Why is the bytestring 0xaa21a9ed used as the witness commitment header in SegWit?

1

As per BIP 141, the witness Merkle root hash is stored in a scriptPubkey field of a coinbase transaction output with a header consisting of the 4-byte string 0xaa21a9ed. What is the reasoning behind choosing this string?

Googling only yielded a reference to namecoin on a bitcoin-dev IRC log.

sarva

Posted 2017-09-08T09:49:00.407

Reputation: 75

Answers

0

It's random.

The intent was choosing something long enough to avoid having someone accidentally create an output that matches, but short enough that it doesn't unnecessarily makes SegWit blocks larger.

Pieter Wuille

Posted 2017-09-08T09:49:00.407

Reputation: 54 032

Why was it not chosen to be some regular 4-byte string like all zeros or all ones or 0xAABBCCDD? Will the probability of someone creating a null data output which matches the header increase if the header had some regular structure?sarva 2017-09-10T06:03:30.527