Why use DER encoding for signatures?

A signature in secp256k1 is two 32 byte numbers. DER encoding a signature adds about 6-7 bytes. It also needlessly complicates things (is DER encoding used anywhere else?). In a transaction format that seems to try to squeeze every byte out, this is very strange to me. Why not just use a 64 byte string to represent sigs instead?

signature
ecdsa

user3243135

Posted 2013-11-07T07:18:47.087

Reputation: 245

Answers

My guess is that Satoshi did not know about the internals of ECDSA signatures, and simply used what OpenSSL gave him.

If it didn't require a hard forking change (requiring every wallet and verifying node on the network to upgrade), we'd have changed it long ago.

Pieter Wuille

Posted 2013-11-07T07:18:47.087

Reputation: 54 032

Asked: 2013-11-07T07:18:47.087

Viewed: 1 831 times

Active: 2013-11-07T16:04:31.313