package tezos-crypto-dal

  1. Overview
  2. Docs
type parameters = {
  1. redundancy_factor : int;
  2. page_size : int;
  3. slot_size : int;
  4. number_of_shards : int;
}

Initial values to parametrize dal cryptographic primitives. It used to build a value of type t

type t

Encapsulates parameters required to use the cryptographic primitives exported by this module. A value of type t contains both initial parameters and computed values depending on it.

Because of the shell/protocol separation, cryptographic primitives need to be splitted. An interface, called the Verifier aims to be provided for the economic protocol. The other interface, called the Builder is for the shell.

A Verifier, as hinted by the name, mainly needs to check proofs:

1. A proof that a commitment is valid

2. A proof that a page is valid

A technicality is that the economic protocol is able to configure those cryptographic primitives via several constants. Also, an SRS (aka trusted setup) is required.

It is the responsibility of the shell and the protocol to ensure that both the Verifier and the Builder are instantiated with the same parameters and use the same trusted setup.

type commitment
type commitment_proof
type page_proof
include Cryptobox_intf.VERIFIER with type t := t and type parameters := parameters and type commitment := commitment and type commitment_proof := commitment_proof and type page_proof := page_proof
val parameters_encoding : parameters Data_encoding.t

An encoding for values of type parameters.

val make : parameters -> (t, [> `Fail of string ]) result

make precomputes the set of values needed by the cryptographic primitives defined in this module and stores them in a value of type t

val parameters : t -> parameters

parameters t returns the parameters given when t was initialised with the function make

val verify_commitment : t -> commitment -> commitment_proof -> bool

verify_commitment t commitment proof checks whether commitment is valid. In particular, it checks that the size of the data committed via commitment does not exceed t.slot_size. The verification time is constant.

Fails if the size of the srs on the group G2 is too small.

type page = bytes

The original slot can be split into a list of pages of fixed size. This size is given by the parameter page_size given to the function make.

val page_proof_encoding : page_proof Data_encoding.t

An encoding for the proof of a page.

val pages_per_slot : parameters -> int

pages_per_slot t returns the number of expected pages per slot.

val verify_page : t -> commitment -> page_index:int -> page -> page_proof -> (bool, [> `Segment_index_out_of_range | `Page_length_mismatch ]) Result.t

verify_page t srs commitment page page_proof returns Ok true if the proof certifies that the slot_page is indeed included in the slot committed with commitment commitment. Returns Ok false otherwise.

Fails if the index of the page is out of range or if the page is not of the expected length page_size given for the initialisation of t.

type initialisation_parameters

The primitives exposed in this modules require some preprocessing. This preprocessing generates data from an unknown secret. For the security of those primitives, it is important that the secret is unknown.

module Commitment : sig ... end
type slot = bytes

A slot is a byte sequence corresponding to some data.

type scalar

The finited field used by the polynomial.

type polynomial

A polynomial is another representation for a slot. One advantage of this representation is that a commitment can be computed from a polynomial. A commitment has nice properties:

1. A commitment ensures that the size of the slot has a bounded size (typically slot_size).

2. A commitment can be used to verify that a page of fixed size (typically page_size) is part of the original slot.

val polynomial_degree : polynomial -> int

polynomial_degree polynomial returns the degree of the polynomial.

val polynomial_evaluate : polynomial -> scalar -> scalar

polynomial_evaluate polynomial x evaluates polynomial(x).

val polynomial_from_slot : t -> bytes -> (polynomial, [> `Slot_wrong_size of string ]) Result.t

polynomial_from_slot t slot returns a polynomial from the a slot slot.

Fails with `Slot_wrong_size when the slot size is different from CONFIGURATION.slot_size.

val polynomial_to_bytes : t -> polynomial -> bytes

polynomial_to_slot t polynomial returns a slot from a polynomial.

val commit : t -> polynomial -> commitment

commit polynomial returns the commitment associated to a polynomial p.

Fails with `Degree_exceeds_srs_length if the degree of p exceeds the SRS size.

type share

A portion of the data represented by a polynomial.

val share_encoding : share Data_encoding.t

Encoding of a share.

type shard = {
  1. index : int;
  2. share : share;
}

A shard is share with its index (see shards_from_polynomial).

val shard_encoding : shard Data_encoding.t

An encoding of a share.

val encoded_share_size : t -> int

encoded_share_size t returns the size of a share in byte depending on t

val polynomial_from_shards : t -> shard Seq.t -> (polynomial, [> `Invert_zero of string | `Not_enough_shards of string ]) result

polynomial_from_shards t shares computes the original polynomial from shares. The proportion of shares needed is 1 over C.redundancy_factor the total number of shards. It is guaranteed that for any share with different indices, if there is more than the number of required shards, then the original data can be recomputed.

val shards_from_polynomial : t -> polynomial -> shard Seq.t

shards_from_polynomial t polynomial computes all the shards encoding the original polynomial.

type shard_proof

A proof that a shard belongs to some commitment.

val verify_shard : t -> commitment -> shard -> shard_proof -> bool

verify_shard t commitment shard proof allows to check whether shard is a portion of the data corresponding to the commitment using proof. The verification time is constant. The srs should be the same as the one used to produce the commitment.

val prove_commitment : t -> polynomial -> commitment_proof

prove_commitment t polynomial produces a proof that the slot represented by polynomial has its size bounded by t.slot_size.

val prove_page : t -> polynomial -> int -> (page_proof, [> `Segment_index_out_of_range ]) result

prove_page produces a proof that the nth page computed is part of a commitment. This page corresponds to the original data and are split into C.page_size.

val prove_shards : t -> polynomial -> shard_proof array

prove_shards computes the proofs for all the shards that each shard is a valid piece of data associated to a polynomial and its commitment. Only the commitment is needed to check the proof.

module Internal_for_tests : sig ... end
module Config : sig ... end

node parameters for the DAL.

OCaml

Innovation. Community. Security.