You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _posts/en/pages/2016-01-18-segwit-wallet-dev.md
+18-22Lines changed: 18 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,11 @@
1
1
---
2
-
version: 3
2
+
version: 4
3
3
title: Segregated Witness Wallet Development Guide
4
4
name: segwit-wallet-dev
5
5
type: pages
6
6
layout: page
7
7
lang: en
8
8
permalink: /en/segwit_wallet_dev/
9
-
version: 1
10
9
---
11
10
{% include _toc.html %}
12
11
{% include _references.md %}
@@ -59,7 +58,7 @@ A wallet MUST implement all the features in this section, in order to be conside
59
58
* If a transaction does not have any witness data, its <code>wtxid</code> is same as the <code>txid</code>.
60
59
* The <code>txid</code> remains the primary identifier of a transaction:
61
60
* It MUST be used in the <code>txin</code> when referring to a previous output.
62
-
* If a wallet or service is currently using <code>txid</code> to identify transactions, it is expected to use the same after upgrade.
61
+
* If a wallet or service is currently using <code>txid</code> to identify transactions, it is expected to continue using this with segwit.
63
62
64
63
#### Signature Generation and Verification for P2SH-P2WPKH
65
64
@@ -83,8 +82,7 @@ A wallet MUST implement all the features in this section, in order to be conside
83
82
84
83
#### User Privacy
85
84
86
-
* In the early days just after segwit is activated, there may be limited number of segwit transactions in the network.
87
-
* Using segwit transaction when it is uncommon may make Bitcoin tracking easier.
85
+
* Until segwit transactions are commonplace, this transaction type may make Bitcoin tracking easier.
88
86
* Using P2SH-P2WPKH as default change output may also have an impact on privacy.
89
87
90
88
#### Transaction Fee Estimation
@@ -96,17 +94,13 @@ A wallet MUST implement all the features in this section, in order to be conside
96
94
* Developers should be careful not to make an off-by-4-times mistake in fee estimation.
97
95
98
96
99
-
#### Upgrade Safety
97
+
#### Activation {#upgrade-safety}
100
98
101
-
* End users MUST NOT be allowed to generate any P2SH-P2WPKH or other segwit addresses before segwit is fully activated on the network. Before activation, using P2SH-P2WPKH or other segwit addresses may lead to permanent fund loss
102
-
* Similarly, change MUST NOT be sent to a segwit output before activation
103
-
* Activation of segwit is defined by [BIP9][]. After 15 Nov 2016 and before 15 Nov 2017 UTC, if in a full retarget cycle at least 1916 out of 2016 blocks is signaling readiness, segwit will be activated in the retarget cycle after the next one
104
-
* If a wallet does not have the ability to follow the [BIP9][] signal, the upgraded version should not be released to end users until it is activated
105
-
* If there were any concerns that some miners may not correctly enforce the new rules, release of the upgraded wallet may be delayed until evidence has shown that vast majority (if not all) miners are following the new rules. Violations would be very obvious, shown as invalid orphaned blocks.
99
+
* As of block height 481824, all SegWit ready nodes started enforcing the new SegWit consensus rules.
106
100
107
101
#### Backward Compatibility
108
102
109
-
* Sending and receiving P2PKH payment (address with prefix 1) should remain to be supported.
103
+
* Sending and receiving legacy P2PKH payment (address with prefix 1) should continue to be supported.
110
104
111
105
112
106
### Complex script support
@@ -115,7 +109,7 @@ If a wallet supports script types other than just single signature, such as mult
115
109
116
110
#### Creation of P2SH-P2WSH Address
117
111
118
-
* A P2SH-P2WSH address is comparable to Bitcoin's original P2SH address, which allows representation of arbritarily complex scripts with a fixed size address.
112
+
* A P2SH-P2WSH address is comparable to Bitcoin's original P2SH address, which allows representation of arbitrarily complex scripts with a fixed size address.
119
113
* Like any other P2SH and P2SH-P2WPKH address, P2SH-P2WSH address has prefix 3. They are indistinguishable until the UTXO is spent
120
114
* To create a P2SH-P2WSH address:
121
115
1. Define a script, called (<code>witnessScript</code>)
@@ -124,9 +118,9 @@ If a wallet supports script types other than just single signature, such as mult
124
118
4. Same as any other P2SH, the <code>scripPubKey</code> is <code>OP_HASH160 hash160(redeemScript) OP_EQUAL</code>, and the address is the corresponding P2SH address with prefix 3.
125
119
* Restrictions on the script
126
120
* The script evaluation must not fail, and MUST leave one and only one TRUE stack item after evaluation. Otherwise, the evaluation is failed.
