From c74ef4c1c57a1985949b3987f8049e81d8152c87 Mon Sep 17 00:00:00 2001 From: M Glasgow Date: Wed, 18 Dec 2024 14:12:58 +0000 Subject: [PATCH] data-model --- docs/crypto.md | 2 +- docs/dev/data-model/data-model.md | 306 ++++++++++++++++++++---------- docs/dev/data-model/dlog.md | 56 ++++++ docs/dev/data-model/nizk.md | 137 +++++++++++++ docs/dev/data-model/ring.md | 67 +++++++ docs/dev/data-model/threshold.md | 65 +++++++ mkdocs.yml | 29 +-- 7 files changed, 547 insertions(+), 115 deletions(-) create mode 100644 docs/dev/data-model/dlog.md create mode 100644 docs/dev/data-model/nizk.md create mode 100644 docs/dev/data-model/ring.md create mode 100644 docs/dev/data-model/threshold.md diff --git a/docs/crypto.md b/docs/crypto.md index b27ba3d8..40d3391d 100644 --- a/docs/crypto.md +++ b/docs/crypto.md @@ -48,7 +48,7 @@ For more details on cryptographic functions in ErgoScript, see [ErgoScript Crypt ### How Sigma Protocols Work -At their core, Sigma protocols provide a secure way to prove the following properties: +At their core, [Sigma protocols](sigma.md) provide a secure way to prove the following properties: 1. **Proof of Knowledge of Discrete Logarithm**: Prove knowledge of the discrete logarithm of a given public key without revealing the secret key. diff --git a/docs/dev/data-model/data-model.md b/docs/dev/data-model/data-model.md index 75cefe55..4daec9c0 100644 --- a/docs/dev/data-model/data-model.md +++ b/docs/dev/data-model/data-model.md @@ -1,143 +1,243 @@ -# The Data Model +# The Ergo Data Model -Welcome to the heart of Ergo! This guide provides a comprehensive overview of Ergo's unique data model, based on the UTXO (Unspent Transaction Output) model, enhanced with powerful smart contract capabilities. Whether you are a developer, a researcher, or simply curious about what makes Ergo tick, this resource will equip you with the knowledge you need. +This document provides a comprehensive and in-depth exploration of Ergo's unique data model, based on the UTXO (Unspent Transaction Output) model, enhanced with powerful smart contract capabilities (eUTXO). -## 1. Getting Started: Understanding the Basics +--- -### 1.1. UTXO vs. Account Model: A Paradigm Shift +## 1. Theoretical Foundations & Core Concepts - * [UTXO Model Explained](accountveutxo.md): Understand the fundamental differences between Ergo's UTXO model and the account-based model used in other blockchains like Ethereum. This section highlights the benefits of the UTXO model in terms of parallelism, privacy, and scalability. +### 1.1 Computational Model Evolution & UTXO vs. Account Model -### 1.2. Foundational Concept: The Box +Ergo represents a significant advancement in blockchain computational models, extending the traditional Unspent Transaction Output (UTXO) paradigm through its enhanced eUTXO (Extended UTXO) model. Unlike conventional blockchain architectures, Ergo's model introduces: - * [Box Overview](box.md): The fundamental unit of value and logic in Ergo. Learn how boxes extend the traditional UTXO model with programmable capabilities, making them far more than just containers of value. - * Extends traditional UTXO model with programmable capabilities - * Immutable containers of value, tokens, and executable logic - * [Box Lifecycle](lifecycle.md): Understand the journey of a box from creation to spending and destruction. This is crucial for grasping how data and value flow through the Ergo network. +* **Programmable State Transitions**: Enabling complex computational logic within transaction outputs. This contrasts with the account-based model used in other blockchains (like Ethereum), where state is globally mutable. See [UTXO Model Explained](accountveutxo.md) for a comparison of Ergo's model in terms of parallelism, privacy, and scalability. +* **Stateless Verification**: Allowing efficient validation without maintaining complete blockchain state. +* **Deterministic Execution**: Ensuring predictable and verifiable transaction outcomes. -## 2. Core Components: Building Blocks of the Ergo Ecosystem +### 1.2 Fundamental Design Principles -### 2.1. Box Model: In-Depth +1. **Computational Completeness**: Supporting Turing-complete smart contract execution within strict cryptographic constraints. +2. **Cryptographic Composability**: Enabling complex cryptographic protocols through [Sigma Protocols](scs/sigma.md). +3. **Scalable State Management**: Designing a model that supports parallel transaction processing and efficient state verification. - * **Core Box Mechanics** - * [Box Deep Dive](box.md): A more technical look at how boxes function, including their structure and constraints. - * **Box Internal Structures** - * [Box Modeling](box_modeling.md): Designing flexible and secure box interactions. - * [Registers](registers.md): Typed data storage within boxes. - * Enable complex data embedding and smart contract parameters. - * Learn about the different types of registers (R0-R9) and how to use them effectively in your smart contracts. - * [Box Serialization](serialization.md): Understanding how box data is serialized for storage and transmission on the network. +--- -### 2.2. Assets and Tokens: Powering a Diverse Economy +## 2. Blockchain Structure: Components and Function - * **Token Types and Standards** - * **Fungible Tokens** - * [Token Basics](tokens.md): Introduction to how tokens function within the Ergo ecosystem and their fundamental characteristics. - * [Asset Standard (EIP-4)](eip4.md): Detailed explanation of the standard for creating and managing tokens on Ergo. - * [Token Verification (EIP-21)](eip21.md): Learn about the verification process for tokens to ensure their authenticity and integrity. - * **Non-Fungible Tokens (NFTs)** - * [NFT Overview](index.md): Comprehensive introduction to Non-Fungible Tokens in the Ergo blockchain. - * [NFT Creation](create.md): Step-by-step guide to minting your own Non-Fungible Tokens. - * [NFT Versions (V1 vs V2)](v1v2.md): Comparison of different NFT implementation versions and their unique features. - * [On-Chain NFTs](on-chain.md): Explore how NFTs can be stored directly on the blockchain. - * [NFT Royalties](royalties.md): Understanding how royalty mechanisms work for NFT creators. - * **Special Token Concepts** - * [Perpetual Tokens](perpetual.md): Learn about tokens designed to exist indefinitely within the Ergo ecosystem. - * [Token Burning](burn.md): Explanation of how and why tokens can be permanently removed from circulation. - * [Singletons](singletons.md): Explore unique token types with special properties. - * [Auction Contract (EIP-22)](eip22.md): Technical details of the standard auction contract implementation. - * [Artwork Contract (EIP-24)](eip24.md): Specialized contract standard for managing digital artwork tokens. +A solid understanding of the blockchain structure lays the groundwork for exploring Ergo’s data model. Ergo blocks contain critical metadata, transactions, and proofs. -### 2.3. Addressing and Identity: Navigating the Network +### 2.1 Block Components - * **Address Fundamentals** - * [Address Basics](address.md): Core concepts of addressing in the Ergo blockchain. - * [Address Types](address_types.md): Detailed breakdown of different address formats (P2PK, P2SH, P2S) and their use cases. - * [Address Validation](address_validation.md): Methods and techniques for verifying address integrity and correctness. +* [Block Overview](block.md): Comprehensive introduction to block structure in Ergo, detailing how blocks aggregate transactions, references, and proofs. +* [Block Header](block-header.md): Detailed examination of block header components, which include references to previous blocks, difficulty, and other crucial metadata. +* [Block Transactions](block-transactions.md): Understanding how transactions are organized within a block to form the ledger state. +* [AD Proofs](block-adproofs.md): Authenticated Data Proofs enable efficient stateless client verification by providing cryptographic proofs of state transitions. +* [Extension Section](extension-section.md): An exploration of Ergo’s flexible data storage section that can hold additional metadata and information beyond basic transactions. -### 2.4. Transactions: The Engine of Change +--- - * **Transaction Foundations** - * [Transaction Overview](transactions.md): Fundamental principles of how transactions work in Ergo. - * [Transaction Composition](composing.md): Detailed guide to constructing complex transactions. - * [Transaction Format](format.md): Technical specification of transaction structure. - * **Advanced Transaction Mechanisms** - * [Chained Transactions](chained.md): Explore the concept of sequentially executing off-chain transactions. - * [Merkle Tree in Transactions](tx-merkle.md): Understanding how Merkle trees are used to ensure data integrity within transactions. - * [Transaction Signing](signing.md): Cryptographic principles of transaction authentication. - * [Backend Signing](sign-tx.md): Practical implementation of transaction signing techniques. - * [Transaction Validation](validation.md): Comprehensive overview of transaction verification processes. - * **Specialized Transaction Features** - * [Data Inputs (Read-Only Inputs)](read-only-inputs.md): Advanced technique for accessing data without spending boxes. - * [Transaction Fees](min-fee.md): Understanding the fee structure and calculation in Ergo. - * [Babel Fees](babel-fees.md): Innovative method of paying transaction fees using alternative tokens. - * [Babel Fees Plugin](babel-fleet.md): Technical implementation details of the Babel Fees mechanism. - * [Unified Transactions](unified.md): Exploring the concept of combining multiple transaction types. +## 3. Boxes: Foundational State Units -### 2.5. Payment Standards and Protocols +At the core of Ergo's data model is the "Box," which is Ergo's implementation and extension of the UTXO (Unspent Transaction Output) concept. While traditional UTXOs simply track unspent coins, Ergo's Boxes enhance this model with additional programmable capabilities. - * [ErgoPay Protocol (EIP-20)](eip20.md): Interaction protocol for wallet applications and decentralized applications. - * [Payment Request URI (EIP-25)](eip25.md): Standard for creating and processing payment requests. - * [Proxy Contracts (EIP-17)](eip17.md): Understanding the implementation of proxy contract mechanisms. +### 3.1 The Box Concept -### 2.6. Blockchain Structure: Components and Function +A Box is essentially a "smart UTXO" - it serves the same role as a UTXO in tracking unspent value, but extends this with sophisticated computational features. Like a UTXO, a Box is created when value is sent in a transaction and is consumed (spent) when that value is transferred elsewhere. However, Boxes add the following capabilities that go beyond basic UTXOs: - * **Block Components** - * [Block Overview](block.md): Comprehensive introduction to block structure in Ergo. - * [Block Header](block-header.md): Detailed examination of block header components. - * [Block Transactions](block-transactions.md): How transactions are organized within a block. - * [AD Proofs](block-adproofs.md): Understanding the role of Authenticated Data Proofs in Ergo's stateless client model. - * [Extension Section](extension-section.md): Exploring the flexible data storage section of Ergo blocks. +* **Immutable State**: Each box represents an atomic, immutable state unit that cannot be modified after creation. See [Box Lifecycle](lifecycle.md) for details on creation, spending, and destruction. -## 3. Advanced Concepts: Mastering Ergo's Capabilities +* **Typed Registers**: Boxes contain 10 [registers](registers.md) (R0-R9) with specific purposes and rich computational potential: + * R0: Monetary Value (in nanoERGs) + * R1: Protection Script (Smart Contract) + * R2: Assets/Tokens + * R3: Creation Details + * R4-R9: Flexible, Typed Custom Data Storage + - Supports multiple data types: `Int`, `Long`, `BigInt`, `GroupElement`, `Coll[Byte]` + - Can store complex structures and collections + - Densely packed with type-safe access -### 3.1. Multi-Stage Contracts: Building Complex Applications +* **Programmable Spending Conditions**: Each box specifies precise conditions under which it can be spent, enabling complex logic through ErgoScript. See [Box Modeling](box_modeling.md) and [Box Overview](box.md) for detailed exploration. - * [Multi-Stage Contracts in the UTXO Model](multi-stage.md): Advanced techniques for designing complex, multi-step smart contracts within the UTXO framework. +By transforming UTXOs from simple value trackers to programmable state containers, Ergo enables more expressive and flexible blockchain interactions while maintaining cryptographic integrity and computational efficiency. -### 3.2. Data Preservation Strategies - * [Data Longevity on Ergo](#): Comprehensive strategies for ensuring long-term data availability and integrity on the Ergo blockchain. (Note: This link is currently a placeholder and needs to be developed) -### 3.3. Storage Rent: Ensuring Sustainability +--- - * [Storage Rent Mechanism](storage-rent.md): Detailed explanation of how storage rent works to maintain network efficiency and prevent blockchain bloat. +## 4. Transactions: Engines of State Change -### 3.4. Context Variables: Interacting with the Blockchain +Transactions define how boxes are created, transformed, and consumed, and are central to Ergo’s dynamic state