Parameter  Description 

ID  Algorithm identifier for this DAF. 
SHARES  Number of input shares into which each measurement is sharded 
Measurement  Type of each measurement 
AggParam  Type of aggregation parameter 
OutShare  Type of each output share 
AggResult  Type of the aggregate result 
Parameter  Description 

ID  Algorithm identifier for this VDAF 
VERIFY_KEY_SIZE  Size (in bytes) of the verification key ( 
NONCE_SIZE `  Size (in bytes) of the nonce 
ROUNDS  Number of rounds of communication during the Preparation stage ( 
SHARES  Number of input shares into which each measurement is sharded ( 
Measurement  Type of each measurement 
AggParam  Type of aggregation parameter 
Prep  State of each Aggregator during Preparation ( 
OutShare  Type of each output share 
AggResult  Type of the aggregate result 
Parameter  Value 

MODULUS  2^32 * 4294967295 + 1 
ENCODED_SIZE  8 
Generator  7^4294967295 
GEN_ORDER  2^32 
Parameter  Value 

MODULUS  2^66 * 4611686018427387897 + 1 
ENCODED_SIZE  16 
Generator  7^4611686018427387897 
GEN_ORDER  2^66 
Parameter  Value 

MODULUS  2^255  19 
ENCODED_SIZE  32 
Parameter  Description 

PROVE_RAND_LEN  Length of the prover randomness, the number of random field elements consumed by the prover when generating a proof 
QUERY_RAND_LEN  Length of the query randomness, the number of random field elements consumed by the verifier 
JOINT_RAND_LEN  Length of the joint randomness, the number of random field elements consumed by both the prover and verifier 
INPUT_LEN  Length of the encoded measurement ( 
OUTPUT_LEN  Length of the aggregatable output ( 
PROOF_LEN  Length of the proof 
VERIFIER_LEN  Length of the verifier message generated by querying the input and proof 
Measurement  Type of the measurement 
AggResult  Type of the aggregate result 
Field  As defined in ( 
Parameter  Value 

VERIFY_KEY_SIZE  Prg.SEED_SIZE 
ROUNDS  1 
SHARES  in [2, 256) 
Measurement  Flp.Measurement 
AggParam  None 
Prep  Tuple[Vec[Flp.Field], Optional[Bytes], Bytes] 
OutShare  Vec[Flp.Field] 
AggResult  Flp.AggResult 
Variable  Value 

DST_MEASUREMENT_SHARE: Unsigned  1 
DST_PROOF_SHARE: Unsigned  2 
DST_JOINT_RANDOMNESS: Unsigned  3 
DST_PROVE_RANDOMNESS: Unsigned  4 
DST_QUERY_RANDOMNESS: Unsigned  5 
DST_JOINT_RAND_SEED: Unsigned  6 
DST_JOINT_RAND_PART: Unsigned  7 
Parameter  Description 

GADGETS  A list of gadgets 
GADGET_CALLS  Number of times each gadget is called 
INPUT_LEN  Length of the input 
OUTPUT_LEN  Length of the aggregatable output 
JOINT_RAND_LEN  Length of the random input 
Measurement  The type of measurement 
AggResult  Type of the aggregate result 
Field  An FFTfriendly finite field as defined in 
Parameter  Value 

PROVE_RAND_LEN 
Valid.prove_rand_len() (see 
QUERY_RAND_LEN 
Valid.query_rand_len() (see 
JOINT_RAND_LEN  Valid.JOINT_RAND_LEN 
INPUT_LEN  Valid.INPUT_LEN 
OUTPUT_LEN  Valid.OUTPUT_LEN 
PROOF_LEN 
Valid.proof_len() (see 
VERIFIER_LEN 
Valid.verifier_len() (see 
Measurement  Valid.Measurement 
Field  Valid.Field 
Parameter  Value 

GADGETS  [Mul] 
GADGET_CALLS  [1] 
INPUT_LEN  1 
OUTPUT_LEN  1 
JOINT_RAND_LEN  0 
Measurement  Unsigned, in range [0,2) 
AggResult  Unsigned 
Field 
Field64 ( 
Parameter  Value 

GADGETS  [Range2] 
GADGET_CALLS  [bits] 
INPUT_LEN  bits 
OUTPUT_LEN  1 
JOINT_RAND_LEN  1 
Measurement  Unsigned, in range [0, 2^bits) 
AggResult  Unsigned 
Field 
Field128 ( 
Parameter  Value 

GADGETS  [Range2] 
GADGET_CALLS  [buckets + 1] 
INPUT_LEN  buckets + 1 
OUTPUT_LEN  buckets + 1 
JOINT_RAND_LEN  2 
Measurement  Integer 
AggResult  Vec[Unsigned] 
Field 
Field128 ( 
Parameter  Description 

SHARES  Number of IDPF keys output by IDPFkey generator 
BITS  Length in bits of each input string 
VALUE_LEN  Number of field elements of each output value 
KEY_SIZE  Size in bytes of each IDPF key 
FieldInner  Implementation of Field ( 
FieldLeaf  Implementation of Field used for values of leaf nodes 
Prg  Implementation of Prg ( 
Parameter  Value 

VERIFY_KEY_SIZE  Idpf.Prg.SEED_SIZE 
ROUNDS  2 
SHARES  2 
Measurement  Unsigned 
AggParam  Tuple[Unsigned, Vec[Unsigned]] 
Prep  Tuple[Bytes, Unsigned, Idpf.Vec] 
OutShare  Idpf.Vec 
AggResult  Vec[Unsigned] 
Variable  Value 

DST_SHARD_RAND: Unsigned  1 
DST_CORR_INNER: Unsigned  2 
DST_CORR_LEAF: Unsigned  3 
DST_VERIFY_RAND: Unsigned  4 
Parameter  Value 

SHARES  2 
BITS  any positive integer 
VALUE_LEN  any positive integer 
KEY_SIZE  Prg.SEED_SIZE 
FieldInner 
Field64 ( 
FieldLeaf 
Field255 ( 
Prg  any implementation of Prg ( 
Value  Scheme  Type  Reference 

0x00000000  Prio3Count  VDAF 

0x00000001  Prio3Sum  VDAF 

0x00000002  Prio3Histogram  VDAF 

0x00000003 to 0x00000FFF  reserved for Prio3  VDAF  n/a 
0x00001000  Poplar1  VDAF 

0xFFFF0000 to 0xFFFFFFFF  reserved  n/a  n/a 