https://github.com/ergoplatform/sigmastate-interpreter

ErgoScript compiler and ErgoTree Interpreter implementation for Ergo blockchain
https://github.com/ergoplatform/sigmastate-interpreter

authentication-language blockchain compiler ergoplatform interpreter

Last synced: 5 days ago
JSON representation

ErgoScript compiler and ErgoTree Interpreter implementation for Ergo blockchain

• Host: GitHub
• URL: https://github.com/ergoplatform/sigmastate-interpreter
• Owner: ergoplatform
• License: mit
• Created: 2017-02-05T20:49:14.000Z (about 8 years ago)
• Default Branch: develop
• Last Pushed: 2025-04-18T15:51:42.000Z (18 days ago)
• Last Synced: 2025-04-18T19:28:45.759Z (18 days ago)
• Topics: authentication-language, blockchain, compiler, ergoplatform, interpreter
• Language: Scala
• Homepage:
• Size: 35.9 MB
• Stars: 65
• Watchers: 11
• Forks: 42
• Open Issues: 136
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-ergo - Sigmastate Interpreter

README

        
[![CI](https://github.com/ScorexFoundation/sigmastate-interpreter/actions/workflows/ci.yml/badge.svg)](https://github.com/ScorexFoundation/sigmastate-interpreter/actions/workflows/ci.yml)

[![codecov](https://codecov.io/gh/ScorexFoundation/sigmastate-interpreter/branch/develop/graph/badge.svg?token=HNu2ZEOoV6)](https://codecov.io/gh/ScorexFoundation/sigmastate-interpreter)

# ErgoScript compiler and ErgoTree interpreter 

This repository contains implementations of ErgoScript compiler and ErgoTree

Interpreter for a family of Sigma-protocol based authentication languages (or simply

Sigma language).

This library is used internally in [Ergo

Node](https://github.com/ergoplatform/ergo) and

[ergo-wallet](https://github.com/ergoplatform/ergo/tree/master/ergo-wallet), the

public interfaces are subject to change.

For development of Ergo applications using JVM languages (Java/Scala/Kotlin/etc)

a better alternative is to use

[Appkit](https://github.com/ergoplatform/ergo-appkit).

The library is cross-compiled to JS using Scala.js and the main abstractions can be used

from JS directly by importing [NPM module](https://www.npmjs.com/package/sigmastate-js).

See [README](sigma-js/README.md) for details.

## Sigma Language Background

Every coin in Bitcoin is protected by a program in the stack-based Script

language. An interpreter for the language is evaluating the program against a

context (few variables containing information about a spending transaction and

the blockchain), producing a single boolean value as a result. While Bitcoin

Script allows for some contracts to be programmed, its abilities are limited.

Also, to add new cryptographic primitives, for example, ring signatures, a

hard-fork is required.

Generalizing the Bitcoin Script, ErgoScript compiler and ErgoTree interpreter

implement an _authentication language_ which allows to express coin spending

conditions. The [ErgoScript

Compiler](sigmastate/src/main/scala/sigmastate/lang/SigmaCompiler.scala#L48)

compiles the source code into

[ErgoTree](sigmastate/src/main/scala/sigmastate/Values.scala#L990) byte code,

which can be saved in UTXO coins to protect their spending (same as in Bitcoin).

ErgoTree, in turn, is a bytecode language and memory representation which can be

deterministically interpreted in the given _blockchain context_. 

ErgoTree defines guarding proposition for a coin as a logic formula which

combines predicates over a context and cryptographic statements provable via

[Σ-protocols](https://en.wikipedia.org/wiki/Proof_of_knowledge#Sigma_protocols)

with AND, OR, k-out-of-n connectives.

An _interacting party_ willing to spend the coin first constructs a

[prover](sigmastate/src/main/scala/sigmastate/interpreter/ProverInterpreter.scala)

with a set of secrets it knows and then the prover is executed in two steps:

- _Reduction_ - the prover uses the ErgoTree interpreter and deterministically

reduces the ErgoTree proposition to a compound _cryptographic statement_(aka

sigma proposition, Σ-protocol) by evaluating ErgoTree over known shared context

(state of the blockchain system and a spending transaction). This step produces

a value of the [SigmaBoolean](sigmastate/src/main/scala/sigmastate/Values.scala)

type.

- Signing - the prover is turning the obtained (and possibly

complex) Σ-proposition into a signature with the help of a [Fiat-Shamir

transformation](https://en.wikipedia.org/wiki/Fiat-Shamir_heuristic). This step

produces a _proof_ that the party knows the secrets such that the knowledge can

be verified before the spending transaction is added to the blockchain.

