                            bad_prefix_peaks.iter().map(|d| Digest::from(*d)).collect();
+                        if range_proof.unfolded_prefix_peaks != bad_prefix_peaks {
+                            let mut bad_proof = range_proof.clone();
+                            bad_proof.unfolded_prefix_peaks = bad_prefix_peaks;
+                            assert!(!Db::<F>::verify_range_proof(
+                                &mut hasher,
+                                &bad_proof,
+                                start_loc,
+                                &ops,
+                                &chunks,
+                                &root
+                            ), "proof with bad prefix peaks should not verify");
+                        }
+
+                        let bad_suffix_peaks =
+                            bad_suffix_peaks.iter().map(|d| Digest::from(*d)).collect();
+                        if range_proof.unfolded_suffix_peaks != bad_suffix_peaks {
+                            let mut bad_proof = range_proof.clone();
+                            bad_proof.unfolded_suffix_peaks = bad_suffix_peaks;
+                            assert!(!Db::<F>::verify_range_proof(
+                                &mut hasher,
+                                &bad_proof,
+                                start_loc,
+                                &ops,
+                                &chunks,
+                                &root
+                            ), "proof with bad suffix peaks should not verify");
+                        }
                     }
                 }
 

storage/fuzz/fuzz_targets/current_unordered_operations.rs

@@ -54,6 +54,8 @@ enum CurrentOperation {
         bad_digests: Vec<[u8; 32]>,
         max_ops: NonZeroU64,
         bad_chunks: Vec<[u8; 32]>,
+        bad_prefix_peaks: Vec<[u8; 32]>,
+        bad_suffix_peaks: Vec<[u8; 32]>,
     },
 }
 
@@ -245,7 +247,14 @@ fn fuzz_family<F: Graftable + Bagging>(data: &FuzzInput, suffix: &str) {
                     }
                 }
 
-                CurrentOperation::ArbitraryProof {start_loc, bad_digests, max_ops, bad_chunks} => {
+                CurrentOperation::ArbitraryProof {
+                    start_loc,
+                    bad_digests,
+                    max_ops,
+                    bad_chunks,
+                    bad_prefix_peaks,
+                    bad_suffix_peaks,
+                } => {
                     let current_op_count = db.bounds().await.end;
                     if current_op_count == 0 {
                         continue;
@@ -286,6 +295,36 @@ fn fuzz_family<F: Graftable + Bagging>(data: &FuzzInput, suffix: &str) {
                                 &root
                             ), "proof with bad chunks should not verify");
                         }
+
+                        let bad_prefix_peaks =
+                            bad_prefix_peaks.iter().map(|d| Digest::from(*d)).collect();
+                        if range_proof.unfolded_prefix_peaks != bad_prefix_peaks {
+                            let mut bad_proof = range_proof.clone();
+                            bad_proof.unfolded_prefix_peaks = bad_prefix_peaks;
+                            assert!(!Db::<F>::verify_range_proof(
+                                &mut hasher,
+                                &bad_proof,
+                                start_loc,
+                                &ops,
+                                &chunks,
+                                &root
+                            ), "proof with bad prefix peaks should not verify");
+                        }
+
+                        let bad_suffix_peaks =
+                            bad_suffix_peaks.iter().map(|d| Digest::from(*d)).collect();
+                        if range_proof.unfolded_suffix_peaks != bad_suffix_peaks {
+                            let mut bad_proof = range_proof.clone();
+                            bad_proof.unfolded_suffix_peaks = bad_suffix_peaks;
+                            assert!(!Db::<F>::verify_range_proof(
+                                &mut hasher,
+                                &bad_proof,
+                                start_loc,
+                                &ops,
+                                &chunks,
+                                &root
+                            ), "proof with bad suffix peaks should not verify");
+                        }
                     }
                 }
 

storage/src/merkle/mod.rs

@@ -33,6 +33,8 @@ pub use position::Position;
 #[cfg(test)]
 pub(crate) use proof::build_range_proof;
 pub use proof::Proof;
+#[cfg(feature = "std")]
+pub(crate) use proof::{build_range_collection_proof, range_collection_nodes};
 pub use read::Readable;
 use thiserror::Error;
 

