Author: David A. Harding 2020-05-02 12:53:12
Published on: 2020-05-02T12:53:12+00:00
In this email thread, Andrew Kozlik discusses the need for a wallet to ascertain non-ownership of an external input by obtaining the scriptPubKey of the previous output spent by the input. While it is easy to check whether a scriptPubKey contains a specific pubkey using P2PK/P2TR, it is impractical for wallets to check whether a scriptPubKey contains any of the possible two billion keys in a specific BIP32 derivation path, particularly since many wallets support multiple paths. Checking a list of scriptPubKeys for wallet matches would require obtaining the BIP32 derivation paths for the corresponding keys from a trusted data source. Alternatively, Greg Saunders' scheme, co-attributed to Andrew Poelstra, can be used, which only requires one-way communication from a signing device to a coordinator. The downside to this scheme is that it requires extra communication, which can be annoying for true offline signers but not burdensome for automated hardware wallets participating in coinjoins or LN. The scheme can be tweaked to be compatible with BIP322 generic signed messages, making it easier to support.
Updated on: 2023-06-14T01:04:56.680090+00:00