Bitcoin Forum
November 05, 2024, 01:12:01 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Is it possible to trim the public key in bitcoin transaction's script?  (Read 956 times)
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 07:34:23 AM
 #1

For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1019


View Profile
January 19, 2015, 08:20:09 AM
 #2

Quote
Is it possible to do that?

Yes and no.

Yes: it is possible to
1) create hard-fork or alt-coin with another protocol
2) use P2PK outputs instead of P2PKH outputs. This saves some space
3) use compression while storing tx data on hard disk

No: it is almost impossible to
1) change the current consensus protocol
2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys
3) use realtime compression of blockchain because it is economically unreasonable

OK, everything is possible. but this is not reasonable.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
January 19, 2015, 08:21:35 AM
 #3

For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalk.org/index.php?topic=6430.0
http://www.secg.org/sec1-v2.pdf section 4.1.6

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 08:48:47 AM
 #4

Quote
Is it possible to do that?

Yes and no.

Yes: it is possible to
1) create hard-fork or alt-coin with another protocol
2) use P2PK outputs instead of P2PKH outputs. This saves some space
3) use compression while storing tx data on hard disk

No: it is almost impossible to
1) change the current consensus protocol
2) use P2PK outputs instead of P2PKH outputs because all software works with addresses, not public keys
3) use realtime compression of blockchain because it is economically unreasonable

OK, everything is possible. but this is not reasonable.


The question is not about P2PK and P2PKH.

We can recover the public key from r+s with rec_id, and verifying this with previous output address will be enough.

Thanks Cheesy

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 08:49:35 AM
 #5

For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalk.org/index.php?topic=6430.0
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
January 19, 2015, 08:54:21 AM
 #6

For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalk.org/index.php?topic=6430.0
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy

The section 7 of Satoshi's paper is NOT about SPV

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 08:57:25 AM
 #7

For a decentralized system like Bitcoin, the IO is much more expensive than the CPU. One byte of extra data means transferring to and storing on all nodes. So saving the data storage is very important to Bitcoin.

In the transaction structure of Bitcoin, if removing the public key part in the transaction data, we may save nearly 30% of storage. The cost is we have to check the previous output to check the signature. But still it is worth to do the trim, cause the 30% data saving. (the blockchain data may be decreased from 30GB to 20GB)

Is it possible to do that?

It is technically possible with a fork, but that will cause a much bigger problem.

In current design, a node can forget all spent outputs. Also, a node can forget scriptSig after verification, and store the UTXO only. If a new transaction may refer to the information in the historical blockchain, nodes have to store the whole blockchain forever.

Satoshi has already addressed this problem in the section 7 of his white paper: https://bitcoin.org/bitcoin.pdf . Please read before you propose a new "solution".

--------------------

Alternatively, it is possible to calculate the public key with only the signature and the signed message. The trade-off is spending more CPU time.

Read more:
https://bitcointalk.org/index.php?topic=6430.0
http://www.secg.org/sec1-v2.pdf section 4.1.6

I think we are talking about the full node implementatioin, not SPV

And for full nodes, the storage is much more expensive than CPU.

Thanks Cheesy

The section 7 of Satoshi's paper is NOT about SPV

"Reclaiming Disk Space". OK.

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1019


View Profile
January 19, 2015, 09:03:19 AM
 #8

Quote
And for full nodes, the storage is much more expensive than CPU.
Proof?
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 09:18:11 AM
 #9

Quote
And for full nodes, the storage is much more expensive than CPU.
Proof?

1st.
For 30MB -> 20MB, CPU is more expensive than Space.
For 30GB -> 20GB, Space is more expensive.
For 30TB -> 20TB, Space is far more......

2nd.
The CPU's verification need be done only once, but the storage occupation are forever.

Thanks. Cheesy

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
amaclin
Legendary
*
Offline Offline

Activity: 1260
Merit: 1019


View Profile
January 19, 2015, 09:26:08 AM
 #10

Quote
For 30MB -> 20MB, CPU is more expensive than Space.
For 30GB -> 20GB, Space is more expensive.
For 30TB -> 20TB, Space is far more......
I do not understang your math.
Cost of sum should be equal to sum of costs

Quote
The CPU's verification need be done only once, but the storage occupation are forever.

I have two 1TB HDD in my computer.
First one is 90% full, second one is 10% full.
Does it mean that there is difference in their cost?
zhouqi_cn (OP)
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
January 19, 2015, 09:42:06 AM
 #11


The smaller size of transaction is not only good for disk but also network.

Yes, you can have a high performance computer, so you will not meet performance problem at all.

Thanks. Cheesy

比太钱包(Bither)
比太钱包 - 易用、安全的比特币钱包!
Bither - a simple and secure Bitcoin wallet!
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!