Ergo has generic support for variety of cryptographic protocols (via composable sigma-protocols built into core).
- Signing Algorithm: ECDSA (
secp256k1) & Schnorr
- Primitive Secrets: Schnorr Signature & Diffie-Hellman tuple
- Non-Interactive: The proof of sigma-statements are made non-interactive with the Fiat-Shamir transformation.
- EIP-0003: Deterministic Wallet Standard
See this page for a description of the global Cryptographic functions available in ErgoScript.
- Bitcoin: ECDSA signatures with Schnorr signature added recently
- Bitcoin Forks Usually adding some cryptography to the protocol (e.g new instructions in ZCASH)
- Ethereum / EVM chains: Instructions and precompiled contracts. Pairing operations to support
In the simplest case a signature in Ergo transaction is a Schnorr signature, in general case it is a signature corresponding to a subset of Generalized Schnorr Proofs.
- Ergo uses the same elliptic curve as Bitcoin (SecP256K1).
- Ergo's Schnorr signature is pretty close to known standards (RFCs).
- Allows us to adopt known protocols such as MuSig.
- It's possible to create adaptor signatures which can be used for private swaps.
- There were private swap demos with Bitcoin Cash
|Potentially, a lot of protocols||-||The same as Bitcoin|
- Basic tool to restore fungibility of digital notes.
- Basic scheme, ZeroJoin, is based on ring signatures and proof of knowledge for a Diffie-Hellman tuple
- Paper with contracts
|No onchain mixing||Trusted setup-based or inefficient||Efficient, minimal trust assumptions|
A Stealth Address is a DHT contract that you can spend from without revealing your public key.
- A tool to hide recipient privacy
- Stealth Address Example
- EIP-41 Stealth address standard #87
This allows a customer to derive a one-time payment address for a store, without revealing the payment to anyone but the store owner.
Ring and Threshold Signatures#
- Native support in Ergo, also, more complex schemes support (e.g ring AND threshold)
- Implementations: node API, Zero-Knowledge Treasury on top of Ergo
Checking A Signature#
You can do basic things in a contract like calculating the hash, but what if you want to check a signature for abitrary message in a contract. This can be done trivially in Ergo, an example is available in SuSy bridge implementation
|-||Efficient ECDSA||Efficient Schnorr|
Scrypto is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications.