[bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)
Mark Friedenbach
mark at friedenbach.org
Fri Sep 22 21:39:45 UTC 2017
You generally know the witness size to within a few bytes right before signing. Why would you not? You know the size of ECDSA signatures. You can be told the size of a hash preimage by the other party. It takes some contriving to come up with a scheme where one party has variable-length signatures of their chosing
> On Sep 22, 2017, at 2:32 PM, Sergio Demian Lerner <sergio.d.lerner at gmail.com> wrote:
>
> But generally before one signs a transaction one does not know the signature size (which may be variable). One can only estimate the maximum size.
More information about the bitcoin-dev
mailing list