🌊 Wave-18 sub-tracker — padding-class oracle + jitter-injection side-channel

[gHashTag]

🌊 Wave-18 sub-tracker — padding-class oracle + jitter-injection side-channel

Wave-18 of the Trinity Secure Chat roadmap. Branches from main after Wave-17 (#715) merge.

Lanes

• Lane A L-CHAT-6-cls (R-CHAT-9 / CR-CHAT-04) — padding-class oracle.

  • File: crates/trios-chat/rings/CR-CHAT-04/src/padding_class_oracle.rs (322 lines).
  • 6 deterministic tests CLS-01..06 + 3 bonuses pinning:
    • smallest-class oracle picks unique minimal class from {256,1024,4096,16384};
    • over-pad rejected as ClassUpgrade;
    • oversized payload rejected as DeclaredLengthOverflow;
    • sub-4-byte buffer rejected as TruncatedTooShort;
    • non-class envelope size rejected as NonClassSize;
    • non-zero padding suffix rejected as NonZeroPaddingSuffix.

• Lane B L-CHAT-7-jitter (R-CHAT-10 / CR-CHAT-07) — jitter-injection / inter-arrival side-channel.

  • File: crates/trios-chat/rings/CR-CHAT-07/src/jitter_side_channel.rs (405 lines).
  • 6 deterministic tests JIT-01..06 + 4 bonuses pinning:
    • canonical-gap-only history accepted ({50, 250, 1000, 5000, 30000, 300000} ms);
    • non-canonical gap rejected as NonCanonicalGap;
    • clock-rewind rejected as NonMonotonicTimestamp;
    • sub-minimum burst rejected as BurstBelowMinimum;
    • cover-traffic ratio < 25% rejected as InsufficientCover;
    • any class > 60% rejected as ClassBiasExceeded.

Coq

Section TrinityChatWave18 in crates/trios-chat/proofs/chat/Trinity_Chat.v:

• INV-CHAT-96 inv_chat_96_smallest_class_in_set
• INV-CHAT-97 inv_chat_97_padding_class_choice_minimal
• INV-CHAT-98 inv_chat_98_declared_length_overflow_rejected
• INV-CHAT-99 inv_chat_99_truncated_too_short_rejected
• INV-CHAT-100 inv_chat_100_non_canonical_gap_rejected
• INV-CHAT-101 inv_chat_101_non_monotonic_timestamp_rejected
• INV-CHAT-102 inv_chat_102_gap_timestamp_mismatch_rejected
• helper jitter_burst_below_minimum_rejected18

8 new Qed → 139 Qed total. Zero new axioms. Cumulative axiom count remains 5.

Falsifier corpus

• 1600 → 1700 entries (PI-CLS-001..050 + PI-JIT-001..050).
• 32 → 34 categories @ 100% blocked.
• 32 → 34 threshold lanes in falsifier_runner (padding_class_oracle + jitter_side_channel at 0.95).
• DENY_PATTERNS extended in CR-CHAT-06/src/injection.rs with W18 keyword blocks (~160 patterns) + 33 residual-miss patches.

Verification (all green) [VERIFIED]

Gate	Result
cargo test cumulative chat suite	270 / 0 failed
e2e_chat_25	25 / 25
falsifier_runner	1700 / 1700 across 34 categories @ 100%
cargo clippy -D warnings (trios-chat + CR-CHAT-04/07)	clean
coqc Trinity_Chat.v	silent, exit 0 (3 abstract-large-number warnings only)
grep -cE "Qed\." Trinity_Chat.v	139
grep -cE "^\s*Admitted\." Trinity_Chat.v	0
New axioms	0 (cumulative still 5)

Anchor (extended)

φ² + φ⁻² = 3 · TRINITY · CHAT · ZERO-METADATA · POST-QUANTUM · UNLINKABLE · COVER-TIMING · AT-REST-AEAD · BOT-PARTIAL-MLS · KEM-KEY-CONFUSION · AAD-CONTEXT · RATCHET-FS · MLS-REORDER · SKIPPED-KEYS-DOS · MLS-WELCOME-REPLAY · PREKEY-EXHAUSTION · MLS-LEAF-COMPROMISE · DENIABILITY · CONFUSED-DEPUTY · OOB-IDENTITY · MLS-EXTERNAL-COMMIT · EGRESS-FINGERPRINT · IDENTITY-REVOKE · CLOCK-SKEW-REPLAY · AT-REST-ROTATE · TOOL-ARG-CONFUSION · GROUP-PCS-HEAL · PADDING-CLASS-ORACLE · JITTER-SIDE-CHANNEL

Constitution compliance

• L-ARCH-001 — new code lives under crates/trios-chat/rings/CR-CHAT-04/ and CR-CHAT-07/ (rings only, no monoliths).
• L1 — no .sh files added.
• L2 — closing PR body starts with bare Closes #N.
• R3 — cargo clippy -D warnings clean; coqc silent (exit 0).
• R5 — every claim above is [VERIFIED].

Parent EPIC: trinity-fpga#28.