Basic

Git Source

APK verifier based 'basic' scheme.

*Light client's state is initialized with a commitment 'C0' to the ('genesis') validator set of the era #0 (and some technical stuff, like public parameters). When an era (tautologically, a validator set) changes, a helper provides:

1. the commitment 'C1' to the new validator set,
2. an aggregate signature 'asig0' of a subset of validators of the previous era on the new commitment 'C1',
3. an aggregate public key 'apk0' of this subset of validators,
4. a bitmask 'b0' identifying this subset in the whole set of the validators of the previous era, and
5. a proof 'p0', that attests that the key 'apk0' is indeed the aggregate public key of a subset identified by 'b0' of the set of the validators, identified by the commitment 'C0', of the previous era. All together this is ('C1', 'asig0', 'apk0', 'b0', 'p0'). The light client:
6. makes sure that the key 'apk0' is correct by verifying the proof 'p0': apk_verify('apk0', 'b0', 'C0'; 'p0') == true
7. verifies the aggregate signature 'asig0' agains the key 'apk0': bls_verify('asig0', 'apk0', 'C1') == true
8. If both checks passed and the bitmask contains enough (say, >2/3 of) signers, updates its state to the new commitment 'C1'.*

State Variables

pks_comm

Genesis validator set of the era #0.

KeysetCommitment public pks_comm;

QUORUM

The majority amount of signers.

uint256 internal constant QUORUM = 171;

Functions

constructor

Init.

constructor(Bw6G1[2] memory c0);

Parameters

domain

Only for fields that have a large multiplicative subgroup of size that is a power-of-2.

Domain used to interpolate pks.

function domain() internal pure returns (Radix2EvaluationDomain memory);

verify_aggregates

*Core function aggregate all verify.

1. apk_verify.
2. bls_verify.
3. threhold check.*

function verify_aggregates(
    AccountablePublicInput calldata public_input,
    SimpleProof calldata proof,
    Bls12G2 calldata aggregate_signature,
    KeysetCommitment calldata new_validator_set_commitment
) external view returns (bool);

Parameters

Returns

verify_bls

Verify BLS aggregate signature.

function verify_bls(
    Bls12G1 memory aggregate_public_key,
    Bls12G2 memory aggregate_signature,
    KeysetCommitment calldata new_validator_set_commitment
) internal view returns (bool);

Parameters

Returns

verify_simple

APK verify for basic scheme.

function verify_simple(AccountablePublicInput calldata public_input, SimpleProof calldata proof)
    internal
    view
    returns (bool);

Parameters

Returns

restore_challenges

Restore challenges.

function restore_challenges(
    AccountablePublicInput calldata public_input,
    SimpleProof calldata proof,
    uint256 batch_size
) internal view returns (Challenges memory, Transcript memory);

Parameters

Returns

validate_evaluations

Validate evaluations.

function validate_evaluations(
    SimpleProof memory proof,
    AffineAdditionEvaluations memory protocol,
    Challenges memory challenges,
    Transcript memory fsrng,
    LagrangeEvaluations memory evals_at_zeta
) internal view;

Parameters

kzg_pvk

KZG verifier key.

function kzg_pvk() internal pure returns (RVK memory);

Returns