Color Legend

Default: Implemented

Green: Implemented, but not merged yet

Blue: Needs to be implemented

Yellow: To be removed

Overview

Architecture

Here is a high-level architecture of the pallet domain and other components (Subspace v2 Master - Domains)

Subspace v2 Master - Domains.png

Primitives

Domain: an enshrined rollup that performs settlement or execution for the consensus chain. Each domain uses a standard set of permissioned runtimes but may have a user-defined configuration.

Domain Operator: an account, that by staking SSC, operates a domain node and takes the responsibility of producing new bundles, validating transactions, and executing transactions within a specific domain. Operators also watch for fraud and challenge other potentially fraudulent operators.

Domain Subnet: a separate P2P gossip network for each domain (following which protocol?)

Domain Bundle: a collection of transactions for a domain that are ready for execution

Execution Receipt (ER): a commitment to the execution of a domain block, included in the bundle

Domain Block: a derived block that consists of transactions from one or more bundles, ordered by the consensus chain

Fraud Proof: proof that shows that a commitment to some block with an execution receipt is invalid

Canonical Schnorr verifiable random function (VRF)

vrf_sign(secret_key, transcript)vrf_signature

Runs VRF on a single input transcript, producing the vrf_output and corresponding short vrf_proof. The resulting vrf_signature is a set (output, proof)

vrf_verify(public_key, transcript, vrf_signature)bool

Splits vrf_signature into output and proof and verifies proof for an input transcript and the corresponding output.

We currently use Schnorrkel/Ristretto x25519 (also known as sr25519) as its key derivation and signing algorithm.

A canonical (deterministic) scheme is necessary for these cases to prevent attackers from repeatedly signing until they produce an election solution that meets the threshold (as part of a grinding attack).

Hash Function

Hashes provide succinct commitments to arbitrary data. keyed_hash(key, message) denotes a keyed hash.

hash(message) denotes hash, the default case when the key is empty.

The hash function used is BLAKE2b-256 unless otherwise specified. Substrate primitives (i.e., block hashing) use BLAKE2b-256.