The application principle of oracle and Rabin signature in Bitcoin smart contract

Others 2021-01-26 12:16:52 views: null

Oracle (Oracle) 1

Smart contracts on Bitcoin or other blockchains usually require access to data outside the blockchain to make them more practical, such as: weather changes in insurance contracts in reality or sports match results in betting contracts. For security reasons, when running smart contracts in an independent sandbox, external data retrieval is prohibited. They rely on a third-party Oracle (Oracle) to provide these data. This creates a "integrity" problem, also known as the Oracle problem . Digital signatures are required to verify the authenticity and integrity of data provided by known oracles.

This article introduces an effective method to verify and access any data signed in a Bitcoin smart contract by an oracle on or off the chain.

Rabin signature algorithm 2

The Rabin signature algorithm is another digital signature algorithm (DSA) that can be used to replace the elliptic curve digital signature algorithm ( ECDSA ) used in Bitcoin . The security of the Rabin digital signature is guaranteed by the computational complexity of calculating the square root of the modular composite number, and its difficulty is similar to the problem of prime factorization of large integers.

Key generation

Similar to RSA , the key is generated by determining two large prime numbers p and q . The private key is a combination of (p, q) , which corresponds to the public key n = p * q .

signature

Signature algorithm

The padding value U is attached to the message to sign m so that the hash value H (m || U) . 3 to S quadratic mode n congruent. The signature is the combination of (S, U) .

verification

Verification algorithm

The signature can be verified by using the signature (S, U) , message m and public key n to check whether the above equation is true.

Algorithm advantage

It can be seen that the Rabin signature has very good asymmetry, that is, signature generation requires a lot of calculations, while the amount of calculations required for signature verification is low. This property makes it very suitable for on-chain implementation, where only signature verification is required. In principle, we can use ECDSA to verify the signature, but its cost is many orders of magnitude higher than that of Rabin.

achieve

Here is a Javascript implementation of Rabin algorithm, including key generation, signature generation, and signature verification.

At the same time, we also have a sCrypt language implementation . Note that the core part has only about 10 lines of code, and only involves basic algebra and hash operations. We only need to implement signature verification, because this is the only part of the chain to be completed.

In addition, we also demonstrated a general technique for generating a longer hash value (512 bits in the example). The method is to segment the SHA256 hash value result of the original message, calculate the SHA256 hash value again, and connect the results. The complete code is shown below.

import "util.scrypt";

contract RabinSignature {
    
    
    public function verifySig(int sig, bytes msg, bytes padding, int n) {
    
    
        int h = Util.fromLEUnsigned(this.hash(msg + padding));
        require((sig * sig) % n == h % n);
    }

    function hash(bytes x) returns (bytes) {
    
    
        // expand into 512 bit hash
        bytes hx = sha256(x);
        int idx = length(hx) / 2;
        return sha256(hx[:idx]) + sha256(hx[idx:]);
    }
}

in conclusion

Thanks to the Rabin signature, we can sign any data and embed it in a Bitcoin transaction, and use the existing Bitcoin script to effectively verify it on the chain. In addition, the complexity and cost can be customized according to the security requirements of the application, which is more flexible than hard-coding a specific DSA at the consensus layer. If you need stronger security, you can simply use longer keys and hashes.

By allowing smart contracts to safely and trusted access to external oracles data, they will become extremely powerful.

Thanks

Thanks to nChain's Owen Vaughan and Dr. Craig Wright for their exploration and discovery of using Rabin signatures in Bitcoin.

appendix

  1. Oracle: The mechanism by which information outside the blockchain is written into the blockchain , generally called the oracle mechanism, explained in wiki ; ↩︎

  2. Rabin signature algorithm: an asymmetric encryption algorithm, explained by wiki↩︎

  3. h(m||U) : Indicates that the hash value is calculated as a whole after connecting m and U; ↩︎

Guess you like

Origin blog.csdn.net/freedomhero/article/details/107237537
Recommended
The sixth meeting of openKylin Community Ecology Committee was successfully held
Alibaba Cloud officially releases Tongyi Qianwen 2.5
Python 3.13 releases first Beta: experimental free-threading mode and JIT, improved interactive interpreter
Stack Overflow used my code to train large AI models and banned my account.
Pop!_OS’s COSMIC desktop completes App Store listing
Report: Django is still the first choice for 74% of developers
"Internet Investment and Financing Operation in the First Quarter of 2024" Research Report
15 years ago, he was on the "FFmpeg pillar of shame", and today he still has to thank us - Tencent QQPlayer avenges its shame?
Ranking
Python handwritten digit recognition, the corresponding mathematical formulas and Detailed procedures
Der M-Chip-Mac implementiert mehrere Android-Emulatoren
CentOS 명령줄 모드에서 화면이 항상 켜져 있도록 설정 ---- 예상한 효과를 얻지 못했습니다.
Teach you step by step how to use GDB to debug programs: a comprehensive guide from entry to mastery
python3 pip ipython installation
A lot of python crawler source code sharing -- talk about the little thing about python crawler
Agile Sprint in Alpha Stage (7)
Access URL in Unity
FunctoinDemo form
MS SQL common SQL statements (6): create, modify, delete triggers and other operations sq
Daily
More
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)

Code World

© 2018 codetd.com