Skip to content

Instantly share code, notes, and snippets.

@kyuupichan

kyuupichan/unsigned-tx.rst

Last active April 24, 2019 00:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kyuupichan/58bbc3a795b45b97688595d99548113d to your computer and use it in GitHub Desktop.
Save kyuupichan/58bbc3a795b45b97688595d99548113d to your computer and use it in GitHub Desktop.
Download ZIP
Unsigned and partially-signed txs
Raw
unsigned-tx.rst

Unsigned / partially signed transaction serialization

A normal serialised transaction with only signatures missing. Each signature is replaced with a single-byte OP_PUSHDATA1 of 0xff. Valid signatures all begin with 0x30 so no confusion is possible.

A signature request wants to be able to add metadata to help the user and wallet to process it:

  1. Informative message
  2. Information about each output
  3. A list of information about required signatures, one per input that is not yet fully signed

Informative Message

Something describing the purpose of the transaction.

Information about each output

  • if it is a payment to a third party, a description or evidence (e.g. invoice)
  • if it is a change output, an indication of how the change address is derived so it can be verified

List of Required Signatures

A transaction can have many inputs. Each input might require multiple signatures or a single signature. The wallet receiving a sign request may be able to sign one or more of the inputs.

There are 3 multisig cases on the horizon:

  • The current P2SH multisig that is being sunsetted, in which the signatures are embedded inside the redeem script that is part of the input’s script
  • Spending a regular OP_CHECKMULTISIG output not wrapped in a P2SH redeem script
  • Threshold signatures. Here even what looks like a single-signature input might require several parties to provide a signature until the threshold is reached, which will be then be combined to produce a single signature for that input.

With that in mind each unsigned input should have an entry in the list with the following:

  1. the index of the input in the list of inputs
  2. the value of the input. A wallet requires this to sign the input. If incorrect the signature is invalid.
  3. if known, an indication of the public key that can sign (or how to derive it). If the public key is not be known; for example when spending a P2PKH output, the address or hash160 should be used instead.
  4. If 3) is not known because the template of the output script being spent is unrecognised, the output script should be provided. Should it be provided anyway?
  5. the sighash required; defaulting to SIGHASH_ALL
  6. the sequence ID, defaulting to UINT_MAX
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment