github.com/algorand/go-algorand-sdk@v1.24.0/types/stateproof.go (about) 1 package types 2 3 import ( 4 "bytes" 5 "crypto/sha256" 6 "crypto/sha512" 7 ) 8 9 // MessageHash represents the message that a state proof will attest to. 10 type MessageHash [32]byte 11 12 // StateProofType identifies a particular configuration of state proofs. 13 type StateProofType uint64 14 15 const ( 16 // StateProofBasic is our initial state proof setup. using falcon keys and subset-sum hash 17 StateProofBasic StateProofType = 0 18 19 // NumStateProofTypes is the max number of types of state proofs 20 // that we support. This is used as an allocation bound for a map 21 // containing different stateproof types in msgpack encoding. 22 NumStateProofTypes int = 1 23 24 // MaxReveals is a bound on allocation and on numReveals to limit log computation 25 MaxReveals int = 640 26 27 // MaxEncodedTreeDepth is the maximum tree depth (root only depth 0) for a tree which 28 // is being encoded (either by msbpack or by the fixed length encoding) 29 MaxEncodedTreeDepth = 16 30 31 // MaxNumLeavesOnEncodedTree is the maximum number of leaves allowed for a tree which 32 // is being encoded (either by msbpack or by the fixed length encoding) 33 MaxNumLeavesOnEncodedTree = 1 << MaxEncodedTreeDepth 34 ) 35 36 // GenericDigest is a digest that implements CustomSizeDigest, and can be used as hash output. 37 //msgp:allocbound GenericDigest MaxHashDigestSize 38 type GenericDigest []byte 39 40 // ToSlice is used inside the Tree itself when interacting with TreeDigest 41 func (d GenericDigest) ToSlice() []byte { return d } 42 43 // IsEqual compare two digests 44 func (d GenericDigest) IsEqual(other GenericDigest) bool { 45 return bytes.Equal(d, other) 46 } 47 48 // IsEmpty checks wether the generic digest is an empty one or not 49 func (d GenericDigest) IsEmpty() bool { 50 return len(d) == 0 51 } 52 53 // Sumhash512DigestSize The size in bytes of the sumhash checksum 54 const Sumhash512DigestSize = 64 55 56 //size of each hash 57 const ( 58 Sha512_256Size = sha512.Size256 59 SumhashDigestSize = Sumhash512DigestSize 60 Sha256Size = sha256.Size 61 ) 62 63 // HashType represents different hash functions 64 type HashType uint16 65 66 // types of hashes 67 const ( 68 Sha512_256 HashType = iota 69 Sumhash 70 Sha256 71 MaxHashType 72 ) 73 74 // HashFactory is responsible for generating new hashes accordingly to the type it stores. 75 //msgp:postunmarshalcheck HashFactory Validate 76 type HashFactory struct { 77 _struct struct{} `codec:",omitempty,omitemptyarray"` 78 79 HashType HashType `codec:"t"` 80 } 81 82 // Proof is used to convince a verifier about membership of leaves: h0,h1...hn 83 // at indexes i0,i1...in on a tree. The verifier has a trusted value of the tree 84 // root hash. 85 type Proof struct { 86 _struct struct{} `codec:",omitempty,omitemptyarray"` 87 88 // Path is bounded by MaxNumLeavesOnEncodedTree since there could be multiple reveals, and 89 // given the distribution of the elt positions and the depth of the tree, 90 // the path length can increase up to 2^MaxEncodedTreeDepth / 2 91 Path []GenericDigest `codec:"pth,allocbound=MaxNumLeavesOnEncodedTree/2"` 92 HashFactory HashFactory `codec:"hsh"` 93 // TreeDepth represents the depth of the tree that is being proven. 94 // It is the number of edges from the root to a leaf. 95 TreeDepth uint8 `codec:"td"` 96 } 97 98 const MerkleSignatureSchemeRootSize = SumhashDigestSize 99 100 // Commitment represents the root of the vector commitment tree built upon the MSS keys. 101 type Commitment [MerkleSignatureSchemeRootSize]byte 102 103 // Verifier is used to verify a merklesignature.Signature produced by merklesignature.Secrets. 104 type Verifier struct { 105 _struct struct{} `codec:",omitempty,omitemptyarray"` 106 107 Commitment Commitment `codec:"cmt"` 108 KeyLifetime uint64 `codec:"lf"` 109 } 110 111 // A Participant corresponds to an account whose AccountData.Status 112 // is Online, and for which the expected sigRound satisfies 113 // AccountData.VoteFirstValid <= sigRound <= AccountData.VoteLastValid. 114 // 115 // In the Algorand ledger, it is possible for multiple accounts to have 116 // the same PK. Thus, the PK is not necessarily unique among Participants. 117 // However, each account will produce a unique Participant struct, to avoid 118 // potential DoS attacks where one account claims to have the same VoteID PK 119 // as another account. 120 type Participant struct { 121 _struct struct{} `codec:",omitempty,omitemptyarray"` 122 123 // PK is the identifier used to verify the signature for a specific participant 124 PK Verifier `codec:"p"` 125 126 // Weight is AccountData.MicroAlgos. 127 Weight uint64 `codec:"w"` 128 } 129 130 // MerkleSignature represents a Falcon signature in a compressed-form 131 //msgp:allocbound MerkleSignature FalconMaxSignatureSize 132 type MerkleSignature []byte 133 134 // SingleLeafProof is used to convince a verifier about membership of a specific 135 // leaf h at index i on a tree. The verifier has a trusted value of the tree 136 // root hash. it corresponds to merkle verification path. 137 type SingleLeafProof struct { 138 _struct struct{} `codec:",omitempty,omitemptyarray"` 139 140 Proof 141 } 142 143 // FalconPublicKeySize pulled out of falcon.go 144 const FalconPublicKeySize = 0x701 145 146 // FalconPublicKey is a wrapper for cfalcon.PublicKeySizey (used for packing) 147 type FalconPublicKey [FalconPublicKeySize]byte 148 149 // FalconVerifier implements the type Verifier interface for the falcon signature scheme. 150 type FalconVerifier struct { 151 _struct struct{} `codec:",omitempty,omitemptyarray"` 152 153 PublicKey FalconPublicKey `codec:"k"` 154 } 155 156 // FalconSignatureStruct represents a signature in the merkle signature scheme using falcon signatures as an underlying crypto scheme. 157 // It consists of an ephemeral public key, a signature, a merkle verification path and an index. 158 // The merkle signature considered valid only if the Signature is verified under the ephemeral public key and 159 // the Merkle verification path verifies that the ephemeral public key is located at the given index of the tree 160 // (for the root given in the long-term public key). 161 // More details can be found on Algorand's spec 162 type FalconSignatureStruct struct { 163 _struct struct{} `codec:",omitempty,omitemptyarray"` 164 165 Signature MerkleSignature `codec:"sig"` 166 VectorCommitmentIndex uint64 `codec:"idx"` 167 Proof SingleLeafProof `codec:"prf"` 168 VerifyingKey FalconVerifier `codec:"vkey"` 169 } 170 171 // A sigslotCommit is a single slot in the sigs array that forms the state proof. 172 type sigslotCommit struct { 173 _struct struct{} `codec:",omitempty,omitemptyarray"` 174 175 // Sig is a signature by the participant on the expected message. 176 Sig FalconSignatureStruct `codec:"s"` 177 178 // L is the total weight of signatures in lower-numbered slots. 179 // This is initialized once the builder has collected a sufficient 180 // number of signatures. 181 L uint64 `codec:"l"` 182 } 183 184 // Reveal is a single array position revealed as part of a state 185 // proof. It reveals an element of the signature array and 186 // the corresponding element of the participants array. 187 type Reveal struct { 188 _struct struct{} `codec:",omitempty,omitemptyarray"` 189 190 SigSlot sigslotCommit `codec:"s"` 191 Part Participant `codec:"p"` 192 } 193 194 // StateProof represents a proof on Algorand's state. 195 type StateProof struct { 196 _struct struct{} `codec:",omitempty,omitemptyarray"` 197 198 SigCommit GenericDigest `codec:"c"` 199 SignedWeight uint64 `codec:"w"` 200 SigProofs Proof `codec:"S"` 201 PartProofs Proof `codec:"P"` 202 MerkleSignatureSaltVersion byte `codec:"v"` 203 // Reveals is a sparse map from the position being revealed 204 // to the corresponding elements from the sigs and participants 205 // arrays. 206 Reveals map[uint64]Reveal `codec:"r,allocbound=MaxReveals"` 207 PositionsToReveal []uint64 `codec:"pr,allocbound=MaxReveals"` 208 } 209 210 // Message represents the message that the state proofs are attesting to. This message can be 211 // used by lightweight client and gives it the ability to verify proofs on the Algorand's state. 212 // In addition to that proof, this message also contains fields that 213 // are needed in order to verify the next state proofs (VotersCommitment and LnProvenWeight). 214 type Message struct { 215 _struct struct{} `codec:",omitempty,omitemptyarray"` 216 // BlockHeadersCommitment contains a commitment on all light block headers within a state proof interval. 217 BlockHeadersCommitment []byte `codec:"b,allocbound=Sha256Size"` 218 VotersCommitment []byte `codec:"v,allocbound=SumhashDigestSize"` 219 LnProvenWeight uint64 `codec:"P"` 220 FirstAttestedRound uint64 `codec:"f"` 221 LastAttestedRound uint64 `codec:"l"` 222 } 223 224 // StateProofTxnFields captures the fields used for stateproof transactions. 225 type StateProofTxnFields struct { 226 _struct struct{} `codec:",omitempty,omitemptyarray"` 227 228 StateProofType StateProofType `codec:"sptype"` 229 StateProof StateProof `codec:"sp"` 230 Message Message `codec:"spmsg"` 231 }