refactor: remove DBRW/C-DBRW entirely — Rust-owned device-birth binding#505
Open
cryptskii wants to merge 6 commits into
Open
Conversation
…rth binding (Phase 1: core+SDK)
Deletes the phone C-DBRW silicon self-attestation entirely and replaces the
device-binding material folded into per-device key derivation (S_master IKM,
per-step EK, Kyber coins, SDK entropy) with a deterministic, software-canonical
device-birth binding AttA. Genesis no longer gatekeeps on any silicon
measurement or trust level: online safety remains tripwire + parent-consumption
uniqueness, and offline-bearer anti-clone remains the separate secure-element
anchor.
AttA = BLAKE3("DSM/device-birth-att/v1\0" || LP(nonce_commitment) ||
LP(creation_mode) || LP(schema_version) || LP(protocol_version)). It is an
install/device-lineage binding, NOT an anti-clone proof. genesis_hash and the
device public key are excluded from the preimage (they are derived during/after
the MPC the binding feeds) and bind via G/DevID in the IKM instead.
Removed:
- core: crypto/cdbrw_binding.rs, crypto/cdbrw_moments.rs; K_DBRW out of
genesis_session/genesis/ephemeral_key; cdbrw domain-tag module renamed to device_birth
- sdk: six security/cdbrw_* modules, jni/cdbrw.rs, cdbrw_native_exports.rs, the
dbrw.status/cdbrw.* route family, the C-DBRW access gate, the bootstrap trust gate
Added: crypto/device_birth.rs (DeviceBirthInputs / CreationMode /
derive_device_birth_att / from_entropy); proto DeviceBirthRecordV1 + CreationMode;
ingress + genesis callers compute and install AttA.
Tests: deleted obsolete silicon tests, added device-birth equivalents (determinism
PBT, pinned KAT, keypair determinism/divergence/non-leak, restore-context). dsm
1580 pass; dsm_sdk 1423 lib pass; android aarch64 (jni,bluetooth,mock-anchor)
compiles clean.
Deferred to Phase 7: cosmetic dbrw-identifier renames (fetch_dbrw_binding_key,
set_cdbrw_binding_key_for_testing, DbrwBindingKeyProvider, GenesisRecord.dbrw_binding)
plus the CI banned-string guard. Phases 2-7 (Kotlin, frontend, storage-node, specs,
on-device) remain.
Reason: - comment/spec wording only - no theorem bodies changed - Lean files rechecked green - documents the new proof boundary cleanly: core online safety = Tripwire storage nodes = dumb mirrors offline anti-clone = separate Safe7 stateful-root anchor
Phase 1 left two different AttA derivations: the MPC-genesis path (core_sdk/identity_sdk/counterparty) used from_entropy = BLAKE3(att-tag || BLAKE3(nonce-tag || hw||env) || ...), while bootstrap-finalize and restore used device_birth_att_from_record(record.nonce_commitment). The two diverge, so the device re-derived a signing key (from the record AttA that FINALIZE installs) that did NOT match its published genesis AK (derived from the from_entropy AttA during MPC genesis) — every signature would fail verification. Fix: replace from_entropy with from_platform_nonce, which uses the platform- supplied 32-byte nonce commitment VERBATIM (no second hash). When the host sends the same persisted nonce to both SystemGenesisRequest and DeviceBirthRecordV1.device_birth_nonce_commitment (Phase 2), both paths derive an identical AttA. Removes the now-unused TAG_DSM_DEVICE_BIRTH_NONCE tag. dsm_sdk lib: 1425 pass; device-birth KAT + slot-consistency test green.
Rust owns the device-birth binding end-to-end; no binding material
crosses the wire. The SDK draws a 32-byte CSPRNG birth nonce, computes
commitment = BLAKE3("DSM/device-birth-nonce/v1\0" || nonce), folds it
verbatim into AttA at genesis, and persists ONLY the commitment in the
GenesisRecord. finalize/restore re-derive AttA from persisted storage
(keyed by device_id + genesis_hash) and fail closed on identity
mismatch, preserving genesis-AK == re-derived signing key.
Proto: removed SystemGenesisRequest.device_birth_nonce_commitment,
RestoreIdentityContextOp.device_birth, BootstrapMeasurementReport.device_birth,
and the orphaned DeviceBirthRecordV1 message (all reserved by number and
name). The wire now carries only identity handles.
Android: removed AntiCloneGate, SiliconFingerprintNative, AccessLevel,
the silicon NDK build path (siliconfp.cpp + CMakeLists + externalNativeBuild),
the SiliconFp* instrumented tests, and the bootstrap C-DBRW client flow
(keyDbrwSalt threading + captureCdbrwOrbitTimings). Kotlin is transport-only.
Renames: fetch_device_birth_binding_key, set_device_birth_binding_key_for_testing,
DeviceBirthBindingKeyProvider, GenesisRecord.device_birth_binding,
PlatformEntropyInputs -> PlatformDeviceBirthInput. env_fingerprint
(consumed nowhere) dropped, not renamed.
Verified green: dsm 1582/1582, dsm_sdk 1424/1424, android aarch64
cross-compile, TS proto + frontend Jest 25/25, gradle compile
(main+unit+androidTest), and assembleDebug.
The C-DBRW runtime trust protocol (responder/verifier, Cdbrw* proto,
DevCdbrwScreen) is intentionally untouched here and is the next slice.
The C-DBRW runtime trust protocol's Rust modules were deleted in an
earlier phase; this removes the remaining orphans now that the
device-birth binding has fully replaced it.
Proto: delete the Cdbrw*/Dbrw* runtime-trust messages and enums
(DbrwStatusResponse, CdbrwTrustSnapshot, Cdbrw{AccessLevel,ResonantStatus,
OrbitTrial,MeasureTrustRequest,RespondRequest,VerifyRequest,EnrollRequest,
RespondResponse,VerifyResponse,EnrollResponse}); remove the five Envelope
payload fields (90, 103-106) and reserve the numbers + names; rename
InitFailed.Reason CDBRW_NOT_READY -> BINDING_NOT_READY (number kept, old
name reserved).
Rust: remove the two core/bridge.rs payload-case reject arms (the only
non-test consumers of the deleted types), the now-dead clear_binding_key()
(its caller cdbrw.reprove was already gone), and rewrite the comments/log
strings that described the deleted cdbrw.* routes / Cdbrw types / silicon
enrollment as live.
Frontend: replace the SILICON FINGERPRINT ENROLLMENT / DBRW SALT
INITIALIZATION securing-screen labels and the stale DBRW/silicon copy. The
genesis securing lifecycle listener itself is kept and still drives the
now-sub-second securing UX.
Online safety remains the Tripwire; offline-bearer anti-clone remains the
separate Safe7 anchor (untouched); storage-node admission untouched. The
K_DBRW whitepaper KDF-parameter name (the binding-key slot, now holding
device-birth AttA) is deliberately left for a separate slice — it crosses
the Lean/TLA formal-model boundary.
Verified green: dsm 1665, dsm_sdk 1424 + all integration tests, android
aarch64 cross-compile, TS proto regen, frontend Jest 26/26, gradle compile
(main+unit+androidTest), and assembleDebug.
The device-birth binding (AttA) fully replaced the old DBRW/K_DBRW binding; this removes every remaining reference to the dead concept across code, comments, proto, Kotlin, frontend, and the TLA/Lean formal models. Rename: k_dbrw -> device_birth_att and the K_DBRW whitepaper KDF notation -> AttA (the IKM = G || DevID || AttA || s_0 formula and friends). The core KDF (ephemeral_key.rs) already used device_binding/AttA; the residue was SDK-side identifiers, comments, and KAT constants — pure cosmetic. Byte-stability: DeviceState.dbrw_summary_hash is always None in production but is folded into compute_chain_tip() as a presence-flag byte, so deleting it would change every bilateral chain-tip hash. It is therefore RENAMED (-> ext_summary_hash / ext_flag, proto field 7 kept) preserving the exact canonical bytes — the chain-tip KATs prove byte-identity — not deleted. Also: removed the dead TAG_DBRW domain tag (never hashed); fixed the false device_admission doc claim that the binding 'is silicon-bound and cannot be cloned' (it is an install/lineage value, not an anti-clone proof); aligned the CDBRW_NOT_READY -> BINDING_NOT_READY doc strings; and updated the formal-model comments (DSM_Tripwire.tla, DSMOfflineFinality/DSMCertChain.lean) to drop the DBRW token. The only remaining dbrw/cdbrw strings are the proto 'reserved "..."' field-name reservations, which must keep the historical names to reserve them. Verified green: dsm 1665, dsm_sdk 1423 + integration, chain-tip byte-stability KATs, android aarch64 cross-compile, TS proto regen, frontend Jest 26/26, gradle compile (main+unit+androidTest), and assembleDebug.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes DBRW/C-DBRW from the protocol; the device binding is now the deterministic, Rust-owned device-birth attestation (AttA). Stacked on #493 (offline-bearer anchor) — merge that first; this PR's diff is the 6 device-birth commits only.
What
dbrw_summary_hashis renamed (not deleted) toext_summary_hashbecause it's folded intocompute_chain_tip()as a flag byte — chain-tip KATs prove byte-identity. The only remaining cdbrw strings are proto reserved-name reservations.Verified green
dsm 1665, dsm_sdk 1423 + integration, chain-tip byte-stability KATs, android aarch64 cross-compile, TS proto regen, frontend Jest 26/26, gradle compile (main+unit+androidTest), assembleDebug.
Not in scope
Whitepaper §11.1/§12 prose still says K_DBRW/DBRW (code is authoritative — now AttA/device-birth); device-birth Phases 3-6 (frontend setup buttons, storage-node admission, spec reconciliation, on-device A16).