Basic

Git Source

APK verifier based 'basic' scheme.

*Light client's state is initialized with a commitment 'C0' to the ('genesis') validator set of the era #0 (and some technical stuff, like public parameters). When an era (tautologically, a validator set) changes, a helper provides:

  1. the commitment 'C1' to the new validator set,
  2. an aggregate signature 'asig0' of a subset of validators of the previous era on the new commitment 'C1',
  3. an aggregate public key 'apk0' of this subset of validators,
  4. a bitmask 'b0' identifying this subset in the whole set of the validators of the previous era, and
  5. a proof 'p0', that attests that the key 'apk0' is indeed the aggregate public key of a subset identified by 'b0' of the set of the validators, identified by the commitment 'C0', of the previous era. All together this is ('C1', 'asig0', 'apk0', 'b0', 'p0'). The light client:
  6. makes sure that the key 'apk0' is correct by verifying the proof 'p0': apk_verify('apk0', 'b0', 'C0'; 'p0') == true
  7. verifies the aggregate signature 'asig0' agains the key 'apk0': bls_verify('asig0', 'apk0', 'C1') == true
  8. If both checks passed and the bitmask contains enough (say, >2/3 of) signers, updates its state to the new commitment 'C1'.*

State Variables

pks_comm

Genesis validator set of the era #0.

KeysetCommitment public pks_comm;

QUORUM

The majority amount of signers.

uint256 internal constant QUORUM = 171;

Functions

constructor

Init.

constructor(Bw6G1[2] memory c0);

Parameters

NameTypeDescription
c0Bw6G1[2]The commitment 'C0' the genesis validator set.

domain

Only for fields that have a large multiplicative subgroup of size that is a power-of-2.

Domain used to interpolate pks.

function domain() internal pure returns (Radix2EvaluationDomain memory);

verify_aggregates

*Core function aggregate all verify.

  1. apk_verify.
  2. bls_verify.
  3. threhold check.*
function verify_aggregates(
    AccountablePublicInput calldata public_input,
    SimpleProof calldata proof,
    Bls12G2 calldata aggregate_signature,
    KeysetCommitment calldata new_validator_set_commitment
) external view returns (bool);

Parameters

NameTypeDescription
public_inputAccountablePublicInputAccountable public input.
proofSimpleProofSimple proof of basic scheme.
aggregate_signatureBls12G2
new_validator_set_commitmentKeysetCommitmentThe commitment is to the upcoming validator set.

Returns

NameTypeDescription
<none>boolResult of the verify.

verify_bls

Verify BLS aggregate signature.

function verify_bls(
    Bls12G1 memory aggregate_public_key,
    Bls12G2 memory aggregate_signature,
    KeysetCommitment calldata new_validator_set_commitment
) internal view returns (bool);

Parameters

NameTypeDescription
aggregate_public_keyBls12G1Aggregate public key.
aggregate_signatureBls12G2Aggregate signature.
new_validator_set_commitmentKeysetCommitmentThe commitment is to the upcoming validator set.

Returns

NameTypeDescription
<none>boolResult of the verify.

verify_simple

APK verify for basic scheme.

function verify_simple(AccountablePublicInput calldata public_input, SimpleProof calldata proof)
    internal
    view
    returns (bool);

Parameters

NameTypeDescription
public_inputAccountablePublicInputAccountable public input.
proofSimpleProofSimple proof of basic scheme.

Returns

NameTypeDescription
<none>boolResult of the verify.

restore_challenges

Restore challenges.

function restore_challenges(
    AccountablePublicInput calldata public_input,
    SimpleProof calldata proof,
    uint256 batch_size
) internal view returns (Challenges memory, Transcript memory);

Parameters

NameTypeDescription
public_inputAccountablePublicInputAccountable public input.
proofSimpleProofSimple proof of basic scheme.
batch_sizeuint256

Returns

NameTypeDescription
<none>ChallengesTuple of challenges and transcipt.
<none>Transcript

validate_evaluations

Validate evaluations.

function validate_evaluations(
    SimpleProof memory proof,
    AffineAdditionEvaluations memory protocol,
    Challenges memory challenges,
    Transcript memory fsrng,
    LagrangeEvaluations memory evals_at_zeta
) internal view;

Parameters

NameTypeDescription
proofSimpleProofSimple proof of basic scheme.
protocolAffineAdditionEvaluationsProtocol of batch scheme.
challengesChallengesRestored challenges.
fsrngTranscriptFiat shamir rng.
evals_at_zetaLagrangeEvaluationsLagrange evaluations at zeta.

kzg_pvk

KZG verifier key.

function kzg_pvk() internal pure returns (RVK memory);

Returns

NameTypeDescription
<none>RVKKZG raw verifier key.