https://github.com/kallewoof/bips/blob/bip-typed-wif/bip-extended-privkey.mediawiki
I will make the corresponding changes to the reference implementation shortly.
If there are no objections I would also like to request a BIP number.
Post by Karl Johan Alm via bitcoin-devI took the liberty of turning this into a BIP proposal -- the
https://github.com/kallewoof/bips/blob/bip-typed-wif/bip-extended-privkey.mediawiki
<pre>
BIP: XXX
Layer: Applications
Title: Typed Private Keys
Comments-Summary: No comments yet.
Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-XXX
Status: Draft
Type: Standards Track
Created: 2018-04-04
License: CC0-1.0
</pre>
== Abstract ==
An extension to the private key (WIF) format to specify what kind of
public key the private key corresponds to.
== Motivation ==
There are several types of public keys which can all be associated
with a given private key: P2PKH (legacy <code>1...</code> format),
P2SH-P2WPKH (SegWit public key inside P2SH), P2WPKH (bech32), etc.
While private keys have a 1-byte suffix indicating whether the
corresponding public key is compressed (<code>0x01</code>) or not
(<code>0x00</code>), there is no way of knowing what kind of public
keys were associated with the private key. As a result, when importing
a private key, the wallet has to assume all kinds, and keep track of
each possible alternative.
By extending the suffix, we can specify what kind of public key was
associated with the given private key.
== Specification ==
Currently, private keys are stored as a uint256 (private key data)
followed by a uint8 (compressed flag). The latter is extended to
{|class="wikitable" style="text-align: center;"
|-
!Value
!Type
!Compr
!Clarification
|-
|<code>0x00</code>||P2PKH_UNCOMPRESSED||No||Uncompressed legacy public
key. Unknown public key format
|-
|<code>0x01</code>||P2PKH_COMPRESSED||Yes||Compressed legacy public
key. Unknown public key format
|-
|<code>0x80</code>||P2PKH||Yes||Compressed legacy public key. Legacy
public key format (<code>1...</code>)
|-
|<code>0x81</code>||P2WPKH||Yes||Bech32 format (native Segwit)
|-
|<code>0x82</code>||P2WPKH_P2SH||Yes||Segwit nested in BIP16 P2SH
(<code>3...</code>)
|-
|<code>0x85</code>||P2SH|| — ||Non-Segwit BIP16 P2SH (<code>3...</code>)
|-
|<code>0x86</code>||P2WSH|| — ||Native Segwit P2SH
|-
|<code>0x87</code>||P2WSH_P2SH|| — ||Native Segwit P2SH nested
in BIP16 P2SH
|}
* the key is using one of the legacy types, in which case all types
must be accounted for
* the key is using one of the extended types, in which case the wallet
need only track the specific corresponding public key
== Rationale ==
TODO
== Compatibility ==
This proposal is not backwards compatible, in that software that does
not recognize the new types will not understand the compressed flag.
It would be trivial to change this, by keeping the 'uncompressed'
state as it is (0) and changing 'compressed' to be 'anything not 0',
as opposed to 'the value 1'.
The proposal *is* backwards compatible in that new wallet software
will always understand the old WIF format, however. It will, as it
does today, assume that any kind of public key is possible, and will
have to track all of them, as it has to today.
== Acknowledgements ==
This BIP is based on the initial proposal by Thomas Voegtlin
list<ref>https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-September/015007.html</ref>
and the Electrum 3.0
implementation<ref>https://github.com/spesmilo/electrum/blob/82e88cb89df35288b80dfdbe071da74247351251/RELEASE-NOTES#L95-L108</ref>
== Reference implementation ==
There is a partial implementation which adds, but does not use, the
https://github.com/bitcoin/bitcoin/pull/12869
== References ==
<references/>
== Copyright ==
This document is licensed under the Creative Commons CC0 1.0 Universal license.
On Mon, Sep 18, 2017 at 12:36 AM, Mark Friedenbach via bitcoin-dev
Post by Mark Friedenbach via bitcoin-devBech32 and WIF payload format are mostly orthogonal issues. You can design a
new wallet import format now and later switch it to Bech32.
On Sep 17, 2017, at 7:42 AM, AJ West via bitcoin-dev
Hi I have a small interjection about the point on error correction (excuse
me if it seems elementary). Isn't there an argument to be made where a
wallet software should never attempt to figure out the 'correct' address, or
in this case private key? I don't think it's crazy to suggest somebody could
import a slightly erroneous WIF, the software gracefully error-corrects any
problem, but then the user copies that error onward such as in their backup
processes like a paper wallet. I always hate to advocate against a feature,
I'm just worried too much error correcting removes the burden of exactitude
and attention of the user (eg. "I know I can have up to 4 errors").
I'm pretty sure I read those arguments somewhere in a documentation or issue
tracker/forum post. Maybe I'm misunderstanding the bigger picture in this
particular case, but I was just reminded of that concept (even if it only
applies generally).
Thanks,
AJ West
On Sun, Sep 17, 2017 at 4:10 AM, Thomas Voegtlin via bitcoin-dev
Post by Thomas Voegtlin via bitcoin-devPost by Pieter Wuille via bitcoin-devThis has been a low-priority thing for me, though, and the computation work
to find a good checksum is significant.
Thanks for the info. I guess this means that a bech32 format for private
keys is not going to happen soon. Even if such a format was available,
the issue would remain for segwit-in-p2sh addresses, which use base58.
The ambiguity of the WIF format is currently holding me from releasing a
segwit-capable version of Electrum. I believe it is not acceptable to
use the current WIF format with segwit scripts; that would just create
technological debt, forcing wallets to try all possible scripts. There
is a good reason why WIF adds a 0x01 byte for compressed pubkeys; it
makes it unambiguous.
1. Disable private keys export in Electrum Segwit wallets, until a
common WIF extension has been agreed on.
2. Define my own WIF extension for Electrum, and go ahead with it.
Defining my own format does make sense for the xpub/xprv format, because
Electrum users need to share master public keys across Electrum wallets.
It makes much less sense for WIF, though, because WIF is mostly used to
import/sweep keys from other wallets.
I would love to know what other wallet developers are going to do,
especially Core. Are you going to export private keys used in segwit
scripts in the current WIF format?
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev