A signature in secp256k1 is two 32 byte numbers. DER encoding a signature adds about 6-7 bytes. It also needlessly complicates things (is DER encoding used anywhere else?). In a transaction format that seems to try to squeeze every byte out, this is very strange to me. Why not just use a 64 byte string to represent sigs instead?
Asked
Active
Viewed 2,210 times
1 Answers
15
My guess is that Satoshi did not know about the internals of ECDSA signatures, and simply used what OpenSSL gave him.
If it didn't require a hard forking change (requiring every wallet and verifying node on the network to upgrade), we'd have changed it long ago.
Pieter Wuille
- 98,249
- 9
- 183
- 287