storage/src/merkle/proof.rs

@@ -592,6 +592,74 @@ impl<F: Family, D: Digest> Proof<F, D> {
             )
             .ok_or(ReconstructionError::InvalidProof)
     }
+
+    /// Authenticate the proven range without reconstructing the full generic Merkle root.
+    ///
+    /// This consumes only the sibling digests needed to rebuild the proven range peaks, then returns
+    /// those peak digests in `collected`. It deliberately does not consume peak-bagging witnesses
+    /// such as prefix peaks, after peaks, or backward-fold suffix accumulators.
+    ///
+    /// Current QMDB grafted proofs use this path because their final root is rebuilt by the wrapper
+    /// from the collected range peaks plus grafted prefix/suffix witnesses. Including generic
+    /// peak-bagging witnesses here would create proof bytes that the wrapper root ignores, making
+    /// those bytes malleable.
+    #[cfg(feature = "std")]
+    pub(crate) fn reconstruct_range_collecting<H, E>(
+        &self,
+        hasher: &H,
+        elements: &[E],
+        start_loc: Location<F>,
+        collected: &mut Vec<(Position<F>, D)>,
+    ) -> Result<(), ReconstructionError>
+    where
+        H: Hasher<F, Digest = D>,
+        E: AsRef<[u8]>,
+    {
+        if elements.is_empty() {
+            return Err(ReconstructionError::MissingElements);
+        }
+        if !start_loc.is_valid_index() {
+            return Err(ReconstructionError::InvalidStartLoc);
+        }
+        let end_loc = start_loc
+            .checked_add(elements.len() as u64)
+            .ok_or(ReconstructionError::InvalidEndLoc)?;
+        if end_loc > self.leaves {
+            return Err(ReconstructionError::InvalidEndLoc);
+        }
+
+        let range = start_loc..end_loc;
+        // Bagging only governs the prefix/suffix accumulator layout, which this method
+        // deliberately ignores; `range_peaks` and `fetch_nodes` are bagging-independent. Pass
+        // ForwardFold as a placeholder.
+        let bp = Blueprint::new(
+            self.leaves,
+            self.inactive_peaks,
+            Bagging::ForwardFold,
+            range,
+        )
+        .map_err(|_| ReconstructionError::InvalidSize)?;
+
+        let mut sibling_cursor = 0usize;
+        let mut elements_iter = elements.iter();
+        for peak in &bp.range_peaks {
+            let peak_digest = peak.reconstruct_digest(
+                hasher,
+                &bp.range,
+                &mut elements_iter,
+                &self.digests,
+                &mut sibling_cursor,
+                None,
+            )?;
+            collected.push((peak.pos, peak_digest));
+        }
+
+        if elements_iter.next().is_some() || sibling_cursor != self.digests.len() {
+            return Err(ReconstructionError::ExtraDigests);
+        }
+
+        Ok(())
+    }
 }
 
 /// A perfect binary subtree within a peak, identified by its root position, height,
@@ -1066,6 +1134,56 @@ where
     )
 }
 
+/// Return the node positions needed by [`build_range_collection_proof`].
+///
+/// Bagging only governs prefix/suffix accumulator layout, which this helper does not consult; the
+/// `range_peaks` siblings it collects are bagging-independent. ForwardFold is passed as a
+/// placeholder.
+#[cfg(feature = "std")]
+pub(crate) fn range_collection_nodes<F: Family>(
+    leaves: Location<F>,
+    inactive_peaks: usize,
+    range: Range<Location<F>>,
+) -> Result<Vec<Position<F>>, super::Error<F>> {
+    let bp = Blueprint::new(leaves, inactive_peaks, Bagging::ForwardFold, range)?;
+    let mut fetch_nodes = Vec::new();
+    for peak in &bp.range_peaks {
+        peak.collect_siblings(&bp.range, &mut fetch_nodes);
+    }
+    Ok(fetch_nodes)
+}
+
+/// Build a proof containing only the sibling digests needed to authenticate the requested range.
+///
+/// The resulting proof cannot reconstruct a complete generic Merkle root on its own. It is intended
+/// for wrappers that rebuild a custom root from separately supplied peak witnesses, such as current
+/// QMDB grafted proofs.
+#[cfg(feature = "std")]
+pub(crate) fn build_range_collection_proof<F, D, E>(
+    leaves: Location<F>,
+    inactive_peaks: usize,
+    range: Range<Location<F>>,
+    get_node: impl Fn(Position<F>) -> Option<D>,
+    element_pruned: impl Fn(Position<F>) -> E,
+) -> Result<Proof<F, D>, E>
+where
+    F: Family,
+    D: Digest,
+    E: From<super::Error<F>>,
+{
+    let fetch_nodes = range_collection_nodes(leaves, inactive_peaks, range)?;
+    let mut digests = Vec::with_capacity(fetch_nodes.len());
+    for pos in fetch_nodes {
+        digests.push(get_node(pos).ok_or_else(|| element_pruned(pos))?);
+    }
+
+    Ok(Proof {
+        leaves,
+        inactive_peaks,
+        digests,
+    })
+}
+
 /// Returns the positions of the minimal set of nodes whose digests are required to prove the
 /// inclusion of the elements at the specified `locations`, using the provided root bagging.
 #[cfg(any(feature = "std", test))]