# Verification functions
| Name | Description | Complexity |
|---|---|---|
| bn256Groth16Verify | Range of functions. Check zk-SNARK by groth16 protocol on the bn254 curve | 800–1650 |
| createMerkleRoot | Calculates the Merkle root hash for transactions of block | 30 |
| ecrecover | Recovers public key from the message hash and the ECDSA digital signature | 70 |
| groth16Verify | Range of functions. Check zk-SNARK by groth16 protocol on the bls12-381 curve | 1200–2700 |
| rsaVerify | Range of functions. Check that the RSA digital signature is valid | 500–1000 |
| sigVerify | Range of functions. Check that the Curve25519 digital signature is valid | 43–180 |
# bn256Groth16Verify
Range of functions. Check zk-SNARK by groth16 protocol on the bn254 curve. (Although the curve is called bn254 in the scientific literature, it is commonly referred to as bn256 in the code.)
| Name | Max number of inputs | Complexity |
|---|---|---|
| bn256Groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 16 | 1650 |
| bn256Groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 1 | 800 |
| bn256Groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 2 | 850 |
| bn256Groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 3 | 950 |
| bn256Groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 4 | 1000 |
| bn256Groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 5 | 1050 |
| bn256Groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 6 | 1100 |
| bn256Groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 7 | 1150 |
| bn256Groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 8 | 1200 |
| bn256Groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 9 | 1250 |
| bn256Groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 10 | 1300 |
| bn256Groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 11 | 1350 |
| bn256Groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 12 | 1400 |
| bn256Groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 13 | 1450 |
| bn256Groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 14 | 1550 |
| bn256Groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 15 | 1600 |
# Parameters
| Parameter | Description |
|---|---|
vk: ByteVector | Key for the check. Maximum size: • For bn256Groth16Verify_<N>inputs function — 256 + 32 × N bytes.• For bn256Groth16Verify function — 256 + 32 × 16 =768 bytes |
proof: ByteVector | Zero-knowledge proof. Fixed size: 128 bytes |
inputs: ByteVector | Zero-knowledge proof's public inputs array. For example, array of UTXO hashes in case of shielded transactions. Maximum size: • For bn256Groth16Verify_<N>inputs function – 32 × N bytes.• For bn256Groth16Verify function – 512 bytes |
# createMerkleRoot
Calculates the Merkle root hash for transactions of block on the basis of the transaction hash and the sibling hashes of the Merkle tree. BLAKE2b-256 algorithm is used for hashing. To check for the transaction in the block, you need to compare the calculated hash with the transactionsRoot field in the block header. For more informtion see the Transactions Root Hash.
createMerkleRoot(merkleProofs: List[ByteVector], valueBytes: ByteVector, index: Int): ByteVector
# Parameters
| Parameter | Description |
|---|---|
merkleProofs: List[ByteVector] | Array of sibling hashes of the Merkle tree. Up to 16 items, 32 bytes each |
valueBytes: ByteVector | Hash of transaction. Fixed size: 32 bytes. You can use blake2b256 function. The transaction must be hashed together with the signature |
index: Int | Index of the transaction in the block |
# ecrecover
Recovers public key from the message hash and the ECDSA digital signature based on the secp256k1 elliptic curve. Fails if the recovery failed.
The public key is returned in uncompressed format (64 bytes).
The function can be used to verify the digital signature of a message by comparing the recovered public key with the sender’s key.
ecrecover(messageHash: ByteVector, signature: ByteVector): ByteVector
# Parameters
| Parameter | Description |
|---|---|
messageHash: ByteVector | Keccak-256 hash of the message. Fixed size: 32 bytes |
signature: ByteVector | ECDSA digital signature. Fixed size: 65 bytes |
# Example
Verify the transaction of the Ethereum blockchain using the following data:
- the transaction;
- the signature that is generated by the ecsign functions (
r,s, andvbytes concatenation); - sender public key.
func check(t: ByteVector, signature: ByteVector, publicKey: ByteVector) = {
ecrecover(keccak256(t), signature) == publicKey
}
# groth16Verify
Range of functions. Check zk-SNARK by groth16 protocol.
| Name | Max number of inputs | Complexity |
|---|---|---|
| groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 16 | 2700 |
| groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 1 | 1200 |
| groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 2 | 1300 |
| groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 3 | 1400 |
| groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 4 | 1500 |
| groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 5 | 1600 |
| groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 6 | 1700 |
| groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 7 | 1800 |
| groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 8 | 1900 |
| groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 9 | 2000 |
| groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 10 | 2100 |
| groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 11 | 2200 |
| groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 12 | 2300 |
| groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 13 | 2400 |
| groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 14 | 2500 |
| groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 15 | 2600 |
# Parameters
| Parameter | Description |
|---|---|
vk: ByteVector | Key for the check. Maximum size: • For groth16Verify_<N>inputs function — 384 + 48 × N bytes.• For groth16Verify function — 384 + 48 × 16 =1152 bytes |
proof: ByteVector | Zero-knowledge proof. Fixed size: 192 bytes |
inputs: ByteVector | Zero-knowledge proof's public inputs array. Maximum size: • For groth16Verify_<N>inputs function – 32 × N bytes.• For groth16Verify function – 512 bytes |
# Example
groth16Verify(vk, proof, inputs)
# rsaVerify
Range of functions. Check that the RSA digital signature is valid, i.e. it was created by the owner of the public key.
| Name | Max message size | Complexity |
|---|---|---|
| rsaVerify(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | Max size of ByteVector | 1000 |
| rsaVerify_16Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 16 kB | 500 |
| rsaVerify_32Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 32 kB | 550 |
| rsaVerify_64Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 64 kB | 625 |
| rsaVerify_128Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 128 kB | 750 |
The recommended RSA key module length is at least 2048 bits.
Data can be hashed before signing using one of the following algorithms:
- MD5
- SHA-1
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- SHA3-224
- SHA3-256
- SHA3-384
- SHA3-512
⚠️ MD5 and SHA-1 are outdated algorithms for which collisions were found. They are for backward compatibility only. The app developer is responsible for selecting a secure hashing algorithm.
# Parameters
| Parameter | Description |
|---|---|
digest: digestAlgorithmType | The hashing algorithm applied to the data before signing. Acceptable values: • NOALG — data is not hashed.• MD5• SHA1 • SHA224• SHA256• SHA384• SHA512• SHA3224 • SHA3256• SHA3384• SHA3512 |
message: ByteVector | Signed data. Maximum size: • For rsaVerify_<N>Kb functions – N kB.• For rsaVerify function — 150 kB. |
sig: ByteVector | Digital signature. Fixed size: 25 bytes |
pub: ByteVector | Binary public key. Fixed size: 294 bytes |
# sigVerify
Range of functions. Check that the Curve25519 digital signature is valid, i.e. it was created by the owner of the public key.
| Name | Max message size | Complexity |
|---|---|---|
| sigVerify(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | Max size of ByteVector | 180 |
| sigVerify_8Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 8 kB | 43 |
| sigVerify_16Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 16 kB | 50 |
| sigVerify_32Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 32 kB | 64 |
| sigVerify_64Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 64 kB | 93 |
| sigVerify_128Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 128 kB | 150 |
# Parameters
| Parameter | Description |
|---|---|
message: ByteVector | Signed data. Maximum size: • For rsaVerify_<N>Kb functions – N kB.• For rsaVerify function — 150 kB. |
sig: ByteVector | Digital signature. Fixed size: 25 bytes |
pub: ByteVector | Binary public key. Fixed size: 294 bytes |