<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Nov 24, 2015 at 12:34 PM, Chris Priest via bitcoin-dev <span dir="ltr"><<a href="mailto:bitcoin-dev@lists.linuxfoundation.org" target="_blank">bitcoin-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div id=":846" class="" style="overflow:hidden">The technical reason for this is that you have to explicitly list each<br>
UTXO individually when making bitcoin transactions. There is no way to<br>
say "all the utxos". This post describes a way to achieve this. I'm<br>
not yet a bitcoin master, so there are parts of this proposal that I<br>
have not yet figured out entirely, but I'm sure other people who know<br>
more could help out.<br></div></blockquote></div><br>So every input has:</div><div class="gmail_extra"> 32-byte hash (transaction being spent)</div><div class="gmail_extra"> 4-byte output (output being spent)<br> 4-byte sequence number</div><div class="gmail_extra">... plus the scriptSig. Which is as small as about 73 bytes if you're spending a raw OP_CHECKSIG (which you can't do as a bitcoin address, but could via the BIP70 payment protocol), and which is at least two serialized bytes.<br clear="all"><div><br></div><div>Best case for any scheme to coalesce scriptSigs would to somehow make all-but-the-first scriptSig zero-length, so the inputs would be 42 bytes instead of 40+73 bytes -- the coalesce transaction would be about one-third the size, so instead of paying (say) $1 in transaction fees you'd pay 37 cents.</div><div><br></div><div>That's in the gray are of the "worth doing" threshold-- if it was a 10x improvement (pay 10 cents instead of $1) it'd be in my personal "definitely worth the trouble of doing" category.</div><div><br></div><div>RE: the scheme: an OP_RINGSIGVERIFY is probably the right way to do this:</div><div> <a href="https://en.wikipedia.org/wiki/Ring_signature">https://en.wikipedia.org/wiki/Ring_signature</a></div><div><br></div><div>The funding transactions would be: <public key> OP_RINGSIGVERIFY</div><div>... which might could be redeemed with <ring signature> for one input and then... uhh... maybe just <index_to_input_with_signature> for the other inputs that are part of the same ring signature group (OP_0 if the first input has the signature that is good for all the other public keys, which would be the common case).</div><div><br></div>-- <br><div class="gmail_signature">--<br>Gavin Andresen<br></div>
</div></div>