diff options
author | Andrew Chow <achow101-lists@achow101.com> | 2021-07-02 20:03:20 +0000 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2021-07-02 20:03:34 +0000 |
commit | 94743d00b86466cc42b12e4855f07d79a91a8630 (patch) | |
tree | ec356b564056050f5894fc36645632e9fe4e448c | |
parent | e7f51889e98dfbd77b80962353e991516c6a8c1f (diff) | |
download | pi-bitcoindev-94743d00b86466cc42b12e4855f07d79a91a8630.tar.gz pi-bitcoindev-94743d00b86466cc42b12e4855f07d79a91a8630.zip |
Re: [bitcoin-dev] Derivation Paths for Single Key Taproot Scripts
-rw-r--r-- | f8/0492fbd67d83c54c9d2388fde620c39a98a644 | 211 |
1 files changed, 211 insertions, 0 deletions
diff --git a/f8/0492fbd67d83c54c9d2388fde620c39a98a644 b/f8/0492fbd67d83c54c9d2388fde620c39a98a644 new file mode 100644 index 000000000..55dff3c43 --- /dev/null +++ b/f8/0492fbd67d83c54c9d2388fde620c39a98a644 @@ -0,0 +1,211 @@ +Return-Path: <achow101-lists@achow101.com> +Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) + by lists.linuxfoundation.org (Postfix) with ESMTP id B33FEC000E + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 2 Jul 2021 20:03:34 +0000 (UTC) +Received: from localhost (localhost [127.0.0.1]) + by smtp4.osuosl.org (Postfix) with ESMTP id 94D52402AC + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 2 Jul 2021 20:03:34 +0000 (UTC) +X-Virus-Scanned: amavisd-new at osuosl.org +X-Spam-Flag: NO +X-Spam-Score: -2.101 +X-Spam-Level: +X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 + tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, + DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] + autolearn=ham autolearn_force=no +Authentication-Results: smtp4.osuosl.org (amavisd-new); + dkim=pass (2048-bit key) header.d=achow101.com +Received: from smtp4.osuosl.org ([127.0.0.1]) + by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id uXHPYDLedUB4 + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 2 Jul 2021 20:03:31 +0000 (UTC) +X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 +Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com + [51.77.79.158]) + by smtp4.osuosl.org (Postfix) with ESMTPS id 9BB0140244 + for <bitcoin-dev@lists.linuxfoundation.org>; + Fri, 2 Jul 2021 20:03:31 +0000 (UTC) +Date: Fri, 02 Jul 2021 20:03:20 +0000 +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=achow101.com; + s=protonmail3; t=1625256202; + bh=mnGrSHSAxABNljJh4fX4TV1yb+7jHMlnJv2nSSNhwy0=; + h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; + b=xKE75PmMP1PybQXzTPMyXgqoeswHPiFzxWoYyfAcKW2byF3l8rkOZadaDluNRvNHX + OznxeTHfEmKgwU+YsWkreL+4/hPZUk98IRGnCzkencxCrzqrsEsbiC4uknFlS6iNgC + Ze1PHc6hwFPqehsHCccxyaaL3A1Gxdo/px2GmUMcfvoEuGMBmTgXbued618wnF07y0 + XRRRvrT6jgmJY9DpSv8/P93iWP6vKhWEewV54brTDkqzHEzOKNxClmVHbQ9SDPOIeb + BjuWx6SLKbf2jjLQof45mhzlDrUbHnafsAZJAGfj3+rqHDsJ9xABtF5NZ/VM6iooK9 + HOyrC4ImBWUGg== +To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org> +From: Andrew Chow <achow101-lists@achow101.com> +Reply-To: Andrew Chow <achow101-lists@achow101.com> +Message-ID: <ad7b84a7-7666-7cde-6ba9-84a5ffbc04be@achow101.com> +In-Reply-To: <6bb9110e-b726-0470-96f0-2d68eadf23a3@achow101.com> +References: <6bb9110e-b726-0470-96f0-2d68eadf23a3@achow101.com> +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable +Subject: Re: [bitcoin-dev] Derivation Paths for Single Key Taproot Scripts +X-BeenThere: bitcoin-dev@lists.linuxfoundation.org +X-Mailman-Version: 2.1.15 +Precedence: list +List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org> +List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe> +List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/> +List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org> +List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help> +List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, + <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe> +X-List-Received-Date: Fri, 02 Jul 2021 20:03:34 -0000 + +This was assigned BIP number 86, so the purpose level path will be m/86' + +Andrew + +On 6/22/21 9:17 PM, Andrew Chow wrote: +> Hi All, +> +> I would like to propose a simple derivation path scheme for keys to be +> used in single key Taproot scripts. This is based on BIP 44 so it is +> basically identical to BIPs 49 and 84. Like with those BIPs, the actual +> value to be used in the purpose level will be set to the BIP number, +> once assigned. +> +> Note that the keys derived in this method should be for the Taproot +> internal key, which should then be tweaked with the hash of