Skip to content

Certificates

{-# OPTIONS --safe #-}

open import Ledger.Prelude renaming (filterˢ to filter)
open import Ledger.Conway.Specification.Gov.Base
open import Ledger.Prelude.Numeric.UnitInterval

module Ledger.Conway.Specification.Certs (gs : _) (open GovStructure gs) where

open import Ledger.Conway.Specification.Gov.Actions gs hiding (yes; no)
open RwdAddr
open PParams

Stake Pool Parameter Definitions

record StakePoolParams : Type where
  field
    owners          :  KeyHash
    cost            : Coin
    margin          : UnitInterval
    pledge          : Coin
    rewardAccount   : Credential

Deposit Types

data DepositPurpose : Type where
  CredentialDeposit  : Credential    DepositPurpose
  PoolDeposit        : KeyHash       DepositPurpose
  DRepDeposit        : Credential    DepositPurpose
  GovActionDeposit   : GovActionID   DepositPurpose

Deposits : Type
Deposits = DepositPurpose  Coin

record HasDeposits {a} (A : Type a) : Type a where
  field DepositsOf : A  Deposits
open HasDeposits ⦃...⦄ public

instance
  unquoteDecl DecEq-DepositPurpose = derive-DecEq
    ((quote DepositPurpose , DecEq-DepositPurpose)  [])

Miscellaneous Type Aliases

CCHotKeys : Type
CCHotKeys = Credential  Maybe Credential

DReps : Type
DReps = Credential  Epoch

PoolEnv : Type
PoolEnv = PParams

Pools : Type
Pools = KeyHash  StakePoolParams

Retiring : Type
Retiring = KeyHash  Epoch

Rewards : Type
Rewards = Credential  Coin

Stake : Type
Stake = Credential  Coin

StakeDelegs : Type
StakeDelegs = Credential  KeyHash

record HasCCHotKeys {a} (A : Type a) : Type a where
  field CCHotKeysOf : A  CCHotKeys

record HasDReps {a} (A : Type a) : Type a where
  field DRepsOf : A  DReps

record HasPools {a} (A : Type a) : Type a where
  field PoolsOf : A  Pools

record HasRetiring {a} (A : Type a) : Type a where
  field RetiringOf : A  Retiring

record HasRewards {a} (A : Type a) : Type a where
  field RewardsOf : A  Rewards

record HasStake {a} (A : Type a) : Type a where
  field StakeOf : A -> Stake

record HasStakeDelegs {a} (A : Type a) : Type a where
  field StakeDelegsOf : A -> StakeDelegs

open HasCCHotKeys ⦃...⦄ public
open HasDReps ⦃...⦄ public
open HasPools ⦃...⦄ public
open HasRetiring ⦃...⦄ public
open HasRewards ⦃...⦄ public
open HasStake ⦃...⦄ public
open HasStakeDelegs ⦃...⦄ public

Delegation Definitions

data DCert : Type where
  delegate    : Credential  Maybe VDeleg  Maybe KeyHash  Coin  DCert
  dereg       : Credential  Maybe Coin  DCert
  regpool     : KeyHash  StakePoolParams  DCert
  retirepool  : KeyHash  Epoch  DCert
  regdrep     : Credential  Coin  Anchor  DCert
  deregdrep   : Credential  Coin  DCert
  ccreghot    : Credential  Maybe Credential  DCert

  -- The `reg` cert is deprecated in Conway, but it's still present in this era
  -- for backwards compatibility. This has been added to the spec to make
  -- conformance testing work properly. We don't talk about this certificate
  -- in the docs because it has been deprecated and we want to discourage people
  -- from using it.
  reg         : Credential  Coin  DCert

cwitness : DCert  Maybe Credential
cwitness (delegate c _ _ _)  = just c
cwitness (dereg c _)         = just c
cwitness (regpool kh _)      = just $ KeyHashObj kh
cwitness (retirepool kh _)   = just $ KeyHashObj kh
cwitness (regdrep c _ _)     = just c
cwitness (deregdrep c _)     = just c
cwitness (ccreghot c _)      = just c

-- The implementation requires the `reg` cert to be witnessed only if the
-- deposit is set. There didn't use to be a field for the deposit, but that was
-- added in the Conway era to make it easier to determine, just by looking at
-- the transaction, how much deposit was paid for that certificate.
cwitness (reg _ zero)        = nothing
cwitness (reg c (suc _))     = just c

Certification Types

record CertEnv : Type where
  field
    epoch     : Epoch
    pp        : PParams
    votes     : List GovVote
    wdrls     : Withdrawals
    coldCreds :  Credential

record DState : Type where

  constructor ⟦_,_,_⟧ᵈ

  field
    voteDelegs   : VoteDelegs
    stakeDelegs  : StakeDelegs
    rewards      : Rewards

record PState : Type where
  field
    pools     : Pools
    fPools    : Pools
    retiring  : KeyHash  Epoch

record GState : Type where

  constructor ⟦_,_⟧ᵛ

  field
    dreps      : DReps
    ccHotKeys  : Credential  Maybe Credential

record CertState : Type where

  constructor ⟦_,_,_⟧ᶜˢ

  field
    dState : DState
    pState : PState
    gState : GState

record DelegEnv : Type where
  field
    pparams       : PParams
    pools         : Pools
    delegatees    :  Credential

record HasDState {a} (A : Type a) : Type a where
  field DStateOf : A  DState
open HasDState ⦃...⦄ public

record HasPState {a} (A : Type a) : Type a where
  field PStateOf : A  PState
open HasPState ⦃...⦄ public

record HasGState {a} (A : Type a) : Type a where
  field GStateOf : A  GState
open HasGState ⦃...⦄ public

record HasCertState {a} (A : Type a) : Type a where
  field CertStateOf : A  CertState
open HasCertState ⦃...⦄ public

instance
  HasPParams-CertEnv : HasPParams CertEnv
  HasPParams-CertEnv .PParamsOf = CertEnv.pp

  HasWithdrawals-CertEnv : HasWithdrawals CertEnv
  HasWithdrawals-CertEnv .WithdrawalsOf = CertEnv.wdrls

  HasVoteDelegs-DState : HasVoteDelegs DState
  HasVoteDelegs-DState .VoteDelegsOf = DState.voteDelegs

  HasStakeDelegs-DState : HasStakeDelegs DState
  HasStakeDelegs-DState .StakeDelegsOf = DState.stakeDelegs

  HasRewards-DState : HasRewards DState
  HasRewards-DState .RewardsOf = DState.rewards

  HasPools-PState : HasPools PState
  HasPools-PState .PoolsOf = PState.pools

  HasRetiring-PState : HasRetiring PState
  HasRetiring-PState .RetiringOf = PState.retiring

  HasDReps-GState : HasDReps GState
  HasDReps-GState .DRepsOf = GState.dreps

  HasCCHotKeys-GState : HasCCHotKeys GState
  HasCCHotKeys-GState .CCHotKeysOf = GState.ccHotKeys

  HasDState-CertState : HasDState CertState
  HasDState-CertState .DStateOf = CertState.dState

  HasPState-CertState : HasPState CertState
  HasPState-CertState .PStateOf = CertState.pState

  HasGState-CertState : HasGState CertState
  HasGState-CertState .GStateOf = CertState.gState

  HasRewards-CertState : HasRewards CertState
  HasRewards-CertState .RewardsOf = RewardsOf  DStateOf

  HasDReps-CertState : HasDReps CertState
  HasDReps-CertState .DRepsOf = DRepsOf  GStateOf

  HasCCHotKeys-CertState : HasCCHotKeys CertState
  HasCCHotKeys-CertState .CCHotKeysOf = CCHotKeysOf  GStateOf

  HasPools-CertState : HasPools CertState
  HasPools-CertState .PoolsOf = PoolsOf  PStateOf

  HasVoteDelegs-CertState : HasVoteDelegs CertState
  HasVoteDelegs-CertState .VoteDelegsOf = VoteDelegsOf  DStateOf

  HasStakeDelegs-CertState : HasStakeDelegs CertState
  HasStakeDelegs-CertState .StakeDelegsOf = StakeDelegsOf  DStateOf

rewardsBalance : DState  Coin
rewardsBalance ds = ∑[ x  RewardsOf ds ] x

instance
  HasCoin-CertState : HasCoin CertState
  HasCoin-CertState .getCoin = rewardsBalance  DStateOf

  unquoteDecl HasCast-CertEnv HasCast-DState HasCast-PState HasCast-GState HasCast-CertState HasCast-DelegEnv = derive-HasCast
    (   (quote CertEnv , HasCast-CertEnv)
       (quote DState , HasCast-DState)
       (quote PState , HasCast-PState)
       (quote GState , HasCast-GState)
       (quote CertState , HasCast-CertState)
     [ (quote DelegEnv , HasCast-DelegEnv) ])

private variable
  rwds rewards           : Rewards
  dReps                  : DReps
  sDelegs stakeDelegs    : StakeDelegs
  ccKeys ccHotKeys       : CCHotKeys
  vDelegs voteDelegs     : VoteDelegs
  pools fPools           : Pools
  retiring               : Retiring
  wdrls                  : Withdrawals

  an          : Anchor
  Γ           : CertEnv
  d           : Coin
  md          : Maybe Coin
  c           : Credential
  mc          : Maybe Credential
  delegatees  :  Credential
  dCert       : DCert
  e           : Epoch
  vs          : List GovVote
  kh          : KeyHash
  mkh         : Maybe KeyHash
  poolParams  : StakePoolParams
  pp          : PParams
  mvd         : Maybe VDeleg

  stᵈ stᵈ' : DState
  stᵍ stᵍ' : GState
  stᵖ stᵖ' : PState
  cc :  Credential

Changes Introduced in the Conway Era

Delegation

Registered credentials can now delegate to a DRep as well as to a stake pool. This is achieved by giving the delegate certificate two optional fields, corresponding to a DRep and stake pool.

Stake can be delegated for voting and block production simultaneously, since these are two separate features. In fact, preventing this could weaken the security of the chain, since security relies on high participation of honest stake holders.

Removal of Pointer Addresses, Genesis Delegations and MIR Certificates

Support for pointer addresses, genesis delegations and MIR certificates is removed (see CIP-1694 and CKB+23). In DState, this means that the four fields relating to those features are no longer present, and DelegEnv contains none of the fields it used to in the Shelley era (see CVG19, ).

Note that pointer addresses are still usable, only their staking functionality has been retired. So all funds locked behind pointer addresses are still accessible, they just don’t count towards the stake distribution anymore. Genesis delegations and MIR certificates have been superceded by the new governance mechanisms, in particular the TreasuryWithdrawal governance action in case of the MIR certificates.

Explicit Deposits

Registration and deregistration of staking credentials are now required to explicitly state the deposit that is being paid or refunded. This deposit is used for checking correctness of transactions with certificates. Including the deposit aligns better with other design decisions such as having explicit transaction fees and helps make this information visible to light clients and hardware wallets.

While not shown in the figures, the old certificates without explicit deposits will still be supported for some time for backwards compatibility.

Governance Certificate Rules

The rules for transition systems dealing with individual certificates are defined in Sections Auxiliary DELEG Transition System, Auxiliary POOL transition system, and Auxiliary GOVCERT transition system.

GOVCERT deals with the new certificates relating to DReps and the constitutional committee.

  • GOVCERT-regdrep registers (or re-registers) a DRep. In case of registration, a deposit needs to be paid. Either way, the activity period of the DRep is reset.

  • GOVCERT-deregdrep deregisters a DRep.

  • GOVCERT-ccreghot registers a "hot" credential for constitutional committee members.1 We check that the cold key did not previously resign from the committee. We allow this delegation for any cold credential that is either part of EnactState or a proposal. This allows a newly elected member of the constitutional committee to immediately delegate their vote to a hot key and use it to vote. Since votes are counted after previous actions have been enacted, this allows constitutional committee members to act without a delay of one epoch.

Auxiliary DELEG transition system

data _⊢_⇀⦇_,DELEG⦈_ : DelegEnv  DState  DCert  DState  Type where

  DELEG-delegate :
     (c  dom rwds  d  pp .keyDeposit)
     (c  dom rwds  d  0)
     mvd  mapˢ (just  vDelegCredential) delegatees 
            fromList ( nothing  just vDelegAbstain  just vDelegNoConfidence  [] )
     mkh  mapˢ just (dom pools)   nothing 
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{12742}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{12747}{\htmlClass{Generalizable}{\text{pools}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8379}{\htmlId{12755}{\htmlClass{Generalizable}{\text{delegatees}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{12772}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{12782}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{12792}{\htmlClass{Generalizable}{\text{rwds}}}}\, \end{pmatrix}$ ⇀⦇ delegate c mvd mkh d ,DELEG⦈ $\begin{pmatrix} \,\href{Axiom.Set.Map.html#9260}{\htmlId{12833}{\htmlClass{Function}{\text{insertIfJust}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{12846}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8591}{\htmlId{12848}{\htmlClass{Generalizable}{\text{mvd}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{12852}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \\ \,\href{Axiom.Set.Map.html#9260}{\htmlId{12862}{\htmlClass{Function}{\text{insertIfJust}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{12875}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8505}{\htmlId{12877}{\htmlClass{Generalizable}{\text{mkh}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{12881}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{12891}{\htmlClass{Generalizable}{\text{rwds}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{12896}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{12899}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{12901}{\htmlClass{Generalizable}{\text{c}}}}\, , \,\htmlId{12905}{\htmlClass{Number}{\text{0}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{12907}{\htmlClass{Field Operator}{\text{❵}}}}\, \end{pmatrix}$

  DELEG-dereg :
     (c , 0)  rwds
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{12996}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{13001}{\htmlClass{Generalizable}{\text{pools}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8379}{\htmlId{13009}{\htmlClass{Generalizable}{\text{delegatees}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{13026}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{13036}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{13046}{\htmlClass{Generalizable}{\text{rwds}}}}\, \end{pmatrix}$ ⇀⦇ dereg c md ,DELEG⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{13077}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13085}{\htmlClass{Function Operator}{\text{∣}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13087}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{13089}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13091}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13093}{\htmlClass{Function Operator}{\text{ᶜ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{13097}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13105}{\htmlClass{Function Operator}{\text{∣}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13107}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{13109}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13111}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13113}{\htmlClass{Function Operator}{\text{ᶜ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{13117}{\htmlClass{Generalizable}{\text{rwds}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13122}{\htmlClass{Function Operator}{\text{∣}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13124}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{13126}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13128}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{13130}{\htmlClass{Function Operator}{\text{ᶜ}}}}\, \end{pmatrix}$

  DELEG-reg :
     c  dom rwds
     d  pp .keyDeposit  d  0
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{13248}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{13253}{\htmlClass{Generalizable}{\text{pools}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8379}{\htmlId{13261}{\htmlClass{Generalizable}{\text{delegatees}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{13278}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{13288}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{13298}{\htmlClass{Generalizable}{\text{rwds}}}}\, \end{pmatrix}$ ⇀⦇ reg c d ,DELEG⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8077}{\htmlId{13326}{\htmlClass{Generalizable}{\text{vDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8001}{\htmlId{13336}{\htmlClass{Generalizable}{\text{sDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7933}{\htmlId{13346}{\htmlClass{Generalizable}{\text{rwds}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{13351}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13354}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{13356}{\htmlClass{Generalizable}{\text{c}}}}\, , \,\htmlId{13360}{\htmlClass{Number}{\text{0}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{13362}{\htmlClass{Field Operator}{\text{❵}}}}\, \end{pmatrix}$

Auxiliary POOL transition system

Differences with the Shelley Specification

We are deviating in style from the Shelley specification here. In the Shelley specification (Figure 25), the POOL transition system has three rules. Here we use a single rule to register and to reregister pools, which is the way in which the Haskell implementation does it as well.

