[bitcoin-dev] Progress on bech32 for future Segwit Versions (BIP-173)
Rusty Russell
rusty at rustcorp.com.au
Thu Oct 8 00:21:10 UTC 2020
Hi all,
I propose an alternative to length restrictions suggested by
Russell in https://github.com/bitcoin/bips/pull/945: use the
https://gist.github.com/sipa/a9845b37c1b298a7301c33a04090b2eb variant,
unless the first byte is 0.
Here's a summary of each proposal:
Length restrictions (future segwits must be 10, 13, 16, 20, 23, 26, 29,
32, 36, or 40 bytes)
1. Backwards compatible for v1 etc; old code it still works.
2. Restricts future segwit versions, may require new encoding if we
want a diff length (or waste chainspace if we need to have a padded
version for compat).
Checksum change based on first byte:
1. Backwards incompatible for v1 etc; only succeeds 1 in a billion.
2. Weakens guarantees against typos in first two data-part letters to
1 in a billion.[1]
I prefer the second because it forces upgrades, since it breaks so
clearly. And unfortunately we do need to upgrade, because the length
extension bug means it's unwise to accept non-v0 addresses.
(Note non-v0 segwit didn't relay before v0.19.0 anyway, so many places
may already be restricting to v0 segwit).
The sooner a decision is reached on this, the sooner we can begin
upgrading software for a taproot world.
Thanks,
Rusty.
PS. Lightning uses bech32 over longer lengths, but the checksum is less critical; we'd prefer to follow whatever
bitcoin chooses.
[1] Technically less for non-v0: you have a 1 in 8 chance of a typo in the second letter changing the checksum
algorithm, so it's 1 in 8 billion.
More information about the bitcoin-dev
mailing list