public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
@ 2018-01-24  3:50 Артём Литвинович
  2018-01-24  4:25 ` Gregory Maxwell
  0 siblings, 1 reply; 7+ messages in thread
From: Артём Литвинович @ 2018-01-24  3:50 UTC (permalink / raw)
  To: bitcoin-dev

Greetings.

I wanted to ask what was the rationale behind still having both public
key and signature in Segwit witness?

As is known for a while, the public key can be derived from the
signature and a quadrant byte, a trick that is successfully used both
in Bitcoin message signing algorithm and in Ethereum transaction
signatures. The later in particular suggests that this is a perfectly
functional and secure alternative.
Leaving out the public key would have saved 33 bytes per signature,
which is quite a lot.

So, the question is - was there a good reason to do it the old way
(security, performance, privacy, something else?), or was it something
that haven't been thought of/considered at the time?


^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2018-01-24 12:03 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-24  3:50 [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? Артём Литвинович
2018-01-24  4:25 ` Gregory Maxwell
2018-01-24 10:24   ` Aymeric Vitte
2018-01-24 10:31     ` Gregory Maxwell
2018-01-24 11:16       ` Aymeric Vitte
2018-01-24 11:35         ` Gregory Maxwell
2018-01-24 12:03           ` Aymeric Vitte

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox