hi @Dominic. Thanks for taking a look :)
I'm looking at the code - does it store the top level values as bipf arrays?
The layering makes it a bit easier to work with. The top layer (butt2 msg + content) is so we can easily send it over something like ebt. The bytes of butt2 msg is used to get the key and the bytes of encodedValue is used for signatures.
The important question: how does batch signing work?
You sign the concatenated bytes of the previous N hashes. That works as a signature of those messages. You chunk them into reasonable sizes in order for a debouncing validation to be able to queue up enough messages to use this optimization.
I think you could make a much simpler approach: since hashes preserve the uniqueness of the hashed data, it means signing the hash is as good as signing the data, and signing the hash of the hash (or the hash of data containing the hash) is also good enough. So therefore, every ssb message signs not just the message content but the whole chain of preceding messages. If you changed one bit in the first message the hashes of all subsequent messages would change.
If I understand you correctly, then why didn't we just check the signature of the latest message in classic ssb as well?