LP-177 mirrors HIP-0103 into Lux. Lux bridge contracts running under
LUX_STRICT_PQ refuse any inbound state root that does not carry a
strict-PQ profile byte (0x01, 0x04, 0x05) and pass a
field-byte-equality check on the counterparty's canonical profile
fields. Counterparty finality is verified by checking a Pulsar-65
threshold ML-DSA-65 signature (FIPS 204) over a remote Q-Chain block
transcript (LP-170 / HIP-0079). High-value transfers above the
per-asset cap require a HIP-0098 / LP-178 governance authorisation
signed by Pulsar-87.
ProfileID: 0x01 (ProfileLuxStrictPQ)
ProfileName: LUX_STRICT_PQ
HashSuiteID: SHA3_NIST (0x01)
IdentitySchemeID: ML_DSA_65 (0x42)
FinalitySchemeID: PULSAR_M_65 (0x52)
HighValueSchemeID: PULSAR_M_87 (0x53)
ProofPolicyID: STARK_FRI_SHA3_PQ (0x10)
MinSoundnessBits: 128
MinHashOutputBits: 384
RequireTransparent: true
ForbidPairings: true
ForbidKZG: true
ForbidTrustedSetup: true
ForbidClassicalSNARKs: true
ForbidDevProofs: true
ForbidFallbacks: true
luxfi/consensus/protocol/auth/bridge_profile.go is the canonicalreference. Existing bridge programs under LP-017 are extended with
the strict-PQ profile-equality precondition.
REQUIRE the LP-178 governance-auth path.
group_public_key_hash is pinned at first bridge sync;committee substitution requires explicit governance rotation.
luxfi/consensus/protocol/auth/testdata/bridge_profile_v1.json.A Lux bridge instance on LUX_STRICT_PQ MUST refuse any inbound
state whose counterparty_profile is not in {0x01, 0x04, 0x05} or
whose canonical fields disagree byte-for-byte with the strict-PQ
template. Operators that need to bridge to a permissive-profile chain
MUST run a separate bridge instance under profile 0x02, isolated
from the strict-PQ side.
luxfi/consensus/protocol/auth/bridge_profile.go.