1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
|
Return-Path: <sanket1729@gmail.com>
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
by lists.linuxfoundation.org (Postfix) with ESMTP id F2434C013B
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2020 11:28:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by silver.osuosl.org (Postfix) with ESMTP id D4FDA203CA
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2020 11:28:37 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RziM7DVHOBrm
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2020 11:28:36 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com
[209.85.218.46])
by silver.osuosl.org (Postfix) with ESMTPS id C02812012D
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2020 11:28:35 +0000 (UTC)
Received: by mail-ej1-f46.google.com with SMTP id qw4so6776119ejb.12
for <bitcoin-dev@lists.linuxfoundation.org>;
Thu, 10 Dec 2020 03:28:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=RvlIvZDR8russOmzjI/nLbl1nsoQCv7gsqVSUyaxYrY=;
b=fDJwsUOUHEr1JHk0OVDRltbAp9XC7UhZZOTtKq5bdoAt7mSpGEAmTLCete++aP/9mD
zaQQUOzdHUVGuxwaivigRZSEWks64z+QvsGxbznPvfXkfD8QN2d4LSDhas0XpbzqfdfR
5+7kKWmuk8GmwrFVAFY7PhJkJYsVNi4EIop6pmV99GfaUcZBLpypSlEg000FnXmzjU8G
62Krd7QeUy/Tzxzmv7V6YkW4nju+Jpb3Cy1PEu+iHGyaSwil0s5uAa9E7Fchiu6GH3ML
v3Q6UCRcoHKIxSraZSkvxdZbfmE3O8n+H0iWE6OpUibkq8PSF+pXL+m/faORyxtZyEo0
W7NA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=RvlIvZDR8russOmzjI/nLbl1nsoQCv7gsqVSUyaxYrY=;
b=LghTfCOVS5wt9kclKjy6NgMt1TCICoIvrFvHuSYmDdvtH3qHNdgW5GnHOl60LU4J+L
1UJw2TkiVMTWGkdZ9JxFbXvOxe9GA6JD6JPU9vdMLWlk2VwKjPPmOOuFa9ScJs34iSlQ
jBVgCUL69fOvq//d73IjvvemYPf+6C3Hjn7EusUnvi6ogHLHhrB29BjjkN16AiiyUKPd
nPYPdD76Gy6vjklXJXRbPEk87gDrP/bJqrc9Sy32Ygtjo6PkbgxP5+TVCz1KBqFv3mzZ
xnuoat+eFVzmWYUAGgFcU25axioNWBB2dzkMUr7Pg11aviAM3Gl9cUeg/0uZ5w2KSTSJ
s/ig==
X-Gm-Message-State: AOAM530HXFvYVMcWWGeaW60j3T9q2YbgeCdDQhQCV8atmN87me8XWnm4
RW8Z6swF5oSElzpjVnEsVRbMtkdcWRiPYPjgUTw=
X-Google-Smtp-Source: ABdhPJyG9yBdZ2MEg8jZ+oiBfK3oxNWiXXyAS8dA7r1MpGJCP5KYf7ImZ+qMia4ZWm3zEY8ri4FvzxTpUzqzbbEjj9Q=
X-Received: by 2002:a17:906:3c11:: with SMTP id
h17mr5829168ejg.20.1607599714253;
Thu, 10 Dec 2020 03:28:34 -0800 (PST)
MIME-Version: 1.0
References: <1dd8c285-e3f4-4f03-d608-103a5026146d@achow101.com>
In-Reply-To: <1dd8c285-e3f4-4f03-d608-103a5026146d@achow101.com>
From: Sanket Kanjalkar <sanket1729@gmail.com>
Date: Thu, 10 Dec 2020 05:28:23 -0600
Message-ID: <CAExE9c8o21sptsckNjk9mTPi8p7WAr_6cUynfnjjG1gNoYDDvQ@mail.gmail.com>
To: Andrew Chow <achow101-lists@achow101.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="000000000000e8bff905b61a7933"
X-Mailman-Approved-At: Thu, 10 Dec 2020 11:31:58 +0000
Subject: Re: [bitcoin-dev] New PSBT version proposal
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2020 11:28:38 -0000
--000000000000e8bff905b61a7933
Content-Type: text/plain; charset="UTF-8"
>
> The primary change is to truly have all input and output data for each in
> their respective maps
1) +1. It would be really great to have a complete map per input/output
that does not require an annoying lookup to a global field.
A Bitcoin transaction only has a single locktime yet a PSBT may have
> multiple lock times.
2) One other thing, the per input timelock also helps in detecting whether
the transaction contains a mix of block-based
timelocks and height based timelocks. Recall that such inputs can't be
spent together under the same nLocktime.
3) Finally, one last thing which I noted while implementing a generic
finalizer for Miniscript is the restriction on sighashType.
From the BIP
> Signatures for this input must use the sighash type, finalizers must fail
> to finalize inputs which have signatures that do not match the specified
> sighash type. Signers who cannot produce signatures with the sighash type
> must not provide a signature.
Is such a restriction necessary? If the purpose is to only suggest signer
which sighashType to use, then I think the finalizer
should not reject those. Along those lines, we can also mark with
suggestions for the type of nlockTime(block vs height) that
should be used. With such suggestions, input parties can decide which
branches in the satisfaction they should prefer and
sign with the corresponding signatures. Note that this purpose is different
from the stated purpose of
PSBT_GLOBAL_PREFERRED_LOCKTIME.
Cheers,
Sanket
On Wed, Dec 9, 2020 at 4:33 PM Andrew Chow via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Hi All,
>
> I would like to propose a new PSBT version that addresses a few
> deficiencies in the current PSBT v0. As this will be backwards
> incompatible, a new PSBT version will be used, v1.
>
> The primary change is to truly have all input and output data for each
> in their respective maps. Instead of having to parse an unsigned
> transaction and lookup some data from there, and other data from the
> correct map, all of the data for an input will be contained in its map.
> Doing so also disallows PSBT_GLOBAL_UNSIGNED_TX in this new version.
> Thus I propose that the following fields be added:
>
> Global:
> * PSBT_GLOBAL_TX_VERSION = 0x02
> * Key: empty
> * Value: 32-bit little endian unsigned integer for the transaction
> version number. Must be provided in PSBT v1 and omitted in v0.
> * PSBT_GLOBAL_PREFERRED_LOCKTIME = 0x03
> * Key: empty
> * Value: 32 bit little endian unsigned integer for the preferred
> transaction lock time. Must be omitted in PSBT v0. May be provided in
> PSBT v1, assumed to be 0 if not provided.
> * PSBT_GLOBAL_INPUT_COUNT = 0x04
> * Key: empty
> * Value: Compact size unsigned integer. Number of inputs in this
> PSBT. Must be provided in PSBT v1 and omitted in v0.
> * PSBT_GLOBAL_OUTPUT_COUNT = 0x05
> * Key: empty
> * Value: Compact size unsigned integer. Number of outputs in this
> PSBT. Must be provided in PSBT v1 and omitted in v0.
>
> Input:
> * PSBT_IN_PREVIOUS_TXID = 0x0e
> * Key: empty
> * Value: 32 byte txid of the previous transaction whose output at
> PSBT_IN_OUTPUT_INDEX is being spent. Must be provided in PSBT v1 and
> omitted in v0.
> * PSBT_IN_OUTPUT_INDEX = 0x0f
> * Key: empty
> * Value: 32 bit little endian integer for the index of the output
> being spent. Must be provided in PSBT v1 and omitted in v0.
> * PSBT_IN_SEQUENCE = 0x0f
> * Key: empty
> * Value: 32 bit unsigned little endian integer for the sequence
> number. Must be omitted in PSBT v0. May be provided in PSBT v1 assumed
> to be max sequence (0xffffffff) if not provided.
> * PSBT_IN_REQUIRED_LOCKTIME = 0x10
> * Key: empty
> * Value: 32 bit unsigned little endian integer for the lock time that
> this input requires. Must be omitted in PSBT v0. May be provided in PSBT
> v1, assumed to be 0 if not provided.
>
> Output:
> * PSBT_OUT_VALUE = 0x03
> * Key: empty
> * Value: 64-bit unsigned little endian integer for the output's
> amount in satoshis. Must be provided in PSBT v1 and omitted in v0.
> * PSBT_OUT_OUTPUT_SCRIPT = 0x04
> * Key: empty
> * Value: The script for this output. Otherwise known as the
> scriptPubKey. Must be provided in PSBT v1 and omitted in v0.
>
> This change allows for PSBT to be used in the construction of
> transactions. With these new fields, inputs and outputs can be added as
> needed. One caveat is that there is no longer a unique transaction
> identifier so more care must be taken when combining PSBTs.
> Additionally, adding new inputs and outputs must be done such that
> signatures are not invalidated. This may be harder to specify.
>
> An important thing to note in this proposal are the fields
> PSBT_GLOBAL_PREFERRED_LOCKTIME and PSBT_IN_REQUIRED_LOCKTIME. A Bitcoin
> transaction only has a single locktime yet a PSBT may have multiple
> locktimes. To choose the locktime for the transaction, finalizers must
> choose the maximum of all of the *_LOCKTIME fields.
> PSBT_IN_REQUIRED_LOCKTIME is added because some inputs, such as those
> involving OP_CHECKLOCKTIMEVERIFY, require a specific minimum locktime to
> be set. This field allows finalizers to choose a locktime that is high
> enough for all inputs without needing to understand the scripts
> involved. The PSBT_GLOBAL_PREFERRED_LOCKTIME is the locktime to use if
> no inputs require a particular locktime.
>
> As these changes disallow the PSBT_GLOBAL_UNSIGNED_TX field, PSBT v1
> needs the version number bump to enforce backwards incompatibility.
> However once the inputs and outputs of a PSBT are decided, a PSBT could
> be "downgraded" back to v0 by creating the unsigned transaction from the
> above fields, and then dropping these new fields.
>
> If the list finds that these changes are reasonable, I will write a PR
> to modify BIP 174 to incorporate them.
>
> Thanks,
> Andrew Chow
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--000000000000e8bff905b61a7933
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><blockquote class=3D"gmail_quote" style=3D"margin:0px=
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The=
primary change is to truly have all input and output data for each=C2=A0 i=
n their respective maps</blockquote>1) +1. It would be really great to have=
a complete map per input/output that does not require an annoying lookup t=
o a global field.=C2=A0</div><br><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex">A Bitcoin transaction only has a single locktime yet a PSBT may hav=
e multiple lock times.</blockquote>2) One other thing, the per input timelo=
ck also helps in detecting whether the transaction contains a mix of block-=
based=C2=A0<div>timelocks and height based timelocks. Recall that such inpu=
ts can't be spent together under the same nLocktime.=C2=A0<br><br>3) Fi=
nally, one last thing which I noted while implementing a generic finalizer =
for Miniscript is the restriction on sighashType.=C2=A0<br>From the BIP</di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;borde=
r-left:1px solid rgb(204,204,204);padding-left:1ex">Signatures for this inp=
ut must use the sighash type, finalizers must fail to finalize inputs which=
have signatures that do not match the specified sighash type. Signers who =
cannot produce signatures with the sighash type must not provide a signatur=
e.</blockquote><div>Is such a restriction=C2=A0necessary? If the purpose is=
to only suggest signer which sighashType to use, then I think the finalize=
r=C2=A0</div><div>should not reject those. Along those lines, we can also m=
ark with suggestions for the type of nlockTime(block vs height) that=C2=A0<=
/div><div>should be used. With such suggestions, input parties can decide w=
hich branches in the satisfaction they should prefer and</div><div>sign wit=
h the corresponding signatures. Note that this purpose is different from th=
e stated purpose of=C2=A0</div><div>PSBT_GLOBAL_PREFERRED_LOCKTIME.</div><d=
iv><br></div><div>Cheers,=C2=A0<br>Sanket</div><div></div><div><br></div><d=
iv><div><div><div></div><div><div class=3D"gmail_quote"><div dir=3D"ltr" cl=
ass=3D"gmail_attr">On Wed, Dec 9, 2020 at 4:33 PM Andrew Chow via bitcoin-d=
ev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev=
@lists.linuxfoundation.org</a>> wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex">Hi All,<br>
<br>
I would like to propose a new PSBT version that addresses a few <br>
deficiencies in the current PSBT v0. As this will be backwards <br>
incompatible, a new PSBT version will be used, v1.<br>
<br>
The primary change is to truly have all input and output data for each <br>
in their respective maps. Instead of having to parse an unsigned <br>
transaction and lookup some data from there, and other data from the <br>
correct map, all of the data for an input will be contained in its map. <br=
>
