Merge branch 'main' into v0.2.0

Author: tg-x

.changelog/unreleased/features/int/356-int356.md

@@ -0,0 +1 @@
+  -  [**#356**](https://github.com/anoma/nspec/pull/356): Add protocol adapter integration pages

.github/workflows/deploy.yml

@@ -113,14 +113,3 @@ jobs:
           clean: false
           git-config-name: Anoma Research
           git-config-email: [email protected]
-
-      - uses: JamesIves/github-pages-deploy-action@v4
-        with:
-          token: ${{ secrets.PAGES_TOKEN }}
-          repository-name: anoma/specs.anoma.net
-          branch: main
-          folder: ${{ env.BRANCH_NAME }}
-          target-folder: ${{ env.BRANCH_NAME }}
-          clean: false
-          git-config-name: Anoma Research
-          git-config-email: [email protected]

docs/arch/integrations/adapters/evm.md

@@ -0,0 +1,20 @@
+---
+icon: material/devices
+search:
+  exclude: false
+  boost: 2
+tags:
+  - index
+  - resource-machine
+  - protocol-adapter
+---
+
+# Protocol Adapters
+
+A protocol adapter provides [[Executor Engine|executor engine]] and [[Shard Engine|shard engine]] functionality on a foreign blockchain protocol (adaptee) being independent of the Anoma protocol (target). In other words, it processes [[Resource Machine|resource machine (RM)]] transactions and updates the RM state in correspondence with the adaptee's state changes.
+
+In order to support a protocol adapter, the adaptee protocol has to be programmable (i.e., support smart contracts).
+
+## Instances
+
+- [[Ethereum Virtual Machine]] protocol adapter prototype (settlement-only)

docs/arch/integrations/adapters/index.md

@@ -16,49 +16,54 @@ An action is a composite structure of type `Action` that contains the following
 
 |Component|Type|Description|
 |-|-|-|
-|`created`|`OrderedSet Commitment`|contains commitments of resources created in this action|
-|`consumed`|`OrderedSet Nullifier`|contains nullifiers of resources consumed in this action|
-|`resourceLogicProofs`|`Map Tag (LogicRef, PS.Proof)`|contains a map of resource logic proofs associated with this action. The key is the `self` resource for which the proof is computed, the first parameter of the value opens to the required verifying key, the second one is the corresponding proof|
-|`complianceUnits`|`Set ComplianceUnit`|The set of transaction's [[Compliance unit | compliance units]]|
-|`applicationData`|`Map Tag OrderedSet (BitString, DeletionCriterion)`|maps tags to relevant application data needed to verify resource logic proofs. The deletion criterion field is described [[Stored data format |here]]. The openings are expected to be ordered.|
-
+|`resourceLogicProofs`|`Map Tag (isConsumed: Bool, logicVKOuter: LogicVKOuterHash, applicationData: List (BitString, DeletionCriterion), proof: ResourceLogicProvingSystem.Proof)`|Resource logic proofs for resources associated with the action. The key of each map entry is the tag of the resource for which a RL proof is provided. The deletion criterion field is described [[Stored data format |here]].|
+|`complianceUnits`|`List ComplianceUnit`|The set of transaction's [[Compliance unit | compliance units]]|
 
 !!! note
-    For function privacy in the shielded contenxt, instead of a logic proof we verify a proof of a logic proof validity - a recursive proof. `LogicRefHash` type corresponds to the RL VK commitment while verifying key in `resourceLogicProofs` refers to the key to be used for verification (i.e., verifier circuit verifying key as opposed to a resource logic verifying key). RL VK commitment should be included somewhere else, e.g., `applicationData[tag]`, and the compliance instance must reference it in `refInstance` as it is also a compliance proof instance.
+    For function privacy in the shielded context, instead of a logic proof we verify a proof of a logic proof validity - a recursive proof. `LogicVKOuterHash` type corresponds to the RL VK commitment while verifying key in `resourceLogicProofs` refers to the key to be used for verification (i.e., verifier circuit verifying key as opposed to a resource logic verifying key). RL VK commitment should be included somewhere else, e.g., `applicationData`.
 
-Actions partition the state change induced by a transaction and limit the resource logics evaluation context: proofs created in the context of an action have access only to the resources associated with the action. A resource is said to be *associated with an action* if its commitment or nullifier is present in the action's `created` or `consumed` correspondingly. A resource is associated with exactly one action. A resource is said to be *consumed in the action* for a valid action if its nullifier is present in the action's `consumed` list. A resource is said to be *created in the action* for a valid action if its commitment is in the action's `created` list.
+Actions partition the state change induced by a transaction and limit the resource logics evaluation context: proofs created in the context of an action have access only to the resources associated with the action. A resource is said to be *associated with an action* if its tag is present in the set of `resourceLogicProofs` keys . A resource is associated with at most two actions: resource creation is associated with exactly one action and resource consumption is associated with exactly one action. A resource is said to be *consumed in the action* for a valid action if its *nullifier* is present in the set of `resourceLogicProofs` keys. A resource is said to be *created in the action* for a valid action if its *commitment* is in the set of `resourceLogicProofs` keys.
 
 !!! note
     Unlike transactions, actions don't need to be balanced, but if an action is valid and balanced, it is sufficient to create a balanced transaction.
 
 ## Interface
 
-1. `create(Set (NullifierKey, Resource), Set Resource, ApplicationData) -> Action` - creates an action
-2. `delta(Action) -> DeltaHash`
-3. `verify(Action) -> Bool`
+1. `create(List (NullifierKey, Resource, deltaExtraInput, CMtreePath, CMTreeRoot, List (BitString, DeletionCriterion)), List (Resource, deltaExtraInput, List (BitString, DeletionCriterion)), appWitness: BitString) -> Action`
+2. `verify(Action) -> Bool`
+3. `delta(Action) -> DeltaHash`
+4. `to_instance(Action, Tag) -> Maybe ResourceLogicProvingSystem.Instance`
 
 ## Proofs
 For each resource consumed or created in the action, it is required to provide a proof that the logic associated with that resource evaluates to `True` given the input parameters that describe the state transition induced by the action. The number of such proofs in an action equals to the amount of resources (both created and consumed) in that action, even if some resources have the same logics. Resource logic proofs are further described [[Resource logic proof | here]].
 
 ## `create`
 
-Given a set of input resource objects `consumedResources: Set (NullifierKey, Resource, CMtreePath)`, a set of output resource plaintexts `createdResources: Set Resource`, and `applicationData`, including a set of application inputs required by resource logics, an action is computed the following way:
-
-1. Partition action into compliance units and compute a compliance proof for each unit. Put the information about the units in `action.complianceUnits`
-2. For each resource, compute a resource logic proof. Associate each proof with the tag of the resource and the logic hash reference. Put the resulting map in `action.resourceLogicProofs`
-3. `action.consumed = r.nullifier(nullifierKey) for r in consumedResources`
-4. `action.created = r.commitment() for r in createdResources`
-5. `action.applicationData = applicationData`
+1. `complianceUnits`: Partition the resources into compliance units and compute a compliance proof for each unit
+2. `resourceLogicProofs`: For each resource, compute a resource logic proof. Associate each proof (and other components needed to verify it) with the tag of the resource
 
 ## `verify`
 
 Validity of an action can only be determined for actions that are associated with a transaction. Assuming that an action is associated with a transaction, an action is considered valid if all of the following conditions hold:
 
-1. action input resources have valid resource logic proofs associated with them: `verify(RLVerifyingKey, RLInstance, RLproof) = True`
-2. action output resources have valid resource logic proofs associated with them: `verify(RLVerifyingKey, RLInstance, RLproof) = True`
-3. all compliance proofs are valid: `complianceUnit.verify() = True`
-4. transaction's $rts$ field contains correct `CMtree` roots (that were actual `CMtree` roots at some epochs) used to prove the existence of consumed resources in the compliance proofs.
+1. All resource logic proofs associated with the action are valid
+2. All compliance proofs associated with the action are valid: `cu.verify() = True for cu in complianceUnits`
+3. `resourceLogicProofs` keys = the list of tags associated with `complianceUnits` (ignoring the order)
 
 ## `delta`
 
-`action.delta() -> DeltaHash` is a computable component used to compute `transactionDelta`. It is computed from `r.delta()` of the resources that comprise the action and defined as `action.delta() = sum(cu.delta() for cu in action.complianceUnits)`.
+`action.delta()` computes the action delta. Action delta is computed from `r.delta()` of the resources that comprise the action and defined as `action.delta() = sum(cu.delta() for cu in action.complianceUnits)`.
+
+## `to_instance`
+
+This function assembles the instance required to verify a resource logic proof from the data in the action.
+
+The main task is to assemble the `consumed` and `created` lists of resources. The proposed mechanism works as follows:
+1. Iterate over all compliance units and accumulate the lists of created and consumed resources. The resulting list of consumed resources contains all consumed resources in the action. The resulting list of created resources contains all created resources in the action.
+2. Erase the `self` resource from the relevant list. If the resource is consumed and its nullifier is stored under index `n` in the list of consumed resources, the resulting list is `l[0], l[1], ..., l[n - 1], l[n + 1], ...`. Keep the list of created resources the same.
+3. If `self` is created, erase the resource from the list of created resources as in step 2. Keep the list of consumed resources the same. For each resource we assemble an instance for, we erase only one resource - itself - from one list.
+
+!!! note
+   When verifying multiple logic proofs from the same action, it might make sense to create the 'full' lists once and erase resources one at a time to create a particular instance. Note that the next instance must be created from the original `full` list, not the list with previously erased resources.
+
+All other fields of the instance (resource tag, `isConsumed`, `applicationData`) are taken from the relevant entry of `resourceLogicProofs`.

docs/arch/system/state/resource_machine/data_structures/action/index.juvix.md

@@ -12,33 +12,42 @@ module arch.system.state.resource_machine.data_structures.action.resource_logic_
 
 # Resource logic proof
 
-Resource logic proofs attest to validity of resource logics. A resource logic is a computable predicate associated with a resource that constrains the creation and consumption of a resource. Each time a resource is created or consumed, the corresponding resource logic proof is required in order for the action (and thus the transaction) to be valid.
+Resource logic proofs attest to validity of resource logics. A resource logic is a computable predicate associated with a resource (this resource is referred to as `self` in this context) that constrains the creation and consumption of a resource. Each time a resource is created or consumed, the corresponding resource logic proof is required in order for the action (and thus the transaction) to be valid.
 
 ## Proving
 
-When proving, resource logics take as input resources created and consumed in the action:
+When proving, resource logics take as input resources created and consumed in that action.
 
 #### Instance
 
-1. [[Computable components#Tag | Resource tag]] — identifies the current resource being checked
+1. Resource's commitment/nullifier
 2. `isConsumed` - a flag that tells the logic if the resource is consumed or created
-3. `action.consumed` (possibly excluding the tagged resource, if it is consumed)
-4. `action.created` (possibly excluding the tagged resource, if it is created)
-5. `action.applicationData[tag]`
+3. `consumed` (excluding the tagged resource, if it is consumed)
+4. `created` (excluding the tagged resource, if it is created)
+5. `applicationData`
 
-#### Witness
-
-1. for consumed resources: `OrderedSet (Resource, NullifierKey)`
 
-2. for created resources: `OrderedSet Resource`
+#### Witness
 
-3. Application inputs
+1. `self` resource object
+2. If `isConsumed = True`: nullifier key of `self`
+3. Resource objects of consumed resources: `List (Resource, NullifierKey)`
+4. Resource objects of created resources: `List Resource`
+5. Application-specific inputs
 
 !!! note
-    The instance and witness values are expected to correspond to each other: the first tag in the instance corresponds to the first resource object in the witness (and corresponds to the resource being checked), and so on. Note that the tag has to be recomputed from the object to verify that it indeed corresponds to the tag (this condition is included in the constraints)
+    Instance and witness elements are expected to go in the same order: the first element of the instance corresponds to the first elements of the witness and so on.
 
 #### Constraints
 
-1. Created commitment integrity: `r.commitment() = cm`
-2. Consumed nullifier integrity: `r.nullifier(nullifierKey) = nf`
-3. Application constraints
+1. For created resources: created commitment integrity: `r.commitment() = cm`
+2. For consumed resources: `r.nullifier(nullifierKey) = nf`
+3. Application-specific constraints
+
+Checks that require access to global `CMTree` and `NullifierSet`:
+
+1. each created resource wasn't created in prior transactions
+2. each consumed resource wasn't consumed in prior transactions
+
+!!! note
+  Actions can be verified as parts of supposedly valid transactions and individually, when building a valid transaction (e.g., in the partial solving case). In case the actions are verified _not_ individually, all global checks can be aggregated and verified at once to reduce the amount of global communication.

docs/arch/system/state/resource_machine/data_structures/action/resource_logic_proof.juvix.md

@@ -19,9 +19,9 @@ Compliance proofs are created by `ComplianceProvingSystem` and computed over com
 
 |Name|Type|Description|
 |-|-|-|
-|`consumed`|`OrderedSet (NullifierRef, RootRef, LogicRef)`|Includes nullifiers' references of all consumed resources in the compliance unit, root references, and commitments to [[Resource | `logicRef` resource components]] (used for referencing the `logicRef` without explicitly using the component value) for consumed resources|
-|`created`|`OrderedSet (CommitmentRef, LogicRef)`|Commitments' references of all created resources in the compliance unit|
-|`unitDelta`|`DeltaHash`|Unit delta|
+|`consumed`|`List (nf: Nullifier, root: CMTree.Value, logicVKOuter: LogicVKOuterHash)`|Each entry corresponds to a consumed resource and includes a hash of the resource's [[Resource | `logicRef` component]]|
+|`created`|`List (cm: Commitment, logicVKOuter: LogicVKOuterHash)`|Each entry corresponds to a created resource|
+|`unitDelta`|`DeltaHash`||
 
 #### Witness
 
@@ -31,48 +31,46 @@ Compliance proofs are created by `ComplianceProvingSystem` and computed over com
 
     2. `nullifierKey`
 
-    3. `CMtree` path
+    3. `CMtree` path to the consumed resource commitment
 
-    4. resource commitment `cm`
+    4. pre-image of `logicVKOuter`
 
-    5. opening of `logicRefHash` (implicitly includes `logicRef`, which is already part of the resource object, and other data used to derive `logicRefHash`, such as randomness)
+    5. `deltaExtraInput` used to compute resource delta
 
 2. for created resources:
 
   1. resource object `r`
 
-  2. opening of `logicRefHash`
+  2. pre-image of `logicVKOuter`
+
+  3. `deltaExtraInput` used to compute resource delta
 
 !!! note
 
-    The instance and witness values are expected to correspond to each other: the first tag in the instance corresponds to the first resource object in the witness, and so on. Note that in the compliance proof, the tag is recomputed from the object to verify that the tag is correct
+    Instance and witness elements are expected to go in the same order: the first element of the instance corresponds to the first (4 for consumed and 2 for created) elements of the witness and so on.
 
 ## Compliance constraints
 Each resource machine compliance proof must check the following:
 
-1. Merkle path validity (for *non-ephemeral* resources only): `CMTree::Verify(cm, path, root) = True` for each resource associated with a nullifier from the `consumedResourceTagSet`
-2. for each consumed resource `r`:
+1. Merkle path validity: `CMTree::Verify(r.commitment(), path, root) = True` for each resource associated with a nullifier from the `consumed`. For ephemeral resources a "fake" relation is checked.
 
-  1. Nullifier integrity: `r.nullifier(nullifierKey) is in consumedResourceTagSet`
-  2. Consumed commitment integrity: `r.commitment() = cm`
-  3. Logic integrity: `logicRefHash = hash(r.logicRef, ...)`
+2. For each consumed resource `r`:
 
-3. for each created resource `r`:
+  1. Nullifier integrity: `r.nullifier(nullifierKey) is in consumed`
+  2. Logic integrity: `logicVKOuter = logicVKOuterHash(r.logicRef, ...)`
 
-  1. Commitment integrity: `r.commitment() is in createdResourceTagSet`
-  2. Logic integrity: `logicRefHash = hash(r.logicRef, ...)`
-4. Delta integrity: `unitDelta = sum(r.delta() for r in consumed) - sum(r.delta() for r in created)`
+3. For each created resource `r`:
 
-!!! note
-    Kind integrity is checked implicitly in delta checks
+  1. Commitment integrity: `r.commitment() is in created`
+  2. Logic integrity: `logicVKOuter = logicVKOuterHash(r.logicRef, ...)`
 
-!!! note
-    [2.3, 3.2]: Combined with checking the logic proofs, logic integrity checks allow to ensure that the logics associated with the resources are satisfied
+4. Delta integrity: `unitDelta = sum(r.delta(deltaExtraInput(r)) for r in consumed) - sum(r.delta(deltaExtraInput(r)) for r in created)` where `deltaExtraInput(r)` returns `deltaExtraInput` associated with resource `r`
 
 !!! note
-    [2.1, 3.1]: To ensure correct computation of a commitment/nullifier, they have to be recomputed from the raw parameters (resource object and possibly `nullifierKey`) and compared to what is provided in the public tag set.
+    Kind integrity is checked implicitly in delta integrity
 
 !!! note
-    To support function privacy, the compliance proof must also verify the logic verifying key integrity: given `logicRefHash` as public input and `logicRef` as private input, verify that `logicRefHash = hash(logicRef)`
+    [2.3, 3.2]: Combined with checking the logic proofs, logic integrity checks allow to ensure that the logics associated with the resources are satisfied
 
-Compliance proofs must be composition-independent: composing two actions, the compliance proof sets can be simply united to provide a valid composed action compliance proof set.
+!!! note
+    [2.1, 3.1]: To ensure correct binding between the instance and the witness, resource tags have to be recomputed from the witness and compared to what is provided in the instance.