Skip to content

CIP-0154? | Orthogonal Certificates #1021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

CIP-0154? | Orthogonal Certificates #1021

Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
7555411
create orthogonal certificates CIP
yHSJ Apr 13, 2025
25835d6
including initial PR link
rphair Apr 14, 2025
d1148d6
fixing categorisation
rphair Apr 14, 2025
e4b3b0a
adding `cddl` code tag where appropriate
rphair Apr 14, 2025
1f2715c
adding `cddl` code tag where appropriate
rphair Apr 14, 2025
97d8c8d
add missing Implementation Plan to Path to Active
rphair Apr 14, 2025
0c2fd25
committing spell correction before deeper review
rphair Apr 14, 2025
a06940f
add CIP number 154
rphair Apr 18, 2025
e893db9
chore: provide hard data in rationale and other minor changes
yHSJ Apr 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
146 changes: 146 additions & 0 deletions CIP-XXXX/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,146 @@
---
CIP: ?
Title: Orthogonal Certificates
Status: Proposed
Category: Ledger
Authors:
- Joshua Marchand <[email protected]>
Implementors: N/A
Discussions:
- https://discord.gg/tsr7H6ApdT
- https://github.com/cardano-foundation/CIPs/pull/1021
Created: 2025-04-13
License: CC-BY-4.0
---

## Abstract

This CIP proposes a simplified design of stake managmenet certificate types focused on simplicity and usability.

The current Conway era ledger specification includes multiple certificate types each representing different combinations of stake registration, delegation, and vote delegation. This proposal simplifies this specification by defining a set of orthogonal certificate types that can be composed to achieve the same functionality, making the ledger more intuitive and easier to document, use, and maintain.

## Motivation: why is this CIP necessary?

The Conway era introduces multiple certificate types for various stake operations including combinations of:

- Registering a stake credential
- Delegating stake to a pool
- Delegating voting power to a DRep

This approach results in many complex and convoluted certificate types, increasing complexity for developers and users. The number of certificate types would also grow combinatorially with new features, making it only harder to document, extend, and understand the certificates.

By redesigning the certificate types with orthogonal certificates, we can:
- Make the system more intuitive for users and developers
- Simplify documentation by having self-describing, single-purpose certificates
- Make ledger implementations easier to maintain
- Avoid combinatorial growth of certificates with future features


## Specification

### Current Certificates CDDL
The Conway era has multiple certificate types for stake related operations:
```cddl
certificate = [stake_registration
// stake_deregistration
// stake_delegation
// pool_registration
// pool_retirement
// reg_cert
// unreg_cert
// vote_deleg_cert
// stake_vote_deleg_cert
// stake_reg_deleg_cert
// vote_reg_deleg_cert
// stake_vote_reg_deleg_cert
// auth_committee_hot_cert
// resign_committee_cold_cert
// reg_drep_cert
// unreg_drep_cert
// update_drep_cert]

stake_registration = (0, stake_credential)
stake_deregistration = (1, stake_credential)
Copy link
Contributor

@lehins lehins Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This two certificates are from the Shelley era and were already planned for removal. They were kept around in Conway for ease of transition and preventing breakage of tooling while this transition is under way.

stake_delegation = (2, stake_credential, pool_keyhash)
reg_cert = (7, stake_credential, coin)
unreg_cert = (8, stake_credential, coin)
stake_vote_deleg_cert = (10, stake_credential, pool_keyhash, drep)
stake_reg_deleg_cert = (11, stake_credential, pool_keyhash, coin)
stake_vote_reg_deleg_cert = (13, stake_credential, pool_keyhash, drep, coin)
...
```

### Proposed CDDL
While the current certificates may save a few bytes in the transaction when doing multiple actions in a single transaction, it greatly complicates certificates for both users and implementers.
Copy link
Member

@KtorZ KtorZ Apr 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For completeness, it would be worth highlighting how many bytes in the Rationale section, to show that the original motivation for introducing those numerous certificates was likely a bit misguided.

Copy link
Author

@yHSJ yHSJ Apr 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, added the worst case numbers.