Note, in particular, how the regpool rule only sets the pool parameters of the current epoch only if the pool is not already registered. And conversely, the future pool parameters are updated only if the pool is already registered.

isPoolRegistered : Pools -> KeyHash -> Maybe StakePoolParams
isPoolRegistered ps kh = lookupᵐ? ps kh

data _⊢_⇀⦇_,POOL⦈_ : PoolEnv  PState  DCert  PState  Type where

  POOL-regpool :
    let
      fPool' =
        if isPoolRegistered pools kh
          then  kh , poolParams  ∪ˡ fPools
          else fPools
     in
    ────────────────────────────────
    pp  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{14409}{\htmlClass{Generalizable}{\text{pools}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8121}{\htmlId{14426}{\htmlClass{Generalizable}{\text{fPools}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8148}{\htmlId{14444}{\htmlClass{Generalizable}{\text{retiring}}}}\,
         \end{pmatrix}$ ⇀⦇ regpool kh poolParams ,POOL⦈ $\begin{pmatrix}
           \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{14509}{\htmlClass{Generalizable}{\text{pools}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{14515}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{14518}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8481}{\htmlId{14520}{\htmlClass{Generalizable}{\text{kh}}}}\, , \,\href{Ledger.Conway.Specification.Certs.html#8535}{\htmlId{14525}{\htmlClass{Generalizable}{\text{poolParams}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{14536}{\htmlClass{Field Operator}{\text{❵}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#14240}{\htmlId{14549}{\htmlClass{Bound}{\text{fPool'}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8148}{\htmlId{14567}{\htmlClass{Generalizable}{\text{retiring}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{14576}{\htmlClass{Function Operator}{\text{∣}}}}\,  \,\href{Class.HasSingleton.html#288}{\htmlId{14579}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8481}{\htmlId{14581}{\htmlClass{Generalizable}{\text{kh}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{14584}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{14586}{\htmlClass{Function Operator}{\text{ᶜ}}}}\,
         \end{pmatrix}$

  POOL-retirepool :
    ────────────────────────────────
    pp  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{14668}{\htmlClass{Generalizable}{\text{pools}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8121}{\htmlId{14685}{\htmlClass{Generalizable}{\text{fPools}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8148}{\htmlId{14703}{\htmlClass{Generalizable}{\text{retiring}}}}\,
         \end{pmatrix}$ ⇀⦇ retirepool kh e ,POOL⦈ $\begin{pmatrix}
           \,\href{Ledger.Conway.Specification.Certs.html#8115}{\htmlId{14762}{\htmlClass{Generalizable}{\text{pools}}}}\,
         \\ \,\href{Ledger.Conway.Specification.Certs.html#8121}{\htmlId{14779}{\htmlClass{Generalizable}{\text{fPools}}}}\,
         \\ \,\href{Class.HasSingleton.html#288}{\htmlId{14797}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8481}{\htmlId{14799}{\htmlClass{Generalizable}{\text{kh}}}}\, , \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{14804}{\htmlClass{Generalizable}{\text{e}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{14806}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{14808}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8148}{\htmlId{14811}{\htmlClass{Generalizable}{\text{retiring}}}}\,
         \end{pmatrix}$

Auxiliary GOVCERT transition system

data _⊢_⇀⦇_,GOVCERT⦈_ : CertEnv  GState  DCert  GState  Type where

  GOVCERT-regdrep :
     (d  pp .drepDeposit × c  dom dReps)  (d  0 × c  dom dReps)
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{15095}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{15099}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{15104}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{15109}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{15117}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15126}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15134}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$ ⇀⦇ regdrep c d an ,GOVCERT⦈ $\begin{pmatrix} \,\href{Class.HasSingleton.html#288}{\htmlId{15173}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{15175}{\htmlClass{Generalizable}{\text{c}}}}\, , \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{15179}{\htmlClass{Generalizable}{\text{e}}}}\, \,\href{Class.HasAdd.Core.html#162}{\htmlId{15181}{\htmlClass{Field Operator}{\text{+}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{15183}{\htmlClass{Generalizable}{\text{pp}}}}\, \,\htmlId{15186}{\htmlClass{Symbol}{\text{.}}}\,\,\href{Ledger.Conway.Specification.PParams.html#4875}{\htmlId{15187}{\htmlClass{Field}{\text{drepActivity}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{15200}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{15202}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15205}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15213}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$

  GOVCERT-deregdrep :
     c  dom dReps
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{15312}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{15316}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{15321}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{15326}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{15334}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15343}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15351}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$ ⇀⦇ deregdrep c d ,GOVCERT⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15389}{\htmlClass{Generalizable}{\text{dReps}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{15395}{\htmlClass{Function Operator}{\text{∣}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{15397}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{15399}{\htmlClass{Generalizable}{\text{c}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{15401}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#12840}{\htmlId{15403}{\htmlClass{Function Operator}{\text{ᶜ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15407}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$

  GOVCERT-ccreghot :
     (c , nothing)  ccKeys
     c  cc
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{15527}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{15531}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{15536}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{15541}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{15549}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15558}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15566}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$ ⇀⦇ ccreghot c mc ,GOVCERT⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{15604}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Class.HasSingleton.html#288}{\htmlId{15612}{\htmlClass{Field Operator}{\text{❴}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8319}{\htmlId{15614}{\htmlClass{Generalizable}{\text{c}}}}\, , \,\href{Ledger.Conway.Specification.Certs.html#8346}{\htmlId{15618}{\htmlClass{Generalizable}{\text{mc}}}}\, \,\href{Class.HasSingleton.html#288}{\htmlId{15621}{\htmlClass{Field Operator}{\text{❵}}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{15623}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8040}{\htmlId{15626}{\htmlClass{Generalizable}{\text{ccKeys}}}}\, \end{pmatrix}$

The CERTS Transition System

This section culminates in the definition of the CERTS transition system by bundling previously defined pieces together into a CERT transition rule which CERTS runs on a sequence of signals, keeping track of the certification state as it progresses.

The CERT Transition System

data _⊢_⇀⦇_,CERT⦈_  : CertEnv  CertState  DCert  CertState  Type where

  CERT-deleg :
     $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{16216}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#4542}{\htmlId{16221}{\htmlClass{Field}{\text{PState.pools}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16234}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Class.IsSet.html#916}{\htmlId{16240}{\htmlClass{Function}{\text{dom}}}}\, \,\htmlId{16244}{\htmlClass{Symbol}{\text{(}}}\,\,\href{Ledger.Conway.Specification.Certs.html#4710}{\htmlId{16245}{\htmlClass{Field}{\text{GState.dreps}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16258}{\htmlClass{Generalizable}{\text{stᵍ}}}}\,\,\htmlId{16261}{\htmlClass{Symbol}{\text{)}}}\, \end{pmatrix}$  stᵈ ⇀⦇ dCert ,DELEG⦈ stᵈ'
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{16340}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{16344}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{16349}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{16354}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{16362}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8621}{\htmlId{16371}{\htmlClass{Generalizable}{\text{stᵈ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16377}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16383}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$ ⇀⦇ dCert ,CERT⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8625}{\htmlId{16407}{\htmlClass{Generalizable}{\text{stᵈ'}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16414}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16420}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$

  CERT-pool :
     pp  stᵖ ⇀⦇ dCert ,POOL⦈ stᵖ'
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{16524}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{16528}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{16533}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{16538}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{16546}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8621}{\htmlId{16555}{\htmlClass{Generalizable}{\text{stᵈ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16561}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16567}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$ ⇀⦇ dCert ,CERT⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8621}{\htmlId{16591}{\htmlClass{Generalizable}{\text{stᵈ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8665}{\htmlId{16597}{\htmlClass{Generalizable}{\text{stᵖ'}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16604}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$

  CERT-vdel :
     Γ  stᵍ ⇀⦇ dCert ,GOVCERT⦈ stᵍ'
      ────────────────────────────────
      Γ  $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8621}{\htmlId{16714}{\htmlClass{Generalizable}{\text{stᵈ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16720}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{16726}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$ ⇀⦇ dCert ,CERT⦈ $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8621}{\htmlId{16750}{\htmlClass{Generalizable}{\text{stᵈ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{16756}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8645}{\htmlId{16762}{\htmlClass{Generalizable}{\text{stᵍ'}}}}\, \end{pmatrix}$

The PRE-CERT Transition Rule

Here we define the PRE-CERT transition rule. This rule is applied at the start of the CERTS transition rule and handles the following important housekeeping tasks:

  • check the correctness of withdrawals and ensure that withdrawals only happen from credentials that have delegated their voting power;

  • set the activity timer of all DReps that voted to drepActivity epochs in the future;

  • set the rewards of the credentials that withdrew funds to zero.

Regarding the second item, if there is a new governance proposal to vote on in this transaction, then expiry for all DReps will be increased by the number of dormant epochs. However, the PRE-CERT transition occurs in LEDGER before the GOV rule, so it cannot validate any governance proposal. This is not a problem since the entire transaction will fail if the proposal is not accepted in the GOV rule.

open GovVote using (voter)

data _⊢_⇀⦇_,PRE-CERT⦈_ : CertEnv  CertState    CertState  Type where

  CERT-pre :
    let refresh         = mapPartial (isGovVoterDRep  voter) (fromList vs)
        refreshedDReps  = mapValueRestricted (const (e + pp .drepActivity)) dReps refresh
        wdrlCreds       = mapˢ stake (dom wdrls)
    in
     filter isKeyHash wdrlCreds  dom voteDelegs
     mapˢ (map₁ stake) (wdrls ˢ)  rewards ˢ
      ────────────────────────────────
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{18400}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{18404}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{18409}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{18414}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{18422}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8085}{\htmlId{18433}{\htmlClass{Generalizable}{\text{voteDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8009}{\htmlId{18446}{\htmlClass{Generalizable}{\text{stakeDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7938}{\htmlId{18460}{\htmlClass{Generalizable}{\text{rewards}}}}\, \end{pmatrix} \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{18472}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#7968}{\htmlId{18480}{\htmlClass{Generalizable}{\text{dReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8047}{\htmlId{18488}{\htmlClass{Generalizable}{\text{ccHotKeys}}}}\, \end{pmatrix} \end{pmatrix}$ ⇀⦇ _ ,PRE-CERT⦈ $\begin{pmatrix} \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8085}{\htmlId{18522}{\htmlClass{Generalizable}{\text{voteDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8009}{\htmlId{18535}{\htmlClass{Generalizable}{\text{stakeDelegs}}}}\, \\ \,\href{Axiom.Set.Map.html#11222}{\htmlId{18549}{\htmlClass{Function}{\text{constMap}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#18209}{\htmlId{18558}{\htmlClass{Bound}{\text{wdrlCreds}}}}\, \,\htmlId{18568}{\htmlClass{Number}{\text{0}}}\, \,\href{Axiom.Set.Map.html#7638}{\htmlId{18570}{\htmlClass{Function Operator}{\text{∪ˡ}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#7938}{\htmlId{18573}{\htmlClass{Generalizable}{\text{rewards}}}}\, \end{pmatrix} \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{18585}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#18119}{\htmlId{18593}{\htmlClass{Bound}{\text{refreshedDReps}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8047}{\htmlId{18610}{\htmlClass{Generalizable}{\text{ccHotKeys}}}}\, \end{pmatrix} \end{pmatrix}$

