Add limits and BLS papers

Author: vrom911

src/Hydra/Protocol/OffChain.tex

@@ -10,8 +10,8 @@ \section{Off-Chain Protocol}\label{sec:offchain}
 head members, parties or simply protocol actors.
 
 \noindent The off-chain protocol coordinates BLS accumulator operations (see Section~\ref{sec:bls-accumulators})
-for partial fanout support. When UTxO sets are too large for single transactions,
-the off-chain protocol automatically falls back to partial distribution using
+for partial fanout support. When UTxO sets are too large for single transactions (see Section~\ref{sec:bls-accumulators}
+for limits details), the off-chain protocol automatically falls back to partial distribution using
 exclusion proofs, ensuring all UTxOs can be distributed across multiple transactions
 while maintaining cryptographic integrity.
 

src/Hydra/Protocol/OnChain.tex

@@ -18,7 +18,8 @@ \section{On-chain Protocol}\label{sec:on-chain}
 on-chain: \mtxInit{}~\ref{sec:init-tx}, \mtxCom{}~\ref{sec:commit-tx}, \mtxAbort{}~\ref{sec:abort-tx}, \mtxCollect{}~\ref{sec:collect-tx}, \mtxIncrement{}~\ref{sec:increment-tx}, \mtxDecrement{}~\ref{sec:decrement-tx}, \mtxClose{}~\ref{sec:close-tx}, \mtxContest{}~\ref{sec:contest-tx}, and \mtxFanout{}~\ref{sec:fanout-tx}. \\
 
 \noindent The protocol uses BLS accumulators (see Section~\ref{sec:bls-accumulators}) to enable
-partial fanout when UTxO sets exceed transaction size limits. The \mtxCollect{} transaction
+partial fanout when UTxO sets exceed transaction size limits (see Section~\ref{sec:bls-accumulators}
+for limits details). The \mtxCollect{} transaction
 creates BLS accumulator commitments to UTxO sets, and \mtxFanout{} transactions use
 exclusion proofs to distribute subsets of UTxOs while maintaining cryptographic guarantees
 about the remaining UTxOs. \\
@@ -830,8 +831,8 @@ \subsection{Fan-Out Transaction}\label{sec:fanout-tx}
 Once the contestation phase is over, a head may be finalized by posting one or more
 \mtxFanout{} transactions (see Figure~\ref{fig:fanoutTx}), which
 distribute UTxOs from the head according to the latest state. The protocol first attempts
-a complete fanout of all UTxOs. If this fails due to transaction size limits, it automatically
-falls back to partial fanout, distributing a subset of UTxOs and proving the remaining UTxOs
+a complete fanout of all UTxOs. If this fails due to transaction size limits (see Section~\ref{sec:bls-accumulators}
+for limits details), it automatically falls back to partial fanout, distributing a subset of UTxOs and proving the remaining UTxOs
 are still valid. A fanout transaction consists of
 \begin{itemize}
   \item one input spending from $\nuHead$ holding the $\st$, and

src/Hydra/Protocol/Preliminaries.tex

@@ -87,10 +87,23 @@ \subsection{Public key multi-signature scheme}\label{sec:multisig}
 \subsection{BLS Accumulators for Partial Fanout}\label{sec:bls-accumulators}
 
 \noindent To enable partial fanout when UTxO sets are too large for a single transaction,
-the protocol uses BLS (Boneh-Lynn-Shacham) accumulators that support partial distribution
+the protocol uses BLS (Boneh-Lynn-Shacham) accumulators~\cite{BLS2001,acc2018} that support partial distribution
 proofs. This allows distributing a subset of UTxOs while proving that the remaining
 UTxOs are still valid and can be distributed in subsequent transactions.
 
+\noindent A UTxO set is considered too large for a single transaction when one or more of the following
+conditions occur:
+\begin{itemize}
+	\item \textbf{Number of outputs:} The UTxO set contains more outputs than can fit in a single
+	      transaction. On Cardano, this limit is typically around 80 ada-only outputs for fanout transactions.
+	\item \textbf{Total transaction size:} The serialized representation of all outputs, including
+	      their values, addresses, and datums, exceeds the maximum transaction size limit (e.g., 16KB on Cardano).
+	\item \textbf{Asset complexity:} UTxOs containing many native assets or complex token structures
+	      increase the transaction size beyond acceptable limits.
+	\item \textbf{Script references:} Large or numerous script references in outputs contribute to
+	      transaction size limits.
+\end{itemize}
+
 \begin{definition}[BLS Accumulator]
 A BLS accumulator scheme provides the following operations:
 \begin{itemize}
@@ -113,7 +126,7 @@ \subsection{BLS Accumulators for Partial Fanout}\label{sec:bls-accumulators}
 \end{definition}
 
 \noindent The BLS accumulator enables the protocol to handle large UTxO sets by automatically falling back
-to partial distribution when full fanout exceeds transaction size limits. The accumulator provides
+to partial distribution when full fanout exceeds transaction size limits (as defined above). The accumulator provides
 cryptographic guarantees that distributed UTxOs are valid and that remaining UTxOs are still
 available for future distribution.
 

src/short.bib

@@ -120,3 +120,25 @@ @inproceedings{utxo-ma
                   and Joachim and Zahnentferner},
   year            = 2020
 }
+
+@article{BLS2001,
+  Author          = {Dan Boneh and Ben Lynn and Hovav Shacham},
+  Title           = {Short Signatures from the Weil Pairing},
+  Journal         = {Journal of Cryptology},
+  Volume          = {17},
+  Number          = {4},
+  Pages           = {297--319},
+  Year            = {2004},
+  Note            = {Extended version of ASIACRYPT 2001},
+  Doi             = {10.1007/s00145-004-0314-9}
+}
+
+@inproceedings{acc2018,
+  Author          = {Benedikt B{\"u}nz and Stefano Chiesa and Pratyush Mishra and Nicholas Spooner},
+  Title           = {Recursive Proof Composition from Accumulation Schemes},
+  Booktitle       = {Theory of Cryptography},
+  Pages           = {401--430},
+  Year            = {2021},
+  Note            = {Universal accumulators for membership/exclusion proofs},
+  Doi             = {10.1007/978-3-030-90459-3_14}
+}