From 3c18d7a1586bf38bf5726ec866ef75cc53c9a22e Mon Sep 17 00:00:00 2001 From: Dev Random Date: Mon, 2 Apr 2018 22:34:49 -0700 Subject: [PATCH] Updated Comments:BIP 0174 (markdown) --- Comments:BIP-0174.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Comments:BIP-0174.md b/Comments:BIP-0174.md index d308746..42e87d8 100644 --- a/Comments:BIP-0174.md +++ b/Comments:BIP-0174.md @@ -1,5 +1,7 @@ # Comments for the Partially Signed Transaction Format +## Devrandom comments + * Partial signature entries use the map key `{0x02}|{public key}`. However, a single public key may be involved in signing multiple inputs, and the signature will differ in each one. Since the map keys are to be unique, this is a problem. I suggest the following map key instead: `{0x02}|{input index}|{pubkey index}` * HD derivation entries waste space by repeating the public key. I recommend using the following map key instead: `{0x03}|{input index}|{pubkey index}`, which also matches previous point. @@ -19,3 +21,9 @@ The hd keypaths (unlike the partial signatures map) is global. Public keys are n I understand the response to the first question. As to the second question - the public key is already present in the redeem script, so it does not seem necessary to duplicate it in the map key. Instead, could refer to the public key index within the redeem script. + +## Comments from devrandom, part 2 + +Another issue I see is related to change outputs. In order to securely compute the net amount transferred out of a wallet, change addresses must be verified. In order to do this, the redeem script of the output, as well as the BIP-32 derivation path of each pubkey therein must be provided. The way the redeem script element is described, it seems to apply only to inputs. That can be fixed with a doc change. I would further comment about the potential use for change outputs. + +In fact, this can also apply to non-change outputs, if we want to prove to Signers that an output goes to a separate, white-listed, HD wallet.