Gah, please no. I see no material reason why cross-input signature aggregation shouldn't have the signatures in the first n-1 inputs replaced with something like a single-byte push where a signature is required to indicate aggregation, and the combined signature in the last input at whatever position the signature is required.
On January 27, 2018 5:07:25 PM UTC, Russell O'Connor via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: -snip- >Cross-input signature aggregation probably requires a new field to be >added >to the P2P transaction structure to hold the aggregated signature, >since >there isn't really a good place to put it in the existing structure >(there >are games you can play to make it fit, but I think it is worthwhile). >The >obvious way add block commitments to a new tx field is via the witness >reserved value mechanism present in BIP 141. At this point I think >there >will be some leeway to adjust the discount on the weight of this new >aggregated signature tx field so that even a single input taproot using >the >aggregated signature system (here an aggregation of 1 signature) ends >up no >more expensive than a single input segwit P2WPKH. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
