waves_logo Docs
  • Ride Programming Language
    Ride Programming Language
  • Getting Started
    Getting Started
  • Syntax Basics
    • Directives
      Directives
    • Definition
      Definition
    • Expression
      Expression
    • Constant
      Constant
    • Variable
      Variable
    • Function
      Function
    • Exception
      Exception
    • Comment
      Comment
    Syntax Basics
  • Script Types
    • dApp Script
      • Annotations
        Annotations
      • Callable Function
        Callable Function
      • Verifier Function
        Verifier Function
      dApp Script
    • Account Script
      Account Script
    • Asset Script
      Asset Script
    Script Types
  • Standard Library
    Standard Library
  • Data types
    • Boolean
      Boolean
    • ByteVector
      ByteVector
    • Int
      Int
    • String
      String
    • Unit
      Unit
    • List
      List
    • Tuple
      Tuple
    • Union
      Union
    Data types
  • Structures
    • Script Actions
      • BinaryEntry (v4)
        BinaryEntry (v4)
      • BooleanEntry (v4)
        BooleanEntry (v4)
      • Burn (v4)
        Burn (v4)
      • DataEntry (v3)
        DataEntry (v3)
      • DeleteEntry (v4)
        DeleteEntry (v4)
      • IntegerEntry (v4)
        IntegerEntry (v4)
      • Issue (v4)
        Issue (v4)
      • Reissue (v4)
        Reissue (v4)
      • ScriptTransfer (v3 and v4)
        ScriptTransfer (v3 and v4)
      • SponsorFee (v4)
        SponsorFee (v4)
      • StringEntry (v4)
        StringEntry (v4)
      Script Actions
    • Script Results (v3)
      • ScriptResult
        ScriptResult
      • TransferSet
        TransferSet
      • WriteSet
        WriteSet
      Script Results (v3)
    • Common Structures
      • Address
        Address
      • Alias
        Alias
      • Asset
        Asset
      • AssetPair
        AssetPair
      • AttachedPayment
        AttachedPayment
      • BalanceDetails
        BalanceDetails
      • BlockInfo
        BlockInfo
      • Invocation
        Invocation
      • Order
        Order
      • Transfer
        Transfer
      Common Structures
    • Transaction Structures
      • BurnTransaction
        BurnTransaction
      • CreateAliasTransaction
        CreateAliasTransaction
      • DataTransaction
        DataTransaction
      • ExchangeTransaction
        ExchangeTransaction
      • GenesisTransaction
        GenesisTransaction
      • InvokeScriptTransaction
        InvokeScriptTransaction
      • IssueTransaction
        IssueTransaction
      • LeaseCancelTransaction
        LeaseCancelTransaction
      • LeaseTransaction
        LeaseTransaction
      • MassTransferTransaction
        MassTransferTransaction
      • ReissueTransaction
        ReissueTransaction
      • SetAssetScriptTransaction
        SetAssetScriptTransaction
      • SetScriptTransaction
        SetScriptTransaction
      • SponsorFeeTransaction
        SponsorFeeTransaction
      • TransferTransaction
        TransferTransaction
      • UpdateAssetInfoTransaction
        UpdateAssetInfoTransaction
      Transaction Structures
    Structures
  • Built-in Variables
    Built-in Variables
  • Built-in Functions
    • Account Data Storage Functions
      Account Data Storage Functions
    • Blockchain Functions
      Blockchain Functions
    • Byte Array Functions
      Byte Array Functions
    • Converting Functions
      Converting Functions
    • Data Transaction Functions
      Data Transaction Functions
    • Decoding Functions
      Decoding Functions
    • Encoding Functions
      Encoding Functions
    • Exception Functions
      Exception Functions
    • Hashing Functions
      Hashing Functions
    • List Functions
      List Functions
    • Math Functions
      Math Functions
    • String Functions
      String Functions
    • Union Functions
      Union Functions
    • Verification Functions
      Verification Functions
    Built-in Functions
  • Operators
    Operators
  • Pattern Matching: match-case
    Pattern Matching: match-case
  • Interations with FOLD<N>
    Interations with FOLD<N>
  • Limitations
    • Complexity
      Complexity
    • Data Weight
      Data Weight
    Limitations
  • Version 5 (Stagenet)
    • dApp-to-dApp Invocation
      dApp-to-dApp Invocation
    • Continued Computations
      Continued Computations
    • Strict Variable
      Strict Variable
    • Callable Function
      Callable Function
    • Data types
      • Any
        Any
      • Boolean
        Boolean
      • ByteVector
        ByteVector
      • Int
        Int
      • String
        String
      • Unit
        Unit
      • List
        List
      • Tuple
        Tuple
      • Union
        Union
      Data types
    • Structures
      • Script Actions
        • BinaryEntry
          BinaryEntry
        • BooleanEntry
          BooleanEntry
        • Burn
          Burn
        • DeleteEntry
          DeleteEntry
        • IntegerEntry
          IntegerEntry
        • Issue
          Issue
        • Lease
          Lease
        • LeaseCancel
          LeaseCancel
        • Reissue
          Reissue
        • ScriptTransfer
          ScriptTransfer
        • SponsorFee
          SponsorFee
        • StringEntry
          StringEntry
        Script Actions
      • Common Structures
        • Address
          Address
        • Alias
          Alias
        • Asset
          Asset
        • AssetPair
          AssetPair
        • AttachedPayment
          AttachedPayment
        • BalanceDetails
          BalanceDetails
        • BlockInfo
          BlockInfo
        • Invocation
          Invocation
        • Order
          Order
        • Transfer
          Transfer
        Common Structures
      • Transaction Structures
        • BurnTransaction
          BurnTransaction
        • CreateAliasTransaction
          CreateAliasTransaction
        • DataTransaction
          DataTransaction
        • ExchangeTransaction
          ExchangeTransaction
        • GenesisTransaction
          GenesisTransaction
        • InvokeScriptTransaction
          InvokeScriptTransaction
        • IssueTransaction
          IssueTransaction
        • LeaseCancelTransaction
          LeaseCancelTransaction
        • LeaseTransaction
          LeaseTransaction
        • MassTransferTransaction
          MassTransferTransaction
        • ReissueTransaction
          ReissueTransaction
        • SetAssetScriptTransaction
          SetAssetScriptTransaction
        • SetScriptTransaction
          SetScriptTransaction
        • SponsorFeeTransaction
          SponsorFeeTransaction
        • TransferTransaction
          TransferTransaction
        • UpdateAssetInfoTransaction
          UpdateAssetInfoTransaction
        Transaction Structures
      Structures
    • Built-in Variables
      Built-in Variables
    • Built-in Functions
      • Account Data Storage Functions
        Account Data Storage Functions
      • Blockchain Functions
        Blockchain Functions
      • Byte Array Functions
        Byte Array Functions
      • Converting Functions
        Converting Functions
      • Data Transaction Functions
        Data Transaction Functions
      • Decoding Functions
        Decoding Functions
      • Encoding Functions
        Encoding Functions
      • Exception Functions
        Exception Functions
      • Hashing Functions
        Hashing Functions
      • dApp-to-dApp Invocation Function
        dApp-to-dApp Invocation Function
      • List Functions
        List Functions
      • Math Functions
        Math Functions
      • String Functions
        String Functions
      • Union Functions
        Union Functions
      • Verification Functions
        Verification Functions
      Built-in Functions
    • Operators
      Operators
    • Limitations
      Limitations
    Version 5 (Stagenet)
  • Ride Components
    Ride Components
  • Script performance tests
    Script performance tests
      • English
      • Русский
      On this page
        • bn256groth16Verify
        • checkMerkleProof
        • createMerkleRoot
        • ecrecover
        • groth16Verify
        • rsaVerify
        • sigVerify
      waves_logo Docs

