├── bip-0073
    ├── a.png
    └── b.png
├── bip-0001
    └── process.png
├── bip-0032
    └── derivation.png
├── bip-0070
    └── Protocol_Sequence.png
├── bip-0071.mediawiki
├── bip-0035.mediawiki
├── bip-0034.mediawiki
├── bip-0072.mediawiki
├── bip-0031.mediawiki
├── bip-0013.mediawiki
├── bip-0019.mediawiki
├── bip-0030.mediawiki
├── bip-0073.mediawiki
├── bip-0011.mediawiki
├── bip-0060.mediawiki
├── bip-0039.mediawiki
├── README.mediawiki
├── bip-0012.mediawiki
├── bip-0021.mediawiki
├── bip-0050.mediawiki
├── bip-0014.mediawiki
├── bip-0033.mediawiki
├── bip-0017.mediawiki
├── bip-0016.mediawiki
├── bip-0018.mediawiki
├── bip-0010.mediawiki
├── bip-0016
    └── qa.mediawiki
├── bip-0020.mediawiki
├── bip-0036.mediawiki
├── bip-0022.mediawiki
├── bip-0070.mediawiki
├── bip-0023.mediawiki
├── bip-0001.mediawiki
└── bip-0037.mediawiki


/bip-0073/a.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffbr13/bips/master/bip-0073/a.png


--------------------------------------------------------------------------------
/bip-0073/b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffbr13/bips/master/bip-0073/b.png


--------------------------------------------------------------------------------
/bip-0001/process.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffbr13/bips/master/bip-0001/process.png


--------------------------------------------------------------------------------
/bip-0032/derivation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffbr13/bips/master/bip-0032/derivation.png


--------------------------------------------------------------------------------
/bip-0070/Protocol_Sequence.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffbr13/bips/master/bip-0070/Protocol_Sequence.png


--------------------------------------------------------------------------------
/bip-0071.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 71
 3 |   Title: Payment Protocol MIME types
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Draft
 6 |   Type: Standards Track
 7 |   Created: 29-07-2013
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP defines a MIME (RFC 2046) Media Type for Bitcoin payment
13 | request messages.
14 | 
15 | ==Motivation==
16 | 
17 | Wallet or server software that sends payment protocol messages over
18 | email or http should follow Internet standards for properly
19 | encapsulating the messages.
20 | 
21 | ==Specification==
22 | 
23 | The Media Type (Content-Type in HTML/email headers) for bitcoin
24 | protocol messages shall be:
25 | 
26 | {|
27 | | Message || Type/Subtype
28 | |-
29 | | PaymentRequest || application/bitcoin-paymentrequest
30 | |-
31 | | Payment || application/bitcoin-payment
32 | |-
33 | | PaymentACK || application/bitcoin-paymentack
34 | |}
35 | 
36 | Payment protocol messages are encoded in binary.
37 | 
38 | ==Example==
39 | 
40 | A web server generating a PaymentRequest message to initiate the
41 | payment protocol would precede the binary message data with the
42 | following headers:
43 | <pre>
44 | Content-Type: application/bitcoin-paymentrequest
45 | Content-Transfer-Encoding: binary
46 | </pre>
47 | 


--------------------------------------------------------------------------------
/bip-0035.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 35
 3 |   Title: mempool message
 4 |   Author: Jeff Garzik <jgarzik@exmulti.com>
 5 |   Status: Accepted
 6 |   Type: Standards Track
 7 |   Created: 2012-08-16
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | Make a network node's transaction memory pool accessible via a new "mempool" message.  Extend the existing "getdata" message behavior to permit accessing the transaction memory pool.
13 | 
14 | ==Motivation==
15 | 
16 | Several use cases make it desireable to expose a network node's transaction memory pool:
17 | # SPV clients, wishing to obtain zero-confirmation transactions sent or received.
18 | # Miners, to avoid missing lucrative fees, downloading existing network transactions after a restart.
19 | # Remote network diagnostics.
20 | 
21 | ==Specification==
22 | 
23 | # The mempool message is defined as an empty message where pchCommand == "mempool"
24 | # Upon receipt of a "mempool" message, the node will respond   with an "inv" message containing MSG_TX hashes of all the transactions in the node's transaction memory pool, if any.
25 | # The typical node behavior in response to an "inv" is "getdata". However, the reference Satoshi implementation ignores requests for transaction hashes outside that which is recently relayed. To support "mempool", an implementation must extend its "getdata" message support to querying the memory pool.
26 | # Feature discovery is enabled by checking two "version" message attributes:
27 | ## Protocol version >= 60002
28 | ## NODE_NETWORK bit set in nServices
29 | 
30 | Note that existing implementations drop "inv" messages with a vector size > 50000.
31 | 
32 | ==Backward compatibility==
33 | 
34 | Older clients remain 100% compatible and interoperable after this change.
35 | 
36 | ==Implementation==
37 | 
38 | https://github.com/bitcoin/bitcoin/pull/1641
39 | 


--------------------------------------------------------------------------------
/bip-0034.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 34
 3 |   Title: Block v2, Height in Coinbase
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Accepted
 6 |   Type: Standards Track
 7 |   Created: 2012-07-06
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | Bitcoin blocks and transactions are versioned binary structures. Both currently use version 1. This BIP introduces an upgrade path for versioned transactions and blocks. A unique value is added to newly produced coinbase transactions, and blocks are updated to version 2.
13 | 
14 | ==Motivation==
15 | 
16 | # Clarify and exercise the mechanism whereby the bitcoin network collectively consents to upgrade transaction or block binary structures, rules and behaviors.
17 | # Enforce block and transaction uniqueness, and assist unconnected block validation.
18 | 
19 | ==Specification==
20 | 
21 | # Treat transactions with a version greater than 1 as non-standard (official Satoshi client will not mine or relay them).
22 | # Add height as the first item in the coinbase transaction's scriptSig, and increase block version to 2. The format of the height is "serialized CScript" -- first byte is number of bytes in the number (will be 0x03 on main net for the next 300 or so years), following bytes are little-endian representation of the number.  Height is the height of the mined block in the block chain, where the genesis block is height zero (0).
23 | # 75% rule: If 750 of the last 1,000 blocks are version 2 or greater, reject invalid version 2 blocks. (testnet3: 51 of last 100)
24 | # 95% rule ("Point of no return"): If 950 of the last 1,000 blocks are version 2 or greater, reject all version 1 blocks. (testnet3: 75 of last 100)
25 | 
26 | ==Backward compatibility==
27 | 
28 | All older clients are compatible with this change. Users and merchants should not be impacted. Miners are strongly recommended to upgrade to version 2 blocks. Once 95% of the miners have upgraded to version 2, the remainder will be orphaned if they fail to upgrade.
29 | 
30 | ==Implementation==
31 | 
32 | https://github.com/bitcoin/bitcoin/pull/1526
33 | 


