Merge pull request #745 from input-output-hk/bwbush/fm-crypto

Formal specification of Leios cryptography

Author: bwbush

.github/workflows/lean_action_ci.yml

@@ -4,17 +4,33 @@ on:
   pull_request:
     paths:
       - "analysis/markov/**"
+      - "post-cip/formal-crypto/lean/**"
   push:
     branches:
       - main
     paths:
       - "analysis/markov/**"
+      - "post-cip/formal-crypto/lean/**"
 
 jobs:
-  build:
+
+  markov-simulator:
+    if: true
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: leanprover/lean-action@v1
         with:
           lake-package-directory: analysis/markov
+          use-github-cache: true
+
+  leioscrypto-spec:
+    if: false  # Turn off because the `proofwidgets` dependency fails to build due to an `npm` dependency.
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: leanprover/lean-action@v1
+        with:
+          lake-package-directory: post-cip/formal-crypto/lean
+          use-mathlib-cache: false
+          use-github-cache: false

post-cip/formal-crypto/ReadMe.md

@@ -0,0 +1,13 @@
+# Non-normative formal specifications for Leios sortition, votes, and certificates
+
+The folder [lean/](./lean/) contains the non-normative specification in Lean4.
+
+The normative specification is resides in the Leios CIP and related documents:
+
+- [CIP-0164](https://github.com/cardano-foundation/CIPs/blob/master/CIP-0164/README.md)
+- [BLS certificates for Leios](../../crypto-benchmarks.rs/Specification.md)
+- [Determining a quorum in weighted Fait Accompli with local sortition](../../weighted-fait-accompli.md)
+
+There also exists [a prototype benchmarking implementation in Rust](../../crypto-benchmarks.rs/).
+
+

post-cip/formal-crypto/lean/.gitignore

@@ -0,0 +1 @@
+.lake/

post-cip/formal-crypto/lean/ReadMe.md

@@ -0,0 +1,152 @@
+# Non-normative formal specification for Leios sortition, votes, and certificates in Lean4
+
+See [the read-me in the parent folder](../ReadMe.md) for context and further references.
+
+
+## Status
+
+This formal specification is a **non-normative** attempt to disambiguate and clarify concepts and relationships in [the original normative specifications](../ReadMe.md).
+
+Future potential development:
+
+- [ ] Refactor constraint structure for improved clarity.
+- [ ] Add hyperlinks to normative specifications.
+- [ ] Simplify proofs.
+- [ ] Separate lemmas from larger proofs.
+- [ ] Minimize use of `simp`, `omega`, and `aesop` tactics in proofs.
+- [ ] Translate into Agda.
+
+
+## Type relationships
+
+```mermaid
+classDiagram
+    %% --- Core Election Structures ---
+    class Election {
+        +Epoch epoch
+        +Slot slot
+        +ElectionId electionId
+        +BlockHash ebHash
+    }
+
+    class Epoch {
+        +LeiosParameters protocol
+        +Registry registry
+        +Nat number
+        +StakeDistribution stakes
+        +SlotRange slot_range
+        +PraosNonce nonce
+        +FaitAccompli fa
+    }
+
+    class LeiosParameters {
+        +Rat τ
+        +Nat n
+    }
+
+    class FaitAccompli {
+        +StakeDistribution stakes
+        +Nat seats
+        +Rat ρStar
+        +Nat n₁
+        +Nat n₂
+    }
+
+    %% --- Identity and Stakes ---
+    class StakeDistribution {
+        +List~PoolKeyHash, Coin~ pools
+    }
+
+    class Registry {
+        %% Registry is defined as List Registration
+        +List~Registration~ entries
+    }
+
+    class Registration {
+        +Pool pool
+        +Nat issueCounter
+        +ColdKeySignature signature
+    }
+
+    class Pool {
+        +PoolKeyHash poolId
+        +PublicKey mvk
+        +ProofOfPossession μ
+    }
+
+    %% --- Certificates and Votes ---
+    class Certificate {
+        +ElectionId electionId
+        +BlockHash ebHash
+        +List~PoolIndex~ persistentVotes
+        +List~PoolKeyHash, Signature~ nonpersistentVotes
+        +Option~Signature~ σ_tilde_eid
+        +Signature σ_tilde_m
+    }
+
+    class Vote {
+        <<Inductive>>
+        +PersistentVote(ElectionId, PoolIndex, BlockHash, Signature)
+        +NonpersistentVote(ElectionId, PoolKeyHash, Signature, BlockHash, Signature)
+    }
+
+    class Eligible {
+        <<Inductive>>
+        +IsPersistent(Proof)
+        +IsNonpersistent(Proof)
+        +NotEligible
+    }
+
+    %% --- Relationships ---
+    Election *-- Epoch
+    Epoch *-- LeiosParameters
+    Epoch *-- Registry
+    Epoch *-- StakeDistribution
+    Epoch *-- FaitAccompli
+    
+    %% FaitAccompli references the same stake distribution
+    FaitAccompli --> StakeDistribution 
+    
+    Registry o-- Registration
+    Registration *-- Pool
+    
+    %% Conceptual Links
+    Certificate --> Election : validates
+    Certificate ..> Vote : aggregates (conceptual)
+    
+    Vote --> Election : targets
+    Eligible --> Election : predicate on
+```
+
+
+## Conventions for constraints
+
+- `WellFormed` constraints ensure that values have basic internal consistency.
+- `Valid` constraints ensure that values are consistent with their context.
+- `Authentic` constraints ensure that values are cryptographically verified.
+- `Checked` constraints simply ensure `WellFormed ∧ Valid ∧ Authentic`.
+
+
+## Source
+
+- [BLS.lean](./src/Leioscrypto/BLS.lean): primitive BLS types, functions, and axioms.
+- [Certificate.lean](./src/Leioscrypto/Certificate.lean): certificates.
+- [Contexts.lean](./src/Leioscrypto/Contexts.lean): protocol parameters, epochs, and elections.
+- [FaitAccompli.lean](./src/Leioscrypto/FaitAccompli.lean): Fait Accompli sortition.
+- [LocalSortition.lean](./src/Leioscrypto/LocalSortition.lean):  local sortition.
+- [Registration.lean](./src/Leioscrypto/Registration.lean): key registration.
+- [StakeDistribution.lean](./src/Leioscrypto/StakeDistribution.lean): stake distribution.
+- [Types.lean](./src/Leioscrypto/Types.lean): basic types.
+- [Util.lean](./src/Leioscrypto/Util.lean): miscellaneous functions and theorems.
+- [Vote.lean](./src/Leioscrypto/Vote.lean): votes.
+
+
+## Type-checking and testing the specification
+
+A [Nix shell derivation](./shell.nix) is provided for type-checking the specification and executing its test suite.
+
+```bash
+nix-shell
+lake build
+lake test
+```

post-cip/formal-crypto/lean/lake-manifest.json

@@ -0,0 +1,145 @@
+{"version": "1.1.0",
+ "packagesDir": ".lake/packages",
+ "packages":
+ [{"url": "https://github.com/leanprover/doc-gen4",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "0ece4c27ae1abbd0b70df729e09d8b9c06351b80",
+   "name": "«doc-gen4»",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "v4.25.0",
+   "inherited": false,
+   "configFile": "lakefile.lean"},
+  {"url": "https://github.com/argumentcomputer/LSpec",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "24cceb69c20fadca0fd3acabe39fa9270dfb47e6",
+   "name": "LSpec",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "24cceb69c20fadca0fd3acabe39fa9270dfb47e6",
+   "inherited": false,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/mathlib4",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "1ccd71f89cbbd82ae7d097723ce1722ca7b01c33",
+   "name": "mathlib",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "v4.25.0",
+   "inherited": false,
+   "configFile": "lakefile.lean"},
+  {"url": "https://github.com/leanprover/lean4-cli",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "1dae8b12f8ba27576ffe5ddee78bebf6458157b0",
+   "name": "Cli",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/fgdorais/lean4-unicode-basic",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "1829aec18f0e8a661dd5acf5d659d636979ba4f2",
+   "name": "UnicodeBasic",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.lean"},
+  {"url": "https://github.com/dupuisf/BibtexQuery",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "29a4b34f8caa7c95934ab4494d8866fde1850c0b",
+   "name": "BibtexQuery",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "master",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/acmepjz/md4lean",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "44da417da3705ede62b5c39382ddd2261ec3933e",
+   "name": "MD4Lean",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.lean"},
+  {"url": "https://github.com/leanprover-community/plausible",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "2503bfb5e2d4d8202165f5bd2cc39e44a3be31c3",
+   "name": "plausible",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/LeanSearchClient",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "2ed4ba69b6127de8f5c2af83cccacd3c988b06bf",
+   "name": "LeanSearchClient",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/import-graph",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "009064c21bad4d7f421f2901c5e817c8bf3468cb",
+   "name": "importGraph",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/ProofWidgets4",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "e8ef4bdd7a23c3a37170fbd3fa7ee07ef2a54c2d",
+   "name": "proofwidgets",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "v0.0.79",
+   "inherited": true,
+   "configFile": "lakefile.lean"},
+  {"url": "https://github.com/leanprover-community/aesop",
+   "type": "git",
+   "subDir": null,
+   "scope": "",
+   "rev": "26e4c7c0e63eb3e6cce3cf7faba27b8526ea8349",
+   "name": "aesop",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "v4.25.0",
+   "inherited": false,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/quote4",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "2781d8ad404303b2fe03710ac7db946ddfe3539f",
+   "name": "Qq",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "master",
+   "inherited": true,
+   "configFile": "lakefile.toml"},
+  {"url": "https://github.com/leanprover-community/batteries",
+   "type": "git",
+   "subDir": null,
+   "scope": "leanprover-community",
+   "rev": "5c78955e8375f872c085514cb521216bac1bda17",
+   "name": "batteries",
+   "manifestFile": "lake-manifest.json",
+   "inputRev": "main",
+   "inherited": true,
+   "configFile": "lakefile.toml"}],
+ "name": "leioscrypto",
+ "lakeDir": ".lake"}

post-cip/formal-crypto/lean/lakefile.lean

@@ -0,0 +1,44 @@
+import Lake
+
+open Lake DSL
+
+abbrev linter : Array LeanOption := #[
+    ⟨`linter.longLine, true⟩,
+--  (`linter.style.multiGoal, true),
+--  (`linter.textBased.trailingWhitespace, true),
+--  (`linter.defLemma, true),
+    ⟨`linter.missingEnd, true⟩,
+    ⟨`linter.setOption, true⟩
+]
+
+package «leioscrypto» where
+  version := StdVer.mk (SemVerCore.mk 0 1 0) ""
+  testDriver := "leioscrypto_test"
+  leanOptions := #[
+    -- pretty-prints `fun a ↦ b`
+    ⟨`pp.unicode.fun, true⟩,
+    -- disables automatic implicit arguments
+    ⟨`autoImplicit, false⟩,
+    -- suppresses the checkBinderAnnotations error/warning
+    ⟨`checkBinderAnnotations, false⟩,
+  ] ++ linter.map fun s ↦ { s with name := `weak ++ s.name }
+  moreServerOptions := #[
+    ⟨`trace.debug, true⟩,
+  ]
+
+lean_lib «Leioscrypto» where
+  srcDir := "src"
+
+@[default_target]
+lean_exe «leioscrypto_test» where
+  root := `LeioscryptoTest
+  srcDir := "src"
+
+require mathlib from git
+  "https://github.com/leanprover-community/mathlib4" @ "v4.25.0"
+
+require LSpec from git
+  "https://github.com/argumentcomputer/LSpec" @ "b05e6b83798bce0887eb5001cb10fdcbe675dde3"
+
+require «doc-gen4» from git
+  "https://github.com/leanprover/doc-gen4" @ "v4.25.0"

post-cip/formal-crypto/lean/lean-toolchain

@@ -0,0 +1 @@
+leanprover/lean4:v4.25.0