Maybe I'm missing something, but I thought the idea was that the sign of
the ephemeral public key would be established by convention and thereby
not be required in the OP_RETURN *and* not require testing of both signs.

I'd be concerned that by including the sign byte, and with the payment
id at 5 bytes, we would be limiting the nonce space to one byte. That
may not be sufficient.

e

On 01/08/2015 03:31 AM, Amir Taaki wrote:
> Oh if you mean the <P:32>, that doesn't help. It still doubles the
> number of rows that clients need to process.
> We want to lessen the processing burden on clients, so they can use a
> smaller prefix (= more data) to remain more anonymous.
>
> On 01/08/2015 12:28 PM, Amir Taaki wrote:
>> Yep I got rid of that, that's not staying.
>> That's more the type or info byte.
>>
>> On 01/08/2015 08:25 AM, Peter Todd wrote:
>>> On Thu, Jan 08, 2015 at 05:11:53AM +0100, Amir Taaki wrote:
>>>> This increases the number of client side computations, which reduces the
>>>> anonymity. It is trivial for the server to store this data and halves
>>>> the computation workload for the client, thereby increasing the
>>>> acceptable working dataset & improving anonymity for the client.
>>>
>>> Good point.
>>>
>>> However, what about changing the stealth standard itself to not have the
>>> sign byte in the OP_RETURN? I believe we've discussed this, along with
>>> getting rid of that version byte. We're still at the point where we can
>>> change things.