Unsigned / partially signed transaction serialization
A normal serialised transaction with only signatures missing. Each signature is replaced with a single-byte OP_PUSHDATA1 of 0xff. Valid signatures all begin with 0x30 so no confusion is possible.
A signature request wants to be able to add metadata to help the user and wallet to process it:
- Informative message
- Information about each output
- A list of information about required signatures, one per input that is not yet fully signed
Informative Message
Something describing the purpose of the transaction.
Information about each output
- if it is a payment to a third party, a description or evidence (e.g. invoice)
- if it is a change output, an indication of how the change address is derived so it can be verified
List of Required Signatures
A transaction can have many inputs. Each input might require multiple signatures or a single signature. The wallet receiving a sign request may be able to sign one or more of the inputs.
There are 3 multisig cases on the horizon:
- The current P2SH multisig that is being sunsetted, in which the signatures are embedded inside the redeem script that is part of the input’s script
- Spending a regular OP_CHECKMULTISIG output not wrapped in a P2SH redeem script
- Threshold signatures. Here even what looks like a single-signature input might require several parties to provide a signature until the threshold is reached, which will be then be combined to produce a single signature for that input.
With that in mind each unsigned input should have an entry in the list with the following:
- the index of the input in the list of inputs
- the value of the input. A wallet requires this to sign the input. If incorrect the signature is invalid.
- if known, an indication of the public key that can sign (or how to derive it). If the public key is not be known; for example when spending a P2PKH output, the address or hash160 should be used instead.
- If 3) is not known because the template of the output script being spent is unrecognised, the output script should be provided. Should it be provided anyway?
- the sighash required; defaulting to SIGHASH_ALL
- the sequence ID, defaulting to UINT_MAX