Published on: 2017-09-04T13:51:35+00:00
In a recent discussion on the bitcoin-dev mailing list, there was a question raised about whether native P2WPKH scripts should only be used in redeem scripts or if they could also be encoded in TxOuts. The purpose of this would be to save space in transactions with multiple outputs. Gregory Maxwell responded by saying that native P2WPKH and P2WSH are indeed valid and identifiable even when encoded in TxOuts. However, he cautioned against assuming that the recipient understands this new format. If someone wants to utilize this method to save space, they should first request a new BIP173 address from the recipient instead of converting a P2PKH address without consent.Another topic that came up in the Bitcoin-dev forum discussion was whether Bob can safely issue native P2WPKH outputs to Alice if she provides him with a specific address. The answer to this question is no, and it does not matter whether the address is compressed or uncompressed. If Alice provides Bob with a specific address, she is essentially stating that she will only accept payment to the scriptPubKey associated with that address. Any payment made to a different scriptPubKey may not be recognized by Alice.In an email exchange between Alex Nagy and Gregory Maxwell, the question was posed about whether Bob can issue native P2WPKH outputs to Alice if she gives him the address 1MsHWS1BnwMc3tLE8G35UXsS58fKipzB7a. Gregory's response was that it is not possible to pay someone to a script pubkey that they have not specified. Attempting to construct an alternative script pubkey would be akin to burying a check in a locked safe labeled "danger radioactive" in someone's backyard. While there have been instances where wallets displayed outputs they didn't generate but could spend, these cases are considered flaws and cannot be relied upon for all situations. Furthermore, if uncompressed keys are used, it could render the payment unspendable.The context also mentions that Alice has a P2PKH address derived from an uncompressed public key. However, BIPs 141 and 143 state that P2WPKH scripts can only be derived from compressed public keys. Due to this restriction, if Alice were to provide Bob with her P2PKH address, he would not be able to safely issue native P2WPKH outputs to her because he would have no way of knowing whether her P2PKH address represents a compressed or uncompressed public key. The existing P2PKH address format is generally considered unsafe to use with SegWit since it allows for addresses derived from uncompressed public keys. Transactions that violate the rule of using compressed public keys in P2WPKH and P2WSH will not be relayed or mined by default, as stated in BIP143. To avoid potential loss of funds in the future, users should refrain from using uncompressed keys in version 0 witness programs.
Updated on: 2023-08-01T21:29:19.658245+00:00