[BIP proposal] Pay to Schnorr Key Hash (P2SKH)

The discussion revolves around the technical comparison between DER and Schnorr signatures within the context of Bitcoin development, highlighting their efficiency and potential for size optimization. DER signatures, traditionally varying in size from 9 to 73 bytes, offer a unique opportunity for reduction through computational grinding. By leveraging CPU power to adjust the r-value and s-value, it's possible to compress these signatures to as small as 63 bytes without compromising the security of the private key. This process, although demanding approximately 2^33 operations, is feasible with current processing capabilities, suggesting an advantage for those seeking more compact signatures and are willing to invest the necessary computational work.

On the other hand, Schnorr signatures present a more consistent size footprint, typically fixed at 64 or 65 bytes. Unlike DER signatures, Schnorr's format does not allow any reduction below 64 bytes, even as computational power improves. This consistency stems from structural differences and the constraints imposed by BIP-66, which specifically addresses how leading zeroes are managed in DER signatures. Consequently, while upcoming advancements in computing might facilitate smaller DER signatures, Schnorr signatures lack this potential for size minimization.

This analysis suggests a nuanced choice for developers and users within the Bitcoin ecosystem: opt for the traditional, albeit potentially more efficient DER signatures with some effort, or embrace the simplicity and predictability of Schnorr signatures. The decision hinges on the value placed on signature size versus the computational cost required to achieve such efficiency.