Skip to content

Assumption

What is an assumption? Operationally speaking, the protocol characterizes assumptions as beliefs about logical impliciations (\(a \implies b\) for some \(a\) and some \(b\)); for example:

  • \(a\) could be that a particular trusted party has signed over a statement, and \(b\) could be that the statement is

  • \(a\) could be nothing, and \(b\) could be that the algebraic group model holds (this assumption is often relied upon by cryptographic proof systems)

  • \(a\) could be nothing, and \(b\) could be that \(c = c\) (the identity case)

In an ideal world, the protocol could characterize all of these assumptions exactly (e.g. as mathematical statements) - however, that will not be feasible in the short term (precisely expressing cryptographic assumptions will require a sophisticated specification language), so for now the protocol standardizes an extensible sum type that can evolve along with the Proof multiformat (to add new types of assumptions).

Note

The encoding here needs to allow for additions to the sum type without breaking backwards compatibility (which may be a property we often want in general).

Data structure

type Assumption :=
  | HashRandomOracle
  | FullyTrust ExternalIdentity