Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5187EAE0 for ; Thu, 27 Jul 2017 16:52:56 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-io0-f181.google.com (mail-io0-f181.google.com [209.85.223.181]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3C9FC133 for ; Thu, 27 Jul 2017 16:52:54 +0000 (UTC) Received: by mail-io0-f181.google.com with SMTP id m88so72648691iod.2 for ; Thu, 27 Jul 2017 09:52:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=AdF8fm0w3FjNtPR4n/E/s/3t+YAvwKzr/kIRgUEGgGs=; b=MnjMNbBsdyhEtpzpruGI29IqI3S9VRpO93FM7AtrDTHZP2F0o1tGrmkdav2jN0LITo IKyCGa8Srxc0rhL602S9GWjCQz0Zn9DMLm9rlfb0pdGu1hJlLAIgLF0D7+tgbNIszoy8 YT38WDWaM3e+V706A0lcXxtCOtVodMPtJl1Tg070DNWT5w6uXP+KlaESF9KeoV09D2T9 +WHE+99XB6fxk5drnRyGKxxUORWgbsoR2rpmWghTFOQCQ2j4bolGBQjgjZhUYunebl/X swt76fDculakRhPcqzEkLWL0DzGI3KYeMxA9ljJYcm5aGZ1ERrXHTKKPLt1gPnfGGbdX yMxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=AdF8fm0w3FjNtPR4n/E/s/3t+YAvwKzr/kIRgUEGgGs=; b=q8PJgYMvPZK85bkgAagcz5FVPuUtxgbXpq8tKoGVgphb2xqHMKCIlGOQltPHsV4zC1 7UaAZp2K4TW/OAe2v5HhtRAykaXlGCI/UEroXlHMJSjRABbc5ITnNi/KCOyRw5PsGAXx 1Vby8R+dohe4uTtVTCx8t0jJjjOLjxvE9SYFh3oNPaxjBX1LX1KpfcAFoOqUnly3Ip4Y rxLLM9j7c+nC7NXEE6dWSGRbLD2iRSaEgDt5iyJPeZehmaYDTbs6IIulFcw8HnY3l4k2 ISpuYAr+pO+Mzg9QABEoWIO4EZ8bSbQ+2chljCDxwursTPQBrIcw3su/LUL0kjZHpCI9 0tAQ== X-Gm-Message-State: AIVw111LSay8tT2Eot3NMRch+ZpZMV5oaDAjZu9iuGDan+Jfq8IlKg9s Uo1VP5cgeFpQIY/5W/59Zxtle7xFOw== X-Received: by 10.107.179.135 with SMTP id c129mr5921564iof.106.1501174373449; Thu, 27 Jul 2017 09:52:53 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.10.130 with HTTP; Thu, 27 Jul 2017 09:52:52 -0700 (PDT) In-Reply-To: References: From: Federico Tenga Date: Thu, 27 Jul 2017 18:52:52 +0200 Message-ID: To: ZmnSCPxj , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="001a114853be46855305554f6590" X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Thu, 27 Jul 2017 17:34:37 +0000 Subject: Re: [bitcoin-dev] [BIP Proposal] Standard address format for timelocked funds X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2017 16:52:56 -0000 --001a114853be46855305554f6590 Content-Type: text/plain; charset="UTF-8" Hi ZmnSCPxj, Few thoughts about your proposal: 1- I kinda like the idea and I would probably use it, but still I believe it is a very limited use case and probably most wallet providers will not be interested in supporting it. 2- Early adopters and people highly involved in the community may appreciate the "hodl" part in the redemption code, but it could cause confusion in normal users not understanding the reference. Regarding the time-zone I think the best option is to stick the UTC standard, using UTC+14 could be confusing since it is very unusual and we are not used to deal with it. On 12 July 2017 at 10:30, ZmnSCPxj via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Good morning mailinglist, > > I am saddened at the lack of attention to this BIP proposal. I know that > it is not as interesting as the debates on where Bitcoin will go in the > future and what needs to be prepared for even greater mainstream adoption, > but I think my BIP proposal does have at least some value to long-term > investors. > > So far I have seen only a single public feedback: > > https://www.reddit.com/r/Bitcoin/comments/6lzpvz/bip_hodl/djxzbvi/ > > Basically, the point in that feedback is mostly that the computed timelock > should be UTC+0 0000h of the given human-readable date. > > I would like to respectfully ask the mailing list about which option is > best: > > 1. (current) Use the earliest timezone as of now, UTC+14 0000h of the > given human-readable date. Pro: No matter where you are in the world, as > soon as the given date arrives, the fund can be spent. Con: For most of > the world, the fund can be spent on some time the day before, or even two > days before for UTC-11 and UTC-12 timezones. > > 2. Use the standard timezone UTC+0 0000h of the given human-readable > date. Pro: standard time. Con: for half of the world, the fund is not > spendable until some time into the given date, for the other half, it will > be spendable at an earlier date. > > 3. Allow indicating a timezone to the human-readable part. Pro: gives > control over the user's expected local time. Con: additional field and > effectively more control, need to handle also strange timezones that have > 0.5 hour difference from UTC, need to encode positive and negative > preferably without using + and -, as those may break double-click selection. > > I hope to get some feedback from this list. > > Regards, > ZmnSCPxj > > -------- Original Message -------- > Subject: [bitcoin-dev] [BIP Proposal] Standard address format for > timelocked funds > Local Time: July 8, 2017 9:13 AM > UTC Time: July 8, 2017 1:13 AM > From: bitcoin-dev@lists.linuxfoundation.org > To: bitcoin-dev > > > 
> BIP: ?
> Title: Standard address format for timelocked funds
> Author: ZmnSCPxj 
> Comments-Summary: ?
> Comments-URI: ?
> Status: ?
> Type: ?
> Created: 2017-07-01
> License: CC0-1.0
>
> > == Abstract == > > OP_CHECKLOCKTIMEVERIFY provides a method of > locking funds until a particular time arrives. > One potential use of this opcode is for a user to precommit > himself or herself to not spend funds until a particular > date, i.e. to hold the funds until a later date. > > This proposal adds a format for specifying addresses that > precommit to timelocked funds, as well as specifying a > redemption code to redeem funds after the timelock has > passed. > This allows ordinary non-technical users to make use of > OP_CHECKLOCKTIMEVERIFY easily. > > == Copyright == > > This BIP is released under CC0-1.0. > > == Specification == > > This proposal provides formats for specifying an > address that locks funds until a specified date, > and a redemption code that allows the funds to be > swept on or after the specified date. > > At minimum, wallet software supporting this BIP must > be capable of sweeping the redemption code on or after > the specified date. > In addition, the wallet software should support sending > funds to the timelocked address specified here. > Finally, wallet software may provide a command to create > a pair of timelocked address and redemption code. > > Addresses and redemption codes are encoded using > [https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki#Bech32 > Bech32 encoding]. > > === Timelocked Address Format === > > The human-readable part of the address is composed of: > > # The four characters hodl. > # A date, in YYYYMMDD form. For example, > the date August 1, 2017 is encoded as 20170801. > # A network code, either tb for testnet, > or bc for Bitcoin mainnet. > > The data part of the address is composed of: > > # A version quintet (5 bits), which must be 0 for this > BIP. > # A public key hash, 32 quintets (160 bits). As is > usual for Bitcoin, this is big-endian. > > This is to be interpreted as follows: > > # The given date is the first day that the funds in > the given address may be redeemed. > # The funds are owned by whoever controls the private > key corresponding to the public key hash given. > > === Redemption Code === > > The human-readable part of the redemption code is > composed of: > > # The four characters hedl. > # A date, in YYYYMMDD form. > # A network code, either tb for testnet, > or bc for Bitcoin mainnet. > > The data part of the address is composed of: > > # A version quintet (5 bits), which must be 0 for this > BIP. > # A private key, 52 quintets (260 bits). This is the > 256-bit private key, prepended with 4 0 > bits, in big-endian order. > > This is to be interpreted as follows: > > # The given date is the first day that the funds in > the given address may be redeemed. > # The private key unlocks the funds. > > === Lock Time Computation === > > Given a particular lock date YYYYMMDD, the > actual lock time is computed as follows: > > # The day before the lock date is taken. For example, > if