* [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? @ 2018-01-24 3:50 Артём Литвинович 2018-01-24 4:25 ` Gregory Maxwell 0 siblings, 1 reply; 7+ messages in thread From: Артём Литвинович @ 2018-01-24 3:50 UTC (permalink / raw) To: bitcoin-dev Greetings. I wanted to ask what was the rationale behind still having both public key and signature in Segwit witness? As is known for a while, the public key can be derived from the signature and a quadrant byte, a trick that is successfully used both in Bitcoin message signing algorithm and in Ethereum transaction signatures. The later in particular suggests that this is a perfectly functional and secure alternative. Leaving out the public key would have saved 33 bytes per signature, which is quite a lot. So, the question is - was there a good reason to do it the old way (security, performance, privacy, something else?), or was it something that haven't been thought of/considered at the time? ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 3:50 [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? Артём Литвинович @ 2018-01-24 4:25 ` Gregory Maxwell 2018-01-24 10:24 ` Aymeric Vitte 0 siblings, 1 reply; 7+ messages in thread From: Gregory Maxwell @ 2018-01-24 4:25 UTC (permalink / raw) To: Артём Литвинович, Bitcoin Protocol Discussion On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > Greetings. > > I wanted to ask what was the rationale behind still having both public > key and signature in Segwit witness? > > As is known for a while, the public key can be derived from the > signature and a quadrant byte, a trick that is successfully used both > in Bitcoin message signing algorithm and in Ethereum transaction > signatures. The later in particular suggests that this is a perfectly > functional and secure alternative. > Leaving out the public key would have saved 33 bytes per signature, > which is quite a lot. > > So, the question is - was there a good reason to do it the old way > (security, performance, privacy, something else?), or was it something > that haven't been thought of/considered at the time? It is slow to verify, incompatible with batch validation, doesn't save space if hashing isn't used, and is potentially patent encumbered. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 4:25 ` Gregory Maxwell @ 2018-01-24 10:24 ` Aymeric Vitte 2018-01-24 10:31 ` Gregory Maxwell 0 siblings, 1 reply; 7+ messages in thread From: Aymeric Vitte @ 2018-01-24 10:24 UTC (permalink / raw) To: Gregory Maxwell, Bitcoin Protocol Discussion, Артём Литвинович 34 bytes in fact I have asked already the question at least twice on this list pointing out the fact that pubkey is there now even for standard p2pkh transactions and it was not the case some time ago But I never got any answer regarding what motivated this change (compared to the previous behavior) and when, so whether I am missing something obvious, whether nobody wants to answer Txs without pubkey are now rejected then what is the element in the code (protocol, version, etc) that "decided" this? Le 24/01/2018 à 05:25, Gregory Maxwell via bitcoin-dev a écrit : > On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-dev > <bitcoin-dev@lists.linuxfoundation.org> wrote: >> Greetings. >> >> I wanted to ask what was the rationale behind still having both public >> key and signature in Segwit witness? >> >> As is known for a while, the public key can be derived from the >> signature and a quadrant byte, a trick that is successfully used both >> in Bitcoin message signing algorithm and in Ethereum transaction >> signatures. The later in particular suggests that this is a perfectly >> functional and secure alternative. >> Leaving out the public key would have saved 33 bytes per signature, >> which is quite a lot. >> >> So, the question is - was there a good reason to do it the old way >> (security, performance, privacy, something else?), or was it something >> that haven't been thought of/considered at the time? > It is slow to verify, incompatible with batch validation, doesn't save > space if hashing isn't used, and is potentially patent encumbered. > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 10:24 ` Aymeric Vitte @ 2018-01-24 10:31 ` Gregory Maxwell 2018-01-24 11:16 ` Aymeric Vitte 0 siblings, 1 reply; 7+ messages in thread From: Gregory Maxwell @ 2018-01-24 10:31 UTC (permalink / raw) To: Aymeric Vitte Cc: Bitcoin Protocol Discussion, Артём Литвинович On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: > out the fact that pubkey is there now even for standard p2pkh > transactions and it was not the case some time ago > > But I never got any answer regarding what motivated this change > (compared to the previous behavior) and when, so whether I am missing > something obvious, whether nobody wants to answer No such behaviour ever existed, you are simply mistaken. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 10:31 ` Gregory Maxwell @ 2018-01-24 11:16 ` Aymeric Vitte 2018-01-24 11:35 ` Gregory Maxwell 0 siblings, 1 reply; 7+ messages in thread From: Aymeric Vitte @ 2018-01-24 11:16 UTC (permalink / raw) To: Gregory Maxwell Cc: Bitcoin Protocol Discussion, Артём Литвинович Then what about https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex ? Scriptsig: 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 No pubkey... Le 24/01/2018 à 11:31, Gregory Maxwell a écrit : > On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: >> out the fact that pubkey is there now even for standard p2pkh >> transactions and it was not the case some time ago >> >> But I never got any answer regarding what motivated this change >> (compared to the previous behavior) and when, so whether I am missing >> something obvious, whether nobody wants to answer > No such behaviour ever existed, you are simply mistaken. -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 11:16 ` Aymeric Vitte @ 2018-01-24 11:35 ` Gregory Maxwell 2018-01-24 12:03 ` Aymeric Vitte 0 siblings, 1 reply; 7+ messages in thread From: Gregory Maxwell @ 2018-01-24 11:35 UTC (permalink / raw) To: Aymeric Vitte Cc: Bitcoin Protocol Discussion, Артём Литвинович On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: > Then what about > https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex > ? > > Scriptsig: > > 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 > > No pubkey... Because the pubkey is in the scriptPubKey of vout 0 of 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which it is spending. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? 2018-01-24 11:35 ` Gregory Maxwell @ 2018-01-24 12:03 ` Aymeric Vitte 0 siblings, 0 replies; 7+ messages in thread From: Aymeric Vitte @ 2018-01-24 12:03 UTC (permalink / raw) To: Gregory Maxwell Cc: Bitcoin Protocol Discussion, Артём Литвинович Indeed... I would have bet that I had other examples with p2pkh this time but apparently I imagined it Le 24/01/2018 à 12:35, Gregory Maxwell a écrit : > On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vitte <vitteaymeric@gmail.com> wrote: >> Then what about >> https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex >> ? >> >> Scriptsig: >> >> 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 >> >> No pubkey... > Because the pubkey is in the scriptPubKey of vout 0 of > 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which > it is spending. -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-01-24 12:03 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-24 3:50 [bitcoin-dev] Why is deriving public key from the signature not used in Segwit? Артём Литвинович 2018-01-24 4:25 ` Gregory Maxwell 2018-01-24 10:24 ` Aymeric Vitte 2018-01-24 10:31 ` Gregory Maxwell 2018-01-24 11:16 ` Aymeric Vitte 2018-01-24 11:35 ` Gregory Maxwell 2018-01-24 12:03 ` Aymeric Vitte
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox