There is no harm in the value being a maximum off by a few bytes.
> On Sep 22, 2017, at 2:54 PM, Sergio Demian Lerner
> wrote:
>
> If the variable size increase is only a few bytes, then three possibilities
> arise:
>
> - one should allow signatures to be zero
You generally know the witness size to within a few bytes right before signing.
Why would you not? You know the size of ECDSA signatures. You can be told the
size of a hash preimage by the other party. It takes some contriving to come up
with a scheme where one party has variable-length
>
> There are other solutions to this problem that could have been taken
> instead, such as committing to the number of items or maximum size of
> the stack as part of the sighash data, but cleanstack was the approach
> taken.
The lack of signed maximum segwit stack size was one of the
> On Sep 22, 2017, at 1:32 PM, Sergio Demian Lerner
> wrote:
>
>
>
> There are other solutions to this problem that could have been taken
> instead, such as committing to the number of items or maximum size of
> the stack as part of the sighash data, but cleanstack
But generally before one signs a transaction one does not know the
signature size (which may be variable). One can only estimate the maximum
size.
On Fri, Sep 22, 2017 at 6:11 PM, Mark Friedenbach
wrote:
>
> On Sep 22, 2017, at 1:32 PM, Sergio Demian Lerner <
>
If the variable size increase is only a few bytes, then three possibilities
arise:
- one should allow signatures to be zero padded (to reach the maximum size)
and abandon strict DER encoding
- one should allow spare witness stack elements (to pad the size to match
the maximum size) and remove
Good morning bitcoin-dev,
I have yet another sidechain proposal:
https://zmnscpxj.github.io/sidechain/mainstake/index.html
I make the below outlandish claims in the above link:
1. While a 51% mainchain miner theft is still possible, it will take even
longer than in drivechains (either months