From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id B33FEC000E for ; Fri, 2 Jul 2021 20:03:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 94D52402AC for ; Fri, 2 Jul 2021 20:03:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -2.101 X-Spam-Level: X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: smtp4.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=achow101.com Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uXHPYDLedUB4 for ; Fri, 2 Jul 2021 20:03:31 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from mail-0201.mail-europe.com (mail-0201.mail-europe.com [51.77.79.158]) by smtp4.osuosl.org (Postfix) with ESMTPS id 9BB0140244 for ; Fri, 2 Jul 2021 20:03:31 +0000 (UTC) Date: Fri, 02 Jul 2021 20:03:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=achow101.com; s=protonmail3; t=1625256202; bh=mnGrSHSAxABNljJh4fX4TV1yb+7jHMlnJv2nSSNhwy0=; h=Date:To:From:Reply-To:Subject:In-Reply-To:References:From; b=xKE75PmMP1PybQXzTPMyXgqoeswHPiFzxWoYyfAcKW2byF3l8rkOZadaDluNRvNHX OznxeTHfEmKgwU+YsWkreL+4/hPZUk98IRGnCzkencxCrzqrsEsbiC4uknFlS6iNgC Ze1PHc6hwFPqehsHCccxyaaL3A1Gxdo/px2GmUMcfvoEuGMBmTgXbued618wnF07y0 XRRRvrT6jgmJY9DpSv8/P93iWP6vKhWEewV54brTDkqzHEzOKNxClmVHbQ9SDPOIeb BjuWx6SLKbf2jjLQof45mhzlDrUbHnafsAZJAGfj3+rqHDsJ9xABtF5NZ/VM6iooK9 HOyrC4ImBWUGg== To: Bitcoin Protocol Discussion From: Andrew Chow Reply-To: Andrew Chow Message-ID: In-Reply-To: <6bb9110e-b726-0470-96f0-2d68eadf23a3@achow101.com> References: <6bb9110e-b726-0470-96f0-2d68eadf23a3@achow101.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] Derivation Paths for Single Key Taproot Scripts X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jul 2021 20:03:34 -0000 This was assigned BIP number 86, so the purpose level path will be m/86' Andrew On 6/22/21 9:17 PM, Andrew Chow wrote: > Hi All, > > I would like to propose a simple derivation path scheme for keys to be > used in single key Taproot scripts. This is based on BIP 44 so it is > basically identical to BIPs 49 and 84. Like with those BIPs, the actual > value to be used in the purpose level will be set to the BIP number, > once assigned. > > Note that the keys derived in this method should be for the Taproot > internal key, which should then be tweaked with the hash of itself as > recommended by BIP 341. The keys derived at this path should not be used > directly as the Taproot output pubkey. Additionally, this BIP does not > specify new version bytes for extended key serialization because, with > the advent of descriptors, I think that is unnecessary. In fact, this > BIP feels somewhat unnecessary to me, but it seems like it will be > needed for now in order to drive adoption and implementation of Taproot > into software and hardware wallets. > > The text can be viewed below, with the rendered text available at > https://github.com/achow101/bips/blob/taproot-bip44/bip-taproot-bip44.med= iawiki > > Andrew Chow > > --- > > 
>   =C2=A0 BIP: bip-taproot-bip44
>   =C2=A0 Layer: Applications
>   =C2=A0 Title: Derivation scheme for P2TR based accounts
>   =C2=A0 Author: Andrew Chow 
>   =C2=A0 Comments-Summary: No comments yet.
>   =C2=A0 Comments-URI:
> https://github.com/bitcoin/bips/wiki/Comments:BIP-taproot-bip44
>   =C2=A0 Status: Draft
>   =C2=A0 Type: Informational
>   =C2=A0 Created: 2021-06-22
>   =C2=A0 License: BSD-2-Clause
>
> > =3D=3DAbstract=3D=3D > > This document suggests a derivation scheme for HD wallets whose keys are > involved in single key > P2TR ([[bip-0341.mediawiki|BIP 341]]) outputs as the Taproot internal key= . > > =3D=3D=3DCopyright=3D=3D=3D > > This BIP is licensed under the 2-clause BSD license. > > =3D=3DMotivation=3D=3D > > With the usage of single key P2TR transactions, it is useful to have a > common derivation scheme so > that HD wallets that only have a backup of the HD seed can be likely to > recover single key Taproot > outputs. Although there are now solutions which obviate the need for > fixed derivation paths for > specific script types, many software wallets and hardware signers still > use seed backups which > lack derivation path and script information. Thus we largely use the > same approach used in BIPs > [[bip-0049.mediawiki|49]] and [[bip-0084.mediawiki|84]] for ease of > implementation. > > =3D=3DSpecifications=3D=3D > > This BIP defines the two needed steps to derive multiple deterministic > addresses based on a > [[bip-0032.mediawiki|BIP 32]] master private key. > > =3D=3D=3DPublic key derivation=3D=3D=3D > > To derive a public key from the root account, this BIP uses the same > account-structure as > defined in BIPs [[bip-0044.mediawiki|44]], [[bip-0049.mediawiki|49]], > and [[bip-0084.mediawiki|84]], > but with a different purpose value for the script type. > > 
> m / purpose' / coin_type' / account' / change / address_index
>
> > For the purpose-path level it uses '. > The rest of the levels are used as defined in BIPs 44, 49, and 84. > > =3D=3D=3DAddress derivation=3D=3D=3D > > To derive the output key used in the P2TR script from the derived public > key, we use the method > recommended in > [[bip-0341.mediawiki#constructing-and-spending-taproot-outputs|BIP 341]]: > > 
> internal_key:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 lift_x(derived_key)
> 32_byte_output_key: internal_key + int(HashTapTweak(bytes(internal_key)))=
G
>
> > In a transaction, the scripts and witnesses are as defined in > [[bip-0341.mediawiki#specification|BIP 341]]: > > 
> witness:=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 
> scriptSig:=C2=A0=C2=A0=C2=A0 (empty)
> scriptPubKey: 1 <32_byte_output_key>
>   =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 (0x5120{32_byte_output_key})
>
> > =3D=3DBackwards Compatibility=3D=3D > > This BIP is not backwards compatible by design. > An incompatible wallet will not discover these accounts at all and the > user will notice that > something is wrong. > > However this BIP uses the same method used in BIPs 44, 49, and 84, so it > should not be difficult > to implement. > > =3D=3DTest vectors=3D=3D > > TBD > > =3D=3DReference=3D=3D > > * [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] > * [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] > * [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic > Wallets]] > * [[bip-0049.mediawiki|BIP49 - Derivation scheme for > P2WPKH-nested-in-P2SH based accounts]] > * [[bip-0084.mediawiki|BIP84 - Derivation scheme for P2WPKH based account= s]] > * [[bip-0341.mediawiki|BIP341 - Taproot: SegWit version 1 spending rules]= ] >