The set containing the first unsigned integers .
Indicates that is an index pointing to an element in an array of elements; equivalent to where .
Indicates that the value is an array of length where each element of the array is of type .
Indicates that is a prime field element, specifically an element of BLS12-381's scalar field having modulus .
An array of elements.
A slice of the array .
The number of nodes in the sector; allowed sector sizes are 32GiB and 64GiB.
The index of the partition in the sector for which a proof is being generated.
The number of high bits taken from each challenge's [little-endian] binary representation. Filecoin currently defaults to using .
The number of apex-leafs per partition.
The number of bits required to specify the index of an apex-leaf; equivalently the height of each partition's apex-tree, i.e. each apex-tree contains rows (including leafs and root).
The position in a Merkle proof which contains an apex-leaf.
The number of challenges per partition.
The maximum number of challenges which can be derived from a single Poseidon digest when Poseidon is used as a pseudorandom function (PRF). is the number of fully utilized bits in a field element .
An array containing the allowed values for .
The index of the configuration parameter in .
An integer which encodes .
The binary representation of . Note that exactly one bit in is set which gives the index () of the chosen in .
A packed integer containing and .
The binary representation of . The first bit is the least-significant of and last bit is the most-significant of .
The binary representation of the chosen partition-index .
The number of bits required to specify the index of a node in a sector.
The number of partitions per sector.
The number of bits required to specify a partition-index ; equivalently the height of the top of a sector's (starting at the tree row containing number of nodes and continuing upwards until the tree's root is reached).
The number of nodes in each partition of a sector.
The number of calls to the Poseidon-PRF required to generate a partition's challenges.
The number of random bits generated per challenge; equivalently the number of bits required to specify the index of a node in a partition. Note that during challenge generation for a partition , all challenge's will fall within the partition of the sector, i.e. the first bits of each challenge are randomly chosen and the last bits of each challenge are the same.
The heights of trees that have been generated over a sector of values. 's are arity-2 and use , whereas 's are arity-8 and use . Note that adding 1 to a tree's height (for the leafs) gives the number of "rows" in the tree.
An empty sector of data input to SDR-PoRep. Note that is not used by the empty-sector-update proof.
The replica of output by SDR-PoRep.
The data which is replacing the empty sector data .
The encoding of the new data .
An arity-8 Merkle tree built over the replica output by running SDR-PoRep on an empty sector .
An arity-2 Merkle tree built over the data which is replacing that of the old empty sector .
An arity-8 Merkle tree built over the empty-sector-update encoding of the new sector data .
Commitments to three Merkle trees. Note that is a commitment which was generated by SDR-PoRep when encoding into .
Arity-2 Merkle proof type.
Arity-8 Merkle proof type.
Represents an empty-sector-update proof. One is generated for each partition of an updated sector, thus number of 's are generated per updated sector. number of challenges are generated per partition, thus each contains number of 's.
Three Merkle proofs are generated per challenge, one for each of the trees , , and .
Denotes all Merkle proofs generated for a partition.
Denotes the final portion of all Merkle proofs (starting from the partition's apex-root and continuing upwards until is reached) generated for this partition. Note a partition's is constant for all challenges in a partition, thus may correspond to any challenge in a partition.
The partition's apex-leafs, i.e. the chunk of nodes from the row containing values.
and are sub-trees of a sector's . Each has exactly one (the top 5 rows of ) and unique 's (one for each partition). The root of the partition's is the leaf in .
Each Merkle challenge is the index of a node in a sector, thus challenges are either 30 or 31 bits (32GiB sectors contain nodes, 64GiB sectors contain nodes).
The last bits of a challenge represent the challenge's partition-index . All challenges in a partition have the same partition bits.
Partition bits are used during Merkle proof validation to hash from a partition's apex-root up to .
The top rows of are a sub-tree (of height 4) called whose leafs are a sector's apex-roots and whose root is .
The bits preceding a challenge's partition bits represent the index of the challenge's apex-leaf in the partition's .
Apex-leaf bits are used during Merkle proof validation to hash from a challenge's apex-leaf up to the partition's apex-root.
All challenge bits which precede the apex-leaf bits, i.e. the challenge's first bits, are used during Merkle proof validation to hash from the challenge's leaf in up to the challenge's apex-leaf.
Challenge generation is the process by which we generate challenges per partition in an updated sector (of or number nodes) by calling Poseidon-PRF (128-bit security level, prime field , arity-2, width-3, see Poseidon-PRF gadget for domain separation tag) number of times to generate the binary representation of each of the partition's challenges.
The preimage for each call to Poseidon-PRF in a partition is the concatenation of the unique identifier associated with the updated sector and the unique index of the PRF call in the sector .
The number of fully utilized bits in a Poseidon digest is ; if a sector partition contains (32GiB sector-size) or (64GiB sector-size) nodes (where is the number of partitions per sector), then the number of challenge generated from each PRF digest is . We denote or as the number of bits taken from a PRF digest for each challenge.
The chunk of challenges for partition is generated as follows:
A challenge is an index of a node in a partition of number of nodes; appending the little-endian binary representation of the partition-index onto 's binary representation yields the challenge's node-index across all nodes in the sector.
We assign a value for each updated sector:
where is a commitment to the empty sector's SDR replica and is a commitment to the new data which will overwrite the empty sector.
The Empty-Sector-Update algorithm takes a configuration parameter which specifies the number of high (i.e. most-significant) bits taken from each challenge's binary representation denoted :
note that is the total number of challenges per sector.
For each challenge , a value is computed from the challenge's high bits and the sector's .
is used to compute the encoding of the node's new data, see Old and New Sectors for notation.
Denotes that is an allocated value in R1CS having the value , where is an unallocated value.
Denotes that is an allocated value in R1CS and is a public-input. The prover assigns the value of in R1CS to that of , where is an unallocated value.
A BLS12-381 scalar field element allocated in R1CS.
A boolean constrained BLS12-381 scalar field element allocated in R1CS.
Allocates and returns the value and adds the R1CS constraint .
Allocates and returns the value and adds the R1CS constraint .
Allocates and returns the evaluation of the provided linear-combination; each is a value allocated in R1CS and each is an unallocated constant by which is scaled. This gadget adds the R1CS constraint .
Allocates and returns the the sum of the array of allocated values . Equivalent to calling .
Allocates and returns the little-endian binary representation of the allocated value . This gadget allocates boolean constrained values in R1CS (adding one boolean constraint per bit) and adds the constraint where each is an unallocated constant.
Given an allocated array of two field elements () computes the Poseidon digest (width-3) of the preimage in R1CS and returns the allocated digest. This gadget uses the Poseidon "Merkle Tree arity-2" domain separation tag, i.e. the first field element of the width-3 initial state is and the remaining two elements of the initial state are .
Uses Poseidon as a pseudorandom function (PRF). This gadget is identical to except that here we use a "custom" Poseidon domain separation tag of .
Creates an arity-2 SHA256 Merkle tree in R1CS from the leafs and returns the root as an allocated value.
Generates random challenges for partition of the updated sector corresponding to .
Returns the high bits of , allocated as a single field element, where is chosen from via .