Author: Pieter Wuille 2015-09-25 03:38:59
Published on: 2015-09-25T03:38:59+00:00
In an email conversation between Rusty Russell and Pieter, they discuss the possibility of squeezing more bytes out. They suggest that the signature should be 64 bytes and should never be DER encoded. Additionally, the public key can be hashed bitcoin-address style and recovered from the signature. However, this leads to the question of why the pubkey is in the scriptSig. The reason for this is that crypto is hard, and many people may not know about this method. Public key recovery is possible on ECDSA, and the recovery id can be brute forced. In most cases, the recovery id will be 0 or 1. However, if EC-Schnorr scheme is used in libsecp256k1 instead of ECDSA, it produces 64-byte non-malleable signatures that support pubkey recovery without an additional recovery id. This scheme is experimental but is an implementation of a well researched mechanism.
Updated on: 2023-05-18T15:13:35.191508+00:00