Skip to content

docs(js-verifier): add ADR 0001 and high-level architecture for JS bl…#1

Draft
piotrswierzy wants to merge 1 commit intofeat/js-tss-verifier-spikefrom
feat/js-tss-verifier-lib
Draft

docs(js-verifier): add ADR 0001 and high-level architecture for JS bl…#1
piotrswierzy wants to merge 1 commit intofeat/js-tss-verifier-spikefrom
feat/js-tss-verifier-lib

Conversation

@piotrswierzy
Copy link
Copy Markdown

@piotrswierzy piotrswierzy commented Apr 14, 2026
edited
Loading

Summary

Proposes productizing the JS/TS TSS verification spike as a pure-JS library, @hiero-ledger/block-verifier, that lets browsers and Node runtimes verify HIP-1056 blocks end-to-end.

Adds two design documents on top of the spike:

  • ADR 0001 — P0 design decisions (single package + subpath exports, shallow parsing as an architectural invariant, pluggable crypto backend, pure JS, target 1.0 with full P0).
  • Architecture doc — layered module map (codec / hasher / tss / crypto / proofs), CryptoBackend injection contract, public API surface, and P1 (inclusion proofs) design. P2 (smart-contract verification) is deferred to a follow-up ADR.

No code changes — docs only on top of the spike.

Context

Issue hiero-ledger#2323 asks for a JS/TS alternative to the Java-native verifier so the web3 community can verify blocks without a Rust/JNI dependency. The spike (PR hiero-ledger#2411) proved all three proof paths — Schnorr, WRAPS (Groth16+KZG on BN254), hinTS (BLS12-381, 10/10 checks) — are tractable in pure JS with @noble/curves. With no known blockers remaining, the next step is turning the spike into a versioned, production-quality library.

Key decisions (see ADR 0001 for rationale)

  • Single package @hiero-ledger/block-verifier with subpath exports (/codec, /hasher, /crypto) — one-install DX, tree-shakeable for bundle-conscious browser users.
  • Shallow parsing preserved — scan BlockUnparsed wire bytes, keep BlockItemUnparsed bytes as-is for hashing, deep-decode only control-plane messages. Matches Java block-node; decode-and-reencode was proven to break Merkle roots in the spike.
  • Pluggable crypto backend — verifier code depends on a CryptoBackend interface, never directly on a curve lib. Default noble-based impl bundled; WASM/native backends can drop in without a major bump.
  • Pure JS, no native deps — runs in browsers, Node ≥20, Workers, RN.
  • Target 1.0 with full P0 — hinTS no longer blocked, so no reason to ship 0.x.
  • Spike findings section in the ADR — documents ArkWorks/serialization quirks that must be preserved (G1/G2 flags, BLS12-381 Fr TWO_ADIC_ROOT, expand_message_xmd z_pad=48, Fp2 ordering, hinTS VK/sig sizes, why snarkjs is unusable for WRAPS).

Scope

  • P0 (1.0): hash-only + Schnorr + WRAPS + hinTS
  • P1 (1.1): item-level inclusion proofs (field-level TBD)
  • P2 (future): Solidity verifier — deferred pending EIP-2537 rollout and inclusion-proof commitment choice

Open questions for reviewers

  1. npm scope ownership under @hiero-ledger
  2. Repo carve-out timing (in-tree under packages/ vs. standalone repo)
  3. Does P1 need field-level proofs in v1, or is item-level sufficient?
  4. Is CI cross-check against the Java verifier required for 1.0, or can it be deferred?
  5. Maintainer sign-off path before scaffolding begins

Test plan

  • Docs render correctly on GitHub
  • ADR reviewed by block-node maintainers
  • Architecture doc reviewed by crypto / block-stream owners
  • Open questions resolved or explicitly deferred
  • Follow-up PRs tracked (package scaffold, P0 migration, 1.0 release)

Relates-to: hiero-ledger#2323
Builds-on: hiero-ledger#2411

@piotrswierzy
docs(js-verifier): add ADR 0001 and high-level architecture for JS bl…
16e9e11 
…ock verifier library

Proposes productizing the JS/TS TSS verification spike as
@hiero-ledger/block-verifier, a pure-JS library for verifying
HIP-1056 blocks in browsers and Node.

ADR 0001 captures the P0 design decisions: single package with
subpath exports, shallow parsing as an architectural invariant,
pluggable crypto backend (noble default), pure JS with no native
deps, targeting 1.0 with full P0 coverage (hash-only, Schnorr,
WRAPS, hinTS). Includes a spike-findings section documenting
tractability results, ArkWorks/serialization quirks that must be
preserved (G1/G2 compressed flags, BLS12-381 Fr TWO_ADIC_ROOT,
expand_message_xmd z_pad=48, Fp2 ordering, hinTS sizes), and the
reasons snarkjs is unusable for WRAPS.

The architecture document covers P0 (ships in 1.0) and P1
(block-contents inclusion proofs), with P2 (smart-contract
verification) deferred to a follow-up ADR. Documents the module
layering, the CryptoBackend injection contract, the public API
surface, non-functional targets, and open questions around npm
scope, repo carve-out, and P1 field-level proof scope.

Relates-to: hiero-ledger#2323
Signed-off-by: Piotr Swierzy <piotr.swierzy@blockydevs.com>
@piotrswierzy piotrswierzy marked this pull request as draft April 14, 2026 17:18
@piotrswierzy piotrswierzy mentioned this pull request Apr 14, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@piotrswierzy