the authenticated state layer for cyber. the entire cybergraph commits to a single polynomial:

$$\text{BBG\_root} = \text{Lens.commit}(\text{BBG\_poly}) \quad \text{(32 bytes)}$$

one polynomial. all state. every query is a polynomial opening (~200 bytes, 10-50 μs). cross-index consistency is structural — different evaluation dimensions of the same polynomial cannot disagree.

bbg is to cybergraph what a database engine is to a schema. cybergraph defines WHAT. bbg implements HOW.

three laws

1. bounded locality — operation cost $\propto$ what it touches, not total state size
2. constant-cost verification — one lens opening: ~200 bytes proof, 10-50 μs
3. structural security — polynomial binding prevents lying. post-quantum (Brakedown, no pairings)

structure

BBG_poly is a single multivariate polynomial with three dimensions:

$$\text{BBG\_poly}(\text{index}, \text{key}, t) = \text{value}$$

no NMT. no LogUp. cross-index consistency is FREE — axons_out and axons_in are different evaluation dimensions of the same committed polynomial.

private state

individual cyberlinks are private. polynomial commitments handle this:

• commitment polynomial A(x): all committed private records. membership = one lens opening
• nullifier polynomial N(x): all spent nullifiers. non-membership = one lens opening showing N(c) ≠ 0

~5,000 constraints per private operation (was ~40,000 with SWBF + MMR). 32-byte witness (was 128 KB).

dependency graph

hemera (hash) → lens (commit) → nox (run) → zheng (prove) → bbg (store) ← this repo

see cyber/research/bbg for the full polynomial state specification, lens for commitment backends, Brakedown for the polynomial commitment scheme

discover all concepts

from subgraph bbg

bbg

authenticated state layer for cyber. individual cyberlinks are private — who linked what is never disclosed. the cybergraph is the public aggregate: axons, neuron summaries, particle energy, token supplies, π* distribution. all derived from cyberlinks, revealing no individual contribution.

three laws

bounded locality. no global recompute for local change. every operation's cost is proportional to what it touches. at 10¹⁵ nodes, global operations are physically impossible.

constant-cost verification. any computation produces a proof verifiable in ~5 μs via zheng-2 folding. verifier work is independent of prover work.

structural security. guarantees from data structure invariants, not protocol correctness. a tree whose internal nodes carry min/max namespace labels cannot lie about completeness — the structure itself prevents it.

structure

13 sub-roots under BBG_root. each is 32 bytes (hemera-2 output). total: 416 bytes.

PUBLIC NMTs (9 roots)
  particles.root       all particles: content + axons, energy, π*
  axons_out.root       by source (outgoing axon index)
  axons_in.root        by target (incoming axon index)
  neurons.root         focus, karma, stake per neuron
  locations.root       proof of location
  coins.root           fungible token denominations
  cards.root           names and knowledge assets
  files.root           content availability (DAS)
  time.root            temporal index (7 namespaces)

PRIVATE STATE (3 roots)
  cyberlinks.root      MMR peaks hash (append-only commitment list)
  spent.root           MMR root (archived consumption proofs)
  balance.root         hash of active consumption bitmap (SWBF 128 KB)

FINALIZATION (1 root)
  signals.root         MMR (finalized signal batches)

key numbers

hash output:          32 bytes (hemera, 24 rounds, ~736 constraints/perm)
proof size:           ~2 KiB (zheng-2, recursive Brakedown)
verification:         ~5 μs
private transfer:     ~40,000 constraints, sub-second proving
cross-index (LogUp):  ~500 constraints per axon update (15× savings)
light client join:    one zheng verification + namespace sync

specification

explanations

open design

the stack

license

Cyber License: Don't trust. Don't fear. Don't beg.