|
| 1 | +<pre> |
| 2 | + BIP: <p2sh-accounts> |
| 3 | + Title: Derivation scheme for P2WPKH-nested-in-P2SH based accounts |
| 4 | + Author: Daniel Weigl < [email protected]> |
| 5 | + Status: Draft |
| 6 | + Type: Informational |
| 7 | + Created: 2016-05-19 |
| 8 | +</pre> |
| 9 | + |
| 10 | +==Abstract== |
| 11 | + |
| 12 | +This BIP defines the derivation scheme for HD wallets using the P2WPKH-nested-in-P2SH ([[bip-0141.mediawiki|BIP 141]]) serialization format for segregated witness transactions. |
| 13 | + |
| 14 | +==Motivation== |
| 15 | + |
| 16 | +With the usage of P2WPKH-nested-in-P2SH ([[bip-0141.mediawiki#p2wpkh-nested-in-bip16-p2sh|BIP 141]]) transactions it is necessary to have a common derivation scheme. |
| 17 | +It allows the user to use different HD wallets with the same masterseed and/or a single account seamlessly. |
| 18 | + |
| 19 | +Thus the user needs to create a dedicated segregate witness accounts, which ensures that only wallets compatible with this BIP |
| 20 | +will detect the account and handle them appropriately. |
| 21 | + |
| 22 | +===Considerations=== |
| 23 | +Two generally different approaches are possible for current BIP44 capable wallets: |
| 24 | + |
| 25 | + 1) Allow the user to use the same account(s) that they already uses, but add segregated witness encoded addresses to it |
| 26 | + 1.1) Use the same public keys as defined in BIP44, but in addition to the normal P2PKH address also derive the P2SH address from it. |
| 27 | + 1.2) Use the same account root, but branch off and derive different external and internal chain roots to derive dedicated public keys for the segregated witness addresses. |
| 28 | +
|
| 29 | + 2) Create dedicated accounts only used for segregated witness addresses. |
| 30 | +
|
| 31 | +The solutions from point 1 have a common disadvantage: if a user imports/recovers a BIP<ThisBipNumber>-compatible wallet masterseed into/in a non-BIP<ThisBipNumber>-compatible wallet, the account might show up but also it might miss some UTXOs. |
| 32 | +Thus this BIP uses solution 2, which fails in a more visible way. Either the account shows up or not at all. The user does not have to check his balance after using the same seed in different wallets. |
| 33 | + |
| 34 | + |
| 35 | +==Specifications== |
| 36 | + |
| 37 | +This BIP defines the two needed steps to derive multiple deterministic addresses based on a [[bip-0032.mediawiki|BIP 32]] |
| 38 | +root account. |
| 39 | + |
| 40 | +===Public key derivation=== |
| 41 | + |
| 42 | +To derive a public key from the root account, this BIP uses the same account-structure as defined in |
| 43 | +[[bip-0044.mediawiki|BIP 44]], but only uses a different purpose value to indicate the different transaction |
| 44 | +serialization method. |
| 45 | + |
| 46 | +<pre> |
| 47 | +m / purpose' / coin_type' / account' / change / address_index |
| 48 | +</pre> |
| 49 | + |
| 50 | +For the `purpose`-path level it uses <ThisBipNumber>'. The rest of the levels are used as defined in BIP44 |
| 51 | + |
| 52 | + |
| 53 | +===Address derivation=== |
| 54 | + |
| 55 | +To derive the P2SH address from the above calculated public key, we use the encapsulation defined in [[bip-0141.mediawiki#p2wpkh-nested-in-bip16-p2sh|BIP 141]]: |
| 56 | + |
| 57 | + witness: <signature> <pubkey> |
| 58 | + scriptSig: <0 <20-byte-key-hash>> |
| 59 | + (0x160014{20-byte-key-hash}) |
| 60 | + scriptPubKey: HASH160 <20-byte-script-hash> EQUAL |
| 61 | + (0xA914{20-byte-script-hash}87) |
| 62 | +
|
| 63 | + |
| 64 | +==Test vectors== |
| 65 | + |
| 66 | +(tbd. when we have the actual bip number) |
| 67 | +<pre> |
| 68 | + masterseedWords = abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about |
| 69 | + masterseed = <hex...> |
| 70 | + |
| 71 | + // Account 0, root = m/<ThisBipNumber>'/0'/0' |
| 72 | + account0Xpriv = <hex> |
| 73 | +
|
| 74 | + // Account 0, first receiving private key = m/<ThisBipNumber>'/0'/0'/0/0 |
| 75 | + account0recvPrivateKey = <hex> |
| 76 | + account0recvPublickKey = <hex> |
| 77 | +
|
| 78 | + // Address derivation |
| 79 | + keyhash = HASH160(account0recvPublickKey) = <hex> |
| 80 | + scriptSig = <0 <keyhash>> = <hex> |
| 81 | + addressBytes = HASH160(scriptSig) = <hex> |
| 82 | +
|
| 83 | + // addressBytes base58check encoded for testnet |
| 84 | + address = base58check(prefix | addressBytes) = 1xyz.... |
| 85 | +</pre> |
| 86 | + |
| 87 | +... |
| 88 | + |
| 89 | +==Reference== |
| 90 | + |
| 91 | +* [[bip-0016.mediawiki|BIP16 - Pay to Script Hash]] |
| 92 | +* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] |
| 93 | +* [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] |
| 94 | +* [[bip-0043.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic Wallets]] |
| 95 | +* [[bip-0141.mediawiki|BIP141 - Segregated Witness (Consensus layer)]] |
0 commit comments