fix: pin fhe v1.7.6 go.sum to proxy-served dirhash#18
Merged
Conversation
Lands the comparative-study directory the Quasar consensus stack
needed: a single place where the three PQ-threshold tiers are
documented side-by-side with cross-references to the implementing
repos, Lean proofs, and papers.
Files:
study/README.md index + comparison table
study/pulsar.md threshold ML-DSA tier (Module-LWE)
study/corona.md threshold Ring-LWE tier
study/comet.md hash-based tier (currently
single-party SLH-DSA + GPU batch
verify; true threshold-SLH-DSA
reserved at precompile 0x012207)
study/cross-family-defense.md why Aurora vs Magnetar matters
The Comet documentation is explicit about what does and does not
ship as a "threshold" primitive: GPU batch verify of single-party
FIPS 205 sigs is what's wired today (luxfi/crypto v1.19.2 +
luxfi/accel v1.1.0 + luxcpp/accel v0.1.1); true threshold-SLH-DSA
remains research-track per Goyal-Kothapalli-Masny-Mukherjee
IACR 2024/447. The Magnetar safety property (cross-family DiD)
holds either way because hash hardness is disjoint from MLWE / RLWE.
…tody)
Pulsar is not "one threshold ML-DSA key with infinite signers" —
that's a misleading framing. The Lux stack ships two distinct
constructions under the Pulsar name:
PulsarCert - public leaderless consensus. Each validator owns
its own FIPS 204 ML-DSA key and signs independently.
Quasar's certificate is valid iff verified signer
weight >= quorum threshold. Threshold lives in the
CERTIFICATE PREDICATE, not in any single sig. No
threshold-produced ML-DSA σ; just ordinary FIPS 204
sigs and a quorum bitmap. Supports unbounded
validator universe + bounded cert realisation.
Threshold Pulsar - custody / governance / bridge. The 2-round t-of-n
construction in luxfi/pulsar-mptc. Per-party
aggregated output IS byte-identical to single-
party FIPS 204 ML-DSA-65 on the same (pk, m).
Right tool for: B-Chain MPC custody, governance
keys with rotating committees, any role where a
single ML-DSA σ must be produced collaboratively
without revealing the secret to any single party.
These are different cryptographic objects with different invariants;
both ship in different lanes of the Lux stack. study/pulsar.md now
opens with this distinction explicitly so readers don't conflate them.
fhe v1.7.6 contains LFS-tracked files (concrete-ml model weights, ~150MB). proxy.golang.org caches the zip with LFS *pointer* files; sum.golang.org recorded that proxy hash (H2WqsWa/...). Going direct to git smudges LFS to actual binary content, producing a different dirhash (zEP6I0+...). CI uses GOPROXY=proxy.golang.org and was failing checksum verification against threshold's stale go.sum. Pin the canonical proxy-served hash. Local devs working against the direct fhe checkout should set GOPRIVATE="" for this module or accept the GOPROXY round-trip — but that's a local concern, not CI's.
hanzo-dev
added a commit
that referenced
this pull request
May 29, 2026
fix: pin fhe v1.7.6 go.sum to proxy-served dirhash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan