Add reference implementation (#111)

* Move module parameters into a bundled record

* WIP: add reference implementation

* Post-rebase fixing

* Delete files unnecessary here

* Revert "Delete files unnecessary here"

This reverts commit 9ea66a45f0e141b5567669668a697ad58728c39e.

* Add necessary functions to execute the Computational instance

* Add missing file

* Make some progress on the correctness proofs

* Prove `Base-total'`

* Fix performance problems, finish `computeProof`

* Add tests from the demo

* Add top-level import

* Rename: Simple -> Simplified

Author: WhatisRT

formal-spec/Class/Computational22.agda

@@ -33,3 +33,14 @@ module _ (STS : S → I → O → S → Type) where
       comp22⇒comp : Computational STS' Err
       comp22⇒comp .Computational.computeProof (s , i)          = computeProof s i
       comp22⇒comp .Computational.completeness (s , i) (o , s') = completeness s i o s'
+
+module _ {STS : S → I → O → S → Type} ⦃ _ : Computational22 STS Err ⦄ where
+  open Computational22 it
+
+  -- basically `traverse`
+  computeTrace : S → List I → ComputationResult Err (List O × S)
+  computeTrace s [] = success ([] , s)
+  computeTrace s (x ∷ is) = do
+    (o , s')   ← compute s x
+    (os , s'') ← computeTrace s' is
+    return (o ∷ os , s'')

formal-spec/Everything.agda

@@ -1,5 +1,6 @@
 module Everything where
 
 open import Leios.Simplified
+open import Leios.Simplified.Deterministic
 open import Leios.Short
 open import Leios.Network

formal-spec/Leios/Protocol.agda

@@ -128,6 +128,25 @@ module _ (s : LeiosState) where
       { IBBodies = b ∷ IBBodies
       }
 
+module _ {s s'} where
+  open LeiosState s'
+
+  upd-preserves-Upkeep : ∀ {x} → LeiosState.Upkeep s ≡ LeiosState.Upkeep s'
+                               → LeiosState.Upkeep s ≡ LeiosState.Upkeep (upd s' x)
+  upd-preserves-Upkeep {inj₁ (ibHeader x)} refl with A.any? (matchIB? x) IBBodies
+  ... | yes p = refl
+  ... | no ¬p = refl
+  upd-preserves-Upkeep {inj₁ (ebHeader x)} refl = refl
+  upd-preserves-Upkeep {inj₁ (vHeader x)} refl = refl
+  upd-preserves-Upkeep {inj₂ (ibBody x)} refl with A.any? (flip matchIB? x) IBHeaders
+  ... | yes p = refl
+  ... | no ¬p = refl
+
 infix 25 _↑_
 _↑_ : LeiosState → List (Header ⊎ Body) → LeiosState
 _↑_ = foldr (flip upd)
+
+↑-preserves-Upkeep : ∀ {s x} → LeiosState.Upkeep s ≡ LeiosState.Upkeep (s ↑ x)
+↑-preserves-Upkeep {x = []} = refl
+↑-preserves-Upkeep {s = s} {x = x ∷ x₁} =
+  upd-preserves-Upkeep {s = s} {x = x} (↑-preserves-Upkeep {x = x₁})

formal-spec/Leios/Simplified/Deterministic.agda

@@ -0,0 +1,94 @@
+--------------------------------------------------------------------------------
+-- Deterministic variant of simple Leios
+--------------------------------------------------------------------------------
+
+open import Leios.Prelude hiding (id)
+open import Prelude.Init using (∃₂-syntax)
+open import Leios.FFD
+
+import Data.List as L
+open import Data.List.Relation.Unary.Any using (here)
+
+open import Leios.SpecStructure
+open import Leios.Trace using (st-2)
+
+module Leios.Simplified.Deterministic.Test (Λ μ : ℕ) where
+
+open SpecStructure st-2
+
+import Leios.Simplified
+open import Leios.Simplified st-2 Λ μ hiding (_-⟦_/_⟧⇀_) renaming (initLeiosState to initLeiosState')
+module ND = Leios.Simplified st-2 Λ μ
+
+open import Class.Computational
+open import Class.Computational22
+open import StateMachine
+
+open BaseAbstract B' using (Cert; V-chkCerts; VTy; initSlot)
+open GenFFD
+
+open FFD hiding (_-⟦_/_⟧⇀_)
+
+private variable s s' s0 s1 s2 s3 s4 s5 : LeiosState
+                 i      : LeiosInput
+                 o      : LeiosOutput
+                 ffds'  : FFD.State
+                 π      : VrfPf
+                 bs'    : B.State
+                 ks ks' : K.State
+                 msgs   : List (FFDAbstract.Header ffdAbstract ⊎ FFDAbstract.Body ffdAbstract)
+                 eb     : EndorserBlock
+                 rbs    : List RankingBlock
+                 txs    : List Tx
+                 V      : VTy
+                 SD     : StakeDistr
+                 pks    : List PubKey
+
+open Computational22 ⦃...⦄
+open import Leios.Simplified.Deterministic st-2 Λ μ
+
+instance
+  Computational-B : Computational22 B._-⟦_/_⟧⇀_ String
+  Computational-B .computeProof s (BaseAbstract.Input.INIT x) =
+    success ((BaseAbstract.Output.STAKE {!!} , tt) , tt)
+  Computational-B .computeProof s (BaseAbstract.Input.SUBMIT x) =
+    success ((BaseAbstract.Output.EMPTY , tt) , tt)
+  Computational-B .computeProof s BaseAbstract.Input.FTCH-LDG =
+    success ((BaseAbstract.Output.BASE-LDG [] , tt) , tt)
+  Computational-B .completeness = {!!}
+
+  Computational-FFD : Computational22 FFD._-⟦_/_⟧⇀_ String
+  Computational-FFD .computeProof s (FFDAbstract.Send x x₁) = success ((FFDAbstract.SendRes , tt) , tt)
+  Computational-FFD .computeProof s FFDAbstract.Fetch       = success ((FFDAbstract.FetchRes [] , tt) , tt)
+  Computational-FFD .completeness = {!!}
+
+comp = Computational--⟦/⟧⇀ ⦃ Computational-B ⦄ ⦃ Computational-FFD ⦄
+
+initLeiosState : VTy → StakeDistr → B.State → LeiosState
+initLeiosState v sd bs = record (initLeiosState' v sd bs) { Upkeep = allUpkeep }
+
+module _ v sd bs where opaque
+  unfolding List-Modelᵈ V2-Role-total
+
+  computeProofTy : (s : LeiosState) (i : LeiosInput)
+    → ComputationResult String (Σ[ (o , s') ∈ LeiosOutput × LeiosState ] s -⟦ i / o ⟧⇀ s')
+  computeProofTy = computeProof ⦃ comp ⦄
+
+  compute-≡ : (s : LeiosState) (i : LeiosInput)
+    → compute ⦃ comp ⦄ s i ≡ map ⦃ Functor-ComputationResult ⦄ proj₁ (computeProof ⦃ comp ⦄ s i)
+  compute-≡ s i = refl
+
+  test₁ : ∀ tx
+    → Σ[ x ∈ LeiosOutput × LeiosState ] compute (initLeiosState v sd bs) (SUBMIT (inj₂ [ tx ]))
+      ≡ success x
+  test₁ tx = -, refl
+
+  test₂ : Σ[ x ∈ LeiosOutput × LeiosState ] compute (initLeiosState v sd bs) SLOT
+          ≡ success x
+  test₂ = -, refl
+
+  test₃ : Tx → Set
+  test₃ tx = {!proj₁ test₂!}
+
+  trace : ComputationResult String (List LeiosOutput × LeiosState)
+  trace = computeTrace (initLeiosState v sd bs) (SLOT ∷ SLOT ∷ [])

formal-spec/Leios/Simplified/Deterministic/Test.agda

@@ -123,6 +123,14 @@ d-VotingAbstract =
     ; isVoteCertified = λ _ _ → ⊤
     }
 
+d-VotingAbstract-2 : VotingAbstract (Fin 2 × EndorserBlock)
+d-VotingAbstract-2 =
+  record
+    { VotingState = ⊤
+    ; initVotingState = tt
+    ; isVoteCertified = λ _ _ → ⊤
+    }
+
 st : SpecStructure 1
 st = record
       { a = d-Abstract
@@ -143,6 +151,26 @@ st = record
       ; va = d-VotingAbstract
       }
 
+st-2 : SpecStructure 2
+st-2 = record
+      { a = d-Abstract
+      ; id = zero
+      ; FFD' = d-FFDFunctionality
+      ; vrf' = d-VRF
+      ; sk-IB = tt
+      ; sk-EB = tt
+      ; sk-V = tt
+      ; pk-IB = tt
+      ; pk-EB = tt
+      ; pk-V = tt
+      ; B' = d-Base
+      ; BF = d-BaseFunctionality
+      ; initBaseState = tt
+      ; K' = d-KeyRegistration
+      ; KF = d-KeyRegistrationFunctionality
+      ; va = d-VotingAbstract-2
+      }
+
 open import Leios.Short st public
 
 sd : TotalMap (Fin 1) ℕ

formal-spec/Leios/Trace.agda

@@ -0,0 +1,157 @@
+{-# OPTIONS --safe #-}
+
+open import Leios.Prelude hiding (id)
+open import Leios.FFD
+open import Leios.SpecStructure
+open import Data.Fin.Patterns
+
+module Leios.UniformShort (⋯ : SpecStructure 1)
+  (let open SpecStructure ⋯ renaming (isVoteCertified to isVoteCertified')) where
+
+data SlotUpkeep : Type where
+  Base IB-Role EB-Role V-Role : SlotUpkeep
+
+allUpkeep : ℙ SlotUpkeep
+allUpkeep = fromList (Base ∷ IB-Role ∷ EB-Role ∷ V-Role ∷ [])
+
+open import Leios.Protocol (⋯) SlotUpkeep public
+
+open BaseAbstract B' using (Cert; V-chkCerts; VTy; initSlot)
+open FFD hiding (_-⟦_/_⟧⇀_)
+open GenFFD
+
+isVoteCertified : LeiosState → EndorserBlock → Type
+isVoteCertified s eb = isVoteCertified' (LeiosState.votingState s) (0F , eb)
+
+module Protocol where
+
+  private variable s s'   : LeiosState
+                   ffds'  : FFD.State
+                   π      : VrfPf
+                   bs'    : B.State
+                   ks ks' : K.State
+                   msgs   : List (FFDAbstract.Header ffdAbstract ⊎ FFDAbstract.Body ffdAbstract)
+                   eb     : EndorserBlock
+                   rbs    : List RankingBlock
+                   txs    : List Tx
+                   V      : VTy
+                   SD     : StakeDistr
+                   pks    : List PubKey
+
+  -- Uniform Short Pipeline:
+  --
+  -- 1. If elected, propose IB
+  -- 2. Wait
+  -- 3. Wait
+  -- 4. If elected, propose EB
+  -- 5. If elected, vote
+  --    If elected, propose RB
+
+  data _↝_ : LeiosState → LeiosState → Type where
+
+    IB-Role : let open LeiosState s renaming (FFDState to ffds)
+                  b = ibBody (record { txs = ToPropose })
+                  h = ibHeader (mkIBHeader slot id π sk-IB ToPropose)
+            in
+            ∙ needsUpkeep IB-Role
+            ∙ canProduceIB slot sk-IB (stake s) π
+            ∙ ffds FFD.-⟦ Send h (just b) / SendRes ⟧⇀ ffds'
+            ─────────────────────────────────────────────────────────────────────────
+            s ↝ addUpkeep record s { FFDState = ffds' } IB-Role
+
+    EB-Role : let open LeiosState s renaming (FFDState to ffds)
+                  LI = map getIBRef $ filter (_∈ᴮ slice L slot 3) IBs
+                  h = mkEB slot id π sk-EB LI []
+            in
+            ∙ needsUpkeep EB-Role
+            ∙ canProduceEB slot sk-EB (stake s) π
+            ∙ ffds FFD.-⟦ Send (ebHeader h) nothing / SendRes ⟧⇀ ffds'
+            ─────────────────────────────────────────────────────────────────────────
+            s ↝ addUpkeep record s { FFDState = ffds' } EB-Role
+
+    V-Role : let open LeiosState s renaming (FFDState to ffds)
+                 EBs' = filter (allIBRefsKnown s) $ filter (_∈ᴮ slice L slot 1) EBs
+                 votes = map (vote sk-V ∘ hash) EBs'
+            in
+            ∙ needsUpkeep V-Role
+            ∙ canProduceV slot sk-V (stake s)
+            ∙ ffds FFD.-⟦ Send (vHeader votes) nothing / SendRes ⟧⇀ ffds'
+            ─────────────────────────────────────────────────────────────────────────
+            s ↝ addUpkeep record s { FFDState = ffds' } V-Role
+
+    No-IB-Role : let open LeiosState s in
+            ∙ needsUpkeep IB-Role
+            ∙ ¬ canProduceIB slot sk-IB (stake s) π
+            ─────────────────────────────────────────────
+            s ↝ addUpkeep s IB-Role
+
+    No-EB-Role : let open LeiosState s in
+            ∙ needsUpkeep EB-Role
+            ∙ ¬ canProduceEB slot sk-EB (stake s) π
+            ─────────────────────────────────────────────
+            s ↝ addUpkeep s EB-Role
+
+    No-V-Role : let open LeiosState s in
+            ∙ needsUpkeep V-Role
+            ∙ ¬ canProduceV slot sk-V (stake s)
+            ─────────────────────────────────────────────
+            s ↝ addUpkeep s V-Role
+
+  data _-⟦_/_⟧⇀_ : Maybe LeiosState → LeiosInput → LeiosOutput → LeiosState → Type where
+
+    -- Initialization
+
+    Init :
+         ∙ ks K.-⟦ K.INIT pk-IB pk-EB pk-V / K.PUBKEYS pks ⟧⇀ ks'
+         ∙ initBaseState B.-⟦ B.INIT (V-chkCerts pks) / B.STAKE SD ⟧⇀ bs'
+         ────────────────────────────────────────────────────────────────
+         nothing -⟦ INIT V / EMPTY ⟧⇀ initLeiosState V SD bs'
+
+    -- Network and Ledger
+
+    Slot : let open LeiosState s renaming (FFDState to ffds; BaseState to bs) in
+         ∙ Upkeep ≡ᵉ allUpkeep
+         ∙ bs B.-⟦ B.FTCH-LDG / B.BASE-LDG rbs ⟧⇀ bs'
+         ∙ ffds FFD.-⟦ Fetch / FetchRes msgs ⟧⇀ ffds'
+         ───────────────────────────────────────────────────────────────────────
+         just s -⟦ SLOT / EMPTY ⟧⇀ record s
+             { FFDState  = ffds'
+             ; BaseState = bs'
+             ; Ledger    = constructLedger rbs
+             ; slot      = suc slot
+             ; Upkeep    = ∅
+             } ↑ L.filter isValid? msgs
+
+    Ftch :
+         ────────────────────────────────────────────────────────
+         just s -⟦ FTCH-LDG / FTCH-LDG (LeiosState.Ledger s) ⟧⇀ s
+
+    -- Base chain
+    --
+    -- Note: Submitted data to the base chain is only taken into account
+    --       if the party submitting is the block producer on the base chain
+    --       for the given slot
+
+    Base₁   :
+            ───────────────────────────────────────────────────────────────────
+            just s -⟦ SUBMIT (inj₂ txs) / EMPTY ⟧⇀ record s { ToPropose = txs }
+
+    Base₂a  : let open LeiosState s renaming (BaseState to bs) in
+            ∙ needsUpkeep Base
+            ∙ eb ∈ filter (λ eb → isVoteCertified s eb × eb ∈ᴮ slice L slot 2) EBs
+            ∙ bs B.-⟦ B.SUBMIT (this eb) / B.EMPTY ⟧⇀ bs'
+            ───────────────────────────────────────────────────────────────────────
+            just s -⟦ SLOT / EMPTY ⟧⇀ addUpkeep record s { BaseState = bs' } Base
+
+    Base₂b  : let open LeiosState s renaming (BaseState to bs) in
+            ∙ needsUpkeep Base
+            ∙ [] ≡ filter (λ eb → isVoteCertified s eb × eb ∈ᴮ slice L slot 2) EBs
+            ∙ bs B.-⟦ B.SUBMIT (that ToPropose) / B.EMPTY ⟧⇀ bs'
+            ───────────────────────────────────────────────────────────────────────
+            just s -⟦ SLOT / EMPTY ⟧⇀ addUpkeep record s { BaseState = bs' } Base
+
+    -- Protocol rules
+
+    Roles : ∙ s ↝ s'
+            ─────────────────────────────
+            just s -⟦ SLOT / EMPTY ⟧⇀ s'

formal-spec/Leios/UniformShort.agda

@@ -34,6 +34,12 @@ record LeiosVRF : Type₁ where
   canProduceEB : ℕ → PrivKey → ℕ → VrfPf → Type
   canProduceEB slot k stake π = let (val , pf) = eval k (genEBInput slot) in val < stake × pf ≡ π
 
+  Dec-canProduceEB : ∀ {slot k stake} → (∃[ π ] canProduceEB slot k stake π) ⊎ (∀ π → ¬ canProduceEB slot k stake π)
+  Dec-canProduceEB {slot} {k} {stake} with eval k (genEBInput slot)
+  ... | (val , pf) = case ¿ val < stake ¿ of λ where
+    (yes p) → inj₁ (pf , p , refl)
+    (no ¬p) → inj₂ (λ π (h , _) → ¬p h)
+
   canProduceEBPub : ℕ → ℕ → PubKey → VrfPf → ℕ → Type
   canProduceEBPub slot val k pf stake = verify k (genEBInput slot) val pf × val < stake
 
@@ -43,5 +49,13 @@ record LeiosVRF : Type₁ where
   canProduceV1 : ℕ → PrivKey → ℕ → Type
   canProduceV1 slot k stake = proj₁ (eval k (genV1Input slot)) < stake
 
+  Dec-canProduceV1 : ∀ {slot k stake} → Dec (canProduceV1 slot k stake)
+  Dec-canProduceV1 {slot} {k} {stake} with eval k (genV1Input slot)
+  ... | (val , pf) = ¿ val < stake ¿
+
   canProduceV2 : ℕ → PrivKey → ℕ → Type
   canProduceV2 slot k stake = proj₁ (eval k (genV2Input slot)) < stake
+
+  Dec-canProduceV2 : ∀ {slot k stake} → Dec (canProduceV2 slot k stake)
+  Dec-canProduceV2 {slot} {k} {stake} with eval k (genV2Input slot)
+  ... | (val , pf) = ¿ val < stake ¿

formal-spec/Leios/VRF.agda

@@ -0,0 +1,56 @@
+{-# OPTIONS --safe #-}
+
+module StateMachine where
+
+open import Agda.Primitive using () renaming (Set to Type)
+
+open import Prelude.Init hiding (map)
+open import Prelude.InferenceRules
+
+open import Class.Bifunctor
+
+private
+  variable S I O : Type
+           s s' s'' : S
+           i : I
+           is : List I
+           o : O
+           os : List O
+           STS : S → I → O → S → Type
+
+module _ (_-⟦_/_⟧⇀_ : S → I → O → S → Type) where
+  data _-⟦_/_⟧*⇀_ : S → List I → List O → S → Type where
+
+    BS-base :
+        ─────────────────
+        s -⟦ [] / [] ⟧*⇀ s
+
+    BS-ind :
+      ∙ s  -⟦ i      / o      ⟧⇀  s'
+      ∙ s' -⟦ is     / os     ⟧*⇀ s''
+        ───────────────────────────────────────
+        s  -⟦ i ∷ is / o ∷ os ⟧*⇀ s''
+
+ReflexiveTransitiveClosure = _-⟦_/_⟧*⇀_
+
+data IdSTS {S} : S → ⊤ → ⊤ → S → Type where
+  Id-nop : IdSTS s _ _ s
+
+Invariant : (S → I → O → S → Type) → (S → Type) → Type
+Invariant _-⟦_/_⟧⇀_ P = ∀ {s i o s'} → s -⟦ i / o ⟧⇀ s' → P s → P s'
+
+Total : (S → I → O → S → Type) → Type
+Total _-⟦_/_⟧⇀_ = ∀ {s i} → ∃₂[ o , s' ] s -⟦ i / o ⟧⇀ s'
+
+STS⇒RTC : STS s i o s' → ReflexiveTransitiveClosure STS s (i ∷ []) (o ∷ []) s'
+STS⇒RTC sts = BS-ind sts BS-base
+
+RTC-preserves-inv : ∀ {P} → Invariant STS P → Invariant (ReflexiveTransitiveClosure STS) P
+RTC-preserves-inv inv (BS-base)      = id
+RTC-preserves-inv inv (BS-ind p₁ p₂) = RTC-preserves-inv inv p₂ ∘ inv p₁
+
+RTC-total : Total STS → Total (ReflexiveTransitiveClosure STS)
+RTC-total SS-total {s} {[]}     = ([] , s , BS-base)
+RTC-total SS-total {s} {i ∷ is} = case SS-total of λ where
+  (o , s' , H) → case RTC-total SS-total of λ where
+    (os , s'' , H') → (o ∷ os , s'' , BS-ind H H')