notary/internal/tlog: implement algorithms for tamper-evident log

This is part of a design sketch for a Go module notary.
Eventually the code will live outside

This CL implements the core algorithms for a tamper-evident log
as introduced by Crosby & Wallach's USENIX Security 2009 paper
“Efficient Data Structures for Tamper-Evident Logging”
and later refined by RFC 6962 for Certificate Transparency.

The proof format in this package matches Certificate Transparency.

Change-Id: Icdef1d1abe902ef6e9351af2dd79978f4ca37d75
Reviewed-by: Filippo Valsorda <>
3 files changed
tree: 6e68709f801f7f285cc46a588050f328f8e81189
  1. .gitattributes
  2. .gitignore
  9. apidiff/
  10. cmd/
  11. codereview.cfg
  12. ebnf/
  13. ebnflint/
  14. errors/
  15. fsnotify/
  16. inotify/
  17. io/
  18. mmap/
  19. notary/
  20. old/
  21. rand/
  22. shiny/
  23. shootout/
  24. utf8string/
  25. winfsnotify/


This subrepository holds experimental and deprecated (in the old directory) packages.

The idea for this subrepository originated as the pkg/exp directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get these packages.

Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.

In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)

Caveat emptor.