Public-keys#
The above ErgoScript programs are either spendable by everyone or by no one, which is not very useful.
Useful ErgoScript programs are those that allow one to spend the box if they know the private key corresponding to some public key, similar to Bitcoin's P2PK addresses.
ErgoScript provides multiple ways to create such "public-key" scripts, but the most common one uses the predicate proveDlog(ecPoint)
,
which evaluates to true if the spender supplies a valid proof of knowledge of the discrete logarithm corresponding to ecPoint
, a point on an elliptic curve over a finite field. This is equivalent to a "signature" in Bitcoin.
Ergo uses the same Secp256k1 curve of Bitcoin, so the representation of ecPoint
is the same, a 33-byte array with the first byte representing the sign (Ergo does not support uncompressed points).
However, unlike Bitcoin (which uses ECDSA), Ergo uses Schnorr signatures to construct the proofs.
The following steps illustrate how to create an address encoding the proveDlog
script.
-
First obtain the EC point corresponding to the public key. Let us use the same example of Bitcoin.
- The hex-encoded BigInteger secret is
18e14a7b6a307f426a94f8114701e7c8e774e7f9a47e2c2035db29a206321725
. - The corresponding hex-encoded EC point is
0250863ad64a87ae8a2fe83c1af1a8403cb53f53e486d8511dad8a04887e5b2352
. - Convert the EC point hex to Base64, which turns out to be
AlCGOtZKh66KL+g8GvGoQDy1P1PkhthRHa2KBIh+WyNS
.
- The hex-encoded BigInteger secret is
-
Create the corresponding script
proveDlog(decodePoint(fromBase64("AlCGOtZKh66KL+g8GvGoQDy1P1PkhthRHa2KBIh+WyNS")))
. -
Compile the script to get the address
LQ7iQ4egnCPsZZy5QKsXmaypCRuMxPNtdyGE95fYWCLze8C2hMMwDcAgPNeV8s
Funds sent to the above address can be spent using the secret above, as can be seen in the transaction with id dfca9eaa745c79dafbed43b73379fb0008608119080954c337a4022a2a5070a3.