With the rise of cloud and edge computing, mobile security and efficiency improvements are required for enterprise users to take full advantage of the opportunities that come with data-rich Internet of things (IoT) devices and other tools. As data-capturing devices get more sophisticated, the speed and ease at which data needs to be exchanged poses a challenge when it comes to the robustness and reliability of modern technology. Such devices simply cannot reach their full potential when they are susceptible to data breaches or network lags. Likewise, increased connectivity means mistakes and data breaches happen faster today and can quickly extend beyond control. Ultimately, what is at stake is the experience and privacy of the individual user.
In the light of such concern, recent research by our Principal Researcher and Research Delivery Lead, Dr Wei Zhang, explored how the functionality of PUSHTX using Bitcoin script could be optimised and used as a secure mechanism for perpetually enforcing conditions on future transactions, in other words, how to contain new, automated technology in the bottles of contracts and protocols prepared to hold it, protecting user data and privacy.
Revisiting the idea of PUSHTX, which lies in generating and verifying a signature on a piece of data on a stack using the Bitcoin scripting language and OP_CHECKSIG, Dr Wei’s white paper, titled PUSHTX and Its Building Blocks, reveals insights and optimisations through the example of a perpetually enforcing locking script (PELS).
PELS are used to ensure desired conditions are met in a chain of transactions originating from an output associated with the respective locking script. Once the rules of the PELS have been defined, users can be safe in the knowledge that any associated future transactions are carried out in accordance with the same rules or that they would otherwise be invalidated. Such locking scripts are particularly useful on the Bitcoin (BSV) network, where the subsequent validation of the signature and the enforcement of the defined rules can effectively be left to the nodes of the network.
A formal security proof shows the mathematical logic behind PUSHTX, highlighting the underlying assumption that makes it secure. Security considerations when implementing PUSHTX serve to avoid any security vulnerability.
Using the example use case of attesting a signature and certificate, the white paper explains that a certificate authority (CA) can seamlessly delegate such work to another CA by requiring that a locking script be used for all attesting transactions, resulting in a fixed output value that can only be sent to the authorised party themselves—and thereby signalling the integrity of the certificate.
The transaction fee can be included in the same input or even be covered using the locking script and the previous output, serving as a feature that limits the number of times an authorised party can attest a certificate.
Optimisations and Security Insights
By constructing the signed message from an input of smaller size using opcodes, the size of the spending transaction can be reduced significantly. A more generic optimisation can be achieved by setting both the respective private key and the ephemeral key to be 1, which would reduce the transaction size by more than 100 bytes and bring it down to around 1 KB. The solution is thereby specially suited to light clients with potentially low bandwidth or data capacity, and, likewise, supports the speed and ease at which certificate attestation may be carried out.
The efficiency increase goes hand in hand with several resulting security insights that allow the streamlining of executing the script, including rules that the respective public key must be fixed and that the ephemeral key and the sighash flag should be fixed, to protect the integrity and robustness of a valid signature and certificate.
Delegation of Authority and Extensions by nChain
The method of using PUSHTX in-script has already been adopted by sCrypt, STAS tokens, and Sensible Contract, which build on the BSV blockchain, taking advantage of its low and stable fees and a sustainable network structure. PUSHTX is likely to be further used and applied in applications where delegation of authority and decision-making may be desired, including:
- automated contracts, such as for well-established decision-making processes;
- token protocols, such as for single-use tickets or authorisations;
- certificate authorities, such as for attesting signatures and certificates.
With the efficient use of PUSHTX and the BSV blockchain, IoT devices that are connected through IP addresses and RFID tags can be used in increasingly mobile, seamless, and secure ways.
The improvements offered through such research provide ways to streamline performance and security in critical areas of modern enterprises, and present examples of the incremental innovations that open the possibilities of technologies yet to be fully utilised.