|
| 1 | +<pre> |
| 2 | + BIP: 49 |
| 3 | + Title: Derivation scheme for P2WPKH-nested-in-P2SH based accounts |
| 4 | + Author: Daniel Weigl < [email protected]> |
| 5 | + Status: Draft |
| 6 | + Type: Informational |
| 7 | + Created: 2016-05-19 |
| 8 | +</pre> |
| 9 | + |
| 10 | +==Abstract== |
| 11 | + |
| 12 | +This BIP defines the derivation scheme for HD wallets using the P2WPKH-nested-in-P2SH ([[bip-0141.mediawiki|BIP 141]]) serialization format for segregated witness transactions. |
| 13 | + |
| 14 | +==Motivation== |
| 15 | + |
| 16 | +With the usage of P2WPKH-nested-in-P2SH ([[bip-0141.mediawiki#p2wpkh-nested-in-bip16-p2sh|BIP 141]]) transactions it is necessary to have a common derivation scheme. |
| 17 | +It allows the user to use different HD wallets with the same masterseed and/or a single account seamlessly. |
| 18 | + |
| 19 | +Thus the user needs to create a dedicated segregate witness accounts, which ensures that only wallets compatible with this BIP |
| 20 | +will detect the account and handle them appropriately. |
| 21 | + |
| 22 | +===Considerations=== |
| 23 | +Two generally different approaches are possible for current BIP44 capable wallets: |
| 24 | + |
| 25 | +1) Allow the user to use the same account(s) that they already uses, but add segregated witness encoded addresses to it |
| 26 | + |
| 27 | +1.1) Use the same public keys as defined in BIP44, but in addition to the normal P2PKH address also derive the P2SH address from it. |
| 28 | + |
| 29 | +1.2) Use the same account root, but branch off and derive different external and internal chain roots to derive dedicated public keys for the segregated witness addresses. |
| 30 | + |
| 31 | +2) Create dedicated accounts only used for segregated witness addresses. |
| 32 | + |
| 33 | +The solutions from point 1 have a common disadvantage: if a user imports/recovers a BIP49-compatible wallet masterseed into/in a non-BIP{ThisBipNumber}-compatible wallet, the account might show up but also it might miss some UTXOs. |
| 34 | + |
| 35 | +Therefore this BIP uses solution 2, which fails in a more visible way. Either the account shows up or not at all. The user does not have to check his balance after using the same seed in different wallets. |
| 36 | + |
| 37 | + |
| 38 | +==Specifications== |
| 39 | + |
| 40 | +This BIP defines the two needed steps to derive multiple deterministic addresses based on a [[bip-0032.mediawiki|BIP 32]] root account. |
| 41 | + |
| 42 | +===Public key derivation=== |
| 43 | + |
| 44 | +To derive a public key from the root account, this BIP uses the same account-structure as defined in |
| 45 | +[[bip-0044.mediawiki|BIP 44]], but only uses a different purpose value to indicate the different transaction |
| 46 | +serialization method. |
| 47 | + |
| 48 | +<pre> |
| 49 | +m / purpose' / coin_type' / account' / change / address_index |
| 50 | +</pre> |
| 51 | + |
| 52 | +For the `purpose`-path level it uses {ThisBipNumber}'. The rest of the levels are used as defined in BIP44 |
| 53 | + |
| 54 | + |
| 55 | +===Address derivation=== |
| 56 | + |
| 57 | +To derive the P2SH address from the above calculated public key, we use the encapsulation defined in [[bip-0141.mediawiki#p2wpkh-nested-in-bip16-p2sh|BIP 141]]: |
| 58 | + |
| 59 | + witness: <signature> <pubkey> |
| 60 | + scriptSig: <0 <20-byte-key-hash>> |
| 61 | + (0x160014{20-byte-key-hash}) |
| 62 | + scriptPubKey: HASH160 <20-byte-script-hash> EQUAL |
| 63 | + (0xA914{20-byte-script-hash}87) |
| 64 | +
|
| 65 | +==Backwards Compatibility== |
| 66 | + |
| 67 | +This BIP is not backwards compatible by design as described under [#considerations]. A not compatible wallet will not discover accounts at all and the user will notice that something is wrong. |
| 68 | + |
| 69 | + |
| 70 | +==Test vectors== |
| 71 | + |
| 72 | +(tbd. when we have the actual bip number) |
| 73 | +<pre> |
| 74 | + masterseedWords = abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about |
| 75 | + masterseed = <hex...> |
| 76 | + |
| 77 | + // Account 0, root = m/49'/0'/0' |
| 78 | + account0Xpriv = <hex> |
| 79 | +
|
| 80 | + // Account 0, first receiving private key = m/49'/0'/0'/0/0 |
| 81 | + account0recvPrivateKey = <hex> |
| 82 | + account0recvPublickKey = <hex> |
| 83 | +
|
| 84 | + // Address derivation |
| 85 | + keyhash = HASH160(account0recvPublickKey) = <hex> |
| 86 | + scriptSig = <0 <keyhash>> = <hex> |
| 87 | + addressBytes = HASH160(scriptSig) = <hex> |
| 88 | +
|
| 89 | + // addressBytes base58check encoded for testnet |
| 90 | + address = base58check(prefix | addressBytes) = 1xyz.... |
| 91 | +</pre> |
| 92 | + |
| 93 | + |
| 94 | +==Reference== |
| 95 | + |
| 96 | +* [[bip-0016.mediawiki|BIP16 - Pay to Script Hash]] |
| 97 | +* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] |
| 98 | +* [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] |
| 99 | +* [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic Wallets]] |
| 100 | +* [[bip-0141.mediawiki|BIP141 - Segregated Witness (Consensus layer)]] |
| 101 | +
|
| 102 | +== Copyright == |
| 103 | + |
| 104 | +This document is placed in the public domain. |
0 commit comments