Write clearer about bls

Author: vrom911

src/Hydra/Protocol/OffChain.tex

@@ -9,6 +9,12 @@ \section{Off-Chain Protocol}\label{sec:offchain}
 on- and off-chain semantics. Participants of the protocol are also called Hydra
 head members, parties or simply protocol actors. The protocol is specified as a
 reactive system that processes three kinds of inputs:
+
+\noindent The off-chain protocol coordinates BLS accumulator operations (see Section~\ref{sec:bls-accumulators})
+for partial fanout support. When UTxO sets are too large for single transactions,
+the off-chain protocol automatically falls back to partial distribution using
+exclusion proofs, ensuring all UTxOs can be distributed across multiple transactions
+while maintaining cryptographic integrity. The protocol processes three kinds of inputs:
 \begin{enumerate}
   \item On-chain protocol transactions as introduced in
         Section~\ref{sec:on-chain}, which are posted to the mainchain and can be

src/Hydra/Protocol/OnChain.tex

@@ -17,6 +17,12 @@ \section{On-chain Protocol}\label{sec:on-chain}
 protocol transaction
 on-chain: \mtxInit{}~\ref{sec:init-tx}, \mtxCom{}~\ref{sec:commit-tx}, \mtxAbort{}~\ref{sec:abort-tx}, \mtxCollect{}~\ref{sec:collect-tx}, \mtxIncrement{}~\ref{sec:increment-tx}, \mtxDecrement{}~\ref{sec:decrement-tx}, \mtxClose{}~\ref{sec:close-tx}, \mtxContest{}~\ref{sec:contest-tx}, and \mtxFanout{}~\ref{sec:fanout-tx}. \\
 
+\noindent The protocol uses BLS accumulators (see Section~\ref{sec:bls-accumulators}) to enable
+partial fanout when UTxO sets exceed transaction size limits. The \mtxCollect{} transaction
+creates BLS accumulator commitments to UTxO sets, and \mtxFanout{} transactions use
+exclusion proofs to distribute subsets of UTxOs while maintaining cryptographic guarantees
+about the remaining UTxOs. \\
+
 \noindent Besides the main state transitions of the head protocol, there is
   the related ``deposit protocol'' with two transactions in support of
   \mtxIncrement{}: \mtxDeposit{}~\ref{sec:deposit-tx} and \mtxRecover{}~\ref{sec:recover-tx}. \\

src/Hydra/Protocol/Preliminaries.tex

@@ -84,24 +84,38 @@ \subsection{Public key multi-signature scheme}\label{sec:multisig}
 out the $ver$ suffix for verification key such that $k = k^{ver}$ for better
 readability.
 
-\subsection{Partial Fanout Support}\label{sec:partial-fanout}
+\subsection{BLS Accumulators for Partial Fanout}\label{sec:bls-accumulators}
 
 \noindent To enable partial fanout when UTxO sets are too large for a single transaction,
-the protocol uses a cryptographic commitment scheme that supports partial distribution
+the protocol uses BLS (Boneh-Lynn-Shacham) accumulators that support partial distribution
 proofs. This allows distributing a subset of UTxOs while proving that the remaining
 UTxOs are still valid and can be distributed in subsequent transactions.
 
+\begin{definition}[BLS Accumulator]
+A BLS accumulator scheme provides the following operations:
+\begin{itemize}
+	\item $\accSetup$ generates public parameters for the accumulator system
+	\item $\accCommit(U)$ creates a commitment to a UTxO set $U$
+	\item $\accWitness(C, u)$ generates a membership witness for UTxO $u$ in commitment $C$
+	\item $\accVerify(C, u, w)$ verifies that witness $w$ proves $u$ is in commitment $C$
+	\item $\accExclude(C, S)$ generates an exclusion proof for subset $S$ from commitment $C$
+	\item $\accVerifyExclude(C, S, \pi)$ verifies that exclusion proof $\pi$ allows removal of $S$ from $C$
+\end{itemize}
+\end{definition}
+
 \begin{definition}[Partial Distribution]
 For a UTxO set $U$ and a subset $S \subseteq U$ to be distributed:
 \begin{itemize}
-	\item $\accUTxO(U)$ creates a commitment to the UTxO set $U$
-	\item $\accPartial(U, S)$ creates a proof that subset $S$ can be distributed
-	\item $\accVerifyPartial(C, S, \pi)$ verifies that proof $\pi$ allows distribution of $S$ from commitment $C$
+	\item $\accUTxO(U)$ creates a BLS accumulator commitment to the UTxO set $U$
+	\item $\accPartial(U, S)$ creates an exclusion proof showing that subset $S$ can be distributed
+	\item $\accVerifyPartial(C, S, \pi)$ verifies that exclusion proof $\pi$ allows distribution of $S$ from commitment $C$
 \end{itemize}
 \end{definition}
 
-\noindent This enables the protocol to handle large UTxO sets by automatically falling back
-to partial distribution when full fanout exceeds transaction size limits.
+\noindent The BLS accumulator enables the protocol to handle large UTxO sets by automatically falling back
+to partial distribution when full fanout exceeds transaction size limits. The accumulator provides
+cryptographic guarantees that distributed UTxOs are valid and that remaining UTxOs are still
+available for future distribution.
 
 \subsection{Extended UTxO}\label{sec:eutxo}
 The Hydra Head protocol is specified to work on the so-called Extended UTxO (EUTxO) ledgers

src/macros.tex

@@ -366,7 +366,13 @@
 \newcommand{\sortOn}{\mathsf{sortOn}}
 \newcommand{\combine}{\mathsf{combine}}
 
-% Partial fanout functions
+% BLS Accumulator functions for partial fanout
+\newcommand{\accSetup}{\mathsf{accSetup}}
+\newcommand{\accCommit}{\mathsf{accCommit}}
+\newcommand{\accWitness}{\mathsf{accWitness}}
+\newcommand{\accVerify}{\mathsf{accVerify}}
+\newcommand{\accExclude}{\mathsf{accExclude}}
+\newcommand{\accVerifyExclude}{\mathsf{accVerifyExclude}}
 \newcommand{\accUTxO}{\mathsf{accUTxO}}
 \newcommand{\accPartial}{\mathsf{accPartial}}
 \newcommand{\accVerifyPartial}{\mathsf{accVerifyPartial}}