Rabin Signatures in Bitcoin Cash Owen Vaughan – Senior Researcher, nChain In this article we show how arbitrary messages can be signed and verified directly in Bitcoin Cash script without introducing new opcodes (such as the proposed OP_CHECKDATASIG (also known as OP_DATASIGVERIFY)). By utilising the simple algebraic structure of Rabin signatures, any piece of data placed in a transaction can be signed - even if it originates from outside the Bitcoin Cash blockchain. Rabin Signatures The Rabin Digital Signature (RDS) algorithm is a relatively unknown early example of a digital signature scheme developed by Michael Rabin in 1979 [1]. Its security relies on the key observation that calculating a modular square-root is as hard as integer factorisation. For this reason, it shares many features with RSA but also has some interesting differences that are worth exploring. The Rabin cryptosystem setup is similar to RSA. Key generation is initiated by identifying two primes and of similar magnitude. But, unlike RSA there is an additional requirement that ≡ 3 mod 4 and ≡ 3 mod 4. The combination , together form the private key with the corresponding public key ∙ . To sign a message a padding is identified such that the hash || is a quadratic residue modulo . In other words, there exists an such that ≡ || mod . (1) The combination , is the Rabin signature. Forging the signature by finding the square-root of the right-hand-side is as hard as the integer factorisation of itself. On the other hand, if and are known then by the Chinese remainder theorem ≡ || mod and ≡ || mod . (2) Since we have chosen ≡ 3 mod 4 and ≡ 3 mod 4 the simplified version of the Tonelli- Shanks algorithm can be used to calculate
Rabin Signatures in Bitcoin Cash
![Rabin Signatures in Bitcoin Cash](http://data.docslib.org/img/58837bd89a7ec1b0baa7bb7a73315687-1.webp)