The validity of a transaction, in the base case, decomposes into several subprograms which can be proven individually. The single proof of a single-proof transaction is obtained by merging these subprogram proofs using recursion.
Last week we brainstormed a new and improved architecture for this decomposition into subprograms. The idea is that we want to avoid having to recompute the removal record indices every time we want to prove something about the transaction's inputs. This is the motivation for adding the SaltedUtxos wrapper around a list of Utxos in witnesses. At this point you can hash the field input_utxos and get a randomized commitment to the input UTXOs in the form of a digest. Then you can prove something about the commitment without leaking sensitive data (assuming that you broadcast the multi-proof transaction and let miners merge the proofs).
Recall that in the simple case of single-proof transactions, transactions have two fields: kernel and proof. The proof establishes the integral format of the kernel, by proving the integral execution of a validity program. (This validity program is the one that decomposes into subprograms.) The input to this validity program is the (MAST) hash of the kernel; this input guarantees that the proof is tailored to the kernel and cannot be lifted to authenticate another one.
The subprograms are as follows. The symbol :: denotes the type signature of a program whereas : denotes the type of an object.
This is a substantial refactor because, among other things, it involves modifying the removal records integrity program. In order to write the missing tasm snippets, it might be worthwhile synchronizing with the tasm-lang compiler team.
The validity of a transaction, in the base case, decomposes into several subprograms which can be proven individually. The single proof of a single-proof transaction is obtained by merging these subprogram proofs using recursion.
Last week we brainstormed a new and improved architecture for this decomposition into subprograms. The idea is that we want to avoid having to recompute the removal record indices every time we want to prove something about the transaction's inputs. This is the motivation for adding the
SaltedUtxoswrapper around a list ofUtxos in witnesses. At this point you can hash the fieldinput_utxosand get a randomized commitment to the input UTXOs in the form of a digest. Then you can prove something about the commitment without leaking sensitive data (assuming that you broadcast the multi-proof transaction and let miners merge the proofs).Recall that in the simple case of single-proof transactions, transactions have two fields: kernel and proof. The proof establishes the integral format of the kernel, by proving the integral execution of a validity program. (This validity program is the one that decomposes into subprograms.) The input to this validity program is the (MAST) hash of the kernel; this input guarantees that the proof is tailored to the kernel and cannot be lifted to authenticate another one.
The subprograms are as follows. The symbol
::denotes the type signature of a program whereas:denotes the type of an object.RemovalRecordsIntegrity :: (transaction_kernel_mast_hash : Digest) --> (inputs_salted_utxos_hash : Digest)KernelToOutputs :: (transaction_kernel_mast_hash : Digest) --> (outputs_salted_utxos_hash : Digest)CollectLockScripts :: (inputs_salted_utxos_hash : Digest) --> (lock_script_hashes : [Digest])LockScript :: (transaction_kernel_mast_hash : Digest) --> ()CollectTypeScripts :: (inputs_salted_utxos_hash : Digest) * (outputs_salted_utxos_hash : Digest) --> (type_script_hashes : [Digest])TypeScript :: (transaction_kernel_mast_hash : Digest) * (inputs_salted_utxos_hash : Digest) * (outputs_salted_utxos_hash : Digest) --> ()This is a substantial refactor because, among other things, it involves modifying the removal records integrity program. In order to write the missing
tasmsnippets, it might be worthwhile synchronizing with thetasm-langcompiler team.RemovalRecordsIntegrityKernelToOutputsCollectLockScriptsLockScriptsCollectTypeScriptsTypeScriptsTimeLock