evolution. - * [Context Variables and Usage](context-variables.md): In-depth guide to using blockchain context variables like HEIGHT, SELF, INPUTS, and OUTPUTS in smart contract development. +### 4.1 Transaction Foundations -## 4. Development: Building on Ergo +* [Transaction Overview](transactions.md): Fundamental principles of how transactions work in Ergo. +* [Transaction Composition](composing.md): Detailed guide to constructing complex transactions off-chain before submitting them on-chain. +* [Transaction Format](format.md): Technical specification of transaction structure, ensuring interoperability and standardization. -### 4.1. Common Contract Development Patterns +### 4.2 Advanced Transaction Mechanisms - * [Contract Design Patterns](#): Comprehensive collection of best practices and recurring solutions for smart contract development. (Note: This link is currently a placeholder and needs to be developed) +* [Chained Transactions](chained.md): Explore how sequentially dependent transactions can be composed. +* [Merkle Tree in Transactions](tx-merkle.md): Understanding how Merkle trees provide data integrity and facilitate efficient proofs. +* [Transaction Signing](signing.md) and [Backend Signing](sign-tx.md): Cryptographic principles and implementations for authenticating transactions. +* [Transaction Validation](validation.md): Comprehensive overview of on-chain verification processes that ensure correctness and adherence to protocol rules. -### 4.2. Testing and Debugging +### 4.3 Specialized Transaction Features - * [Testing Strategies](testing.md): Methodical approach to testing Ergo smart contracts to ensure reliability and security. - * [Debugging Guide](debugging.md): Practical techniques for identifying and resolving issues in ErgoScript contracts. +* [Data Inputs (Read-Only Inputs)](read-only-inputs.md): Access additional data in transactions without spending boxes. +* [Transaction Fees](min-fee.md): Understanding fee structures, ensuring that miners are incentivized. +* [Babel Fees](babel-fees.md) and [Babel Fees Plugin](babel-fleet.md): Innovative mechanisms allowing fees to be paid in alternative tokens. -### 4.3. Best Practices +--- - * [Smart Contract Security](ergoscript-security.md): Critical insights into avoiding common vulnerabilities and writing secure smart contracts. - * [ErgoScript Optimization](ergoscript-optimisation.md): Advanced techniques for improving the performance and efficiency of ErgoScript code. +## 5. Assets and Tokens: Powering a Diverse Economy -### 4.4 Ergo Developer Tools +Ergo supports a rich ecosystem of assets, from fungible tokens to NFTs, enabling complex economic models. - * [ErgoTool](ergotool.md): Command-line utility for interacting with the Ergo blockchain and managing smart contracts. - * [Model Transaction](model-tx.md): Detailed guide to creating and manipulating transaction models. - * [Payments Overview](payments.md): Comprehensive overview of payment mechanisms and implementations. +### 5.1 Fungible Tokens -## 5. Reference: In-Depth Technical Resources +* [Token Basics](tokens.md): Introduction to tokens within the Ergo ecosystem and their fundamental characteristics. +* [Asset Standard (EIP-4)](eip4.md): Standard for creating and managing tokens in Ergo. +* [Token Verification (EIP-21)](eip21.md): Ensuring token authenticity and integrity. -### 5.1. Underlying Data Structures +### 5.2 Non-Fungible Tokens (NFTs) - * [General Data Structures](data-structures.md): Foundational overview of data structures used in the Ergo blockchain. - * **Merkle Structures** - * [Merkle Tree](merkle-tree.md): Detailed explanation of Merkle tree implementation in Ergo. - * [Merkle Batch Proof](merkle-batch-proof.md): Advanced techniques for batch verification using Merkle proofs. - * [Merkle Extension](merkle-extension.md): Understanding the extended Merkle tree functionality. - * [Merkle Light Proof](merkle-light-proof.md): Lightweight proof verification techniques. - * [Interlink Vectors](interlink-vectors.md): Exploration of interlink vector data structure and its role in blockchain verification. - * [Proof of Proof-of-Work (PoPow)](popow.md): In-depth look at the Proof of Proof-of-Work consensus mechanism. +* [NFT Overview](index.md): Comprehensive introduction to NFTs on Ergo. +* [NFT Creation](create.md): Guide to minting NFTs. +* [NFT Versions (V1 vs V2)](v1v2.md): Comparison of different NFT implementation standards. +* [On-Chain NFTs](on-chain.md): Storing