Public Parameters (PP) are the cryptographic foundation of a Token Management System (TMS). They define the rules of the token system, including the cryptographic curves, generators, and authorized participants (issuers, auditors).
This document describes the lifecycle of public parameters in Panurus, from generation to dynamic updates.
Public parameters are generated using the tokengen CLI tool. The generation process is driver-specific because different drivers require different cryptographic setups.
# Generate FabToken public parameters
tokengen gen fabtoken.v1 --auditors ./msp/auditor --issuers ./msp/issuer --output ./params
# Generate ZKAT-DLOG public parameters
tokengen gen zkatdlognogh.v1 --curve bls12_381_bbs --idemix-issuer-pk ./msp/idemix --output ./params
The publication mechanism varies depending on the network driver being used (Fabric vs. FabricX).
In a standard Hyperledger Fabric network, public parameters are managed by the Token Chaincode (TCC).
params.go) or provided as transient data during chaincode Init/Upgrade.In FabricX, public parameters are managed through a dedicated Public Parameters Service and the Vault.
FabricX Query Service to fetch these parameters directly from the vault’s world state.When an FSC node starts or connects to a TMS, it must fetch the current public parameters to initialize its local drivers.
PublicParamsFetcher (provided by the Network Service) to query the ledger (via TCC or the Query Service).PublicParametersStorage to ensure they are available even if the network is temporarily unreachable.Panurus supports dynamic synchronization of public parameter updates across the entire network without requiring node restarts.
The Network Service is responsible for monitoring the ledger for changes to the public parameters.
PermanentLookupListener (using the setupListener) on the Setup Key.setupListener receives the new raw parameters and triggers TMSProvider.Update(tmsID, newParams).| Stage | Tool/Component | Responsibility |
|---|---|---|
| Generation | tokengen |
Creates the cryptographic blob for a specific driver version. |
| Publication | tcc (Fabric) / Vault (FabricX) |
Persists the blob to the ledger’s world state. |
| Monitoring | Network Service | Listens for ledger events on the Setup Key. |
| Synchronization | TMSProvider |
Hot-swaps the driver instance in the FSC node upon update. |