You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bip-0174.mediawiki
+23Lines changed: 23 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -118,6 +118,12 @@ The currently defined global types are as follows:
118
118
*** <tt>{transaction}</tt>
119
119
** Note: Every PSBT must have a field with this type.
120
120
121
+
* Type: Extended Public Key <tt>PSBT_GLOBAL_XPUB = 0x01</tt>
122
+
** Key: The type followed by the 78 byte serialized extended public key as defined by BIP 32. Extended public keys are those that can be used to derive public keys used in the inputs and outputs of this transaction. It should be the public key at the highest hardened derivation index so that the unhardened child keys used in the transaction can be derived.
123
+
*** <tt>{0x01}|{xpub}</tt>
124
+
** Value: The master key fingerprint as defined by BIP 32 concatenated with the derivation path of the public key. The derivation path is represented as 32 bit unsigned integer indexes concatenated with each other. The number of 32 bit unsigned integer indexes must match the depth provided in the extended public key.
@@ -358,6 +364,23 @@ for input,i in enumerate(psbt.inputs):
358
364
assert False
359
365
</pre>
360
366
367
+
====Change Detection====
368
+
369
+
Signers may wish to display the inputs and outputs to users for extra verification.
370
+
In such displays, signers may wish to identify which outputs are change outputs in order to omit them to avoid additional user confusion.
371
+
In order to detect change, a signer can use the BIP 32 derivation paths provided in inputs and outputs as well as the extended public keys provided globally.
372
+
373
+
For a single key output, a signer can observe whether the master fingerprint for the public key for that output belongs to itself.
374
+
If it does, it can then derive the public key at the specified derivation path and check whether that key is the one present in that output.
375
+
376
+
For outputs involving multiple keys, a signer can first examine the inputs that it is signing.
377
+
It should determine the general pattern of the script and internally produce a representation of the policy that the script represents.
378
+
Such a policy can include things like how many keys are present, what order they are in, how many signers are necessary, which signers are required, etc.
379
+
The signer can then use the BIP 32 derivation paths for each of the pubkeys to find which global extended public key is the one that can derive that particular public key.
380
+
To do so, the signer would extract the derivation path to the highest hardened index and use that to lookup the public key with that index and master fingerprint.
381
+
The signer would construct this script policy with extended public keys for all of the inputs and outputs.
382
+
Change outputs would then be identified as being the outputs which have the same script policy as the inputs that are being signed.
0 commit comments