Cryptographic#
Ergo has generic support for variety of cryptographic protocols (via composable sigma-protocols built into core).
Crypto Primitives#
- Hash:
Sha256
,Blake2b256
- Encoding:
Base58
- Signing Algorithm: ECDSA (
secp256k1
) & Schnorr - Primitive Secrets: Schnorr Signature & Diffie-Hellman tuple
- Non-Interactive: The proof of sigma-statements are made non-interactive with the Fiat-Shamir transformation.
- EIP-0003: Deterministic Wallet Standard
See this page for a description of the global Cryptographic functions available in ErgoScript.
Before Ergo#
- Bitcoin: ECDSA signatures with Schnorr signature added recently
- Bitcoin Forks Usually adding some cryptography to the protocol (e.g new instructions in ZCASH)
- Ethereum / EVM chains: Instructions and precompiled contracts. Pairing operations to support
Use Cases#
Schnorr Signature#
In the simplest case a signature in Ergo transaction is a Schnorr signature, in general case it is a signature corresponding to a subset of Generalized Schnorr Proofs.
- Ergo uses the same elliptic curve as Bitcoin (SecP256K1).
- Ergo's Schnorr signature is pretty close to known standards (RFCs).
- Allows us to adopt known protocols such as MuSig.
- It's possible to create adaptor signatures which can be used for private swaps.
- There were private swap demos with Bitcoin Cash
Bitcoin | Ethereum | Ergo |
---|---|---|
Potentially, a lot of protocols | - | The same as Bitcoin |
Mixers#
- Basic tool to restore fungibility of digital notes.
- Basic scheme, ZeroJoin, is based on ring signatures and proof of knowledge for a Diffie-Hellman tuple
- Paper with contracts
Bitcoin | Ethereum | Ergo |
---|---|---|
No onchain mixing | Trusted setup-based or inefficient | Efficient, minimal trust assumptions |
Stealth Addresses#
A Stealth Address is a DHT contract that you can spend from without revealing your public key.
- A tool to hide recipient privacy
- Contracts
- Stealth Address Example
- EIP-41 Stealth address standard #87
This allows a customer to derive a one-time payment address for a store, without revealing the payment to anyone but the store owner.
Bitcoin | Ethereum | Ergo |
---|---|---|
- | - | Efficient |
Ring and Threshold Signatures#
- Native support in Ergo, also, more complex schemes support (e.g ring AND threshold)
- Implementations: node API, Zero-Knowledge Treasury on top of Ergo
Bitcoin | Ethereum | Ergo |
---|---|---|
- | - | Efficient |
Checking A Signature#
You can do basic things in a contract like calculating the hash, but what if you want to check a signature for abitrary message in a contract. This can be done trivially in Ergo, an example is available in SuSy bridge implementation
Bitcoin | Ethereum | Ergo |
---|---|---|
- | Efficient ECDSA | Efficient Schnorr |
Scrypto#
Scrypto is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications.