# Verification functions
| Name | Description | Complexity |
|---|---|---|
| bn256groth16Verify | Range of functions. Check zk-SNARK by groth16 protocol on the bn254 curve | 800–1650 |
| checkMerkleProof | Checks that the data is part of the Merkle tree | 30 |
| createMerkleRoot | Calculates the Merkle root hash for transactions of block | 30 |
| ecrecover | Recovers public key from the message hash and the ECDSA digital signature | 70 |
| groth16Verify | Range of functions. Check zk-SNARK by groth16 protocol on the bls12-381 curve | 1200–2700 |
| rsaVerify | Range of functions. Check that the RSA digital signature is valid | 300 for Standard Library version 3 500–1000 for Standard Library version 4 |
| sigVerify | Range of functions. Check that the Curve25519 digital signature is valid | 100 for Standard Library version 3 47–200 for Standard Library version 4 |
# bn256groth16Verify
Range of functions. Check zk-SNARK by groth16 protocol on the bn254 curve. (Although the curve is called bn254 in the scientific literature, it is commonly referred to as bn256 in the code.)
⚠️ The
bn256groth16Verifyrange of functions is added in Standard library version 4.
| Name | Max number of inputs | Complexity |
|---|---|---|
| bn256groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 16 | 1650 |
| bn256groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 1 | 800 |
| bn256groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 2 | 850 |
| bn256groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 3 | 950 |
| bn256groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 4 | 1000 |
| bn256groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 5 | 1050 |
| bn256groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 6 | 1100 |
| bn256groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 7 | 1150 |
| bn256groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 8 | 1200 |
| bn256groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 9 | 1250 |
| bn256groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 10 | 1300 |
| bn256groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 11 | 1350 |
| bn256groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 12 | 1400 |
| bn256groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 13 | 1450 |
| bn256groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 14 | 1550 |
| bn256groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 15 | 1600 |
# Parameters
| Parameter | Description |
|---|---|
vk: ByteVector | Key for the check. Maximum size: • For bn256groth16Verify_<N>inputs function — 256 + 32 × N bytes.• For bn256groth16Verify function — 256 + 32 × 16 =768 bytes |
proof: ByteVector | Zero-knowledge proof. Fixed size: 128 bytes |
inputs: ByteVector | Zero-knowledge proof's public inputs array. For example, array of UTXO hashes in case of shielded transactions. Maximum size: • For bn256groth16Verify_<N>inputs function – 32 × N bytes.• For bn256groth16Verify function – 512 bytes |
# checkMerkleProof
⚠️ This function is disabled in Standard library version 4. Use
createMerkleRootinstead of it.
Checks that the data is part of the Merkle tree.
BLAKE2b hashing function is used to hash the Merkle tree.
checkMerkleProof(merkleRoot: ByteVector, merkleProof: ByteVector, valueBytes: ByteVector): Boolean
# Parameters
| Parameter | Description |
|---|---|
| merkleRoot: ByteVector | Root hash of the Merkle tree |
| merkleProof: ByteVector | Array of hashes |
| valueBytes: ByteVector | Data to check |
# createMerkleRoot
⚠️ The function is added in Standard library version 4.
Calculates the Merkle root hash for transactions of block on the basis of the transaction hash and the sibling hashes of the Merkle tree. BLAKE2b-256 algorithm is used for hashing. To check for the transaction in the block, you need to compare the calculated hash with the transactionsRoot field in the block header. For more informtion see the Transactions Root Hash.
createMerkleRoot(merkleProofs: List[ByteVector], valueBytes: ByteVector, index: Int): ByteVector
# Parameters
| Parameter | Description |
|---|---|
merkleProofs: List[ByteVector] | Array of sibling hashes of the Merkle tree |
valueBytes: ByteVector | Hash of transaction. You can use blake2b256 function. The transaction must be hashed together with the signature |
index: Int | Index of the transaction in the block |
# ecrecover
⚠️ The function is added in Standard library version 4.
Recovers public key from the message hash and the ECDSA digital signature based on the secp256k1 elliptic curve. Throws an exception if the recovery failed.
The public key is returned in uncompressed format (64 bytes).
The function can be used to verify the digital signature of a message by comparing the recovered public key with the sender’s key.
ecrecover(messageHash: ByteVector, signature: ByteVector): ByteVector
# Parameters
| Parameter | Description |
|---|---|
messageHash: ByteVector | Keccak-256 hash of the message. Fixed size: 32 bytes |
signature: ByteVector | ECDSA digital signature. Fixed size: 65 bytes |
# Example
Verify the transaction of the Ethereum blockchain using the following data:
- the transaction;
- the signature that is generated by the ecsign functions (
r,s, andvbytes concatenation); - sender public key.
func check(t: ByteVector, signature: ByteVector, publicKey: ByteVector) = {
ecrecover(keccak256(t), signature) == publicKey
}
# groth16Verify
Range of functions. Check zk-SNARK by groth16 protocol.
⚠️ The
groth16verifyrange of functions is added in Standard library version 4.
| Name | Max number of inputs | Complexity |
|---|---|---|
| groth16Verify(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 16 | 2700 |
| groth16Verify_1inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 1 | 1200 |
| groth16Verify_2inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 2 | 1300 |
| groth16Verify_3inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 3 | 1400 |
| groth16Verify_4inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 4 | 1500 |
| groth16Verify_5inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 5 | 1600 |
| groth16Verify_6inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 6 | 1700 |
| groth16Verify_7inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 7 | 1800 |
| groth16Verify_8inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 8 | 1900 |
| groth16Verify_9inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 9 | 2000 |
| groth16Verify_10inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 10 | 2100 |
| groth16Verify_11inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 11 | 2200 |
| groth16Verify_12inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 12 | 2300 |
| groth16Verify_13inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 13 | 2400 |
| groth16Verify_14inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 14 | 2500 |
| groth16Verify_15inputs(vk:ByteVector, proof:ByteVector, inputs:ByteVector): Boolean | 15 | 2600 |
# Parameters
| Parameter | Description |
|---|---|
vk: ByteVector | Key for the check. Maximum size: • For groth16Verify_<N>inputs function — 384 + 48 × N bytes.• For groth16Verify function — 384 + 48 × 16 =1152 bytes |
proof: ByteVector | Zero-knowledge proof. Fixed size: 192 bytes |
inputs: ByteVector | Zero-knowledge proof's public inputs array. Maximum size: • For groth16Verify_<N>inputs function – 32 × N bytes.• For groth16Verify function – 512 bytes |
# Example
{-# STDLIB_VERSION 4 #-}
{-# CONTENT_TYPE DAPP #-}
{-# SCRIPT_TYPE ACCOUNT #-}
groth16Verify(vk, proof, inputs)
# rsaVerify
Range of functions. Check that the RSA digital signature is valid, i.e. it was created by the owner of the public key.
| Name | Max message size | Complexity |
|---|---|---|
| rsaVerify(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 150 kB | 300 for Standard Library version 3 1000 for Standard Library version 4 |
| rsaVerify_16Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 16 kB | 500 |
| rsaVerify_32Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 32 kB | 550 |
| rsaVerify_64Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 64 kB | 625 |
| rsaVerify_128Kb(digest: digestAlgorithmType, message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 128 kB | 750 |
⚠️ The
rsaVerify_16Kb,rsaVerify_32Kb,rsaVerify_64Kb,rsaVerify_128Kbfunctions are added in Standard library version 4.
The recommended RSA key module length is at least 2048 bits.
Data can be hashed before signing using one of the following algorithms:
- MD5
- SHA-1
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- SHA3-224
- SHA3-256
- SHA3-384
- SHA3-512
⚠️ MD5 and SHA-1 are outdated algorithms for which collisions were found. They are for backward compatibility only. The app developer is responsible for selecting a secure hashing algorithm.
# Parameters
| Parameter | Description |
|---|---|
digest: digestAlgorithmType | The hashing algorithm applied to the data before signing. Acceptable values: • NOALG — data is not hashed.• MD5• SHA1 • SHA224• SHA256• SHA384• SHA512• SHA3224 • SHA3256• SHA3384• SHA3512 |
message: ByteVector | Signed data. Maximum size: • For rsaVerify_<N>Kb functions – N kB.• For rsaVerify function — 150 kB. |
sig: ByteVector | Digital signature. Fixed size: 25 bytes |
pub: ByteVector | Binary public key. Fixed size: 294 bytes |
# sigVerify
Range of functions. Check that the Curve25519 digital signature is valid, i.e. it was created by the owner of the public key.
⚠️ The
sigVerify_8Kb,sigVerify_16Kb,sigVerify_32Kb,sigVerify_64Kb,sigVerify_128Kbfunctions are added in Standard library version 4.
| Name | Max message size | Complexity |
|---|---|---|
| sigVerify(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 150 kB | 100 for Standard Library version 3 200 for Standard Library version 4 |
| sigVerify_8Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 8 kB | 47 |
| sigVerify_16Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 16 kB | 57 |
| sigVerify_32Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 32 kB | 70 |
| sigVerify_64Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 64 kB | 102 |
| sigVerify_128Kb(message: ByteVector, sig: ByteVector, pub: ByteVector): Boolean | 128 kB | 172 |
# Parameters
| Parameter | Description |
|---|---|
message: ByteVector | Signed data. Maximum size: • For rsaVerify_<N>Kb functions – N kB.• For rsaVerify function — 150 kB. |
sig: ByteVector | Digital signature. Fixed size: 25 bytes |
pub: ByteVector | Binary public key. Fixed size: 294 bytes |