examples/prove_inclusion.py
| 1 | """prove_inclusion.py - generate + verify a Merkle inclusion proof. |
| 2 | |
| 3 | Run:: |
| 4 | |
| 5 | python examples/prove_inclusion.py |
| 6 | """ |
| 7 | |
| 8 | from __future__ import annotations |
| 9 | |
| 10 | import tempfile |
| 11 | |
| 12 | from quantumshield.identity.agent import AgentIdentity |
| 13 | |
| 14 | from pqc_audit_log_fs import ( |
| 15 | InclusionProver, |
| 16 | InferenceEvent, |
| 17 | LogAppender, |
| 18 | LogReader, |
| 19 | RotationPolicy, |
| 20 | ) |
| 21 | |
| 22 | |
| 23 | def main() -> None: |
| 24 | with tempfile.TemporaryDirectory() as log_dir: |
| 25 | signer = AgentIdentity.create(name="demo-signer") |
| 26 | appender = LogAppender( |
| 27 | log_dir, |
| 28 | signer, |
| 29 | rotation=RotationPolicy(max_events_per_segment=1000), |
| 30 | ) |
| 31 | |
| 32 | target_event: InferenceEvent | None = None |
| 33 | for i in range(50): |
| 34 | event = InferenceEvent.create( |
| 35 | model_did="did:pqaid:demo-model", |
| 36 | model_version="1.0.0", |
| 37 | input_bytes=f"in-{i}".encode(), |
| 38 | output_bytes=f"out-{i}".encode(), |
| 39 | decision_label="approve" if i % 2 == 0 else "deny", |
| 40 | ) |
| 41 | appender.append(event) |
| 42 | if i == 25: |
| 43 | target_event = event |
| 44 | appender.close() |
| 45 | assert target_event is not None |
| 46 | |
| 47 | reader = LogReader(log_dir) |
| 48 | prover = InclusionProver(reader) |
| 49 | proof = prover.prove_event(1, target_event.event_id) |
| 50 | print(f"built proof for event {target_event.event_id}") |
| 51 | print(f" tree_size = {proof.tree_size}") |
| 52 | print(f" siblings = {len(proof.siblings)}") |
| 53 | print(f" root = {proof.root[:16]}...") |
| 54 | |
| 55 | ok = InclusionProver.verify_proof(target_event, proof) |
| 56 | print(f"[{'OK' if ok else 'FAIL'}] proof verifies: {ok}") |
| 57 | |
| 58 | |
| 59 | if __name__ == "__main__": |
| 60 | main() |
| 61 | |