127
-
* Any public key inside P2SH-P2WSH scripts MUST be compressed key, or fund may be lost permenantly.
128
-
* If OP_IF or OP_NOTIF is used, it argument MUST be either an empty vector (for false) or <code>0x01</code> (for true). Use of other value may lead to permenant fund loss. ([BIP draft](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013014.html))
129
-
* If an OP_CHECKSIG or OP_CHECKMULTISIG is returning a fail, all signature(s) must be empty vector(s). Otherwise, fund may be lost permenantly. ([BIP146][])
121
+
* Any public key inside P2SH-P2WSH scripts MUST be compressed key, or fund may be lost permanently.
122
+
* If OP_IF or OP_NOTIF is used, it argument MUST be either an empty vector (for false) or <code>0x01</code> (for true). Use of other value may lead to permanent fund loss. ([BIP draft](https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013014.html))
123
+
* If an OP_CHECKSIG or OP_CHECKMULTISIG is returning a fail, all signature(s) must be empty vector(s). Otherwise, fund may be lost permanently. ([BIP146][])
130
124
* There is a default policy limit for the <code>witnessScript</code> at 3600 bytes. Except the <code>witnessScript</code>, there could be at most 100 witness stack items, with at most 80 bytes each. Transactions excessing these limits may not be relayed nor included in a block
131
125
* Many of the original scripts consensus limitations, such as 10000 bytes script size, 201 <code>nOpCount</code>, are still applied to P2SH-P2WSH
132
126
* The 520 bytes script size limit for P2SH is not applicable to P2SH-P2WSH. It is replaced by the 3600 bytes policy limit and 10000 bytes consensus limit.
@@ -138,12 +132,12 @@ If a wallet supports script types other than just single signature, such as mult
138
132
* The last witness item of the corresponding witness field MUST be the <code>witnessScript</code>
139
133
* The new [BIP143][] signature generation algorithm is applied:
140
134
* Without using any OP_CODESEPARATOR, the <code>scriptCode</code> is <code>witnessScript</code> preceeded by a <code>compactSize</code> integer for the size of <code>witnessScript</code>. For example, if the script is OP_1 (<code>0x51</code>), the <code>scriptCode</code> being serialized is (<code>0x0151</code>)
141
-
* For any unusal scripts containing OP_CODESEPARATOR, please refer to [BIP143][] for the exact semantics
135
+
* For any unusual scripts containing OP_CODESEPARATOR, please refer to [BIP143][] for the exact semantics
142
136
* Any witness stack items before the <code>witnessScript</code> are used as the input stack for script evaluation. The input stack is not interpreted as script. For example, there is no need to use a <code>0x4c</code> (OP_PUSHDATA1) to "push" a big item.
143
137
* To verify the correctness of signature generation and stack serialization, please always test against the examples in [BIP143][]
The following functions are not required for initial segwit support.
149
143
@@ -161,20 +155,22 @@ The following functions are not required for initial segwit support.
161
155
* When spending a native P2WSH, the <code>scriptSig</code> MUST be empty, and the witness stack format and signature generating rules are same as P2SH-P2WSH (including the requirement of using compressed public key)
#### Why and How to Use Native (Bech32) P2WPKH and P2WSH?
165
159
166
-
* There is no address format for native P2WPKH and P2WSH. BIP142 is deferred and is likely to be implemented in a completely different way. Another attempt, [BIP173][] (Bech32), has 'Draft' status as of June 2017.
160
+
*[BIP173][] proposes a checksummed base32 format (Bech32) for native P2WPKH and P2WSH addresses.
161
+
* Support for Bech32 addresses was included in Bitcoin Core v0.16.0
167
162
* Comparing with the P2SH versions, the transaction <code>vsize</code> of native versions is smaller in most cases, and therefore less fee may be required
168
163
* Native P2WPKH and P2WSH may be used with raw <code>scriptPubKey</code> protocols, such as the Payment Protocol (BIP70). However, it may affect the privacy of the payer and recipient (see below).
169
-
* Native P2WPKH and P2WSH may be used as default change address, but this may allow other people identifying the change easily (see below)
170
-
*It is expected that the use of native P2WPKH and P2WSH would be uncommon at the beginning, which may cause privacy concerns among the users.
164
+
* Native P2WPKH and P2WSH may be used as default change address, but this may allow other people to identify the change easily (see below)
165
+
*Until native P2WPKH and P2WSH are widely used, these address types may cause privacy concerns among users.
171
166
172
167
173
168
### Scripts and Transactions Examples
174
169
175
170
*[Examples of different witness transaction types and transaction validity checking tool](http://n.bitcoin.ninja/checktx)
0 commit comments