Finals
Finals indicate the final version of a braid, and a successor braid. There may only be a single final for each braid, and they require special user interaction to create. If there are multiple finals for a braid, something has gone wrong. One of them is very likely a forgery, but there is no way to tell which one automatically.
#![allow(unused)] fn main() { struct Final { data: Ciphertext, version: VersionSignature, successor: BraidPublicKey, commitment: FinalCommitment, authority: RotationPublicKey, signature: RotationSignature, } }
A final may specify the public key of its braid as its own successor.
Serialization
Finals are serialized using atlv, as an array of those three fields, using the tag 2. As an example, a 128 byte cipher text for a final with all generation 0 cryptography:
| offset | bytes | description |
|---|---|---|
| 00 | 82 | the tag (2) of a final |
| 01 | 46 | the array header (6 elements) |
| 02 | c1 00 | the binary header for the ciphertext (128 bytes) |
| 03…82 | ... | the ciphertext |
| 83 | 80 | the tag (0) of a Schnorr-Ristretto255-Blake3 signature |
| 84 | 30 | the binary header for the public signature (48 bytes) |
| 85…b4 | ... | the content of the Schnorr-Ristretto255-Blake3 signature |
| b5 | 80 | the tag (0) of a Schnorr-Ristretto255-Blake3 public key |
| b6 | 20 | the binary header for the public key (32 bytes) |
| b7…d6 | ... | the content of the Schnorr-Ristretto255-Blake3 public key |
| d7 | 80 | the tag (0) of a Schnorr-Ristretto255-Blake3 public key |
| d8 | 20 | the binary header for the public commitment key (32 bytes) |
| d9…f8 | ... | the content of the Schnorr-Ristretto255-Blake3 public commitment key |
| f9 | 80 | the tag (0) of a Schnorr-Ristretto255-Blake3 public key |
| fa | 20 | the binary header for the public commitment key (32 bytes) |
| fb…11a | ... | the content of the Schnorr-Ristretto255-Blake3 public commitment key |
| 11b | 80 | the tag (0) of a Schnorr-Ristretto255-Blake3 signature |
| 11c | 30 | the binary header for the public signature (48 bytes) |
| 11d…14c | ... | the content of the Schnorr-Ristretto255-Blake3 signature |
References
Finals are fetched by the Braid Public Key Reference, which can be derived from the commitment and authority, as specified by the signature scheme.