BIP: 279 Layer: Applications Title: Electrum-style Hierarchical Deterministic Multi-signature Wallets Author: Roger Taylor <roger.taylor.email@gmail.com> Status: Draft Type: Standards Track Created: 2019-10-31 License: PD
This BIP documents how P2SH-based multi-signature wallets are implemented by Electrum, and as such how any unspent transactions that exist on the Bitcoin SV blockchain can be accessed and spent. This will be applicable from the date P2SH is sunsetted, back to the first use of these wallets on the BTC blockchain before any split that preceded Bitcoin SV.
Until the Genesis release of Bitcoin SV, the kinds of scripts that can be used on the Bitcoin network are limited to a small set of templates. This led to a focus on the use of addresses to represent payment destinations. And this focus on addresses, led to the choice to use P2SH for multi-signature wallets in Electrum. After all, it is very easy to copy and paste an address from a multi-signature wallet just like you can for any other type of wallet - should you need to give an address to someone else.
P2SH is however being sunsetted. It will always be possible to spend P2SH locked funds you have been sent, but after the sunsetting it will no longer be possible to lock new funds up in a P2SH-based payment script.
Other wallets may wish to implement support for P2SH wallets following this specification. Perhaps for sweeping, perhaps for conversion of existing wallets using different script templates.
A multi-signature wallet has N extended public keys. If it is a watch-only wallet, all of these will be just extended public keys. But if it is the wallet of one of the participants, one of the extended public keys will be associated with an extended private key it is derived from.
Each of these extended keys is treated like the master key of any other single key hierarchical deterministic wallet. For any payment that needs to be made to the composite wallet represented by the set of extended keys, receiving and change public keys are generated from each extended key using the standard BIP32[1] path.
change / address_index
The derived public keys are taken, and BIP67[2] is applied to produce a standard bare multi-signature redeem script, and BIP16 [3] to produce a deterministic P2SH address. Note that the main contribution of BIP67 is to sort the public keys so that regardless of the order of the extended public keys, the resulting redeem script and P2SH address are reproducible.
It was envisioned that beyond the sunsetting of P2SH, ElectrumSV would retain the same mechanism of retaining relative extended keys, deriving public keys using the BIP32 sub-path with the BIP67 sorting, but would modify the script creation with the ability to specify alternate payment destination templating. One of these would be the standard "bare" multi-signature script, another might be split key-based and yet another might be Andy Mee's post-Genesis conditional form.
One possibility is that if there is interest in this approach, this BIP could be extended beyond being a reference about how to add support for importing and converting historical P2SH multi-signature wallets, with iteration could be turned into a pre-P2SH and post-P2SH standard.
This document is placed in the public domain.