1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
Return-Path: <gmaxwell@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id B255AEB7
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 04:25:29 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-vk0-f41.google.com (mail-vk0-f41.google.com
[209.85.213.41])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3260D2C4
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 04:25:29 +0000 (UTC)
Received: by mail-vk0-f41.google.com with SMTP id g186so1742718vkd.8
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jan 2018 20:25:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:content-transfer-encoding;
bh=b4y7RTkPkv9ly83DcolYTC1nf3ZBV8yYJytpPGqNfuY=;
b=OO/ahcjin1b0ki0F7ugFAwTs0UeDPU8LQiTDof0NsIWL+tWp0Zxi3vvlKOTTyls9B2
z+kvP5ovWZQoWfvJO3MbqprB09XVT4OW6dElGG3V4en+lUl9fCob5fF733GuAXS0YwUz
7kyeq9UK/sqg5ocJ3PRRxk6WVMtIWMtKvwzYv6myt7Uzzqoei4T+bterjHNWufvDJMTN
e4vYkT/6UFan/Tsz63ndcdDcpEjmK+LI/1CckBYrAHzMj8CcC0i2D7c5CA0GMtcfXTUw
L2BZjOFcbCIIZC/0ZqzSYUUdBCBxbgVEpiqD2bfurTdj32P2swjHQCYYe5YBiKzbmUzn
e2qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:content-transfer-encoding;
bh=b4y7RTkPkv9ly83DcolYTC1nf3ZBV8yYJytpPGqNfuY=;
b=Z6pgp87KiwL/QnWzxkXM7v5HRkiz83gSyY0aNSkCkinUsJHRw+ItBVfVRU/d+Vt6bP
ZF/96EYwrhkpRF7EhLD6Q3n36P9LO2HWVG+I/qsUAlRMAfKPIgZylgoUFFe5mAzIwFkr
EV8HMylv+/7ndkTMJkilPg9IdaTStEbHrcZRNzXjiyl7ZmkrlbzqhTgNzHQjV92SZXCy
X72bqW3CrOTB7hn+t9/sroJN8SBE647b+VjGouOVan6nu8nVdbzm9+rtESVc/MRpmABR
qXBUih4/V0kKLcAQdgyXN82ctO3tG5sJ9JWDS9r0vHx4fajcvc2cp2Ugwr4+9q8fOuLa
B+1w==
X-Gm-Message-State: AKwxytd7RAtkaoUaezIUJiQWXA3UJEQf9hMr12u7WtnG/56+uM1U8vad
XxzeJ59SfaM5N52DSUGrqMr3/GizX4og306WAss=
X-Google-Smtp-Source: AH8x226ADrDgZrmiWMk0HADlw6XCJLKg5vlBfPgqOaDVs6BM8MUTCIy3JoLChIAwAy5Tn/hyI8O8DUNLeZyDsSlLfAU=
X-Received: by 10.31.207.135 with SMTP id f129mr2350782vkg.154.1516767928369;
Tue, 23 Jan 2018 20:25:28 -0800 (PST)
MIME-Version: 1.0
Sender: gmaxwell@gmail.com
Received: by 10.103.78.155 with HTTP; Tue, 23 Jan 2018 20:25:28 -0800 (PST)
In-Reply-To: <CAJRVQkBPQR3Gz3AtWFgK_Z_9vDVZvR4Ws=f+tUZ3Y0mdswuk_g@mail.gmail.com>
References: <CAJRVQkBPQR3Gz3AtWFgK_Z_9vDVZvR4Ws=f+tUZ3Y0mdswuk_g@mail.gmail.com>
From: Gregory Maxwell <greg@xiph.org>
Date: Wed, 24 Jan 2018 04:25:28 +0000
X-Google-Sender-Auth: 2PBzR0uUiKgzyN-NndVRCnf98F8
Message-ID: <CAAS2fgQmKY5206-ko9ttV4K_4aPfoWh7Jrx=XYetXLeknU30iw@mail.gmail.com>
To: =?UTF-8?B?0JDRgNGC0ZHQvCDQm9C40YLQstC40L3QvtCy0LjRhw==?=
<theartlav@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Why is deriving public key from the signature not
used in Segwit?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 04:25:29 -0000
On Wed, Jan 24, 2018 at 3:50 AM, =D0=90=D1=80=D1=82=D1=91=D0=BC =D0=9B=D0=
=B8=D1=82=D0=B2=D0=B8=D0=BD=D0=BE=D0=B2=D0=B8=D1=87 via bitcoin-dev
<bitcoin-dev@lists.linuxfoundation.org> wrote:
> Greetings.
>
> I wanted to ask what was the rationale behind still having both public
> key and signature in Segwit witness?
>
> As is known for a while, the public key can be derived from the
> signature and a quadrant byte, a trick that is successfully used both
> in Bitcoin message signing algorithm and in Ethereum transaction
> signatures. The later in particular suggests that this is a perfectly
> functional and secure alternative.
> Leaving out the public key would have saved 33 bytes per signature,
> which is quite a lot.
>
> So, the question is - was there a good reason to do it the old way
> (security, performance, privacy, something else?), or was it something
> that haven't been thought of/considered at the time?
It is slow to verify, incompatible with batch validation, doesn't save
space if hashing isn't used, and is potentially patent encumbered.
|