1
The first figure in the original paper of Satoshi is a diagram of transactions. This diagram seems to indicate that the transaction data is hashed before the sender's signature is appended. Why not just hash the entire transaction, including the signature, to produce all-encompassing transaction hash?
Update: I want to highlight the comment by @David Schwartz on the accepted answer.
You seem to be implying that the original transaction (unencrypted) is not stored in the block chain. If it were, one could plainly view all details of the transaction, including the signature and the message that it signs ... – zkurtz – 2014-04-15T17:37:14.457
1Hm, I think I understood your question wrong, I'll edit the answer. – Jori – 2014-04-15T18:06:23.280
I'm marking this as the solution because it seems reasonable. I would still be interested in seeing some references to support your claim. If I understand correctly, you are claiming that the sole purpose of that hash is to shorten (and/or speed up) the signature. (I assume then that these hashes have nothing to do with the tree of hashes that leads up to the Merkle root.) – zkurtz – 2014-04-15T20:38:13.923
That is correct. Take PGP (or GPG) for example, you almost never see someone signing an entire message, because this would add a considerably long overhead. Instead a hash of the data is constructed and signed to prove that the data indeed originated from some party, because with a secure hashing algorithm it is almost impossible to find an other piece of data that results in the same hash. Merkle roots have to with how transactions are represented inside blocks. – Jori – 2014-04-15T21:41:19.333
4The algorithms used can't sign anything that exceeds the curve size. So you must hash before signing. – David Schwartz – 2014-04-16T17:08:49.040