Add support in bitcoin for P2SH-P2WSH address format #417

New issue

Closed

opened 2022-08-24 10:43:15 +00:00 by hirunda · 4 comments

hirunda commented

2022-08-24 10:43:15 +00:00

(Migrated from gitlab.com)

`To create a P2SH-P2WSH address:

Define a script, called (witnessScript)
Calculate the SHA256 of the witnessScript (scripthash). Please pay attention that a single SHA256 is used, not double SHA256 nor RIPEMD160(SHA256)
The P2SH redeemScript is always 34 bytes. It starts with a OP_0, followed by a canonical push of the scripthash (i.e. 0x0020{32-byte scripthash})
Same as any other P2SH, the scriptPubKey is OP_HASH160 hash160(redeemScript) OP_EQUAL, and the address is the corresponding P2SH address with prefix 3.

The goal of this task is to add support for nested P2WSH scripts, which are wrapped within PS2SH script. The main reason of introducing this feature into peerplays is using libbitcoin library as a new efficient client. Libbitcoin library for now, works only with P2SH address format introduced in BIP16. `To create a P2SH-P2WSH address: Define a script, called (witnessScript) Calculate the SHA256 of the witnessScript (scripthash). Please pay attention that a single SHA256 is used, not double SHA256 nor RIPEMD160(SHA256) The P2SH redeemScript is always 34 bytes. It starts with a OP_0, followed by a canonical push of the scripthash (i.e. 0x0020{32-byte scripthash}) Same as any other P2SH, the scriptPubKey is OP_HASH160 hash160(redeemScript) OP_EQUAL, and the address is the corresponding P2SH address with prefix 3. `

hirunda commented

2022-08-24 10:43:15 +00:00

(Migrated from gitlab.com)

assigned to @hirunda

hirunda commented

2022-08-24 10:45:04 +00:00

(Migrated from gitlab.com)

`Creation of P2SH-P2WSH Address

A P2SH-P2WSH address is comparable to Bitcoin’s original P2SH address, which allows representation of arbitrarily complex scripts with a fixed size address.
Like any other P2SH and P2SH-P2WPKH address, P2SH-P2WSH address has prefix 3. They are indistinguishable until the UTXO is spent
To create a P2SH-P2WSH address:
    Define a script, called (witnessScript)
    Calculate the SHA256 of the witnessScript (scripthash). Please pay attention that a single SHA256 is used, not double SHA256 nor RIPEMD160(SHA256)
    The P2SH redeemScript is always 34 bytes. It starts with a OP_0, followed by a canonical push of the scripthash (i.e. 0x0020{32-byte scripthash})
    Same as any other P2SH, the scriptPubKey is OP_HASH160 hash160(redeemScript) OP_EQUAL, and the address is the corresponding P2SH address with prefix 3.
Restrictions on the script
    The script evaluation must not fail, and MUST leave one and only one TRUE stack item after evaluation. Otherwise, the evaluation is failed.
    Any public key inside P2SH-P2WSH scripts MUST be compressed key, or fund may be lost permanently.
    If OP_IF or OP_NOTIF is used, it argument MUST be either an empty vector (for false) or 0x01 (for true). Use of other value may lead to permanent fund loss. (BIP draft)
    If an OP_CHECKSIG or OP_CHECKMULTISIG is returning a fail, all signature(s) must be empty vector(s). Otherwise, fund may be lost permanently. (BIP146)
    There is a default policy limit for the witnessScript at 3600 bytes. Except the witnessScript, there could be at most 100 witness stack items, with at most 80 bytes each. Transactions excessing these limits may not be relayed nor included in a block
    Many of the original scripts consensus limitations, such as 10000 bytes script size, 201 nOpCount, are still applied to P2SH-P2WSH
    The 520 bytes script size limit for P2SH is not applicable to P2SH-P2WSH. It is replaced by the 3600 bytes policy limit and 10000 bytes consensus limit.

Signature Generation and Verification for P2SH-P2WSH

For spending of P2SH-P2WSH:
    The scriptSig MUST ONLY contain a push of the redeemScript
    The last witness item of the corresponding witness field MUST be the witnessScript
    The new BIP143 signature generation algorithm is applied:
        Without using any OP_CODESEPARATOR, the scriptCode is witnessScript preceeded by a compactSize integer for the size of witnessScript. For example, if the script is OP_1 (0x51), the scriptCode being serialized is (0x0151)
        For any unusual scripts containing OP_CODESEPARATOR, please refer to BIP143 for the exact semantics
    Any witness stack items before the witnessScript are used as the input stack for script evaluation. The input stack is not interpreted as script. For example, there is no need to use a 0x4c (OP_PUSHDATA1) to “push” a big item.
    To verify the correctness of signature generation and stack serialization, please always test against the examples in BIP143
    Example

`Creation of P2SH-P2WSH Address A P2SH-P2WSH address is comparable to Bitcoin’s original P2SH address, which allows representation of arbitrarily complex scripts with a fixed size address. Like any other P2SH and P2SH-P2WPKH address, P2SH-P2WSH address has prefix 3. They are indistinguishable until the UTXO is spent To create a P2SH-P2WSH address: Define a script, called (witnessScript) Calculate the SHA256 of the witnessScript (scripthash). Please pay attention that a single SHA256 is used, not double SHA256 nor RIPEMD160(SHA256) The P2SH redeemScript is always 34 bytes. It starts with a OP_0, followed by a canonical push of the scripthash (i.e. 0x0020{32-byte scripthash}) Same as any other P2SH, the scriptPubKey is OP_HASH160 hash160(redeemScript) OP_EQUAL, and the address is the corresponding P2SH address with prefix 3. Restrictions on the script The script evaluation must not fail, and MUST leave one and only one TRUE stack item after evaluation. Otherwise, the evaluation is failed. Any public key inside P2SH-P2WSH scripts MUST be compressed key, or fund may be lost permanently. If OP_IF or OP_NOTIF is used, it argument MUST be either an empty vector (for false) or 0x01 (for true). Use of other value may lead to permanent fund loss. (BIP draft) If an OP_CHECKSIG or OP_CHECKMULTISIG is returning a fail, all signature(s) must be empty vector(s). Otherwise, fund may be lost permanently. (BIP146) There is a default policy limit for the witnessScript at 3600 bytes. Except the witnessScript, there could be at most 100 witness stack items, with at most 80 bytes each. Transactions excessing these limits may not be relayed nor included in a block Many of the original scripts consensus limitations, such as 10000 bytes script size, 201 nOpCount, are still applied to P2SH-P2WSH The 520 bytes script size limit for P2SH is not applicable to P2SH-P2WSH. It is replaced by the 3600 bytes policy limit and 10000 bytes consensus limit. Signature Generation and Verification for P2SH-P2WSH For spending of P2SH-P2WSH: The scriptSig MUST ONLY contain a push of the redeemScript The last witness item of the corresponding witness field MUST be the witnessScript The new BIP143 signature generation algorithm is applied: Without using any OP_CODESEPARATOR, the scriptCode is witnessScript preceeded by a compactSize integer for the size of witnessScript. For example, if the script is OP_1 (0x51), the scriptCode being serialized is (0x0151) For any unusual scripts containing OP_CODESEPARATOR, please refer to BIP143 for the exact semantics Any witness stack items before the witnessScript are used as the input stack for script evaluation. The input stack is not interpreted as script. For example, there is no need to use a 0x4c (OP_PUSHDATA1) to “push” a big item. To verify the correctness of signature generation and stack serialization, please always test against the examples in BIP143 Example `

serkixenos commented

2022-08-25 11:23:42 +00:00

(Migrated from gitlab.com)

mentioned in issue #410