feat(benches): criterion benches for signature verification (#89)

[avrabe]

Implements #89. Adds criterion-driven benchmarks for the four signature-verification hot paths so silent crypto-path regressions can be caught before they ship.

Bench groups

Group	Measures	Traceability
`ed25519_verify`	`pk.verify(msg, sig)` over a fixed 44-byte payload	CR-1, CR-3, RFC 8032
`dsse_parse_and_verify`	`DsseEnvelope::from_json` → `verify` of an in-toto-shaped payload signed Ed25519	CR-3, CR-8
`merkle_validation`	`verify_inclusion_proof` for leaf 0 of complete-binary trees, parameterised `&[8, 64, 512, 4096]` leaves	CR-3, CR-5, CR-8
`cert_chain_validation`	`KeylessSignature::from_bytes` + `MAX_CHAIN_DEPTH` check, parameterised `&[1, 2, 4, 8]` (matches audit PR #98)	CR-7, CR-8

Deferred

• SLH-DSA bench — issue feat: post-quantum signature support (SLH-DSA / FIPS 205) #46 (not yet implemented).
• CI job (sanity run on PR, full run nightly) — separate follow-up. This PR lands the harness only so baselines can be captured.
• Full WebPKI cert-chain path — skipped in the cert-chain bench because it needs Fulcio root + integrated_time fixtures that would dominate the measurement. The parse + length-bound is the actual pre-WebPKI hot path.

Validation

• `cargo build -p wsc --benches` clean
• `cargo test -p wsc --bench verification_benchmarks --release` runs all 10 bench permutations to "Success"
• Capture numeric baselines on CI's blessed runner — done in the follow-up CI PR

Implements #89. Verifies CR-1, CR-3, CR-7, CR-8.

[temper-pulseengine]

Automated review for PR #111

pulseengine/sigil:feat/criterion-benches-sig-verification → pulseengine/sigil:main

Verdict: 💬 Comment

Summary: The pull request is approved.

Findings: 0 mechanical (rivet) · 1 from local AI model.

Findings (1):

1. src/lib/Cargo.toml:109

   criterion = { version = "0.5", features = ["html_reports"] }
   

   The criterion feature is added to the [dev-dependencies] section of the Cargo.toml file, which is necessary for running signature-verification benchmarks using Criterion.

---

Generated by a local AI model and post-validated against a strict JSON contract. Each finding includes the verbatim line being criticised — verify by reading the file at the cited location.

Reviewed at 7fe1f07

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!