From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <optimiz3@hotmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 33ACD8A5
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 28 Aug 2017 15:29:34 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from NAM04-CO1-obe.outbound.protection.outlook.com
	(mail-oln040092010087.outbound.protection.outlook.com [40.92.10.87])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B3ACC3DC
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 28 Aug 2017 15:29:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
	s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; 
	bh=sWeZaqrya7x7jX1LpqJ8VoKRIgE7dEXoTPUF/TGWsVQ=;
	b=DMm2nkZNGkvCuZojQ4GGdNiumNsLSLBY6v0cATC5ekJ3ysN9v6C0vHYYdlVTyKRKghYY2ZvVDLPp4ovWD3uSWvepFVxsSI0K+nRsz2XQe9rVH9e0CoCflYeRm5srTbXrcX3K3yP8Tvo6ri5+IGJZmeOH8J9Q0sVPxgU5h1jWF8zVkGknKjGx1u4M8gdjmOQf00287KD9nKf7TzOP5knzWNmARTMXat65VoMmwYdsmBgQ/QRUJbLtIy1YxffUdYwneIEXIIGoNUX5OUDs3ab0hLvtdhUC2o5XTtLBgnus2uitoPM/G7OyUOcxVtisIxnFkJl++YeCzxI9buTXe/FNQw==
Received: from CO1NAM04FT030.eop-NAM04.prod.protection.outlook.com
	(10.152.90.58) by CO1NAM04HT074.eop-NAM04.prod.protection.outlook.com
	(10.152.91.31) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1341.15;
	Mon, 28 Aug 2017 15:29:31 +0000
Received: from CY4PR1801MB1815.namprd18.prod.outlook.com (10.152.90.52) by
	CO1NAM04FT030.mail.protection.outlook.com (10.152.90.153) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
	15.1.1341.15 via Frontend Transport; Mon, 28 Aug 2017 15:29:31 +0000
Received: from CY4PR1801MB1815.namprd18.prod.outlook.com ([10.165.88.24]) by
	CY4PR1801MB1815.namprd18.prod.outlook.com ([10.165.88.24]) with mapi id
	15.01.1385.013; Mon, 28 Aug 2017 15:29:31 +0000
From: Alex Nagy <optimiz3@hotmail.com>
To: "bitcoin-dev@lists.linuxfoundation.org"
	<bitcoin-dev@lists.linuxfoundation.org>
Thread-Topic: P2WPKH Scripts, P2PKH Addresses, and Uncompressed Public Keys
Thread-Index: AdMgDOW5wpgLVDIcRNiRbU+aDVEjTA==
Date: Mon, 28 Aug 2017 15:29:31 +0000
Message-ID: <CY4PR1801MB181583C344B0993205D4B6C8809E0@CY4PR1801MB1815.namprd18.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: lists.linuxfoundation.org; dkim=none (message not
	signed) header.d=none; lists.linuxfoundation.org; dmarc=none action=none
	header.from=hotmail.com;
x-incomingtopheadermarker: OriginalChecksum:BE1C21B63EC7A1FF3BBEB087C4320F0492288031E0C391E1EBD586E1CE004491;
	UpperCasedChecksum:2C41A2938560BBC3DB2D5CA7EB20361D8DC5322C53E92B1CB7638A8C2C537AA5;
	SizeAsReceived:6880; Count:43
x-tmn: [g+eJjJZTiAf41ZfmnxL01bDftP7gFo91]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CO1NAM04HT074;
	6:E4LJgL0ubqTBI9KQAH+UV3pssue43e2fa4w8J2X2rhfhZcqsfqDDuolx9fNasJ9+BCBhHSBljvsiMl7h9TcwauoIhYHvKUAk73yrcu4vIbRZLpLda0ifgnChfld/bkmYQu2JdwU7I4+hGHlItMPVNl7Twk5vrLn11vMV+cGpYKEPh0RM7TpLaS8ZTZpJeRbodmurHc4/+/1wCgheMTTjDg0Sr7AmZOTCsiYt0cbkbuO5T5vuff1sN9zx+qhmoxCX5ev2YZpgzx23fUgaor1hmARMJJnErkWJjP+frpcwUZ24weS/GjNlOPQVUo/UgQMrtuFHPdR8JG6PxCRrRvoRVw==;
	5:B4cWWBpcr/fJQ9Zpf+PmWS6hdlkNe4k8ELZkYeRuYG1o0KS4RnF3OGwzxbf6iWK5yNhrARVLOiBa9Sdt42sfKeExYz9bselOMe1X1GyCrgEzFCQC+iWFxpkF9H5FhnLi1jl87wKqlYZETzOqvMNZZg==;
	24:Tfx98LRRTBP0039gPJkGDE3sAe6r24ONT7VRpq/IqPRtSxzagKRuBYId51HnmGaozOj0nlVKFBaSDAmsY/qpNObuLs1MEeM0bZBGfGVDLbE=;
	7:8jQ2DRYgbNZ1vRcRwdtKsjUvLOzwZN2nLNLGcSs8dBcylAmEwGr4D9fJI3JWznD/4DRjkZIOb7lF8dijV5iofm7bwxN6mOvoLLaC/FYG507N+3cMSUz3swCwxukTmujLp+mYODPTIZE2NG5LYdSIDw689Nc+G+g7PTSQ1bkiVJFsUn4NPE0fMVHB1vicjdSbKi6uEGIFS08BPbiJARWghpwdgbstLRb9XjM2AFB0zAk=
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI; SFV:NSPM; SFS:(7070007)(98901004);
	DIR:OUT; SFP:1901; SCL:1; SRVR:CO1NAM04HT074;
	H:CY4PR1801MB1815.namprd18.prod.outlook.com; FPR:; SPF:None;
	LANG:en; 
x-ms-office365-filtering-correlation-id: 53d08343-12c0-4699-c8a6-08d4ee299420
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1601125374)(1603101448)(1701031045)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);
	SRVR:CO1NAM04HT074; 
x-ms-traffictypediagnostic: CO1NAM04HT074:
x-exchange-antispam-report-test: UriScan:(166708455590820)(21748063052155)(17755550239193); 
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);
	SRVR:CO1NAM04HT074; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:CO1NAM04HT074; 
x-forefront-prvs: 0413C9F1ED
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
	boundary="_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Aug 2017 15:29:31.1078 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1NAM04HT074
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 28 Aug 2017 15:32:29 +0000
Subject: [bitcoin-dev] P2WPKH Scripts, P2PKH Addresses,
	and Uncompressed Public Keys
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Aug 2017 15:29:34 -0000

