One of the changes proposed for the November 2018 protocol upgrade is the introduction of new opcodes like OP_CHECKDATASIG. Similar to Bitcoin Unlimited’s (BU) OP_DATASIGVERIFY, Bitcoin ABC’s OP_CHECKDATASIG opcode can be used to validate a signature on Bitcoin Cash (BCH) transactions, and even allows the embedding of an arbitrary message—which could be of use in applications external to BCH chain.
The problem is this: the two opcodes are not part of the original Bitcoin protocol. As Reddit user moosapor pointed out, OP_CHECKDATASIG “is an almost exact line-by-line copy of a little-known, yet fairly mature opcode called OP_CHECKSIGFROMSTACK” that was implemented in Blockstream’s Elements project. OP_DATASIGVERIFY may look like “an independent development” from BU, but its function is fundamentally the same.
What if there’s another way to sign arbitrary messages directly in Bitcoin BCH script?
The solution, according to nChain senior researcher Owen Vaughan, lies in the simple algebraic structure of Rabin Digital Structure (RDS) algorithm to sign “any piece of data placed in a transaction”—even if it’s from outside the Bitcoin BCH chain.
RDS, developed in 1971 by Michael Rabin, was considered to be one of the first digital signature schemes proposed. In an nChain article, Vaughan explained that RDS’ security “relies on the key observation that calculating a modular square-root is as hard as integer factorization.”
“By utilising the properties of Rabin signatures we have seen how an arbitrary message can be signed, and how the signature can be verified directly in Bitcoin Cash script without introducing new opcodes. All computationally expensive operations (key generation, signature construction) are performed off-block. Only the simple step of verifying that holds is performed within script,” Vaughan wrote.
This algorithm is also existentially unforgeable, which means extra functionalities can be added to the Bitcoin BCH platform without the need to change the original protocol or compromise the security of the entire network, according to the nChain researcher.
nChain plans to develop a solution using Rabin signatures and is open to collaborating with other groups and researchers on this development. Vaughan, however, noted that the outfit has no plans to patent its work for this solution but instead publish it for public review and usage.