Bitcoin Forum
June 27, 2022, 06:55:53 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: "In Bitcoin, public key are either compressed or uncompressed"  (Read 642 times)
Gol
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
March 01, 2014, 08:04:19 PM
 #1

Hello all!
the subject is for here:
https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm

please help me clarify this:
who and how the decision to use compressed or uncompressed is made?

thank you!
Gol.
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1656356153
Hero Member
*
Offline Offline

Posts: 1656356153

View Profile Personal Message (Offline)

Ignore
1656356153
Reply with quote  #2

1656356153
Report to moderator
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1016



View Profile
March 01, 2014, 08:10:57 PM
 #2

Search is not quite so useless here that it wouldn't have answered your question.

The decision is made when the address is created, or on a more meta level when the software that generates the keys is written.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Gol
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
March 01, 2014, 08:24:07 PM
 #3

Thanks.
i did a search, no answer on why and who.

The decision is made when the address is created, or on a more meta level when the software that generates the keys is written.

who or what are the criteria(s) for the decision?

kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1016



View Profile
March 01, 2014, 08:27:26 PM
 #4

Basically, it comes down to whether or not the person writing the key generator understands compressed keys or not.  There is only one reason why uncompressed keys should ever be made new, and that reason is that the author didn't know how to compress them.  Also, that isn't a very good reason.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Gol
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
March 01, 2014, 08:39:07 PM
 #5

Basically, it comes down to whether or not the person writing the key generator understands compressed keys or not.  There is only one reason why uncompressed keys should ever be made new, and that reason is that the author didn't know how to compress them.  Also, that isn't a very good reason.

ok! so lets say that "we" only use ready made client download(or any 3rd party) for the Bitcoin site
and "we" want to send coins to someone- by pressing "send"(or OK or what ever):
uncompressed or compressed?
piotr_n
Legendary
*
Offline Offline

Activity: 2054
Merit: 1249


aka tonikt


View Profile WWW
March 01, 2014, 08:41:30 PM
 #6

it's all up to your wallet, that generates public addresses (the ones that start with 1...)

for instance old versions of satoshi client were always creating uncompressed addresses - but the new versions always create compressed.

using my wallet you can choose what you want, but the default is compressed.

using other wallets - I don't know, but likely most of the modern ones make compressed addresses, since they are just more space efficient, thus (theoretically) cheaper in transaction fees while spending coins from them.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
piotr_n
Legendary
*
Offline Offline

Activity: 2054
Merit: 1249


aka tonikt


View Profile WWW
March 01, 2014, 08:42:37 PM
 #7

ok! so lets say that "we" only use ready made client download(or any 3rd party) for the Bitcoin site
and "we" want to send coins to someone- by pressing "send"(or OK or what ever):
uncompressed or compressed?
if you are sending to "someone" - he already decided whether his address was compressed, or not, before giving you the base58 encoded payment address.
in many cases you don't even know whether you are sending coins to compressed or uncompressed address - and you also don't care about this, because it only matters when the owner of such an address is spending the coins you sent him.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1016



View Profile
March 01, 2014, 08:48:08 PM
 #8

When you send, you are sending to a hash.  You have no idea what it is the hash of.  It could be a compressed pubkey, it could be an uncompressed pubkey.  You don't know and don't care.

The transactions that you are redeeming will be either compressed or uncompressed depending on the keys and addresses you received them with, which depends on where your addresses came from.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
Gol
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
March 01, 2014, 08:52:49 PM
 #9

...not sure i got it Huh

the sender is responsible to make the signature? if so, is it "his" responsibility to generate the signature?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1031


Gerald Davis


View Profile
March 01, 2014, 08:58:08 PM
Merited by Isildur (official) (1)
 #10

...not sure i got it Huh

the sender is responsible to make the signature? if so, is it "his" responsibility to generate the signature?


The PubKeyHash is the pubkeyhash of the receiver.  You don't need to know or care about if they used a compressed or uncompressed pubkey because you aren't "sending" coins to the PubKey you are sending it to the PubKeyHash.  The output of the transaction will contain the receiver's pubkeyhash, you don't need to know more than that.

As for the question of if your PubKey(s) for a particular transactions are compressed or uncompressed, that depends on the wallet which originally created them and which form it used.  The wallet should store the PubKey in the correct format.  When importing a private key you create the correct PubKey format depending on the flag in the private key.  The WIF for private keys has a "flag" to allow you to identify if the PubKey should be compressed or uncompressed.  If they key was originally a compressed PubKey then you will recreate a compressed PubKey and if it was originally an uncompressed one, you will recreate an uncompressed one.

As pointed out above originally uncompressed pubkeys were used.  There is absolutely no reason that was done other than Satoshi probably was not aware of compressed pubkeys.  There is no advantage to Uncompressed PubKeys and they make the wallet, transactions, blocks, and logs larger for no benefit.  Today any competent wallet designer should make all NEW keypairs compressed.  A competent wallet designer however needs to consider that a user may important EXISTING key and that key may use an uncompressed PubKey so it needs to handle both formats.  Any wallet today creating new uncompressed pubkeys has a developer who is either uninformed or lazy.

All of this is far below the level of an end users.  Unless you are designing a wallet/client you should never need to make this determination.  If you are designing a wallet your line of questions would indicate you need to stop NOW and do more research.
piotr_n
Legendary
*
Offline Offline

Activity: 2054
Merit: 1249


aka tonikt


View Profile WWW
March 01, 2014, 08:58:53 PM
 #11

bitcoin address is basically a 20 bytes long hash of the actual key, that could have been compressed or uncompressed before hashing - you cannot figure it out from the hash.

when spending coins from such an address, the signature is provided along with the original key - and then this key's hash must match the hash from the address, in order for a transaction to be valid.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
Gol
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
March 01, 2014, 09:03:21 PM
 #12

 Grin yes!
it's very clear now, thank you all!

Gol.

BTW
Quote
All of this is far below the level of an end users.  Unless you are designing a wallet/client you should never need to make this determination.  If you are designing a wallet your line of questions would indicate you need to stop NOW and do more research.

i am not "designing a wallet", but i do want to know everthing there is on Bitcoin and cryptocurrencies.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!