.png)
4 months ago
8
⚠️ This is a work in progress. While the CT functionality works, this should not be yet used in production.
A Certificate Transparency (CT) log implementation using SlateDB's LSM-tree storage engine with object storage backend. CompactLog implements RFC 6962 Certificate Transparency APIs on top of SlateDB to explore how LSM-tree storage can address traditional CT log scalability challenges.
This implementation provides a complete Certificate Transparency log that:
- Accepts X.509 certificate chains and pre-certificates
- Issues Signed Certificate Timestamps (SCTs)
- Maintains a cryptographically verifiable Merkle tree
- Provides inclusion and consistency proofs
- Stores data in cloud object storage (S3, Azure Blob) or local filesystem
The implementation uses SlateDB's LSM-tree for persistent storage with these key patterns:
- Log entries: Stored as entry:<index> with serialized certificate data
- Merkle tree state: Leaf hashes cached for efficient root computation
- Signed Tree Heads: Cached per tree size to avoid recomputation
- Hash mappings: Direct lookup from leaf hash to tree index
Rather than implementing tile-based storage (as proposed in newer CT designs), this project explores whether LSM-tree characteristics can provide similar benefits:
- Write optimization: LSM-trees handle high write throughput naturally
- Batched operations: Configurable batching without external complexity
- Cloud storage: Direct integration with object stores for scaling
- Caching strategies: Strategic caching of computed hashes and proofs
Create Config.toml or let the system generate defaults:
For cloud storage, configure provider-specific credentials in the respective sections.
The system automatically generates ECDSA P-256 keys and default configuration if not present.