NFT data directly on the blockchain. +* [NFT Royalties](royalties.md): Mechanisms for continuous compensation to creators. + +### 5.3 Special Token Concepts + +* [Perpetual Tokens](perpetual.md): Tokens designed to exist indefinitely. +* [Token Burning](burn.md): Permanently removing tokens from circulation. +* [Singletons](singletons.md): Unique tokens with special properties. +* [Auction Contract (EIP-22)](eip22.md): Standard auction contract implementation details. +* [Artwork Contract (EIP-24)](eip24.md): Specialized standard for managing digital artwork tokens. + +--- + +## 6. Addressing and Identity + +Ergo uses an address system that ensures security, privacy, and flexibility. + +* [Address Basics](address.md): Fundamental concepts of Ergo addresses, including encoding, format, and usage +* [Address Types](address_types.md): Detailed overview of Pay-to-Public-Key (P2PK), Pay-to-Script-Hash (P2SH), and Pay-to-Script (P2S) address types +* [Address Validation](address_validation.md): Methods and best practices for validating Ergo addresses, including checksum verification and format validation + +--- + +## 7. Payment Standards and Protocols + +Ergo defines protocols to streamline user interactions with wallets and applications. + +* [ErgoPay Protocol (EIP-20)](eip20.md): Interaction protocol for mobile wallets and dApps. +* [Payment Request URI (EIP-25)](eip25.md): Standard format for payment requests. +* [Proxy Contracts (EIP-17)](eip17.md): Mechanisms to manage funds and logic via intermediary contracts. + +--- + +## 8. Cryptographic Foundations + +Ergo’s cryptographic design ensures robust security, privacy, and flexibility. + +### 8.1 Sigma Protocols + +* [Non-interactive Zero-Knowledge Proofs](nizk.md): Private transaction verification without revealing sensitive data. +* [Flexible Signature Schemes](sigma.md): Supporting multiple signature types. +* [Privacy-Preserving Mechanisms](privacy.md): Advanced features to protect user privacy. + +### 8.2 Cryptographic Primitives + +* [Discrete Logarithm Proofs](dlog.md): Foundational to signature verification. +* [Ring Signatures](ring.md): Enhanced privacy through signer ambiguity. +* [Threshold Signatures](threshold.md): Enabling multi-party computational scenarios. + +--- + +## 9. Verification, Consensus, and Sustainability + +### 9.1 Transaction Validation and Script Execution + +Ergo employs a robust, stateless transaction validation approach: + +- **Transaction Construction & Signing**: See [Transaction Composition](composing.md), [Transaction Format](format.md), and [Signing](signing.md). +- **On-Chain Verification**: [Transaction Validation](validation.md) and [Merkle Proofs](tx-merkle.md). +- **Script Validation**: Detailed in [Script Validation](script-validation.md) and [ErgoScript Language Specification](ergoscript.md). +- **Execution Environment**: Access blockchain state via [Context Variables](context-variables.md), ensure deterministic [evaluation](evaluation.md), and apply [cost constraints](jitc.md). + +### 9.2 Consensus Algorithm & Storage Rent + +* **Difficulty Adjustment**: A dynamic mechanism that adjusts mining difficulty every block to maintain a target block time of approximately 2 minutes, ensuring network stability and predictable block creation despite fluctuations in mining power. See [this page](mining/difficulty.md) for technical details. +* **Storage Rent Mechanism**: A novel approach that prevents blockchain bloat and ensures long-term sustainability by requiring users to pay rent for storing data on-chain. See [this page](storage-rent.md) for details on implementation, fees, and economic incentives. + +--- + +## 10. Data Structures and Performance + +* [General Data Structures](data-structures.md) +* [Proof of Proof-of-Work (PoPow)](popow.md): Consensus mechanism enhancement for light clients. + + +### 10.1 Authenticated Data Structures + +* [Merkle Trees](merkle-tree.md) for efficient state commitment. + * [Merkle Batch Proof](merkle-batch-proof.md) + * [Merkle Extension](merkle-extension.md) + * [Merkle Light Proof](merkle-light-proof.md) +* [AVL+ Trees](avl.md) for authenticated key-value storage. +* [Interlink Vectors](interlink-vectors.md): Lightweight blockchain verification. +* [AD Proofs](block-adproofs.md): Supporting stateless clients. + + + + +### 10.2 Scalability and Efficiency + +* Parallel transaction validation inherent in the eUTXO model. +* Stateless validation reduces computational and storage overhead. +* Just-in-time costing ensures resource use is always checked. + +For more information see the [scaling](scaling.md) section. + +--- + +## 11. Advanced Concepts: Mastering Ergo's Capabilities + +### 11.1 Multi-Stage Transactions + +* [Multi-Stage Transactions](multi-stage-txs.md): Understanding how to design and implement complex, multi-step transaction flows. + + \ No newline at end of file diff --git a/docs/dev/data-model/dlog.md b/docs/dev/data-model/dlog.md new file mode 100644 index 00000000..3c74bc6e --- /dev/null +++ b/docs/dev/data-model/dlog.md @@ -0,0 +1,56 @@ +# Discrete Logarithm Proofs in Ergo + +## Overview + +Discrete logarithm proofs are a fundamental cryptographic primitive in Ergo's signature verification mechanism, based on the computational hardness of the discrete logarithm problem in elliptic curve cryptography. + +## Key Characteristics + +- **Cryptographic Foundation**: Proofs of knowledge of a discrete logarithm (DLog) verify signature authenticity without revealing the secret key +- **Schnorr Signature Basis**: Ergo uses Schnorr signatures built on discrete logarithm proofs + +## Technical Details + +- **Proof Structure**: Demonstrate knowledge of secret exponent `w` such that `g^w = x` + - `g`: Generator of an elliptic curve group + - `x`: Public key point + - `w`: Private key + +## Related Cryptographic Concepts + +- [Sigma Protocols](scs/sigma.md) +- [Threshold Signatures](threshold.md) +- [Ring Signatures](ring.md) + +## Implementation in ErgoScript + +In ErgoScript, discrete logarithm proofs are implemented using the `proveDlog()` predicate, which returns true if a valid proof of knowledge can be provided. + +```scala +// DLog-based signature verification +val pubKey = ... // Public key point +val signature = ... // Signature proof +proveDlog(pubKey) +``` + +## Practical Examples + +- [Schnorr Signature Verification](scs/sigma/verifying.md) +- [Public Key Cryptography](scs/ergoscript/public-keys.md) + +## Security Considerations + +- Based on discrete logarithm problem hardness +- Efficient and compact signature verification +- Supports multi-signatures and ring signatures + +## Advanced Applications + +- [Cryptographic Foundations](crypto.md) +- [ZeroJoin Privacy Protocol](uses/mixer.md) +- [Sidechains Interoperability](uses/sidechains/sigma-chains.md) + +## References + +- [Cryptographic Primitives](crypto.md) +- [ErgoScript Capabilities](scs/ergoscript.md) diff --git a/docs/dev/data-model/nizk.md b/docs/dev/data-model/nizk.md new file mode 100644 index 00000000..4f777970 --- /dev/null +++ b/docs/dev/data-model/nizk.md @@ -0,0 +1,137 @@ +# Non-Interactive Zero-Knowledge Proofs in Ergo + +## Overview + +Non-Interactive Zero-Knowledge Proofs (NIZKs) are advanced cryptographic techniques that allow one party to prove knowledge of a secret without revealing the secret itself, and without requiring real-time interaction between the prover and verifier. + +## Theoretical Foundation + +NIZKs in Ergo are primarily implemented through **Sigma Protocols** (Σ-protocols), which provide a powerful and flexible approach to zero-knowledge proofs. These protocols are a cornerstone of Ergo's privacy and cryptographic infrastructure. + +### Key Characteristics + +- **Non-Interactive**: Proofs can be verified without direct communication + - Unlike traditional interactive zero-knowledge proofs, NIZKs can be verified asynchronously + - Reduces computational overhead and network complexity + +- **Zero-Knowledge**: No information about the secret is revealed + - Cryptographically guarantees that only the validity of a statement is proven + - Protects sensitive information while maintaining verifiability + +- **Composable**: Can be combined using logical operators like AND, OR, and THRESHOLD + - Enables creation of complex cryptographic conditions + - Supports advanced smart contract logic and privacy-preserving protocols + +## Cryptographic Primitives + +Ergo supports several fundamental zero-knowledge proof types: + +1. **Discrete Logarithm Proofs** + - Prove knowledge of a secret key without revealing it + - Fundamental to [Schnorr signature verification](schnorr.md) + - Implemented using `proveDlog()` predicate in [ErgoScript](ergoscript.md) + +2. **Diffie-Hellman Tuple Proofs** + - Prove equality of discrete logarithms across different generators + - Enables privacy-preserving key exchange and contract designs + - Critical for advanced cryptographic protocols + +## Implementation