the lock date is 20180101 or > January 1, 2018, we take the date December 31, 2017. > # We take the time 1000h (10:00 AM, or 10 in the morning) > of the date from the above step. > > This lock time is then translated to a > Unix epoch time, as per POSIX.1-2001 (which removes the > buggy day February 29, 2100 in previous POSIX revisions). > The translation should use, at minimum, unsigned 32-bit > numbers to represent the Unix epoch time. > > The Unix epoch time shall then be interpreted as an > nLockTime value, as per standard Bitcoin. > Whether it is possible to represent dates past 2038 > will depend on whether standard Bitcoin can represent > nLockTime values to represent dates past > 2038. > Since nLockTime is an unsigned 32-bit > value, it should be possible to represent dates until > 06:28:15 UTC+0 2106-02-07. > Future versions of Bitcoin should be able to support > nLockTime larger than unsigned 32-bit, > in order to allow even later dates. > > The reason for using an earlier lock time than the > specified date is given in the Rationale section of > this BIP. > > === Payment to a Timelocked Address === > > An ordinary P2SH payment is used to provide funds to a > timelocked address. > > The script below is used as the redeemScript > for the P2SH payment: > > OP_CHECKLOCKTIMEVERIFY OP_DROP > OP_DUP OP_HASH160 OP_EQUALVERIFY OP_CHECKSIG > > Once the redeemScript is derived, the hash is > determined, and an ordinary P2SH output with the below > scriptPubKey used: > > OP_HASH160 OP_EQUAL > > In case of SegWit deployment, SegWit-compatible wallets > should be able to use P2SH, P2WSH, or P2SH-P2WSH, as per > the output they would normally use in that situation. > > Obviously, a timelocked address has an equivalent > Bitcoin 3 (P2SH) address. > A simple service or software that translates from a > public timelocked address to a P2SH address can be > created that makes timelocking (but not redemption) > backwards compatible with wallets that do not support > this BIP. > > This proposal recommends that wallets supporting payment > to P2PKH, P2SH, P2WPKH, and P2WSH Bitcoin addresses should > reuse the same interface for paying to such addresses as > paying into timelocked addresses of this proposal. > > === Redemption of a Timelocked Redemption Code === > > To sweep a timelocked redemption code after the timelock, > one must provide the given redeemScript as > part of the scriptSig, of all unspent > outputs that pay to the given redeemScript > hash. > > When sweeping a timelocked redemption code, first the > wallet must extract the private key from the redemption > code, then derive the public key, the public key hash, > the redeemScript, and finally the > redeemScript hash. > > Then, the wallet must find all unspent outputs that pay > to the redeemScript hash via P2SH (and, in the > case of SegWit deployment, via P2SH-P2WSH and P2WSH). > > For each such output, the wallet then generates a > transaction input with the below scriptSig, as > per usual P2SH redemptions: > > > > The wallet then outputs to an address it can control. > > As the Script involved uses OP_CHECKLOCKTIMEVERIFY, > the nSequence must be 0 and the > nLockTime must be equal to the computed > lock time. > This implies that the transaction cannot be transmitted > (and the funds cannot be sweeped) > until after the given lock time. > > The above procedure is roughly identical to sweeping an > ordinary, exported private key. > > This proposal recommends that wallets supporting a sweep > function should reuse the same interface for sweeping > individual private keys (wallet import format) for sweeping > timelocked redemption codes. > > == Motivation == > > A key motivation for this BIP is to allow easy use of > OP_CHECKLOCKTIMEVERIFY by end-users. > > The below are expected use cases of this proposal: > > # A user wants to purchase an amount of Bitcoin, > and subsequently wait for an amount of time before > cashing out. > The user fears that he or she may have "weak hands", > i.e. sell unfavorably on a temporary dip, and thus > commits the coins into a timelocked fund that can > only be opened after a specific date. > # A user wants to gift an amount of Bitcoins to > an infant or minor, and wants the fund to not be spent > on ill-advised purchases until the infant or minor > reaches the age of maturity. > # A user may wish to prepare some kind of monthly subsidy > or allowance to another user, and prepares a series of > timelocked addresses, redeemable at some set date on > each month, and provides the private redemption codes to > the beneficiary. > # A user may fear duress or ransom for a particular > future time horizon, and voluntarily impose a lock time > during which a majority of their funds cannot be spent. > > == Rationale == > > While in principle, this proposal may be implemented as a > separate service or software, we should consider the long > time horizons that may be desired by users. > A user using a particular software to timelock a fund may > have concerns, for example, of specifying a timelock > 18 years in the future for a gift or inheritance to a > newborn infant. > The software or service may no longer exist after 18 years, > unless the user himself or herself takes over maintenance > of that software or service. > By having a single standard for timelocked funds that is > shared and common among multiple implementations of Bitcoin > wallets, the user has some assurance that the redemption code > for the funds is still useable after 18 years. > Further, a publicly-accessible standard specifying how the > funds can be redeemed will allow technically-capable users > or beneficiaries to create software that can redeem the > timelocked fund. > > This proposal provides a timelock at the granularity of a > day. > The expectation is that users will have long time > durations of months or years, so that the ability to > specify exact times, which would require specifying the > timezone, is unneeded. > > The actual timeout used is 1000h of the day before the > human-readable date, so that timezones of UTC+14 will > definitely be able to redeem the money starting at > 0000h of the human-readable date, local time (UTC+14). > Given the expectation that users will use long time > durations, the fact that timezones of UTC-12 will > actually be able to redeem the funds on 2200h UTC-12 > time two days before can be considered an acceptable > error. > > The human-readable date is formatted according to > [https://www.iso.org/iso-8601-date-and-time-format.html > ISO standard dates], with the dashes removed. > Dashes may prevent double-click selection, making > usability of these addresses less desirable. > > > The bc or tb is after the > date since the date is composed of digits and the bech32 > separator itself is the digit 1. One > simply needs to compare hedlbc202111211... > and hedl20211121bc1.... > > A version quintet is added in case of a future > sociopolitical event that changes interpretation of > dates, or changes in scripting that would allow for more > efficient redemptions of timelocked funds (which would > change the redeemScript paid to), or changes > in the size and/or format of lock times, and so on. > Such changes are unlikely, so the version is a quintet in > the bech32 data part rather than a substring in the > human-readable part. > > The public address format uses the hodl as > the start of the code, while the private key (the > redemption code) uses hedl. > This provides a simple mnemonic for users: > "Pay into the hodl code to hold your > coins until the given date. > After you've held the coins (on or after the given date) > use the hedl code to redeem the coins." > The obvious misspelling of "hodl" is a homage to the common > meme within the Bitcoin community. > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a114853be46855305554f6590 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi ZmnSCPxj,

