diff --git a/README.mediawiki b/README.mediawiki index 106c455d..5ab74997 100644 --- a/README.mediawiki +++ b/README.mediawiki @@ -994,6 +994,13 @@ Those proposing changes should consider that ultimately consent may rest with th | Pieter Wuille | Standard | Draft +|- +| [[bip-0370.mediawiki|370]] +| Applications +| PSBT Version 2 +| Andrew Chow +| Standard +| Draft |} diff --git a/bip-0002.mediawiki b/bip-0002.mediawiki index 3bf5aecb..35d38c2c 100644 --- a/bip-0002.mediawiki +++ b/bip-0002.mediawiki @@ -192,7 +192,7 @@ A BIP may only change status from Draft (or Rejected) to Proposed, when the auth BIPs should be changed from Draft or Proposed status, to Rejected status, upon request by any person, if they have not made progress in three years. Such a BIP may be changed to Draft status if the champion provides revisions that meaningfully address public criticism of the proposal, or to Proposed status if it meets the criteria required as described in the previous paragraph. -An Proposed BIP may progress to Final only when specific criteria reflecting real-world adoption has occurred. This is different for each BIP depending on the nature of its proposed changes, which will be expanded on below. Evaluation of this status change should be objectively verifiable, and/or be discussed on the development mailing list. +A Proposed BIP may progress to Final only when specific criteria reflecting real-world adoption has occurred. This is different for each BIP depending on the nature of its proposed changes, which will be expanded on below. Evaluation of this status change should be objectively verifiable, and/or be discussed on the development mailing list. When a Final BIP is no longer relevant, its status may be changed to Replaced or Obsolete (which is equivalent to Replaced). This change must also be objectively verifiable and/or discussed. @@ -326,7 +326,7 @@ For example, a preamble might include the following License header: In this case, the BIP text is fully licensed under both the OSI-approved BSD 2-clause license as well as the GNU All-Permissive License, and anyone may modify and redistribute the text provided they comply with the terms of *either* license. In other words, the license list is an "OR choice", not an "AND also" requirement. -It is also possible to license source code differently from the BIP text. A optional License-Code header is placed after the License header. Again, each license must be referenced by their respective abbreviation given below. +It is also possible to license source code differently from the BIP text. An optional License-Code header is placed after the License header. Again, each license must be referenced by their respective abbreviation given below. For example, a preamble specifying the optional License-Code header might look like: diff --git a/bip-0008.mediawiki b/bip-0008.mediawiki index 7b61eaac..59bbb99d 100644 --- a/bip-0008.mediawiki +++ b/bip-0008.mediawiki @@ -39,6 +39,7 @@ Each soft fork deployment is specified by the following per-chain parameters (fu # The '''startheight''' specifies the height of the first block at which the bit gains its meaning. # The '''timeoutheight''' specifies a block height at which the miner signalling ends. Once this height has been reached, if the soft fork has not yet locked in (excluding this block's bit state), the deployment is considered failed on all descendants of the block. # The '''threshold''' specifies the minimum number of block per retarget period which indicate lock-in of the soft fork during the subsequent period. +# The '''minimum_activation_height''' specifies the height of the first block at which the soft fork is allowed to become active. # The '''lockinontimeout''' boolean if set to true, blocks are required to signal in the final period, ensuring the soft fork has locked in by timeoutheight. ===Selection guidelines=== @@ -47,15 +48,16 @@ The following guidelines are suggested for selecting these parameters for a soft # '''name''' should be selected such that no two softforks, concurrent or otherwise, ever use the same name. For deployments described in a single BIP, it is recommended to use the name "bipN" where N is the appropriate BIP number. # '''bit''' should be selected such that no two concurrent softforks use the same bit. The bit chosen should not overlap with active usage (legitimately or otherwise) for other purposes. -# '''startheight''' should be set to some block height in the future when a majority of economic activity is expected to have upgraded to a software release including the activation parameters. Some allowance should be made for potential release delays. It should be rounded up to the next height which begins a retarget period for simplicity. +# '''startheight''' should be set to some block height in the future. It should be rounded up to the next height which begins a retarget period for simplicity. If '''minimum_activation_height''' is not going to be set, then '''startheight''' should be set to a height when a majority of economic activity is expected to have upgraded to software including the activation parameters. Some allowance should be made for potential release delays. If '''minimum_activation_height''' is going to be set, then '''startheight''' can be set to be soon after software with parameters is expected to be released. This shifts the time for upgrading from before signaling begins to during the LOCKED_IN state. # '''timeoutheight''' should be set to a block height when it is considered reasonable to expect the entire economy to have upgraded by, probably at least 1 year, or 52416 blocks (26 retarget intervals) after '''startheight'''. # '''threshold''' should be 1815 blocks (90% of 2016), or 1512 (75%) for testnet. +# '''minimum_activation_height''' should be set to several retarget periods in the future if the '''startheight''' is to be very soon after software with parameters is expected to be released. '''minimum_activation_height''' should be set to a height when a majority of economic activity is expected to have upgraded to software including the activation parameters. This allows more time to be spent in the LOCKED_IN state so that nodes can upgrade. This may be set to 0 to have the LOCKED_IN state be a single retarget period. # '''lockinontimeout''' should be set to true for any softfork that is expected or found to have political opposition from a non-negligible percent of miners. (It can be set after the initial deployment, but cannot be cleared once set.) A later deployment using the same bit is possible as long as the startheight is after the previous one's timeoutheight or activation, but it is discouraged until necessary, and even then recommended to have a pause in between to detect buggy software. -'''startheight''' and '''timeoutheight''' must be an exact multiple of 2016 (ie, at a retarget boundary), and '''timeoutheight''' must be at least 4096 blocks (2 retarget intervals) after '''startheight'''. +'''startheight''', '''timeoutheight''', and '''minimum_activation_height''' must be an exact multiple of 2016 (ie, at a retarget boundary), and '''timeoutheight''' must be at least 4096 blocks (2 retarget intervals) after '''startheight'''. ===States=== @@ -64,8 +66,8 @@ With each block and soft fork, we associate a deployment state. The possible sta # '''DEFINED''' is the first state that each soft fork starts out as. The genesis block is by definition in this state for each deployment. # '''STARTED''' for blocks at or beyond the startheight. # '''MUST_SIGNAL''' for one retarget period prior to the timeout, if LOCKED_IN was not reached and '''lockinontimeout''' is true. -# '''LOCKED_IN''' for one retarget period after the first retarget period with STARTED (or MUST_SIGNAL) blocks of which at least threshold have the associated bit set in nVersion. -# '''ACTIVE''' for all blocks after the LOCKED_IN retarget period. +# '''LOCKED_IN''' for at least one retarget period after the first retarget period with STARTED (or MUST_SIGNAL) blocks of which at least threshold have the associated bit set in nVersion. A soft fork remains in LOCKED_IN until at least '''minimum_activation_height''' is reached. +# '''ACTIVE''' for all blocks after the LOCKED_IN state. # '''FAILED''' for all blocks after the timeoutheight if LOCKED_IN is not reached. ===Bit flags=== @@ -93,7 +95,8 @@ During the MUST_SIGNAL phase, if '''(2016 - threshold)''' blocks