Permalink
Find file
959fecc Nov 30, 2016
@luke-jr @jl2012 @JornC @jonasschnelli @afk11
158 lines (114 sloc) 5.81 KB

  BIP: 142
  Layer: Applications
  Title: Address Format for Segregated Witness
  Author: Johnson Lau <jl2012@xbt.hk>
  Comments-Summary: No comments yet.
  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0142
  Status: Deferred
  Type: Standards Track
  Created: 2015-12-24
  License: PD

Table of Contents

Abstract

This BIP describes new types of Bitcoin address to support native segregated witness transactions with 20-byte and 32-byte program.

Motivation

To define standard payment address for native segregated witness (segwit) transactions to promote early adoption of the more efficient transaction method.

Specification

The new Bitcoin address format defined is for the Pay-to-Witness-Public-Key-Hash (P2WPKH) and Pay-to-Witness-Script-Hash (P2WSH) transaction described in segregated witness soft fork (BIP141). The scriptPubKey is an OP_0 followed by a push of 20-byte-hash (P2WPKH) or 32-byte hash (P2WSH).

The new address is encoded in a way similar to existing address formats:

  base58-encode:
    [1-byte address version]
    [1-byte witness program version]
    [0x00]
    [20/32-byte-hash]
    [4-byte checksum]
  

For P2WPKH address, the address version is 6 (0x06) for a main-network address or 3 (0x03) for a testnet address.

For P2WSH address, the address version is 10 (0x0A) for a main-network address or 40 (0x28) for a testnet address.

The witness program version is a 1-byte value between 0 (0x00) and 16 (0x10). Only version 0 is defined in BIP141. Versions 1 to 16 are reserved for future extensions.

Following the witness program version is a 0x00 padding to make sure that each witness program version will have a unique prefix.

Following the padding is the program hash, 20 byte for a P2WPKH address and 32 byte for a P2WSH address.

The 4-byte checksum is the first four bytes of the double SHA256 hash of the serialization of the previous items.

All addresses generated with this scheme will have a constant length, with 36 digits for 20-byte and 53 digits for 32-byte. Different witness program versions will have a unique prefix, as shown in the following table:

Witness program version Hash size
20-byte (36 characters) 32-byte (53 characters)
Mainnet Testnet Mainnet Testnet
0 p2 QW 7Xh T7n
1 p4 QY 7Xq T7w
2 p6 Qa 7Xz T85
3 p7 Qc 7Y9 T8E
4 pA Qe 7YH T8N
5 pB Qf 7YS T8X
6 pD Qh 7Ya T8g
7 pF Qj 7Yj T8p
8 pG Qm 7Yt T8y
9 pJ Qn 7Z2 T97
10 pL Qp 7ZB T9G
11 pN Qr 7ZK T9Q
12 pQ Qt 7ZU T9Z
13 pS Qv 7Zc T9i
14 pT Qw 7Zm T9r
15 pV Qy 7Zv TA1
16 pX R1 7a4 TA9

Rationale

BIP141 defines 2 ways of encoding a "witness program", a data push of 2 to 32 bytes:

  • A native witness program output is a scriptPubKey with a push of version byte followed by a push of witness program, and nothing else;
  • Segwit-in-P2SH is a BIP16 P2SH redeemScript with a push of version byte followed by a push of witness program, while the scriptPubKey looks like a normal P2SH output.
Considering the BIP13 P2SH address has been defined in 2012, using segwit-in-P2SH allows most existing wallets to pay a segwit-compatible wallet without any upgrade. However, this method requires more block space and is only a short-term solution to make the transition smoother. Eventually, all users are expected to use the more efficient native witness program as the primary method of payment.

The drawbacks of Bitcoin addresses have been extensively discussed in BIP13. Since then, better payment methods have been proposed or deployed, for example:

  • BIP47 Reusable Payment Codes for Hierarchical Deterministic Wallets
  • BIP63 Stealth Addresses
  • BIP70 Payment protocol
However, none of these are as widely adopted as the suboptimal base-58 scriptPubKey template addresses, which is still a standard for the whole eco-system, from wallets, block explorers, merchants, exchanges, to end users. It is believed that the proposed P2WPKH and P2WSH address format is the easiest way for wallets and services to adopt native witness program, which is particularly important in the context of scaling the capacity of the blockchain.

While P2WPKH address is specific for simple payment to a single public key, P2WSH address allows arbitrarily complex segwit transactions, similar to the BIP13 P2SH address.

Compatibility

This proposal is not backward-compatible. However, an older implementation will report the new address type as invalid, and refuse to create a transaction.

This proposal is forward-compatible with future versions of witness programs of 20 and 32 bytes.

Example

The following public key,

    0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6
 

when encoded as a P2PKH template, would become:

    DUP HASH160 <010966776006953D5567439E5E39F86A0D273BEE> EQUALVERIFY CHECKSIG

With the corresponding version 1 Bitcoin address being:

    16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM
 

When the same public key is encoded as P2WPKH, the scriptPubKey becomes:

    OP_0 <010966776006953D5567439E5E39F86A0D273BEE>

Using 0x06 as address version, followed by 0x00 as witness program version, and a 0x00 padding, the equivalent P2WPKH address is:

    p2xtZoXeX5X8BP8JfFhQK2nD3emtjch7UeFm
 

Reference implementation

https://github.com/theuni/bitcoin/commit/ede1b57058ac8efdefe61f67395affb48f2c0d80

References

Copyright

This work is placed in the public domain.