From: Andrew Poelstra <apoelstra@wpsoftware•net>
To: bitcoin-dev@lists•linuxfoundation.org
Subject: [bitcoin-dev] BIP174 / PSBT extensions
Date: Wed, 6 Mar 2019 18:08:00 +0000 [thread overview]
Message-ID: <20190306180800.GC10453@boulet> (raw)
Hi all,
I'd like to start initial discussion about an extension to BIP174 [1] to add
some fields that I've found myself wanting when using PSBT in practice. For
now I'll just list the things that I'd like to see, and if we can come up
with a stable list then I'll try to write up a more formal draft.
Basically I'd just like to add some more fixed data fields.
1. Add an field to PSBT_GLOBAL_UNSIGNED_TX to the global table which contains
just a txid of the unsigned transaction, for bandwidth savings in case
signers have already seen the tx or can construct it themselves.
This field would be fixed 32 bytes.
(This would actually be a breaking change since the current PSBT rules require
PSBT_GLOBAL_UNSIGNED_TX to always be present. Maybe this is a no-go for that
reason alone.)
2. Add a version field to the global table.
3. Add fields to the per-input tables for
(a) confirmed depth of the referenced txout; this is useful for finalizers
trying to create optimized witnesses, for e.g. cases when CSV timeouts
expire and some signatures become unnecessary.
This field must be a varint.
(b) a map from SHA2 hashes to their 32-byte preimages; this field must be
fixed 32 bytes. This, plus the CSV thing, would allow writing finalizers
that work with all of Miniscript [2].
(c) a map from public keys to 32-byte "tweaks" that are used in the pay-to-contract
construction. Selfishly I'd like this to be a variable-length bytestring
with the semantics that (a) the first 33 bytes represent an untweaked
pubkey; (b) the HMAC-SHA256 of the whole thing, when multiplied by G and
added to the untweaked pubkey, result in the target key. This matches the
algorithm in [3] which is deployed in Blockstream's Liquid, but I'd be
happy with a more efficient scheme which e.g. used SHA256 rather than
HMAC-SHA256.
(d) maps from public keys to partial nonce commitments, partial nonces, and
partial signatures, for MuSig [4] support.
(e) a map from signatures (or signature nonces?) to sign-to-contract tweaks.
Same semantics as (c) above.
The last two suggestions are probably premature and need further development
and standardization of the related protocols. But I'm throwing them in to see
if other people have strong feelings about this.
4. Add fields to the per-output tables for pay-to-contract, like in (c) above.
5. Add a field (or rather, family of fields) to every table which is "proprietary
use" and guaranteed not to be defined by any future PSBT extension. Specifically
every field with key-type 0xFF could be considered "proprietary".
5a. The special field in the global table whose key is only 0xFF should be a
"proprietary version field" with unspecified semantics but an understanding
that specific users might stick a GUID or something in there as a way to
recognize their own PSBTs.
[1] https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#Encoding
[2] http://bitcoin.sipa.be/miniscript/miniscript.html
[3] https://github.com/ElementsProject/elements/blob/elements-0.14.1/src/validation.cpp
[4] https://eprint.iacr.org/2018/068
--
Andrew Poelstra
Director of Research, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
"There are some mornings when the sky looks like a road
There are some dragons who were built to have and hold
And some machines are dropped from great heights lovingly
And some great bellies ache with many bumblebees
And they sting so terribly"
--Joanna Newsom
next reply other threads:[~2019-03-06 18:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-06 18:08 Andrew Poelstra [this message]
2019-03-07 15:34 ` Andrew Chow
2019-03-08 0:40 ` Gregory Maxwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190306180800.GC10453@boulet \
--to=apoelstra@wpsoftware$(echo .)net \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox