Implement internal PCCS by ameba23 · Pull Request #144 · flashbots/attested-tls-proxy

ameba23 · 2026-02-26T14:22:54Z

This is intended to speed up verification.

Related issue: #27

Summary

Added a Pccs collateral cache component and wired DCAP verification to use it instead of fetching collateral directly each time.
Implemented cached collateral lookup plus explicit refresh behavior for stale entries.
Updated attestation verifier construction to initialize and carry an internal Pccs instance.

Added new module: pccs.rs (/home/pumkin/src/flashbots/attested-tls-proxy/attested-tls/src/attestation/pccs.rs)
- Pccs::get_collateral now returns (collateral, is_fresh) to indicate cache hit vs network fetch.
- Pccs::refresh_collateral always refetches and overwrites cache.
Updated DCAP flow in dcap.rs (/home/pumkin/src/flashbots/attested-tls-proxy/attested-tls/src/attestation/dcap.rs)
- Uses Pccs for collateral retrieval.
- Retries verification once with refreshed collateral only when the first attempt used cached collateral.
- Avoids redundant second verification when first attempt already used fresh collateral.
Updated verifier wiring in mod.rs (/home/pumkin/src/flashbots/attested-tls-proxy/attested-tls/src/attestation/mod.rs), plus call-site updates in main.rs (/home/pumkin/src/flashbots/
attested-tls-proxy/src/main.rs) and lib.rs (/home/pumkin/src/flashbots/attested-tls-proxy/src/lib.rs).

Implement internal PCCS

f74f944

ameba23 marked this pull request as draft February 26, 2026 14:22

ameba23 added 3 commits February 27, 2026 08:30

Add proactive updating

baf3530

Add test mock PCS server

49ec6ac

Add test for PCCS

4d3fedf