The reasons I stated that it was a faux good idea were:
1) if you need the hash to protect a broken crypto system (elliptic curve crypto), you are making a fundamental mistake. In as much as hashes can protect better against quantum computers and elliptic crypto is essentially TOTALLY DEAD, you can't use your private key any more because one can change your transaction on the fly if one has a quantum computer.
I refuted that upthread.
I really never expected you would be a liar. Amazing.
You've lost all credibility in my eyes. I had a very high opinion of you. Really amazes me that you would ignore my refutation and continue a lie.
So instead of "protecting a broken system", one should have used one that isn't broken ; and in as much as one thinks that elliptic curve crypto isn't broken, there's no need to protect it.
I refuted that also. I am beginning to think maybe you are just not that smart.
2) I indicated that introducing the hash was wasting room on the chain, because if you hash the public key in the output (the address), you have to provide the key in spending input (as is the case today) ; while if you provided directly the public key in the output, you didn't need to copy it again in the spending input.
Given that the elite designed Bitcoin with 1MB blocks which can never be increased (and Satoshi never said he would definitely raise it, rather he just demurred so that everyone would not be alarmed) on purpose because it keeps the riff-raff off of Bitcoin once it reaches critical mass (which has already been attained), thus you are promulgating a ridiculous red-herring.
Obviously the elite are not at all concerned about running out of block size. Duh.
The main goal as I explained to you previously was heightened security and that it doesn't bloat the UTXO which must be stored in DRAM.
You're really wasting everyone's time trying to save your ego.
--> now it turns out that this argument is wrong. So YES, introducing the hashed key IS winning room on the block chain. However, this feature IS NOT USED.
In ECDS, with a key of N bits (and a security of N/2 bits classically), the signature contains 2N bits. Essentially, the first N bits are related to a chosen random number, and the second N bits are the actual signature. However, it is possible to derive the public key (actually a small set of public keys) most of the time from the signed message and the signature.
As such, the publication of the public key is not necessary !The verifier can derive it (up to a few candidates) from the signature and the message. In fact, for the curve that Satoshi chose, with cofactor 1, there are only two candidate public keys.
It is explained here.
https://crypto.stackexchange.com/questions/18105/how-does-recovering-the-public-key-from-an-ecdsa-signature-workThe is unwise, because the cryptanalysis attacker now has an additional degree-of-freedom to modify the message, since the public key recovery is dependent on both signature and the message signed.
Satoshi was not at all worried about the block size. Security was his #1 priority.
So once again we see if we had you let you design Bitcoin, you would have made it less secure.
Moreover, there's no point in making the hash bigger than 128 bits.
We are not going to repeat that debate again. I already refuted that upthread.