On Fri, Jan 23, 2015 at 5:05 PM, Gregory Maxwell <gmaxwell@gmail.com> wrote:

I think this is unreasonable. There is a straight-forward soft-fork
approach which is safe (e.g. no risk of invalidating existing
transactions). Yes, it means that you need to use newly created
addresses to get coins that use the new signature type...

Can you send me any reference about this? Of course if that solves the problem, hard fork would not be necessary anymore. I'm just not aware of any.

Can you help me understand whats taking 40 minutes here? Thats a
surprisingly high number, and so I'm wondering if I'm not missing
something there.

To sign transaction with hundreds of inputs on device with limited memory capabilities, I need to stream all previous transactions into device, for every signed input.

That means roughly 200^2 transaction verifications for 200 inputs to sign. Very slow, but does not limit the device for any particular size of signed transaction.

Marek