Solution: LP-0002 Private M-of-N Multisig

solutions/LP-0002.md

@@ -0,0 +1,94 @@
+# LP-0002 Solution: Private M-of-N Multisig
+
+**Submitted by:** Tranquil-Flow
+
+## Summary
+
+This submission implements a private M-of-N multisig primitive for LEZ. Shielded members approve a proposal client-side, produce unlinkable per-proposal nullifiers, and execute a threshold-gated action without revealing which members approved. The repository includes the Rust workspace, SDK, SPEL IDL, RISC0 heavy-lane artifacts, public LEZ testnet evidence, a native Qt/QML Basecamp `.lgx` package with alice/bob install evidence, and reproducible evaluator scripts. The fresh human-recorded narrated demo is available at https://youtu.be/Wssfp_rkC54.
+
+## Repository
+
+- **Repo:** https://github.com/Tranquil-Flow/lp-0002-private-multisig
+- **License:** MIT
+- **Narrated demo:** https://youtu.be/Wssfp_rkC54
+
+## Approach
+
+The system is split into audit-friendly layers:
+
+1. `core/` implements member commitments, proposal binding, threshold relation checks, context-bound nullifiers, replay identifiers, and the public journal privacy boundary.
+2. `sdk/` exposes a high-level `MultisigSession` workflow for create, propose, approve, prove, and execute.
+3. `consumer-demo/` is a standalone clone-and-run integration app that imports the public crates as library dependencies and exercises five realistic multisig scenarios.
+4. `methods/` and `methods/guest/` contain the RISC0 threshold-proof guest and executable wrapper guest.
+5. `host/` verifies real RISC0 receipt artifacts, prepares LEZ/NSSA payloads, and records file-backed evidence for the heavy lane.
+6. `lez-program/` models the LEZ verifier gate with deterministic account-state mutation and replay protection.
+7. `basecamp-app/` contains the native Qt/QML Logos Basecamp plugin package; `flake.nix`/`flake.lock` package it as `.lgx`, and `submission/BASECAMP_INSTALL_EVIDENCE.json` records M4 alice/bob profile install evidence.
+
+The proof design keeps member identity private. The public journal reveals multisig/proposal/action binding, threshold and approval counts, sorted nullifiers, member root/count, and proof identifiers, but not raw member secrets or member commitments. Nullifiers bind approvals to the proposal context so a member cannot approve twice while remaining unlinkable across proposals.
+
+The LEZ evidence is intentionally explicit about the current transport boundary. The full RISC0 receipt is verified host-side and persisted as file-backed evidence. The included LEZ public-testnet wrapper transaction carries compact receipt/journal commitments because raw receipt bytes exceed the current public-program session transport limit. The reproducible `verify_and_execute_bytes` wrapper program is deployed and executed on the public LEZ testnet (https://testnet.lez.logos.co/): deploy tx `82516880f60c2076d78b28ad7b147ac0b05ed247b7bc33a27ac8f68b1d809c56` in block `39547` and execute tx `cb8bfd5afca3c88a99b12b42a6875bcc2cad419d394da0e39d8ca463ee376697` in block `39548`, signed by funded testnet account `6iArKUXxhUJqS7kCaPNhwMWt3ro71PDyBj7jwAyE2VQV`. The confirmed transaction evidence is recorded in `submission/TESTNET_EVIDENCE.json`.
+
+## Success Criteria Checklist
+
+### Functionality
+
+- [x] Any M-of-N member holding a shielded LEZ account can submit an approval without revealing their identity to on-chain observers or other members.
+- [x] The verifier confirms a threshold of M approvals without recording which members approved.
+- [x] Double-vote prevention is implemented through context-bound nullifiers.
+- [x] A completed execution is unlinkable to an individual member's shielded account.
+- [x] Proof generation runs client-side; the repository includes real `RISC0_DEV_MODE=0` proof artifacts and host verification scripts.
+- [x] A reference threshold-gated action is delivered through the SDK, consumer demo, LEZ-shaped wrapper, and recorded public-testnet evidence.
+- [x] At least one multisig instance/proposal/approval/execution path is evidenced in `submission/TESTNET_EVIDENCE.json` with confirmed transaction hash and block reference.
