-
Notifications
You must be signed in to change notification settings - Fork 622
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DRAFT: Eliminate duplicate crypto types like PublicKey #2013
base: master
Are you sure you want to change the base?
Conversation
A few tweaks had to be made to make uncompressed keys officially second-class citizens.
concept NACK. This forces the user to keep track of compressedness outside of the public key type. If you don't want to keep track of compressedness then just use Taproot where there's only one key type. |
Is there some way we can make legacy keys (ones that need to know about compressedness) second class citizens. This PR is the result of some chats @stevenroose and I have been having. I was wanting to add |
Am I right in thinking that the compressedness is only used when using a |
No. It is used any time a public key appears anywhere in a pre-segwit script. |
No more than any other property of a public key is "an encoding concept". If you flip the compressedness bit then valid signatures become invalid. |
Ok, thanks for the clarification. Hijacking Steven's thread here but what do you think of legacy versions of keys @apoelstra? useful, useful-but-waste-of-time, unuseful? |
I see the need for some way to bundle a public key together with whether this key ought to be used in Script in an compressed or uncompressed form. Though I do feel like it's fair to make this complicated for the <0.01% of cases. You can't deny that any new thing, protocol, wallet, whatever, will always use compressed keys. The only use-case for uncompressed keys is to recover coins that were stored years ago and are almost always one-offs. My main problem is that, just because our
|
Maybe an alternative is to rename it |
Ok, how about:
The result is pretty close to this PR. |
Sweeeet, now we are getting somewhere! |
This will change a lot of things for many users. I would like to test this PR out on rust-miniscript repo to have an informed opinion on the implications of this one. I liked the conceptual separation of bitcoin::PublicKey and EC key inside it. Most people should only use I would pretty much prefer a new type I hope that none of code breaks because we are silently changing the rules of fundamental data type in rust-bitcoin. |
@sanket1729 compressedness is not a property of a public key though. It's only a property of how you serialize it. So a "compressed key" isn't even really a thing, other than "a public key serialized to bytes in compressed format". @apoelstra I can live with that. The one remaining issue then is the That being said, let me give a shot at that change maybe later tonight. |
We could maybe coerce uncompressed keys to compressed ones in PSBT for mapping purposes. This would cause collisions/problems if somebody was using both the uncompressed and compressed version of a single key ... but we won't be the only software that such users will be unable to use. I think this would let us support very old uncompressed-only wallets without any problems for normal users. I note that BIP 174/170 do not mention the word "compressed" once. Nor do they mention hybrid keys, which are supported by Bitcoin's consensus code but AFAIK literally no wallet has ever supported (there is no way to encode these private keys using WIF so you'd have to do something custom). So it might be alright to just not support uncompressed keys at all, with the justification that they're barely more useful/supported than hybrid keys are.. |
Some of you with a good memory will think "here he goes again".. Well, here I go again :)
First commit eliminates
bitcoin::PublicKey
. I plan to replacebitcoin::PrivateKey
with awif::Key
type that is not used elsewhere, just used for WIF format.Then maybe I have some idea for signatures.
I'm currently on the move, though, so I might not have time for this immediatelly.