Re: ECDSA Signatures allow recovery of the public key

[jl2012]

Reviving this thread.

With all the discussion in blocksize fork, could we consider to implement this public-key-free signature? It will save about 15% space for a standard 226 bytes 1-input-2-outputs transaction.

Roughly speaking, CPU speed and network speed doubles every 18 and 21 months respectively. Therefore, it makes sense to shift the burden from the network to CPU. Also, it is always possible to fall back to the traditional signature verification.

[gmaxwell]

Please don't bump old threads, especially not to propose something new. You can always link to the old thread in a new post.

I would strongly recommend against it. If Bitcoin were to deploy a new signature system we'd likely prefer schnorr signatures to pick up efficient multisignature; there are other approaches which much more size reduction (E.g. BLS pairing signatures are half the size); and there are other considerations.

[jl2012]

Please don't bump old threads, especially not to propose something new. You can always link to the old thread in a new post.

I would strongly recommend against it. If Bitcoin were to deploy a new signature system we'd likely prefer schnorr signatures to pick up efficient multisignature; there are other approaches which much more size reduction (E.g. BLS pairing signatures are half the size); and there are other considerations.

I always think bitcoin should support more signature systems and hash algorithms, with different key size. Low value outputs could be protected by a single small key, while high value outputs for long-term storage could be protected by multisig with different signature systems.