Артём Литвинович via bitcoin-dev
2018-01-24 03:50:10 UTC
Greetings.
I wanted to ask what was the rationale behind still having both public
key and signature in Segwit witness?
As is known for a while, the public key can be derived from the
signature and a quadrant byte, a trick that is successfully used both
in Bitcoin message signing algorithm and in Ethereum transaction
signatures. The later in particular suggests that this is a perfectly
functional and secure alternative.
Leaving out the public key would have saved 33 bytes per signature,
which is quite a lot.
So, the question is - was there a good reason to do it the old way
(security, performance, privacy, something else?), or was it something
that haven't been thought of/considered at the time?
I wanted to ask what was the rationale behind still having both public
key and signature in Segwit witness?
As is known for a while, the public key can be derived from the
signature and a quadrant byte, a trick that is successfully used both
in Bitcoin message signing algorithm and in Ethereum transaction
signatures. The later in particular suggests that this is a perfectly
functional and secure alternative.
Leaving out the public key would have saved 33 bytes per signature,
which is quite a lot.
So, the question is - was there a good reason to do it the old way
(security, performance, privacy, something else?), or was it something
that haven't been thought of/considered at the time?