Doing so also disallows PSBT_GLOBAL_UNSIGNED_TX in this new version. <br>
Thus I propose that the following fields be added:<br>
<br>
Global:<br>
* PSBT_GLOBAL_TX_VERSION =3D 0x02<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32-bit little endian unsigned integer for the transac=
tion <br>
version number. Must be provided in PSBT v1 and omitted in v0.<br>
* PSBT_GLOBAL_PREFERRED_LOCKTIME =3D 0x03<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32 bit little endian unsigned integer for the preferr=
ed <br>
transaction lock time. Must be omitted in PSBT v0. May be provided in <br>
PSBT v1, assumed to be 0 if not provided.<br>
* PSBT_GLOBAL_INPUT_COUNT =3D 0x04<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: Compact size unsigned integer. Number of inputs in th=
is <br>
PSBT. Must be provided in PSBT v1 and omitted in v0.<br>
* PSBT_GLOBAL_OUTPUT_COUNT =3D 0x05<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: Compact size unsigned integer. Number of outputs in t=
his <br>
PSBT. Must be provided in PSBT v1 and omitted in v0.<br>
<br>
Input:<br>
* PSBT_IN_PREVIOUS_TXID =3D 0x0e<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32 byte txid of the previous transaction whose output=
at <br>
PSBT_IN_OUTPUT_INDEX is being spent. Must be provided in PSBT v1 and <br>
omitted in v0.<br>
* PSBT_IN_OUTPUT_INDEX =3D 0x0f<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32 bit little endian integer for the index of the out=
put <br>
being spent. Must be provided in PSBT v1 and omitted in v0.<br>
* PSBT_IN_SEQUENCE =3D 0x0f<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32 bit unsigned little endian integer for the sequenc=
e <br>
number. Must be omitted in PSBT v0. May be provided in PSBT v1 assumed <br>
to be max sequence (0xffffffff) if not provided.<br>
* PSBT_IN_REQUIRED_LOCKTIME =3D 0x10<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 32 bit unsigned little endian integer for the lock ti=
me that <br>
this input requires. Must be omitted in PSBT v0. May be provided in PSBT <b=
r>
v1, assumed to be 0 if not provided.<br>
<br>
Output:<br>
* PSBT_OUT_VALUE =3D 0x03<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: 64-bit unsigned little endian integer for the output&=
#39;s <br>
amount in satoshis. Must be provided in PSBT v1 and omitted in v0.<br>
* PSBT_OUT_OUTPUT_SCRIPT =3D 0x04<br>
=C2=A0=C2=A0 * Key: empty<br>
=C2=A0=C2=A0 * Value: The script for this output. Otherwise known as the <b=
r>
scriptPubKey. Must be provided in PSBT v1 and omitted in v0.<br>
<br>
This change allows for PSBT to be used in the construction of <br>
transactions. With these new fields, inputs and outputs can be added as <br=
>
needed. One caveat is that there is no longer a unique transaction <br>
identifier so more care must be taken when combining PSBTs. <br>
Additionally, adding new inputs and outputs must be done such that <br>
signatures are not invalidated. This may be harder to specify.<br>
<br>
An important thing to note in this proposal are the fields <br>
PSBT_GLOBAL_PREFERRED_LOCKTIME and PSBT_IN_REQUIRED_LOCKTIME. A Bitcoin <br=
>
transaction only has a single locktime yet a PSBT may have multiple <br>
locktimes. To choose the locktime for the transaction, finalizers must <br>
choose the maximum of all of the *_LOCKTIME fields. <br>
PSBT_IN_REQUIRED_LOCKTIME is added because some inputs, such as those <br>
involving OP_CHECKLOCKTIMEVERIFY, require a specific minimum locktime to <b=
r>
be set. This field allows finalizers to choose a locktime that is high <br>
enough for all inputs without needing to understand the scripts <br>
involved. The PSBT_GLOBAL_PREFERRED_LOCKTIME is the locktime to use if <br>
no inputs require a particular locktime.<br>
<br>
As these changes disallow the PSBT_GLOBAL_UNSIGNED_TX field, PSBT v1 <br>
needs the version number bump to enforce backwards incompatibility. <br>
However once the inputs and outputs of a PSBT are decided, a PSBT could <br=
>
be "downgraded" back to v0 by creating the unsigned transaction f=
rom the <br>
above fields, and then dropping these new fields.<br>
<br>
If the list finds that these changes are reasonable, I will write a PR <br>
to modify BIP 174 to incorporate them.<br>
<br>
Thanks,<br>
Andrew Chow<br>
<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div><div><br></div></div></div></div></div></div>
--000000000000e8bff905b61a7933--
|