+- [x] Full documentation and a clean public repository are delivered.
+
+### Usability
+
+- [x] Module/SDK provided via the `sdk/` crate and `MultisigSession` API.
+- [x] Logos Basecamp GUI package provided under `basecamp-app/`, including native Qt/QML plugin source, metadata, CMake build instructions, `.lgx` packaging, and alice/bob profile install evidence.
+- [x] SPEL IDL provided under `interfaces/lp0002.idl.json` with discriminators and documented instruction/error surfaces.
+
+### Reliability
+
+- [x] Proof generation and verification failures surface deterministic typed errors.
+- [x] Partial approvals are preserved and resumable through serde round-tripping of the approval accumulator.
+- [x] Verifier errors and SDK errors are deterministic and documented in `docs/PROTOCOL.md`.
+
+### Performance
+
+- [x] Proof-generation measurements, receipt/journal sizes, wrapper payload metrics, and public LEZ testnet cost evidence are documented in `submission/BENCHMARKS.md` and `submission/LEZ_COST_BENCHMARKS.json`.
+- [x] Current LEZ tooling does not expose stable per-transaction CU counters; the submission records this limitation explicitly rather than inventing CU numbers.
+
+### Supportability
+
+- [x] Program deployment and execution evidence is recorded for the public LEZ testnet (https://testnet.lez.logos.co/).
+- [x] End-to-end LEZ/RISC0 smoke scripts are included, with evaluator commands in `submission/EVALUATOR_GUIDE.md`.
+- [x] CI configuration is present in the linked repository as `.github/workflows/ci.yml` and `.gitlab-ci.yml`; local/evaluator validation evidence is also documented in `submission/CI_EVIDENCE.md`.
+- [x] README documents deployment, program identifiers, SDK usage, CLI/demo usage, and Basecamp package usage.
+- [x] A reproducible demo script is provided at repository root as `demo.sh`; the heavy-lane path is available through `scripts/demo-heavy-lane.sh`.
+- [x] Fresh narrated demo video: https://youtu.be/Wssfp_rkC54
+
+## FURPS Self-Assessment
+
+### Functionality
+
+The workspace implements the private threshold relation, proposal binding, nullifier-based double-vote prevention, replay protection, SDK integration, consumer app, native Basecamp package, SPEL IDL, real RISC0 proof verification, and confirmed public LEZ testnet inclusion evidence. The main caveat is transparently documented: compact commitments are transported through the wrapper transaction while the full receipt remains host-verified and file-backed due to current LEZ session limits.
+
+### Usability
+
+Evaluators can start with `./demo.sh` for the fast clone-and-run consumer flow, then use `submission/EVALUATOR_GUIDE.md` for the heavy-lane evidence path. Developers can import the SDK crate, inspect the consumer demo, or build the native Basecamp plugin from `basecamp-app/`.
+
+### Reliability
+
+The Rust workspace includes unit and integration tests for privacy boundaries, duplicate approvals, invalid indices, insufficient approvals, replay protection, serialization/resume behavior, IDL consistency, and verifier errors. Readiness validators catch stale documentation, missing artifacts, IDL drift, and publication-gate regressions.
+
+### Performance
+
+The submission includes safe-lane timings, RISC0 fixture measurements, serialized receipt/journal sizes, NSSA wrapper payload metrics, account counts, and public-testnet inclusion evidence. LEZ per-transaction CU counters are not currently exposed by the available tooling, so the cost evidence records that limitation in machine-readable form.
+
+### Supportability
+
+The repository is MIT licensed, public, documented, and organized as a reproducible Rust workspace. `submission/EVALUATOR_GUIDE.md`, `docs/SPEC_COMPLIANCE.md`, `docs/PROTOCOL.md`, `submission/TESTNET_EVIDENCE.json`, and `submission/BENCHMARKS.md` give reviewers the paths, commands, evidence identifiers, and known limitations needed to independently assess the submission.
+
+## Terms & Conditions
+
+I have read and agree to the Logos Lambda Prize TERMS.md and confirm that this submission is original work published under the MIT license.