Re: ECDSA Signatures allow recovery of the public key

jl2012

legendary

Activity: 1792

Merit: 1087

Quote from: gmaxwell on January 19, 2015, 11:05:31 AM

Please don't bump old threads, especially not to propose something new. You can always link to the old thread in a new post.

I would strongly recommend against it. If Bitcoin were to deploy a new signature system we'd likely prefer schnorr signatures to pick up efficient multisignature; there are other approaches which much more size reduction (E.g. BLS pairing signatures are half the size); and there are other considerations.

I always think bitcoin should support more signature systems and hash algorithms, with different key size. Low value outputs could be protected by a single small key, while high value outputs for long-term storage could be protected by multisig with different signature systems.

gmaxwell

staff

Activity: 4172

Merit: 8419

Please don't bump old threads, especially not to propose something new. You can always link to the old thread in a new post.

I would strongly recommend against it. If Bitcoin were to deploy a new signature system we'd likely prefer schnorr signatures to pick up efficient multisignature; there are other approaches which much more size reduction (E.g. BLS pairing signatures are half the size); and there are other considerations.

jl2012

legendary

Activity: 1792

Merit: 1087

Reviving this thread.

With all the discussion in blocksize fork, could we consider to implement this public-key-free signature? It will save about 15% space for a standard 226 bytes 1-input-2-outputs transaction.

Roughly speaking, CPU speed and network speed doubles every 18 and 21 months respectively. Therefore, it makes sense to shift the burden from the network to CPU. Also, it is always possible to fall back to the traditional signature verification.

Topic: Re: ECDSA Signatures allow recovery of the public key (Read 705 times)