in the retarget -Note that when '''lockinontimeout''' is true, the LOCKED_IN state will be reached no later than at a height of '''timeoutheight''', and ACTIVE will be reached no later than at a height of '''timeoutheight + 2016'''. +Note that when '''lockinontimeout''' is true, the LOCKED_IN state will be reached no later than at a height of '''timeoutheight'''. +Regardless of the value of '''lockinontimeout''', if LOCKED_IN is reached, ACTIVE will be reached either one retarget period later, or at '''minimum_activation_height''', whichever comes later. The genesis block has state DEFINED for each deployment, by definition. @@ -153,10 +156,14 @@ If we have finished a period of MUST_SIGNAL, we transition directly to LOCKED_IN case MUST_SIGNAL: return LOCKED_IN; -After a retarget period of LOCKED_IN, we automatically transition to ACTIVE. +After at least one retarget period of LOCKED_IN, we automatically transition to ACTIVE if the minimum activation height is reached. Otherwise LOCKED_IN continues. case LOCKED_IN: - return ACTIVE; + if (block.height >= minimum_activation_height) { + return ACTIVE; + } else { + return LOCKED_IN; + } And ACTIVE and FAILED are terminal states, which a deployment stays in once they're reached. diff --git a/bip-0008/states.dot b/bip-0008/states.dot index aa919ffc..86159787 100644 --- a/bip-0008/states.dot +++ b/bip-0008/states.dot @@ -7,7 +7,8 @@ digraph { "DEFINED" -> "STARTED" [label="height >= start_height"]; "STARTED" -> "MUST_SIGNAL" [label="height + 2016 >= timeoutheight AND lockinontimeout"]; "STARTED" -> "FAILED" [label="height >= timeoutheight\nAND\nNOT lockinontimeout"]; - "LOCKED_IN" -> "ACTIVE" [label="always"]; + "LOCKED_IN" -> "ACTIVE" [label="height >= minimum_activation_height"]; + "LOCKED_IN":se -> "LOCKED_IN":ne [label="height < minimum_activation_height"]; "MUST_SIGNAL" -> "LOCKED_IN" [label="always"]; edge [weight = 1]; diff --git a/bip-0008/states.png b/bip-0008/states.png index 6477ed3a..f15efdbc 100644 Binary files a/bip-0008/states.png and b/bip-0008/states.png differ diff --git a/bip-0008/states.svg b/bip-0008/states.svg index 3503c343..63fe634d 100644 --- a/bip-0008/states.svg +++ b/bip-0008/states.svg @@ -1,14 +1,13 @@ - - - + + -%3 - + DEFINED @@ -16,7 +15,7 @@ DEFINED - + DEFINED:sw->DEFINED:nw @@ -32,10 +31,10 @@ DEFINED->STARTED -height >= start_height +height >= start_height - + STARTED:sw->STARTED:nw @@ -43,15 +42,15 @@ MUST_SIGNAL - -MUST_SIGNAL + +MUST_SIGNAL STARTED->MUST_SIGNAL - - -height + 2016 >= timeoutheight AND lockinontimeout + + +height + 2016 >= timeoutheight AND lockinontimeout @@ -64,57 +63,64 @@ STARTED->FAILED -height >= timeoutheight -AND -NOT lockinontimeout +height >= timeoutheight +AND +NOT lockinontimeout LOCKED_IN - -LOCKED_IN + +LOCKED_IN - + STARTED->LOCKED_IN - - -height < timeoutheight -AND -threshold reached + + +height < timeoutheight +AND +threshold reached - + MUST_SIGNAL->LOCKED_IN - - -always + + +always - + FAILED:sw->FAILED:nw + + +LOCKED_IN:se->LOCKED_IN:ne + + +height < minimum_activation_height + ACTIVE - -ACTIVE + +ACTIVE LOCKED_IN->ACTIVE - - -always + + +height >= minimum_activation_height - + ACTIVE:sw->ACTIVE:nw - - + + diff --git a/bip-0085.mediawiki b/bip-0085.mediawiki index cbd3a2ad..182404f6 100644 --- a/bip-0085.mediawiki +++ b/bip-0085.mediawiki @@ -35,19 +35,19 @@ The terminology related to keychains used in the wild varies widely, for example ==Motivation== -Most wallets implement BIP32 which defines how a BIP32 root key can be used to derive keychains. As a consequence, a backup of just the BIP32 root key is sufficient to include all keys derived from it. BIP32 does not have a human friendly serialization of the BIP32 root key (or BIP32 extended keys in general) which makes paper backups or manually restoring the key more error-prone. BIP39 was designed solve this problem but rather than serialize the BIP32 root key, it takes some entropy, encoded to a "seed mnemonic", which is then hashed to derive the BIP39 seed which can be turned into the BIP32 root key. Saving the BIP39 mnemonic is enough to reconstruct the entire BIP32 keychain, but a BIP32 root key cannot be reversed back to the BIP39 mnemonic. +Most wallets implement BIP32 which defines how a BIP32 root key can be used to derive keychains. As a consequence, a backup of just the BIP32 root key is sufficient to include all keys derived from it. BIP32 does not have a human friendly serialization of the BIP32 root key (or BIP32 extended keys in general) which makes paper backups or manually restoring the key more error-prone. BIP39 was designed to solve this problem but rather than serialize the BIP32 root key, it takes some entropy, encoded to a "seed mnemonic", which is then hashed to derive the BIP39 seed which can be turned into the BIP32 root key. Saving the BIP39 mnemonic is enough to reconstruct the entire BIP32 keychain, but a BIP32 root key cannot be reversed back to the BIP39 mnemonic. -Most wallets implement BIP39, so on initialization or restoration, the user must interact with a BIP39 mnemonic. Most wallets do not support of BIP32 extended private keys so each wallet must either share the same BIP39 mnemonic, or have a separate BIP39 mnemonic entirely. Neither scenarios are particularly satisfactory for security reasons. For example, some wallets may be inherently less secure like hot wallets on smartphones, Join Market servers, Lightning Network nodes. Having multiple seeds is far from desirable especially for those who rely on split key or redundancy backups in different geological locations. Adding is necessarily difficult and may result in users being more lazy with subsequent keys, such that compromises security or leads to key loss. +Most wallets implement BIP39, so on initialization or restoration, the user must interact with a BIP39 mnemonic. Most wallets do not support BIP32 extended private keys, so each wallet must either share the same BIP39 mnemonic, or have a separate BIP39 mnemonic entirely. Neither scenarios are particularly satisfactory for security reasons. For example, some wallets may be inherently less secure like hot wallets on smartphones, Join Market servers, or Lightning Network nodes. Having multiple seeds is far from desirable, especially for those who rely on split key or redundancy backups in different geological locations. Adding is necessarily difficult and may result in users being more lazy with subsequent keys, resulting in compromised security or loss of keys. -There is added complication with wallets that implement other standards, or no standards at all. Bitcoin Core wallet uses a WIF as the ''hdseed'', and yet other wallets use different mnemonic schemes like Electrum to derive the BIP32 root key. Other cryptocurrencies like Monero also use a different mnemonic scheme entirely. +There is added complication with wallets that implement other standards, or no standards at all. Bitcoin Core wallet uses a WIF as the ''hdseed'', and yet other wallets like Electrum use different mnemonic schemes to derive the BIP32 root key. Other cryptocurrencies like Monero also use an entirely different mnemonic scheme. -Ultimately, all of the mnemonic/seed schemes start with some "initial entropy" to derive a mnemonic/seed, and then process the mnemonic into a BIP32 key, or private key. We can use BIP32 itself to derive the "initial entropy" to then recreate the same mnemonic or seed according the specific application standard of the target wallet. We can use a BIP44 like categorization to ensure unitform derivation according to the target application type. +Ultimately, all of the mnemonic/seed schemes start with some "initial entropy" to derive a mnemonic/seed, and then process the mnemonic into a BIP32 key, or private key. We can use BIP32 itself to derive the "initial entropy" to then recreate the same mnemonic or seed according to the specific application standard of the target wallet. We can use a BIP44-like categorization to ensure uniform derivation according to the target application type. ==Specification== We assume a single BIP32 master root key. This specification is not concerned with how this was derived (e.g. directly or via a mnemonic scheme such as BIP39). -For each application that requires its own wallet, a unique private key is derived from the BIP32 master root key using fully hardened derivation path. The resulting private key (k) is then processed with HMAC-SHA512, where the key is "bip-entropy-from-k", and the message payload is the private key k: HMAC-SHA512(key="bip-entropy-from-k", msg=k). The result produces 512 bits of entropy. Each application SHOULD use up to the required number of bits necessary for their operation truncating the rest +For each application that requires its own wallet, a unique private key is derived from the BIP32 master root key using a fully hardened derivation path. The resulting private key (k) is then processed with HMAC-SHA512, where the key is "bip-entropy-from-k", and the message payload is the private key k: HMAC-SHA512(key="bip-entropy-from-k", msg=k). The result produces 512 bits of entropy. Each application SHOULD use up to the required number of bits necessary for their operation truncating the rest. The HMAC-SHA512 function is specified in [http://tools.ietf.org/html/rfc4231 RFC 4231]. @@ -87,7 +87,7 @@ xprv9s21ZrQH143K2LBWUUQRFXhucrQqBpKdRRxNVq2zBqsx8HVqFk2uYo8kmbaLLHRdqtQpUm98uKfu OUTPUT * DERIVED KEY=cca20ccb0e9a90feb0912870c3323b24874b0ca3d8018c4b96d0b97c0e82ded0 -* DERIVED ENTROPY=6bea85e51a05e6dbaf2ccee05097758213807997ba936589cef01c8f19c0079f395a0cd045efa3438677f3ef9ad34c9a68506626c5a17e51ed5e177852ee7fdc +* DERIVED ENTROPY=efecfbccffea313214232d29e71563d941229afb4338c21f9517c41aaa0d16f00b83d2a09ef747e7a64e8e2bd5a14869e693da66ce94ac2da570ab7ee48618f7 * DRNG(80 bytes)=b78b1ee6b345eae6836c2d53d33c64cdaf9a696487be81b03e822dc84b3f1cd883d7559e53d175f243e4c349e822a957bbff9224bc5dde9492ef54e8a439f6bc8c7355b87a925a37ee405a7502991111 @@ -104,18 +104,18 @@ OUTPUT ==Applications== -Application number define how entropy will be used post processing. Some basic examples follow: +The Application number defines how entropy will be used post processing. Some basic examples follow: -Derivation path uses the format m/83696968'/{app_no}'/{index}' where ''{app_no}'' path for the application, and ''{index}'' in the index. +Derivation path uses the format m/83696968'/{app_no}'/{index}' where ''{app_no}'' is the path for the application, and ''{index}'' is the index. ===BIP39=== Application number: 39' -Truncate trailing (least significant) bytes of the entropy to the number of bits required to map to the relevant word length 128 bits for 12 words, 256 bits for 24 words. +Truncate trailing (least significant) bytes of the entropy to the number of bits required to map to the relevant word length: 128 bits for 12 words, 256 bits for 24 words. The derivation path format is: m/83696968'/39'/{language}'/{words}'/{index}' -Example a BIP39 mnemonic with 12 English words (first index) would have the path m/83696968'/39'/0'/12'/0' the next key would be m/83696968'/39'/0'/12'/1' etc. +Example: a BIP39 mnemonic with 12 English words (first index) would have the path m/83696968'/39'/0'/12'/0', the next key would be m/83696968'/39'/0'/12'/1' etc. Language Table @@ -284,17 +284,17 @@ Note on GPG key capabilities on smartcard/hardware devices: GPG capable smart-cards SHOULD be be loaded as follows: The encryption slot SHOULD be loaded with the ENCRYPTION capable key; the authentication slot SHOULD be loaded with the AUTHENTICATION capable key. The signature capable slot SHOULD be loaded with the SIGNATURE capable key. -However, depending on available slots on the smart-card, and preferred policy, the CERTIFY capable key MAY be flagged with CERTIFY and SIGNATURE capabilities and loaded into the SIGNATURE capable slot (for example where the smart-card has only three slots and the CERTIFY capability is required on the same card). In this case, the SIGNATURE capable sub-key would be disregarded because the CERTIFY capable key serves dual purpose. +However, depending on available slots on the smart-card, and preferred policy, the CERTIFY capable key MAY be flagged with CERTIFY and SIGNATURE capabilities and loaded into the SIGNATURE capable slot (for example where the smart-card has only three slots and the CERTIFY capability is required on the same card). In this case, the SIGNATURE capable sub-key would be disregarded because the CERTIFY capable key serves a dual purpose. ==Backwards Compatibility== This specification is not backwards compatible with any other existing specification. -This specification relies on BIP32 but is agnostic to how the BIP32 root key is derived, as such this standard is allows it to derive wallets with initialization schemes like BIP39 or Electrum wallet style mnemonics. +This specification relies on BIP32 but is agnostic to how the BIP32 root key is derived. As such, this standard is able to derive wallets with initialization schemes like BIP39 or Electrum wallet style mnemonics. ==Discussion== -The reason for running the derived key through HMAC-SHA512 and truncating the result as necessary is to prevent leakage of the parent tree should the derived key (k) be compromized. While the specification requires the use of hardended key derivation which would prevent this, we cannot enforce hardened derivation, so this method ensures the derived entropy is hardened. Also from a semantic point of view, since the purpose is to derive entropy and not a private key, we are required to transform the child key. This acts in an abundance of caution to ward off unwanted side effects should k be used for a dual purpose, including as a nonce hash(k), where undesirable and unforeseen interactions could occur. +The reason for running the derived key through HMAC-SHA512 and truncating the result as necessary is to prevent leakage of the parent tree should the derived key (''k'') be compromized. While the specification requires the use of hardended key derivation which would prevent this, we cannot enforce hardened derivation, so this method ensures the derived entropy is hardened. Also, from a semantic point of view, since the purpose is to derive entropy and not a private key, we are required to transform the child key. This is done out of an abundance of caution, in order to ward off unwanted side effects should ''k'' be used for a dual purpose, including as a nonce ''hash(k)'', where undesirable and unforeseen interactions could occur. ==Acknowledgements== @@ -306,10 +306,10 @@ BIP32, BIP39 ==Footnotes== -[1] There is a very small chance that you'll make an invalid key that is zero or bigger than the order of the curve. If this occurs, software should hard fail (forcing users should iterate to the next index). +[1] There is a very small chance that you'll make an invalid key that is zero or bigger than the order of the curve. If this occurs, software should hard fail (forcing users to iterate to the next index). From BIP32: -> In case parse256(IL) is 0 or ≥ n, the resulting key is invalid, and one should proceed with the next value for i. (Note: this has probability lower than 1 in 2127.) +In case parse256(IL) is 0 or ≥ n, the resulting key is invalid, and one should proceed with the next value for i. (Note: this has probability lower than 1 in 2127.) ==Copyright== diff --git a/bip-0174.mediawiki b/bip-0174.mediawiki index 9f6ad414..75fea0e5 100644 --- a/bip-0174.mediawiki +++ b/bip-0174.mediawiki @@ -115,9 +115,75 @@ The currently defined global types are as follows: | The master key fingerprint as defined by BIP 32 concatenated with the derivation path of the public key. The derivation path is represented as 32-bit little endian unsigned integer indexes concatenated with each other. The number of 32 bit unsigned integer indexes must match the depth provided in the extended public key. | | -| 0 +| 0, 2 | 174 |- +| Transaction Version +| PSBT_GLOBAL_TX_VERSION = 0x02 +| None +| No key data +| <32-bit uint> +| The 32-bit little endian signed integer representing the version number of the transaction being created. Note that this is not the same as the PSBT version number specified by the PSBT_GLOBAL_VERSION field. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Fallback Locktime +| PSBT_GLOBAL_FALLBACK_LOCKTIME = 0x03 +| None +| No key data +| <32-bit uint> +| The 32-bit little endian unsigned integer representing the transaction locktime to use if no inputs specify a required locktime. +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Input Count +| PSBT_GLOBAL_INPUT_COUNT = 0x04 +| None +| No key data +| +| Compact size unsigned integer representing the number of inputs in this PSBT. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Output Count +| PSBT_GLOBAL_OUTPUT_COUNT = 0x05 +| None +| No key data +| +| Compact size unsigned integer representing the number of outputs in this PSBT. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Transaction Modifiable Flags +| PSBT_GLOBAL_TX_MODIFIABLE = 0x06 +| None +| No key data +| +| A single byte boolean (0 for False, 1 for True) representing whether inputs can be modified, followed by a single byte boolean representing whether outputs can be modified. +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| SIGHASH_SINGLE Inputs +| PSBT_GLOBAL_SIGHASH_SINGLE_INPUTS = 0x07 +| None +| No key data +| +| A bit vector representing which input indexes use SIGHASH_SINGLE. If the bit for an index is set to 1, then the input and output pair at that index are tied together with SIGHASH_SINGLE and must be moved together. +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- | PSBT Version Number | PSBT_GLOBAL_VERSION = 0xFB | None @@ -126,7 +192,7 @@ The currently defined global types are as follows: | The 32-bit little endian unsigned integer representing the version number of this PSBT. If omitted, the version number is 0. | | -| 0 +| 0, 2 | 174 |- | Proprietary Use Type @@ -137,7 +203,7 @@ The currently defined global types are as follows: | Any value data as defined by the proprietary type user. | | -| 0 +| 0, 2 | 174 |} @@ -163,18 +229,18 @@ The currently defined per-input types are defined as follows: | The transaction in network serialization format the current input spends from. This should be present for inputs that spend non-segwit outputs and can be present for inputs that spend segwit outputs. An input can have both PSBT_IN_NON_WITNESS_UTXO and PSBT_IN_WITNESS_UTXO. '''Why can both UTXO types be provided?''' Many wallets began requiring the full previous transaction (i.e. PSBT_IN_NON_WITNESS_UTXO) for segwit inputs when PSBT was already in use. In order to be compatible with software which were expecting PSBT_IN_WITNESS_UTXO, both UTXO types must be allowed. | | -| 0 +| 0, 2 | 174 |- | Witness UTXO | PSBT_IN_WITNESS_UTXO = 0x01 | None | No key data -| <64-bit uint> +| <64-bit int> | The entire transaction output in network serialization which the current input spends from. This should only be present for inputs which spend segwit outputs, including P2SH embedded ones. An input can have both PSBT_IN_NON_WITNESS_UTXO and PSBT_IN_WITNESS_UTXO | | -| 0 +| 0, 2 | 174 |- | Partial Signature @@ -185,7 +251,7 @@ The currently defined per-input types are defined as follows: | The signature as would be pushed to the stack from a scriptSig or witness. | | -| 0 +| 0, 2 | 174 |- | Sighash Type @@ -196,7 +262,7 @@ The currently defined per-input types are defined as follows: | The 32-bit unsigned integer specifying the sighash type to be used for this input. Signatures for this input must use the sighash type, finalizers must fail to finalize inputs which have signatures that do not match the specified sighash type. Signers who cannot produce signatures with the sighash type must not provide a signature. | | -| 0 +| 0, 2 | 174 |- | Redeem Script @@ -207,7 +273,7 @@ The currently defined per-input types are defined as follows: | The redeemScript for this input if it has one. | | -| 0 +| 0, 2 | 174 |- | Witness Script @@ -218,7 +284,7 @@ The currently defined per-input types are defined as follows: | The witnessScript for this input if it has one. | | -| 0 +| 0, 2 | 174 |- | BIP 32 Derivation Path @@ -229,7 +295,7 @@ The currently defined per-input types are defined as follows: | The master key fingerprint as defined by BIP 32 concatenated with the derivation path of the public key. The derivation path is represented as 32 bit unsigned integer indexes concatenated with each other. Public keys are those that will be needed to sign this input. | | -| 0 +| 0, 2 | 174 |- | Finalized scriptSig @@ -240,7 +306,7 @@ The currently defined per-input types are defined as follows: | The Finalized scriptSig contains a fully constructed scriptSig with signatures and any other scripts necessary for the input to pass validation. | | -| 0 +| 0, 2 | 174 |- | Finalized scriptWitness @@ -251,7 +317,7 @@ The currently defined per-input types are defined as follows: | The Finalized scriptWitness contains a fully constructed scriptWitness with signatures and any other scripts necessary for the input to pass validation. | | -| 0 +| 0, 2 | 174 |- | Proof-of-reserves commitment @@ -262,7 +328,7 @@ The currently defined per-input types are defined as follows: | The UTF-8 encoded commitment message string for the proof-of-reserves. See [[bip-0127.mediawiki|BIP 127]] for more information. | | -| 0 +| 0, 2 | [[bip-0127.mediawiki|127]] |- | RIPEMD160 preimage @@ -273,7 +339,7 @@ The currently defined per-input types are defined as follows: | The hash preimage, encoded as a byte vector, which must equal the key when run through the RIPEMD160 algorithm | | -| 0 +| 0, 2 | 174 |- | SHA256 preimage @@ -284,7 +350,7 @@ The currently defined per-input types are defined as follows: | The hash preimage, encoded as a byte vector, which must equal the key when run through the SHA256 algorithm | | -| 0 +| 0, 2 | 174 |- | HASH160 preimage @@ -295,7 +361,7 @@ The currently defined per-input types are defined as follows: | The hash preimage, encoded as a byte vector, which must equal the key when run through the SHA256 algorithm followed by the RIPEMD160 algorithm | | -| 0 +| 0, 2 | 174 |- | HASH256 preimage @@ -306,9 +372,64 @@ The currently defined per-input types are defined as follows: | The hash preimage, encoded as a byte vector, which must equal the key when run through the SHA256 algorithm twice | | -| 0 +| 0, 2 | 174 |- +| Previous TXID +| PSBT_IN_PREVIOUS_TXID = 0x0e +| None +| No key data +| +| 32 byte txid of the previous transaction whose output at PSBT_IN_OUTPUT_INDEX is being spent. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Spent Output Index +| PSBT_IN_OUTPUT_INDEX = 0x0f +| None +| No key data +| <32-bit uint> +| 32 bit little endian integer representing the index of the output being spent in the transaction with the txid of PSBT_IN_PREVIOUS_TXID. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Sequence Number +| PSBT_IN_SEQUENCE = 0x10 +| None +| No key data +| <32-bit uint> +| The 32 bit unsigned little endian integer for the sequence number of this input. If omitted, the sequence number is assumed to be the final sequence number (0xffffffff). +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Required Time-based Locktime +| PSBT_IN_REQUIRED_TIME_LOCKTIME = 0x11 +| None +| No key data +| <32-bit uint> +| 32 bit unsigned little endian integer greater than or equal to 500000000 representing the minimum Unix timestamp that this input requires to be set as the transaction's lock time. +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Required Height-based Locktime +| PSBT_IN_REQUIRED_HEIGHT_LOCKTIME = 0x12 +| None +| No key data +| <32-bit uiht> +| 32 bit unsigned little endian integer less than 500000000 representing the minimum block height that this input requires to be set as the transaction's lock time. +| +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- | Proprietary Use Type | PSBT_IN_PROPRIETARY = 0xFC | @@ -317,7 +438,7 @@ The currently defined per-input types are defined as follows: | Any value data as defined by the proprietary type user. | | -| 0 +| 0, 2 | 174 |} @@ -345,7 +466,7 @@ determine which outputs are change outputs and verify that the change is returni | The redeemScript for this output if it has one. | | -| 0 +| 0, 2 | 174 |- | Witness Script @@ -356,7 +477,7 @@ determine which outputs are change outputs and verify that the change is returni | The witnessScript for this output if it has one. | | -| 0 +| 0, 2 | 174 |- | BIP 32 Derivation Path @@ -367,9 +488,31 @@ determine which outputs are change outputs and verify that the change is returni | The master key fingerprint concatenated with the derivation path of the public key. The derivation path is represented as 32-bit little endian unsigned integer indexes concatenated with each other. Public keys are those needed to spend this output. | | -| 0 +| 0, 2 | 174 |- +| Output Amount +| PSBT_OUT_AMOUNT = 0x03 +| None +| No key data +| <64-bit int> +| 64 bit signed little endian integer representing the output's amount in satoshis. +| 2 +| 0 +| 2 +| [[bip-psb2.mediawiki|psbt2]] +|- +| Output Script +| PSBT_OUT_SCRIPT = 0x03 +| None +| No key data +|