berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/v2/crates/wifi-densepose-ruvector/src/event_log.rs

270 lines
10 KiB
Rust
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

//! ADR-084 Pass 5 — privacy-preserving event log.
//!
//! Stores `(timestamp, sketch, novelty, witness_sha256)` tuples instead
//! of raw float embeddings. Two privacy properties matter:
//!
//! 1. **Non-invertibility.** The 1-bit sketch is lossy — there is no
//! general mathematical inverse from a stored event back to a
//! `[f32]` source embedding. Even an attacker with side-channel
//! information about the embedding model's output distribution
//! cannot reconstruct the underlying CSI.
//!
//! 2. **Content addressing.** Each event carries a SHA-256 of the
//! serialized [`crate::WireSketch`] payload (header + packed bits).
//! Two events with the same `witness` are byte-equal — the cluster-Pi
//! can deduplicate, the gateway can checkpoint without re-storing,
//! and downstream verifiers can prove "this event came from that
//! sketch" without ever holding the original embedding.
//!
//! See ADR-084 §"Privacy-preserving event log" and the post-merge
//! security review on PR #435 (finding L7) for context.
//!
//! # Bounded by design
//!
//! [`PrivacyEventLog`] is a fixed-capacity ring buffer; once full,
//! oldest events are FIFO-evicted. A misbehaving sender cannot exhaust
//! receiver memory by flooding the bank — peak footprint is
//! `capacity × (sketch_bytes + 50)` bytes.
use sha2::{Digest, Sha256};
use std::collections::VecDeque;
use crate::sketch::{Sketch, WireSketch};
/// One entry in the privacy-preserving event log.
///
/// All fields are public so callers can serialize / inspect / forward
/// events through their own pipelines without going through getters.
/// The struct is intentionally self-contained — no references to
/// external state, so an event can be moved across thread / process /
/// host boundaries without dangling.
#[derive(Debug, Clone, PartialEq)]
pub struct NoveltyEvent {
/// Microseconds since UNIX epoch when the underlying frame was
/// observed. Caller-supplied; the event log doesn't fetch the
/// clock so test fixtures are deterministic.
pub timestamp_us: u64,
/// 1-bit packed sketch bytes (`(embedding_dim + 7) / 8` bytes long).
pub sketch_bytes: Vec<u8>,
/// Embedding-model schema version so `(version, witness)` is a
/// fully qualified content address.
pub sketch_version: u16,
/// Source-embedding dimension, fixing the bit count of `sketch_bytes`.
pub embedding_dim: u16,
/// Novelty score in `[0.0, 1.0]` at the time the event was logged.
/// Saturated and stored as f32 for direct downstream use; the q15
/// quantization happens on the wire format
/// ([`crate::WireSketch`]) — the in-memory log keeps full f32
/// precision.
pub novelty: f32,
/// SHA-256 of the serialized [`crate::WireSketch`] payload
/// (header + packed bits + the q15 novelty quantum). Two events
/// with the same witness are byte-identical on the wire.
pub witness_sha256: [u8; 32],
}
/// Fixed-capacity, FIFO-evicting log of [`NoveltyEvent`]s.
///
/// Used as the cluster-Pi's per-node anomaly trail. The log is **not**
/// the source of truth for novelty (that's [`crate::SketchBank`] and
/// `EmbeddingHistory::novelty`); it's the *audit* of what happened.
///
/// # Memory bound
///
/// `capacity * (sketch_bytes_per_event + ~50 fixed bytes)` is the worst
/// case. For 64 events × 16-byte sketches that's ~4 KiB — fits in any
/// per-node state struct without concern.
#[derive(Debug, Clone)]
pub struct PrivacyEventLog {
capacity: usize,
events: VecDeque<NoveltyEvent>,
}
impl PrivacyEventLog {
/// Create a new log with the given fixed capacity.
///
/// `capacity == 0` is allowed; the log accepts pushes but
/// immediately discards them, which is occasionally useful as a
/// no-op stub in test fixtures or when the privacy log is meant
/// to be disabled at deployment time.
pub fn new(capacity: usize) -> Self {
Self {
capacity,
events: VecDeque::with_capacity(capacity.min(1024)),
}
}
/// Append an event built from a `Sketch` + novelty score.
///
/// The event's `witness_sha256` is computed over the [`WireSketch`]
/// serialization of `(sketch, novelty)` — so two pushes of the same
/// `(sketch, novelty)` produce byte-identical witnesses, enabling
/// dedup at the receiver.
///
/// FIFO-evicts the oldest event if the log is at capacity. Returns
/// the number of events present after the push (0 when capacity is
/// 0, otherwise `<= capacity`).
pub fn push(&mut self, sketch: &Sketch, novelty: f32, timestamp_us: u64) -> usize {
if self.capacity == 0 {
return 0;
}
let wire = WireSketch::serialize(sketch, novelty);
let mut hasher = Sha256::new();
hasher.update(&wire);
let witness: [u8; 32] = hasher.finalize().into();
if self.events.len() >= self.capacity {
self.events.pop_front();
}
self.events.push_back(NoveltyEvent {
timestamp_us,
sketch_bytes: sketch.packed_bytes().to_vec(),
sketch_version: sketch.sketch_version(),
embedding_dim: sketch.embedding_dim(),
novelty,
witness_sha256: witness,
});
self.events.len()
}
/// Number of events currently stored.
#[inline]
pub fn len(&self) -> usize {
self.events.len()
}
/// True iff the log has no events.
#[inline]
pub fn is_empty(&self) -> bool {
self.events.is_empty()
}
/// Bank capacity (the max number of events ever held simultaneously).
#[inline]
pub fn capacity(&self) -> usize {
self.capacity
}
/// Iterate over events oldest-first.
pub fn iter(&self) -> impl Iterator<Item = &NoveltyEvent> {
self.events.iter()
}
/// Find the most recent event whose `witness_sha256` matches.
/// Returns `None` if no event matches.
///
/// Used by content-addressable lookups — a downstream receiver
/// can ask "have you logged this exact `(sketch, novelty)` before?"
/// without re-transmitting the sketch.
pub fn find_by_witness(&self, witness: &[u8; 32]) -> Option<&NoveltyEvent> {
self.events
.iter()
.rev()
.find(|e| &e.witness_sha256 == witness)
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::sketch::Sketch;
fn make_sketch(seed: u32) -> Sketch {
let v: Vec<f32> = (0..32)
.map(|i| ((i as u32).wrapping_mul(seed) as f32).sin())
.collect();
Sketch::from_embedding(&v, 1)
}
#[test]
fn push_grows_until_capacity_then_fifo_evicts() {
let mut log = PrivacyEventLog::new(3);
for i in 0..5u64 {
log.push(&make_sketch(i as u32 + 1), 0.5, i * 1000);
}
assert_eq!(log.len(), 3, "must cap at capacity");
// Oldest two evicted; first remaining timestamp is 2_000.
let first = log.iter().next().unwrap();
assert_eq!(first.timestamp_us, 2000);
}
#[test]
fn zero_capacity_log_silently_drops_pushes() {
let mut log = PrivacyEventLog::new(0);
let n = log.push(&make_sketch(1), 0.5, 0);
assert_eq!(n, 0);
assert_eq!(log.len(), 0);
assert!(log.is_empty());
}
#[test]
fn witness_is_deterministic_for_same_sketch_and_novelty() {
let mut log_a = PrivacyEventLog::new(2);
let mut log_b = PrivacyEventLog::new(2);
let s = make_sketch(7);
// Same sketch + same novelty + (intentionally different)
// timestamps — witness must NOT depend on timestamp; the
// wire format does not include it.
log_a.push(&s, 0.25, 100);
log_b.push(&s, 0.25, 999_999);
let wa = log_a.iter().next().unwrap().witness_sha256;
let wb = log_b.iter().next().unwrap().witness_sha256;
assert_eq!(
wa, wb,
"witness must be content-addressable, not time-addressable"
);
}
#[test]
fn witness_differs_for_different_novelty_scores() {
let mut log = PrivacyEventLog::new(2);
let s = make_sketch(11);
log.push(&s, 0.10, 0);
log.push(&s, 0.90, 0);
let mut iter = log.iter();
let w0 = iter.next().unwrap().witness_sha256;
let w1 = iter.next().unwrap().witness_sha256;
assert_ne!(w0, w1, "different novelty → different witness");
}
#[test]
fn find_by_witness_returns_most_recent_match() {
let mut log = PrivacyEventLog::new(5);
let s = make_sketch(42);
log.push(&s, 0.5, 100);
log.push(&make_sketch(99), 0.3, 200);
log.push(&s, 0.5, 300); // duplicate by witness, newer timestamp
let target_witness = log.iter().nth(2).unwrap().witness_sha256;
let hit = log.find_by_witness(&target_witness).unwrap();
assert_eq!(hit.timestamp_us, 300, "find_by_witness returns most recent");
}
#[test]
fn find_by_witness_returns_none_on_miss() {
let mut log = PrivacyEventLog::new(2);
log.push(&make_sketch(1), 0.5, 0);
let bogus = [0xAA_u8; 32];
assert!(log.find_by_witness(&bogus).is_none());
}
#[test]
fn event_does_not_carry_raw_embedding() {
// The whole point of the event log: an attacker with read
// access to the log cannot recover the source CSI / embedding.
// Verify structurally that no `Vec<f32>` field exists on
// NoveltyEvent — only the bit-packed sketch.
let mut log = PrivacyEventLog::new(1);
let s = make_sketch(5);
log.push(&s, 0.5, 0);
let event = log.iter().next().unwrap();
// The packed sketch is bytes (1-bit-per-source-dim, ceil-divided).
// Length proves the source dim (32 bits = 4 bytes).
assert_eq!(event.sketch_bytes.len(), 4);
assert_eq!(event.embedding_dim, 32);
// No way to reconstruct the original `[f32; 32]` from these 4 bytes
// alone; that's the privacy guarantee. (Compile-time witnessed:
// there's no Vec<f32> field on NoveltyEvent.)
}
}
Reference in New Issue View Git Blame Copy Permalink