From c624414119573e41466dcf407b3c53507624678f Mon Sep 17 00:00:00 2001
From: Andrew Poelstra <apoelstra@wpsoftware.net>
Date: Wed, 23 Dec 2020 15:35:47 +0000
Subject: bip-0322: remove the 'to_spend' transaction from serialization

---
 bip-0322.mediawiki | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'bip-0322.mediawiki')

diff --git a/bip-0322.mediawiki b/bip-0322.mediawiki
index 4eda7b0..5f4704d 100644
--- a/bip-0322.mediawiki
+++ b/bip-0322.mediawiki
@@ -74,7 +74,7 @@ The <code>to_sign</code> transaction is:
     vout[0].nValue = 0
     vout[0].scriptPubKey = OP_RETURN
 
-A full signature consists of the base64-encoding of the <code>to_spend</code> and <code>to_sign</code> transactions concatenated in standard network serialisation.
+A full signature consists of the base64-encoding of the <code>to_sign</code> transaction in standard network serialisation.
 
 === Full (Proof of Funds) ===
 
@@ -102,11 +102,9 @@ A validator is given as input an address ''A'' (which may be omitted in a proof-
 Validation consists of the following steps:
 
 # Basic validation
-## Decode ''s'' as the transactions <code>to_sign</code> and <code>to_spend</code>
-## Confirm that <code>message_hash</code> is the correct hash of ''m''
-## Confirm that <code>message_challenge</code> is the scriptPubKey corresponding to ''A'' if ''A'' is present, and otherwise must be <code>OP_TRUE</code>
-## Confirm that all other fields are set as specified above; in particular that
-##* <code>to_spend</code> has exactly one input and one output
+## Compute the transaction <code>to_spend</code> from ''m'' and ''A''
+## Decode ''s'' as the transaction <code>to_sign</code>
+## If ''s'' was a full transaction, confirm all fields are set as specified above; in particular that
 ##* <code>to_sign</code> has at least one input and its first input spends the output of </code>to_spend</code>
 ##* <code>to_sign</code> has exactly one output, as specified above
 ## Confirm that the two transactions together satisfy all consensus rules, except for <code>to_spend</code>'s missing input, and except that ''nSequence'' of <code>to_sign</code>'s first input and ''nLockTime'' of <code>to_sign</code> are not checked.
@@ -120,6 +118,7 @@ Validation consists of the following steps:
 ## <code>MINIMALIF</code>: the argument of <code>IF</code>/<code>NOTIF</code> must be exactly 0x01 or empty push
 ## If any of the above steps failed, the validator should stop and output the ''invalid'' state.
 # Check the **upgradeable rules**
+## The version of <code>to_sign</code> must be 0 or 2.
 ## The use of NOPs reserved for upgrades is forbidden.
 ## The use of segwit versions greater than 0 are forbidden.
 ## If any of the above steps failed, the validator should stop and output the ''inconclusive'' state.
@@ -137,7 +136,7 @@ Signers who control an address ''A'' who wish to sign a message ''m'' act as fol
 They then encode their signature, choosing either ''simple'' or ''full'' as follows:
 
 * If they added no inputs to <code>to_sign</code>, left nSequence and nLockTime at 0, and ''A'' is a Segwit address (either pure or P2SH-wrapped), then they may base64-encode <code>message_signature</code>
-* Otherwise they must base64-encode the concatenation of <code>to_spend</code> followed by <code>to_sign</code>.
+* Otherwise they must base64-encode <code>to_sign</code>.
 
 == Compatibility ==
 
-- 
cgit v1.2.3