Skip to main content
Version: v2.0_alpha

StateLeaf

A state leaf represents a user's participation declared through an identity (their public key) and information relevant to their ability or right to cast votes in a poll (their voice credit balance and the block timestamp at which they signed up).

We define a state leaf slsl as the poseidon4poseidon_4 hash of the following:

SymbolNameComments
slPxsl_{P_x}Public key's x-coordinate
slPysl_{P_y}Public key's y-coordinate
slvsl_{v}Voice credit balance
sltsl_{t}Block timestampIn Unix time (seconds since Jan 1 1970 UTC)

The hash slsl is computed as such:

sl=poseidon4([slAx,slAy,slv,slt])sl = poseidon_4([sl_{A_x}, sl_{A_y}, sl_{v}, sl_{t}])

Blank state leaf

A blank state leaf slBsl_B has the following value:

67690069702050995205089487237184717246608671711222352707736005679250380087626769006970205099520508948723718471724660867171122235270773600567925038008762

This value is computed as such:

Abx=10457101036533406547632367118273992217979173478358440826365724437999023779287A_{b_x} = 10457101036533406547632367118273992217979173478358440826365724437999023779287 Aby=19824078218392094440610104313265183977899662750282163392862422243483260492317A_{b_y} = 19824078218392094440610104313265183977899662750282163392862422243483260492317 slB=poseidon4([Ab0,Ab1,0,0])sl_B = poseidon_4([A_{b0}, A_{b1}, 0, 0])

The code to derive AbxA_{b_x} and AbyA_{b_y} is here. The function call required is pedersenHash.getBasePoint('blake', 0)

  1. Hash the string PedersenGenerator_00000000000000000000000000000000_00000000000000000000000000000000 with blake256blake_{256}. In big-endian hexadecimal format, the hash should be 1b3ef77ef2cd620fd2358e69dd564f35556aad552fdd7f06b777bd3a1d697160.
  2. Set the 255th bit to 0. The result should be 1b3ef77ef2cd620fd2358e69dd564f35556aad552fdd7f06b777bd3a1d697120.
  3. Use the method to convert a buffer to a point on the BabyJub curve described in [2.3.2].
  4. Multiply the point by 8. The result is the point with x-value AbxA_{b_x} and y-value AbyA_{b_y}

Given the elliptic curve discrete logarithm problem, we assume that no one knows the private key sFps \in {F}_p and by using the public key generation procedure in [1.4], we can derive AbxA_{b_x} and AbyA_{b_y}. Furthermore, the string above (PedersenGenerator...) acts as a nothing-up-my-sleeve value.