@typeberry/lib 0.8.4 → 0.9.0-c9f9e4d

package/packages/jam/jamnp-s/tasks/ticket-distribution.d.ts

@@ -1,6 +1,7 @@
 import type { Epoch } from "#@typeberry/block";
 import type { SignedTicket } from "#@typeberry/block/tickets.js";
 import type { ChainSpec } from "#@typeberry/config";
+import { type TicketValidator } from "#@typeberry/ticket-pool";
 import type { Connections } from "../peers.js";
 import type { StreamManager } from "../stream-manager.js";
 /**
@@ -9,33 +10,40 @@ import type { StreamManager } from "../stream-manager.js";
  * Uses CE-132 (proxy-to-all) for direct broadcast to all peers.
  * Implements a maintain pattern similar to SyncTask: tickets are collected
  * and periodically distributed to peers that haven't received them yet.
+ *
+ * Incoming tickets from peers are first run through a {@link TicketValidator};
+ * only validated tickets are added to the redistribution pool. The default
+ * validator denies everything, so callers must wire a real one via
+ * {@link setTicketValidator} before any networked ticket can be redistributed.
  */
 export declare class TicketDistributionTask {
     private readonly streamManager;
     private readonly connections;
     static start(streamManager: StreamManager, connections: Connections, chainSpec: ChainSpec): TicketDistributionTask;
-    /** Pending tickets waiting to be distributed to peers */
-    private pendingTickets;
-    /** Current epoch being tracked (cleared when epoch changes) */
-    private currentEpoch;
+    private readonly pool;
+    private validator;
     private constructor();
     /**
      * Should be called periodically to distribute pending tickets to connected peers.
      */
     maintainDistribution(): void;
     /**
-     * Add a ticket to the pending queue for distribution.
+     * Add a ticket to the redistribution pool.
      * Clears pending tickets when epoch changes.
      * Deduplicates tickets based on signature.
      */
     addTicket(epochIndex: Epoch, ticket: SignedTicket): void;
-    private onTicketReceivedCallback;
     /**
-     * Register a callback that validates a received ticket.
-     * The ticket is only added to the redistribution pool if the callback returns `true`.
-     * This prevents redistribution of invalid tickets (e.g. those with a tampered `attempt` field).
+     * Replace the redistribution pool for the given epoch with the supplied tickets.
+     * Used when the authorship worker dumps the authoritative pool on an epoch boundary.
+     */
+    replacePool(epochIndex: Epoch, tickets: readonly SignedTicket[]): void;
+    /**
+     * Register the validator that decides whether tickets received from peers should be
+     * accepted (and therefore redistributed). The default is {@link DenyTicketsValidator},
+     * so the caller must install a real validator for any peer ticket to make it through.
      */
-    setOnTicketReceived(cb: (epochIndex: Epoch, ticket: SignedTicket) => Promise<boolean>): void;
+    setTicketValidator(validator: TicketValidator): void;
     private onTicketReceived;
 }
 //# sourceMappingURL=ticket-distribution.d.ts.map

package/packages/jam/jamnp-s/tasks/ticket-distribution.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ticket-distribution.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/jamnp-s/tasks/ticket-distribution.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAGnD,OAAO,KAAK,EAAW,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAe1D;;;;;;GAMG;AACH,qBAAa,sBAAsB;IAuB/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IAvB9B,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;IAgBzF,yDAAyD;IACzD,OAAO,CAAC,cAAc,CAA0D;IAChF,+DAA+D;IAC/D,OAAO,CAAC,YAAY,CAAsB;IAE1C,OAAO;IAKP;;OAEG;IACH,oBAAoB;IAkDpB;;;;OAIG;IACH,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY;IAsCjD,OAAO,CAAC,wBAAwB,CAAgF;IAEhH;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC;IAIrF,OAAO,CAAC,gBAAgB;CAsBzB"}
+{"version":3,"file":"ticket-distribution.d.ts","sourceRoot":"","sources":["../../../../../../packages/jam/jamnp-s/tasks/ticket-distribution.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAA2C,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEvG,OAAO,KAAK,EAAW,WAAW,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAe1D;;;;;;;;;;;GAWG;AACH,qBAAa,sBAAsB;IAqB/B,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW;IArB9B,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS;IAgBzF,OAAO,CAAC,QAAQ,CAAC,IAAI,CAA2B;IAChD,OAAO,CAAC,SAAS,CAA+C;IAEhE,OAAO;IAKP;;OAEG;IACH,oBAAoB;IAgDpB;;;;OAIG;IACH,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY;IAIjD;;;OAGG;IACH,WAAW,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,YAAY,EAAE;IAI/D;;;;OAIG;IACH,kBAAkB,CAAC,SAAS,EAAE,eAAe;IAI7C,OAAO,CAAC,gBAAgB;CAkBzB"}

package/packages/jam/jamnp-s/tasks/ticket-distribution.js

@@ -1,4 +1,5 @@
 import { Logger } from "#@typeberry/logger";
+import { DenyTicketsValidator, PendingTicketPool } from "#@typeberry/ticket-pool";
 import { OK } from "#@typeberry/utils";
 import { ce131 } from "../protocol/index.js";
 const logger = Logger.new(import.meta.filename, "net:tickets");
@@ -12,6 +13,11 @@ const TICKET_AUX = {
  * Uses CE-132 (proxy-to-all) for direct broadcast to all peers.
  * Implements a maintain pattern similar to SyncTask: tickets are collected
  * and periodically distributed to peers that haven't received them yet.
+ *
+ * Incoming tickets from peers are first run through a {@link TicketValidator};
+ * only validated tickets are added to the redistribution pool. The default
+ * validator denies everything, so callers must wire a real one via
+ * {@link setTicketValidator} before any networked ticket can be redistributed.
  */
 export class TicketDistributionTask {
     streamManager;
@@ -26,10 +32,8 @@ export class TicketDistributionTask {
         streamManager.registerOutgoingHandlers(ce131.ClientHandler.new(chainSpec, ce131.STREAM_KIND_PROXY_TO_ALL));
         return task;
     }
-    /** Pending tickets waiting to be distributed to peers */
-    pendingTickets = [];
-    /** Current epoch being tracked (cleared when epoch changes) */
-    currentEpoch = null;
+    pool = new PendingTicketPool();
+    validator = new DenyTicketsValidator();
     constructor(streamManager, connections) {
         this.streamManager = streamManager;
         this.connections = connections;
@@ -38,14 +42,13 @@ export class TicketDistributionTask {
      * Should be called periodically to distribute pending tickets to connected peers.
      */
     maintainDistribution() {
-        if (this.currentEpoch === null) {
-            return; // No tickets to distribute yet
+        const currentEpoch = this.pool.currentEpoch;
+        if (currentEpoch === null) {
+            return;
         }
-        /** `this` is mutable and TS can't narrow this.currentEpoch inside the callback closure */
-        const currentEpoch = this.currentEpoch;
-        // Iterate through all pending tickets
-        for (let ticketIdx = 0; ticketIdx < this.pendingTickets.length; ticketIdx++) {
-            const { epochIndex, ticket } = this.pendingTickets[ticketIdx];
+        const tickets = this.pool.getTickets();
+        for (let ticketIdx = 0; ticketIdx < tickets.length; ticketIdx++) {
+            const { epochIndex, ticket } = tickets[ticketIdx];
             // Try to send to each connected peer
             for (const peerInfo of this.connections.getConnectedPeers()) {
                 this.connections.withAuxData(peerInfo.peerId, TICKET_AUX, (maybeAux) => {
@@ -77,72 +80,45 @@ export class TicketDistributionTask {
         }
     }
     /**
-     * Add a ticket to the pending queue for distribution.
+     * Add a ticket to the redistribution pool.
      * Clears pending tickets when epoch changes.
      * Deduplicates tickets based on signature.
      */
     addTicket(epochIndex, ticket) {
-        // Drop tickets for older epochs (can happen when a delayed validation callback completes
-        // after the epoch has already advanced — accepting it would roll back currentEpoch).
-        if (this.currentEpoch !== null && epochIndex < this.currentEpoch) {
-            return;
-        }
-        // Epoch advanced — clear old tickets
-        if (this.currentEpoch !== null && epochIndex > this.currentEpoch) {
-            logger.log `[addTicket] Epoch changed from ${this.currentEpoch} to ${epochIndex}, clearing ${this.pendingTickets.length} old tickets`;
-            this.pendingTickets = [];
-            // Note: We don't need to clear aux data for all peers here.
-            // The aux data contains the epoch, so maintainDistribution will lazily
-            // reset it when it detects an epoch mismatch. This handles both connected
-            // and disconnected peers correctly.
-        }
-        this.currentEpoch = epochIndex;
-        /**
-         * Deduplicate: check if a ticket with the same signature already exists
-         *
-         * Here we are risking "poisoning" the local pendingTickets - i.e:
-         *  1. The adversary sees a signature and swaps the ticket attempt to something different.
-         *  2. This creates an invalid ticket, but prevents a valid ticket with the same signature from being included and distributed.
-         *
-         * TODO [MaSi]: The poisoning risk should be fixed during implementation of ticket validation.
-         */
-        const isDuplicate = this.pendingTickets.some((pending) => pending.epochIndex === epochIndex && pending.ticket.signature.isEqualTo(ticket.signature));
-        if (!isDuplicate) {
-            this.pendingTickets.push({ epochIndex, ticket });
-            logger.info `[addTicket] Added ticket for epoch ${epochIndex}, total: ${this.pendingTickets.length}`;
-        }
+        this.pool.addTicket(epochIndex, ticket);
     }
-    onTicketReceivedCallback = null;
     /**
-     * Register a callback that validates a received ticket.
-     * The ticket is only added to the redistribution pool if the callback returns `true`.
-     * This prevents redistribution of invalid tickets (e.g. those with a tampered `attempt` field).
+     * Replace the redistribution pool for the given epoch with the supplied tickets.
+     * Used when the authorship worker dumps the authoritative pool on an epoch boundary.
      */
-    setOnTicketReceived(cb) {
-        this.onTicketReceivedCallback = cb;
+    replacePool(epochIndex, tickets) {
+        this.pool.replace(epochIndex, tickets);
+    }
+    /**
+     * Register the validator that decides whether tickets received from peers should be
+     * accepted (and therefore redistributed). The default is {@link DenyTicketsValidator},
+     * so the caller must install a real validator for any peer ticket to make it through.
+     */
+    setTicketValidator(validator) {
+        this.validator = validator;
     }
     onTicketReceived(epochIndex, ticket) {
         logger.trace `Received ticket for epoch ${epochIndex}, attempt ${ticket.attempt}`;
-        if (this.onTicketReceivedCallback !== null) {
-            // Validate first; only redistribute if valid to avoid spreading tampered tickets.
-            // Wrap with Promise.resolve().then() to catch both sync throws and async rejections.
-            const cb = this.onTicketReceivedCallback;
-            Promise.resolve()
-                .then(() => cb(epochIndex, ticket))
-                .then((isValid) => {
-                if (isValid) {
-                    this.addTicket(epochIndex, ticket);
-                }
-                else {
-                    logger.warn `Dropping invalid ticket for epoch ${epochIndex} (validation failed)`;
-                }
-            })
-                .catch((error) => {
-                logger.error `Error validating ticket for epoch ${epochIndex}, attempt ${ticket.attempt}: ${error}`;
-            });
-        }
-        else {
-            this.addTicket(epochIndex, ticket);
-        }
+        const validator = this.validator;
+        // Wrap with Promise.resolve().then() so a synchronous throw inside the validator
+        // funnels into the same .catch() as an async rejection.
+        Promise.resolve()
+            .then(() => validator.validate(epochIndex, [ticket]))
+            .then((result) => {
+            if (result.isOk) {
+                this.addTicket(epochIndex, ticket);
+            }
+            else {
+                logger.trace `Dropping ticket for epoch ${epochIndex}: ${result.error}`;
+            }
+        })
+            .catch((error) => {
+            logger.error `Error validating ticket for epoch ${epochIndex}, attempt ${ticket.attempt}: ${error}`;
+        });
     }
 }

package/packages/jam/jamnp-s/tasks/ticket-distribution.test.js

@@ -8,7 +8,8 @@ import { tinyChainSpec } from "#@typeberry/config";
 import { BANDERSNATCH_PROOF_BYTES } from "#@typeberry/crypto";
 import { Logger } from "#@typeberry/logger";
 import { createTestPeerPair, MockNetwork } from "#@typeberry/networking/testing.js";
-import { OK } from "#@typeberry/utils";
+import { AcceptTicketsValidator, ValidationError } from "#@typeberry/ticket-pool";
+import { OK, Result } from "#@typeberry/utils";
 import { Connections } from "../peers.js";
 import { StreamManager } from "../stream-manager.js";
 import { TicketDistributionTask } from "./ticket-distribution.js";
@@ -34,6 +35,9 @@ describe("TicketDistributionTask", () => {
         const receivedTickets = [];
         // Use real TicketDistributionTask
         const ticketTask = TicketDistributionTask.start(streamManager, connections, tinyChainSpec);
+        // Default validator accepts every ticket so the test asserts purely on distribution
+        // behaviour. Tests that exercise the rejection path overwrite this.
+        ticketTask.setTicketValidator(new AcceptTicketsValidator());
         // Intercept received tickets by wrapping onTicketReceived behavior
         // The task already adds received tickets to pending queue via addTicket,
         // so we can track them by checking the pending queue growth or by
@@ -217,7 +221,7 @@ describe("TicketDistributionTask", () => {
         assert.strictEqual(peer2.receivedTickets.length, 1);
         assert.deepStrictEqual(peer2.receivedTickets[0].ticket, ticket);
     });
-    it("should NOT redistribute ticket if validation callback returns false", async () => {
+    it("should NOT redistribute ticket if validator rejects", async () => {
         const self = await init("self");
         const peer1 = await init("peer1");
         const peer2 = await init("peer2");
@@ -225,35 +229,53 @@ describe("TicketDistributionTask", () => {
         self.openConnection(peer2);
         await tick();
         // Validation always rejects
-        self.ticketTask.setOnTicketReceived(async () => false);
+        self.ticketTask.setTicketValidator({
+            validate: async () => Result.error(ValidationError.InvalidProof, () => "rejected"),
+        });
         const ticket = createTestTicket(0);
         peer1.ticketTask.addTicket(TEST_EPOCH, ticket);
         peer1.ticketTask.maintainDistribution();
         await tick();
-        // self.addTicket was NOT called (callback returned false), so nothing to redistribute
+        // self.addTicket was NOT called (validator rejected), so nothing to redistribute
         assert.strictEqual(self.receivedTickets.length, 0);
         self.ticketTask.maintainDistribution();
         await tick();
         assert.strictEqual(peer2.receivedTickets.length, 0);
     });
-    it("should redistribute ticket if validation callback returns true", async () => {
+    it("should redistribute ticket if validator accepts", async () => {
         const self = await init("self");
         const peer1 = await init("peer1");
         const peer2 = await init("peer2");
         self.openConnection(peer1);
         self.openConnection(peer2);
         await tick();
-        // Validation always accepts
-        self.ticketTask.setOnTicketReceived(async () => true);
+        // Default init() already wires an AcceptTicketsValidator
         const ticket = createTestTicket(0);
         peer1.ticketTask.addTicket(TEST_EPOCH, ticket);
         peer1.ticketTask.maintainDistribution();
         await tick();
-        // self.addTicket WAS called (callback returned true)
+        // self.addTicket WAS called
         assert.strictEqual(self.receivedTickets.length, 1);
         self.ticketTask.maintainDistribution();
         await tick();
         assert.strictEqual(peer2.receivedTickets.length, 1);
         assert.deepStrictEqual(peer2.receivedTickets[0].ticket, ticket);
     });
+    it("replacePool overwrites the redistribution pool", async () => {
+        const self = await init("self");
+        const peer1 = await init("peer1");
+        self.openConnection(peer1);
+        await tick();
+        // Locally added tickets first
+        self.ticketTask.addTicket(TEST_EPOCH, createTestTicket(0));
+        self.ticketTask.addTicket(TEST_EPOCH, createTestTicket(1));
+        // Pool dump replaces with a different set
+        const dump = [createTestTicket(2), createTestTicket(3)];
+        self.ticketTask.replacePool(TEST_EPOCH, dump);
+        self.ticketTask.maintainDistribution();
+        await tick();
+        assert.strictEqual(peer1.receivedTickets.length, 2);
+        assert.deepStrictEqual(peer1.receivedTickets[0].ticket, dump[0]);
+        assert.deepStrictEqual(peer1.receivedTickets[1].ticket, dump[1]);
+    });
 });

package/packages/jam/node/main-fuzz.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"main-fuzz.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/node/main-fuzz.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,WAAW,EAAmB,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAIjD,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,WAAW,CAAC;IACrB,aAAa,EAAE,SAAS,CAAC;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,uBAAuB,EAAE,OAAO,CAAC;CAClC,CAAC;AAOF;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CASpF;AAED,iFAAiF;AACjF,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE5D;AAED,wBAAgB,cAAc;;;;EAM7B;AAED,wBAAsB,QAAQ,CAAC,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,uBA2GxF"}
+{"version":3,"file":"main-fuzz.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/node/main-fuzz.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,KAAK,WAAW,EAAmB,MAAM,oBAAoB,CAAC;AACvE,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAIjD,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,WAAW,CAAC;IACrB,aAAa,EAAE,SAAS,CAAC;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,uBAAuB,EAAE,OAAO,CAAC;CAClC,CAAC;AAWF;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CASpF;AAED,iFAAiF;AACjF,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE5D;AAED,wBAAgB,cAAc;;;;EAM7B;AAED,wBAAsB,QAAQ,CAAC,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,uBAqHxF"}

package/packages/jam/node/main-fuzz.js

@@ -14,6 +14,9 @@ import { mainImporter } from "./main-importer.js";
 const logger = Logger.new(import.meta.filename, "fuzztarget");
 /** Dedicated subdirectory under the configured base path that the fuzzer owns and wipes. */
 const FUZZ_DB_SUBDIR = "typeberry-fuzz-db";
+const FUZZ_DB_FJALL = "fjall-hybrid";
+const FUZZ_DB_LMDB = "lmdb-hybrid";
+const FUZZ_DB_OPTIONS = [FUZZ_DB_FJALL, FUZZ_DB_LMDB];
 /**
  * Resolve the directory the fuzzer should use for its on-disk database, or
  * `undefined` for an in-memory database. The dedicated `FUZZ_DB_SUBDIR` is
@@ -50,6 +53,15 @@ export async function mainFuzz(fuzzConfig, withRelPath) {
     logHostEnvironment(logger);
     const { jamNodeConfig: config } = fuzzConfig;
     const fuzzDbBase = resolveFuzzDbBase(config.node.databaseBasePath);
+    const rawFuzzDb = process.env.JAM_FUZZ_DB?.trim() ?? "";
+    // Using experimental fjall-hybrid by default, with an option to test lmdb as well.
+    const hybridStateBackend = rawFuzzDb === "" ? FUZZ_DB_FJALL : rawFuzzDb;
+    if (!isValidStateBackend(hybridStateBackend)) {
+        throw new Error(`JAM_FUZZ_DB must be one of: ${FUZZ_DB_OPTIONS} (got: "${rawFuzzDb}").`);
+    }
+    if (fuzzDbBase !== undefined) {
+        logger.info `🗄️ Fuzz persistent backend: ${hybridStateBackend}.`;
+    }
     let runningNode = null;
     const chainSpec = getChainSpec(config.node.flavor);
     const closeFuzzTarget = startFuzzTarget(fuzzConfig.version, fuzzConfig.socket, {
@@ -106,7 +118,7 @@ export async function mainFuzz(fuzzConfig, withRelPath) {
                     // spec only, where values are big) bounds its on-disk/page-cache size.
                     // Tiny stays uncompressed since its db is small and speed matters more.
                     ephemeral: isPersistent,
-                    stateBackend: isPersistent ? "hybrid" : "lmdb",
+                    stateBackend: isPersistent ? hybridStateBackend : "lmdb",
                 });
             };
             if (fuzzDbBase !== undefined) {
@@ -136,3 +148,6 @@ export async function mainFuzz(fuzzConfig, withRelPath) {
         }
     };
 }
+function isValidStateBackend(val) {
+    return FUZZ_DB_OPTIONS.indexOf(val) !== -1;
+}

package/packages/jam/node/main-importer.d.ts

@@ -1,13 +1,16 @@
 import type { JamConfig } from "./jam-config.js";
 import type { NodeApi } from "./main.js";
+export type StateBackend = "lmdb" | "lmdb-hybrid" | "fjall-hybrid";
 export type ImporterOptions = {
     initGenesisFromAncestry?: boolean;
     dummyFinalityDepth?: number;
     pruneBlocks?: boolean;
-    /** Open the LMDB database without fsync/compression. Only safe for throwaway dbs (e.g. fuzzing). */
+    /** Open the database without fsync/compression. Only safe for throwaway dbs (e.g. fuzzing). */
     ephemeral?: boolean;
-    /** Persistent backend to use when `databaseBasePath` is set. Defaults to full LMDB. */
-    stateBackend?: "lmdb" | "hybrid";
+    /**
+     * Persistent backend to use when `databaseBasePath` is set. Defaults to full LMDB.
+     */
+    stateBackend?: StateBackend;
 };
 export declare function mainImporter(config: JamConfig, withRelPath: (v: string) => string, options?: ImporterOptions): Promise<NodeApi>;
 //# sourceMappingURL=main-importer.d.ts.map

package/packages/jam/node/main-importer.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"main-importer.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/node/main-importer.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,MAAM,MAAM,eAAe,GAAG;IAC5B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,oGAAoG;IACpG,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,uFAAuF;IACvF,YAAY,CAAC,EAAE,MAAM,GAAG,QAAQ,CAAC;CAClC,CAAC;AAEF,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,EAClC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,OAAO,CAAC,CAoGlB"}
+{"version":3,"file":"main-importer.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/node/main-importer.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,aAAa,GAAG,cAAc,CAAC;AAEnE,MAAM,MAAM,eAAe,GAAG;IAC5B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,+FAA+F;IAC/F,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB;;OAEG;IACH,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B,CAAC;AAEF,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,EAClC,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,OAAO,CAAC,CAqGlB"}

package/packages/jam/node/main-importer.js

@@ -39,8 +39,8 @@ export async function mainImporter(config, withRelPath, options = {}) {
             blake2b,
             workerParams,
         })
-        : dbBackend === "hybrid"
-            ? HybridWorkerConfig.new({
+        : dbBackend === "lmdb-hybrid" || dbBackend === "fjall-hybrid"
+            ? await HybridWorkerConfig.new({
                 nodeName,
                 chainSpec,
                 blake2b,
@@ -48,6 +48,7 @@ export async function mainImporter(config, withRelPath, options = {}) {
                 workerParams,
                 ephemeral,
                 compression,
+                backend: dbBackend === "lmdb-hybrid" ? "lmdb" : "fjall",
             })
             : LmdbWorkerConfig.new({
                 nodeName,

package/packages/jam/safrole/bandersnatch-vrf.d.ts

@@ -21,13 +21,33 @@ declare function verifySeal(bandersnatch: BandernsatchWasm, authorKey: Bandersna
 declare function getRingCommitment(bandersnatch: BandernsatchWasm, validators: BandersnatchKey[]): Promise<Result<BandersnatchRingRoot, null>>;
 declare function verifyTickets(bandersnatch: BandernsatchWasm, numberOfValidators: number, epochRoot: BandersnatchRingRoot, tickets: readonly SignedTicket[], entropy: EntropyHash): Promise<{
     isValid: boolean;
-    entropyHash: EntropyHash;
-}[]>;
+    tickets: EntropyHash[];
+}>;
 declare function generateSeal(bandersnatch: BandernsatchWasm, authorKey: BandersnatchSecretSeed, input: BytesBlob, auxData: BytesBlob): Promise<Result<BandersnatchVrfSignature, null>>;
 export type VrfOutputHash = Opaque<OpaqueHash, "VRF Output Hash">;
 declare function getVrfOutputHash(bandersnatch: BandernsatchWasm, authorKey: BandersnatchSecretSeed, input: BytesBlob): Promise<Result<VrfOutputHash, null>>;
 /**
- * Generates signed tickets for all attempts at once using batch ring VRF.
+ * Batch-generate signed tickets for multiple validators in a single native call,
+ * reusing the ring prover setup across all of them. Returns one ticket list per
+ * validator, in the same order as `proverKeyIndices`/`secrets`.
  */
-declare function generateTickets(bandersnatch: BandernsatchWasm, ringKeys: BandersnatchKey[], proverKeyIndex: number, key: BandersnatchSecretSeed, entropy: EntropyHash, ticketsPerValidator: number): Promise<Result<SignedTicket[], null>>;
+declare function generateTickets(bandersnatch: BandernsatchWasm, ringKeys: BandersnatchKey[], proverKeyIndices: readonly number[], secrets: readonly BandersnatchSecretSeed[], entropy: EntropyHash, ticketsPerValidator: number): Promise<Result<SignedTicket[][], null>>;
+/**
+ * Build the concatenated ring-VRF inputs for ticket generation: one
+ * `JAM_TICKET_SEAL || entropy || attempt_byte` input per attempt.
+ *
+ * Exposed so the worker-pool path can build the same inputs to hand off to a
+ * worker thread without re-deriving the layout.
+ */
+export declare function buildTicketVrfInputs(entropy: EntropyHash, ticketsPerValidator: number): {
+    inputsData: Uint8Array;
+    vrfInputDataLen: number;
+};
+/**
+ * Parse the raw output of `batchGenerateRingVrfForValidators` into per-validator
+ * ticket lists. Records are ordered validator-major, then attempt-major; each
+ * record is `status byte || signature`. A malformed batch yields a single error
+ * byte. Exposed so the worker-pool path can parse a worker's raw result.
+ */
+export declare function parseTicketsBatchOutput(result: Uint8Array, numValidators: number, ticketsPerValidator: number): Result<SignedTicket[][], null>;
 //# sourceMappingURL=bandersnatch-vrf.d.ts.map

package/packages/jam/safrole/bandersnatch-vrf.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bandersnatch-vrf.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/safrole/bandersnatch-vrf.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAsB,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAS,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,KAAK,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AACjF,OAAO,EAIL,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC9B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAa,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,KAAK,MAAM,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAwC/D,QAAA,MAAM,SAAS;;;;;;;;CAQd,CAAC;AAKF,eAAe,SAAS,CAAC;AAIzB,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,eAAe,EAC1B,SAAS,EAAE,wBAAwB,EACnC,OAAO,EAAE,SAAS,EAClB,qBAAqB,EAAE,SAAS,EAChC,gBAAgB,EAAE,wBAAwB,EAC1C,oBAAoB,EAAE,SAAS,GAC9B,OAAO,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC,CAkBnD;AAED,iBAAe,UAAU,CACvB,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,eAAe,EAC1B,SAAS,EAAE,wBAAwB,EACnC,OAAO,EAAE,SAAS,EAClB,qBAAqB,EAAE,SAAS,GAC/B,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAapC;AAED,iBAAS,iBAAiB,CACxB,YAAY,EAAE,gBAAgB,EAC9B,UAAU,EAAE,eAAe,EAAE,GAC5B,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAe7C;AAmBD,iBAAe,aAAa,CAC1B,YAAY,EAAE,gBAAgB,EAC9B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,oBAAoB,EAC/B,OAAO,EAAE,SAAS,YAAY,EAAE,EAChC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,WAAW,EAAE,WAAW,CAAA;CAAE,EAAE,CAAC,CAqB3D;AAGD,iBAAe,YAAY,CACzB,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,sBAAsB,EACjC,KAAK,EAAE,SAAS,EAChB,OAAO,EAAE,SAAS,GACjB,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC,CAQjD;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;AAGlE,iBAAe,gBAAgB,CAC7B,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,sBAAsB,EACjC,KAAK,EAAE,SAAS,GACf,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAQtC;AAKD;;GAEG;AACH,iBAAe,eAAe,CAC5B,YAAY,EAAE,gBAAgB,EAC9B,QAAQ,EAAE,eAAe,EAAE,EAC3B,cAAc,EAAE,MAAM,EACtB,GAAG,EAAE,sBAAsB,EAC3B,OAAO,EAAE,WAAW,EACpB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,IAAI,CAAC,CAAC,CA0CvC"}
+{"version":3,"file":"bandersnatch-vrf.d.ts","sourceRoot":"","sources":["../../../../../packages/jam/safrole/bandersnatch-vrf.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAsB,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAS,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,KAAK,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAEjF,OAAO,EAIL,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC9B,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAa,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,KAAK,MAAM,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AA4C/D,QAAA,MAAM,SAAS;;;;;;;;CAQd,CAAC;AAKF,eAAe,SAAS,CAAC;AAIzB,iBAAe,iBAAiB,CAC9B,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,eAAe,EAC1B,SAAS,EAAE,wBAAwB,EACnC,OAAO,EAAE,SAAS,EAClB,qBAAqB,EAAE,SAAS,EAChC,gBAAgB,EAAE,wBAAwB,EAC1C,oBAAoB,EAAE,SAAS,GAC9B,OAAO,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC,CAkBnD;AAED,iBAAe,UAAU,CACvB,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,eAAe,EAC1B,SAAS,EAAE,wBAAwB,EACnC,OAAO,EAAE,SAAS,EAClB,qBAAqB,EAAE,SAAS,GAC/B,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAapC;AAED,iBAAS,iBAAiB,CACxB,YAAY,EAAE,gBAAgB,EAC9B,UAAU,EAAE,eAAe,EAAE,GAC5B,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAe7C;AAgBD,iBAAe,aAAa,CAC1B,YAAY,EAAE,gBAAgB,EAC9B,kBAAkB,EAAE,MAAM,EAC1B,SAAS,EAAE,oBAAoB,EAC/B,OAAO,EAAE,SAAS,YAAY,EAAE,EAChC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,WAAW,EAAE,CAAA;CAAE,CAAC,CA0BvD;AAGD,iBAAe,YAAY,CACzB,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,sBAAsB,EACjC,KAAK,EAAE,SAAS,EAChB,OAAO,EAAE,SAAS,GACjB,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,IAAI,CAAC,CAAC,CAQjD;AAED,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;AAGlE,iBAAe,gBAAgB,CAC7B,YAAY,EAAE,gBAAgB,EAC9B,SAAS,EAAE,sBAAsB,EACjC,KAAK,EAAE,SAAS,GACf,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAQtC;AAKD;;;;GAIG;AACH,iBAAe,eAAe,CAC5B,YAAY,EAAE,gBAAgB,EAC9B,QAAQ,EAAE,eAAe,EAAE,EAC3B,gBAAgB,EAAE,SAAS,MAAM,EAAE,EACnC,OAAO,EAAE,SAAS,sBAAsB,EAAE,EAC1C,OAAO,EAAE,WAAW,EACpB,mBAAmB,EAAE,MAAM,GAC1B,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,EAAE,IAAI,CAAC,CAAC,CAsBzC;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,WAAW,EACpB,mBAAmB,EAAE,MAAM,GAC1B;IAAE,UAAU,EAAE,UAAU,CAAC;IAAC,eAAe,EAAE,MAAM,CAAA;CAAE,CASrD;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,UAAU,EAClB,aAAa,EAAE,MAAM,EACrB,mBAAmB,EAAE,MAAM,GAC1B,MAAM,CAAC,YAAY,EAAE,EAAE,EAAE,IAAI,CAAC,CAoBhC"}

package/packages/jam/safrole/bandersnatch-vrf.js

@@ -1,5 +1,6 @@
 import { SignedTicket, tryAsTicketAttempt } from "#@typeberry/block/tickets.js";
 import { Bytes, BytesBlob } from "#@typeberry/bytes";
+import { SEED_SIZE } from "#@typeberry/crypto";
 import { BANDERSNATCH_PROOF_BYTES, BANDERSNATCH_RING_ROOT_BYTES, BANDERSNATCH_VRF_SIGNATURE_BYTES, } from "#@typeberry/crypto/bandersnatch.js";
 import { HASH_SIZE } from "#@typeberry/hash";
 import { Result } from "#@typeberry/utils";
@@ -33,6 +34,10 @@ const ringCommitmentCache = [
         keys: BytesBlob.empty(),
         value: Promise.resolve(Result.error(null, () => "")),
     },
+    {
+        keys: BytesBlob.empty(),
+        value: Promise.resolve(Result.error(null, () => "")),
+    },
 ];
 const FUNCTIONS = {
     verifySeal,
@@ -88,17 +93,20 @@ async function getRingCommitmentNoCache(bandersnatch, keys) {
     }
     return Result.ok(Bytes.fromBlob(commitmentResult.subarray(1), BANDERSNATCH_RING_ROOT_BYTES).asOpaque());
 }
-// One byte for result discriminator (`ResultValues`) and the rest is entropy hash.
-const TICKET_RESULT_LENGTH = 1 + HASH_SIZE;
 async function verifyTickets(bandersnatch, numberOfValidators, epochRoot, tickets, entropy) {
     const contextLength = entropy.length + JAM_TICKET_SEAL.length + 1;
     const ticketsData = BytesBlob.blobFromParts(tickets.map((ticket) => BytesBlob.blobFromParts([ticket.signature.raw, JAM_TICKET_SEAL, entropy.raw, Uint8Array.of(ticket.attempt)])
         .raw)).raw;
     const verificationResult = await bandersnatch.batchVerifyTicket(numberOfValidators, epochRoot.raw, ticketsData, contextLength);
-    return Array.from(BytesBlob.blobFrom(verificationResult).chunks(TICKET_RESULT_LENGTH)).map((result) => ({
-        isValid: result.raw[RESULT_INDEX] === ResultValues.Ok,
-        entropyHash: Bytes.fromBlob(result.raw.subarray(1, TICKET_RESULT_LENGTH), HASH_SIZE).asOpaque(),
-    }));
+    const isValid = verificationResult[RESULT_INDEX] === ResultValues.Ok;
+    // NOTE: in case of failure, the hashes will be all zeros, but we can safely
+    // keep the same code path.
+    const chunks = BytesBlob.blobFrom(verificationResult.subarray(1)).chunks(HASH_SIZE);
+    const results = [];
+    for (const entropyHash of chunks) {
+        results.push(Bytes.fromBlob(entropyHash.raw, HASH_SIZE).asOpaque());
+    }
+    return { isValid, tickets: results };
 }
 const SEAL_FAILED_ERROR = () => "Seal generation failed";
 async function generateSeal(bandersnatch, authorKey, input, auxData) {
@@ -119,31 +127,60 @@ async function getVrfOutputHash(bandersnatch, authorKey, input) {
 // One byte for result discriminator and the rest is the ring VRF signature.
 const GENERATE_RESULT_ENTRY_LENGTH = 1 + BANDERSNATCH_PROOF_BYTES;
 /**
- * Generates signed tickets for all attempts at once using batch ring VRF.
+ * Batch-generate signed tickets for multiple validators in a single native call,
+ * reusing the ring prover setup across all of them. Returns one ticket list per
+ * validator, in the same order as `proverKeyIndices`/`secrets`.
+ */
+async function generateTickets(bandersnatch, ringKeys, proverKeyIndices, secrets, entropy, ticketsPerValidator) {
+    if (proverKeyIndices.length !== secrets.length) {
+        return Result.error(null, () => "proverKeyIndices and secrets must have the same length");
+    }
+    if (proverKeyIndices.length === 0) {
+        return Result.ok([]);
+    }
+    const { inputsData, vrfInputDataLen } = buildTicketVrfInputs(entropy, ticketsPerValidator);
+    const ringKeysData = BytesBlob.blobFromParts(ringKeys.map((k) => k.raw)).raw;
+    const secretSeedsData = BytesBlob.blobFromParts(secrets.map((s) => s.raw)).raw;
+    const result = await bandersnatch.batchGenerateRingVrfForValidators(ringKeysData, Uint32Array.from(proverKeyIndices), secretSeedsData, SEED_SIZE, inputsData, vrfInputDataLen);
+    return parseTicketsBatchOutput(result, proverKeyIndices.length, ticketsPerValidator);
+}
+/**
+ * Build the concatenated ring-VRF inputs for ticket generation: one
+ * `JAM_TICKET_SEAL || entropy || attempt_byte` input per attempt.
+ *
+ * Exposed so the worker-pool path can build the same inputs to hand off to a
+ * worker thread without re-deriving the layout.
  */
-async function generateTickets(bandersnatch, ringKeys, proverKeyIndex, key, entropy, ticketsPerValidator) {
-    // Build VRF inputs: JAM_TICKET_SEAL || entropy || attempt_byte for each attempt
+export function buildTicketVrfInputs(entropy, ticketsPerValidator) {
     const vrfInputParts = [];
     for (let attempt = 0; attempt < ticketsPerValidator; attempt++) {
         vrfInputParts.push(BytesBlob.blobFromParts([JAM_TICKET_SEAL, entropy.raw, Uint8Array.of(attempt)]).raw);
     }
-    const attemptLength = 1;
-    const vrfInputDataLen = JAM_TICKET_SEAL.length + entropy.length + attemptLength;
-    const inputsData = BytesBlob.blobFromParts(vrfInputParts).raw;
-    const ringKeysData = BytesBlob.blobFromParts(ringKeys.map((k) => k.raw)).raw;
-    const result = await bandersnatch.batchGenerateRingVrf(ringKeysData, proverKeyIndex, key.raw, inputsData, vrfInputDataLen);
-    const tickets = [];
-    for (let attempt = 0; attempt < ticketsPerValidator; attempt++) {
-        const offset = attempt * GENERATE_RESULT_ENTRY_LENGTH;
-        const resultByte = result[offset];
-        if (resultByte === ResultValues.Error) {
-            return Result.error(null, () => `Ring VRF proof generation failed for attempt ${attempt}`);
+    return {
+        inputsData: BytesBlob.blobFromParts(vrfInputParts).raw,
+        vrfInputDataLen: JAM_TICKET_SEAL.length + entropy.length + 1,
+    };
+}
+/**
+ * Parse the raw output of `batchGenerateRingVrfForValidators` into per-validator
+ * ticket lists. Records are ordered validator-major, then attempt-major; each
+ * record is `status byte || signature`. A malformed batch yields a single error
+ * byte. Exposed so the worker-pool path can parse a worker's raw result.
+ */
+export function parseTicketsBatchOutput(result, numValidators, ticketsPerValidator) {
+    const perValidator = [];
+    let offset = 0;
+    for (let v = 0; v < numValidators; v++) {
+        const tickets = [];
+        for (let attempt = 0; attempt < ticketsPerValidator; attempt++) {
+            if (result[offset] === ResultValues.Error) {
+                return Result.error(null, () => `Ring VRF proof generation failed for validator ${v}, attempt ${attempt}`);
+            }
+            const signature = Bytes.fromBlob(result.subarray(offset + 1, offset + GENERATE_RESULT_ENTRY_LENGTH), BANDERSNATCH_PROOF_BYTES).asOpaque();
+            tickets.push(SignedTicket.create({ attempt: tryAsTicketAttempt(attempt), signature }));
+            offset += GENERATE_RESULT_ENTRY_LENGTH;
         }
-        const signature = Bytes.fromBlob(new Uint8Array(result.subarray(offset + 1, offset + GENERATE_RESULT_ENTRY_LENGTH)), BANDERSNATCH_PROOF_BYTES).asOpaque();
-        tickets.push(SignedTicket.create({
-            attempt: tryAsTicketAttempt(attempt),
-            signature,
-        }));
+        perValidator.push(tickets);
     }
-    return Result.ok(tickets);
+    return Result.ok(perValidator);
 }