--_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Let's say Alice has a P2PKH address derived from an uncompressed public key=
, 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a (from https://bitcoin.stackexchange.co=
m/questions/3059/what-is-a-compressed-bitcoin-key).

If Alice gives Bob 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a, is there any way Bob=
 can safely issue Native P2WPKH outputs to Alice?

BIPs 141 and 143 make it very clear that P2WPKH scripts may only derive fro=
m compressed public-keys.  Given this restriction, assuming all you have is=
 a P2PKH address - is there any way for Bob to safely issue spendable Nativ=
e P2WPKH outputs to Alice?

The problem is Bob as no idea whether Alice's P2PKH address represents a co=
mpressed or uncompressed public-key, so Bob cannot safely issue a Native P2=
WPKH output.

AFAICT all code is supposed to assume P2WPHK outputs are compressed public-=
key derived.  The conclusion would be that the existing P2PKH address forma=
t is generally unsafe to use with SegWit since P2PKH addresses may be deriv=
ed from uncompressed public-keys.

Am I missing something here?





Referencing BIP141 and BIP143, specifically these sections:

https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki#New_script_s=
emantics

"Only compressed public keys are accepted in P2WPKH and P2WSH"

https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#Restrictions=
_on_public_key_type

"As a default policy, only compressed public keys are accepted in P2WPKH an=
d P2WSH. Each public key passed to a sigop inside version 0 witness program=
 must be a compressed key: the first byte MUST be either 0x02 or 0x03, and =
the size MUST be 33 bytes. Transactions that break this rule will not be re=
layed or mined by default.

Since this policy is preparation for a future softfork proposal, to avoid p=
otential future funds loss, users MUST NOT use uncompressed keys in version=
 0 witness programs."

--_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Let&#8217;s say Alice has a P2PKH address derived fr=
om an uncompressed public key, 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a (from
<a href=3D"https://bitcoin.stackexchange.com/questions/3059/what-is-a-compr=
essed-bitcoin-key">
https://bitcoin.stackexchange.com/questions/3059/what-is-a-compressed-bitco=
in-key</a>).<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">If Alice gives Bob 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7=
a, is there any way Bob can safely issue Native P2WPKH outputs to Alice?<o:=
p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">BIPs 141 and 143 make it very clear that P2WPKH scri=
pts may only derive from compressed public-keys.&nbsp; Given this restricti=
on, assuming all you have is a P2PKH address &#8211; is there any way for B=
ob to safely issue spendable Native P2WPKH outputs
 to Alice?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">The problem is Bob as no idea whether Alice&#8217;s =
P2PKH address represents a compressed or uncompressed public-key, so Bob ca=
nnot safely issue a Native P2WPKH output.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">AFAICT all code is supposed to assume P2WPHK outputs=
 are compressed public-key derived.&nbsp; The conclusion would be that the =
existing P2PKH address format is generally unsafe to use with SegWit since =
P2PKH addresses may be derived from uncompressed
 public-keys.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Am I missing something here?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Referencing BIP141 and BIP143, specifically these se=
ctions:<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><a href=3D"https://github.com/bitcoin/bips/blob/mast=
er/bip-0141.mediawiki#New_script_semantics">https://github.com/bitcoin/bips=
/blob/master/bip-0141.mediawiki#New_script_semantics</a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&#8220;Only compressed public keys are accepted in P=
2WPKH and P2WSH&#8221;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><a href=3D"https://github.com/bitcoin/bips/blob/mast=
er/bip-0143.mediawiki#Restrictions_on_public_key_type">https://github.com/b=
itcoin/bips/blob/master/bip-0143.mediawiki#Restrictions_on_public_key_type<=
/a><o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">&#8220;As a default policy, only compressed public k=
eys are accepted in P2WPKH and P2WSH. Each public key passed to a sigop ins=
ide version 0 witness program must be a compressed key: the first byte MUST=
 be either 0x02 or 0x03, and the size MUST
 be 33 bytes. Transactions that break this rule will not be relayed or mine=
d by default.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Since this policy is preparation for a future softfo=
rk proposal, to avoid potential future funds loss, users MUST NOT use uncom=
pressed keys in version 0 witness programs.&#8221;<o:p></o:p></p>
</div>
</body>
</html>

--_000_CY4PR1801MB181583C344B0993205D4B6C8809E0CY4PR1801MB1815_--