Combined summary - Unspendable keys in descriptors

Combined summary - Unspendable keys in descriptors

The discourse among developers centers on optimizing cryptocurrency operations, with a focus on deterministic address generation and the self-containment of processes.

Developers debate the forward-compatible derivation of unspendable keys to improve user experience with hardware signers by indicating that no keypath spend is possible. A proposed method uses public key data and a hashed combination of wallet policy keys for derivation.

Security enhancements for extended public keys are being considered, where an XOR operation with a BIP85-derived xpub adds privacy without compromising usability. The use of ROT13 encryption is recognized as a basic security measure for less critical information, illustrating the trade-off between convenience and protection. The concealment of unspendable key paths in transactions is highlighted as a privacy concern, suggesting the use of secrets to verify unspendability without disclosing sensitive information.

There's a shift in backup strategies, moving from descriptors to wallet policies, providing a broader account overview and better resilience against data loss or corruption. These topics aim to refine standards and practices in cryptocurrency, balancing security, privacy, and ease of use.

In Bitcoin's technical sphere, the reliance on partial descriptors and off-chain data raises scalability and privacy concerns. The problem of digital fingerprinting exposes transaction patterns, emphasizing the need for user-controlled sharing and privacy-respecting protocols. The risks associated with revealing script-only taproot outputs in transactions are debated, considering their potential impact on fungibility and discrimination against certain transaction types or users.

The discussion also includes the compatibility of cryptographic functions like unspend(HEXCHAINCODE) with existing systems, stressing the necessity for high-quality entropy. The adoption of a standard Nothing-Up-My-Sleeve number (NUMS) for enhanced privacy faces scrutiny regarding its effects on privacy when spending script-only taproot outputs. The indistinguishability of unspendable keys from random keys remains a priority for protocols requiring provably unspendable keypaths, with ongoing discussions on refining methods to generate such keys considering various trade-offs.

At TabConf 2022, advancements for miniscript and descriptors were discussed, highlighting the challenges faced by wallet developers in creating spending policies with unspendable keys post-integration of miniscript with taproot in Bitcoin Core. While several approaches to generating unspendable keys exist, the developer community continues to seek improved solutions that balance indistinguishability, minimal additional entropy, and hardware signer user experience.

Discussion History

salvatoshi Original Post
December 19, 2023 13:29 UTC
December 19, 2023 13:35 UTC
December 19, 2023 14:49 UTC
December 19, 2023 14:52 UTC
December 19, 2023 14:55 UTC
December 19, 2023 15:00 UTC
December 19, 2023 15:09 UTC
December 19, 2023 15:12 UTC
December 19, 2023 15:21 UTC
December 19, 2023 15:23 UTC
December 19, 2023 15:26 UTC
December 19, 2023 15:30 UTC
December 19, 2023 15:33 UTC
December 19, 2023 15:40 UTC
December 19, 2023 15:40 UTC
December 19, 2023 16:59 UTC
December 19, 2023 18:56 UTC
December 19, 2023 20:05 UTC
December 28, 2023 02:34 UTC
December 28, 2023 16:38 UTC
January 16, 2024 11:03 UTC
January 16, 2024 14:20 UTC
January 16, 2024 14:34 UTC
January 16, 2024 15:02 UTC