Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
Indeed... I would have bet that I had other examples with p2pkh this time but apparently I imagined it Le 24/01/2018 à 12:35, Gregory Maxwell a écrit : > On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vitte> wrote: >> Then what about >> https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex >> ? >> >> Scriptsig: >> >> 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 >> >> No pubkey... > Because the pubkey is in the scriptPubKey of vout 0 of > 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which > it is spending. -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
On Wed, Jan 24, 2018 at 11:16 AM, Aymeric Vittewrote: > Then what about > https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex > ? > > Scriptsig: > > 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 > > No pubkey... Because the pubkey is in the scriptPubKey of vout 0 of 40872a376e98a1f8b285827c2ad8c5b3eec7d779d752dc3a4adda5d9bb70f3b5 which it is spending. ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
Then what about https://blockchain.info/tx/226a8b08dc46a00e9ecec5567a303a0b354bef3c1674476eb5e4b627b2ace493?format=hex ? Scriptsig: 473044022057a1234709270325e7215200f982546304cf465971cbd55d54231ead54ef1a7802207a82e93ef2b0f87188abe87bccb67ee9d5c650b1b58948e5b1c80ba1b4c43dc301 No pubkey... Le 24/01/2018 à 11:31, Gregory Maxwell a écrit : > On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vitte> wrote: >> out the fact that pubkey is there now even for standard p2pkh >> transactions and it was not the case some time ago >> >> But I never got any answer regarding what motivated this change >> (compared to the previous behavior) and when, so whether I am missing >> something obvious, whether nobody wants to answer > No such behaviour ever existed, you are simply mistaken. -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
On Wed, Jan 24, 2018 at 10:24 AM, Aymeric Vittewrote: > out the fact that pubkey is there now even for standard p2pkh > transactions and it was not the case some time ago > > But I never got any answer regarding what motivated this change > (compared to the previous behavior) and when, so whether I am missing > something obvious, whether nobody wants to answer No such behaviour ever existed, you are simply mistaken. ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
34 bytes in fact I have asked already the question at least twice on this list pointing out the fact that pubkey is there now even for standard p2pkh transactions and it was not the case some time ago But I never got any answer regarding what motivated this change (compared to the previous behavior) and when, so whether I am missing something obvious, whether nobody wants to answer Txs without pubkey are now rejected then what is the element in the code (protocol, version, etc) that "decided" this? Le 24/01/2018 à 05:25, Gregory Maxwell via bitcoin-dev a écrit : > On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-dev >wrote: >> Greetings. >> >> I wanted to ask what was the rationale behind still having both public >> key and signature in Segwit witness? >> >> As is known for a while, the public key can be derived from the >> signature and a quadrant byte, a trick that is successfully used both >> in Bitcoin message signing algorithm and in Ethereum transaction >> signatures. The later in particular suggests that this is a perfectly >> functional and secure alternative. >> Leaving out the public key would have saved 33 bytes per signature, >> which is quite a lot. >> >> So, the question is - was there a good reason to do it the old way >> (security, performance, privacy, something else?), or was it something >> that haven't been thought of/considered at the time? > It is slow to verify, incompatible with batch validation, doesn't save > space if hashing isn't used, and is potentially patent encumbered. > ___ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Re: [bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
On Wed, Jan 24, 2018 at 3:50 AM, Артём Литвинович via bitcoin-devwrote: > Greetings. > > I wanted to ask what was the rationale behind still having both public > key and signature in Segwit witness? > > As is known for a while, the public key can be derived from the > signature and a quadrant byte, a trick that is successfully used both > in Bitcoin message signing algorithm and in Ethereum transaction > signatures. The later in particular suggests that this is a perfectly > functional and secure alternative. > Leaving out the public key would have saved 33 bytes per signature, > which is quite a lot. > > So, the question is - was there a good reason to do it the old way > (security, performance, privacy, something else?), or was it something > that haven't been thought of/considered at the time? It is slow to verify, incompatible with batch validation, doesn't save space if hashing isn't used, and is potentially patent encumbered. ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
[bitcoin-dev] Why is deriving public key from the signature not used in Segwit?
Greetings. I wanted to ask what was the rationale behind still having both public key and signature in Segwit witness? As is known for a while, the public key can be derived from the signature and a quadrant byte, a trick that is successfully used both in Bitcoin message signing algorithm and in Ethereum transaction signatures. The later in particular suggests that this is a perfectly functional and secure alternative. Leaving out the public key would have saved 33 bytes per signature, which is quite a lot. So, the question is - was there a good reason to do it the old way (security, performance, privacy, something else?), or was it something that haven't been thought of/considered at the time? ___ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev