Author: Gregory Maxwell 2018-01-24 04:25:28
Published on: 2018-01-24T04:25:28+00:00
In a bitcoin-dev email thread, Артём Литвинович questioned the rationale behind having both public key and signature in Segwit witness. He suggested that since the public key can be derived from the signature and a quadrant byte, leaving out the public key would have saved 33 bytes per signature. However, it was pointed out that this method is slow to verify and incompatible with batch validation. Additionally, it doesn't save space if hashing isn't used, and could potentially be patent encumbered. The reason for keeping both public key and signature in Segwit witness is not specifically stated, but it appears there are valid security, performance, and patent-related reasons for doing so.
Updated on: 2023-05-20T05:03:05.756796+00:00