--- Day changed Wed Apr 19 2017 04:58 -!- jtimon [~quassel@9.31.134.37.dynamic.jazztel.es] has joined #secp256k1 09:59 -!- ofek [~Ofekmeist@pool-71-121-186-199.bltmmd.fios.verizon.net] has joined #secp256k1 10:02 < ofek> what is the use case for recoverable signature? 10:03 < ofek> oh derp nvm 10:03 -!- ofek [~Ofekmeist@pool-71-121-186-199.bltmmd.fios.verizon.net] has left #secp256k1 ["Leaving"] 10:07 < sipa> is that a reason for leaving? :( 10:19 < indutny> haha 11:51 -!- ofek [~Ofekmeist@pool-71-121-186-199.bltmmd.fios.verizon.net] has joined #secp256k1 11:54 < ofek> sipa, gmaxwell, how does one convert a regular signature to a recoverable? 11:55 < arubi> by omitting the message :P 11:55 < sipa> ofek: you can't 11:55 < sipa> you miss data 11:56 < sipa> (only 4 possibilities... you could try all, but it gets ugly) 11:56 < sipa> why do you need to? 11:56 < arubi> 8 if n is small! 11:56 < arubi> oh, pubkeys, sorry :) 11:56 < ofek> what is the use case for recoverable signature then? 11:57 < sipa> being able to recover the pubkey 11:57 < sipa> and you create a recoverable signature by producing one from message and private key... just like normal signing 11:58 < ofek> right, but when? for parsing txns you only see the normal sigs 11:58 < sipa> it's not needed for bitcoin 11:58 < sipa> bitcoin core uses it for message signing, though 11:58 < ofek> oh... 11:59 < ofek> sipa, what does core use it for? 11:59 < arubi> ofek, shamelessly : https://bitcointalk.org/index.php?topic=1729534.msg17470622#msg17470622 12:00 < arubi> just a toy example 12:00 < sipa> ofek: i just told you. message signing 12:00 < ofek> but not in txns? 12:00 < sipa> no 12:01 < sipa> it's used for messages, not for transaction 12:01 < ofek> so like a blockchain-related thing? 12:02 < sipa> no, the opposite 12:02 < sipa> it's for signing messages, not transactions 12:02 < sipa> see the signmessage and verifymessage RPC 12:03 < sipa> it's just a silly trick that we came up with years ago and used in the signmessage feature 12:03 < sipa> it's by no means standardized 12:03 < sipa> it allows you to verify a message while just knowing the address rather than the pubkey 12:04 < ofek> oh I understand now, thanks a lot 12:05 < ofek> arubi, woah that's funky 12:05 < arubi> :) 12:06 < arubi> it wasn't well received by the bitcointalk audience, oh well 12:19 < arubi> oh and ofek, if you /really/ wanna verifymessage like core does... http://paste.debian.net/hidden/a73dbb79/ 12:20 < ofek> holy moly 12:22 < sipa> wait, what? 12:22 < sipa> how did you get to 32? 12:22 < arubi> it doesn't check the byte itself, just ANDs or ORs against it.. I forget which 12:23 < sipa> crap. 12:23 < arubi> nah, really it's not so bad 12:24 < arubi> keep to include the address in your message, or have the address funded with coins.. is the first byte really important? just discard it 12:24 < arubi> maybe it's more important than I realize, sorry to be dismissive if so :) 12:26 < arubi> really I was just assuming the same practice is done like sighash bytes, so didn't think it was really interesting to anyone 12:33 -!- jtimon [~quassel@9.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 240 seconds] 13:16 -!- jtimon [~quassel@9.31.134.37.dynamic.jazztel.es] has joined #secp256k1 19:46 -!- jtimon [~quassel@9.31.134.37.dynamic.jazztel.es] has quit [Ping timeout: 240 seconds] 22:50 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Excess Flood] 22:50 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1