Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 33ACD8A5 for ; Mon, 28 Aug 2017 15:29:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (mail-oln040092010087.outbound.protection.outlook.com [40.92.10.87]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B3ACC3DC for ; Mon, 28 Aug 2017 15:29:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=sWeZaqrya7x7jX1LpqJ8VoKRIgE7dEXoTPUF/TGWsVQ=; b=DMm2nkZNGkvCuZojQ4GGdNiumNsLSLBY6v0cATC5ekJ3ysN9v6C0vHYYdlVTyKRKghYY2ZvVDLPp4ovWD3uSWvepFVxsSI0K+nRsz2XQe9rVH9e0CoCflYeRm5srTbXrcX3K3yP8Tvo6ri5+IGJZmeOH8J9Q0sVPxgU5h1jWF8zVkGknKjGx1u4M8gdjmOQf00287KD9nKf7TzOP5knzWNmARTMXat65VoMmwYdsmBgQ/QRUJbLtIy1YxffUdYwneIEXIIGoNUX5OUDs3ab0hLvtdhUC2o5XTtLBgnus2uitoPM/G7OyUOcxVtisIxnFkJl++YeCzxI9buTXe/FNQw== Received: from CO1NAM04FT030.eop-NAM04.prod.protection.outlook.com (10.152.90.58) by CO1NAM04HT074.eop-NAM04.prod.protection.outlook.com (10.152.91.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1341.15; Mon, 28 Aug 2017 15:29:31 +0000 Received: from CY4PR1801MB1815.namprd18.prod.outlook.com (10.152.90.52) by CO1NAM04FT030.mail.protection.outlook.com (10.152.90.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1341.15 via Frontend Transport; Mon, 28 Aug 2017 15:29:31 +0000 Received: from CY4PR1801MB1815.namprd18.prod.outlook.com ([10.165.88.24]) by CY4PR1801MB1815.namprd18.prod.outlook.com ([10.165.88.24]) with mapi id 15.01.1385.013; Mon, 28 Aug 2017 15:29:31 +0000 From: Alex Nagy To: "bitcoin-dev@lists.linuxfoundation.org" Thread-Topic: P2WPKH Scripts, P2PKH Addresses, and Uncompressed Public Keys Thread-Index: AdMgDOW5wpgLVDIcRNiRbU+aDVEjTA== Date: Mon, 28 Aug 2017 15:29:31 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: lists.linuxfoundation.org; dkim=none (message not signed) header.d=none; lists.linuxfoundation.org; dmarc=none action=none header.from=hotmail.com; x-incomingtopheadermarker: OriginalChecksum:BE1C21B63EC7A1FF3BBEB087C4320F0492288031E0C391E1EBD586E1CE004491; UpperCasedChecksum:2C41A2938560BBC3DB2D5CA7EB20361D8DC5322C53E92B1CB7638A8C2C537AA5; SizeAsReceived:6880; Count:43 x-tmn: [g+eJjJZTiAf41ZfmnxL01bDftP7gFo91] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CO1NAM04HT074; 6:E4LJgL0ubqTBI9KQAH+UV3pssue43e2fa4w8J2X2rhfhZcqsfqDDuolx9fNasJ9+BCBhHSBljvsiMl7h9TcwauoIhYHvKUAk73yrcu4vIbRZLpLda0ifgnChfld/bkmYQu2JdwU7I4+hGHlItMPVNl7Twk5vrLn11vMV+cGpYKEPh0RM7TpLaS8ZTZpJeRbodmurHc4/+/1wCgheMTTjDg0Sr7AmZOTCsiYt0cbkbuO5T5vuff1sN9zx+qhmoxCX5ev2YZpgzx23fUgaor1hmARMJJnErkWJjP+frpcwUZ24weS/GjNlOPQVUo/UgQMrtuFHPdR8JG6PxCRrRvoRVw==; 5:B4cWWBpcr/fJQ9Zpf+PmWS6hdlkNe4k8ELZkYeRuYG1o0KS4RnF3OGwzxbf6iWK5yNhrARVLOiBa9Sdt42sfKeExYz9bselOMe1X1GyCrgEzFCQC+iWFxpkF9H5FhnLi1jl87wKqlYZETzOqvMNZZg==; 24:Tfx98LRRTBP0039gPJkGDE3sAe6r24ONT7VRpq/IqPRtSxzagKRuBYId51HnmGaozOj0nlVKFBaSDAmsY/qpNObuLs1MEeM0bZBGfGVDLbE=; 7:8jQ2DRYgbNZ1vRcRwdtKsjUvLOzwZN2nLNLGcSs8dBcylAmEwGr4D9fJI3JWznD/4DRjkZIOb7lF8dijV5iofm7bwxN6mOvoLLaC/FYG507N+3cMSUz3swCwxukTmujLp+mYODPTIZE2NG5LYdSIDw689Nc+G+g7PTSQ1bkiVJFsUn4NPE0fMVHB1vicjdSbKi6uEGIFS08BPbiJARWghpwdgbstLRb9XjM2AFB0zAk= x-incomingheadercount: 43 x-eopattributedmessage: 0 x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(7070007)(98901004); DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM04HT074; H:CY4PR1801MB1815.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; x-ms-office365-filtering-correlation-id: 53d08343-12c0-4699-c8a6-08d4ee299420 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CO1NAM04HT074; x-ms-traffictypediagnostic: CO1NAM04HT074: x-exchange-antispam-report-test: UriScan:(166708455590820)(21748063052155)(17755550239193); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031); SRVR:CO1NAM04HT074; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CO1NAM04HT074; x-forefront-prvs: 0413C9F1ED spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_" MIME-Version: 1.0 X-OriginatorOrg: hotmail.com X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2017 15:29:31.1078 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM04HT074 X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 28 Aug 2017 15:32:29 +0000 Subject: [bitcoin-dev] P2WPKH Scripts, P2PKH Addresses, and Uncompressed Public Keys X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2017 15:29:34 -0000 --_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Let's say Alice has a P2PKH address derived from an uncompressed public key= , 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a (from https://bitcoin.stackexchange.co= m/questions/3059/what-is-a-compressed-bitcoin-key). If Alice gives Bob 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a, is there any way Bob= can safely issue Native P2WPKH outputs to Alice? BIPs 141 and 143 make it very clear that P2WPKH scripts may only derive fro= m compressed public-keys. Given this restriction, assuming all you have is= a P2PKH address - is there any way for Bob to safely issue spendable Nativ= e P2WPKH outputs to Alice? The problem is Bob as no idea whether Alice's P2PKH address represents a co= mpressed or uncompressed public-key, so Bob cannot safely issue a Native P2= WPKH output. AFAICT all code is supposed to assume P2WPHK outputs are compressed public-= key derived. The conclusion would be that the existing P2PKH address forma= t is generally unsafe to use with SegWit since P2PKH addresses may be deriv= ed from uncompressed public-keys. Am I missing something here? Referencing BIP141 and BIP143, specifically these sections: https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki#New_script_s= emantics "Only compressed public keys are accepted in P2WPKH and P2WSH" https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#Restrictions= _on_public_key_type "As a default policy, only compressed public keys are accepted in P2WPKH an= d P2WSH. Each public key passed to a sigop inside version 0 witness program= must be a compressed key: the first byte MUST be either 0x02 or 0x03, and = the size MUST be 33 bytes. Transactions that break this rule will not be re= layed or mined by default. Since this policy is preparation for a future softfork proposal, to avoid p= otential future funds loss, users MUST NOT use uncompressed keys in version= 0 witness programs." --_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Let’s say Alice has a P2PKH address derived fr= om an uncompressed public key, 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a (from https://bitcoin.stackexchange.com/questions/3059/what-is-a-compressed-bitco= in-key).

 

If Alice gives Bob 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7= a, is there any way Bob can safely issue Native P2WPKH outputs to Alice?

 

BIPs 141 and 143 make it very clear that P2WPKH scri= pts may only derive from compressed public-keys.  Given this restricti= on, assuming all you have is a P2PKH address – is there any way for B= ob to safely issue spendable Native P2WPKH outputs to Alice?

 

The problem is Bob as no idea whether Alice’s = P2PKH address represents a compressed or uncompressed public-key, so Bob ca= nnot safely issue a Native P2WPKH output.

 

AFAICT all code is supposed to assume P2WPHK outputs= are compressed public-key derived.  The conclusion would be that the = existing P2PKH address format is generally unsafe to use with SegWit since = P2PKH addresses may be derived from uncompressed public-keys.

 

Am I missing something here?

 

 

 

 

 

Referencing BIP141 and BIP143, specifically these se= ctions:

 

https://github.com/bitcoin/bips= /blob/master/bip-0141.mediawiki#New_script_semantics

 

“Only compressed public keys are accepted in P= 2WPKH and P2WSH”

 

https://github.com/b= itcoin/bips/blob/master/bip-0143.mediawiki#Restrictions_on_public_key_type<= /a>

 

“As a default policy, only compressed public k= eys are accepted in P2WPKH and P2WSH. Each public key passed to a sigop ins= ide version 0 witness program must be a compressed key: the first byte MUST= be either 0x02 or 0x03, and the size MUST be 33 bytes. Transactions that break this rule will not be relayed or mine= d by default.

 

Since this policy is preparation for a future softfo= rk proposal, to avoid potential future funds loss, users MUST NOT use uncom= pressed keys in version 0 witness programs.”

--_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_--