bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-05-12 12:03:29 +00:00
Code Issues Releases Wiki Activity

bip-0322: remove the 'to_spend' transaction from serialization

Browse Source
This commit is contained in:
Andrew Poelstra 2020-12-23 15:35:47 +00:00
parent 9e1beef6ac
commit c624414119
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bip-0322.mediawiki
View File

@ -74,7 +74,7 @@ The <code>to_sign</code> transaction is:
vout[0].nValue = 0 vout[0].nValue = 0
vout[0].scriptPubKey = OP_RETURN vout[0].scriptPubKey = OP_RETURN
A full signature consists of the base64-encoding of the <code>to_spend</code> and <code>to_sign</code> transactions concatenated in standard network serialisation. A full signature consists of the base64-encoding of the <code>to_sign</code> transaction in standard network serialisation.
=== Full (Proof of Funds) === === Full (Proof of Funds) ===
@ -102,11 +102,9 @@ A validator is given as input an address ''A'' (which may be omitted in a proof-
Validation consists of the following steps: Validation consists of the following steps:
# Basic validation # Basic validation
## Decode ''s'' as the transactions <code>to_sign</code> and <code>to_spend</code> ## Compute the transaction <code>to_spend</code> from ''m'' and ''A''
## Confirm that <code>message_hash</code> is the correct hash of ''m'' ## Decode ''s'' as the transaction <code>to_sign</code>
## Confirm that <code>message_challenge</code> is the scriptPubKey corresponding to ''A'' if ''A'' is present, and otherwise must be <code>OP_TRUE</code> ## If ''s'' was a full transaction, confirm all fields are set as specified above; in particular that
## Confirm that all other fields are set as specified above; in particular that
##* <code>to_spend</code> has exactly one input and one output
##* <code>to_sign</code> has at least one input and its first input spends the output of </code>to_spend</code> ##* <code>to_sign</code> has at least one input and its first input spends the output of </code>to_spend</code>
##* <code>to_sign</code> has exactly one output, as specified above ##* <code>to_sign</code> has exactly one output, as specified above
## Confirm that the two transactions together satisfy all consensus rules, except for <code>to_spend</code>'s missing input, and except that ''nSequence'' of <code>to_sign</code>'s first input and ''nLockTime'' of <code>to_sign</code> are not checked. ## Confirm that the two transactions together satisfy all consensus rules, except for <code>to_spend</code>'s missing input, and except that ''nSequence'' of <code>to_sign</code>'s first input and ''nLockTime'' of <code>to_sign</code> are not checked.
@ -120,6 +118,7 @@ Validation consists of the following steps:
## <code>MINIMALIF</code>: the argument of <code>IF</code>/<code>NOTIF</code> must be exactly 0x01 or empty push ## <code>MINIMALIF</code>: the argument of <code>IF</code>/<code>NOTIF</code> must be exactly 0x01 or empty push
## If any of the above steps failed, the validator should stop and output the ''invalid'' state. ## If any of the above steps failed, the validator should stop and output the ''invalid'' state.
# Check the **upgradeable rules** # Check the **upgradeable rules**
## The version of <code>to_sign</code> must be 0 or 2.
## The use of NOPs reserved for upgrades is forbidden. ## The use of NOPs reserved for upgrades is forbidden.
## The use of segwit versions greater than 0 are forbidden. ## The use of segwit versions greater than 0 are forbidden.
## If any of the above steps failed, the validator should stop and output the ''inconclusive'' state. ## If any of the above steps failed, the validator should stop and output the ''inconclusive'' state.
@ -137,7 +136,7 @@ Signers who control an address ''A'' who wish to sign a message ''m'' act as fol
They then encode their signature, choosing either ''simple'' or ''full'' as follows: They then encode their signature, choosing either ''simple'' or ''full'' as follows:
* If they added no inputs to <code>to_sign</code>, left nSequence and nLockTime at 0, and ''A'' is a Segwit address (either pure or P2SH-wrapped), then they may base64-encode <code>message_signature</code> * If they added no inputs to <code>to_sign</code>, left nSequence and nLockTime at 0, and ''A'' is a Segwit address (either pure or P2SH-wrapped), then they may base64-encode <code>message_signature</code>
* Otherwise they must base64-encode the concatenation of <code>to_spend</code> followed by <code>to_sign</code>. * Otherwise they must base64-encode <code>to_sign</code>.
== Compatibility == == Compatibility ==