Class MerkleProof

Namespace

Sigstore.Rekor

Assembly

Sigstore.dll

RFC 6962 Merkle tree helpers for Rekor-compatible transparency logs. Inclusion proof verification follows the decomposed inner/border walk used by transparency-dev/merkle, which implements the proof semantics described in RFC 6962 (Merkle audit paths).

public static class MerkleProof

Inheritance

object

MerkleProof

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Methods

HashChildren(ReadOnlySpan<byte>, ReadOnlySpan<byte>)

RFC 6962 §2.1 — hash an internal node from child hashes (prefix 0x01).

public static byte[] HashChildren(ReadOnlySpan<byte> left, ReadOnlySpan<byte> right)

Parameters

left ReadOnlySpan<byte>

right ReadOnlySpan<byte>

Returns

byte[]

HashLeaf(ReadOnlySpan<byte>)

RFC 6962 — leaf hash with domain separation prefix 0x00 over the serialized MerkleTreeLeaf.

public static byte[] HashLeaf(ReadOnlySpan<byte> merkleTreeLeafBytes)

Parameters

merkleTreeLeafBytes ReadOnlySpan<byte>

Returns

byte[]

RootFromInclusionProof(byte[], ulong, ulong, IReadOnlyList<byte[]>)

Computes the tree head from an inclusion proof (transparency-dev/merkle RootFromInclusionProof).

public static byte[] RootFromInclusionProof(byte[] leafHash, ulong leafIndex, ulong treeSize, IReadOnlyList<byte[]> proof)

Parameters

leafHash byte[]

32-byte leaf hash.

leafIndex ulong

Leaf index.

treeSize ulong

Tree size.

proof IReadOnlyList<byte[]>

Proof elements.

Returns

byte[]

Computed 32-byte root.

VerifyInclusion(ReadOnlySpan<byte>, long, long, IReadOnlyList<byte[]>, ReadOnlySpan<byte>)

Verifies that leafHash is included at leafIndex in a tree of treeSize leaves, yielding rootHash for the supplied inclusionPath.

public static void VerifyInclusion(ReadOnlySpan<byte> leafHash, long leafIndex, long treeSize, IReadOnlyList<byte[]> inclusionPath, ReadOnlySpan<byte> rootHash)

Parameters

leafHash ReadOnlySpan<byte>

RFC 6962 leaf hash (32 bytes).

leafIndex long

Zero-based leaf index.

treeSize long

Number of leaves in the tree.

inclusionPath IReadOnlyList<byte[]>

Inclusion proof hashes (inner segment then border segment).

rootHash ReadOnlySpan<byte>

Expected tree head (32 bytes).

Exceptions

InclusionProofException

When inputs are malformed or the proof does not verify.