Module scheme 

Signing scheme implementations for simplex.

Attributable Schemes and Fault Evidence

Signing schemes differ in whether per-validator activities can be used as evidence of either liveness or of committing a fault:

• Attributable Schemes (ed25519, bls12381_multisig, secp256r1): Individual signatures can be presented to some third party as evidence of either liveness or of committing a fault. Certificates contain signer indices alongside individual signatures, enabling secure per-validator activity tracking and conflict detection.

• Non-Attributable schemes (bls12381_threshold): Individual signatures cannot be presented to some third party as evidence of either liveness or of committing a fault because they can be forged by other players (often after some quorum of partial signatures are collected). With bls12381_threshold, possession of any t valid partial signatures can be used to forge a partial signature for any other player. Because peer connections are authenticated, evidence can be used locally (as it must be sent by said participant) but can’t be used by an external observer.

The certificate::Scheme::is_attributable() associated function signals whether evidence can be safely exposed. For applications only interested in collecting evidence for liveness/faults, use reporter::AttributableReporter which automatically handles filtering and verification based on scheme (hiding votes/proofs that are not attributable). If full observability is desired, process all messages passed through the crate::Reporter interface.

BLS12-381 Threshold Variants

The bls12381_threshold module provides two variants:

• bls12381_threshold::standard: Standard threshold signatures. Certificates contain only a vote signature recovered from partial signatures.

• bls12381_threshold::vrf: Threshold VRF (Verifiable Random Function) that produces both vote signatures and per-round seed signatures. The seed can be used for randomness (e.g., leader election, timelock encryption).

Security Warning for VRF Usage: It is not safe to use a round’s randomness to drive execution in that same round. A malicious leader can selectively distribute blocks to gain early visibility of the randomness output, then choose nullification if the outcome is unfavorable. Applications should employ a “commit-then-reveal” pattern by binding randomness requests in finalized blocks before the reveal occurs (e.g., draw(view+100)).

Modules

bls12381_multisig

BLS12-381 multi-signature implementation of the Scheme trait for simplex.

bls12381_threshold

BLS12-381 threshold signature implementations for simplex.

ed25519

Ed25519 implementation of the Scheme trait for simplex.

reporter

Wrapper for scheme-dependent activity filtering and verification.

secp256r1

Secp256r1 implementation of the Scheme trait for simplex.

Structs

Namespace

Pre-computed namespaces for simplex voting subjects.

Traits

Scheme

Marker trait for signing schemes compatible with simplex.