consensus

package
v0.160.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

README

Consensus Package

This package provides Cardano consensus primitives for Ouroboros Praos, enabling block production and chain selection in pure Go.

Why This Package Exists

Cardano nodes require consensus algorithms to:

  1. Leader Election: Determine when a stake pool is eligible to produce a block using VRF-based lottery
  2. Block Construction: Build valid block headers with VRF proofs, KES signatures, and operational certificates
  3. Chain Selection: Choose the preferred chain among competing forks using Praos rules

This package provides these capabilities without external dependencies, enabling Go-native Cardano node implementations.

Components

Leader Election (leader.go, threshold.go)
  • IsSlotLeader() - Check if a pool is eligible to produce a block in a given slot
  • CertifiedNatThreshold() - Compute the leadership threshold based on stake ratio
  • FindNextSlotLeadership() - Look ahead for scheduling block production

The threshold formula is: T = 2^512 * (1 - (1-f)^σ) where f is the active slot coefficient and σ is the pool's relative stake.

Block Construction (block.go)
  • BlockBuilder - Constructs block headers with proper VRF proofs and KES signatures
  • BuildHeader() - Creates a complete header for a new block
  • Helper types for header body, VRF results, and operational certificates
Chain Selection (selection.go)
  • PraosChainSelector - Implements Praos chain selection rules:
    1. Prefer longer chains (higher block number)
    2. For equal length, prefer lower VRF output (tiebreaker)
    3. For deep forks (>k slots), compare chain density
Block Validation (validate.go)
  • HeaderValidator - Validates block headers for consensus correctness
  • Validation checks:
    1. Slot strictly increases from previous block
    2. Block number is previous + 1
    3. Previous hash matches
    4. VRF proof is valid for the claimed slot
    5. VRF output satisfies leadership threshold
    6. KES period is within valid range
    7. KES signature is valid
  • ValidationError - Detailed error types with context for debugging
Network Configurations (consensus.go)

Pre-defined configurations for mainnet, preprod, and preview networks including security parameter (k), active slot coefficient (f), and KES parameters.

Usage

See the package documentation on pkg.go.dev for API details.

Documentation

Overview

Package consensus provides Cardano consensus primitives for Ouroboros Praos. It supports leader election, block construction, and chain selection.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotSlotLeader = errors.New("not eligible to produce block in this slot")
)

Errors for block construction

Functions

func CertifiedNatThreshold 

func CertifiedNatThreshold(
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
) *big.Int

CertifiedNatThreshold computes the leadership threshold for a pool using CPRAOS. For TPraos compatibility, use CertifiedNatThresholdWithMode.

The threshold is computed as: 

T = 2^256 * (1 - (1-f)^σ)

Where:

  • f is the active slot coefficient (e.g., 0.05 on mainnet)
  • σ = poolStake / totalStake (the pool's relative stake)

If the VRF leader value (BLAKE2b-256 hash of VRF output with "L" prefix, interpreted as an unsigned integer) is less than T, the pool is eligible to be a slot leader.

This implementation uses arbitrary precision arithmetic to match Cardano's ledger specification.

func CertifiedNatThresholdWithMode added in v0.153.1 

func CertifiedNatThresholdWithMode(
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
	mode ConsensusMode,
) *big.Int

CertifiedNatThresholdWithMode computes the leadership threshold for a pool using the specified consensus mode.

For CPRAOS (Babbage+): 

T = 2^256 * (1 - (1-f)^σ)

For TPraos (Shelley-Alonzo): 

T = 2^512 * (1 - (1-f)^σ)

func ComputeBlockBodyHash 

func ComputeBlockBodyHash(bodyBytes []byte) []byte

ComputeBlockBodyHash computes the hash of a block body. The body should be the CBOR-encoded transaction data.

func ComputeVRFInput 

func ComputeVRFInput(slot uint64, epochNonce []byte) []byte

ComputeVRFInput creates the VRF input for a given slot and epoch nonce. Returns nil if epochNonce is not exactly 32 bytes or if slot overflows int64.

func FindNextSlotLeadership 

func FindNextSlotLeadership(
	startSlot uint64,
	maxSlot uint64,
	epochNonce []byte,
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
	vrfSigner VRFSigner,
) (uint64, []byte, []byte, error)

FindNextSlotLeadership finds the next slot where the pool is eligible to be leader. This is useful for looking ahead to schedule block production.

Note: This function uses CPRAOS consensus mode. For TPraos compatibility, you would need to implement a separate function or add a mode parameter.

Parameters:

  • startSlot: the slot to start searching from
  • maxSlot: the maximum slot to search to (e.g., end of epoch)
  • epochNonce: the epoch nonce for randomness
  • poolStake: the pool's delegated stake
  • totalStake: the total active stake
  • activeSlotCoeff: the active slot coefficient
  • vrfSigner: the VRF signer

Returns the next eligible slot and proof, or (0, nil, nil) if no slot found.

func IsSlotLeaderFromComponents 

func IsSlotLeaderFromComponents(
	vrfOutput []byte,
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
) bool

IsSlotLeaderFromComponents performs leader election check from pre-computed components using CPRAOS consensus. For TPraos compatibility, use IsSlotLeaderFromComponentsWithMode.

Parameters:

  • vrfOutput: the VRF output (64 bytes)
  • poolStake: the pool's delegated stake
  • totalStake: the total active stake
  • activeSlotCoeff: the active slot coefficient (f)

Returns true if the pool is eligible to be the slot leader.

func IsSlotLeaderFromComponentsWithMode added in v0.153.1 

func IsSlotLeaderFromComponentsWithMode(
	vrfOutput []byte,
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
	mode ConsensusMode,
) bool

IsSlotLeaderFromComponentsWithMode performs leader election check from pre-computed components using the specified consensus mode.

Parameters:

  • vrfOutput: the VRF output (64 bytes)
  • poolStake: the pool's delegated stake
  • totalStake: the total active stake
  • activeSlotCoeff: the active slot coefficient (f)
  • mode: the consensus mode (CPRAOS or TPraos)

Returns true if the pool is eligible to be the slot leader.

func IsVRFOutputBelowThreshold 

func IsVRFOutputBelowThreshold(vrfOutput []byte, threshold *big.Int) bool

IsVRFOutputBelowThreshold checks if a VRF output is below the leadership threshold using CPRAOS mode. For TPraos compatibility, use IsVRFOutputBelowThresholdWithMode.

This is the core eligibility check for slot leadership. It first computes the CPRAOS leader value (BLAKE2b-256 hash with "L" prefix) then compares against the threshold.

func IsVRFOutputBelowThresholdWithMode added in v0.153.1 

func IsVRFOutputBelowThresholdWithMode(vrfOutput []byte, threshold *big.Int, mode ConsensusMode) bool

IsVRFOutputBelowThresholdWithMode checks if a VRF output is below the leadership threshold using the specified consensus mode.

For CPRAOS (Babbage+):

  • Computes BLAKE2b-256("L" || vrfOutput) to get 32-byte leader value
  • Compares against threshold (based on 2^256)

For TPraos (Shelley-Alonzo):

  • Uses raw 64-byte VRF output directly
  • Compares against threshold (based on 2^512)

Unknown consensus modes are treated as CPRAOS (the current default).

func QuickValidateHeader 

func QuickValidateHeader(input *ValidateHeaderInput) error

QuickValidateHeader performs a quick validation of header structure. This does not verify cryptographic proofs, only structural validity.

func VRFOutputToInt 

func VRFOutputToInt(output []byte) *big.Int

VRFOutputToInt converts a VRF leader value (32 bytes) to a big.Int for comparison against the leadership threshold. The value is interpreted as an unsigned big-endian integer.

func VrfLeaderValue added in v0.153.1 

func VrfLeaderValue(vrfOutput []byte) []byte

VrfLeaderValue computes the CPRAOS leader value from a VRF output. This applies domain separation by hashing with "L" prefix: 

leaderValue = BLAKE2b-256("L" || vrfOutput)

The result is 32 bytes (256 bits) for comparison against the threshold.

