Open distractedm1nd opened 1 month ago
Updating this for further clarification:
Verdict does not make any SNARKs about the validity of hashchains because it relies on users to validate the signatures they contain. This is not possible for us in a based rollup construction because submitting updates is permissionless - meaning we need to be able to SNARK over the validity of all incoming operations, as they could be posted by alternative sequencers.
Also: adr-003 will target this. We won't actually do signature verification in a SNARK because its unnecessary and dumb. We can use an auth system of hashing private keys, and users making a local SNARK that they know the plaintext of the hash. Then updates must be authenticated by a valid SNARK
An update to the hashchain requires the update to contain a signature using a key already existing in the hashchain, and this must be verified in the circuit