L{CORE} Device SDK
A description of the data submission process for L{CORE}
L{CORE} Device SDK
Robust, standards-based authentication & secure messaging for every IoT form-factor. Purpose-built for the Cartesi-enabled L{CORE} smart-city stack.
WHY IT MATTERS
• Device-grade crypto with no OpenSSL headaches; compiles on ESP32, Nordic, Linux, RISC-V test rigs, and the Cartesi VM tool-chain. • Drop-in W3C DID + IETF JOSE primitives so every sensor or gateway can prove who it is and sign its payloads. • A clean separation between “core standards code” and “platform glue” keeps firmware small while letting vendors use their own radio stacks, RTOSes or secure elements. • Designed end-to-end for the L{CORE} dual-encryption & zk-proof pipeline: every field, signature and nonce is exactly the format the Rollup expects.
WHAT YOU GET OUT-OF-THE-BOX - DID document generation & persistence (C API) - ES-256 and ES-512 signing / verification via ARM PSA or mbedTLS - JWT, JWS, JWE helpers for tiny MCUs (no dynamic alloc required) - Hardware-abstraction layer for RNG, key storage, secure counters - Reference PALs for ESP32, Arduino AVR, Nordic nRF, generic Linux - CMake tool-chain that fetches mbedTLS when the host lacks it - Extensive test-suite & CI cross-compilation matrix
INSIDE THE SDK
lcore-device-sdk/
├── core/ # platform-neutral logic
│ ├── psa/ # crypto abstraction (ARM PSA or mbedTLS)
│ ├── dids/ # DID, DIDComm, Verifiable Credentials
│ └── jose/ # JOSE / JWT helpers
└── pal/ # platform adaptation layer
├── esp32/
├── arduino/
├── linux/
└── nordic/Core Layer • Pure C (no std lib malloc by default) • Opaque handles for documents & keys keep user code simple • DID, JOSE and PSA modules share a tiny “utils” crate for base64url, CBOR & JSON helpers
PAL Layer
• Implements board-specific I/O, entropy, secure storage
• Exposes a single header lcore_pal.h; switching boards is a re-compile, not a rewrite
SECURITY & CRYPTOGRAPHIC DESIGN
Algorithm set (all pure-software, constant-time): • ECDSA P-256 (ES-256) & P-521 (ES-512) signatures • SHA-256 hashing for device IDs & integrity checks • AES-256-GCM and XChaCha20-Poly1305 for payload encryption (mirrors the Rollup logic) • Deterministic, counter-based nonce generation so low-power devices don’t need RTCs
Hardware off-load ready. The PSA layer can forward AES / ECDSA to a secure element or cryptographic accelerator if present.
DEVICE → L{CORE} ROLLUP FLOW
(1) SDK signs a JSON sensor payload as a compact JWS (header + payload + ES-256 signature). (2) HTTP or MQTT client sends the packet to the L{CORE} Gateway. (3) Gateway verifies the signature with the public key from the device’s DID document, strips any PII and forwards the clean packet to the Rollups node. (4) Inside the Cartesi VM the packet enters the dual-encryption pipeline; proofs and commitments are later verified on KC-Chain.
HELLO WORLD IN 5 MINUTES
git clone https://github.com/your-org/IoT-LCORE
cd IoT-LCORE/lcore-device-sdk
cmake -B build -DLCORE_BUILD_EXAMPLES=ON
cmake --build build --target example_esp32_sensor # or any other exampleFlash (ESP32 example)
esptool.py --chip esp32 --port /dev/ttyUSB0 write_flash 0x10000 build/example_esp32_sensor.binThe sample app boots, generates a DID, signs mock temperature data every 10 s and POSTs it to the default Gateway endpoint http://gateway.local:3001/device/data.
—
Built for the L{CORE} vision of privacy-preserving, verifiable smart-city infrastructure; and as lightweight as the sensors it secures.
Last updated