Author

Topic: Is it possible to trim the public key in bitcoin transaction's script? (Read 961 times)

member
Activity: 65
Merit: 10

The smaller size of transaction is not only good for disk but also network.

Yes, you can have a high performance computer, so you will not meet performance problem at all.

Thanks. Cheesy
legendary
Activity: 1260
Merit: 1019
Quote
For 30MB -> 20MB, CPU is more expensive than Space.
For 30GB -> 20GB, Space is more expensive.
For 30TB -> 20TB, Space is far more......
I do not understang your math.
Cost of sum should be equal to sum of costs

Quote
The CPU's verification need be done only once, but the storage occupation are forever.

I have two 1TB HDD in my computer.
First one is 90% full, second one is 10% full.
Does it mean that there is difference in their cost?
member
Activity: 65
Merit: 10
Quote
And for full nodes, the storage is much more expensive than CPU.
Proof?

1st.
For 30MB -> 20MB, CPU is more expensive than Space.
For 30GB -> 20GB, Space is more expensive.
For 30TB -> 20TB, Space is far more......

2nd.
The CPU's verification need be done only once, but the storage occupation are forever.

Thanks. Cheesy
legendary
Activity: 1260
Merit: 1019
Quote
And for full nodes, the storage is much more expensive than CPU.
Proof?
member
Activity: 65
Merit: 10
For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalksearch.org/topic/ecdsa-signatures-allow-recovery-of-the-public-key-6430
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy

The section 7 of Satoshi's paper is NOT about SPV

"Reclaiming Disk Space". OK.
legendary
Activity: 1792
Merit: 1111
For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalksearch.org/topic/ecdsa-signatures-allow-recovery-of-the-public-key-6430
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy

The section 7 of Satoshi's paper is NOT about SPV
member
Activity: 65
Merit: 10
For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalksearch.org/topic/ecdsa-signatures-allow-recovery-of-the-public-key-6430
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy
member
Activity: 65
Merit: 10
Quote
Is it possible to do that?

Yes and no.

Yes: it is possible to
1) create hard-fork or alt-coin with another protocol
2) use P2PK outputs instead of P2PKH outputs. This saves some space
3) use compression while storing tx data on hard disk

No: it is almost impossible to
1) change the current consensus protocol
2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys
3) use realtime compression of blockchain because it is economically unreasonable

OK, everything is possible. but this is not reasonable.


The question is not about P2PK and P2PKH.

We can recover the public key from r+s with rec_id, and verifying this with previous output address will be enough.

Thanks Cheesy
legendary
Activity: 1792
Merit: 1111
For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalksearch.org/topic/ecdsa-signatures-allow-recovery-of-the-public-key-6430
http://www.secg.org/sec1-v2.pdf section 4.1.6
legendary
Activity: 1260
Merit: 1019
Quote
Is it possible to do that?

Yes and no.

Yes: it is possible to
1) create hard-fork or alt-coin with another protocol
2) use P2PK outputs instead of P2PKH outputs. This saves some space
3) use compression while storing tx data on hard disk

No: it is almost impossible to
1) change the current consensus protocol
2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys
3) use realtime compression of blockchain because it is economically unreasonable

OK, everything is possible. but this is not reasonable.
member
Activity: 65
Merit: 10
For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?
Jump to: