github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-10 07:08:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

spec: DAO::propose() nullifier

Browse Source
This commit is contained in:
zero
2024-01-14 14:53:43 +01:00
parent bba2c5472a
commit fc68e1b113
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/latex-macros.txt
View File

@@ -2,4 +2,5 @@
\hash:{\textrm{hash}}
\t:{\textrm{#1}}
\~:{\sim}
\cN:{\mathcal{N}}

10
doc/src/spec/contracts/dao/contract.md
View File

@@ -74,6 +74,7 @@ $$ \begin{aligned}
Define the DAO propose input function params
$$ \begin{aligned}
\t{ProposeInput}.\cN &∈ 𝔽ₚ \\
\t{ProposeInput}.V &∈ ℙₚ \\
\t{ProposeInput}.R_\t{coin} &∈ 𝔽ₚ \\
\t{ProposeInput}.\t{PK}_σ &∈ ℙₚ
@@ -129,11 +130,15 @@ claimed in the *proposer limit threshold met* check.
For each input $i ∈ 𝐢$,
  **Unused nullifier**   check that $\cN$ does not exist in the
money contract nullifiers DB.
  **Valid input coins merkle root**   check that $i.R_\t{coin}$ is a
previously seen merkle root in the money contract merkle roots DB.
  Let there be a prover auxiliary witness inputs:
$$ \begin{aligned}
x_c &∈ 𝔽ₚ \\
x_σ &∈ 𝔽ₚ \\
c &∈ \t{Params}_\t{Coin} \\
bᵥ &∈ 𝔽ᵥ \\
@@ -142,12 +147,13 @@ $$ \begin{aligned}
\end{aligned} $$
  Attach a proof $π_i$ such that the following relations hold:
  **Nullifier integrity**   $\cN = \t{PoseidonHash}(x_c, C)$.
  **Coin value commit**   $i.V = \t{PedersenCommit}(c.v, bᵥ)$.
  **Token commit**   $T = \t{PoseidonHash}(c.τ, b_τ)$.
  **Valid coin**   let $C = \t{Commit}(c)$. Check
$i.R_\t{coin} = \t{MerkleRoot}(ψᵢ, Πᵢ, C)$.
  **Valid coin**   Check $c.P = \t{DerivePubKey}(x_c)$. Let $C = \t{Commit}(c)$. Check $i.R_\t{coin} = \t{MerkleRoot}(ψᵢ, Πᵢ, C)$.
  **Proof of signature public key ownership**   $i.\t{PK}_σ = \t{DerivePubKey}(x_σ)$.

2
doc/src/spec/contracts/dao/model.md
View File

@@ -9,7 +9,7 @@ Let $ℙₚ, 𝔽ₚ, \mathcal{X}, \mathcal{Y}, \t{𝔹⁶⁴2𝔽ₚ}$ be defin
The DAO contains the main parameters that define DAO operation:
* The proposer limit $L$ is the minimum number of governance tokens of type
$T$ required to create a valid proposal on chain. Note this minimum can
$τ$ required to create a valid proposal on chain. Note this minimum can
come from multiple token holders.
* Quorum $Q$ specifies the absolute minimum number of tokens required for
before a proposal can be accepted.