[bitcoin-dev] Proposal: bip32 version bytes for segwit scripts

[Thomas Voegtlin]

BIP32 extended public/private keys have version bytes that result in the
user visible xpub/xprv prefix. The BIP's recommendation is to use
different version bytes for other networks (such as tpub/tprv for testnet)

I would like to use additional version bytes to indicate the type of
output script used with the public keys.

I believe the change should be user visible, because users are exposed
to master public keys. I propose the following prefixes:

========== =========== ===================================
Version    Prefix      Description
========== =========== ===================================
0x0488ade4 xprv        P2PKH or P2SH
0x0488b21e xpub        P2PKH or P2SH
0x049d7878 yprv        (P2WPKH or P2WSH) nested in P2SH
0x049d7cb2 ypub        (P2WPKH or P2WSH) nested in P2SH
0x04b2430c zprv        P2WPKH or P2WSH
0x04b24746 zpub        P2WPKH or P2WSH
========== =========== ===================================
(source: http://docs.electrum.org/en/latest/seedphrase.html)

I have heard the argument that xpub/xprv serialization is a format for
keys, and that it should not be used to encode how these keys are used.
However, the very existence of version bytes, and the fact that they are
used to signal whether keys will be used on testnet or mainnet goes
against that argument.

If we do not signal the script type in the version bytes, I believe
wallet developers are going to use dirtier tricks, such as the bip32
child number field in combination with bip43/bip44/bip49.


Thomas