Generates ContractSalts and Unicums for contract IDs such that the Unicum is a cryptographic commitment to the following:

• The com.digitalasset.canton.topology.DomainId of the transaction that creates the contract
• The com.digitalasset.canton.topology.MediatorId of the mediator that handles the transaction request
• The UUID of the transaction that creates the contract
• The com.digitalasset.canton.data.ViewPosition of the view whose core creates the contract
• The index of the create node within the view
• The ledger time when the contract was created
• The template ID and the template arguments of the contract, including the agreement text

The commitment is implemented as a blinded hash with the view action salt as the blinding factor.

The above data is split into two groups:

• com.digitalasset.canton.topology.DomainId, com.digitalasset.canton.topology.MediatorId, the UUID, the com.digitalasset.canton.data.ViewPosition, and the index contribute to the blinded hash of the ContractSalt.
• The ledger time and the template arguments

The Unicum is then the cryptographic hash of the ContractSalt and the second group.

The ContractSalt contains all the information that ensures uniqueness of contract IDs in Canton. The second group contains the information that is relevant for using the contract in transactions. The commitment to the information in the second group can be opened by revealing the ContractSalt. Since the ContractSalt is a blinded hash, such an opening does not reveal information about the data in the first group.

Properties

• If a transaction is added to the virtual domain ledger for a given domain, then the [[Unicum]] is globally unique unless a hash collision occurs.
  Contracts with the same Unicum must run over the same domain, have the same transaction UUID, and are handled by the same mediator. The definition of the virtual domain ledger ensures that transaction UUIDs are unique within the com.daml.api.util.LedgerEffectiveTimeTolerance and within the mediator handling the request, and that the sequencing time deviates from the ledger time by at most this tolerance. So two contracts with the same Unicum must be generated by the same transaction. However, the com.digitalasset.canton.data.ViewPosition and the create index uniquely identify the node in the transaction that creates the contract.

We include both the com.digitalasset.canton.topology.DomainId and the com.digitalasset.canton.topology.MediatorId in the ContractSalt because we cannot exclude that mediators on different domains happen to have the same identifier and there may be mupltiple mediators on a domain.

• If the submitter is honest and chooses a random transaction seed, the [[Unicum]] does not leak information about template arguments.
  The transaction seed's randomness propagates to the action seed through the seed derivation scheme. Since the honest submitter does not leak the transaction seed and shows the action seed only to the witnesses of the view, the ContractSalt looks random to non-witnesses of the view. Accordingly, the ContractSalt blinds the template arguments.
• The [[Unicum]] authenticates the contract details (ledger time and template arguments) if the hash function is preimage resistant.
  By checking the hash of the ContractSalt and the contract details against the Unicum, everyone can verify that they fit together. As the hash function is preimage resistant, it is therefore computationally infeasible for a participant to find a different ContractSalt such that different contract details lead to the same hash.
• Participants learning about the contract only through divulgence or disclosure do not learn in which transaction the contract was created unless the submitter or witnesses of the creation leak this information.
  By the honesty assumption, the action seed is a random value to those participants. Accordingly, since the ContractSalt contains all the information that ties the contract to a particular transaction, the participants cannot say which transaction with the same ledger time created the contract.
• The [[Unicum]] does not leak the contract details when a contract ID is shown to a third party if the submitter and all witnesses and divulgees are honest.
  By the honesty assumption, the action seed is a random value to the third party, and so is the ContractSalt. This entropy hides the contract details to the third party.