The primary change is to truly have all input and output data for each in their respective maps

1) +1. It would be really great to have a complete map per input/output that does not require an annoying lookup to a global field.

A Bitcoin transaction only has a single locktime yet a PSBT may have multiple lock times.

2) One other thing, the per input timelock also helps in detecting whether the transaction contains a mix of block-based

timelocks and height based timelocks. Recall that such inputs can't be spent together under the same nLocktime.

3) Finally, one last thing which I noted while implementing a generic finalizer for Miniscript is the restriction on sighashType.
From the BIP

Signatures for this input must use the sighash type, finalizers must fail to finalize inputs which have signatures that do not match the specified sighash type. Signers who cannot produce signatures with the sighash type must not provide a signature.

Is such a restriction necessary? If the purpose is to only suggest signer which sighashType to use, then I think the finalizer

should not reject those. Along those lines, we can also mark with suggestions for the type of nlockTime(block vs height) that

should be used. With such suggestions, input parties can decide which branches in the satisfaction they should prefer and

sign with the corresponding signatures. Note that this purpose is different from the stated purpose of

PSBT_GLOBAL_PREFERRED_LOCKTIME.

Cheers,
Sanket

On Wed, Dec 9, 2020 at 4:33 PM Andrew Chow via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:

Hi All,

I would like to propose a new PSBT version that addresses a few
deficiencies in the current PSBT v0. As this will be backwards
incompatible, a new PSBT version will be used, v1.

The primary change is to truly have all input and output data for each
in their respective maps. Instead of having to parse an unsigned
transaction and lookup some data from there, and other data from the
correct map, all of the data for an input will be contained in its map.
Doing so also disallows PSBT_GLOBAL_UNSIGNED_TX in this new version.
Thus I propose that the following fields be added:

Global:
* PSBT_GLOBAL_TX_VERSION = 0x02
   * Key: empty
   * Value: 32-bit little endian unsigned integer for the transaction
version number. Must be provided in PSBT v1 and omitted in v0.
* PSBT_GLOBAL_PREFERRED_LOCKTIME = 0x03
   * Key: empty
   * Value: 32 bit little endian unsigned integer for the preferred
transaction lock time. Must be omitted in PSBT v0. May be provided in
PSBT v1, assumed to be 0 if not provided.
* PSBT_GLOBAL_INPUT_COUNT = 0x04
   * Key: empty
   * Value: Compact size unsigned integer. Number of inputs in this
PSBT. Must be provided in PSBT v1 and omitted in v0.
* PSBT_GLOBAL_OUTPUT_COUNT = 0x05
   * Key: empty
   * Value: Compact size unsigned integer. Number of outputs in this
PSBT. Must be provided in PSBT v1 and omitted in v0.

Input:
* PSBT_IN_PREVIOUS_TXID = 0x0e
   * Key: empty
   * Value: 32 byte txid of the previous transaction whose output at
PSBT_IN_OUTPUT_INDEX is being spent. Must be provided in PSBT v1 and
omitted in v0.
* PSBT_IN_OUTPUT_INDEX = 0x0f
   * Key: empty
   * Value: 32 bit little endian integer for the index of the output
being spent. Must be provided in PSBT v1 and omitted in v0.
* PSBT_IN_SEQUENCE = 0x0f
   * Key: empty
   * Value: 32 bit unsigned little endian integer for the sequence
number. Must be omitted in PSBT v0. May be provided in PSBT v1 assumed
to be max sequence (0xffffffff) if not provided.
* PSBT_IN_REQUIRED_LOCKTIME = 0x10
   * Key: empty
   * Value: 32 bit unsigned little endian integer for the lock time that
this input requires. Must be omitted in PSBT v0. May be provided in PSBT
v1, assumed to be 0 if not provided.

Output:
* PSBT_OUT_VALUE = 0x03
   * Key: empty
   * Value: 64-bit unsigned little endian integer for the output's
amount in satoshis. Must be provided in PSBT v1 and omitted in v0.
* PSBT_OUT_OUTPUT_SCRIPT = 0x04
   * Key: empty
   * Value: The script for this output. Otherwise known as the
scriptPubKey. Must be provided in PSBT v1 and omitted in v0.

This change allows for PSBT to be used in the construction of
transactions. With these new fields, inputs and outputs can be added as
needed. One caveat is that there is no longer a unique transaction
identifier so more care must be taken when combining PSBTs.
Additionally, adding new inputs and outputs must be done such that
signatures are not invalidated. This may be harder to specify.

An important thing to note in this proposal are the fields
PSBT_GLOBAL_PREFERRED_LOCKTIME and PSBT_IN_REQUIRED_LOCKTIME. A Bitcoin
transaction only has a single locktime yet a PSBT may have multiple
locktimes. To choose the locktime for the transaction, finalizers must
choose the maximum of all of the *_LOCKTIME fields.
PSBT_IN_REQUIRED_LOCKTIME is added because some inputs, such as those
involving OP_CHECKLOCKTIMEVERIFY, require a specific minimum locktime to
be set. This field allows finalizers to choose a locktime that is high
enough for all inputs without needing to understand the scripts
involved. The PSBT_GLOBAL_PREFERRED_LOCKTIME is the locktime to use if
no inputs require a particular locktime.

As these changes disallow the PSBT_GLOBAL_UNSIGNED_TX field, PSBT v1
needs the version number bump to enforce backwards incompatibility.
However once the inputs and outputs of a PSBT are decided, a PSBT could
be "downgraded" back to v0 by creating the unsigned transaction from the
above fields, and then dropping these new fields.

If the list finds that these changes are reasonable, I will write a PR
to modify BIP 174 to incorporate them.

Thanks,
Andrew Chow

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev