From what I perceive, a public key will be compressed from 64 bytes into 32 bytes, however an extra byte is required for the signal, so it often winds up being 33 bytes whole. However P2TR addresses solely do a PUSHBYTES_32. Am I incorrect in my understanding how compressed public keys work?

Hunter is a brand new contributor to this website. Take care in asking for clarification, commenting, and answering.
Try our Code of Conduct.

SEC encoded public keys are both:

  • Uncompressed 65-byte encoding: 0x04 + [32-byte X coordinate] + [32-byte Y coordinate]
  • Compressed 33-byte encoding:
    • 0x02 + [32-byte X coordinate] (if Y coordinate is even)
    • 0x03 + [32-byte X coordinate] (if Y coordinate is odd).

P2TR output do not use SEC encoded public keys in any respect, however uncooked “x-only” public keys, during which solely the 32-byte X coordinate itself is revealed. The used BIP340 signature scheme is constructed in such a manner that the Y coordinate doesn’t matter.

Pay to Taproot makes use of x-only pubkeys.

In Bitcoin, a personal key d is a scalar, and its corresponding public key Q is the elliptic curve level discovered by multiplying d with the generator G of secp256k1: Q = d×G

For each x-coordinate on the secp256k1 curve, there exist precisely two y-coordinates which are one another’s negations: Q = d×G and -Q = -d×G

The authors of the Taproot proposal seen that they may save a complete byte by dropping what primarily quantities to the signal of the general public key at no lack of safety by introducing a brand new serialization format referred to as x-only pubkeys.