diff --git a/bip-0174/type-registry.mediawiki b/bip-0174/type-registry.mediawiki index db149b08..5847c230 100644 --- a/bip-0174/type-registry.mediawiki +++ b/bip-0174/type-registry.mediawiki @@ -43,6 +43,10 @@ This document collects the fields and types used in PSBTs of any version from al | PSBT_GLOBAL_SP_DLEQ = 0x08 | [[bip-0375.mediawiki|375]] |- +| Generic Signed Message +| PSBT_GLOBAL_GENERIC_SIGNED_MESSAGE = 0x09 +| [[bip-0322.mediawiki|322]] +|- | PSBT Version Number | PSBT_GLOBAL_VERSION = 0xFB | [[bip-0174.mediawiki|174]] diff --git a/bip-0322.mediawiki b/bip-0322.mediawiki index 1166a504..a16a7b3c 100644 --- a/bip-0322.mediawiki +++ b/bip-0322.mediawiki @@ -295,6 +295,155 @@ They then encode their signature, choosing either ''simple'', ''full'' or ''full +=== PSBT-based signing === + +A valid witness stack for a multisig address must be constructed by coordinating different signers +to produce a partial signature each. +The coordination procedure is not specified by this BIP, but due to the use of PSBTs it should +closely resemble the coordination of signing a multisig transaction for publishing to the network. + +The main difference is a new global PSBT field and the way a signer presents the transaction signing +request to the user. The new global type is defined as follows: + +{| class="wikitable" +! Name +! +! +! Description +! +! Description +! Versions Requiring Inclusion +! Versions Requiring Exclusion +! Versions Allowing Inclusion +|- +| Generic Signed Message +| PSBT_GLOBAL_GENERIC_SIGNED_MESSAGE = 0x09 +| None +| No key data +| +| The UTF-8 encoded message to be signed. +| +| +| 0, 2 +|} + +=== PSBT creator === + +The '''transaction creator''' of a BIP-0322 PSBT must follow these steps: + +
    +
  1. + They construct to_spend and to_sign as specified above, using the + scriptPubKey of ''A'' for message_challenge and tagged hash of ''m'' as + message_hash. +
    2. +
  2. + Optionally, they may set nVersion/nLockTime of to_sign or nSequence of its first + input. +
    3. +
  3. + Optionally, they may add any additional inputs to to_sign that they wish to prove + control of. +
    4. +
  4. + They set the appropriate witness_utxo and non_witness_utxo fields of the + first input, using the to_spend transaction as a non_witness_utxo or + the first output of the to_spend transaction as witness_utxo. +
    5. +
  5. + They set the appropriate witness_utxo and non_witness_utxo fields of + each additional input. +
    6. +
  6. + They set the appropriate PSBT input and global fields as required by the signers(s) to produce a + partial signature. +
    7. +
  7. + They set the PSBT_GLOBAL_GENERIC_SIGNED_MESSAGE field, using the full UTF-8 encoded + message as the valuedata. +
      +
    1. + There is no specified maximum length of an input's valuedata or a PSBT as a whole in + [[bip-0174.mediawiki|BIP-0174]], but different signers might impose safety limits. It is + recommended to use a maximum length of a few kilobytes to maximize compatibility. Very large + messages should be committed to by hash instead. +
      2. +
    +
    8. +
+ +=== PSBT signer === + +A '''transaction signer''' of a BIP-0322 PSBT must follow these steps: + +
    +
  1. + They decode the base64-encoded PSBT as specified in [[bip-0174.mediawiki|BIP-0174]]. +
    2. +
  2. + If they detect the following properties (all must be true, otherwise this is NOT a BIP-0322 PSBT + and they should treat it as an ordinary PSBT): +
      +
    1. + The PSBT has the PSBT_GLOBAL_GENERIC_SIGNED_MESSAGE field set. Extract and use as + message in the next steps. +
      2. +
    2. + The first PSBT input has either a witness_utxo or a non_witness_utxo + field set and the scriptPubKey can be extracted, then use as + message_challenge in the next steps. +
      3. +
    3. + The first PSBT input has prevout.n = 0. +
      4. +
    4. + The first PSBT input has prevout.hash = to_spend.txid where + to_spend.txid is constructed using the rules described above using the + message and message_challenge from the previous steps. +
      5. +
    5. + The PSBT's unsigned transaction has a single output with a value of 0 and the + scriptPubKey set to OP_RETURN (0x6a). +
      6. +
    +
    3. +
  3. + If all of the above steps are true, the signer must inform the user about the message they are + signing and the address they are signing for. +
      +
    1. + Even though the message being signed is a transaction, the user interaction (e.g. the steps and + messages shown on a hardware signing device's screen) should resemble the steps to sign a legacy + message, not the steps for signing a transaction. +
      2. +
    2. + Example: Instead of showing "spending 0 satoshi from address <challenge_address>" the + device should show "signing message <message> for address <challenge_address>". +
      3. +
    +
    4. +
  4. + Upon user approval, the signer adds a partial signature for each input it is capable of signing. +
    5. +
+ +=== PSBT finalizer === + +A '''transaction finalizer''' of a BIP-0322 PSBT must follow these steps: + +
    +
  1. + They decode the base64-encoded PSBT as specified in [[bip-0174.mediawiki|BIP-0174]]. +
    2. +
  2. + They finalize the PSBT as specified in [[bip-0174.mediawiki#input-finalizer|BIP-0174]]. +
    3. +
  3. + They then encode the signature following the same steps as described in + [[bip-0322.mediawiki#signing|Signing]] above. +
    4. +
+ == Compatibility == This specification is backwards compatible with the legacy signmessage/verifymessage specification