search

spesmilo / electrum

Electrum Bitcoin Wallet
https://electrum.org
MIT License
7.46k stars 3.1k forks source link

clarification on xpub versioning rationale #5953

Closed benma closed 4 years ago

benma commented 4 years ago

Hi

I am reading through https://github.com/spesmilo/electrum-docs/blob/master/xpub_version_bytes.rst

Encoding the script type in BIP32 extended keys is beneficial for wallets. For example, a watch-only wallet constructed from an extended public key would otherwise have to either (1) derive all possible scripts in the subtree [1], or (2) prompt the user to enter the script type in a side-channel.

This rationale makes sense, but I am not sure if the resulting versioning actually fixes the issue mentioned.

First of all we need to distinguish script type from output type. p2wsh, p2sh, p2pkh are output types. Script types though need to define what kind of script is hashed in p2wsh and p2sh.

The versions table is mixing both. ypub is for p2wpkh-p2sh, which is a full script type, but Zpub just stands for p2wsh. That does not tell me what script it really is.

This effectively means that the above quoted issue is not solved: Zpub could be one of many things, and a wallet would need to prompt the user to specify or derive all possible "standard" scripts.

It would be good to clarify this in the document, and possibly tighten the versions to not be per output type, but per script type (specific script template), in all cases.

For example, ZPub could be multisig wrapped in p2wsh only.

SomberNight commented 4 years ago

The versions table is mixing both. ypub is for p2wpkh-p2sh, which is a full script type, but Zpub just stands for p2wsh. That does not tell me what script it really is. For example, ZPub could be multisig wrapped in p2wsh only.

Yes, I agree. One reason this doc was not sent to the mailing list was that we weren't sure about what to do with generic scripts in e.g. p2wsh. The current version of the document specifically defines the *sh script types to be multisig -- see above the table.

For a time I had thought output script descriptors (or at least miniscript) would make this spec obsolete, in which case all this would not matter that much, but it turns out I just had not understood those enough. :/ Even with descriptors, there is still a need to represent a cosigner (see https://github.com/spesmilo/electrum/issues/5715).

benma commented 4 years ago

Possibly one new xpub version can be added which is reserved for use in output descriptors/miniscript, so a wallet knows that it is only valid inside output descriptors/miniscript.

Do you already have ideas for what keypaths to use for generic scripts in case of bip39, or what seed version to use in case of Electrum seeds? One per specific template, or one to rule them all, or something else?