From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B255AEB7 for ; Wed, 24 Jan 2018 04:25:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f41.google.com (mail-vk0-f41.google.com [209.85.213.41]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3260D2C4 for ; Wed, 24 Jan 2018 04:25:29 +0000 (UTC) Received: by mail-vk0-f41.google.com with SMTP id g186so1742718vkd.8 for ; Tue, 23 Jan 2018 20:25:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-transfer-encoding; bh=b4y7RTkPkv9ly83DcolYTC1nf3ZBV8yYJytpPGqNfuY=; b=OO/ahcjin1b0ki0F7ugFAwTs0UeDPU8LQiTDof0NsIWL+tWp0Zxi3vvlKOTTyls9B2 z+kvP5ovWZQoWfvJO3MbqprB09XVT4OW6dElGG3V4en+lUl9fCob5fF733GuAXS0YwUz 7kyeq9UK/sqg5ocJ3PRRxk6WVMtIWMtKvwzYv6myt7Uzzqoei4T+bterjHNWufvDJMTN e4vYkT/6UFan/Tsz63ndcdDcpEjmK+LI/1CckBYrAHzMj8CcC0i2D7c5CA0GMtcfXTUw L2BZjOFcbCIIZC/0ZqzSYUUdBCBxbgVEpiqD2bfurTdj32P2swjHQCYYe5YBiKzbmUzn e2qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:content-transfer-encoding; bh=b4y7RTkPkv9ly83DcolYTC1nf3ZBV8yYJytpPGqNfuY=; b=Z6pgp87KiwL/QnWzxkXM7v5HRkiz83gSyY0aNSkCkinUsJHRw+ItBVfVRU/d+Vt6bP ZF/96EYwrhkpRF7EhLD6Q3n36P9LO2HWVG+I/qsUAlRMAfKPIgZylgoUFFe5mAzIwFkr EV8HMylv+/7ndkTMJkilPg9IdaTStEbHrcZRNzXjiyl7ZmkrlbzqhTgNzHQjV92SZXCy X72bqW3CrOTB7hn+t9/sroJN8SBE647b+VjGouOVan6nu8nVdbzm9+rtESVc/MRpmABR qXBUih4/V0kKLcAQdgyXN82ctO3tG5sJ9JWDS9r0vHx4fajcvc2cp2Ugwr4+9q8fOuLa B+1w== X-Gm-Message-State: AKwxytd7RAtkaoUaezIUJiQWXA3UJEQf9hMr12u7WtnG/56+uM1U8vad XxzeJ59SfaM5N52DSUGrqMr3/GizX4og306WAss= X-Google-Smtp-Source: AH8x226ADrDgZrmiWMk0HADlw6XCJLKg5vlBfPgqOaDVs6BM8MUTCIy3JoLChIAwAy5Tn/hyI8O8DUNLeZyDsSlLfAU= X-Received: by 10.31.207.135 with SMTP id f129mr2350782vkg.154.1516767928369; Tue, 23 Jan 2018 20:25:28 -0800 (PST) MIME-Version: 1.0 Sender: gmaxwell@gmail.com Received: by 10.103.78.155 with HTTP; Tue, 23 Jan 2018 20:25:28 -0800 (PST) In-Reply-To: References: From: Gregory Maxwell Date: Wed, 24 Jan 2018 04:25:28 +0000 X-Google-Sender-Auth: 2PBzR0uUiKgzyN-NndVRCnf98F8 Message-ID: To: =?UTF-8?B?0JDRgNGC0ZHQvCDQm9C40YLQstC40L3QvtCy0LjRhw==?= , Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jan 2018 04:25:29 -0000 On Wed, Jan 24, 2018 at 3:50 AM, =D0=90=D1=80=D1=82=D1=91=D0=BC =D0=9B=D0= =B8=D1=82=D0=B2=D0=B8=D0=BD=D0=BE=D0=B2=D0=B8=D1=87 via bitcoin-dev wrote: > Greetings. > > I wanted to ask what was the rationale behind still having both public > key and signature in Segwit witness? > > As is known for a while, the public key can be derived from the > signature and a quadrant byte, a trick that is successfully used both > in Bitcoin message signing algorithm and in Ethereum transaction > signatures. The later in particular suggests that this is a perfectly > functional and secure alternative. > Leaving out the public key would have saved 33 bytes per signature, > which is quite a lot. > > So, the question is - was there a good reason to do it the old way > (security, performance, privacy, something else?), or was it something > that haven't been thought of/considered at the time? It is slow to verify, incompatible with batch validation, doesn't save space if hashing isn't used, and is potentially patent encumbered.