Published on: 2021-03-19T08:59:05+00:00
Developer Robert Spigler has proposed a Bitcoin Improvement Proposal (BIP) for multisignature and single signature wallets. However, concerns have been raised about the impact of the proposal on single signature wallets by ghost43 and Jochen Hoenicke. As a result, Spigler has decided to revert the proposal back to multisignature derivations, which he believes will address all concerns. The updated proposal can be found on Github, along with Spigler's personal fingerprint.In a discussion on the bitcoin-dev mailing list, Robert Spigler argued that wallets shouldn't have to check all script types on recovery and proposed a new standard called "Signature and Script Independent Hierarchy for Deterministic Wallets." According to Robert, descriptor wallets can solve this problem. For multisignature wallets, each cosigner stores their extended private key (xprv) and the wallet descriptor for backup. To recover, simply combine M private keys and check the script designated in 1 of the descriptor copies. For single signature wallets, it is the same, except only one signature is needed. Jochen disagreed with Robert's proposal and pointed out that currently, BIP39/BIP44 wallets can recover all accounts using just the seed words without the need for public keys or derivation paths. Additionally, Jochen stated that most hardware wallets currently rely on this feature. However, autodiscover doesn't work for multisig wallets, unless some output descriptor is stored in an OP_RETURN on the blockchain.The proposal to encode script type in the derivation is being questioned as output descriptors are becoming more prevalent. Two options have been suggested: 1) Use derivation paths that do not encode the script type and educate users to backup output descriptors in addition to their seed words or 2) Use a standard set of derivation paths that encode the script type, ensuring fund recovery even if users do not back it up by checking against common derivations. Robert Spigler suggests using descriptor wallets for multisignature and single signature wallets. To backup a multisignature wallet, each cosigner stores their extended private key and the wallet descriptor. For single signature wallets, the same applies but only one signature is needed.The current standards for deterministic wallets have many issues, including the mixing of keys and scripts in the same layer. BIP44/49/84 specifies a path that includes per-script derivations, but these are made redundant with descriptors. The proposal is to create extended private/public keys independent of the script or signature type. In multisignature wallets, each cosigner stores their xprv and the wallet descriptor for backup. For single signature wallets, only one signature is needed. There is a tradeoff as the proposal mixes discoverable and non-discoverable scripts in the same derivation scheme, which could turn all scripts into being non-discoverable. The workaround is to backup both seed words and output script descriptors, which is less user-friendly than backing up just a seed but more generic and extendable.Robert Spigler is working on a draft BIP for a signature and script independent hierarchy for deterministic wallets. He believes that with the implementation of descriptor wallets, the typical use case of a BIP43 `purpose’` level per script type is redundant. The differentiation of separate BIPs for multisignature derivation paths is also considered redundant. Descriptors can set the order of the public keys with multi or have them sorted lexicographically with sortedmulti. Robert proposes that keys and scripts should not be mixed in the same layer. The wallet should create extended private/public keys independent of the script or signature type, whereas the descriptor language tells wallets to watch (single or multi-sig) outputs with the specified public keys.
Updated on: 2023-08-02T03:24:12.012249+00:00