test(v3): cross-ciphertext equality via per-type doubles fixtures (CIP-3141)

[tobyhede]

Stacked on #293 (function-double oracles). Merge #293 first.

What

Proves "two independent encryptions of one value compare equal" for every comparison-capable eql_v3 scalar, credential-free in the fixture suite — not only in the creds-gated e2e suite.

The matrix's curated fixtures have unique plaintexts (the scalars::* matrix asserts the table equals fixture_values() exactly), so they can only exercise equality-true on self-pairs (same ciphertext). To cover equality across distinct ciphertexts without fresh test-time encryption, each comparison type gets a tiny sibling table fixtures.eql_v2_<T>_doubles — the first three catalog values, each encrypted twice — read ONLY by the new property::cross_ciphertext test. The matrix and its curated fixtures are untouched.

Covers both equality mechanisms for all 7 types (int2/int4/int8/date/timestamptz/numeric/text):

• hm/HMAC via the _eq domain (assert_eq_oracle),
• ORE ob via the _ord / _ord_ore domains, where = routes through compare_ore_block_256_terms(...) = 0 (a structural guarantee — the Lewi-Wu comparator decides equality on deterministic PRP + LEFT bytes only).

Changes

• fixtures/eql_doubles.rs — per-type non-catalog FixtureSpec generators (the v3_numeric_collision pattern, generalized), wired into fixture:generate:all.
• fixture_oracle.rs — embedded_doubles_sql / load_doubles_rows.
• property/cross_ciphertext.rs — the focused test: distinct-ciphertext pair + =/<> through hm and both ORE domains, per type.
• Docs: README, coverage analysis, and the test(sqlx): eql_v3 SQL-function property tests (CIP-3141) #293 CHANGELOG entry corrected (the fixture suite now covers cross-ciphertext too).

The generated eql_v2_<T>_doubles.sql fixtures are gitignored; CI regenerates them in test:sqlx:prep.

Testing

• No-DB: macro tests + doubles unit test green.
• DB-backed (matrix-green on curated fixtures + the 7 cross_ciphertext_* tests + fixture regen) run in CI.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dd5b6c74-03bb-4668-811d-cd9585c8e69c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch v3-property-cross-ciphertext

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}