mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2024-11-19 01:40:05 +01:00
Code Issues Projects Releases Wiki Activity

fix witness program -> witness

Browse Source
This commit is contained in:
Karl-Johan Alm 2018-09-12 16:21:59 +09:00
parent b925137d5f
commit 2f152773e6
No known key found for this signature in database
GPG Key ID: 57AF762DB3353322
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
bip-0322.mediawiki
View File

@ -21,7 +21,7 @@ The current message signing standard only works for P2PKH (1...) addresses. By e
== Specification ==
A new structure <code>SignatureProof</code> is added, which is a simple serializable scriptSig & witnessProgram container.
A new structure <code>SignatureProof</code> is added, which is a simple serializable scriptSig & witness container.
Two actions "Sign" and "Verify" are defined along with two *purposes* "SignMessage" and "ProveFunds".
@ -56,9 +56,9 @@ The above is followed by [entries] number of signature entries:
|-
|Uint8*||[scriptsiglen]||scriptsig||ScriptSig data
|-
|VarInt||1-8||witlen||Number of bytes in witness program data
|VarInt||1-8||witlen||Number of bytes in witness data
|-
|Uint8*||[witlen]||wit||Witness program
|Uint8*||[witlen]||wit||Witness
|}
In some cases, the scriptsig or wit may be empty. If both are empty, the proof is incomplete.
@ -74,7 +74,7 @@ A verification call will return a result code according to the table below.
|-
|INCOMPLETE||One or several of the given challenges had an empty proof. The prover may need some other entity to complete the proof.
|-
|INCONCLUSIVE||One or several of the given proofs used unknown opcodes or witness versions, perhaps due to the verifying node being outdated.
|INCONCLUSIVE||One or several of the given proofs used unknown opcodes or the scriptPubKey had an unknown witness version, perhaps due to the verifying node being outdated.
|-
|VALID||All proofs were deemed valid.
|-
@ -87,13 +87,13 @@ A verification call will return a result code according to the table below.
== Signing and Verifying ==
Let there be an empty set inputs which is populated and tested at each call to one of the actions below.
Let there be an empty set `inputs` which is populated and tested at each call to one of the actions below.
=== Purpose: SignMessage ===
The "SignMessage" purpose generates a sighash based on a scriptPubKey and a message. It emits a VALID verification result code unless otherwise stated.
# Return INVALID if scriptPubKey already exists in inputs set, otherwise insert it<ref><strong>Why track duplicates?</strong> Because a 3-entry proof is not proving 3 inputs unless they are all distinct</ref>
# Return INVALID if scriptPubKey already exists in `inputs` set, otherwise insert it<ref><strong>Why track duplicates?</strong> Because a 3-entry proof is not proving 3 inputs unless they are all distinct</ref>
# Define the message pre-image as the sequence "Bitcoin Message:" concatenated with the message, encoded in UTF-8 using Normalization Form Compatibility Decomposition (NFKD)
# Let sighash = sha256(sha256(scriptPubKey || pre-image))
@ -102,7 +102,7 @@ The "SignMessage" purpose generates a sighash based on a scriptPubKey and a mess
The "ProveFunds" purpose generates a sighash and a scriptPubKey from a transaction, an output index, and a message. For multiple simultaneous proofs, it also requires access to the ordered list of proofs. It emits a VALID verification result code unless otherwise stated.
# Let txid be the transaction ID of the transaction, and vout be the output index corresponding to the index of the output being spent
# Return INVALID if the txid:vout pair already exists in inputs set, otherwise insert it
# Return INVALID if the txid:vout pair already exists in `inputs` set, otherwise insert it
# Return SPENT if the txid/vout is not a valid UTXO according to a Bitcoin node<ref><strong>Synced up or not?</strong> A normal verifier would use a synced up node. An auditor checking records from a client that were submitted in the past want to use a node that is synced up to the block corresponding to the proof, or the proof will fail, even if it may have been valid at the time of creation.</ref>
# Extract scriptPubKey from transaction output
# Define the message pre-image as the concatenation of the following components:<ref><strong>Why not just the UTXO data?</strong> We want the verifier to be able to challenge the prover with a custom message to sign, or anyone can reuse the POF proof for a set of UTXO:s once they have seen it, and the funds have not yet been spent</ref>
@ -121,12 +121,12 @@ The "Sign" action takes as input a purpose. It returns a signature or fails.
=== Action: Verify ===
The "Verify" action takes as input a standard flags value, a script sig, an optional witness program, and a purpose.
The "Verify" action takes as input a standard flags value, a script sig, an optional witness, and a purpose.
It emits one of INCONCLUSIVE, VALID, INVALID, or ERROR.
# Obtain the sighash and scriptPubKey from the purpose; pass on result code if not VALID
# If one or more of the standard flags are unknown, return INCONCLUSIVE
# Verify Script with flags=standard flags, scriptSig=script sig, scriptPubKey=scriptPubKey, witness=witness program, and sighash=sighash
# Verify Script with flags=standard flags, scriptSig=script sig, scriptPubKey=scriptPubKey, witness=witness, and sighash=sighash
# Return VALID if verify succeeds, otherwise return INVALID
=== Multiple Proofs ===