Skip to main content
Every Molpha verifier runs the same verification pipeline over the same domain-separated hashes: derive the selection set from (jobId, registryVersion, canonicalTimestamp), reconstruct the coalition key as the plain EC sum of the actual signers, and check one Schnorr signature over the canonical message. No chainId is in the message — that is what makes a single signature valid on every chain.

The three implementations

SolanaEVMStarknet
RoleCanonical chain + verifierStateless verifierStateless verifier
Entrypointverify_data_update (reverts; 72-byte return data) / submit_data_update (writes the Feed)verify(dataUpdate, schnorrData) → bool (view)verify(data_update, schnorr_data) → bool
Node-key storageRegistryIndex PDAsSSTORE2 snapshot per versionper-(version, index) coordinate maps
Schnorr final checknative verification over the argsecrecover trick (recovers s·G − e·P)native secp256k1 syscalls, computes s·G + (Q−e)·P
The Starknet contract is a bit-for-bit port of the EVM pipeline, proven by parity tests that verify unmodified EVM-produced signatures on Cairo.

What every verifier enforces

  1. The registryVersion exists and has nodes.
  2. Structural guards: non-zero signaturesRequired, signersBitmap, signature, commitment.
  3. popcount(signersBitmap) >= signaturesRequired.
  4. Signers ⊆ the deterministically derived selection set (groupSize = min(signaturesRequired + redundancyBuffer, nodeCount)).
  5. The aggregate Schnorr signature over the canonical message.

What no verifier enforces

Freshness, replay protection, and value bounds. A valid payload verifies forever (historical registry versions are intentionally kept verifiable). These policies belong to the consumer — see the integration checklists in each chain guide.