This document describes the current in-repo TLOS model:
- Topology mixing (structural hardening)
- LWE control-function hiding (
n=384,sigma=25,q=65521) - Wire-binding integrity checks
- Hash-PoW online throttling (optional)
- Memory-Hard Throttle (MHT) in key derivation
The former in-tree planted puzzle path has been removed from this repository.
Standalone lattice challenge work lives in evm-lattice-pow.
Core derivation path:
mhtOut = MHF(input, kdfSalt)
keySeed = keccak256(KEYGEN_DOMAIN || mhtOut)
s = expand_to_384_mod_q(keySeed)
Properties:
- Input-bound secret derivation
- Memory-hard per-guess cost amplification
- Domain separation for key expansion
- Low-entropy inputs remain dictionary-bound.
- MHT and PoW increase concrete attacker cost; they do not change low-entropy asymptotics.
- High-entropy inputs rely on LWE hardness for semantic protection.
- Wire binding protects integrity of in-circuit state transitions.
Canonical contract: contracts/TLOSWithPuzzleV5.sol
commit(bytes32)stores commit hash and commit-time randomness.revealWithPow(bytes32,uint64)is the primary reveal path when PoW is enabled.reveal(bytes32)is allowed only ifpowDifficulty == 0.check(bytes32)performs full core evaluation (MHT + circuit + binding checks).
- Do not claim collision resistance for wire binding; it is an integrity/binding mechanism.
- Keep secrets high entropy whenever possible.
- PoW controls online throughput, not offline dictionary capability.
forge build --use 0.8.30
forge test --use 0.8.30
SOLC_VERSION=0.8.30 ./scripts/verify_core.sh