High-level Summary​

We've published the 2.2.0 release! It bundles up the partial fanout work and the hydra-tui revamp from the last couple of updates, together with a much richer benchmark suite (real-world TPS metrics, a Mixed UTxO generator, and a new matrix sub-command that sweeps cluster sizes and UTxO shapes, published to a scenario benchmarks page). On top of that we unified the on-chain membership checks around the BLS accumulator, which shrinks the snapshot-signing tuple and removes a pile of now redundant hashing, and started optimising snapshot processing so script-heavy heads don't pay to re-evaluate Plutus they've already validated.

What did the team achieve?​

• Released 2.2.0, packaging partial fanout, the hydra-tui revamp, and the new benchmarking work, with the changelog and network config updated accordingly
• Unified the membership checks: the three separate UTxO hash fields (utxoHash, alphaUTxOHash, omegaUTxOHash) collapse into a single accumulatorHash derived from the BLS accumulator, shrinking the snapshot signing tuple from 7 fields to 4, and full fanout now verifies outputs via a KZG membership proof (the same path as partial fanout) rather than a hash comparison #2619
• Started a snapshot-side throughput optimisation: transactions already validated on receipt are now re-applied via reapplyTx, skipping redundant Plutus script evaluation on the hot path, with a fallback to full application when a commit or decommit changes the active UTxO #2717
• Extended PR benchmarking: a "TPS" count (both waiting for TxValid and firing as fast as possible then counting confirmed-snapshot txns) #2635, and a benchmark comparison comment showing the PR-vs-master difference #2721
• Added a head-state visualisation tool for inspecting single states and diagnosing multi-party scenarios #2719
• Added a mustNotMintOrBurn guard to the Increment and Decrement validator transitions, consistent with all the other head transitions #2718, #2697
• Further validator fixes: CloseInitial now constrains the accumulator commitment, and the HeadStatus schema and Haskell types agree on Final #2712
• Removed leftover CollectCom/Abort handling missed in the original "directly open head" work #2709
• Switched to makeIsDataIndexed instead of unstableMakeIsData for stable on-chain constructor indices #2724, #2713
• TUI fixes: the increment dialog no longer re-queries L1 UTxO state every time (it reuses the cached value and lets you refresh if you want) #2726, plus more small fixes #2710 and a fix for flakey TUI tests #2708
• Merged a handful of simple fixes across smaller issues #2715
• Added deposit and recover transition tests and tidied up some others #2711
• CI and tooling: more nix caching by building derivations with -Werror to match nix flake check #2720, added etcd to the exes shell so smoke tests can run a system etcd #2722, and skipped the preprod-with-mithril path while it's offline #2723

What's next?​

• Add a test that probes how large a UTxO set we can actually (partially) fan out #2616
• Continue the still-open node-observing-unrelated-Heads deposit issue #2606
• Finish the user-friendly hydra-node configuration file #2581
• Accept PaymentExtendedKey (HD wallet keys) #2583

High level overview​

This week, the Mithril team completed the prover input preparation and SNARK proof verification for the recursive SNARK aggregation primitives and adapted the certificate chain to support recursive SNARKs. They continued work on creating the SNARK proof with the circuit, wiring the SNARK proof in the aggregate signature, refactoring the preparation of the prover input, adding the missing ancillary data for the IVC aggregate signature creation, and updating the Midnight ZK library audit status for SNARK.

Additionally, they completed the optimization of the end-to-end tests for SNARK, updated the ledger state snapshot selection in artifacts, upgraded to Pallas 1.1.0, and enhanced support for discontinued signed entity types in the aggregator.

Finally, the team continued work on shipping the Mithril signer node binary in the Cardano node bundle, the release of the 2625 distribution, and the fix for the aggregator switch in the explorer.

Low level overview​

Features​

• Completed the issue Recursive SNARK aggregation primitives: Prepare prover input #3138
• Completed the issue Recursive SNARK aggregation primitives: Verify SNARK proof #3140
• Completed the issue Adapt certificate chain to support recursive SNARK #3147
• Worked on the issue Recursive SNARK aggregation primitives: Create SNARK proof with circuit #3139
• Worked on the issue Recursive SNARK aggregation primitives: Wire SNARK proof in aggregate signature #3141
• Worked on the issue Recursive SNARK aggregation primitives: Refactor preparation of prover input #3319
• Worked on the issue Add missing ancillary data for IVC aggregate signature creation #3341
• Worked on the issue Update Midnight ZK library audit status for SNARK #3122

Protocol maintenance​

• Completed the issue Optimize e2e tests for SNARK #3151
• Completed the issue Update ledger state snapshot selection in artifacts #3298
• Completed the issue Switch of aggregator does not work in explorer #3328
• Worked on the issue Ship Mithril signer node binary in Cardano node bundle in GitHub #3011
• Worked on the issue Release 2625 distribution #3271
• Worked on the issue Upgrade to Pallas 1.1.0 #3297
• Worked on the issue Enhance support for discontinued signed entity types in aggregator #3332
• Worked on the issue Move slow tests to slow tier #3337

High level summary​

• Mithril integration (Treasury Funding Initiative 8: Mithril):
  • A node running on an on-disk backend can now also write a snapshot in the portable in-memory format when given an export path. Mithril signers need a single agreed format to sign, and this lets them get it straight from the node instead of running a separate conversion tool. This is the first part of #1574; the export format is not fully complete yet, as it still needs some fixes on the LSM-trees side (#2053).
  • Added a snapshot policy for Mithril that makes the timing of ledger-state snapshots predictable, using cadence values agreed with the Mithril team. Predictable snapshots let signers agree on the same state to sign (#2063).
• Maintenance and tooling (Treasury Funding Initiative 17: Maintenance and Support):
  • db-analyser can now start an analysis from a snapshot at a chosen slot. Given --analyse-from, it picks the newest snapshot at or before that slot and replays only the blocks needed to reach it, instead of always replaying from genesis (#2061).
  • Fixed a rare corner case where a snapshot taken at the same slot as the immutable database tip, on an epoch boundary block, triggered an error. The node now discards the snapshot in that situation (#2070).
• Documentation (Treasury Funding Initiative 17: Maintenance and Support):
  • Full-text search is now available on the consensus documentation website. The search index is built into the site as static files, so it needs no external service (#2059).

High level overview​

This week, the Mithril team completed the implementation of the SNARK-friendly genesis certificate and the type-consistency and naming-alignment refactoring for the SNARK recursive circuit. They continued work on the prover input and the SNARK proof verification of the recursive SNARK aggregation primitives, and on adapting the certificate chain to support the recursive SNARK.

Additionally, they completed support for DMQ ledger peers, enforcement of the DMQ message ID format, and a prototype for Cardano node ledger state certification. They also continued shipping the Mithril signer node binary in the Cardano node bundle and updating the ledger state snapshot selection in artifacts.

Finally, the team completed the upgrade of the DMQ node to 0.6.0.0, removed support for Mithril nodes in the devnet, and continued work on optimizing the end-to-end tests for SNARK.

Low level overview​

Features​

• Completed the issue Implement SNARK-friendly genesis certificate #3145
• Completed the issue Refactor SNARK recursive circuit - Type consistency #3128
• Completed the issue Refactor SNARK recursive circuit - Naming alignment #3130
• Completed the issue Prototype Cardano node ledger state certification #3269
• Completed the issue Support for DMQ ledger peers #3303
• Worked on the issue Recursive SNARK aggregation primitives: Prepare prover input #3138
• Worked on the issue Recursive SNARK aggregation primitives: Verify SNARK proof #3140
• Worked on the issue Adapt certificate chain to support recursive SNARK #3147

Protocol maintenance​

• Completed the issue Enforcement of DMQ message id format #3251
• Completed the issue fails_with_empty_signatures flakes in CI due to concurrent SRS temp file collision #3292
• Completed the issue Remove Mithril nodes support in mithril-devnet #3295
• Completed the issue Update DMQ node to 0.6.0.0 #3302
• Completed the issue Formatted list of de-registered signers in explorer misses aliases #3310
• Worked on the issue Ship Mithril signer node binary in Cardano node bundle in GitHub #3011
• Worked on the issue Optimize e2e tests for SNARK #3151
• Worked on the issue Update ledger state snapshot selection in artifacts #3298
• Worked on the issue Release 2624 distribution #3271
• Worked on the issue Upgrade to Pallas 1.1.0 #3297

High-level Summary​

Big news is that we have merged the partial fanout work!. After many months of design and review, heads with large UTxO sets can now be fanned out in multiple steps, each verified on-chain via a BLS accumulator membership proof, with the chunk size determined dynamically by a binary search so each step packs in as many outputs as will fit. This removes the long-standing limit on UTxOs per head. Alongside that, the hydra-tui got a significant refactor, the test suite moved to tasty, and a handful of correctness fixes landed around cross-head event contamination and recovered deposits leaking back into L2.

What did the team achieve?​

• Merged partial fanout, including the on-chain validators, BLS accumulator membership proofs, and the PartialFanoutTx / FinalPartialFanoutTx transactions #2324
• Made the fanout chunk size fully dynamic via binary search over fitting tx size, replacing the hardcoded threshold #2617
• Significantly revised hydra-tui: pending-deposit recovery from Open and Closed/Final, dark/light theme toggle persisted to disk, event-history filter, tab navigation, and a per-tab rendering refactor #2590
• Switched the test suite from hspec to tasty #2620
• Validated headId in the aggregate function to prevent replayed events from a previous head corrupting the state of a newly opened one #2618
• Fixed a bug where a recovered incremental-commit deposit could reappear in the L2 UTxO after sideloading a snapshot, making the same UTxO spendable on both L1 and L2 #2630, #2629
• Made etcd writes more resilient to resolve a pumba-style network-partition test failure #2627
• Bumped rust-accumulator to fix musl build issues #2622
• Disabled nix store optimisation on CI to work around a macOS dyld issue #2626
• Sped up repeated linting and normal building, and added a small CLAUDE.md #2625
• Updated docs and changelog to reflect the partial fanout implementation, and documented the remaining large-UTxO limitation #2631

What's next?​

• Get a new release out!
• Add a test that probes how large a UTxO set we can actually (partially) fan out #2616
• Continue the still-open node-observing-unrelated-Heads deposit issue #2606
• Land the user-friendly hydra-node configuration file #2581
• Accept PaymentExtendedKey (HD wallet keys) #2583