The BLS12-381 MinSig proof-of-possession ciphersuite DST used by Leios, per CIP-164. Pass this as the ContextDSIGN to signDSIGN / verifyDSIGN.

Size of a Leios signature in the chosen signature scheme.

Get the bytes of a Leios signature.

A weight assigned to a committee voter, normalised so the total over a committee sums to 1. Threshold checks in verifyLeiosCert are against this same scale.

A committee member's seat index. The index is the voter's position in leiosCommitteeVoters and determines its bit in the LeiosCert leiosCertSigners bitfield (MSB-first within each byte, so voter i ↔ bit 7-(i mod 8) of byte i `div` 8).

Plain CBOR encoder for LeiosVoterId.

Plain CBOR decoder for LeiosVoterId.

A single seat in a LeiosCommittee: a voter's normalised weight paired with its BLS verification key.

The voting committee for a Leios epoch: an ordered vector of LeiosVoter seats.

Ixition determines the voter's LeiosVoterId and its bit in the certificate's bitfield, so callers must keep the order stable between construction and verification of any cert.

This package intentionally does not provide committee selection — sampling voters from the active stake distribution lives in consensus/ledger. However, callers are responsible for ensuring that every voter's BLS proof-of-possession has been verified before a LeiosCommittee value is built; verifyLeiosCert and aggregateLeiosCert both rely on this invariant to skip per-key PoP checks (they use uncheckedAggregateVerKeysDSIGN / aggregateSigsDSIGN under the hood). Passing in unchecked keys defeats the security of the aggregate signature.

Number of seats in the committee.

Resolve a LeiosVoterId to its LeiosVoter on the LeiosCommittee, or Nothing if the index is past the committee bound.

Find a voter's LeiosVoterId on the LeiosCommittee by its LeiosVerificationKey, or Nothing if the key is not on the committee.

If the committee carries duplicate verification keys, returns the smallest index matching vk (committee selection is expected to deduplicate, but this module does not enforce it).

Errors if the matching index does not fit in Word16. The wire format of LeiosCert indexes voters by a 16-bit field, so a committee with more than 2^16 seats is already malformed. NOTE: this partiality could later be avoided by introducing a smart constructor for LeiosCommittee (or for the committee-selection step in consensus) that rejects oversized committees up front.

A Leios certificate over an endorser block, as specified in CIP-164

Plain CBOR encoder for LeiosCert, matching the CDDL in LeiosCert.

Plain CBOR decoder for LeiosCert, matching the CDDL in LeiosCert. Accepts both definite-length and indefinite-length encodings of the outer 2-element array.

Build a LeiosCert from the sigs of committee members.

Caller obligations

All signatures must be over the same message. Individual LeiosSignature values are not verified here, and once aggregated they cannot be told apart. Feeding signatures cast over different messages produces a LeiosCert that will silently fail verifyLeiosCert with no indication of which contribution was wrong.

What this function does

• Range-checks each LeiosVoterId against the committee.
• Encodes the bitfield over the committee and aggregates the input signatures.

This is the only way to construct a LeiosCert from outside the package; the bitfield layout is an internal wire-format detail.

Verify a LeiosCert against a LeiosCommittee, a weight threshold, and the message the signers were supposed to have signed.

Caller obligations

Every voter in the LeiosCommittee must have had its BLS proof-of-possession verified beforehand (when the committee was selected). verifyLeiosCert uses uncheckedAggregateVerKeysDSIGN and does not re-check PoPs; passing in an unchecked committee breaks the security of the aggregate signature.

What this function does

1. Decodes the leiosCertSigners bitfield to the list of contributing voter indices, rejecting too small or big bitfield with MalformedSigners.

2. Sums those voters' weights from the committee; short-circuits with InsufficientWeight if the sum is below the threshold.
3. Aggregates the contributing verification keys and verifies the certificate's leiosCertSignature against the aggregate key over msg.

The leiosCertSigners bitfield of a LeiosCert: a ⌈leiosCommitteeSize/8⌉-byte MSB-first packed-bits representation of which committee voters contributed to the aggregate signature.

A 'newtype' wrapper around ByteArray so type signatures throughout the aggregate / verify path say what they're working on, and so the on-wire form cannot be accidentally confused with arbitrary bytes.

Encode a BitField to CBOR bytes.

Decode a BitField from CBOR bytes.