To allow valid coin spending a

[verifier](sigmastate/src/main/scala/sigmastate/interpreter/Interpreter.scala)

is running the ErgoTree interpreter with the following three inputs:

- a guarding proposition given by an ErgoTree 

- a blockchain _context_ of the transaction being verified

- a _proof_ (aka transaction signature) generated by a _prover_ 

 

The verifier is executed as part of transaction validation for each input and is

executed in tree steps:

- _Reduction_ - same as prover, the verifier uses the ErgoTree interpreter and

deterministically produces a value of the

[SigmaBoolean](sigmastate/src/main/scala/sigmastate/Values.scala) type. 

However, this step must finish evaluation for any possible inputs within

concrete fixed time limit (aka maximum cost), which is checked by the interpreter.

- Cost estimation - the verifier estimates the complexity of cryptographic Sigma

proposition (based in the size and the concrete nodes of SigmaBoolean tree). The

spending fails if the estimated cost exceeds the maximum limit.

- Signature verification - the signature checker takes 1) the proof, 2) the

SigmaBoolean (aka [sigma

protocol](https://en.wikipedia.org/wiki/Proof_of_knowledge#Sigma_protocols)

proposition) and 3) the signed message (e.g. transaction bytes).

The checker than verifies the proof, which means it verifies that all the

necessary secrets has been known and used to construct the proof (i.e. sign the

transaction).

## Getting Started 

This library is

[publishied](https://mvnrepository.com/artifact/org.scorexfoundation/sigma-state)

on Maven repository and can be added to the SBT configuration of Scala project.

```scala

libraryDependencies += "org.scorexfoundation" %% "sigma-state" % "5.0.14"

```

## Repository Organization

| sub-module  | description                                                                        |

|-------------|------------------------------------------------------------------------------------|

| core        | contains core classes of Sigma library                                             |

| data        | contains classes for working with ErgoTree, addresses and all related serializers  |

| docs        | Collection of documents                                                            |

| interpreter | contains an implementation of ErgoTree Interpreter                                 |

| sdk         | contains and implementation of transaction reduction and signing                   |

| parsers     | contains an implementation of ErgoScript parsers using FastParse library           |

| sc          | contains an implementation of ErgoScript compiler                                  |

| sigma-js    | root directory of sigmastate-js JS module (see [package.json](sigma-js/README.md)) |

## Contributing

We welcome contributions to this project! If you are interested in contributing, here are

a few ways to get started:

**Report bugs:** If you have found a bug please open an issue on the issue tracker.

**Fix bugs or implement features:** If you would like to fix a bug or implement a new

feature, please fork the repository and open a pull request with your changes. Please make

sure to include a clear description of the changes you have made and why you think they

should be included in the project.

**Improve documentation:** If you notice that the documentation could be improved, please

feel free to make changes and open a pull request.

**Review pull requests:** If you would like to help review pull requests, please take a

look at the open pull requests and leave comments on any that you would like to review.

Before you start working on a contribution, please make sure to read the [contributing

guidelines](CONTRIBUTING.md). These documents outline the expectations for contributions

to this project.

Thank you for your interest in contributing to this project! Your help is always appreciated!

Please submit a pull request or create an issue to add a new cryptographic primitives or better implementations.

## Acknowledgments

We thank JetBrains for [supporting](https://www.jetbrains.com/buy/opensource/) this project since 2021 by providing All Products Pack subscription.



We thank YourKit for support of open source projects with its full-featured Java Profiler.

YourKit, LLC is the creator of YourKit Java Profiler

and YourKit .NET Profiler,

innovative and intelligent tools for profiling Java and .NET applications.

## References

- [Ergo Site](https://ergoplatform.org/en/)

- [Ergo Sources](https://github.com/ergoplatform/ergo)

- [Sigma-js](https://www.npmjs.com/package/sigmastate-js)

- [Ergo Appkit](https://github.com/ergoplatform/ergo-appkit)

- [Ergo Appkit Examples](https://github.com/aslesarenko/ergo-appkit-examples)

- [ergo-android](https://github.com/aslesarenko/ergo-android)

- [ergo-wallet-android](https://github.com/MrStahlfelge/ergo-wallet-android)

- [ErgoTree Specification](https://ergoplatform.org/docs/ErgoTree.pdf)

- [Ergo Documents](https://docs.ergoplatform.org/)