Published on: 2023-01-24T08:38:29+00:00
Salvatore Ingala, a Bitcoin developer, has proposed a new language called "wallet policies" to address challenges in implementing descriptors and miniscript support in hardware wallets. These challenges arise due to limited RAM, computational power, and storage capacity of hardware wallets.The proposed language aims to provide a native, compact representation of the wallet receive/change and improve the user experience of software wallets. The registration flow for wallet policies involves the software wallet initiating a registration process on the hardware wallet. The information includes the wallet policy and a unique name that identifies the policy. The hardware wallet displays the policy on its secure screen, allowing the user to review and compare it with a trusted source before approving it. The goal is to ensure that the user knows the policy being used to spend their funds, preventing any malicious modifications.To simplify implementation and improve user experience, the document proposes minimizing the amount of information shown on-screen and reducing the number of times the user needs to validate such information. It also suggests reusing the same xpub in multiple places to avoid blowup in descriptor size. The proof of registration is executed securely using message authentication codes.The document provides examples of wallet descriptor templates for different use cases, such as native segwit accounts, taproot BIP86 accounts, native segwit 2-of-3, and templates with miniscript for "1 of 2 equally likely keys." It also includes additional rules, implementation guidelines, and references to relevant Bitcoin Improvement Proposals (BIPs) for further information.The email exchange discusses the challenges of implementing output descriptors on signing devices, proposing optimizations to overcome difficulties for implementers. It suggests optimizations for common use cases, such as using two descriptors at different derivation indices for receive and change addresses. The conversation also touches on the feasibility of incorporating Musig2 descriptors into hardware wallets and the potential for improving key aliasing using wallet policies.Overall, the proposed wallet policies language aims to provide a secure and user-friendly solution for integrating descriptors and miniscript support in hardware wallets, addressing the limitations of embedded devices and ensuring good user experience.Salvatore Ingala addresses the challenges of implementing descriptors and miniscript support in hardware wallets due to technical constraints such as limited RAM and computational power. To overcome these limitations, Ingala proposes a "wallet policies" language that can be used by all hardware wallets to securely support complex scripts.The proposed solution involves a registration flow for the wallet policy in the hardware wallet. This registration process includes generating all relevant addresses/scripts and identifying keys controlled by the hardware wallet. The user registers a wallet policy into the hardware wallet, and the software wallet initiates the registration on the hardware wallet. The registered policy is stored in the hardware wallet's permanent memory, and a master key encrypts all necessary information required to spend funds sent to those addresses.The policy language suggested targets a stricter subset of the output descriptors language, making it easier to implement and allowing for human inspection during the registration flow. Wallet descriptor templates consist of key placeholders and key origin information, including various types such as P2SH, P2WSH, P2PKH, P2WPKH, multisig, sorted multi, P2TR, and miniscript templates.The document outlines a standard for output script descriptors used to derive addresses and scripts from wallet descriptor templates. It specifies that wallet policies are considered invalid if any placeholder has derivation steps while the corresponding element of the keys vector is not an xpub. The document provides examples of wallet descriptor templates for native segwit accounts, taproot BIP86 accounts, and multisig setups.Overall, the proposed wallet policies language aims to address the security and user experience challenges faced by hardware wallets when supporting complex scripts. By registering wallet policies, hardware wallets can securely perform operations like generating addresses and signing transactions.
Updated on: 2023-08-02T06:23:33.636002+00:00