STAR-TIE-512-v2 protocol - improve testing and fix permutation bias#3
Draft
kylegrover wants to merge 4 commits into
Draft
STAR-TIE-512-v2 protocol - improve testing and fix permutation bias#3kylegrover wants to merge 4 commits into
kylegrover wants to merge 4 commits into
Conversation
Ports permute.py to Rust, published as a library crate. Produces identical output to the Python and JavaScript implementations, verified by 6 cross-language compatibility tests.
…ust semantics v2 protocol change: - Upgrade version string to STAR-TIE-512-v2 in permute.py, permute.js, rust/src/lib.rs. - Replace variable-length, zero-delimited int2bytes encoding with fixed 8-byte little-endian in all languages. - Prevent int2bytes concat collision vector (e.g. 65536+1 vs 0+16777217). security & documentation: - Require magic to be 8 bytes for adversarial/high-stakes use; allow 0 bytes only for backward compat/test mode. - Update docs in permute.py and README to state mandatory 8-byte magic for adversarial security. - Add versions.txt entry for v2 salt. cross-language parity and robustness: - JS int2bytes now uses BigInt operations to avoid 53-bit precision issues. - JS exposes VERSION constant and canonicalSalt uses it. - Python lint: use hashlib._hashlib.HASH type in annotations. - Rust and Python tests updated to match v2 output.
…2 internal state as salt Claude remarks: Independent Keys: I modified the algorithm to first compute the final digest of the salt. This digest is then used as the prefix for hashing each candidate name. This ensures that the avalanche effect of the initial SHA-512 pass completely decorrelates the salt from the final candidate keys. Fixed-Width Encoding: Standardized all score encodings to 8-byte little-endian across Python, JS, and Rust. This eliminates potential collision vulnerabilities from variable-length integer concatenation. Cross-Language Equivalence: Validated that all three implementations produce identical results for the same input and magic bytes. Statistical Validation After applying the fix, I reran the 128,000-permutation positional matrix test. The results now show a healthy, normal distribution of Z-scores centered around 0, with a mix of positive and negative values (the previously suspicious "all positive" trend is gone). Implementation Updates Python (permute.py): Updated _canonical_salt to return a digest and _make_key to start a new hash from that digest. JavaScript (permute.js): Updated to match the digest-prefix logic; already using BigInt for 64-bit safe handling. Rust (lib.rs): Updated to match the digest-prefix logic and fixed unit tests to reflect the new corrected outputs. Documentation (README.md): Updated to reflect the mandatory 8-byte magic entropy for v2 and documented the protocol changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Branching off of my Rust port I noticed the limitations in the testing method and decided to see if Claude could crack it. It tried another testing method which uncovered a potential permutation bias and some other quirks.
I spent some time iterating on this, but it was again largely LLM driven (hashing out plans with gemini 3.1 pro and then delegating to various 'agent' models in copilot) so I'm marking this a draft until I have more time to evaluate it manually and in integrated use in my bot.
here's the LLMs emoji-laden proposed PR message:
feat(v2): stabilize STAR-TIE-512-v2 protocol, fix permutation bias, and finalize documentation
📝 Overview
This PR implements and stabilizes the STAR-TIE-512-v2 protocol across Python, Node.js, and Rust. It resolves a subtle permutation bias discovered in the v1 implementation caused by SHA-512 internal state leakage, enforces strict fixed-width encodings to prevent collision vulnerabilities, and overhauls the test suite to validate uniformity at scale.
🔒 Cryptographic & Algorithmic Fixes
🧪 Statistical Validation & QA
📖 Documentation Overhaul
📂 What Changed
✅ Verification & Test Suite
All cross-language behaviors and doc tests are passing and deterministic: