subject:"\[bitcoin\-dev\] Why is deriving public key from the signature not used in Segwit\?"

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-24 Thread Aymeric Vitte via bitcoin-dev

Indeed... I would have bet that I had other examples with p2pkh this
time but apparently I imagined it


Le 24/01/2018 à 12:35, Gregory Maxwell a écrit :
> On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vitte  
> wrote:
>> Then what about
>> https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex
>> ?
>>
>> Scriptsig:
>>
>> 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301
>>
>> No pubkey...
> Because the pubkey is in the scriptPubKey of vout 0 of
> 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which
> it is spending.

-- 
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-24 Thread Gregory Maxwell via bitcoin-dev

On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vitte  wrote:
> Then what about
> https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex
> ?
>
> Scriptsig:
>
> 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301
>
> No pubkey...

Because the pubkey is in the scriptPubKey of vout 0 of
40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which
it is spending.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-24 Thread Aymeric Vitte via bitcoin-dev

Then what about
https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex
?

Scriptsig:

473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301

No pubkey...


Le 24/01/2018 à 11:31, Gregory Maxwell a écrit :
> On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vitte  
> wrote:
>> out the fact that pubkey is there now even for standard p2pkh
>> transactions and it was not the case some time ago
>>
>> But I never got any answer regarding what motivated this change
>> (compared to the previous behavior) and when, so whether I am missing
>> something obvious, whether nobody wants to answer
> No such behaviour ever existed, you are simply mistaken.

-- 
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-24 Thread Gregory Maxwell via bitcoin-dev

On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vitte  wrote:
> out the fact that pubkey is there now even for standard p2pkh
> transactions and it was not the case some time ago
>
> But I never got any answer regarding what motivated this change
> (compared to the previous behavior) and when, so whether I am missing
> something obvious, whether nobody wants to answer

No such behaviour ever existed, you are simply mistaken.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-24 Thread Aymeric Vitte via bitcoin-dev

34 bytes in fact

I have asked already the question at least twice on this list pointing
out the fact that pubkey is there now even for standard p2pkh
transactions and it was not the case some time ago

But I never got any answer regarding what motivated this change
(compared to the previous behavior) and when, so whether I am missing
something obvious, whether nobody wants to answer

Txs without pubkey are now rejected then what is the element in the code
(protocol, version, etc) that "decided" this?


Le 24/01/2018 à 05:25, Gregory Maxwell via bitcoin-dev a écrit :
> On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-dev
>  wrote:
>> Greetings.
>>
>> I wanted to ask what was the rationale behind still having both public
>> key and signature in Segwit witness?
>>
>> As is known for a while, the public key can be derived from the
>> signature and a quadrant byte, a trick that is successfully used both
>> in Bitcoin message signing algorithm and in Ethereum transaction
>> signatures. The later in particular suggests that this is a perfectly
>> functional and secure alternative.
>> Leaving out the public key would have saved 33 bytes per signature,
>> which is quite a lot.
>>
>> So, the question is - was there a good reason to do it the old way
>> (security, performance, privacy, something else?), or was it something
>> that haven't been thought of/considered at the time?
> It is slow to verify, incompatible with batch validation, doesn't save
> space if hashing isn't used, and is potentially patent encumbered.
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

-- 
Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions
Zcash wallets made simple: https://github.com/Ayms/zcash-wallets
Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets
Get the torrent dynamic blocklist: http://peersm.com/getblocklist
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-23 Thread Gregory Maxwell via bitcoin-dev

On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-dev
 wrote:
> Greetings.
>
> I wanted to ask what was the rationale behind still having both public
> key and signature in Segwit witness?
>
> As is known for a while, the public key can be derived from the
> signature and a quadrant byte, a trick that is successfully used both
> in Bitcoin message signing algorithm and in Ethereum transaction
> signatures. The later in particular suggests that this is a perfectly
> functional and secure alternative.
> Leaving out the public key would have saved 33 bytes per signature,
> which is quite a lot.
>
> So, the question is - was there a good reason to do it the old way
> (security, performance, privacy, something else?), or was it something
> that haven't been thought of/considered at the time?

It is slow to verify, incompatible with batch validation, doesn't save
space if hashing isn't used, and is potentially patent encumbered.
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

[bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

2018-01-23 Thread Артём Литвинович via bitcoin-dev

Greetings.

I wanted to ask what was the rationale behind still having both public
key and signature in Segwit witness?

As is known for a while, the public key can be derived from the
signature and a quadrant byte, a trick that is successfully used both
in Bitcoin message signing algorithm and in Ethereum transaction
signatures. The later in particular suggests that this is a perfectly
functional and secure alternative.
Leaving out the public key would have saved 33 bytes per signature,
which is quite a lot.

So, the question is - was there a good reason to do it the old way
(security, performance, privacy, something else?), or was it something
that haven't been thought of/considered at the time?
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

[bitcoin-dev] Why is deriving public key from the signature not used in Segwit?

7 matches

Site Navigation

Mail list logo

Footer information