          # Verification functions

          Name Description Complexity
          bn256groth16Verify Range of functions.
          Check zk-SNARK (opens new window) by groth16 (opens new window) protocol on the bn254 curve
          800–1650
          checkMerkleProof Checks that the data is part of the Merkle tree (opens new window) 30
          createMerkleRoot Calculates the Merkle root hash for transactions of block 30
          ecrecover Recovers public key from the message hash and the ECDSA (opens new window) digital signature 70
          groth16Verify Range of functions.
          Check zk-SNARK (opens new window) by groth16 (opens new window) protocol on the bls12-381 curve
          1200–2700
          rsaVerify Range of functions.
          Check that the RSA (opens new window) digital signature is valid
          300 for Standard Library version 3
          500–1000 for Standard Library version 4
          sigVerify Range of functions.
          Check that the Curve25519 (opens new window) digital signature is valid
          100 for Standard Library version 3
          47–200 for Standard Library version 4

          # bn256groth16Verify

          Range of functions. Check zk-SNARK (opens new window) by groth16 (opens new window) protocol on the bn254 curve. (Although the curve is called bn254 in the scientific literature, it is commonly referred to as bn256 in the code.)

          ⚠️ The bn256groth16Verify range of functions is added in Standard library version 4.

          Name Max number of inputs Complexity
          bn256groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 16 1650
          bn256groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 1 800
          bn256groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 2 850
          bn256groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 3 950
          bn256groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 4 1000
          bn256groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 5 1050
          bn256groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 6 1100
          bn256groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 7 1150
          bn256groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 8 1200
          bn256groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 9 1250
          bn256groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 10 1300
          bn256groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 11 1350
          bn256groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 12 1400
          bn256groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 13 1450
          bn256groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 14 1550
          bn256groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 15 1600

          # Parameters

          Parameter Description
          vk: ByteVector Key for the check.
          Maximum size:
          • For bn256groth16Verify_<N>inputs function — 256 + 32 × N bytes.
          • For bn256groth16Verify function — 256 + 32 × 16 =768 bytes
          proof: ByteVector Zero-knowledge proof (opens new window). Fixed size: 128 bytes
          inputs: ByteVector Zero-knowledge proof's public inputs array. For example, array of UTXO hashes in case of shielded transactions.
          Maximum size:
          • For bn256groth16Verify_<N>inputs function – 32 × N bytes.
          • For bn256groth16Verify function – 512 bytes

          # checkMerkleProof

          ⚠️ This function is disabled in Standard library version 4. Use createMerkleRoot instead of it.

          Checks that the data is part of the Merkle tree (opens new window).

          BLAKE2b (opens new window) hashing function is used to hash the Merkle tree (opens new window).

          checkMerkleProof(merkleRoot: ByteVector, merkleProof: ByteVector, valueBytes: ByteVector): Boolean
          

          # Parameters

          Parameter Description
          merkleRoot: ByteVector Root hash of the Merkle tree
          merkleProof: ByteVector Array of hashes
          valueBytes: ByteVector Data to check

          # createMerkleRoot

          ⚠️ The function is added in Standard library version 4.

          Calculates the Merkle root hash for transactions of block on the basis of the transaction hash and the sibling hashes of the Merkle tree. BLAKE2b-256 (opens new window) algorithm is used for hashing. To check for the transaction in the block, you need to compare the calculated hash with the transactionsRoot field in the block header. For more informtion see the Transactions Root Hash.

          createMerkleRoot(merkleProofs: List[ByteVector], valueBytes: ByteVector, index: Int): ByteVector
          

          # Parameters

          Parameter Description
          merkleProofs: List[ByteVector] Array of sibling hashes of the Merkle tree. Up to 16 items, 32 bytes each
          valueBytes: ByteVector Hash of transaction. Fixed size: 32 bytes. You can use blake2b256 function. The transaction must be hashed together with the signature
          index: Int Index of the transaction in the block

          # ecrecover

          ⚠️ The function is added in Standard library version 4.

          Recovers public key from the message hash and the ECDSA (opens new window) digital signature based on the secp256k1 elliptic curve. Fails if the recovery failed.

          The public key is returned in uncompressed format (64 bytes).

          The function can be used to verify the digital signature of a message by comparing the recovered public key with the sender’s key.

          ecrecover(messageHash: ByteVector, signature: ByteVector): ByteVector
          

          # Parameters

          Parameter Description
          messageHash: ByteVector Keccak-256 hash of the message. Fixed size: 32 bytes
          signature: ByteVector ECDSA digital signature. Fixed size: 65 bytes

          # Example

          Verify the transaction of the Ethereum blockchain using the following data:

          • the transaction;
          • the signature that is generated by the ecsign (opens new window) functions (r, s, and v bytes concatenation);
          • sender public key.
          func check(t: ByteVector, signature: ByteVector, publicKey: ByteVector) = {
             ecrecover(keccak256(t), signature) == publicKey
          }
          

          # groth16Verify

          Range of functions. Check zk-SNARK (opens new window) by groth16 (opens new window) protocol.