Few tho= ughts about your proposal:
1- I kinda like the idea and I would pr= obably use it, but still I believe it is a very limited use case and probab= ly most wallet providers will not be interested in supporting it.
= 2- Early adopters and people highly involved in the community may appreciat= e the "hodl" part in the redemption code, but it could cause conf= usion in normal users not understanding the reference.

Regardi= ng the time-zone I think the best option is to stick the UTC standard, usin= g UTC+14 could be confusing since it is very unusual=C2=A0 and we are not u= sed to deal with it.



=
On 12 July 2017 at 10:30, ZmnSCPxj via bitcoin-d= ev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Good morning mailinglist,<= br>

I am saddened at the lack of attention to this= BIP proposal.=C2=A0 I know that it is not as interesting as the debates on= where Bitcoin will go in the future and what needs to be prepared for even= greater mainstream adoption, but I think my BIP proposal does have at leas= t some value to long-term investors.

So far I = have seen only a single public feedback:


Basically, the point in= that feedback is mostly that the computed timelock should be UTC+0 0000h o= f the given human-readable date.

I would like = to respectfully ask the mailing list about which option is best:
<= div>
1.=C2=A0 (current) Use the earliest timezone as of now, = UTC+14 0000h of the given human-readable date.=C2=A0 Pro: No matter where y= ou are in the world, as soon as the given date arrives, the fund can be spe= nt.=C2=A0 Con: For most of the world, the fund can be spent on some time th= e day before, or even two days before for UTC-11 and UTC-12 timezones.
<= /div>

2.=C2=A0 Use the standard timezone UTC+0 0000h of = the given human-readable date.=C2=A0 Pro: standard time.=C2=A0 Con: for hal= f of the world, the fund is not spendable until some time into the given da= te, for the other half, it will be spendable at an earlier date.
<= div>
3.=C2=A0 Allow indicating a timezone to the human-readab= le part.=C2=A0 Pro: gives control over the user's expected local time.= =C2=A0 Con: additional field and effectively more control, need to handle a= lso strange timezones that have 0.5 hour difference from UTC, need to encod= e positive and negative preferably without using + and -, as those may brea= k double-click selection.

I hope to get some f= eedback from this list.

Regards,
ZmnSCPxj

-------- Original Message --------
Subject: [bitcoin-dev] [BIP Proposal] Standard address format = for timelocked funds
Local Time: July 8, 2017 9:13 AM
UTC Time: July 8, 2017 1:13 AM


<pre>
BIP: ?
Title: Standard add= ress format for timelocked funds
Author: ZmnSCPxj <ZmnSCPxj@protonmail.c= om>
Comments-Summary: ?
Comments-URI: ?<= br>
Status: ?
Type: ?
Created: 2017-0= 7-01
License: CC0-1.0
</pre>

=3D=3D Abstract =3D=3D

<co= de>OP_CHECKLOCKTIMEVERIFY</code> provides a method of
locking funds until a particular time arrives.
One pot= ential use of this opcode is for a user to precommit
himself = or herself to not spend funds until a particular
date, i.e. t= o hold the funds until a later date.

This prop= osal adds a format for specifying addresses that
precommit to= timelocked funds, as well as specifying a
redemption code to= redeem funds after the timelock has
passed.
Th= is allows ordinary non-technical users to make use of
<cod= e>OP_CHECKLOCKTIMEVERIFY</code> easily.

=3D=3D Copyright =3D=3D

This BIP is re= leased under CC0-1.0.

=3D=3D Specification =3D= =3D

This proposal provides formats for specify= ing an
address that locks funds until a specified date,
and a redemption code that allows the funds to be
sw= ept on or after the specified date.

At minimum= , wallet software supporting this BIP must
be capable of swee= ping the redemption code on or after
the specified date.
<= /div>
In addition, the wallet software should support sending
=
funds to the timelocked address specified here.
Finally,= wallet software may provide a command to create
a pair of ti= melocked address and redemption code.

Addresse= s and redemption codes are encoded using
Bech32 encoding].

=3D=3D=3D Timelocked Address Format =3D=3D=3D

The human-readable part of the address is composed of:

<= /div>
# The four characters <code>hodl</code>.
# A date, in <code>YYYYMMDD</code> form.=C2=A0 For example,
=C2=A0 the date August 1, 2017 is encoded as <code>20170= 801</code>.
# A network code, either <code>tb<= /code> for testnet,
=C2=A0 or <code>bc</code> = for Bitcoin mainnet.

The data part of the addr= ess is composed of:

# A version quintet (5 bit= s), which must be 0 for this
=C2=A0 BIP.
# A pu= blic key hash, 32 quintets (160 bits).=C2=A0 As is
=C2=A0 usu= al for Bitcoin, this is big-endian.

This is to= be interpreted as follows:

# The given date i= s the first day that the funds in
=C2=A0 the given address ma= y be redeemed.
# The funds are owned by whoever controls the = private
=C2=A0 key corresponding to the public key hash given= .

=3D=3D=3D Redemption Code =3D=3D=3D

The human-readable part of the redemption code is
<= /div>
composed of:

# The four characters &= lt;code>hedl</code>.
# A date, in <code>YYYYMM= DD</code> form.
# A network code, either <code>tb= </code> for testnet,
=C2=A0 or <code>bc</code&= gt; for Bitcoin mainnet.

The data part of the = address is composed of:

# A version quintet (5= bits), which must be 0 for this
=C2=A0 BIP.
# = A private key, 52 quintets (260 bits).=C2=A0 This is the
=C2= =A0 256-bit private key, prepended with 4 <code>0</code>
=C2=A0 bits, in big-endian order.=C2=A0=C2=A0 <!-- We could cons= ider
=C2=A0 some kind of mini private key instead if the secu= rity
=C2=A0 is similar anyway.=C2=A0 -->
This is to be interpreted as follows:

<= div># The given date is the first day that the funds in
=C2= =A0 the given address may be redeemed.
# The private key unlo= cks the funds.

=3D=3D=3D Lock Time Computation= =3D=3D=3D

Given a particular lock date <co= de>YYYYMMDD</code>, the
actual lock time is computed= as follows:

# The day before the lock date is= taken.=C2=A0 For example,
=C2=A0 if the lock date is <cod= e>20180101</code> or
=C2=A0 January 1, 2018, we take= the date December 31, 2017.
# We take the time 1000h (10:00 = AM, or 10 in the morning)
=C2=A0 of the date from the above s= tep.

This lock time is then translated to a
Unix epoch time, as per POSIX.1-2001 (which removes the
buggy day February 29, 2100 in previous POSIX revisions).
<= div>The translation should use, at minimum, unsigned 32-bit
n= umbers to represent the Unix epoch time.

The U= nix epoch time shall then be interpreted as an
<code>nL= ockTime</code> value, as per standard Bitcoin.
Whether = it is possible to represent dates past 2038
will depend on wh= ether standard Bitcoin can represent
<code>nLockTime<= ;/code> values to represent dates past
2038.
Since <code>nLockTime</code> is an unsigned 32-bit
value, it should be possible to represent dates until
06:2= 8:15 UTC+0 2106-02-07.
Future versions of Bitcoin should be a= ble to support
<code>nLockTime</code> larger than= unsigned 32-bit,
in order to allow even later dates.

The reason for using an earlier lock time than the
specified date is given in the Rationale section of
this BIP.

=3D=3D=3D Payment to a Timelocked= Address =3D=3D=3D

An ordinary P2SH payment is= used to provide funds to a
timelocked address.

The script below is used as the <code>redeemScript<= ;/code>
for the P2SH payment:

<timeout> OP_CHECKLOCKTIMEVERIFY OP_DROP
OP_DUP OP_HAS= H160 <publickeyhash> OP_EQUALVERIFY OP_CHECKSIG

Once the <code>redeemScript</code> is derived, the hash= is
determined, and an ordinary P2SH output with the below
<code>scriptPubKey</code> used:

<= /div>
OP_HASH160 <redeemScripthash> OP_EQUAL

In case of SegWit deployment, SegWit-compatible wallets
<= div>should be able to use P2SH, P2WSH, or P2SH-P2WSH, as per
= the output they would normally use in that situation.

Obviously, a timelocked address has an equivalent
Bit= coin <code>3</code> (P2SH) address.
A simple serv= ice or software that translates from a
public timelocked addr= ess to a P2SH address can be
created that makes timelocking (= but not redemption)
backwards compatible with wallets that do= not support
this BIP.

This prop= osal recommends that wallets supporting payment
to P2PKH, P2S= H, P2WPKH, and P2WSH Bitcoin addresses should
reuse the same = interface for paying to such addresses as
paying into timeloc= ked addresses of this proposal.

=3D=3D=3D Rede= mption of a Timelocked Redemption Code =3D=3D=3D

To sweep a timelocked redemption code after the timelock,
= one must provide the given <code>redeemScript</code> as
part of the <code>scriptSig</code>, of all unspent
outputs that pay to the given <code>redeemScript</code>= ;
hash.

When sweeping a timelock= ed redemption code, first the
wallet must extract the private= key from the redemption
code, then derive the public key, th= e public key hash,
the <code>redeemScript</code>,= and finally the
<code>redeemScript</code> hash.<= br>

Then, the wallet must find all unspent outputs= that pay
to the <code>redeemScript</code> hash v= ia P2SH (and, in the
case of SegWit deployment, via P2SH-P2WS= H and P2WSH).

For each such output, the wallet= then generates a
transaction input with the below <code&g= t;scriptSig</code>, as
per usual P2SH redemptions:
<= /div>

<signature> <pubkey> <redeemScript&= gt;

The wallet then outputs to an address it c= an control.

As the Script involved uses <co= de>OP_CHECKLOCKTIMEVERIFY</code>,
the <code&= gt;nSequence</code> must be 0 and the
<code>nLock= Time</code> must be equal to the computed
lock time.
This implies that the transaction cannot be transmitted
(and the funds cannot be sweeped)
until after the give= n lock time.

The above procedure is roughly id= entical to sweeping an
ordinary, exported private key.

This proposal recommends that wallets supporting a s= weep
function should reuse the same interface for sweeping
individual private keys (wallet import format) for sweeping
=
timelocked redemption codes.

=3D=3D= Motivation =3D=3D

A key motivation for this B= IP is to allow easy use of
<code>OP_CHECKLOCKTIMEVERIFY= </code> by end-users.

The below are= expected use cases of this proposal:

# A user= wants to purchase an amount of Bitcoin,
and subsequently wai= t for an amount of time before
cashing out.
The= user fears that he or she may have "weak hands",
i= .e. sell unfavorably on a temporary dip, and thus
commits the= coins into a timelocked fund that can
only be opened after a= specific date.
# A user wants to gift an amount of Bitcoins = to
an infant or minor, and wants the fund to not be spent
=
on ill-advised purchases until the infant or minor
reaches the age of maturity.
# A user may wish to prepare so= me kind of monthly subsidy
or allowance to another user, and = prepares a series of
timelocked addresses, redeemable at some= set date on
each month, and provides the private redemption = codes to
the beneficiary.
# A user may fear dur= ess or ransom for a particular
future time horizon, and volun= tarily impose a lock time
during which a majority of their fu= nds cannot be spent.

=3D=3D Rationale =3D=3D

While in principle, this proposal may be implem= ented as a
separate service or software, we should consider t= he long
time horizons that may be desired by users.
=
A user using a particular software to timelock a fund may
have concerns, for example, of specifying a timelock
18 yea= rs in the future for a gift or inheritance to a
newborn infan= t.
The software or service may no longer exist after 18 years= ,
unless the user himself or herself takes over maintenance
of that software or service.
By having a single = standard for timelocked funds that is
shared and common among= multiple implementations of Bitcoin
wallets, the user has so= me assurance that the redemption code
for the funds is still = useable after 18 years.
Further, a publicly-accessible standa= rd specifying how the
funds can be redeemed will allow techni= cally-capable users
or beneficiaries to create software that = can redeem the
timelocked fund.

= This proposal provides a timelock at the granularity of a
day= .
The expectation is that users will have long time
=
durations of months or years, so that the ability to
spe= cify exact times, which would require specifying the
timezone= , is unneeded.

The actual timeout used is 1000= h of the day before the
human-readable date, so that timezone= s of UTC+14 will
definitely be able to redeem the money start= ing at
0000h of the human-readable date, local time (UTC+14).=
Given the expectation that users will use long time
durations, the fact that timezones of UTC-12 will
actua= lly be able to redeem the funds on 2200h UTC-12
time two days= before can be considered an acceptable
error.
=
The human-readable date is formatted according to
<= div>[https://www.iso.org/iso-8601-date-and-time-format.html<= /a>
Dashes may prevent double-click selection, making

A version quintet is added in case of a future
socio= political event that changes interpretation of
dates, or chan= ges in scripting that would allow for more
efficient redempti= ons of timelocked funds (which would
change the <code>r= edeemScript</code> paid to), or changes
in the size and= /or format of lock times, and so on.
Such changes are unlikel= y, so the version is a quintet in
the bech32 data part rather= than a substring in the
human-readable part.
<= br>
The public address format uses the <code>hodl</code&= gt; as
the start of the code, while the private key (the
<= /div>
redemption code) uses <code>hedl</code>.
This provides a simple mnemonic for users:
"Pay into t= he <code>hodl</code> code to hold your
coins unti= l the given date.
After you've held the coins (on or afte= r the given date)
use the <code>hedl</code> code = to redeem the coins."
The obvious misspelling of "h= odl" is a homage to the common
meme within the Bitcoin c= ommunity.
<!-- The above misspelling may be corrected if i= t is considered
to be in bad taste.=C2=A0 -->
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--001a114853be46855305554f6590--