Bitcoin Forum
September 23, 2018, 12:05:06 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Why are pubkeys used in HTLCs instead of pubkey hashes?  (Read 35 times)
colatkinson
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2017, 09:16:42 AM
 #1

Every resource I've looked at seems to suggest that the HTLCs used by LN are roughly of the form

Code:
HASH160 <revokehash> EQUAL
IF
    <Bob's pubkey>
ELSE
    "24h" CHECKSEQUENCEVERIFY DROP
    <Alice's pubkey>
ENDIF
CHECKSIG

Why was this was chosen instead of a variant based on the hash of the public key, similar to the standard P2PKH script? Something like

Code:
HASH160 <revokehash> EQUAL
IF
    DUP HASH160 <Bob's pubkey hash>
ELSE
    "24h" CHECKSEQUENCEVERIFY DROP
    DUP HASH160 <Alice's pubkey hash>
ENDIF
EQUALVERIFY
CHECKSIG

I'm sure that this could be expressed more elegantly, but whatever. If my arithmetic is on, doing so would shave off 19 bytes per script (64 bytes for two pubkeys vs 45 bytes for the two hashes and 5 extra opcodes).

So what's the catch? Am I missing something important in the script? Any insight would be appreciated.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537661106
Hero Member
*
Offline Offline

Posts: 1537661106

View Profile Personal Message (Offline)

Ignore
1537661106
Reply with quote  #2

1537661106
Report to moderator
1537661106
Hero Member
*
Offline Offline

Posts: 1537661106

View Profile Personal Message (Offline)

Ignore
1537661106
Reply with quote  #2

1537661106
Report to moderator
1537661106
Hero Member
*
Offline Offline

Posts: 1537661106

View Profile Personal Message (Offline)

Ignore
1537661106
Reply with quote  #2

1537661106
Report to moderator
colatkinson
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
December 28, 2017, 11:21:32 AM
 #2

Wow, I'm an idiot.

P2PKH transactions are not actually smaller than P2PK transactions (I swear to god it was in the wiki somewhere, but I can't find it now for the life of me). While the redeem script is smaller, the full public key now has to be included in the input script, making it much larger. And here I was thinking I made some magical space-saving discovery Grin
haltingprobability
Member
**
Offline Offline

Activity: 98
Merit: 20


View Profile
December 28, 2017, 02:36:51 PM
 #3

Wow, I'm an idiot.

Happens to all of us. As I was falling asleep last night, I realized that I've been consistently thinking that the private key space for secp256k1 is 2129 when it is actually 2256-2129, a vastly larger number, close to 2255. Duh.
pebwindkraft
Full Member
***
Offline Offline

Activity: 246
Merit: 202


View Profile
December 28, 2017, 02:47:39 PM
 #4

Wow, I'm an idiot.
that doesn't make you an idiot - au contraire, mon ami!  Cheesy Wink
With a P2PKH you have roughly 227 bytes per tx, but when you use the full public key (compressed or uncompressed), it get's a bit longer. A good summary was here: https://bitcoin.stackexchange.com/questions/1195/how-to-calculate-transaction-size-before-sending-legacy-non-segwit-p2pkh-p2sh
And yes, multisig and CSV/CLTV or any smart contracts increase the size. And then of course segwit, decreasing size :-)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!