Re: [bitcoin-dev] RFC for BIP: Derivation scheme for P2WPKH-nested-in-P2SH based accounts

[Daniel Weigl <Daniel.Weigl@mycelium.com>]

Hello Jochen,

> I think we should already consider not only P2WPKH over P2SH addresses
> but also "native" P2WPKH addresses.  Instead of having one BIP for these
[...]
> BIP?? compatible wallet must support both of them.  Since P2WPKH is
> simpler than P2WPKH over P2SH, this is IMHO reasonable to require.
[...]
> E.g., 0,1 for
> P2WPKH over P2SH and 2,3 for native P2WPKH.  I see no reason why a

Thats a good point and should be simple to maintain. Yes, ill extend on that part.

The problem is, we dont have a final decision how the address encoding for P2WPKH 
public keys should look like. Or do we? Bip141 is "Status: Deferred"

But for now, I can at least include the public key derivation path.

> I see no reason why a
> wallet would want to use P2WPKH over P2SH for change addresses instead
> of native P2WPKH, though.

That would be a big privacy leak, imo. As soon as both outputs are spent, its visible 
which one was the P2WPKH-in-P2SH and which one the pure P2WPKH and as a consequence
you leak which output was the change and which one the actual sent output

So, i'd suggest to even make it a requirement for "normal" send-to-single-address transactions
to always use the same output type for the change output (if the wallet is able to recognize it)

Daniel

On 2016-06-15 12:26, Jochen Hoenicke wrote:
> Hello Daniel,
> 
> Am 14.06.2016 um 17:41 schrieb Daniel Weigl via bitcoin-dev:
>> Hi List,
>>
>> Following up to the discussion last month ( https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-May/012695.html ), ive prepared a proposal for a BIP here:
>> 	
>> 	https://github.com/DanielWeigl/bips/blob/master/bip-p2sh-accounts.mediawiki
>>
>>
>> Any comments on it? Does anyone working on a BIP44 compliant wallet implement something different?
>> If there are no objection, id also like to request a number for it.
> 
> thank you for going forward with this.  Should we keep the discussion on
> the list, or should we make it on github?
> 
> I think we should already consider not only P2WPKH over P2SH addresses
> but also "native" P2WPKH addresses.  Instead of having one BIP for these
> two kinds of segwit addresses and forcing the user to have several
> different accounts for each BIP, the idea would be that every fully
> BIP?? compatible wallet must support both of them.  Since P2WPKH is
> simpler than P2WPKH over P2SH, this is IMHO reasonable to require.
> 
> I would go with the suggestion from Aaron Voisine to use different chain
> id's to distinguish between different address types.   E.g., 0,1 for
> P2WPKH over P2SH and 2,3 for native P2WPKH.  I see no reason why a
> wallet would want to use P2WPKH over P2SH for change addresses instead
> of native P2WPKH, though.
> 
>   Jochen
>