docs: fix crypto/format drift — version byte 0x02, AttachmentId 32 hex, DCT 5-50

Punch items from doc audit: - docs/ARCHITECTURE.md: encrypted file format diagram said version byte 0x01; actual VERSION_BYTE is 0x02 (crypto.rs:59) and 0x01 is rejected with UnsupportedFormatVersion. - docs/ARCHITECTURE.md: DCT embedding diagram said "Repeat secret 20+ times" and "positions 4-15"; actual is MIN_COPIES (5) to 50 copies chosen by capacity, embedded in zig-zag positions 6-17 (imgsecret.rs:78, 99-104, 530-537). - FORMATS.md: AttachmentId table said 16 hex chars / 8 bytes; actual is 32 hex chars / first 16 bytes of SHA-256 (ids.rs:59-69). - FORMATS.md: ManifestEntry schema missing r#type field; updated to list all ten fields in declared order with serde decorations noted (manifest.rs:21-38). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-30 13:24:40 -04:00
parent 74a520bada
commit 210232d156
2 changed files with 14 additions and 7 deletions
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -161,11 +161,14 @@ master_key ────────►│  XChaCha20       │──────
                    │  selected block: │
                    │                  │
                    │  QIM embed bits  │
-                    │  in positions    │
-                    │  4-15 (mid-freq) │
+                    │  in zig-zag      │
+                    │  positions 6-17  │
+                    │  (mid-frequency) │
                    │                  │
                    │  Repeat secret   │
-                    │  20+ times       │
+                    │  MIN_COPIES (5)  │
+                    │  to 50 times,    │
+                    │  by capacity     │
                    └────────┬─────────┘
                             │
                             ▼
@@ -181,6 +184,8 @@ master_key ────────►│  XChaCha20       │──────
                     carries 256-bit secret)
 ```

+The redundancy count is chosen at embed time based on available DCT capacity: `num_copies = (total_blocks / BLOCKS_PER_COPY).min(50)`, with `BLOCKS_PER_COPY = 22` and a floor of `MIN_COPIES = 5` (`crates/relicario-core/src/imgsecret.rs:78,530-537`). Images that cannot fit at least 5 copies are rejected before embed. Majority voting across these copies at extract time requires ≥ 60 % confidence per bit.
+
 ## Extraction (with crop recovery)

 ```
@@ -214,10 +219,12 @@ Input JPEG (possibly re-encoded or cropped)
 ┌─────────┬────────────────────────┬──────────────────┬──────────────────┐
 │ version │         nonce          │    ciphertext     │    auth tag      │
 │ 1 byte  │       24 bytes         │    N bytes        │    16 bytes      │
-│  0x01   │ random per write       │ XChaCha20 stream  │ Poly1305 MAC     │
+│  0x02   │ random per write       │ XChaCha20 stream  │ Poly1305 MAC     │
 └─────────┴────────────────────────┴──────────────────┴──────────────────┘
 ```

+`VERSION_BYTE = 0x02` (`crates/relicario-core/src/crypto.rs:59`). Blobs starting with any other byte are rejected with `UnsupportedFormatVersion { found, expected: 0x02 }`. The legacy `0x01` format from the pre-typed-items era is no longer supported.
+
 ## Crate Architecture

 ```