On Thu, May 28, 2026 at 10:25:51AM -0700, Murch wrote: > One-time signature schemes are not well-suited for Bitcoin because they: > > - cannot be used to participate in multi-user transaction (as another > participant could fail the process and force a second signature) > - incur lost funds or lost keys upon address reuse (as every node would need > to track every output script to prevent duplicates, and the recipient has no > say in their output script being sent to another time) > - are incompatible with transaction replacement (zero-conf enthusiasts > rejoice!)
Note that you can design a message signing scheme where you can use a pubkey to sign a merkle tree of messages. In the case of a transaction, multiple conflicting versions of the transaction with different fee rates. Basically, a One Time Signing Scheme that produces multiple signatures for one signing event. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aiFbBdvndmMhIcbW%40petertodd.org.
signature.asc
Description: PGP signature
