Instruction Set

Defintions

Open

An open value is one that is assumed to publicly known.

Shared

A shared value is one that is assumed to be unknown to any Darknode, encrypted under a Shamir's secret sharing scheme.

Instructions

Add

The add instruction loads two field elements from source memory, adds them together, and then stores the result in destination memory.

Copy

The copy instruction copies a value from source memory to destination memory.

Inv

The inv instruction loads a field element from source memory, computes the inverse, and then stores the result in destination memory. This instruction is not safe to use for secret field elements.

Move

The move instruction stores a value directly in destination memory.

Mul

The mul instruction loads two field elements from source memory, multiplies them together, and then stores the result in destination memory. This instruction is not safe to use for two secret field elements.

Neg

The neg instruction loads a field element from source memory, computes the negation, and then stores it in destination memory.

Open

The open instruction loads a secret field element from source memory, broadcasts it to all Darknodes, waits until it has received 2/3rd+ broadcasts from other Darknodes, opens the respective field element and stores it in destination memory.

RGen

The rgen instruction loads pre-processing data from the executing block, locally computes a share of a random secret field element, and stores it in destination memory.

RGen2

The rgen2 instruction loads pre-processing data from the executing block, locally computes two shares of the same random secret field element, and stores them in destination memory. The two shares are from different schemes: the second scheme has double the threshold of the first scheme.

SECP256K1Gen

The secp256k1gen instruction loads pre-processing data from the executing block, locally computes a share of a SECP256K1P field element, and stores it in destination memory.

The secp256k1gen instruction can be made into a generic instruction that supports other elliptic curves.

SECP256K1P2N

The secp256k1p2n instruction loads a SECP256K1P field element from source memory, converts it to a SECP256K1P field element, and stores it in destination memory.

The secp256k1p2n instruction can be made into a generic instruction that supports other elliptic curves.

Sub

The sub instruction loads two field elements from source memory, subtracts one from the other, and then stores the result in destination memory.

Intrinsics

Inv

The inv intrinsic uses a combination of the inv, mul, and open instructions to safely compute the inverse of a secret field element. This intrinsic is not safe for open field elements.

Mul

The mul intrinsic uses a combination of the mul, open, and rgen2 instructions to safely compute the multiplication of two secret field elements. This intrinsic is not safe for one, or two, open field elements.

SignSECP256K1

The signSECP256K1 assumes the existence of secret SECP256K1 private key and computes an open signature of an open digest of bytes. This intrinsic is not safe for open SECP256K1 private keys.

The signSECP256K1 intrinsic can be made into a generic intrinsic that supports other elliptic curves.

BTC0Btc2Eth

The BTC0Btc2Eth accepts a BTC payment on the Bitcoin blockchain and mints the respective amount of BTC on the Ethereum blockchain.

BTC0Eth2Btc

The BTC0Eth2Btc accepts a BTC burn on the Ethereum blockchain and makes the respective payment of BTC on the Bitcoin blockchain.

ZEC0Zec2Eth

The ZEC0Zec2Eth accepts a ZEC payment on the ZCash blockchain and mints the respective amount of ZEC on the Ethereum blockchain.

ZEC0Eth2Zec

The ZEC0Eth2Zec accepts a ZEC burn on the Ethereum blockchain and makes the respective payment of ZEC on the ZCash blockchain.