Hey Yuri, On Mon, Dec 18, 2023 at 6:19 AM Yuri S VB via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: > down from 136 from ECC.
Schnorr signature has size 64 bytes (serialized format consists of x coordinate of R and of s, 32 bytes each). > The whole point is that, in the typical use case in which pre-image of hash > is, in fact, successfully broadcasted before maturity, commitment, the only > ECC signature in this protocol is discarded, and only two Lamport hashes end > up being buried at L1. Two SHA256 hashes are 64 bytes in total, the same as one schnorr signature. > To push economy even further, we could implement a memory-hard hash like > Argon2 to do the same entropy-processing trade-off already utilized for > passwords, so we could have hashes of, say 12 bytes, making it 24 in total 12 bytes security for spending bitcoins is not enough, is it? -- Best regards, Boris Nagaev _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev