From: Andrew Chow <achow101-lists@achow101•com>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Derivation Paths for Single Key Taproot Scripts
Date: Fri, 02 Jul 2021 20:03:20 +0000 [thread overview]
Message-ID: <ad7b84a7-7666-7cde-6ba9-84a5ffbc04be@achow101.com> (raw)
In-Reply-To: <6bb9110e-b726-0470-96f0-2d68eadf23a3@achow101.com>
This was assigned BIP number 86, so the purpose level path will be m/86'
Andrew
On 6/22/21 9:17 PM, Andrew Chow wrote:
> Hi All,
>
> I would like to propose a simple derivation path scheme for keys to be
> used in single key Taproot scripts. This is based on BIP 44 so it is
> basically identical to BIPs 49 and 84. Like with those BIPs, the actual
> value to be used in the purpose level will be set to the BIP number,
> once assigned.
>
> Note that the keys derived in this method should be for the Taproot
> internal key, which should then be tweaked with the hash of itself as
> recommended by BIP 341. The keys derived at this path should not be used
> directly as the Taproot output pubkey. Additionally, this BIP does not
> specify new version bytes for extended key serialization because, with
> the advent of descriptors, I think that is unnecessary. In fact, this
> BIP feels somewhat unnecessary to me, but it seems like it will be
> needed for now in order to drive adoption and implementation of Taproot
> into software and hardware wallets.
>
> The text can be viewed below, with the rendered text available at
> https://github.com/achow101/bips/blob/taproot-bip44/bip-taproot-bip44.mediawiki
>
> Andrew Chow
>
> ---
>
> <pre>
> BIP: bip-taproot-bip44
> Layer: Applications
> Title: Derivation scheme for P2TR based accounts
> Author: Andrew Chow <andrew@achow101•com>
> Comments-Summary: No comments yet.
> Comments-URI:
> https://github.com/bitcoin/bips/wiki/Comments:BIP-taproot-bip44
> Status: Draft
> Type: Informational
> Created: 2021-06-22
> License: BSD-2-Clause
> </pre>
>
> ==Abstract==
>
> This document suggests a derivation scheme for HD wallets whose keys are
> involved in single key
> P2TR ([[bip-0341.mediawiki|BIP 341]]) outputs as the Taproot internal key.
>
> ===Copyright===
>
> This BIP is licensed under the 2-clause BSD license.
>
> ==Motivation==
>
> With the usage of single key P2TR transactions, it is useful to have a
> common derivation scheme so
> that HD wallets that only have a backup of the HD seed can be likely to
> recover single key Taproot
> outputs. Although there are now solutions which obviate the need for
> fixed derivation paths for
> specific script types, many software wallets and hardware signers still
> use seed backups which
> lack derivation path and script information. Thus we largely use the
> same approach used in BIPs
> [[bip-0049.mediawiki|49]] and [[bip-0084.mediawiki|84]] for ease of
> implementation.
>
> ==Specifications==
>
> This BIP defines the two needed steps to derive multiple deterministic
> addresses based on a
> [[bip-0032.mediawiki|BIP 32]] master private key.
>
> ===Public key derivation===
>
> To derive a public key from the root account, this BIP uses the same
> account-structure as
> defined in BIPs [[bip-0044.mediawiki|44]], [[bip-0049.mediawiki|49]],
> and [[bip-0084.mediawiki|84]],
> but with a different purpose value for the script type.
>
> <pre>
> m / purpose' / coin_type' / account' / change / address_index
> </pre>
>
> For the <tt>purpose</tt>-path level it uses <tt><BIPNUMBER>'</tt>.
> The rest of the levels are used as defined in BIPs 44, 49, and 84.
>
> ===Address derivation===
>
> To derive the output key used in the P2TR script from the derived public
> key, we use the method
> recommended in
> [[bip-0341.mediawiki#constructing-and-spending-taproot-outputs|BIP 341]]:
>
> <pre>
> internal_key: lift_x(derived_key)
> 32_byte_output_key: internal_key + int(HashTapTweak(bytes(internal_key)))G
> </pre>
>
> In a transaction, the scripts and witnesses are as defined in
> [[bip-0341.mediawiki#specification|BIP 341]]:
>
> <pre>
> witness: <signature>
> scriptSig: (empty)
> scriptPubKey: 1 <32_byte_output_key>
> (0x5120{32_byte_output_key})
> </pre>
>
> ==Backwards Compatibility==
>
> This BIP is not backwards compatible by design.
> An incompatible wallet will not discover these accounts at all and the
> user will notice that
> something is wrong.
>
> However this BIP uses the same method used in BIPs 44, 49, and 84, so it
> should not be difficult
> to implement.
>
> ==Test vectors==
>
> TBD
>
> ==Reference==
>
> * [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]]
> * [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]]
> * [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic
> Wallets]]
> * [[bip-0049.mediawiki|BIP49 - Derivation scheme for
> P2WPKH-nested-in-P2SH based accounts]]
> * [[bip-0084.mediawiki|BIP84 - Derivation scheme for P2WPKH based accounts]]
> * [[bip-0341.mediawiki|BIP341 - Taproot: SegWit version 1 spending rules]]
>
prev parent reply other threads:[~2021-07-02 20:03 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-23 1:17 Andrew Chow
2021-06-23 8:22 ` Craig Raw
2021-06-30 11:07 ` Pavol Rusnak
2021-07-02 20:03 ` Andrew Chow [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad7b84a7-7666-7cde-6ba9-84a5ffbc04be@achow101.com \
--to=achow101-lists@achow101$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox