To make this concrete, I propose the following changes:
Current RM (from v2 report)
Transaction data structure:
- rts \subseteq \mathbb{F}_{rt} (roots of CMtree)
- cms \subseteq \mathbb{F}_{cm} (commitments for created resources)
- nfs \subseteq \mathbb{F}_{nf} (nullifiers for consumed resources)
- \Pi: \{ \pi: ProofRecord\} is a set of proof records
- \Delta_{tx}: \mathbb{F}_{\Delta}
- extra: \{(k, (d, deletion\_criterion)): k \in \mathbb{F}_{key}, d \subseteq \mathbb{F}_{d}\}
- \Phi: PREF where PREF = TX \rightarrow [0, 1] (preference function)
Transaction validity:
A transaction is considered valid if the following statements hold:
- rts contains valid CMtree roots that are correct inputs for the membership proofs
- input resources have valid resource logic proofs and the compliance proofs associated with them
- output resources have valid resource logic proofs and the compliance proofs associated with them
- \Delta is computed correctly, and its opening is equal to the balancing value for that transaction
(I omit the information flow control predicate for now, let’s think about that separately)
New RM with actions (proposed)
Action data structure Action:
- cms \subseteq \mathbb{F}_{cm} (commitments for created resources)
- nfs \subseteq \mathbb{F}_{nf} (nullifiers for consumed resources)
- \Pi: \{ \pi: ProofRecord\} is a set of proof records for the resources in this action
- extra: \{(k, (d, deletion\_criterion)): k \in \mathbb{F}_{key}, d \subseteq \mathbb{F}_{d}\}
Action validity:
An action is considered valid (with respect to a transaction) if the following statements hold:
- rts (in the transaction) contains valid CMtree roots that are correct inputs for the membership proofs
- input resources (in the action) have valid resource logic proofs, where the inputs to the proofs are only the other commitments, nullifiers, and extradata in this action
- output resources (in the action) have valid resource logic proofs, where the inputs to the proofs are only the other commitments, nullifiers, and extradata in this action
Transaction data structure:
- rts \subseteq \mathbb{F}_{rt} (roots of CMtree)
- actions : \{ Action \} (the set of actions in the transaction)
- \Pi: \{ \pi: ProofRecord\} is a set of proof records
- \Delta_{tx}: \mathbb{F}_{\Delta}
- \Phi: PREF where PREF = TX \rightarrow [0, 1] (preference function)
Transaction validity:
A transaction is considered valid if the following statements hold:
- All actions within the transaction are valid (as defined above)
- All required compliance proofs are included and valid
- \Delta is computed correctly, and its opening is equal to the balancing value for that transaction
Questions from my end:
- @vveiln Does this make sense to you? Do my new structures look correct? Is it clear to you how to adjust the public/private inputs and compliance proofs?
- @degregat Does this match your mental model, considering each action as an independent evaluation context / independent “stack frame” (which must be atomically satisfied)? If not, what’s different?