Techniques + +### Fiat-Shamir Transformation + +Ergo makes proofs non-interactive using the Fiat-Shamir transformation, which converts interactive proofs into non-interactive ones by using a cryptographic hash function. + +Key steps: +- Transform an interactive proof into a non-interactive version +- Use a cryptographic hash function to generate a challenge +- Eliminates the need for real-time communication between prover and verifier + +### Proof Composition + +Sigma protocols can be combined to create complex proofs: + +```scala +// Example of a threshold signature proof +val thresholdProof = prove { + atLeast( + 3, // Minimum number of signatures required + Coll( + PK("pubkey1"), + PK("pubkey2"), + PK("pubkey3"), + PK("pubkey4"), + PK("pubkey5") + ) + ) +} +``` + +## Advanced Applications + +### Privacy-Preserving Techniques + +1. **Ring Signatures** + - Prove one of multiple possible signers without revealing the exact signer + - Enables anonymous transactions + - Detailed in [Ring Signatures](ring.md) documentation + +2. **Threshold Signatures** + - Require k-out-of-n participants to sign + - Supports multi-party computational scenarios + - Explored in [Threshold Signatures](threshold.md) documentation + +3. **Stealth Addresses** + - Generate one-time addresses for enhanced transaction privacy + - Prevent linking of transactions to a specific public address + - Crucial for maintaining financial privacy + +### Mixer Protocols + +**ZeroJoin** demonstrates a practical application: +- Uses ring signatures and Diffie-Hellman tuples +- Restores fungibility of digital tokens +- Provides non-interactive, trustless mixing +- Detailed in [Mixer Protocol](mixer.md) documentation + +## Security Considerations + +- Based on the hardness of the discrete logarithm problem +- Requires careful implementation to prevent potential vulnerabilities +- Extensive test coverage in Ergo's cryptographic implementations +- Relies on well-established cryptographic assumptions + +## Related Cryptographic Concepts + +- [Discrete Logarithm Proofs](dlog.md) +- [Ring Signatures](ring.md) +- [Threshold Signatures](threshold.md) +- [Sigma Protocols](sigma.md) + +## Future Research Directions + +- Enhanced privacy protocol implementations +- More efficient zero-knowledge proof constructions +- Cross-chain interoperability using NIZKs +- Integration with advanced cryptographic techniques + +## Performance and Scalability + +NIZKs in Ergo are designed with performance in mind: +- Constant-time proof verification +- Minimal computational overhead +- Efficient serialization and deserialization +- Support for batch verification techniques + +## References + +- [Sigma Protocols Overview](sigma.md) +- [Cryptographic Foundations](crypto.md) +- [Zero-Knowledge Proofs in Ergo](zkp.md) +- Academic Papers: + - [Sigma Protocols: A Survey](https://eprint.iacr.org/2021/1022) + - [Non-Interactive Zero-Knowledge Proofs](https://eprint.iacr.org/2016/263) + +## Conclusion + +Ergo's Non-Interactive Zero-Knowledge Proofs represent a sophisticated approach to cryptographic privacy, enabling complex, secure, and flexible smart contract designs while maintaining user confidentiality. By leveraging advanced cryptographic techniques like Sigma Protocols and the Fiat-Shamir transformation, Ergo provides a robust framework for privacy-preserving computational techniques. diff --git a/docs/dev/data-model/ring.md b/docs/dev/data-model/ring.md new file mode 100644 index 00000000..2c3b4c35 --- /dev/null +++ b/docs/dev/data-model/ring.md @@ -0,0 +1,67 @@ +# Ring Signatures in Ergo + +## Overview + +Ring signatures are an advanced privacy-preserving cryptographic technique that allows a user to sign a transaction on behalf of a group without revealing which specific group member signed it. + +## Key Features + +- **Anonymity**: Provides plausible deniability by obscuring the actual signer +- **Privacy**: Prevents tracing the origin of a signature to a specific participant +- **Flexible Composition**: Implemented through Ergo's Sigma protocols + +## Use Cases + +1. **Anonymous Transactions**: Enabling privacy in blockchain transactions +2. **Decentralized Mixers**: + + - [ErgoMixer Privacy Protocol](mixer.md) + - [ZeroJoin Privacy Mechanism](zerojoin.md) + +3. **Confidential Voting**: Where the voter's identity must remain secret + +## Technical Implementation + +In Ergo, ring signatures are implemented using Sigma protocols, allowing for: + +- Proving knowledge of one secret from a set of secrets +- Creating cryptographic proofs that obfuscate the true signer + +### Example Scenario + +```scala +// Simplified conceptual representation +val ringSignature = prove { + atLeastOneOf( + List( + proveDlog(pubKey1), + proveDlog(pubKey2), + proveDlog(pubKey3) + ) + ) +} +``` + +## Related Cryptographic Concepts + +- [Discrete Logarithm Proofs](dlog.md) +- [Threshold Signatures](threshold.md) +- [Sigma Protocols Overview](sigma.md) + +## Privacy Mechanisms + +- **ZeroJoin**: A privacy protocol leveraging ring signatures to restore fungibility +- **ErgoMixer**: A non-custodial mixing service using ring signature techniques + +## Advanced Applications + +- [Cryptographic Foundations in Ergo](crypto.md) +- [Schnorr Signatures and Privacy](schnorr.md) +- [Sidechains and Interoperability](sigma-chains.md) + +## Security Considerations + +- Computational complexity makes tracing the original signer computationally infeasible +- Relies on the hardness of the discrete logarithm problem +- Provides strong privacy guarantees without compromising blockchain security + diff --git a/docs/dev/data-model/threshold.md b/docs/dev/data-model/threshold.md new file mode 100644 index 00000000..b8499e2d --- /dev/null +++ b/docs/dev/data-model/threshold.md @@ -0,0 +1,65 @@ +# Threshold Signatures in Ergo + +## Overview + +Threshold signatures are a cryptographic mechanism that allows a subset of a group to collectively sign a transaction, providing enhanced security and distributed trust. + +## Key Characteristics + +- **Distributed Signing**: Requires a minimum number of participants to authorize a transaction +- **Flexible Thresholds**: Can be configured as k-out-of-n signatures (e.g., 3-out-of-5) +- **Multi-Party Computation**: Enables complex collaborative signing scenarios + +## Detailed Examples + +### 3-out-of-5 Threshold Signature + +For a comprehensive example, refer to the dedicated tutorial: +- [3-out-of-5 Threshold Signature](scs/sigma/3-out-of-5.md) + +### Practical Use Cases + +1. **Corporate Governance**: + - Multi-signature wallets requiring collective approval + - [Microcredit Scenario](scs/microcredit.md) + +2. **Cross-Chain Interoperability**: + - [Rosen Bridge Mechanisms](eco/rosen.md) + +## Implementation Techniques + +Ergo supports threshold signatures through its Sigma protocol framework, allowing: +- Proving knowledge of at least k secrets out of n total secrets +- Creating multi-party computational scenarios with robust security guarantees + +## Conceptual Implementation + +```scala +val thresholdSignature = prove { + atLeastKOutOfN( + k = 3, // Minimum signatures required + n = 5, // Total possible signers + publicKeys = List( + pubKey1, pubKey2, pubKey3, + pubKey4, pubKey5 + ) + ) +} +``` + +## Related Cryptographic Concepts + +- [Sigma Protocols](scs/sigma.md) +- [Discrete Logarithm Proofs](dlog.md) +- [Ring Signatures](ring.md) + +## Technical Advantages + +- **Reduced Single Point of Failure**: No single participant can unilaterally control funds +- **Flexible Configuration**: Adaptable to various security requirements +- **Privacy Preservation**: Sigma protocols ensure minimal information leakage + +## References + +- [Cryptographic Foundations](crypto.md) +- [ErgoScript Capabilities](scs/ergoscript.md) diff --git a/mkdocs.yml b/mkdocs.yml index ffc7fb65..98755bdf 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -732,18 +732,25 @@ nav: - Cryptographic: - crypto.md - - Sigma Protocols: - - dev/scs/sigma.md - - Schnorr: - - dev/scs/sigma/schnorr.md - - Verifying Schnorr Signatures: dev/scs/sigma/verifying.md - - Diffie: - - dev/scs/sigma/diffie.md - - Ring Signatures: - - 3-out-of-5 Threshold Signature: dev/scs/sigma/3-out-of-5.md - - Distributed Signatures: node/sigs.md - # - Signature Scheme Internals: sig-scheme.md + - Signature Schemes: + - Sigma Protocols: + - dev/scs/sigma.md + - Schnorr: + - dev/scs/sigma/schnorr.md + - Verifying Schnorr Signatures: dev/scs/sigma/verifying.md + - Diffie: + - dev/scs/sigma/diffie.md + - Other Signatures: + - Ring Signatures: dev/data-model/ring.md + - Threshold Signatures: + - dev/data-model/threshold.md + - 3-out-of-5 Threshold Signature: dev/scs/sigma/3-out-of-5.md + - Distributed Signatures: node/sigs.md + - Signature Scheme Internals: sig-scheme.md + - Zero-Knowledge Proofs: + - Non-Interactive ZK: dev/data-model/nizk.md - ZeroJoin: dev/crypto/zerojoin.md + - Data Structures: - dev/data-model/data-structures.md - Merkle Tree: