diff --git a/SPEC.md b/SPEC.md index 9d390ff..56089ac 100644 --- a/SPEC.md +++ b/SPEC.md @@ -844,6 +844,7 @@ IOTA Rebased (mainnet ~May 2025) is the reference example. Verified properties a - **PQC status-gate binding (§6.5).** Move on IOTA Rebased has **no ML-DSA/SLH-DSA natives** (framework crypto natives: ed25519, ecdsa_k1/r1, bls12381, groth16, ecvrf, hmac_sha3_256; no PQC natives on any published IIP roadmap) — in-contract PQC verification is not practical today (Groth16-wrapped PQC verification via the zk natives is theoretically possible, not practical). The IOTA profile therefore **MUST** implement **optimistic status enforcement** (§6.5) for the escrow-relevant transitions (`disputed`, `enforced`). - **Off-chain PQC is ready on this profile:** IOTA Identity (v1.7+) issues/verifies VCs with **ML-DSA-44/65/87, SLH-DSA, FALCON, and hybrid composites** (e.g. `id-MLDSA65-Ed25519`) — the binding-layer PQC suites of §6.5 are implementable with first-party tooling. - **Status lists (§8.6 binding):** IOTA Identity implements **RevocationBitmap2022** and **StatusList2021**, not (yet) the W3C Bitstring Status List; the profile binds these as the equivalent bit-array mechanisms permitted by §8.6 (RevocationBitmap2022: revocation only; StatusList2021: revocation + suspension). Bitstring Status List SHOULD be adopted if/when supported upstream. Note: the library has had **no stable release** as of June 2026 (latest: v1.9.9-beta.1) — APIs may still break; treat it as a pre-GA dependency. +- **First-party Trust Framework — candidate bindings (§5.4/§8).** The IOTA Foundation ships components overlapping ANP's pillars under its **Trust Framework** umbrella: **IOTA Notarization** (Alpha — *Locked* and *Dynamic* notarization with exactly ANP's hash-on-chain/payload-off-chain prover/verifier model and refundable storage deposits) and **IOTA Hierarchies** (Alpha — on-chain trust/authority hierarchies), alongside Identity and Gas Station. The Phase-2 PoC **SHOULD** evaluate binding this profile's **anchor primitive to Notarization objects** (Locked for terminal Objects; Dynamic for status-bearing anchors) and **Trust-List resolution (§5.4) to Hierarchies**, rather than re-implementing anchor objects and trust registries from scratch. ANP's contribution remains the layer these components do not provide — multi-party contracting semantics, mandates, optimistic dispute resolution, settlement directives (§15). Both components are Alpha; treat as pre-GA. - **Stablecoins — current reality (§10.2/§16.8):** bridged **USDC.e/USDT** only (LayerZero/Stargate, live Dec 2025); **no EUR stablecoin exists on IOTA L1**; a native stablecoin has been announced and is in formal-verification audit with **no confirmed launch** as of June 2026. EUR-denominated obligations therefore currently settle over a bridged USD asset with an FX reference (`constraints.fx_ref`, §5.3) — or on an EVM-profile chain where EURe/EURC actually live. - **Accounts & auth:** chain-native signatures are **Ed25519 (not PQC)** — hence ANP's binding-layer PQC strategy and the settlement-layer open risk (§6.5, §16.1). zkLogin was **removed** on IOTA; **passkey** authentication is live; Move-level account abstraction (IIP-0009) is testnet-only. - **Component statuses (June 2026):** IOTA Identity is **Beta** (v1.9.9-beta.1 — W3C VC-DM-2.0-aligned SD-JWT, BBS+ ZK selective disclosure, PQC suites as above; **no stable release yet**); Gas Station is v0.5.2 (pre-1.0). Treat both as pre-GA dependencies. @@ -892,6 +893,7 @@ Conformance levels: **Minimal** = Core + exactly one of {Notarization, Contracti | **Virtuals ACP / proposed ERC-8183** | Client/Provider/Evaluator + escrow + single-evaluator release (Base) | Closest *full-core* prior art. ANP differentiates: chain-neutral; neutral arbiters + M-of-N panels + appeals + slashing; general (any agreement/attestation, not just paid jobs). | | **W3C DID / VC 2.0** | Identity & credentials | **Foundational dependencies** (the neutral core). | | **UMA optimistic oracle** | Assert-challenge-resolve for subjective facts | Design template for ANP's optimistic dispute `process_profile`. | +| **IOTA Trust Framework** (Identity, Notarization, Hierarchies, Gas Station; Alpha) | First-party hash-anchoring (Locked/Dynamic notarization) and on-chain trust hierarchies on the reference chain | Candidate **profile bindings** for §13.2, not competitors at the protocol layer: they provide primitives, ANP provides the multi-party contracting, mandate, dispute, and settlement semantics above them. | | **C2PA** | Signed content/sensor provenance | Optional evidence format for media/measurement notarization. | **Positioning in one line:** ANP reuses identity (DID/VC), settlement (native chain), and attestation patterns (EAS-style), aligns with — but does not depend on — A2A/AP2/ERC-8004, and contributes the **chain-neutral, multi-party, general-purpose layer for binding agreements + third-party notarization + fair dispute resolution** that the rest of the stack leaves empty. @@ -919,6 +921,7 @@ Conformance levels: **Minimal** = Core + exactly one of {Notarization, Contracti - *Contracting:* two agents negotiate a structured service agreement; Objects anchored on IOTA testnet; mandate-gated approval; settlement via a completion `assert` backed by accepted criteria, then an uncontested `enforce`. - *Notarization:* a notary/oracle issues and anchors an attestation (with a C2PA-backed measurement); a contract consumes it as an acceptance criterion. - *Dispute:* an optimistic challenge → arbiter ruling → on-chain enforcement, with bonded parties. +- *Profile alignment:* evaluate binding the IOTA profile's anchors to **IOTA Notarization** and Trust-List resolution to **IOTA Hierarchies** (§13.2); engage the IOTA Foundation early — a PoC showcasing their Trust Framework stack is a natural collaboration. - Open-source from day one; reproducible demo. **Phase 3 — Specification v1.0.** Freeze envelope, schemas, state machines, suite registry, profile bindings, error/timeout semantics, and the security model; publish conformance tests. @@ -983,6 +986,7 @@ Seller asserts "delivered, criteria met" → `ASSERTED`. Buyer files `dispute` w - **Performance bond & penalty collateral (§7.3, §10.3, §11; review issue #19):** optional `performance_bond` posted by the performing party at `execute`, sized to maximum penalty exposure; Verifiers SHOULD flag terms whose penalties exceed the collateral reachable by `enforce`; the §10.3 fee-shortfall rule now covers the asymmetric no-escrow case. - **IOTA profile: on-chain hash handling (§13.1, §13.2, Appendix A; review issue #25):** Move has no 384-bit hash natives — anchors carry tagged 384-bit digests as opaque bytes (store/compare works; recomputation does not). New §13.1 **hash-capability declaration**: profiles name a native recomputation hash or route verification into the dispute path; the suite registry records per-profile flags. - **Realistic stablecoin denomination (§5.3, §7.3, §13.2, §16.8, B.1; review issue #28):** worked examples re-denominated from EURe (which does not exist on IOTA L1) to bridged USDC.e with `fx_ref`-based EUR caps; §13.2 documents the stablecoin reality (bridged USDC.e/USDT only, native coin unconfirmed); §16.8 notes Stellar as the only native-EURC chain in the landscape. +- **IOTA Trust Framework positioning (§13.2, §15, §17, Appendix D; review issue #30):** IOTA Notarization (Locked/Dynamic) and Hierarchies are documented as **candidate profile bindings** for the anchor primitive and Trust-List resolution — to be evaluated in the Phase-2 PoC with early IOTA Foundation engagement; §15 positions them as primitives below ANP's contracting/mandate/dispute/settlement semantics, not competitors. - **IOTA reference profile refreshed to June 2026 (§13.2, §13.4, Appendix D; review issue #29):** Starfish consensus (p99 ≈ 312 ms), measured anchor costs (~0.001 IOTA burned + fully-refundable storage deposit), Gas Station v0.5.2 self-hosted, IOTA Identity Beta with PQC VC suites, native randomness beacon + ECVRF (making §8.3/§9.2 VRF selection directly implementable), zkLogin removed / passkeys live / account abstraction testnet-only. - **GDPR posture corrected to pseudonymization (§6.2, §12, Appendix D; review issue #17):** dropped the contestable "the residual on-chain hash is not personal data" claim; anchors are treated as **pseudonymized personal data** per EDPB Guidelines 02/2025, with erasure decaying their identifying power; pairwise DIDs upgraded to **MUST** for Threads with identifiable natural persons. - **Quantum hash-strength numbers corrected (§6.5; review issue #20):** the anchor-hash requirement now states classical and quantum levels separately (≥384-bit classical pre-image / ≥192-bit classical collision ⇒ ≥192-bit Grover pre-image) — the v0.2 wording made SHA-384/SHA3-384 fail its own stated requirement; the primitives were right, the numbers were not. @@ -1013,7 +1017,7 @@ Seller asserts "delivered, criteria met" → `ASSERTED`. Buyer files `dispute` w - **Ethereum Attestation Service (EAS)** (attest.org). - **Virtuals Protocol Agent Commerce Protocol (ACP)** (Base). - **UMA Optimistic Oracle**. -- **IOTA Rebased** (mainnet ~May 2025; **Starfish** consensus since Apr 2026, formerly Mysticeti; Move VM); **IOTA Identity** (Beta, v1.9.9-beta.1); **IOTA Gas Station** (v0.5.2); **IOTA EVM** (L2). +- **IOTA Rebased** (mainnet ~May 2025; **Starfish** consensus since Apr 2026, formerly Mysticeti; Move VM); **IOTA Identity** (Beta, v1.9.9-beta.1); **IOTA Gas Station** (v0.5.2); **IOTA Notarization** (Alpha); **IOTA Hierarchies** (Alpha); **IOTA EVM** (L2). - **Sui**, **Hedera (HCS)**, **Aptos**, **Solana**, **Base/Ethereum L2s** (candidate-chain context). *(Full URLs and access dates to be attached in the v1.0 bibliography; all technical claims above were source-verified during the v0.2 review.)*