Instead, we propose a much simpler certificate design with orthogonal certificates.
```cddl
certificate = pool_registration
/ pool_retirement
/ auth_committee_hot_cert
/ resign_committee_cold_cert
/ reg_drep_cert
/ unreg_drep_cert
/ update_drep_cert
/ stake_registration_cert
/ stake_deregistration_cert
/ stake_delegation_cert
/ vote_delegation_cert

; New orthogonal certificates
stake_registration_cert = (N, stake_credential, coin)
stake_deregistration_cert = (N+1, stake_credential, coin)
stake_delegation_cert = (N+2, stake_credential, pool_keyhash)
vote_delegation_cert = (N+3, stake_credential, drep)
Copy link
Member

@KtorZ KtorZ Apr 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For backward-compatibility reason, it would be necessary here to specify the new indices, and makes sure that they don't clash with the current ones. This way, one could virtually still deserialise a compound certificate into two orthogonal ones; and ensure that we don't needlessly break all transaction builders once again.

Copy link
Contributor

@lehins lehins Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to break existing specification. All you trying to do is remove some certificates, while leaving others unchanged.

Suggested change
stake_registration_cert = (N, stake_credential, coin)
stake_deregistration_cert = (N+1, stake_credential, coin)
stake_delegation_cert = (N+2, stake_credential, pool_keyhash)
vote_delegation_cert = (N+3, stake_credential, drep)
stake_registration_cert = (7, stake_credential, coin)
stake_deregistration_cert = (8, stake_credential, coin)
stake_delegation_cert = (2, stake_credential, pool_keyhash)
vote_delegation_cert = (9, stake_credential, drep)

Otherwise we would have to keep old certificates for one more era to avoid breakage, just to replace certificates with equivalent ones

Copy link
Author

@yHSJ yHSJ Apr 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I decided to go with this in the CIP. I left them intentionally ambiguous so that others could weigh in on whether we want to simply rename existing certs or introduce new ones (for consistency or whatever)

Copy link
Contributor

@lehins lehins Apr 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am weighing in. Renaming (changing the tag) will require old certificates to be retained for a whole new era. So, it makes no sense to introduce new identical replacement certificates. Please adjust the CIP to retaon the old tags.

Actual names of cddl bindings are irrelevant and can be discussed at a any point, since they do not require a HF.


; Others remain unchanged
```

### Semantics
The orthogonal certificates creates a clear seperation of concerns, where each certificate has a clear, single responsibility:

- `stake_registration_cert` - Registers a specified stake credential
- `stake_deregistration_cert` - Deregisters a specified stake credential
- `stake_delegation_cert` - delegates the stake controlled by a specified stake credential to a specified pool
- `vote_delegation_cert` - delegates the voting power of a specified stake credential to a specified DRep

### Handling Multiple Certificates
To perform multiple operations, such as registration and stake delegation, multiple certificates would be included in a single transaction. The ledger would process certificates in the order that they are provided. If a stake delegation occurs before the registration of the specified stake credential, that delegation is invalid.


### Example Usage
To achieve the functionality of the current certificates:


| Existing Certificate | Orthogonal Certificate Equivalent |
| -------- | -------- |
| `reg_cert` | `stake_registration_cert` |
| `unreg_cert` | `stake_deregistration_cert` |
| `stake_delegation` | `stake_delegation_cert` |
| `stake_vote_deleg_cert` | `stake_delegation_cert` + `vote_delegation_cert` |
| `stake_reg_deleg_cert` | `stake_registration_cert` + `stake_delegation_cert` |
| `stake_vote_reg_deleg_cert` | `stake_registration_cert` + `stake_delegation_cert` + `vote_delegation_cert` |


## Rationale: how does this CIP achieve its goals?

The orthogonal certificate provides **Conceptual Clarity** which has several benefits:
1. **Usage:** The transaction is the fundamental interface for Cardano. It should be as simple as possible for users.
2. **Documentation:** Each certificate is self-describing and encapsulates a single action, making documentation much easier to write.
3. **Implementation:** Implementing the ledger should be as simple as possible–without losing features or security–to reduce the risk of an incorrect implementation resulting in a fork.

While composite actions would require multiple certificates, multiple small certificates would only add a couple of bytes when compared to the composite certificates.

## Path to Active
Copy link
Contributor

@WhatisRT WhatisRT Apr 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that hardforking into this can't immediately remove the current certificates, they can only be deprecated since otherwise downstream tooling would immediately break. So it needs to be done in two steps, implementing the new CDDL & deprecating the old one, and then removing the old one later.

Copy link
Author

@yHSJ yHSJ Apr 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I asked a clarifying question about this in the Cardano scaling discord, but I'm not sure why this has become the process only for some changes.


### Acceptance Criteria

- [ ]Acceptance of the Ledger team, as well as alternative node implementation maintainers (Amaru, Dingo, and others)
Copy link
Member

@KtorZ KtorZ Apr 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will also require a hard-fork, and the CIP can only be active once the hard-fork has been enacted.


### Implementation Plan

N/A

## Copyright

This CIP is licensed under [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).