delvingbitcoin
Unspendable keys in descriptors
Posted on: January 16, 2024 11:03 UTC
The integration of Taproot support into Liana is currently underway, with a focus on creating unspendable internal keys that will be compatible with future wallet policies.
This approach aims to improve user experience by eliminating the need for users to verify an internal key on their devices and instead provide a more user-friendly notification indicating "no keypath spend." To achieve this goal, the method proposed by Salvatore has been identified as the most viable option.
Salvatore's suggestion involves recycling the entropy of the descriptor to obtain four essential properties. Specifically, an xpub
is used as the unspendable internal key within a wallet policy, conforming to the following specifications: The xpub
's key adheres to the NUMS (Nothing-Up-My-Sleeve number) as outlined in BIP341, represented by the number H = lift_x(0x50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0)
. The chaincode for the xpub
is generated by computing the sha256
hash of the concatenated compressed public keys of all the xpubs
listed in the wallet policy. These xpubs
must strictly be in the format of //*
based on the wallet policy standard. The ordering of these keys follows a "left to right" sequence, mirroring their appearance in the string representation, which inherently performs a depth-first search.
This concept can also be incorporated into descriptors, denoted by unspend(computed chaincode)/<0;1>/*
, to represent the internal key. By implementing such a structured approach, it ensures that the internal keys are not only unspendable but also ready for seamless integration with upcoming standards in signing devices, therefore providing a consistent and secure framework for users.