          ⚠️ The groth16verify range of functions is added in Standard library version 4.

          Name Max number of inputs Complexity
          groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 16 2700
          groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 1 1200
          groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 2 1300
          groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 3 1400
          groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 4 1500
          groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 5 1600
          groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 6 1700
          groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 7 1800
          groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 8 1900
          groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 9 2000
          groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 10 2100
          groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 11 2200
          groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 12 2300
          groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 13 2400
          groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 14 2500
          groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean 15 2600

          # Parameters

          Parameter Description
          vk: ByteVector Key for the check.
          Maximum size:
          • For groth16Verify_<N>inputs function — 384 + 48 × N bytes.
          • For groth16Verify function — 384 + 48 × 16 =1152 bytes
          proof: ByteVector Zero-knowledge proof (opens new window). Fixed size: 192 bytes
          inputs: ByteVector Zero-knowledge proof's public inputs array.
          Maximum size:
          • For groth16Verify_<N>inputs function – 32 × N bytes.
          • For groth16Verify function – 512 bytes

          # Example

          {-# STDLIB_VERSION 4 #-}
          {-# CONTENT_TYPE DAPP #-}
          {-# SCRIPT_TYPE ACCOUNT #-}
           
          groth16Verify(vk, proof, inputs)
          

          # rsaVerify

          Range of functions. Check that the RSA (opens new window) digital signature is valid, i.e. it was created by the owner of the public key.

          Name Max message size Complexity
          rsaVerify(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 150 kB 300 for Standard Library version 3
          1000 for Standard Library version 4
          rsaVerify_16Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 16 kB 500
          rsaVerify_32Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 32 kB 550
          rsaVerify_64Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 64 kB 625
          rsaVerify_128Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 128 kB 750

          ⚠️ The rsaVerify_16Kb, rsaVerify_32Kb, rsaVerify_64Kb, rsaVerify_128Kb functions are added in Standard library version 4.

          The recommended RSA key module length is at least 2048 bits.

          Data can be hashed before signing using one of the following algorithms:

          • MD5
          • SHA-1
          • SHA-224
          • SHA-256
          • SHA-384
          • SHA-512
          • SHA3-224
          • SHA3-256
          • SHA3-384
          • SHA3-512

          ⚠️ MD5 and SHA-1 are outdated algorithms for which collisions were found. They are for backward compatibility only. The app developer is responsible for selecting a secure hashing algorithm.

          # Parameters

          Parameter Description
          digest: digestAlgorithmType The hashing algorithm applied to the data before signing. Acceptable values:
          • NOALG — data is not hashed.
          • MD5
          • SHA1
          • SHA224
          • SHA256
          • SHA384
          • SHA512
          • SHA3224
          • SHA3256
          • SHA3384
          • SHA3512
          message: ByteVector Signed data.
          Maximum size:
          • For rsaVerify_<N>Kb functions – N kB.
          • For rsaVerify function — 150 kB.
          sig: ByteVector Digital signature. Fixed size: 25 bytes
          pub: ByteVector Binary public key. Fixed size: 294 bytes

          # sigVerify

          Range of functions. Check that the Curve25519 (opens new window) digital signature is valid, i.e. it was created by the owner of the public key.

          ⚠️ The sigVerify_8Kb, sigVerify_16Kb, sigVerify_32Kb, sigVerify_64Kb, sigVerify_128Kb functions are added in Standard library version 4.

          Name Max message size Complexity
          sigVerify(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 150 kB 100 for Standard Library version 3
          200 for Standard Library version 4
          sigVerify_8Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 8 kB 47
          sigVerify_16Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 16 kB 57
          sigVerify_32Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 32 kB 70
          sigVerify_64Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 64 kB 102
          sigVerify_128Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean 128 kB 172

          # Parameters

          Parameter Description
          message: ByteVector Signed data.
          Maximum size:
          • For rsaVerify_<N>Kb functions – N kB.
          • For rsaVerify function — 150 kB.
          sig: ByteVector Digital signature. Fixed size: 25 bytes
          pub: ByteVector Binary public key. Fixed size: 294 bytes
          Union Functions
          Operators
          Union Functions
          Operators