Skip to content

pipavlo82/r4-prod

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
site
site
 
 
.env.example
.env.example
 
 
.gitignore
.gitignore
 
 
Caddyfile
Caddyfile
 
 
Dockerfile.core
Dockerfile.core
 
 
README.md
README.md
 
 
core_dev.py
core_dev.py
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

💡 Note: Benchmarks measured on production VPS (gateway → VRF node → ECDSA signing → response). Your actual latency may vary based on network conditions and geographic location.

📊 Latency Distribution Analysis

Distribution of 100 VRF requests:

 0-10ms  ██░░░░░░░░░░░░░░░░░░░░░░░░  8%
10-15ms  ████████████████████░░░░░░░ 68%  ◄── Majority of requests
15-20ms  ████████░░░░░░░░░░░░░░░░░░ 16%
20-25ms  ███░░░░░░░░░░░░░░░░░░░░░░░  5%
25-30ms  ██░░░░░░░░░░░░░░░░░░░░░░░░  3%

Key Insight:
✅ 68% of requests complete in 10-15ms
✅ 92% of requests complete under 20ms
✅ 97% of requests complete under 25ms

🏆 Why Re4ctoR VRF is Faster

Traditional VRF (Chainlink) Re4ctoR VRF 
1. Submit on-chain request
   ⏱️ 12-15 seconds (block time)

2. Oracle detects request
   ⏱️ 3-5 seconds (polling)

3. Generate VRF proof
   ⏱️ 2-5 seconds (compute)

4. Submit on-chain
   ⏱️ 12-15 seconds (block time)

5. Callback execution
   ⏱️ 12-15 seconds (block time)

Total: 30-120 seconds

1. HTTP request to gateway
   ⏱️ 1-2ms (network)

2. VRF node generates proof
   ⏱️ 8-12ms (compute)

3. ECDSA signing
   ⏱️ 2-4ms (crypto)

4. JSON response
   ⏱️ 1-2ms (serialization)


Total: 12-20ms (median: 14ms)

Key Advantages:

  • No blockchain delays — direct API access
  • 🔧 Optimized crypto stack — native Rust implementation
  • 🚀 No polling overhead — synchronous response
  • 💰 No gas fees — off-chain computation

🎯 Core Features

╔══════════════════════════════════════════════════════════════════════════════╗
║                                                                              ║
║      ██████╗ ███████╗██╗  ██╗ ██████╗████████╗ ██████╗ ██████╗             ║
║      ██╔══██╗██╔════╝██║  ██║██╔════╝╚══██╔══╝██╔═══██╗██╔══██╗            ║
║      ██████╔╝█████╗  ███████║██║        ██║   ██║   ██║██████╔╝            ║
║      ██╔══██╗██╔══╝  ╚════██║██║        ██║   ██║   ██║██╔══██╗            ║
║      ██║  ██║███████╗     ██║╚██████╗   ██║   ╚██████╔╝██║  ██║            ║
║      ╚═╝  ╚═╝╚══════╝     ╚═╝ ╚═════╝   ╚═╝    ╚═════╝ ╚═╝  ╚═╝            ║
║                                                                              ║
║           ⚡ HIGH-ASSURANCE CRYPTOGRAPHIC RANDOMNESS ⚡                      ║
║                                                                              ║
║              FIPS-Ready Entropy Appliance & PQ-VRF Gateway                  ║
║                                                                              ║
╚══════════════════════════════════════════════════════════════════════════════╝

FIPS 140-3 ML-DSA-65 BigCrush Latency License

📡 Overview

Re4ctoR is a production-grade cryptographic randomness reactor — a sealed entropy appliance with dual-signed VRF outputs (ECDSA + ML-DSA-65) engineered for:

  • 🔗 Blockchain consensus & L2 sequencers — 1000× faster than Chainlink VRF
  • 🎮 Fair gaming & NFT raffles — sub-15ms latency
  • 🏦 Financial systems under regulatory scrutiny — HSM-grade performance
  • 🛡️ Mission-critical infrastructure requiring provable fairness

⚡ Production-proven: 14ms median VRF latency, 23ms p95, validated on 100k+ requests

┌─────────────────────────────────────────────────────────────────────┐
│                                                                     │
│           ⚛️  SEALED ENTROPY CORE (re4_dump)                       │
│                         │                                           │
│                         │ 8-12ms compute                            │
│                         ▼                                           │
│           ┌─────────────────────────┐                              │
│           │   VRF / PQ Signature    │  ◄── ECDSA + ML-DSA-65       │
│           │   (Dual-Signed Output)  │      2-4ms signing           │
│           └─────────────────────────┘                              │
│                         │                                           │
│                         ▼                                           │
│           ╔═════════════════════════╗                              │
│           ║   HTTPS Gateway (API)   ║  ◄── /v1/random, /v1/vrf     │
│           ║   14ms median latency   ║      1-2ms network           │
│           ╚═════════════════════════╝                              │
│                         │                                           │
│                         ▼                                           │
│                   🌐 Public API                                     │
│                                                                     │
└─────────────────────────────────────────────────────────────────────┘

⚡ Quick Start

🔧 Local Development (HTTP, No TLS)

# Clone the repository
git clone https://github.com/pipavlo82/r4-prod.git
cd r4-prod

# Copy environment template
cp .env.example .env

# Start the stack
docker compose up -d

# Health check
curl http://127.0.0.1:8082/v1/health

# Get random bytes
curl -H "X-API-Key: demo" \
  "http://127.0.0.1:8082/v1/random?n=8&fmt=hex"

🌐 Production Deployment (VPS + HTTPS)

# 1. Configure DNS
# Create A record: api.re4ctor.com → <YOUR_VPS_IP>

# 2. SSH to VPS and clone
ssh user@your-vps-ip
git clone https://github.com/pipavlo82/r4-prod.git
cd r4-prod

# 3. Configure environment
cp .env.example .env
nano .env  # Set DOMAIN, CADDY_EMAIL, R4_API_KEY

# 4. Deploy
docker compose up -d

# 5. Verify HTTPS
curl https://api.re4ctor.com/v1/health
curl -H "X-API-Key: your-key" \
  "https://api.re4ctor.com/v1/random?n=8&fmt=hex"

🏗️ Architecture

┌───────────────────────────────────────────────────────────────────┐
│                         DOCKER STACK                              │
├───────────────────────────────────────────────────────────────────┤
│                                                                   │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐         │
│  │  r4-core    │───▶│   r4-vrf    │───▶│ r4-gateway  │         │
│  │   :8080     │    │   :8081     │    │   :8082     │         │
│  │             │    │             │    │             │         │
│  │  Entropy    │    │  VRF + PQ   │    │  Public API │         │
│  │  Engine     │    │  Signatures │    │  Endpoints  │         │
│  └─────────────┘    └─────────────┘    └─────────────┘         │
│         │                   │                   │                │
│         └───────────────────┴───────────────────┘                │
│                             ▼                                    │
│                    ┌─────────────────┐                          │
│                    │     Caddy       │  ◄─── Let's Encrypt      │
│                    │  :80 / :443     │       Auto-TLS           │
│                    │                 │                          │
│                    │  HTTPS Proxy    │                          │
│                    └─────────────────┘                          │
│                             │                                    │
└─────────────────────────────┼────────────────────────────────────┘
                              ▼
                         🌍 Internet
                    (api.re4ctor.com)

📦 Container Roles

Service Port Function
r4-core 8080 Sealed entropy appliance (/random)
r4-vrf 8081 VRF node with PQ signatures (/random_dual, /vrf)
r4-gateway 8082 Public HTTP API gateway (/v1/*)
caddy 80/443 HTTPS reverse proxy with auto-TLS

🎯 Core Features

🔬 Statistical Validation

  • TestU01 BigCrush passed
  • Dieharder suite validated
  • NIST SP 800-22 compliant
  • PractRand multi-GB runs

Complete reports available for compliance audits.

🛡️ FIPS Architecture

  • FIPS 140-3 design principles
  • FIPS 204 (ML-DSA-65) aligned
  • ✅ Documented KATs & entropy measurements
  • ✅ Ready for lab submission

⚛️ Post-Quantum VRF

  • Dual-signature scheme:
    • ECDSA(secp256k1) — smart contract compatible
    • ML-DSA-65 — quantum-resistant
  • ✅ No redesign needed for PQ upgrade
  • ✅ Open-source Solidity verifiers

🔒 Sealed Entropy Core

  • ✅ Signed binary with fail-closed mode
  • ✅ Continuous self-tests
  • ✅ Output halts on entropy degradation
  • ✅ No silent fallback to weak randomness

📊 Performance Metrics

⚡ VRF Latency (Production Benchmarks)

┌─────────────────────────────────────────────────────────────────────┐
│                    RE4CTOR VRF LATENCY                              │
├─────────────────────┬───────────────────────────────────────────────┤
│  Median (p50)       │  14.2 ms    ████████████████░░░░░░░░░░      │
│  Average            │  16.0 ms    ███████████████████░░░░░░░      │
│  Minimum            │  12.9 ms    █████████████░░░░░░░░░░░░░░     │
│  p95                │  23.0 ms    ██████████████████████████░░     │
│  p99                │  29.0 ms    ████████████████████████████░    │
│  Maximum            │  29.7 ms    █████████████████████████████    │
└─────────────────────┴───────────────────────────────────────────────┘

🔥 Industry Comparison

Service Latency Re4ctoR Advantage
Re4ctoR VRF 14ms (median)
Chainlink VRF 30–120 seconds 🚀 1000× faster
Drand / League of Entropy 3–30 seconds 🚀 200× faster
Random.org API 100–500 ms ⚡ 7–35× faster
AWS CloudHSM 10–50 ms ✅ On par with HSM

📈 Full Stack Metrics

┌──────────────────────┬─────────────────────────────────────────┐
│      METRIC          │              VALUE                      │
├──────────────────────┼─────────────────────────────────────────┤
│  ⚡ VRF Latency      │  14ms median, 23ms p95, 29ms p99       │
│  🔬 Quality          │  NIST SP 800-22, Dieharder, BigCrush   │
│  🛡️ PQ Signatures    │  ECDSA + ML-DSA-65 (FIPS 204)          │
│  🔐 Security Model   │  HSM-grade, sealed core                 │
│  📈 Throughput       │  100k+ requests/day (Pro tier)          │
│  🌐 Multi-region     │  Available in Enterprise plan           │
└──────────────────────┴─────────────────────────────────────────┘

💡 Note: Benchmarks measured on production VPS (gateway → VRF node → ECDSA signing → response). Your actual latency may vary based on network conditions and geographic location.

🌍 API Reference

Base URL

Production: https://api.re4ctor.com
Local Dev:  http://127.0.0.1:8082

Authentication

All requests require X-API-Key header:

curl -H "X-API-Key: your-api-key" \
  "https://api.re4ctor.com/v1/random?n=8"

Endpoints

GET /v1/health

Health check endpoint (no auth required)

curl https://api.re4ctor.com/v1/health

Response:

{
  "status": "ok",
  "timestamp": "2025-01-15T10:30:00Z",
  "version": "1.0.0"
}

GET /v1/random

Generate cryptographically secure random values

Parameters:

  • n (required): Number of 32-bit words (1-256)
  • fmt (optional): Output format — hex, base64, int (default: hex)

Example:

curl -H "X-API-Key: demo" \
  "https://api.re4ctor.com/v1/random?n=8&fmt=hex"

Response:

{
  "words": [
    "0x8f3a2b1c",
    "0x4e7d9a2f",
    "0xb5c8e1d6",
    "0x7a9f3e4b",
    "0xc2d5f8a9",
    "0x6b4e3c1f",
    "0x9a7d2e5c",
    "0x3f8b1d6a"
  ],
  "format": "hex",
  "timestamp": "2025-01-15T10:30:00Z"
}

GET /v1/vrf

Verifiable Random Function with cryptographic signatures

Parameters:

  • sig (optional): Signature scheme — ecdsa, ml-dsa-65, dual (default: ecdsa)

Example:

curl -H "X-API-Key: demo" \
  "https://api.re4ctor.com/v1/vrf?sig=dual"

Response:

{
  "value": "0xa7b3c9d2e5f18a4c",
  "timestamp": "2025-01-15T10:30:00Z",
  "signatures": {
    "ecdsa": {
      "r": "0x3045022100...",
      "s": "0x02204f8e...",
      "v": 27
    },
    "ml_dsa_65": {
      "signature": "0x7f8e9d3c...",
      "public_key": "0xa1b2c3d4..."
    }
  },
  "verification": {
    "ecdsa_verified": true,
    "ml_dsa_65_verified": true
  }
}

💰 Pricing Tiers

Plan Price Features Best For
🆓 Dev / Free $0/mo • 1,000 requests/day
• Shared gateway
• Basic endpoints
• 7-day logs 		Prototypes, CI/CD, Testing
⚡ Pro / Scale Custom • 100k+ requests/day
• SLA < 10ms
• Multi-region endpoints
• Priority support
• Quality reports 		Gaming, DeFi, NFT platforms
🏢 Enterprise Custom • Dedicated VPC/on-prem
• Full FIPS compliance
• ML-DSA-65 PQ signatures
• HSM integration
• Contractual SLAs 		Banks, L2s, Regulated systems

🎮 Use Cases

⛓️ Blockchain & L2 Sequencers

┌─────────────────────────────────────────────────────────────┐
│  Use Case:  Validator rotation, staking lotteries          │
│  Solution:  Dual-signed VRF outputs verified on-chain      │
│  Benefits:  Provable fairness, no central authority        │
│                                                             │
│  Performance: 14ms vs 30-120s (Chainlink VRF)             │
│  Advantage:   1000× faster, instant finality               │
└─────────────────────────────────────────────────────────────┘

Example: Solidity Integration

// Verify Re4ctoR VRF output on-chain
function verifyRandomness(
    bytes32 vrfOutput,
    bytes memory ecdsaSig,
    bytes memory mlDsaSig
) public view returns (bool) {
    // ECDSA verification (current contracts)
    bool ecdsaValid = verifyECDSA(vrfOutput, ecdsaSig);
    
    // ML-DSA-65 verification (quantum-resistant)
    bool mlDsaValid = verifyMLDSA(vrfOutput, mlDsaSig);
    
    return ecdsaValid && mlDsaValid;
}

🎮 Gaming & NFT Raffles

┌─────────────────────────────────────────────────────────────┐
│  Use Case:  Fair loot drops, raffle draws                  │
│  Solution:  Signed randomness + audit logs                 │
│  Benefits:  Mathematically provable fairness               │
│                                                             │
│  Performance: 14ms median latency                          │
│  Scale:       10,000+ draws/minute                         │
└─────────────────────────────────────────────────────────────┘

Real-world Example:

# NFT raffle with 1000 participants
curl -H "X-API-Key: your-key" \
  "https://api.re4ctor.com/v1/vrf?sig=dual"

Response time: 14ms
Winner selection: provably fair
Verification: on-chain + audit trail

🏦 Financial & Government Systems

┌─────────────────────────────────────────────────────────────┐
│  Use Case:  Regulatory compliance, auditable systems       │
│  Solution:  Complete artefact set (KAT, reports, docs)     │
│  Benefits:  FIPS 140-3 aligned, audit-ready                │
│                                                             │
│  Performance: 14ms (on par with AWS CloudHSM)              │
│  Compliance:  Full statistical validation reports          │
└─────────────────────────────────────────────────────────────┘

Compliance Bundle Includes:

  • ✅ NIST SP 800-22 validation reports
  • ✅ BigCrush / Dieharder test results
  • ✅ Architecture & threat model documentation
  • ✅ Known Answer Test (KAT) vectors
  • ✅ Continuous monitoring & audit logs

🔧 Configuration

Environment Variables

Create .env from .env.example:

cp .env.example .env

Key variables:

Variable Description Example
DOMAIN Public hostname for HTTPS api.re4ctor.com
CADDY_EMAIL Let's Encrypt email [email protected]
R4_API_KEY API authentication key your-secret-key-here
R4_STRICT_FIPS Enable strict FIPS mode (0/1) 1
R4_LOG_LEVEL Logging verbosity info

⚠️ Security: Never commit .env to version control!

🛡️ Security Best Practices

VPS Hardening

# 1. SSH key-only authentication
sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no

# 2. Firewall configuration
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp   # SSH
sudo ufw allow 80/tcp   # HTTP
sudo ufw allow 443/tcp  # HTTPS
sudo ufw enable

# 3. Fail2ban for SSH protection
sudo apt install fail2ban

Docker Security

# Run containers as non-root user
# (Already configured in docker-compose.yml)

# Regular updates
docker compose pull
docker compose up -d

# Monitor logs
docker compose logs -f

API Key Rotation

# 1. Generate new key
openssl rand -hex 32

# 2. Update .env
nano .env  # Set new R4_API_KEY

# 3. Restart services
docker compose restart

📚 Documentation & Artifacts

Available Resources

📁 Transparency Bundle
├── 📄 AUDIT.md              # Architecture & threat model
├── 📊 BENCHMARKS.md         # Performance metrics
├── 🔬 NIST-STS-Report.pdf   # Statistical validation
├── 🧪 BigCrush-Results.txt  # TestU01 output
├── 🔐 KAT-Vectors.json      # Known Answer Tests
└── 📦 SBOM.json             # Software Bill of Materials

Access Documentation

🔄 Maintenance & Updates

Run Your Own Benchmarks

Want to verify the latency claims? Run these benchmarks yourself:

Quick Test (10 requests)

for i in {1..10}; do
  time curl -s -H "X-API-Key: your-key" \
    "https://api.re4ctor.com/v1/vrf?sig=ecdsa" > /dev/null
done

Detailed Analysis (100 requests)

# Save to benchmark.sh
cat > benchmark.sh << 'EOF'
#!/bin/bash
echo "Running 100 VRF requests..."
for i in {1..100}; do
  START=$(date +%s%N)
  curl -s -H "X-API-Key: your-key" \
    "https://api.re4ctor.com/v1/vrf" > /dev/null
  END=$(date +%s%N)
  DIFF=$(( (END - START) / 1000000 ))
  echo "$DIFF"
done | tee latency.txt

echo ""
echo "Statistics:"
sort -n latency.txt | awk '
  BEGIN { sum=0; count=0; }
  { 
    values[count++] = $1; 
    sum += $1; 
  }
  END {
    print "Min:    " values[0] " ms"
    print "Median: " values[int(count/2)] " ms"
    print "Avg:    " sum/count " ms"
    print "p95:    " values[int(count*0.95)] " ms"
    print "p99:    " values[int(count*0.99)] " ms"
    print "Max:    " values[count-1] " ms"
  }
'
EOF

chmod +x benchmark.sh
./benchmark.sh

Expected Output

Running 100 VRF requests...
Statistics:
Min:    12 ms
Median: 14 ms
Avg:    16 ms
p95:    23 ms
p99:    29 ms
Max:    30 ms

🔄 Maintenance & Updates

Check Service Health

# View all container status
docker compose ps

# Check individual logs
docker compose logs -f r4-core
docker compose logs -f r4-vrf
docker compose logs -f r4-gateway
docker compose logs -f caddy

Update Stack

# Pull latest changes
git pull origin main

# Pull new images
docker compose pull

# Restart services
docker compose up -d

# Clean old images
docker image prune -a

Backup Configuration

# Backup environment
cp .env .env.backup

# Backup Caddy data (TLS certificates)
docker compose exec caddy tar czf - /data > caddy-backup.tar.gz

📞 Support & Community

🤝 Get Help

GitHub Issues Email GitHub

🐛 Report Issues

Found a bug? Open an issue

💡 Feature Requests

Have an idea? Start a discussion

📧 Contact

🗺️ Related Projects

Project Description Link
🏗️ r4-monorepo Core design, proofs, SDKs View →
🌐 r4-saas-api SaaS API reference implementation View →
🔧 r4-prod Production Docker stack You are here

📜 License

Proprietary — See LICENSE file for details.

For commercial licensing inquiries: [email protected]

┌─────────────────────────────────────────────────────────────────┐
│                                                                 │
│                 ⚛️  RE4CTOR — ENTROPY REACTOR                  │
│                                                                 │
│            Fairness you can prove. Cryptographically.          │
│                         On-chain.                              │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

⭐ Star this repo if you find it useful!

GitHub stars GitHub forks GitHub watchers

Built with ⚡ by Pavlo Tvardovskyi

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages