Skip to main content

commonware_consensus/ordered_broadcast/
scheme.rs

1//! Signing scheme implementations for `ordered_broadcast`.
2//!
3//! This module provides protocol-specific wrappers around the generic signing schemes
4//! in [`commonware_cryptography::certificate`]. Each wrapper binds the scheme's subject type to
5//! [`AckSubject`], which is used for signing and verifying chunk acknowledgments.
6//!
7//! # Available Schemes
8//!
9//! - [`ed25519`]: Attributable signatures with individual verification. HSM-friendly,
10//!   no trusted setup required.
11//! - [`secp256r1`]: Attributable signatures with individual verification. HSM-friendly,
12//!   no trusted setup required.
13//! - [`bls12381_multisig`]: Attributable signatures with aggregated verification.
14//!   Compact certificates while preserving attribution.
15//! - [`bls12381_threshold`]: Non-attributable threshold signatures. Constant-size
16//!   certificates regardless of committee size.
17
18use super::types::AckSubject;
19use commonware_cryptography::{certificate, Digest, PublicKey};
20
21/// Marker trait for signing schemes compatible with `ordered_broadcast`.
22///
23/// This trait binds a [`certificate::Scheme`] to the [`AckSubject`] subject
24/// type used by the ordered broadcast protocol. It is automatically implemented
25/// for any scheme whose subject type matches `AckSubject<'a, P, D>`.
26pub trait Scheme<P: PublicKey, D: Digest>:
27    for<'a> certificate::Scheme<Subject<'a, D> = AckSubject<'a, P, D>, PublicKey = P>
28{
29}
30
31impl<P: PublicKey, D: Digest, S> Scheme<P, D> for S where
32    S: for<'a> certificate::Scheme<Subject<'a, D> = AckSubject<'a, P, D>, PublicKey = P>
33{
34}
35
36pub mod bls12381_multisig {
37    //! BLS12-381 multi-signature implementation of the [`Scheme`] trait for `ordered_broadcast`.
38    //!
39    //! [`Scheme`] is **attributable**: individual signatures can be
40    //! used by an external observer as evidence of either liveness or of committing a fault.
41    //! Certificates contain signer indices alongside an aggregated signature,
42    //! enabling secure per-validator activity tracking and conflict detection.
43
44    use crate::ordered_broadcast::types::{AckNamespace, AckSubject};
45    use commonware_cryptography::impl_certificate_bls12381_multisig;
46
47    impl_certificate_bls12381_multisig!(AckSubject<'a, P, D>, AckNamespace);
48}
49
50pub mod bls12381_threshold {
51    //! BLS12-381 threshold implementation of the [`Scheme`] trait for `ordered_broadcast`.
52    //!
53    //! [`Scheme`] is **non-attributable**: exposing partial signatures
54    //! as evidence of either liveness or of committing a fault is not safe. With threshold signatures,
55    //! any `t` valid partial signatures can be used to forge a partial signature for any other player,
56    //! enabling equivocation attacks. Because peer connections are authenticated, evidence can be used locally
57    //! (as it must be sent by said participant) but can't be used by an external observer.
58
59    use crate::ordered_broadcast::types::{AckNamespace, AckSubject};
60    use commonware_cryptography::impl_certificate_bls12381_threshold;
61
62    impl_certificate_bls12381_threshold!(AckSubject<'a, P, D>, AckNamespace);
63}
64
65pub mod ed25519 {
66    //! Ed25519 implementation of the [`Scheme`] trait for `ordered_broadcast`.
67    //!
68    //! [`Scheme`] is **attributable**: individual signatures can be safely
69    //! presented to some third party as evidence of either liveness or of committing a fault. Certificates
70    //! contain signer indices alongside individual signatures, enabling secure
71    //! per-validator activity tracking and fault detection.
72
73    use crate::ordered_broadcast::types::{AckNamespace, AckSubject};
74    use commonware_cryptography::{ed25519, impl_certificate_ed25519};
75
76    impl_certificate_ed25519!(AckSubject<'a, ed25519::PublicKey, D>, AckNamespace);
77}
78
79pub mod secp256r1 {
80    //! Secp256r1 implementation of the [`Scheme`] trait for `ordered_broadcast`.
81    //!
82    //! [`Scheme`] is **attributable**: individual signatures can be safely
83    //! presented to some third party as evidence of either liveness or of committing a fault. Certificates
84    //! contain signer indices alongside individual signatures, enabling secure
85    //! per-validator activity tracking and fault detection.
86
87    use crate::ordered_broadcast::types::{AckNamespace, AckSubject};
88    use commonware_cryptography::impl_certificate_secp256r1;
89
90    impl_certificate_secp256r1!(AckSubject<'a, P, D>, AckNamespace);
91}