Greetings. I wanted to ask what was the rationale behind still having both public key and signature in Segwit witness?
As is known for a while, the public key can be derived from the signature and a quadrant byte, a trick that is successfully used both in Bitcoin message signing algorithm and in Ethereum transaction signatures. The later in particular suggests that this is a perfectly functional and secure alternative. Leaving out the public key would have saved 33 bytes per signature, which is quite a lot. So, the question is - was there a good reason to do it the old way (security, performance, privacy, something else?), or was it something that haven't been thought of/considered at the time? _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
