feat(mix): use LIONESS for Sphinx payload encryption

[chaitanyaprem]

Summary

Replaces AES-CTR delta (payload) encryption in the Sphinx mix protocol with LIONESS, a wide-block PRP. Header encryption stays AES-CTR — only the payload is migrating.

This closes the payload integrity gap as per logos-co/logos-lips#306: under AES-CTR, tampering past the leading-zeros window was undetectable because XOR encryption is malleable. With LIONESS, any single-bit flip in the ciphertext diffuses across the whole plaintext on decrypt, scrambling the leading-zeros tag at the exit hop. The integrity test from #2233 is included verbatim and now passes.

processReply additionally verifies the leading-zeros tag after unwrapping (was unchecked under AES-CTR).

For construction details see the design notes. A formal spec update is in progress (logos-co/logos-lips#306).

Affected Areas

• Protocol Logic — Mix protocol payload encryption (Sphinx delta)

Compatibility & Downstream Validation

Wire-incompatible with prior AES-CTR-only nodes on the payload path. Header format unchanged.

• Nimbus: N/A
• Waku: integrated and verified end-to-end via 5-mix-node simulation in logos-messaging/logos-delivery#3837 — cover traffic exercises encrypt → multi-hop forward → unwrap with zero LIONESS errors
• Codex: Not yet integrated with Mix

Impact on Library Users

• No public API surface change in mix_protocol.nim.
• New module libp2p/protocols/mix/lioness.nim exports the standalone cipher.
• Operators must roll all mix nodes together due to the wire-incompatible payload format.

Risk Assessment

Payload encryption is security-critical. Requesting review from cryptography researchers before merge — round structure, SHAKE128 KDF, and key-derivation chain are the focus areas.

References

• Spec issue: Mix spec breaks message integrity logos-co/logos-lips#306
• Design notes: https://hackmd.io/@codex-storage/SkRHiWKo-l
• Reference implementation (Rust): https://github.com/mghazwi/lioness_blockcipher
• Original integrity demonstration: test(mix): test delta integrity beyond leading zeros #2233

Additional Notes

• No new top-level dependencies.
• 166/166 mix tests pass (13 new LIONESS tests, 1 new Sphinx integrity test).
• Draft pending spec finalisation.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 94.85294% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.58%. Comparing base (9a9b776) to head (99774ab).

Files with missing lines	Patch %	Lines
libp2p/protocols/mix/sphinx.nim	89.83%	6 Missing ⚠️
libp2p/protocols/mix/mix_protocol.nim	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2349      +/-   ##
==========================================
+ Coverage   73.48%   73.58%   +0.10%     
==========================================
  Files         168      169       +1     
  Lines       22254    22362     +108     
  Branches       20       20              
==========================================
+ Hits        16353    16455     +102     
- Misses       5901     5907       +6     

Files with missing lines	Coverage Δ
libp2p/protocols/mix/lioness.nim	100.00% <100.00%> (ø)
libp2p/protocols/mix/mix_protocol.nim	80.43% <66.66%> (-0.32%)	⬇️
libp2p/protocols/mix/sphinx.nim	72.67% <89.83%> (+0.48%)	⬆️

... and 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[chaitanyaprem]

Closing this PR as this will be now tracked at logos-co/nim-libp2p-mix#1