makemd/server/src/core/security/ProofOfComputationService.ts

import { logger } from '../../utils/logger';
import * as crypto from 'crypto';

export interface ComputationProof {
  proofId: string;
  nodeId: string;
  timestamp: number;
  inputHash: string;
  outputHash: string;
  zkpPayload: string; // 模拟 ZKP 证明
}

/**
 * [CORE_SEC_14] 跨节点机密计算证明链 (Proof of Computation)
 * @description 建立分布式 TEE 计算结果的可信存证与追溯链，确保计算逻辑在跨节点传输中未被篡改且来源可信。
 */
export class ProofOfComputationService {
  private static proofChain: ComputationProof[] = [];

  /**
   * 生成计算证明
   * @param input 计算输入
   * @param output 计算输出
   * @param nodeId 执行节点 ID
   */
  static generateProof(input: any, output: any, nodeId: string): ComputationProof {
    logger.info(`[PoC] Generating computation proof for node: ${nodeId}`);

    const inputHash = crypto.createHash('sha256').update(JSON.stringify(input)).digest('hex');
    const outputHash = crypto.createHash('sha256').update(JSON.stringify(output)).digest('hex');

    const proof: ComputationProof = {
      proofId: `poc-${Date.now()}-${Math.random().toString(36).substr(2, 5)}`,
      nodeId,
      timestamp: Date.now(),
      inputHash,
      outputHash,
      zkpPayload: `zkp_signature_${crypto.randomBytes(16).toString('hex')}`
    };

    this.proofChain.push(proof);
    return proof;
  }

  /**
   * 验证证明链完整性
   */
  static async verifyProof(proof: ComputationProof): Promise<boolean> {
    logger.debug(`[PoC] Verifying computation proof: ${proof.proofId}`);

    // 1. 模拟 ZKP 校验
    const isZkpValid = proof.zkpPayload.startsWith('zkp_signature_');
    
    // 2. 模拟节点身份校验 (NodeIdentityService)
    const isNodeTrusted = true;

    return isZkpValid && isNodeTrusted;
  }

  /**
   * 获取溯源记录
   */
  static getProofHistory(): ComputationProof[] {
    return this.proofChain;
  }
}