Looking for optimally minimal data transfer to send a transaction.
Just throwing this out there; I'm sure we can do better.
Some stuff should be pre-agreed by anyone following this protocol. For example:
- Preagreed: script type (say legacy P2PKH)
- Preagreed: version 1, locktime 0, sequence maxint-1, fee 10K sats (tweak this later)
Receiver has address AR, requests X sats.
Computes scriptpubkeyhash ARSPKH 20 bytes in this case.
Sends ARSPKH + amt encoded as varint (5 bytes), total 25 bytes.
Sender finds a chosen utxo U1, on a pubkey PS, not currently reused. Same script type (P2PKH).
Constructs TX: input 0: U1+vout for PS
output 0: ARSPKH with amt as noted above.
output 1: change, back to PS encoded as P2PKH, amt is U1+vout's amount minus amt above minus 10Ksat fee.
signs and gets sig S.
Un-DER encodes S to get (r, s) of exactly 64 bytes (ignore sign).
Sends PS+S (total: 33+64 = 97 bytes).
Receiver gets 97 bytes.
- Extracts PS as first 33; converts to address P2PKH; looks up on blockchain; recovers only existing utxo U1 with amount.
- Extracts (r, s) from s and re-DER-encodes to get S*.
- Reconstructs transaction as in "Constructs TX" above
- Verifies re-DER-encoded S* to see if it fits, if not flip sign until it does.
- Inserts valid S and broadcasts.
Sender: 25 bytes.
Receiver: 97 bytes.
Probably can do better. Bad stuff includes:
- P2PKH is bad not least because non-segwit doesn't sign over value which is a risk factor.
- Address reuse is always a bad thing.