This was assigned BIP number 86, so the purpose level path will be m/86' Andrew
On 6/22/21 9:17 PM, Andrew Chow wrote: > Hi All, > > I would like to propose a simple derivation path scheme for keys to be > used in single key Taproot scripts. This is based on BIP 44 so it is > basically identical to BIPs 49 and 84. Like with those BIPs, the actual > value to be used in the purpose level will be set to the BIP number, > once assigned. > > Note that the keys derived in this method should be for the Taproot > internal key, which should then be tweaked with the hash of itself as > recommended by BIP 341. The keys derived at this path should not be used > directly as the Taproot output pubkey. Additionally, this BIP does not > specify new version bytes for extended key serialization because, with > the advent of descriptors, I think that is unnecessary. In fact, this > BIP feels somewhat unnecessary to me, but it seems like it will be > needed for now in order to drive adoption and implementation of Taproot > into software and hardware wallets. > > The text can be viewed below, with the rendered text available at > https://github.com/achow101/bips/blob/taproot-bip44/bip-taproot-bip44.mediawiki > > Andrew Chow > > --- > > <pre> > BIP: bip-taproot-bip44 > Layer: Applications > Title: Derivation scheme for P2TR based accounts > Author: Andrew Chow <and...@achow101.com> > Comments-Summary: No comments yet. > Comments-URI: > https://github.com/bitcoin/bips/wiki/Comments:BIP-taproot-bip44 > Status: Draft > Type: Informational > Created: 2021-06-22 > License: BSD-2-Clause > </pre> > > ==Abstract== > > This document suggests a derivation scheme for HD wallets whose keys are > involved in single key > P2TR ([[bip-0341.mediawiki|BIP 341]]) outputs as the Taproot internal key. > > ===Copyright=== > > This BIP is licensed under the 2-clause BSD license. > > ==Motivation== > > With the usage of single key P2TR transactions, it is useful to have a > common derivation scheme so > that HD wallets that only have a backup of the HD seed can be likely to > recover single key Taproot > outputs. Although there are now solutions which obviate the need for > fixed derivation paths for > specific script types, many software wallets and hardware signers still > use seed backups which > lack derivation path and script information. Thus we largely use the > same approach used in BIPs > [[bip-0049.mediawiki|49]] and [[bip-0084.mediawiki|84]] for ease of > implementation. > > ==Specifications== > > This BIP defines the two needed steps to derive multiple deterministic > addresses based on a > [[bip-0032.mediawiki|BIP 32]] master private key. > > ===Public key derivation=== > > To derive a public key from the root account, this BIP uses the same > account-structure as > defined in BIPs [[bip-0044.mediawiki|44]], [[bip-0049.mediawiki|49]], > and [[bip-0084.mediawiki|84]], > but with a different purpose value for the script type. > > <pre> > m / purpose' / coin_type' / account' / change / address_index > </pre> > > For the <tt>purpose</tt>-path level it uses <tt><BIPNUMBER>'</tt>. > The rest of the levels are used as defined in BIPs 44, 49, and 84. > > ===Address derivation=== > > To derive the output key used in the P2TR script from the derived public > key, we use the method > recommended in > [[bip-0341.mediawiki#constructing-and-spending-taproot-outputs|BIP 341]]: > > <pre> > internal_key: lift_x(derived_key) > 32_byte_output_key: internal_key + int(HashTapTweak(bytes(internal_key)))G > </pre> > > In a transaction, the scripts and witnesses are as defined in > [[bip-0341.mediawiki#specification|BIP 341]]: > > <pre> > witness: <signature> > scriptSig: (empty) > scriptPubKey: 1 <32_byte_output_key> > (0x5120{32_byte_output_key}) > </pre> > > ==Backwards Compatibility== > > This BIP is not backwards compatible by design. > An incompatible wallet will not discover these accounts at all and the > user will notice that > something is wrong. > > However this BIP uses the same method used in BIPs 44, 49, and 84, so it > should not be difficult > to implement. > > ==Test vectors== > > TBD > > ==Reference== > > * [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]] > * [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]] > * [[bip-0044.mediawiki|BIP44 - Multi-Account Hierarchy for Deterministic > Wallets]] > * [[bip-0049.mediawiki|BIP49 - Derivation scheme for > P2WPKH-nested-in-P2SH based accounts]] > * [[bip-0084.mediawiki|BIP84 - Derivation scheme for P2WPKH based accounts]] > * [[bip-0341.mediawiki|BIP341 - Taproot: SegWit version 1 spending rules]] > _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev