On Tue, Nov 24, 2015 at 12:34 PM, Chris Priest via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > The technical reason for this is that you have to explicitly list each > UTXO individually when making bitcoin transactions. There is no way to > say "all the utxos". This post describes a way to achieve this. I'm > not yet a bitcoin master, so there are parts of this proposal that I > have not yet figured out entirely, but I'm sure other people who know > more could help out. > So every input has: 32-byte hash (transaction being spent) 4-byte output (output being spent) 4-byte sequence number ... plus the scriptSig. Which is as small as about 73 bytes if you're spending a raw OP_CHECKSIG (which you can't do as a bitcoin address, but could via the BIP70 payment protocol), and which is at least two serialized bytes. Best case for any scheme to coalesce scriptSigs would to somehow make all-but-the-first scriptSig zero-length, so the inputs would be 42 bytes instead of 40+73 bytes -- the coalesce transaction would be about one-third the size, so instead of paying (say) $1 in transaction fees you'd pay 37 cents. That's in the gray are of the "worth doing" threshold-- if it was a 10x improvement (pay 10 cents instead of $1) it'd be in my personal "definitely worth the trouble of doing" category. RE: the scheme: an OP_RINGSIGVERIFY is probably the right way to do this: https://en.wikipedia.org/wiki/Ring_signature The funding transactions would be: OP_RINGSIGVERIFY ... which might could be redeemed with for one input and then... uhh... maybe just for the other inputs that are part of the same ring signature group (OP_0 if the first input has the signature that is good for all the other public keys, which would be the common case). -- -- Gavin Andresen