Merge pull request #1534 from reardencode/internalkey

Add BIP 349: OP_INTERNALKEY
2025-05-12 12:03:29 +00:00 · 2024-11-25 10:48:08 -05:00 · 2024-11-25 10:48:08 -05:00 · 66fceff5bb
commit 66fceff5bb
parent f269890255 217ae0dfa8
2 changed files with 79 additions and 0 deletions
--- a/README.mediawiki
+++ b/README.mediawiki
@ -1120,6 +1120,13 @@ Those proposing changes should consider that ultimately consent may rest with th
 | Ethan Heilman, Armin Sabouri
 | Standard
 | Draft
+|-
+| [[bip-0349.md|349]]
+| Consensus (soft fork)
+| OP_INTERNALKEY
+| Brandon Black, Jeremy Rubin
+| Standard
+| Draft
 |- style="background-color: #cfffcf"
 | [[bip-0350.mediawiki|350]]
 | Applications
--- a/bip-0349.md
+++ b/bip-0349.md
@ -0,0 +1,72 @@
+<pre>
+  BIP: 349
+  Layer: Consensus (soft fork)
+  Title: OP_INTERNALKEY
+  Author: Brandon Black <freedom@reardencode.com>
+          Jeremy Rubin <j@rubin.io>
+  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0349
+  Status: Draft
+  Type: Standards Track
+  Created: 2024-11-14
+  License: BSD-3-Clause
+</pre>
+
+## Abstract
+
+This BIP describes a new tapscript opcode (`OP_INTERNALKEY`) which
+pushes the _taproot internal key_ to the stack.
+
+## Specification
+
+When verifying taproot script path spends having leaf version `0xc0` (as
+defined in [BIP 342]), `OP_INTERNALKEY` replaces `OP_SUCCESS203` (0xcb).
+`OP_INTERNALKEY` pushes the 32-byte x-only representation of the _taproot
+internal key_ (referred to as _p_), as defined in [BIP 341], to the stack.
+
+## Motivation
+
+### Key spend with additional conditions
+
+When building taproot outputs, especially those secured by an aggregate key
+representing more than one signer, the parties may wish to collaborate on
+signing with the _taproot internal key_, but only with additional script
+restrictions. In this case, `OP_INTERNALKEY` saves 8 vBytes.
+
+### Mitigated control block overhead for scripts using hash locks
+
+In cases where key path spending is not desired, the internal key may be set to
+a NUMS point whose bytes would otherwise be required in a tapscript. This could
+be used with any hash locked transaction, for example, to save 8 vBytes.
+
+Note: The internal key must be the X coordinate of a point on the SECP256K1
+curve, so any such hash must be checked and modified until it is such an X
+coordinate. This will typically take approximately 2 attempts.
+
+## Reference Implementation
+
+A reference implementation is provided here:
+
+https://github.com/bitcoin/bitcoin/pull/29269
+
+## Backward Compatibility
+
+By constraining the behavior of an OP_SUCCESS opcode, deployment of the BIP
+can be done in a backwards compatible, soft-fork manner. If anyone were to
+rely on the OP_SUCCESS behavior of `OP_SUCCESS203`, `OP_INTERNALKEY` would
+invalidate their spend.
+
+## Deployment
+
+TBD
+
+## Credits
+
+TODO
+
+## Copyright
+
+This document is licensed under the 3-clause BSD license.
+
+[BIP 341]: https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki
+
+[BIP 342]: https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki