Looking for optimally minimal data transfer to send a transaction.
Just throwing this out there; I'm sure we can do better.
Some stuff should be pre-agreed by anyone following this protocol. For example:
- Preagreed: script type (say legacy P2PKH)
- Preagreed: version 1, locktime 0, sequence maxint-1, fee 10K sats (tweak this later)
Receiver has address AR, requests X sats.
Computes scriptpubkeyhash ARSPKH 20 bytes in this case.
Sends ARSPKH + amt encoded as varint (5 bytes), total 25 bytes.
Sender finds a chosen utxo U1, on a pubkey PS, not currently reused. Same script type (P2PKH).
Constructs TX: input 0: U1+vout for PS
output 0: ARSPKH with amt as noted above.
output 1: change, back to PS encoded as P2PKH, amt is U1+vout's amount minus amt above minus 10Ksat fee.
signs and gets sig S.
Un-DER encodes S to get (r, s) of exactly 64 bytes (ignore sign).
Sends PS+S (total: 33+64 = 97 bytes).
Receiver gets 97 bytes.
- Extracts PS as first 33; converts to address P2PKH; looks up on blockchain; recovers only existing utxo U1 with amount.
- Extracts (r, s) from s and re-DER-encodes to get S*.
- Reconstructs transaction as in "Constructs TX" above
- Verifies re-DER-encoded S* to see if it fits, if not flip sign until it does.
- Inserts valid S and broadcasts.
Sender: 25 bytes.
Receiver: 97 bytes.
Probably can do better. Bad stuff includes:
- P2PKH is bad not least because non-segwit doesn't sign over value which is a risk factor.
- Address reuse is always a bad thing.
What do you think of using a short hash of an extended public key (BIP-32) or even better, a PayNym (BIP-47) to communicate public key information? The xPub or Paynym could be looked up in a directory. For very short hashes, it might take some iterating to find the match to the signature, but trading-off computation for bandwidth might be worth it.