|
| 1 | +<pre> |
| 2 | + BIP: 48 |
| 3 | + Layer: Applications |
| 4 | + Title: Multi-Script Hierarchy for Multi-Sig Wallets |
| 5 | + Author: Fontaine < [email protected]> |
| 6 | + Comments-Summary: No comments |
| 7 | + Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0048 |
| 8 | + Status: Proposed |
| 9 | + Type: Standards Track |
| 10 | + Created: 2020-12-16 |
| 11 | + License: MIT |
| 12 | +</pre> |
| 13 | + |
| 14 | +==Abstract== |
| 15 | + |
| 16 | +This BIP defines a logical hierarchy for deterministic multi-sig wallets based on an algorithm |
| 17 | +described in BIP-0067 (BIP67 from now on), BIP-0032 (BIP32 from now on), purpose scheme described in |
| 18 | +BIP-0043 (BIP43 from now on), and multi-account hierarchy described in |
| 19 | +BIP-0044 (BIP44 from now on). |
| 20 | + |
| 21 | +This BIP is a particular application of BIP43. |
| 22 | + |
| 23 | +==Copyright== |
| 24 | + |
| 25 | +This BIP falls under the MIT License. |
| 26 | + |
| 27 | +==Motivation== |
| 28 | + |
| 29 | +The motivation of this BIP is to define the existing industry wide practice of utilizing m/48' |
| 30 | +derivation paths in hierarchical deterministic multi-sig wallets so that other developers may |
| 31 | +benefit from a standard. This BIP allows for future script types to easily be appended to the |
| 32 | +specification so that a new BIP is not required for every future script type. |
| 33 | + |
| 34 | +The hierarchy proposed in this paper is quite comprehensive. It allows the handling of |
| 35 | +multiple accounts, external and internal chains per account, multiple script types and |
| 36 | +millions of addresses per chain. |
| 37 | + |
| 38 | +This paper was inspired from BIP44. |
| 39 | + |
| 40 | +==Backwards compatibility== |
| 41 | + |
| 42 | +Currently a number of wallets utilize the <code>m/48'</code> derivation scheme for HD multi-sig accounts. |
| 43 | +This BIP is intended to maintain the *existing* real world use of the <code>m/48'</code> derivation. |
| 44 | +No breaking changes are made so as to avoid "loss of funds" to existing users. |
| 45 | +Wallet's which currently support the <code>m/48'</code> derivation will not need to make any changes |
| 46 | +to comply with this BIP. |
| 47 | + |
| 48 | +==Specification== |
| 49 | + |
| 50 | +===Key sorting=== |
| 51 | + |
| 52 | +Any wallet that supports BIP48 inherently supports deterministic key sorting as per BIP67 so that all possible |
| 53 | +multi-signature addresses/scripts are derived from deterministically sorted public keys. |
| 54 | + |
| 55 | +===Path levels=== |
| 56 | + |
| 57 | +We define the following 6 levels in BIP32 path: |
| 58 | + |
| 59 | +<pre> |
| 60 | +m / purpose' / coin_type' / account' / script_type' / change / address_index |
| 61 | +</pre> |
| 62 | + |
| 63 | +<code>h</code> or <code>'</code> in the path indicates that BIP32 hardened derivation is used. |
| 64 | + |
| 65 | +Each level has a special meaning, described in the chapters below. |
| 66 | + |
| 67 | +===Purpose=== |
| 68 | + |
| 69 | +Purpose is a constant set to 48' following the BIP43 recommendation. |
| 70 | +It indicates that the subtree of this node is used according to this specification. |
| 71 | + |
| 72 | +Hardened derivation is used at this level. |
| 73 | + |
| 74 | +===Coin type=== |
| 75 | + |
| 76 | +One master node (seed) can be used for multiple Bitcoin networks. |
| 77 | +Sharing the same space for various networks has some disadvantages. |
| 78 | + |
| 79 | +Avoiding reusing addresses across networks and improving privacy issues. |
| 80 | + |
| 81 | +Coin type <code>0</code> for mainnet and <code>1</code> for testnet. |
| 82 | + |
| 83 | +Hardened derivation is used at this level. |
| 84 | + |
| 85 | +===Account=== |
| 86 | + |
| 87 | +This level splits the key space into independent user identities, following the BIP44 pattern, |
| 88 | +so the wallet never mixes the coins across different accounts. |
| 89 | + |
| 90 | +Users can use these accounts to organize the funds in the same |
| 91 | +fashion as bank accounts; for donation purposes (where all |
| 92 | +addresses are considered public), for saving purposes, |
| 93 | +for common expenses etc. |
| 94 | + |
| 95 | +Accounts are numbered from index 0 in sequentially increasing manner. |
| 96 | +This number is used as child index in BIP32 derivation. |
| 97 | + |
| 98 | +Hardened derivation is used at this level. |
| 99 | + |
| 100 | +===Script=== |
| 101 | + |
| 102 | +This level splits the key space into two separate <code>script_type</code>(s). To provide |
| 103 | +forward compatibility for future script types this specification can be easily extended. |
| 104 | + |
| 105 | +Currently the only script types covered by this BIP are Native Segwit (p2wsh) and |
| 106 | +Nested Segwit (p2sh-p2wsh). |
| 107 | + |
| 108 | +The following path represents Nested Segwit (p2sh-p2wsh) mainnet, account 0: |
| 109 | +<code>1'</code>: Nested Segwit (p2sh-p2wsh) <code>m/48'/0'/0'/1'</code></br> |
| 110 | + |
| 111 | +The following path represents Native Segwit (p2wsh) mainnet, account 0: |
| 112 | +<code>2'</code>: Native Segwit (p2wsh) <code>m/48'/0'/0'/2'</code></br> |
| 113 | + |
| 114 | +The recommended default for wallets is pay to witness script hash <code>m/48'/0'/0'/2'</code>. |
| 115 | + |
| 116 | +To add new script types submit a PR to this specification and include it in the list above: |
| 117 | +<code>X'</code>: Future script type <code>m/48'/0'/0'/X'</code></br> |
| 118 | + |
| 119 | +===Change=== |
| 120 | + |
| 121 | +Constant 0 is used for external chain and constant 1 for internal chain (also |
| 122 | +known as change addresses). External chain is used for addresses that are meant |
| 123 | +to be visible outside of the wallet (e.g. for receiving payments). Internal |
| 124 | +chain is used for addresses which are not meant to be visible outside of the |
| 125 | +wallet and is used for return transaction change. |
| 126 | + |
| 127 | +Public derivation is used at this level. |
| 128 | + |
| 129 | +===Index=== |
| 130 | + |
| 131 | +Addresses are numbered from index 0 in sequentially increasing manner. |
| 132 | +This number is used as child index in BIP32 derivation. |
| 133 | + |
| 134 | +Public derivation is used at this level. |
| 135 | + |
| 136 | +==Examples== |
| 137 | + |
| 138 | +{| |
| 139 | +|network |
| 140 | +|account |
| 141 | +|script |
| 142 | +|chain |
| 143 | +|address |
| 144 | +|path |
| 145 | +|- |
| 146 | +|mainnet |
| 147 | +|first |
| 148 | +|p2wsh |
| 149 | +|external |
| 150 | +|first |
| 151 | +|m / 48' / 0' / 0' / 2' / 0 / 0 |
| 152 | +|- |
| 153 | +|mainnet |
| 154 | +|first |
| 155 | +|p2wsh |
| 156 | +|external |
| 157 | +|second |
| 158 | +|m / 48' / 0' / 0' / 2' / 0 / 1 |
| 159 | +|- |
| 160 | +|mainnet |
| 161 | +|first |
| 162 | +|p2wsh |
| 163 | +|change |
| 164 | +|first |
| 165 | +|m / 48' / 0' / 0' / 2' / 1 / 0 |
| 166 | +|- |
| 167 | +|mainnet |
| 168 | +|first |
| 169 | +|p2wsh |
| 170 | +|change |
| 171 | +|second |
| 172 | +|m / 48' / 0' / 0' / 2' / 1 / 1 |
| 173 | +|- |
| 174 | +|mainnet |
| 175 | +|second |
| 176 | +|p2wsh |
| 177 | +|external |
| 178 | +|first |
| 179 | +|m / 48' / 0' / 1' / 2' / 0 / 0 |
| 180 | +|- |
| 181 | +|mainnet |
| 182 | +|second |
| 183 | +|p2wsh |
| 184 | +|external |
| 185 | +|second |
| 186 | +|m / 48' / 0' / 1' / 2' / 0 / 1 |
| 187 | +|- |
| 188 | +|testnet |
| 189 | +|first |
| 190 | +|p2sh-p2wsh |
| 191 | +|external |
| 192 | +|first |
| 193 | +|m / 48' / 1' / 0' / 1' / 0 / 0 |
| 194 | +|- |
| 195 | +|testnet |
| 196 | +|first |
| 197 | +|p2wsh |
| 198 | +|external |
| 199 | +|second |
| 200 | +|m / 48' / 1' / 0' / 2' / 0 / 1 |
| 201 | +|- |
| 202 | +|testnet |
| 203 | +|first |
| 204 | +|p2wsh |
| 205 | +|change |
| 206 | +|first |
| 207 | +|m / 48' / 1' / 0' / 2' / 1 / 0 |
| 208 | +|- |
| 209 | +|testnet |
| 210 | +|first |
| 211 | +|p2wsh |
| 212 | +|change |
| 213 | +|second |
| 214 | +|m / 48' / 1' / 0' / 2' / 1 / 1 |
| 215 | +|- |
| 216 | +|testnet |
| 217 | +|second |
| 218 | +|p2wsh |
| 219 | +|external |
| 220 | +|first |
| 221 | +|m / 48' / 1' / 1' / 2' / 0 / 0 |
| 222 | +|- |
| 223 | +|testnet |
| 224 | +|second |
| 225 | +|p2wsh |
| 226 | +|external |
| 227 | +|second |
| 228 | +|m / 48' / 1' / 1' / 2' / 0 / 1 |
| 229 | +|- |
| 230 | +|testnet |
| 231 | +|second |
| 232 | +|p2wsh |
| 233 | +|change |
| 234 | +|first |
| 235 | +|m / 48' / 1' / 1' / 2' / 1 / 0 |
| 236 | +|- |
| 237 | +|testnet |
| 238 | +|second |
| 239 | +|p2wsh |
| 240 | +|change |
| 241 | +|second |
| 242 | +|m / 48' / 1' / 1' / 2' / 1 / 1 |
| 243 | +|} |
| 244 | + |
| 245 | + |
| 246 | +==Reference== |
| 247 | + |
| 248 | +* [[bip-0067.mediawiki|BIP67 - Deterministic Pay-to-script-hash multi-signature addresses through public key sorting]] |
| 249 | +* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] |
| 250 | +* [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] |
| 251 | +* [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic Wallets]] |
0 commit comments