itself as +> recommended by BIP 341. The keys derived at this path should not be used +> directly as the Taproot output pubkey. Additionally, this BIP does not +> specify new version bytes for extended key serialization because, with +> the advent of descriptors, I think that is unnecessary. In fact, this +> BIP feels somewhat unnecessary to me, but it seems like it will be +> needed for now in order to drive adoption and implementation of Taproot +> into software and hardware wallets. +> +> The text can be viewed below, with the rendered text available at +> https://github.com/achow101/bips/blob/taproot-bip44/bip-taproot-bip44.med= +iawiki +> +> Andrew Chow +> +> --- +> +> <pre> +> =C2=A0 BIP: bip-taproot-bip44 +> =C2=A0 Layer: Applications +> =C2=A0 Title: Derivation scheme for P2TR based accounts +> =C2=A0 Author: Andrew Chow <andrew@achow101.com> +> =C2=A0 Comments-Summary: No comments yet. +> =C2=A0 Comments-URI: +> https://github.com/bitcoin/bips/wiki/Comments:BIP-taproot-bip44 +> =C2=A0 Status: Draft +> =C2=A0 Type: Informational +> =C2=A0 Created: 2021-06-22 +> =C2=A0 License: BSD-2-Clause +> </pre> +> +> =3D=3DAbstract=3D=3D +> +> This document suggests a derivation scheme for HD wallets whose keys are +> involved in single key +> P2TR ([[bip-0341.mediawiki|BIP 341]]) outputs as the Taproot internal key= +. +> +> =3D=3D=3DCopyright=3D=3D=3D +> +> This BIP is licensed under the 2-clause BSD license. +> +> =3D=3DMotivation=3D=3D +> +> With the usage of single key P2TR transactions, it is useful to have a +> common derivation scheme so +> that HD wallets that only have a backup of the HD seed can be likely to +> recover single key Taproot +> outputs. Although there are now solutions which obviate the need for +> fixed derivation paths for +> specific script types, many software wallets and hardware signers still +> use seed backups which +> lack derivation path and script information. Thus we largely use the +> same approach used in BIPs +> [[bip-0049.mediawiki|49]] and [[bip-0084.mediawiki|84]] for ease of +> implementation. +> +> =3D=3DSpecifications=3D=3D +> +> This BIP defines the two needed steps to derive multiple deterministic +> addresses based on a +> [[bip-0032.mediawiki|BIP 32]] master private key. +> +> =3D=3D=3DPublic key derivation=3D=3D=3D +> +> To derive a public key from the root account, this BIP uses the same +> account-structure as +> defined in BIPs [[bip-0044.mediawiki|44]], [[bip-0049.mediawiki|49]], +> and [[bip-0084.mediawiki|84]], +> but with a different purpose value for the script type. +> +> <pre> +> m / purpose' / coin_type' / account' / change / address_index +> </pre> +> +> For the <tt>purpose</tt>-path level it uses <tt><BIPNUMBER>'</tt>. +> The rest of the levels are used as defined in BIPs 44, 49, and 84. +> +> =3D=3D=3DAddress derivation=3D=3D=3D +> +> To derive the output key used in the P2TR script from the derived public +> key, we use the method +> recommended in +> [[bip-0341.mediawiki#constructing-and-spending-taproot-outputs|BIP 341]]: +> +> <pre> +> internal_key:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 lift_x(derived_key) +> 32_byte_output_key: internal_key + int(HashTapTweak(bytes(internal_key)))= +G +> </pre> +> +> In a transaction, the scripts and witnesses are as defined in +> [[bip-0341.mediawiki#specification|BIP 341]]: +> +> <pre> +> witness:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <signature> +> scriptSig:=C2=A0=C2=A0=C2=A0 (empty) +> scriptPubKey: 1 <32_byte_output_key> +> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= +=C2=A0=C2=A0 (0x5120{32_byte_output_key}) +> </pre> +> +> =3D=3DBackwards Compatibility=3D=3D +> +> This BIP is not backwards compatible by design. +> An incompatible wallet will not discover these accounts at all and the +> user will notice that +> something is wrong. +> +> However this BIP uses the same method used in BIPs 44, 49, and 84, so it +> should not be difficult +> to implement. +> +> =3D=3DTest vectors=3D=3D +> +> TBD +> +> =3D=3DReference=3D=3D +> +> * [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] +> * [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] +> * [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic +> Wallets]] +> * [[bip-0049.mediawiki|BIP49 - Derivation scheme for +> P2WPKH-nested-in-P2SH based accounts]] +> * [[bip-0084.mediawiki|BIP84 - Derivation scheme for P2WPKH based account= +s]] +> * [[bip-0341.mediawiki|BIP341 - Taproot: SegWit version 1 spending rules]= +] +> + + + |