[Bitcoin-development] Compressed public keys

Pieter Wuille pieter.wuille at gmail.com
Mon Nov 21 02:34:30 UTC 2011


Hello all,

I just submitted a pull request (#649) that enables the use of compressed
public keys in Bitcoin. As discovered by roconnor (IRC), this is possible
in such a way that old clients verify and relay them without problems.
They are supported by default by OpenSSL, and all alternative
implementations that use OpenSSL should support these keys just fine as
well.

Compressed public keys are 33 bytes long, and contain the same information
as normal 65-byte keys. They only contain the X coordinate of the point,
while the value of the Y-coordinate is reconstructed upon use. This
requires some CPU, but only a fraction of the cost of verifying a
signature.

In theory, one private key now corresponds to two public keys, and thus
two different addresses. As this would probably cause confusion, this
implementation chooses only one of them (at key generation time). All
keys generated when -compressedpubkeys is active, are compressed, and
their reported address is that corresponding to its compressed pubkey.

Things that need attention:
* Do all client implementations support it?
* How to represent secrets for compressed pubkeys?
* send-to-pubkey transactions are untested, for now

-- 
Pieter




More information about the bitcoin-dev mailing list