Bitcoin Forum
November 19, 2018, 12:11:45 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Why are pubkeys used in HTLCs instead of pubkey hashes?  (Read 35 times)
colatkinson
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2017, 09:16:42 AM
 #1

Every resource I've looked at seems to suggest that the HTLCs used by LN are roughly of the form

Code:
HASH160 <revokehash> EQUAL
IF
    <Bob's pubkey>
ELSE
    "24h" CHECKSEQUENCEVERIFY DROP
    <Alice's pubkey>
ENDIF
CHECKSIG

Why was this was chosen instead of a variant based on the hash of the public key, similar to the standard P2PKH script? Something like

Code:
HASH160 <revokehash> EQUAL
IF
    DUP HASH160 <Bob's pubkey hash>
ELSE
    "24h" CHECKSEQUENCEVERIFY DROP
    DUP HASH160 <Alice's pubkey hash>
ENDIF
EQUALVERIFY
CHECKSIG

I'm sure that this could be expressed more elegantly, but whatever. If my arithmetic is on, doing so would shave off 19 bytes per script (64 bytes for two pubkeys vs 45 bytes for the two hashes and 5 extra opcodes).

So what's the catch? Am I missing something important in the script? Any insight would be appreciated.
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
1542586305
Hero Member
*
Offline Offline

Posts: 1542586305

View Profile Personal Message (Offline)

Ignore
1542586305
Reply with quote  #2

1542586305
Report to moderator
colatkinson
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2017, 11:21:32 AM
 #2

Wow, I'm an idiot.

P2PKH transactions are not actually smaller than P2PK transactions (I swear to god it was in the wiki somewhere, but I can't find it now for the life of me). While the redeem script is smaller, the full public key now has to be included in the input script, making it much larger. And here I was thinking I made some magical space-saving discovery Grin
haltingprobability
Member
**
Offline Offline

Activity: 98
Merit: 20


View Profile
December 28, 2017, 02:36:51 PM
 #3

Wow, I'm an idiot.

Happens to all of us. As I was falling asleep last night, I realized that I've been consistently thinking that the private key space for secp256k1 is 2129 when it is actually 2256-2129, a vastly larger number, close to 2255. Duh.
pebwindkraft
Full Member
***
Offline Offline

Activity: 256
Merit: 239


View Profile
December 28, 2017, 02:47:39 PM
 #4

Wow, I'm an idiot.
that doesn't make you an idiot - au contraire, mon ami!  Cheesy Wink
With a P2PKH you have roughly 227 bytes per tx, but when you use the full public key (compressed or uncompressed), it get's a bit longer. A good summary was here: https://bitcoin.stackexchange.com/questions/1195/how-to-calculate-transaction-size-before-sending-legacy-non-segwit-p2pkh-p2sh
And yes, multisig and CSV/CLTV or any smart contracts increase the size. And then of course segwit, decreasing size :-)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!