Parameter  Description 

ID  Algorithm identifier for this DAF. A 32bit, unsigned integer. 
SHARES  Number of input shares into which each measurement is sharded. 
NONCE_SIZE  Size of the nonce passed by the application. 
RAND_SIZE  Size of the random byte string passed to sharding algorithm. 
Measurement  Type of each measurement. 
PublicShare  Type of each public share. 
InputShare  Type of each input share. 
AggParam  Type of aggregation parameter. 
OutShare  Type of each output share. 
AggShare  Type of the aggregate share. 
AggResult  Type of the aggregate result. 
Parameter  Description 

ID  Algorithm identifier for this VDAF. 
VERIFY_KEY_SIZE  Size (in bytes) of the verification key ( 
RAND_SIZE  Size of the random byte string passed to sharding algorithm. 
NONCE_SIZE  Size (in bytes) of the nonce. 
ROUNDS  Number of rounds of communication during the Preparation stage ( 
SHARES  Number of input shares into which each measurement is sharded ( 
Measurement  Type of each measurement. 
PublicShare  Type of each public share. 
InputShare  Type of each input share. 
AggParam  Type of aggregation parameter. 
OutShare  Type of each output share. 
AggShare  Type of the aggregate share. 
AggResult  Type of the aggregate result. 
PrepState  Aggregator's state during preparation. 
PrepShare  Type of each prep share. 
PrepMessage  Type of each prep message. 
Parameter  Field64  Field128  Field255 

MODULUS  2^32 * 4294967295 + 1  2^66 * 4611686018427387897 + 1  2^255  19 
ENCODED_SIZE  8  16  32 
Generator  7^4294967295  7^4611686018427387897  n/a 
GEN_ORDER  2^32  2^66  n/a 
Parameter  Description 

PROVE_RAND_LEN  Length of the prover randomness, the number of random field elements consumed by the prover when generating a proof 
QUERY_RAND_LEN  Length of the query randomness, the number of random field elements consumed by the verifier 
JOINT_RAND_LEN  Length of the joint randomness, the number of random field elements consumed by both the prover and verifier 
MEAS_LEN  Length of the encoded measurement ( 
OUTPUT_LEN  Length of the aggregatable output ( 
PROOF_LEN  Length of the proof 
VERIFIER_LEN  Length of the verifier message generated by querying the measurement and proof 
Measurement  Type of the measurement 
AggResult  Type of the aggregate result 
Field  As defined in ( 
Parameter  Value 

VERIFY_KEY_SIZE  Xof.SEED_SIZE 
RAND_SIZE  Xof.SEED_SIZE * (1 + 2 * (SHARES  1)) if Flp.JOINT_RAND_LEN == 0 else Xof.SEED_SIZE * (1 + 2 * (SHARES  1) + SHARES) 
NONCE_SIZE  16 
ROUNDS  1 
SHARES  in [2, 256) 
Measurement  Flp.Measurement 
AggParam  None 
PublicShare  Optional[list[bytes]] 
InputShare  Union[tuple[list[Flp.Field], list[Flp.Field], Optional[bytes]], tuple[bytes, bytes, Optional[bytes]]] 
OutShare  list[Flp.Field] 
AggShare  list[Flp.Field] 
AggResult  Flp.AggResult 
PrepState  tuple[list[Flp.Field], Optional[Bytes]] 
PrepShare  tuple[list[Flp.Field], Optional[Bytes]] 
PrepMessage  Optional[bytes] 
Variable  Value 

USAGE_MEAS_SHARE: Unsigned  1 
USAGE_PROOF_SHARE: Unsigned  2 
USAGE_JOINT_RANDOMNESS: Unsigned  3 
USAGE_PROVE_RANDOMNESS: Unsigned  4 
USAGE_QUERY_RANDOMNESS: Unsigned  5 
USAGE_JOINT_RAND_SEED: Unsigned  6 
USAGE_JOINT_RAND_PART: Unsigned  7 
Parameter  Description 

GADGETS  A list of gadgets 
GADGET_CALLS  Number of times each gadget is called 
MEAS_LEN  Length of the measurement 
OUTPUT_LEN  Length of the aggregatable output 
JOINT_RAND_LEN  Length of the random input 
Measurement  The type of measurement 
AggResult  Type of the aggregate result 
Field  An FFTfriendly finite field as defined in 
Parameter  Value 

PROVE_RAND_LEN 
Valid.prove_rand_len() (see 
QUERY_RAND_LEN 
Valid.query_rand_len() (see 
JOINT_RAND_LEN  Valid.JOINT_RAND_LEN 
MEAS_LEN  Valid.MEAS_LEN 
OUTPUT_LEN  Valid.OUTPUT_LEN 
PROOF_LEN 
Valid.proof_len() (see 
VERIFIER_LEN 
Valid.verifier_len() (see 
Measurement  Valid.Measurement 
Field  Valid.Field 
Parameter  Value 

GADGETS  [Mul] 
GADGET_CALLS  [1] 
MEAS_LEN  1 
OUTPUT_LEN  1 
JOINT_RAND_LEN  0 
Measurement  Unsigned, in range [0,2) 
AggResult  Unsigned 
Field 
Field64 ( 
Parameter  Value 

GADGETS  [Range2] 
GADGET_CALLS  [bits] 
MEAS_LEN  bits 
OUTPUT_LEN  1 
JOINT_RAND_LEN  1 
Measurement  Unsigned, in range [0, 2^bits) 
AggResult  Unsigned 
Field 
Field128 ( 
Parameter  Value 

GADGETS  [ParallelSum(Mul(), chunk_length)] 
GADGET_CALLS  [(length * bits + chunk_length  1) // chunk_length] 
MEAS_LEN  length * bits 
OUTPUT_LEN  length 
JOINT_RAND_LEN  1 
Measurement  Vec[Unsigned], each element in range [0, 2^bits) 
AggResult  Vec[Unsigned] 
Field 
Field128 ( 
Parameter  Value 

GADGETS  [ParallelSum(Mul(), chunk_length)] 
GADGET_CALLS  [(length + chunk_length  1) // chunk_length] 
MEAS_LEN  length 
OUTPUT_LEN  length 
JOINT_RAND_LEN  2 
Measurement  Unsigned 
AggResult  Vec[Unsigned] 
Field 
Field128 ( 
Parameter  Description 

SHARES  Number of IDPF keys output by IDPFkey generator 
BITS  Length in bits of each input string 
VALUE_LEN  Number of field elements of each output value 
RAND_SIZE  Size of the random string consumed by the IDPFkey generator. Equal to twice the XOF's seed size. 
KEY_SIZE  Size in bytes of each IDPF key 
FieldInner  Implementation of Field ( 
FieldLeaf  Implementation of Field used for values of leaf nodes 
Output  Alias of Union[list[list[FieldInner]], list[list[FieldLeaf]]] 
FieldVec  Alias of Union[list[FieldInner], list[FieldLeaf]] 
Parameter  Value 

VERIFY_KEY_SIZE  Xof.SEED_SIZE 
RAND_SIZE  Xof.SEED_SIZE * 3 + Idpf.RAND_SIZE 
NONCE_SIZE  16 
ROUNDS  2 
SHARES  2 
Measurement  Unsigned 
AggParam  Tuple[Unsigned, Tuple[Unsigned, ...]] 
PublicShare  bytes (IDPF public share) 
InputShare  tuple[bytes, bytes, list[Idpf.FieldInner], list[Idpf.FieldLeaf]] 
OutShare  Idpf.FieldVec 
AggShare  Idpf.FieldVec 
AggResult  Vec[Unsigned] 
PrepState  tuple[bytes, Unsigned, Idpf.FieldVec] 
PrepShare  Idpf.FieldVec 
PrepMessage  Optional[Idpf.FieldVec] 
Variable  Value 

USAGE_SHARD_RAND: Unsigned  1 
USAGE_CORR_INNER: Unsigned  2 
USAGE_CORR_LEAF: Unsigned  3 
USAGE_VERIFY_RAND: Unsigned  4 
Parameter  Value 

SHARES  2 
BITS  any positive integer 
VALUE_LEN  any positive integer 
KEY_SIZE  Xof.SEED_SIZE 
FieldInner 
Field64 ( 
FieldLeaf 
Field255 ( 
Value  Scheme  Type  Reference 

0x00000000  Prio3Count  VDAF 

0x00000001  Prio3Sum  VDAF 

0x00000002  Prio3SumVec  VDAF 

0x00000003  Prio3Histogram  VDAF 

0x00000004 to 0x00000FFF  reserved for Prio3  VDAF  n/a 
0x00001000  Poplar1  VDAF 

0xFFFF0000 to 0xFFFFFFFF  reserved  n/a  n/a 