Types

type BlockBuilder 

type BlockBuilder struct {
	// contains filtered or unexported fields
}

BlockBuilder constructs new blocks for the Praos consensus protocol.

func NewBlockBuilder 

func NewBlockBuilder(
	vrfSigner VRFSigner,
	kesSigner KESSigner,
	opCert *OperationalCert,
	poolId []byte,
	issuerVkey []byte,
	activeSlotCoeff *big.Rat,
) *BlockBuilder

NewBlockBuilder creates a new block builder.

Parameters:

  • vrfSigner: VRF signer for leader election proofs
  • kesSigner: KES signer for block header signatures
  • opCert: operational certificate binding KES key to cold key
  • poolId: the pool ID (cold verification key hash)
  • issuerVkey: the pool's cold verification key (32 bytes)
  • activeSlotCoeff: active slot coefficient for leader election

func (*BlockBuilder) BuildHeader 

func (b *BlockBuilder) BuildHeader(
	input BuildHeaderInput,
) (*Header, *LeaderElectionResult, error)

BuildHeader constructs a block header for the given parameters. It performs leader election and returns an error if not eligible.

Returns the constructed header and leader election result.

func (*BlockBuilder) CheckSlotLeadership 

func (b *BlockBuilder) CheckSlotLeadership(
	slot uint64,
	epochNonce []byte,
	poolStake uint64,
	totalStake uint64,
) (*LeaderElectionResult, error)

CheckSlotLeadership checks if the block builder is eligible for a slot without constructing a full header.

type BuildHeaderInput 

type BuildHeaderInput struct {
	// Slot is the slot number for this block
	Slot uint64
	// BlockNumber is the block height
	BlockNumber uint64
	// PrevHash is the hash of the previous block header
	PrevHash []byte
	// EpochNonce is the epoch nonce for VRF input
	EpochNonce []byte
	// PoolStake is the pool's delegated stake
	PoolStake uint64
	// TotalStake is the total active stake
	TotalStake uint64
	// BlockBodyHash is the hash of the block body
	BlockBodyHash []byte
	// BlockBodySize is the size of the block body in bytes
	BlockBodySize uint64
	// ProtoMajor is the protocol major version
	ProtoMajor uint64
	// ProtoMinor is the protocol minor version
	ProtoMinor uint64
}

BuildHeaderInput contains all information needed to build a header.

type ChainSelector 

type ChainSelector interface {
	// Compare returns positive if a is preferred over b, negative if b preferred, 0 if equal
	Compare(a, b ChainTip) int
	// Preferred returns the preferred chain from a set of candidates
	Preferred(candidates []ChainTip) ChainTip
}

ChainSelector determines the preferred chain

type ChainTip 

type ChainTip interface {
	// Slot returns tip slot
	Slot() uint64
	// BlockNumber returns tip block height
	BlockNumber() uint64
	// VRFOutput returns the VRF output of the tip block
	VRFOutput() []byte
	// Density returns block density for the chain (blocks / slots) - for deep fork comparison
	Density(fromSlot uint64) float64
}

ChainTip represents the tip of a chain for selection purposes

type ConsensusHeader 

type ConsensusHeader interface {
	// Slot returns the slot number
	Slot() uint64
	// BlockNumber returns the block height
	BlockNumber() uint64
	// PrevHash returns the previous block hash
	PrevHash() []byte
	// IssuerVKey returns the block issuer's verification key (cold key)
	IssuerVKey() []byte
	// VRFVKey returns the VRF verification key
	VRFVKey() []byte
	// VRFProof returns the VRF proof (for leader eligibility)
	VRFProof() []byte
	// VRFOutput returns the VRF output (certified random value)
	VRFOutput() []byte
	// KESSignature returns the KES signature over the header
	KESSignature() []byte
	// KESPeriod returns the KES period used for signing
	KESPeriod() uint64
	// Era returns the era identifier
	Era() uint8
}

ConsensusHeader represents the consensus-relevant portion of a block header

type ConsensusMode added in v0.153.1 

type ConsensusMode int

ConsensusMode represents the consensus protocol variant. 

const (
	// ConsensusModeCPraos is the current Praos consensus (Babbage+).
	// Uses BLAKE2b-256("L" || vrfOutput) with 2^256 threshold.
	ConsensusModeCPraos ConsensusMode = iota

	// ConsensusModeTPraos is the transitional Praos consensus (Shelley-Alonzo).
	// Uses raw 64-byte VRF output with 2^512 threshold.
	ConsensusModeTPraos
)

type ConsensusState 

type ConsensusState interface {
	// PoolStake returns (pool stake, total stake) for leader eligibility
	PoolStake(poolId []byte) (uint64, uint64, error)
	// PoolVRFKeyHash returns the registered VRF key hash for a pool
	PoolVRFKeyHash(poolId []byte) ([]byte, error)
	// EpochNonce returns the nonce for the given epoch
	EpochNonce(epoch uint64) ([]byte, error)
	// ProtocolParameters returns consensus-relevant protocol params
	ProtocolParameters() ProtocolParameters
}

ConsensusState provides consensus-relevant state 

type Header struct {
	Body      HeaderBody
	Signature []byte // KES signature (448 bytes)
}

Header represents a complete block header ready for serialization.

type HeaderBody 

type HeaderBody struct {
	BlockNumber          uint64
	Slot                 uint64
	PrevHash             []byte // 32 bytes
	IssuerVkey           []byte // 32 bytes
	VrfKey               []byte // 32 bytes
	VrfOutput            []byte // 64 bytes
	VrfProof             []byte // 80 bytes
	BlockBodySize        uint64
	BlockBodyHash        []byte // 32 bytes
	OpCertHotVkey        []byte // 32 bytes
	OpCertSequenceNumber uint32
	OpCertKesPeriod      uint32
	OpCertSignature      []byte // 64 bytes
	ProtoMajor           uint64
	ProtoMinor           uint64
}

HeaderBody contains the fields of a block header body. This is a simplified representation that can be serialized to CBOR.

type HeaderValidator 

type HeaderValidator struct {
	// contains filtered or unexported fields
}

HeaderValidator provides consensus-level header validation.

func NewHeaderValidator 

func NewHeaderValidator(config NetworkConfig) *HeaderValidator

NewHeaderValidator creates a new header validator.

func (*HeaderValidator) ValidateHeader 

func (v *HeaderValidator) ValidateHeader(
	input *ValidateHeaderInput,
) *ValidateResult

ValidateHeader performs full consensus validation of a block header.

Validation checks:

  1. Slot strictly increases from previous block
  2. Block number is previous + 1
  3. PrevHash matches hash of previous header
  4. VRF proof is valid
  5. VRF output satisfies leadership threshold
  6. KES period is within valid range
  7. KES signature is valid
  8. OpCert signature is valid (cold key signed the hot key)
  9. VRF key matches pool registration (if RegisteredVrfKeyHash provided)

type KESSigner 

type KESSigner interface {
	// Sign produces a KES signature for the given message at current period
	Sign(message []byte) (signature []byte, err error)
	// PublicKey returns the current KES verification key
	PublicKey() []byte
	// Period returns the current KES period
	Period() uint64
}

KESSigner signs with key-evolving signatures

type LeaderElectionResult 

type LeaderElectionResult struct {
	// Eligible is true if the pool is eligible to produce a block
	Eligible bool
	// Proof is the VRF proof for the slot (nil only on early-return cases like zero stake)
	Proof []byte
	// Output is the VRF output (nil only on early-return cases like zero stake)
	Output []byte
	// Threshold is the leadership threshold that was used
	Threshold *big.Int
}

LeaderElectionResult contains the result of a slot leadership check

func IsSlotLeader 

func IsSlotLeader(
	slot uint64,
	epochNonce []byte,
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
	vrfSigner VRFSigner,
) (*LeaderElectionResult, error)

IsSlotLeader checks if a pool is eligible to produce a block in the given slot using CPRAOS consensus. For TPraos compatibility, use IsSlotLeaderWithMode.

The CPRAOS algorithm:

  1. Compute VRF input using MkInputVrf(slot, epochNonce)
  2. Generate VRF proof: proof, output = vrfSigner.Prove(input)
  3. Compute leader value: BLAKE2b-256("L" || output)
  4. Compute threshold: T = 2^256 * (1 - (1-f)^(poolStake/totalStake))
  5. Compare: eligible = leaderValue < T

Parameters:

  • slot: the slot number to check
  • epochNonce: the epoch nonce (eta0) for randomness
  • poolStake: the pool's delegated stake
  • totalStake: the total active stake
  • activeSlotCoeff: the active slot coefficient (f)
  • vrfSigner: the VRF signer for generating proofs

Returns a LeaderElectionResult containing eligibility status and proof.

func IsSlotLeaderWithMode added in v0.153.1 

func IsSlotLeaderWithMode(
	slot uint64,
	epochNonce []byte,
	poolStake uint64,
	totalStake uint64,
	activeSlotCoeff *big.Rat,
	vrfSigner VRFSigner,
	mode ConsensusMode,
) (*LeaderElectionResult, error)

IsSlotLeaderWithMode checks if a pool is eligible to produce a block in the given slot using the specified consensus mode.

For CPRAOS (Babbage+):

  1. Compute VRF input using MkInputVrf(slot, epochNonce)
  2. Generate VRF proof: proof, output = vrfSigner.Prove(input)
  3. Compute leader value: BLAKE2b-256("L" || output)
  4. Compute threshold: T = 2^256 * (1 - (1-f)^σ)
  5. Compare: eligible = leaderValue < T

For TPraos (Shelley-Alonzo):

  1. Compute VRF input using MkSeedTPraos(slot, epochNonce, SeedL())
  2. Generate VRF proof: proof, output = vrfSigner.Prove(input)
  3. Use raw 64-byte VRF output directly
  4. Compute threshold: T = 2^512 * (1 - (1-f)^σ)
  5. Compare: eligible = output < T

type NetworkConfig 

type NetworkConfig struct {
	Name              string            `json:"-"` // Not in genesis, set by caller
	SecurityParam     uint64            `json:"securityParam"`
	ActiveSlotCoeff   common.GenesisRat `json:"activeSlotsCoeff"`
	SlotLength        common.GenesisRat `json:"slotLength"`
	EpochLength       uint64            `json:"epochLength"`
	SlotsPerKESPeriod uint64            `json:"slotsPerKESPeriod"`
	MaxKESEvolutions  uint64            `json:"maxKESEvolutions"`
}

NetworkConfig contains network-specific consensus configuration. Load from Shelley genesis JSON using NewNetworkConfigFromReader or NewNetworkConfigFromFile.

func NewNetworkConfigFromFile 

func NewNetworkConfigFromFile(path string) (NetworkConfig, error)

NewNetworkConfigFromFile creates a NetworkConfig from a Shelley genesis JSON file.

func NewNetworkConfigFromReader 

func NewNetworkConfigFromReader(r io.Reader) (NetworkConfig, error)

NewNetworkConfigFromReader creates a NetworkConfig from a Shelley genesis JSON reader.

func (*NetworkConfig) ActiveSlotCoeffRat 

func (c *NetworkConfig) ActiveSlotCoeffRat() *big.Rat

ActiveSlotCoeffRat returns the active slot coefficient as a *big.Rat.

func (*NetworkConfig) SlotDuration 

func (c *NetworkConfig) SlotDuration() time.Duration

SlotDuration returns the slot length as a time.Duration.

type OperationalCert 

type OperationalCert struct {
	HotVkey        []byte // KES verification key (32 bytes)
	SequenceNumber uint32 // Monotonically increasing counter
	KesPeriod      uint32 // Starting KES period for this cert
	Signature      []byte // Cold key signature (64 bytes)
}

OperationalCert represents an operational certificate for block production.

type PraosChainSelector 

type PraosChainSelector struct {
	// SecurityParam is the security parameter k (max rollback depth)
	SecurityParam uint64
}

PraosChainSelector implements Ouroboros Praos chain selection rules.

Chain selection in Praos follows these rules:

  1. Prefer the chain with more blocks (higher block number)
  2. For equal length chains, prefer the one with lower VRF output (tiebreaker)
  3. For deep forks (diverging more than k slots ago), compare chain density

func NewPraosChainSelector 

func NewPraosChainSelector(securityParam uint64) *PraosChainSelector

NewPraosChainSelector creates a new Praos chain selector.

func (*PraosChainSelector) Compare 

func (p *PraosChainSelector) Compare(a, b ChainTip) int

Compare returns:

  • positive if chain a is preferred over chain b
  • negative if chain b is preferred over chain a
  • zero if the chains are equivalent

This implements the basic Praos chain selection without density comparison.

func (*PraosChainSelector) CompareWithDensity 

func (p *PraosChainSelector) CompareWithDensity(
	a, b ChainTip,
	forkSlot uint64,
) int

CompareWithDensity compares chains considering density for deep forks. This should be used when the fork point is older than k slots.

Parameters:

  • a, b: the chain tips to compare
  • forkSlot: the slot where the chains diverged

Returns the same values as Compare.

func (*PraosChainSelector) IsDeepFork 

func (p *PraosChainSelector) IsDeepFork(
	forkSlot uint64,
	currentSlot uint64,
) bool

IsDeepFork checks if a fork point is considered "deep" (older than k slots). Deep forks use density-based comparison instead of simple length comparison.

func (*PraosChainSelector) Preferred 

func (p *PraosChainSelector) Preferred(candidates []ChainTip) ChainTip

Preferred returns the preferred chain from a set of candidates. Returns nil if candidates is empty.

func (*PraosChainSelector) PreferredWithDensity 

func (p *PraosChainSelector) PreferredWithDensity(
	candidates []ChainTip,
	forkSlot uint64,
) ChainTip

PreferredWithDensity returns the preferred chain considering density. Use this when some candidates may represent deep forks.

type ProtocolParameters 

type ProtocolParameters struct {
	SecurityParam     uint64   // k - max rollback depth
	ActiveSlotCoeff   *big.Rat // f - active slot coefficient
	SlotLength        uint64   // milliseconds per slot
	EpochLength       uint64   // slots per epoch
	SlotsPerKESPeriod uint64   // slots per KES period
	MaxKESEvolutions  uint64   // maximum KES key evolutions
}

ProtocolParameters contains consensus-relevant parameters

type SimpleChainTip 

type SimpleChainTip struct {
	// contains filtered or unexported fields
}

SimpleChainTip is a simple implementation of ChainTip for testing.

func NewSimpleChainTip 

func NewSimpleChainTip(
	slot, blockNumber uint64,
	vrfOutput []byte,
) *SimpleChainTip

NewSimpleChainTip creates a new SimpleChainTip.

func NewSimpleChainTipWithDensity 

func NewSimpleChainTipWithDensity(
	slot, blockNumber uint64,
	vrfOutput []byte,
	blocksAfterFork, slotsAfterFork uint64,
) *SimpleChainTip

NewSimpleChainTipWithDensity creates a SimpleChainTip with density information.

func (*SimpleChainTip) BlockNumber 

func (s *SimpleChainTip) BlockNumber() uint64

BlockNumber returns the tip block height.

func (*SimpleChainTip) Density 

func (s *SimpleChainTip) Density(_ uint64) float64

Density returns the block density from the given slot. Density = blocks / slots for the portion of the chain after forkSlot. Note: forkSlot is part of the ChainTip interface but unused here as blocksAfterFork/slotsAfterFork are pre-computed during construction.

func (*SimpleChainTip) Slot 

func (s *SimpleChainTip) Slot() uint64

Slot returns the tip slot.

func (*SimpleChainTip) VRFOutput 

func (s *SimpleChainTip) VRFOutput() []byte

VRFOutput returns the VRF output of the tip block.

type SimpleVRFSigner 

type SimpleVRFSigner struct {
	// contains filtered or unexported fields
}

SimpleVRFSigner is a simple implementation of VRFSigner using the vrf package. This can be used for testing or when keys are available in memory.

func NewSimpleVRFSigner 

func NewSimpleVRFSigner(seed []byte) (*SimpleVRFSigner, error)

NewSimpleVRFSigner creates a new SimpleVRFSigner from a 32-byte seed.

func (*SimpleVRFSigner) Destroy added in v0.158.0 

func (s *SimpleVRFSigner) Destroy()

Destroy zeroes the secret key material. Call when the signer is no longer needed.

func (*SimpleVRFSigner) Prove 

func (s *SimpleVRFSigner) Prove(input []byte) ([]byte, []byte, error)

Prove generates a VRF proof for the given input.

func (*SimpleVRFSigner) PublicKey 

func (s *SimpleVRFSigner) PublicKey() []byte

PublicKey returns the VRF verification key.

type VRFSigner 

type VRFSigner interface {
	// Prove generates a VRF proof for the given input
	Prove(input []byte) (proof []byte, output []byte, err error)
	// PublicKey returns the VRF verification key
	PublicKey() []byte
}

VRFSigner produces VRF proofs for leader election

type ValidateHeaderInput 

type ValidateHeaderInput struct {
	// Header fields
	Slot           uint64
	BlockNumber    uint64
	PrevHash       []byte
	IssuerVkey     []byte
	VrfKey         []byte
	VrfProof       []byte
	VrfOutput      []byte
	KesSignature   []byte
	HeaderBodyCbor []byte

	// KesPeriod is reserved for future validation. Currently unused because
	// KES period is computed from Slot / SlotsPerKESPeriod in validation.
	// If headers expose a KesPeriod() method, this could be used to verify
	// the header's claimed period matches the computed value.
	KesPeriod uint64

	// OpCert fields
	OpCertHotVkey        []byte
	OpCertSequenceNumber uint32
	OpCertKesPeriod      uint32
	OpCertSignature      []byte

	// Previous header for chain validation
	PrevSlot        uint64
	PrevBlockNumber uint64
	PrevHeaderHash  []byte

	// Epoch nonce for VRF verification
	EpochNonce []byte

	// Stake information for leadership check
	PoolStake  uint64
	TotalStake uint64

	// Optional: registered VRF key hash for verification against pool registration
	// If provided, validates that VrfKey hashes to this value
	RegisteredVrfKeyHash []byte
}

ValidateHeaderInput contains all information needed to validate a header.

type ValidateResult 

type ValidateResult struct {
	Valid     bool
	VrfOutput []byte
	Errors    []error
}

ValidateResult contains the result of header validation.

Source Files

View all Source files

Directories

Path Synopsis
Package byron provides Ouroboros BFT (Byzantine Fault Tolerant) consensus implementation for the Byron era.
 Package byron provides Ouroboros BFT (Byzantine Fault Tolerant) consensus implementation for the Byron era.
Package genesis provides the Ouroboros Genesis chain selection rule.
 Package genesis provides the Ouroboros Genesis chain selection rule.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.