The POST-CERT Transition Rule

The POST-CERT transition rule is applied at the end of the CERTS rule and it ensures that only valid registered DReps are included in the final CertState.

data _⊢_⇀⦇_,POST-CERT⦈_ : CertEnv  CertState    CertState  Type where

  CERT-post :
    let activeVDelegs = mapˢ vDelegCredential (dom (DRepsOf stᵍ))
                          fromList (vDelegNoConfidence  vDelegAbstain  [])
    in
      $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8430}{\htmlId{19189}{\htmlClass{Generalizable}{\text{e}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8567}{\htmlId{19193}{\htmlClass{Generalizable}{\text{pp}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8452}{\htmlId{19198}{\htmlClass{Generalizable}{\text{vs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8184}{\htmlId{19203}{\htmlClass{Generalizable}{\text{wdrls}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8681}{\htmlId{19211}{\htmlClass{Generalizable}{\text{cc}}}}\, \end{pmatrix}$  $\begin{pmatrix} \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8085}{\htmlId{19222}{\htmlClass{Generalizable}{\text{voteDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8009}{\htmlId{19235}{\htmlClass{Generalizable}{\text{stakeDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7938}{\htmlId{19249}{\htmlClass{Generalizable}{\text{rewards}}}}\, \end{pmatrix} \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{19261}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{19267}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$ ⇀⦇ _ ,POST-CERT⦈ $\begin{pmatrix} \begin{pmatrix} \,\href{Ledger.Conway.Specification.Certs.html#8085}{\htmlId{19294}{\htmlClass{Generalizable}{\text{voteDelegs}}}}\, \,\href{Axiom.Set.Map.html#17009}{\htmlId{19305}{\htmlClass{Function Operator}{\text{∣\^{}}}}}\, \,\href{Ledger.Conway.Specification.Certs.html#19038}{\htmlId{19308}{\htmlClass{Bound}{\text{activeVDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8009}{\htmlId{19324}{\htmlClass{Generalizable}{\text{stakeDelegs}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#7938}{\htmlId{19338}{\htmlClass{Generalizable}{\text{rewards}}}}\, \end{pmatrix} \\ \,\href{Ledger.Conway.Specification.Certs.html#8661}{\htmlId{19350}{\htmlClass{Generalizable}{\text{stᵖ}}}}\, \\ \,\href{Ledger.Conway.Specification.Certs.html#8641}{\htmlId{19356}{\htmlClass{Generalizable}{\text{stᵍ}}}}\, \end{pmatrix}$

_⊢_⇀⦇_,CERTS⦈_  : CertEnv  CertState   List DCert   CertState   Type
_⊢_⇀⦇_,CERTS⦈_ = RunTraceAfterAndThen _⊢_⇀⦇_,PRE-CERT⦈_ _⊢_⇀⦇_,CERT⦈_ _⊢_⇀⦇_,POST-CERT⦈_

References

[CKB+23] Jared Corduan and Andre Knispel and Matthias Benkort and Kevin Hammond and Charles Hoskinson and Samuel Leathers. A First Step Towards On-Chain Decentralized Governance. 2023.

[CVG19] Jared Corduan and Polina Vinogradova and Matthias Güdemann. A Formal Specification of the Cardano Ledger. 2019.

  1. By "hot" and "cold" credentials we mean the following: a cold credential is used to register a hot credential, and then the hot credential is used for voting. The idea is that the access to the cold credential is kept in a secure location, while the hot credential is more conveniently accessed. If the hot credential is compromised, it can be changed using the cold credential.