tlsnotary · sinui0 · Jan 8, 2026 · Jan 1, 2026 · Jan 8, 2026 · Jan 8, 2026
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/attestation/Cargo.toml b/crates/attestation/Cargo.toml
@@ -27,6 +27,7 @@ alloy-primitives = { version = "1.3.1", default-features = false }
 alloy-signer = { version = "1.0", default-features = false }
 alloy-signer-local = { version = "1.0", default-features = false }
 rand06-compat = { workspace = true }
+rangeset = { workspace = true }
 rstest = { workspace = true }
 tlsn-core = { workspace = true, features = ["fixtures"] }
 tlsn-data-fixtures = { workspace = true }

diff --git a/crates/attestation/src/builder.rs b/crates/attestation/src/builder.rs
@@ -5,7 +5,7 @@ use rand::{Rng, rng};
 use tlsn_core::{
     connection::{ConnectionInfo, ServerEphemKey},
     hash::HashAlgId,
-    transcript::{TranscriptCommitment, encoding::EncoderSecret},
+    transcript::TranscriptCommitment,
 };
 
 use crate::{
@@ -25,7 +25,6 @@ pub struct Sign {
     connection_info: Option<ConnectionInfo>,
     server_ephemeral_key: Option<ServerEphemKey>,
     cert_commitment: ServerCertCommitment,
-    encoder_secret: Option<EncoderSecret>,
     extensions: Vec<Extension>,
     transcript_commitments: Vec<TranscriptCommitment>,
 }
@@ -87,7 +86,6 @@ impl<'a> AttestationBuilder<'a, Accept> {
                 connection_info: None,
                 server_ephemeral_key: None,
                 cert_commitment,
-                encoder_secret: None,
                 transcript_commitments: Vec::new(),
                 extensions,
             },
@@ -108,12 +106,6 @@ impl AttestationBuilder<'_, Sign> {
         self
     }
 
-    /// Sets the secret for encoding commitments.
-    pub fn encoder_secret(&mut self, secret: EncoderSecret) -> &mut Self {
-        self.state.encoder_secret = Some(secret);
-        self
-    }
-
     /// Adds an extension to the attestation.
     pub fn extension(&mut self, extension: Extension) -> &mut Self {
         self.state.extensions.push(extension);
@@ -137,7 +129,6 @@ impl AttestationBuilder<'_, Sign> {
             connection_info,
             server_ephemeral_key,
             cert_commitment,
-            encoder_secret,
             extensions,
             transcript_commitments,
         } = self.state;
@@ -168,7 +159,6 @@ impl AttestationBuilder<'_, Sign> {
                 AttestationBuilderError::new(ErrorKind::Field, "handshake data was not set")
             })?),
             cert_commitment: field_id.next(cert_commitment),
-            encoder_secret: encoder_secret.map(|secret| field_id.next(secret)),
             extensions: extensions
                 .into_iter()
                 .map(|extension| field_id.next(extension))
@@ -253,8 +243,7 @@ mod test {
     use rstest::{fixture, rstest};
     use tlsn_core::{
         connection::{CertBinding, CertBindingV1_2},
-        fixtures::{ConnectionFixture, encoding_provider},
-        hash::Blake3,
+        fixtures::ConnectionFixture,
         transcript::Transcript,
     };
     use tlsn_data_fixtures::http::{request::GET_WITH_HEADER, response::OK_JSON};
@@ -285,13 +274,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_config = AttestationConfig::builder()
             .supported_signature_algs([SignatureAlgId::SECP256R1])
@@ -310,13 +293,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_config = AttestationConfig::builder()
             .supported_signature_algs([SignatureAlgId::SECP256K1])
@@ -336,13 +313,7 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection,
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } = request_fixture(transcript, connection, Vec::new());
 
         let attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -363,13 +334,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let mut attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -393,13 +359,8 @@ mod test {
         let transcript = Transcript::new(GET_WITH_HEADER, OK_JSON);
         let connection = ConnectionFixture::tlsnotary(transcript.length());
 
-        let RequestFixture { request, .. } = request_fixture(
-            transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
-            connection.clone(),
-            Blake3::default(),
-            Vec::new(),
-        );
+        let RequestFixture { request, .. } =
+            request_fixture(transcript, connection.clone(), Vec::new());
 
         let mut attestation_builder = Attestation::builder(attestation_config)
             .accept_request(request)
@@ -432,9 +393,7 @@ mod test {
 
         let RequestFixture { request, .. } = request_fixture(
             transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
             connection.clone(),
-            Blake3::default(),
             vec![Extension {
                 id: b"foo".to_vec(),
                 value: b"bar".to_vec(),
@@ -461,9 +420,7 @@ mod test {
 
         let RequestFixture { request, .. } = request_fixture(
             transcript,
-            encoding_provider(GET_WITH_HEADER, OK_JSON),
             connection.clone(),
-            Blake3::default(),
             vec![Extension {
                 id: b"foo".to_vec(),
                 value: b"bar".to_vec(),

diff --git a/crates/attestation/src/fixtures.rs b/crates/attestation/src/fixtures.rs
@@ -2,11 +2,7 @@
 use tlsn_core::{
     connection::{CertBinding, CertBindingV1_2},
     fixtures::ConnectionFixture,
-    hash::HashAlgorithm,
-    transcript::{
-        Transcript, TranscriptCommitConfigBuilder, TranscriptCommitment,
-        encoding::{EncodingProvider, EncodingTree},
-    },
+    transcript::{Transcript, TranscriptCommitConfigBuilder, TranscriptCommitment},
 };
 
 use crate::{
@@ -21,16 +17,13 @@ use crate::{
 /// A Request fixture used for testing.
 #[allow(missing_docs)]
 pub struct RequestFixture {
-    pub encoding_tree: EncodingTree,
     pub request: Request,
 }
 
 /// Returns a request fixture for testing.
 pub fn request_fixture(
     transcript: Transcript,
-    encodings_provider: impl EncodingProvider,
     connection: ConnectionFixture,
-    encoding_hasher: impl HashAlgorithm,
     extensions: Vec<Extension>,
 ) -> RequestFixture {
     let provider = CryptoProvider::default();
@@ -50,16 +43,10 @@ pub fn request_fixture(
         .unwrap();
     let transcripts_commitment_config = transcript_commitment_builder.build().unwrap();
 
-    // Prover constructs encoding tree.
-    let encoding_tree = EncodingTree::new(
-        &encoding_hasher,
-        transcripts_commitment_config.iter_encoding(),
-        &encodings_provider,
-    )
-    .unwrap();
-
     let mut builder = RequestConfig::builder();
 
+    builder.transcript_commit(transcripts_commitment_config);
+
     for extension in extensions {
         builder.extension(extension);
     }
@@ -74,10 +61,7 @@ pub fn request_fixture(
 
     let (request, _) = request_builder.build(&provider).unwrap();
 
-    RequestFixture {
-        encoding_tree,
-        request,
-    }
+    RequestFixture { request }
 }
 
 /// Returns an attestation fixture for testing.

diff --git a/crates/attestation/src/lib.rs b/crates/attestation/src/lib.rs
@@ -79,8 +79,6 @@
 //!
 //! // Specify all the transcript commitments we want to make.
 //! builder
-//!     // Use BLAKE3 for encoding commitments.
-//!     .encoding_hash_alg(HashAlgId::BLAKE3)
 //!     // Commit to all sent data.
 //!     .commit_sent(&(0..sent_len))?
 //!     // Commit to the first 10 bytes of sent data.
@@ -129,7 +127,7 @@
 //!
 //! ```no_run
 //! # use tlsn_attestation::{Attestation, CryptoProvider, Secrets, presentation::Presentation};
-//! # use tlsn_core::transcript::{TranscriptCommitmentKind, Direction};
+//! # use tlsn_core::transcript::Direction;
 //! # fn main() -> Result<(), Box<dyn std::error::Error>> {
 //! # let attestation: Attestation = unimplemented!();
 //! # let secrets: Secrets = unimplemented!();
@@ -140,8 +138,6 @@
 //! let mut builder = secrets.transcript_proof_builder();
 //!
 //! builder
-//!     // Use transcript encoding commitments.
-//!     .commitment_kinds(&[TranscriptCommitmentKind::Encoding])
 //!     // Disclose the first 10 bytes of the sent data.
 //!     .reveal(&(0..10), Direction::Sent)?
 //!     // Disclose all of the received data.
@@ -219,7 +215,7 @@ use tlsn_core::{
     connection::{ConnectionInfo, ServerEphemKey},
     hash::{Hash, HashAlgorithm, TypedHash},
     merkle::MerkleTree,
-    transcript::{TranscriptCommitment, encoding::EncoderSecret},
+    transcript::TranscriptCommitment,
 };
 
 use crate::{
@@ -301,8 +297,6 @@ pub enum FieldKind {
     ServerEphemKey = 0x02,
     /// Server identity commitment.
     ServerIdentityCommitment = 0x03,
-    /// Encoding commitment.
-    EncodingCommitment = 0x04,
     /// Plaintext hash commitment.
     PlaintextHash = 0x05,
 }
@@ -327,7 +321,6 @@ pub struct Body {
     connection_info: Field<ConnectionInfo>,
     server_ephemeral_key: Field<ServerEphemKey>,
     cert_commitment: Field<ServerCertCommitment>,
-    encoder_secret: Option<Field<EncoderSecret>>,
     extensions: Vec<Field<Extension>>,
     transcript_commitments: Vec<Field<TranscriptCommitment>>,
 }
@@ -373,7 +366,6 @@ impl Body {
             connection_info: conn_info,
             server_ephemeral_key,
             cert_commitment,
-            encoder_secret,
             extensions,
             transcript_commitments,
         } = self;
@@ -391,13 +383,6 @@ impl Body {
             ),
         ];
 
-        if let Some(encoder_secret) = encoder_secret {
-            fields.push((
-                encoder_secret.id,
-                hasher.hash_separated(&encoder_secret.data),
-            ));
-        }
-
         for field in extensions.iter() {
             fields.push((field.id, hasher.hash_separated(&field.data)));
         }

diff --git a/crates/attestation/src/presentation.rs b/crates/attestation/src/presentation.rs
@@ -91,11 +91,6 @@ impl Presentation {
                 transcript.verify_with_provider(
                     &provider.hash,
                     &attestation.body.connection_info().transcript_length,
-                    attestation
-                        .body
-                        .encoder_secret
-                        .as_ref()
-                        .map(|field| &field.data),
                     attestation.body.transcript_commitments(),
                 )
             })