$$ \newcommand \Proven {\mathrm{Proven}} \newcommand \Total {\mathrm{Total}} \newcommand \W {\mathrm{Weight}} \newcommand \StateProof {\mathrm{SP}} \newcommand \StateProofInterval {\delta_\StateProof} \newcommand \StateProofWeightThreshold {f_\StateProof} \newcommand \Offset {\mathrm{Offset}} $$
State Proof Transaction
The state proof is a special transaction used to disseminate and store State Proofs.
Fields
A state proof transaction additionally has the following fields:
| FIELD | CODEC | TYPE | REQUIRED |
|---|---|---|---|
| State Proof Type | sptype | uint64 | Yes |
| State Proof | sp | struct | Yes |
| Message | spmsg | struct | Yes |
| State Proof Last Round | sprnd | uint64 | Yes |
State Proof Type
The state proof type identifies the type of the State Proof.
Currently, always \( 0 \).
State Proof
The state proof structure as defined in the State Proof specification.
Message
The message is a structure that composes the State Proof message, whose hash is being attested to by the State Proof.
The message structure is defined in the State Proof message section.
Validation
In order for a state proof transaction to be valid, the following conditions MUST be meet:
-
The transaction type MUST be
stpf. -
The sender MUST be equal to a special address, which is the hash of the domain-separation prefix
SpecialAddr(see the corresponding section in the Algorand Cryptographic Primitive Specification) with the string constantStateProofSender. -
The fee MUST be \( 0 \).
-
The lease MUST be omitted.
-
The group MUST be omitted.
-
The rekey to MUST be omitted.
-
The note MUST be omitted.
-
The transaction MUST NOT have any signature.
-
The state proof round (defined in the message structure) MUST be exactly equal to the next expected State Proof round in the block header, as described in the State Proof tracking section.
-
The state proof verification code MUST return
true(see State Proof validity), given the State Proof message and the State Proof transaction fields.
In addition, the verifier should also be given a trusted commitment to the participant array and \( \Proven\W \) value. The trusted data SHOULD be taken from the Ledger at the relevant round.
To encourage the formation of shorter State Proof, the rule for validity of state proof transactions is dependent on the first valid round in the transaction.
In particular, the signed weight of a State Proof MUST be:
-
Equal to the total online stake, \( \Total\W \), if the first valid round on the transaction is no greater than the state proof round (defined in the message structure) plus \( \frac{\StateProofInterval}{2} \).
-
At least \( \Proven\W + (\Total\W - \Proven\W) \times \frac{\Offset}{\frac{\StateProofInterval}{2}} \), if the first valid round on the transaction is the state proof round (defined in the message structure) plus \( \frac{\StateProofInterval}{2} + \Offset \).
-
At least the minimum weight being proven by the proof, \( \Proven\W \), if the first valid round on the transaction is no less than state proof round (defined in the message structure) plus \( \StateProofInterval \).
Where \( \Proven\W = \frac{\Total\W \times \StateProofWeightThreshold}{2^{32}} \)
When a state proof transaction is applied to the state, the next expected State Proof round for that type of State Proof is incremented by \( \StateProofInterval \).
A node should be able to verify a state proof transaction at any time, even if the transaction first valid round is greater than the next expected State Proof round in the block header.
Semantic
TODO