🤖 Gemini PR Summary

This diff significantly refactors and expands the Merkle Tree commitment scheme implementation.

Here is a high-level summary of the key changes:

• Major Refactoring: The single InductiveMerkleTree.lean file has been split into a new MerkleTree directory with three more focused files:

  • Defs.lean: Contains the core definitions.
  • Completeness.lean: Contains the proof that valid proofs will always verify.
  • Extractability.lean: A new file introducing a key security proof.

• Introduction of Extractability: The most significant change is the addition of a formal proof for the extractability of the Merkle tree. This is a crucial security property guaranteeing that if an adversary can successfully open a commitment, an "extractor" can recover the committed data from the adversary's interactions (i.e., its query log). This involves:

  • An extractor algorithm to reconstruct the tree.
  • A formal extractability_game to model adversarial attacks.
  • The statement of the main extractability theorem.

• API Change: The verifyProof function was changed to return a Bool indicating success or failure, rather than failing the entire computation on an invalid proof. The completeness proof has been updated accordingly.

• Helper Functions: New helper functions like leafCount and depth were added to the underlying Skeleton (binary tree) data structure to support the new proofs.

Analysis of Changes

sorry Tracking

• ❌ Added: 3 sorry(s)
  • lemma OracleComp.bind_withLogging (A B) (spec : OracleSpec Unit) in ArkLib/CommitmentScheme/MerkleTree/Extractability.lean
  • theorem extractability [DecidableEq α] [SelectableType α] [Fintype α] [(spec α).FiniteRange] in ArkLib/CommitmentScheme/MerkleTree/Extractability.lean
  • lemma OracleComp.pure_withLogging (A B) (spec : OracleSpec Unit) in ArkLib/CommitmentScheme/MerkleTree/Extractability.lean

Last updated: 2025-12-11 02:32 UTC. See the main CI run for build status.

🤖 Gemini PR Summary

As a senior engineer, here is a high-level summary of the changes in this PR. This work primarily focuses on formalizing the security properties of Merkle Trees—specifically extractability—while improving the project's modularity.

Features

• Extractability Definition & Proof: Introduced Extractability.lean, which defines the formal extraction algorithm and the associated security game/theorem for Merkle trees.
• Completeness Proofs: Established Completeness.lean to formally prove that validly generated Merkle proofs consistently verify against the tree root in both functional and monadic contexts.
• Tree Meta-Data Helpers: Added new helper definitions to IndexedBinaryTree/Basic.lean for calculating the leaf count and depth of the Skeleton binary tree type.

Refactoring

• Modular Architecture: Reorganized the inductive Merkle tree implementation from a single file into a dedicated directory structure (ArkLib/CommitmentScheme/MerkleTree/). This separates core definitions from their respective proofs (Completeness and Extractability).
• API Simplification: Updated verifyProof in Defs.lean to return a boolean value, improving its usability as a predicate, and moved existing completeness theorems out of the core definition file to isolate concerns.
• Import Management: Updated ArkLib.lean to reflect the new modular structure, ensuring the commitment scheme imports are streamlined.

Fixes

• None reported in this PR.

Documentation

• Formal documentation changes were not explicitly noted, though the introduction of the extraction security game provides implicit formal documentation of the system's security properties.

Analysis of Changes

sorry Tracking

Last updated: 2026-01-19 05:41 UTC.

I have only been able to work on this PR sporadically - it's looking like this PR will require more background on a collision lemma to be made sorry free. On the other hand, it does some reorganization of this folder, and so maybe it makes sense to merge now, so that any refactors don't overwrite the file and so people who are interested in the sorries can try to solve them.

What do you all think?