1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Return-Path: <theartlav@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id CB7688E2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 03:50:11 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ot0-f172.google.com (mail-ot0-f172.google.com
[74.125.82.172])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 795822C4
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 03:50:11 +0000 (UTC)
Received: by mail-ot0-f172.google.com with SMTP id f100so2441898otf.3
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Jan 2018 19:50:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=KJdIGLdiClOqFCtlWWIWHIXeYWqBPJ/uvG+sBfaJIpk=;
b=FOrcy2+qEY6Y4ekjEg5SYcbSF6RsolApk3AxA9krJSsUYJxwoSxPt+A8HCLdi3Ch76
5GfyDR3r1epFWLODDTmlKYIQ4ZsU6kGieQi7YkTU3zghLmqWl15IvB/vdKNdAy0n5V1r
ez32n74B+71WZpqBde1P6ISJ3NWDlUjmcelYgKV5VSe99Zd0WarHg2JNU2ZVkuAcUqHH
E9+VlnXF/yi1F2T3s8Zb3Psh2U89DouBMFmRvEarGcAAUpyu87RbtSNV1uvA8IdZlSDl
REGSlpVv7U9v5/sW3xq55oOPmWmS5G0S46bYIDLRuC4KG7OQbj9VtNMfe9wRMH8/JOzD
RbnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=KJdIGLdiClOqFCtlWWIWHIXeYWqBPJ/uvG+sBfaJIpk=;
b=cc6BXEUYXnN8CilKUpDdIK7hJEqPbtWAHgo7gQBokQ85MpiGgRFSaB6XK4Pk5HNLG2
uOZlSbONHh5XP4WUlXTpgBUtkE/f3wuL+dinABFUY/BKew0IYpPeY26VmJ7dToQXsFsT
Q7gJHQkDU2Bf8Z2m6UpUTdFu+PXdAKIeJM2FGplPwLW4sx5p6slpaLk97EZ+cShO5UiN
xTFebtn+lXfN5PnJiG/oW8YR/j3uZOdAb0Yg575dk73ttv83lNX690QpU8m4bpzy4Gjr
1Rp1joyoKi3H4D99qquyC4SUIuIwE7zIo2Y4ldyst9Be0JPS25ko4Vgxjre2QH3yZcpa
j3gw==
X-Gm-Message-State: AKwxytcuPm2zu43kaWeURnWB73cRJsK4Wup96Jo3p2j61EwqcJgFUi/I
sFqsBlOVHbUZNC5a4xfGNVoPkUobqcqRD92VPw0=
X-Google-Smtp-Source: AH8x224nKFREKn9Z2v9MdHJJQiXN2sPysuHDd5hVOaYawoj3Ziog3rbTrNnBSCHhqpIs0lpWesnq1lH1yAjGEldypEg=
X-Received: by 10.157.25.44 with SMTP id j44mr8156111ota.111.1516765810563;
Tue, 23 Jan 2018 19:50:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.60.145 with HTTP; Tue, 23 Jan 2018 19:50:10 -0800 (PST)
From: =?UTF-8?B?0JDRgNGC0ZHQvCDQm9C40YLQstC40L3QvtCy0LjRhw==?=
<theartlav@gmail.com>
Date: Wed, 24 Jan 2018 06:50:10 +0300
Message-ID: <CAJRVQkBPQR3Gz3AtWFgK_Z_9vDVZvR4Ws=f+tUZ3Y0mdswuk_g@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 24 Jan 2018 04:22:39 +0000
Subject: [bitcoin-dev] Why is deriving public key from the signature not
used in Segwit?
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 03:50:11 -0000
Greetings.
I wanted to ask what was the rationale behind still having both public
key and signature in Segwit witness?
As is known for a while, the public key can be derived from the
signature and a quadrant byte, a trick that is successfully used both
in Bitcoin message signing algorithm and in Ethereum transaction
signatures. The later in particular suggests that this is a perfectly
functional and secure alternative.
Leaving out the public key would have saved 33 bytes per signature,
which is quite a lot.
So, the question is - was there a good reason to do it the old way
(security, performance, privacy, something else?), or was it something
that haven't been thought of/considered at the time?
|
