- Author: @aslesarenko
- Status: Proposed
- Created: 18-August-2021
- License: CC0
- Forking: not needed
- Description
- Background And Motivation
- Reduced Transaction data
- Data Formats
- Reference implementation
This EIP defines a data format for Reduced Transaction which can be used:
- to enable interoperation between an online dApp and a wallet app for creating, signing and sending Ergo transactions
- to serialize reduced transaction to QR code for scanning by a wallet app
- to serialize reduced transaction to JSON for using in Ergo node API
In the Ergo's eUTXO model a box can be protected by an arbitrary complex
contract (aka spending condition) and the spending transaction should satisfy
that condition by adding required context variables, creating expected number of
outputs with specific registers etc. i.e. a special data structure called
Context.
Say we want to sign a new transaction. The Context should be created for each input of the transaction and then passed to the Prover which will generate a signature for that input. See general overview of signing and verification process in Ergo for details.
In general, the Context represents the current state of the blockchain and includes current header, previous 10 headers, current height etc. This data can be retrieved from blockchain nodes. This is possible on Hot Wallet device - a device with a network connection, but is not possible on Cold Wallet device (where there is no network connection).
At the same time the prover (which generates a signature for the transaction) need to know both the Context data and the private keys, which are stored on the Cold Wallet device, and so the Prover must run on the Cold Wallet device.
And that is the problem, we cannot transfer unsigned transaction along with all the contexts for each input to the Cold Wallet via QR codes. QR codes have limit of 4K bytes on the maximum size of serialized data. Even simplest transactions when serialized with required Contexts will exceed this limit.
Here we introduce a new data structure and serialization format called
ReducedTransaction.
ReducedTransaction:
- unsignedTx: UnsignedTransaction
- reducedInputs: Seq[ReducedInputData]
- txCost: Int
UnsignedTransaction:
- inputs: Seq[UnsignedInput],
- dataInputs: Seq[DataInput],
- outputCandidates: Seq[ErgoBoxCandidate]
UnsignedInput:
- boxId: BoxId
- extension: ContextExtension
ReducedInputData:
- reductionResult: ReductionResult
ReductionResult:
- value: SigmaBoolean
- cost: Long
Thus, the ReducedTransaction instance contains unsigned transaction augmented with
one ReductionResult for each UnsignedInput.
Note that UnsignedInput object doesn't contain ergoTree, additionalTokens,
additionalRegisters and other properties of
ErgoBox
which are necessary to perform
ErgoTree
reduction and which are part of the
Context
data structure required by the
prove
method to generate a proof (aka signature).
This is because those context data is not required to generate proof once ErgoTree is reduced to ReductionResult containing sigma proposition.
ReducedTransaction is serialized to bytes array in the format described below. Note, field names are not serialized.
| Field Name | Format | Description |
|---|---|---|
messageSize |
VLQ(UInt) |
Number of bytes in the messageToSign of the transaction |
messageToSign |
Bytes |
serialized bytes of the unsignedTx.messageToSign |
reducedInputs |
ReductionResult* |
serialized reduced inputs |
txCost |
VLQ(UInt) |
transaction cost according to the prover |
Note, the number of reduced inputs is serialized as part of the messageToSign.
Reduction result is obtained for each input of the original unsigned transaction.
| Field Name | Format | Description |
|---|---|---|
value |
SigmaBoolean |
serialized sigma proposition, see section 5.2.2 in 2 |
cost |
VLQ(ULong) |
cost accumulated during reduction of the input's ErgoTree |
ReducedTransaction is represented in Appkit as a class which can be serialized to bytes array.