summaryrefslogtreecommitdiff
path: root/bip-0142.mediawiki
blob: 49ed8dca94b9a1451af05235fd553cba327744c3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<pre>
  BIP: 142
  Layer: Applications
  Title: Address Format for Segregated Witness
  Author: Johnson Lau <jl2012@xbt.hk>
  Comments-Summary: No comments yet.
  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0142
  Status: Withdrawn
  Type: Standards Track
  Created: 2015-12-24
  License: PD
</pre>

== Abstract ==

This BIP describes new types of Bitcoin address to support native segregated witness transactions with 20-byte and 32-byte program.

== Motivation ==

To define standard payment address for native segregated witness (segwit) transactions to promote early adoption of the more efficient transaction method.

== Specification ==

The new Bitcoin address format defined is for the Pay-to-Witness-Public-Key-Hash (P2WPKH) and Pay-to-Witness-Script-Hash (P2WSH) transaction described in segregated witness soft fork (BIP141). The scriptPubKey is an OP_0 followed by a push of 20-byte-hash (P2WPKH) or 32-byte hash (P2WSH).

The new address is encoded in a way similar to existing address formats:

  base58-encode:
    [1-byte address version]
    [1-byte witness program version]
    [0x00]
    [20/32-byte-hash]
    [4-byte checksum]

For P2WPKH address, the address version is 6 (0x06) for a main-network address or 3 (0x03) for a testnet address.

For P2WSH address, the address version is 10 (0x0A) for a main-network address or 40 (0x28) for a testnet address.

The witness program version is a 1-byte value between 0 (0x00) and 16 (0x10). Only version 0 is defined in BIP141. Versions 1 to 16 are reserved for future extensions.

Following the witness program version is a 0x00 padding to make sure that each witness program version will have a unique prefix.

Following the padding is the program hash, 20 byte for a P2WPKH address and 32 byte for a P2WSH address.

The 4-byte checksum is the first four bytes of the double SHA256 hash of the serialization of the previous items.

All addresses generated with this scheme will have a constant length, with 36 digits for 20-byte and 53 digits for 32-byte. Different witness program versions will have a unique prefix, as shown in the following table:

{|class="wikitable" style="text-align: center;"
|-
!rowspan=3 style=""|Witness program version
!colspan=4 style=""|Hash size
|-
!colspan=2 style=""|20-byte (36 characters)
!colspan=2 style=""|32-byte (53 characters)
|-
!Mainnet
!Testnet
!Mainnet
!Testnet
|-
|0||p2||QW||7Xh||T7n
|-
|1||p4||QY||7Xq||T7w
|-
|2||p6||Qa||7Xz||T85
|-
|3||p7||Qc||7Y9||T8E
|-
|4||pA||Qe||7YH||T8N
|-
|5||pB||Qf||7YS||T8X
|-
|6||pD||Qh||7Ya||T8g
|-
|7||pF||Qj||7Yj||T8p
|-
|8||pG||Qm||7Yt||T8y
|-
|9||pJ||Qn||7Z2||T97
|-
|10||pL||Qp||7ZB||T9G
|-
|11||pN||Qr||7ZK||T9Q
|-
|12||pQ||Qt||7ZU||T9Z
|-
|13||pS||Qv||7Zc||T9i
|-
|14||pT||Qw||7Zm||T9r
|-
|15||pV||Qy||7Zv||TA1
|-
|16||pX||R1||7a4||TA9
|-
|}


== Rationale ==

BIP141 defines 2 ways of encoding a "witness program", a data push of 2 to 32 bytes:

* A native witness program output is a scriptPubKey with a push of version byte followed by a push of witness program, and nothing else;
* Segwit-in-P2SH is a BIP16 P2SH redeemScript with a push of version byte followed by a push of witness program, while the scriptPubKey looks like a normal P2SH output.

Considering the BIP13 P2SH address has been defined in 2012, using segwit-in-P2SH allows most existing wallets to pay a segwit-compatible wallet without any upgrade. However, this method requires more block space and is only a short-term solution to make the transition smoother. Eventually, all users are expected to use the more efficient native witness program as the primary method of payment.

The drawbacks of Bitcoin addresses have been extensively discussed in BIP13. Since then, better payment methods have been proposed or deployed, for example:
*BIP47 Reusable Payment Codes for Hierarchical Deterministic Wallets
*BIP63 Stealth Addresses
*BIP70 Payment protocol

However, none of these are as widely adopted as the suboptimal base-58 scriptPubKey template addresses, which is still a standard for the whole eco-system, from wallets, block explorers, merchants, exchanges, to end users. It is believed that the proposed P2WPKH and P2WSH address format is the easiest way for wallets and services to adopt native witness program, which is particularly important in the context of scaling the capacity of the blockchain.

While P2WPKH address is specific for simple payment to a single public key, P2WSH address allows arbitrarily complex segwit transactions, similar to the BIP13 P2SH address.

== Compatibility ==

This proposal is not backward-compatible. However, an older implementation will report the new address type as invalid, and refuse to create a transaction.

This proposal is forward-compatible with future versions of witness programs of 20 and 32 bytes.

== Example ==

The following public key,

    0450863AD64A87AE8A2FE83C1AF1A8403CB53F53E486D8511DAD8A04887E5B23522CD470243453A299FA9E77237716103ABC11A1DF38855ED6F2EE187E9C582BA6

when encoded as a P2PKH template, would become:

    DUP HASH160 <010966776006953D5567439E5E39F86A0D273BEE> EQUALVERIFY CHECKSIG

With the corresponding version 1 Bitcoin address being:

    16UwLL9Risc3QfPqBUvKofHmBQ7wMtjvM

When the same public key is encoded as P2WPKH, the scriptPubKey becomes:

    OP_0 <010966776006953D5567439E5E39F86A0D273BEE>

Using 0x06 as address version, followed by 0x00 as witness program version, and a 0x00 padding, the equivalent P2WPKH address is:

    p2xtZoXeX5X8BP8JfFhQK2nD3emtjch7UeFm

== Reference implementation ==

https://github.com/theuni/bitcoin/commit/ede1b57058ac8efdefe61f67395affb48f2c0d80

== References ==

* [[bip-0013.mediawiki|BIP 13: Address Format for pay-to-script-hash]]
* [[bip-0016.mediawiki|BIP 16: Pay to Script Hash]]
* [[bip-0070.mediawiki|BIP 70: Payment Protocol]]
* [[bip-0141.mediawiki|BIP 141: Segregated Witness]]

== Copyright ==
This work is placed in the public domain.