[bitcoin-dev] cleanstack alt stack & softfork improvements (Was: Merkle branch verification & tail-call semantics for generalized MAST)

Mark Friedenbach mark at friedenbach.org
Fri Sep 22 21:39:45 UTC 2017


You generally know the witness size to within a few bytes right before signing. Why would you not? You know the size of ECDSA signatures. You can be told the size of a hash preimage by the other party. It takes some contriving to come up with a scheme where one party has variable-length signatures of their chosing

> On Sep 22, 2017, at 2:32 PM, Sergio Demian Lerner <sergio.d.lerner at gmail.com> wrote:
> 
> But generally before one signs a transaction one does not know the signature size (which may be variable). One can only estimate the maximum size. 



More information about the bitcoin-dev mailing list