--------------------------------------------------------------------------------
/bip-0072.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 72
 3 |   Title: bitcoin: uri extensions for Payment Protocol
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Draft
 6 |   Type: Standards Track
 7 |   Created: 29-07-2013
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP describes an extension to the bitcoin: URI scheme (BIP 21) to
13 | support the payment protocol (BIP 70).
14 | 
15 | ==Motivation==
16 | 
17 | Allow users to click on a link in a web page or email to initiate the
18 | payment protocol, while being backwards-compatible with existing
19 | bitcoin wallets.
20 | 
21 | ==Specification==
22 | 
23 | The bitcoin: URI scheme is extended with an additional, optional
24 | "r" parameter, whose value is a URL from which a PaymentRequest
25 | message should be fetched (unsafe and reserved octets in the URL value
26 | must be encoded as described in RFC 1738).
27 | 
28 | If the "r" parameter is provided and backwards compatibility
29 | is not required, then the bitcoin address portion of the URI may be
30 | omitted (the URI will be of the form: bitcoin:?r=... ).
31 | 
32 | When Bitcoin wallet software that supports this BIP receives a
33 | bitcoin: URI with a request parameter, it should ignore the bitcoin
34 | address/amount/label/message in the URI and instead fetch a
35 | PaymentRequest message and then follow the payment protocol, as
36 | described in BIP 70.
37 | 
38 | Bitcoin wallets must support fetching PaymentRequests via http and
39 | https protocols; they may support other protocols. Wallets must
40 | include an Accept HTTP header in HTTP(s) requests:
41 | <pre>Accept: application/bitcoin-paymentrequest</pre>
42 | 
43 | If a PaymentRequest cannot be obtained (perhaps the server is
44 | unavailable), then the customer should be informed that the merchant's
45 | payment processing system is unavailable.
46 | 
47 | ==Compatibility==
48 | 
49 | Wallet software that does not support this BIP will simply ignore the
50 | r parameter and will initiate a payment to bitcoin address.
51 | 
52 | ==Examples==
53 | A backwards-compatible request:
54 | <pre>
55 | bitcoin:mq7se9wy2egettFxPbmn99cK8v5AFq55Lx?amount=0.11&r=https%3A%2F%2Fmerchant.com%2Fpay.php%3Fh%3D2a8628fc2fbe
56 | </pre>
57 | Non-backwards-compatible equivalent:
58 | <pre>
59 | bitcoin:?r=https%3A%2F%2Fmerchant.com%2Fpay.php%3Fh%3D2a8628fc2fbe
60 | </pre>
61 | 


--------------------------------------------------------------------------------
/bip-0031.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 31
 3 |   Title: Pong message
 4 |   Author: Mike Hearn <hearn@google.com>
 5 |   Status: Accepted
 6 |   Type: Standards Track
 7 |   Created: 11-04-2012
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This document describes a trivial protocol extension that makes it easier for clients to detect dead peer connections.
13 | 
14 | ==Motivation==
15 | 
16 | Today there are a few network related problems that can degrade the Bitcoin user experience:
17 | 
18 | 1) Some Bitcoin clients run on platforms that can go to sleep and essentially stop running at any time without warning. Notably, this is very common on both mobiles and laptops (shut the lid). When the system comes back, TCP connections that existed before the sleep still exist but may no longer function correctly, eg, because the IP address has changed, or because the remote peer went away or the connection was timed out by some other system. Currently it can often take a while to notice this has happened.
19 | 
20 | 2) The reference Satoshi client is largely single threaded and when placed under heavy load (e.g., because it is downloading the block chain) becomes very slow to respond to network messages. There's no easy way to detect this has occurred, especially if you are just passively waiting for broadcasts from that peer. A way to detect overloaded remote peers and avoid them would both help balance load and provide a better, more responsive system.
21 | 
22 | 3) When downloading large data structures like the block chain it is efficient to choose a peer that is near to you network-wise, in order to reduce load on often congested trans-national links and ensure lower latency. Currently it is difficult to measure the latency to a remote peer so clients don't bother, and instead just select a random peer to download from.
23 | 
24 | All of these can be solved by a backwards compatible protocol modification.
25 | 
26 | ==Specification==
27 | 
28 | When the protocol version as negotiated in the "ver" message is greater than 60000, the "ping" message must contain a uint64 field called "nonce". A peer sending "ping" should set the nonce to a random value, and it is then echoed back by the recipient in a new "pong" message that also contains a single uint64 field.
29 | 
30 | In this way, the client can send a ping and measure the time taken to receive the corresponding pong. If a client sends two pings before hearing back the first pong, the responses can be distinguished using the nonce. If the client chooses to never overlap pings in this way it should simply set the nonce value to zero.
31 | 
32 | ==Backward compatibility==
33 | 
34 | Clients must opt-in to the new feature by advertising a protocol version > 60000. Clients with older protocol versions are not expected to provide a nonce in the ping message and will not be sent a pong.
35 | 
36 | ==Implementation==
37 | 
38 | https://github.com/bitcoin/bitcoin/pull/932/files
39 | 


--------------------------------------------------------------------------------
/bip-0013.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 13
 3 |   Title: Address Format for pay-to-script-hash
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Final
 6 |   Type: Standards Track
 7 |   Created: 18-10-2011
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP describes a new type of Bitcoin address to support arbitrarily complex transactions.  Complexity in this context is defined as what information is needed by the recipient to respend the received coins, in contrast to needing a single ECDSA private key as in current implementations of Bitcoin.
13 | 
14 | In essence, an address encoded under this proposal represents the encoded hash of a [[script]], rather than the encoded hash of an ECDSA public key.
15 | 
16 | ==Motivation==
17 | 
18 | Enable "end-to-end" secure wallets and payments to fund escrow transactions or other complex transactions.  Enable third-party wallet security services.
19 | 
20 | ==Specification==
21 | 
22 | The new bitcoin address type is constructed in the same manner as existing bitcoin addresses (see [[Base58Check encoding]]):
23 | 
24 |     base58-encode: [one-byte version][20-byte hash][4-byte checksum]
25 | 
26 | Version byte is 5 for a main-network address, 196 for a testnet address.
27 | The 20-byte hash is the hash of the script that will be used to redeem the coins.
28 | And the 4-byte checksum is the first four bytes of the SHA256 hash of the version and hash.
29 | 
30 | ==Rationale==
31 | 
32 | One criticism is that bitcoin addresses should be deprecated in favor of a more user-friendly mechanism for payments, and that this will just encourage continued use of a poorly designed mechanism.
33 | 
34 | Another criticism is that bitcoin addresses are inherently insecure because there is no identity information tied to them; if you only have a bitcoin address, how can you be certain that you're paying who or what you think you're paying?
35 | 
36 | Furthermore, truncating SHA256 is not an optimal checksum; there are much better error-detecting algorithms. If we are introducing a new form of Bitcoin address, then perhaps a better algorithm should be used.
37 | 
38 | This is one piece of the simplest path to a more secure bitcoin infrastructure. It is not intended to solve all of bitcoin's usability or security issues, but to be an incremental improvement over what exists today. A future BIP or BIPs should propose more user-friendly mechanisms for making payments, or for verifying that you're sending a payment to the Free Software Foundation and not Joe Random Hacker.
39 | 
40 | Assuming that typing in bitcoin addresses manually will become increasingly rare in the future, and given that the existing checksum method for bitcoin addresses seems to work "well enough" in practice and has already been implemented multiple times, the Author believes no change to the checksum algorithm is necessary.
41 | 
42 | The leading version bytes are chosen so that, after base58 encoding, the leading character is consistent: for the main network, byte 5 becomes the character '3'. For the testnet, byte 196 is encoded into '2'.
43 | 
44 | ==Backwards Compatibility==
45 | 
46 | This proposal is not backwards compatible, but it fails gracefully-- if an older implementation is given one of these new bitcoin addresses, it will report the address as invalid and will refuse to create a transaction.
47 | 
48 | ==Reference Implementation==
49 | 
50 | See base58.cpp1/base58.h at https://github.com/bitcoin/bitcoin/src
51 | 
52 | ==See Also==
53 | 
54 | * [[bip-0012.mediawiki|BIP 12: OP_EVAL, the original P2SH design]]
55 | * [[bip-0016.mediawiki|BIP 16: Pay to Script Hash (aka "/P2SH/")]]
56 | * [[bip-0017.mediawiki|BIP 17: OP_CHECKHASHVERIFY, another P2SH design]]
57 | 


--------------------------------------------------------------------------------
/bip-0019.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 19
 3 |   Title: M-of-N Standard Transactions (Low SigOp)
 4 |   Author: Luke Dashjr <luke+bip17@dashjr.org>
 5 |   Status: Draft
 6 |   Type: Standards Track
 7 |   Created: 30-01-2012
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP proposes M-of-N-signatures required transactions as a new 'standard' transaction type using the existing scripting system without significant modifications.
13 | 
14 | ==Motivation==
15 | 
16 | Enable secured wallets, escrow transactions, and other use cases where redeeming funds requires more than a single signature.
17 | 
18 | A couple of motivating use cases:
19 | 
20 | * A wallet secured by a "wallet protection service" (WPS).  2-of-2 signatures required transactions will be used, with one signature coming from the (possibly compromised) computer with the wallet and the second signature coming from the WPS. When sending protected bitcoins, the user's bitcoin client will contact the WPS with the proposed transaction and it can then contact the user for confirmation that they initiated the transaction and that the transaction details are correct. Details for how clients and WPS's communicate are outside the scope of this BIP. Side note: customers should insist that their wallet protection service provide them with copies of the private key(s) used to secure their wallets that they can safely store off-line, so that their coins can be spent even if the WPS goes out of business.
21 | 
22 | * Three-party escrow (buyer, seller and trusted dispute agent). 2-of-3 signatures required transactions will be used. The buyer and seller and agent will each provide a public key, and the buyer will then send coins into a 2-of-3 CHECKMULTISIG transaction and send the seller and the agent the transaction id. The seller will fulfill their obligation and then ask the buyer to co-sign a transaction ( already signed by seller ) that sends the tied-up coins to him (seller).<br />If the buyer and seller cannot agree, then the agent can, with the cooperation of either buyer or seller, decide what happens to the tied-up coins.  Details of how buyer, seller, and agent communicate to gather signatures or public keys are outside the scope of this BIP.
23 | 
24 | ==Specification==
25 | 
26 | Two new standard transaction types (scriptPubKey) that are relayed by clients and included in mined blocks.
27 | 
28 | N-of-N (all signatures required):
29 | 
30 |     ( {pubkey} OP_CHECKSIGVERIFY )*n
31 | 
32 | N-of-M (some signatures required):
33 | 
34 |     {pubkey} OP_CHECKSIG  ( OP_SWAP {pubkey} OP_CHECKSIG OP_ADD )*(n-1) n OP_EQUAL
35 | 
36 | But only for n less than or equal to 3.
37 | 
38 | These transactions are redeemed using a standard scriptSig:
39 |     ...signatures...
40 | 
41 | The current Satoshi bitcoin client does not relay or mine transactions with scriptSigs larger than 200 bytes; to accomodate 3-signature transactions, this will be increased to 500 bytes.
42 | 
43 | ===Templates===
44 | scriptPubKey:
45 | 
46 |   {pubkey} OP_CHECKSIGVERIFY {pubkey} OP_CHECKSIGVERIFY
47 | 
48 |   {pubkey} OP_CHECKSIGVERIFY {pubkey} OP_CHECKSIGVERIFY {pubkey} OP_CHECKSIGVERIFY
49 | 
50 |   {pubkey} OP_CHECKSIG OP_SWAP {pubkey} OP_CHECKSIG OP_ADD {n} OP_EQUAL
51 | 
52 |   {pubkey} OP_CHECKSIG OP_SWAP {pubkey} OP_CHECKSIG OP_ADD OP_SWAP {pubkey} OP_CHECKSIG OP_ADD {n} OP_EQUAL
53 | 
54 | scriptSig:
55 | 
56 |   ...signatures... up to 500 bytes
57 | 
58 | ==Rationale==
59 | 
60 | OP_CHECKMULTISIG is already an enabled opcode, and is the most straightforward way to support several important use cases.
61 | This is already specified in [[bip-0011.mediawiki|BIP 0011]].
62 | However, each OP_CHECKMULTISIG counts toward the block limit as 20 sigops, which only allows 1000 total multisig transactions in a block.
63 | Using OP_CHECKSIG only counts as 1 per signature, so can scale better.
64 | 
65 | ==Implementation==
66 | 
67 | All used operations are already supported by old clients and miners as a non-standard transaction type.
68 | 


--------------------------------------------------------------------------------
/bip-0030.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 30
 3 |   Title: Duplicate transactions
 4 |   Author: Pieter Wuille <pieter.wuille@gmail.com>
 5 |   Status: Final
 6 |   Type: Standards Track
 7 |   Created: 22-02-2012
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | This document gives a specification for dealing with duplicate transactions in the block chain, in an attempt to solve certain problems the reference implementations has with them.
12 | 
13 | ==Motivation==
14 | So far, the Bitcoin reference implementation always assumed duplicate transactions (transactions with the same identifier) didn't exist. This is not true; in particular coinbases are easy to duplicate, and by building on duplicate coinbases, duplicate normal transactions are possible as well. Recently, an attack that exploits the reference implementation's dealing with duplicate transactions was described and demonstrated. It allows reverting fully-confirmed transactions to a single confirmation, making them vulnerable to become unspendable entirely. Another attack is possible that allows forking the block chain for a subset of the network.
15 | 
16 | ==Specification==
17 | To counter this problem, the following network rule is introduced:
18 | *Blocks are not allowed to contain a transaction whose identifier matches that of an earlier, not-fully-spent transaction in the same chain.
19 | 
20 | This rule is to be applied to all blocks whose timestamp is after a point in time that is yet to be decided.
21 | 
22 | ==Rationale==
23 | Whatever solution is used, the following law must be obeyed to guarantee sane behaviour: the set of usable
24 | transactions outputs must not be modified by adding blocks to the chain and removing them again. This happens during
25 | a reorganisation, and the current Bitcoin reference implementation does not obey this law in case the temporarily
26 | added blocks contain a duplicate transaction.
27 | 
28 | There are several potential solutions to this problem:
29 | #Guarantee that all coinbases are unique, making duplicate transactions very hard to create.
30 | #Remember previous remaining outputs of a given transaction identifier, in case a new transaction with the same identifier is added.
31 | #Only allow duplicate transactions in case the previous instance of the transaction had no spendable outputs left. Removing a block from the chain can then safely reset the removed transaction's outputs to nothing.
32 | 
33 | The first option is probably the most complete one, as it also guarantees transaction identifiers are unique. However, implementing it requires several changes that need to be accepted throughout the network. Furthermore, it does not prevent duplicate transactions based on earlier duplicate coinbases. The second option is impossible to implement in a forward-compatible way, as it potentially renders currently-invalid blocks valid. In this document we choose for the third option, because it only requires a trivial change.
34 | 
35 | Fully-spent transactions are allowed to be duplicated in order not to hinder pruning at some point in the future. Not allowing any transaction to be duplicated would require evidence to be kept for each transaction ever made.
36 | 
37 | ==Backward compatibility==
38 | The addition of this rule only makes some previously-valid blocks invalid. This implies that if the rule is implemented by a supermajority of miners, it is not possible to fork the block chain in a permanent way between nodes with and without the new rule.
39 | 
40 | ==Implementation==
41 | A patch for the reference client can be found on https://github.com/sipa/bitcoin/tree/nooverwritetx
42 | 
43 | This BIP was implemented in Commit [https://github.com/bitcoin/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 Do not allow overwriting unspent transactions (BIP 30)]
44 | There have been additional commits to refine the implementation of this BIP.
45 | 
46 | ==Acknowledgements==
47 | Thanks to Russell O'Connor for finding and demonstrating this problem, and helping test the patch.
48 | 


--------------------------------------------------------------------------------
/bip-0073.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 73
 3 |   Title: Use "Accept" header for response type negotiation with Payment Request URLs
 4 |   Author: Stephen Pair <stephen@bitpay.com>
 5 |   Status: Draft
 6 |   Type: Standards Track
 7 |   Created: 27-08-2013
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP describes an enhancement to the payment protocol ([[bip-0070.mediawiki|BIP 70]])
13 | that addresses the need for short URLs when scanning from QR codes.  It
14 | generalizes the specification for the behavior of a payment request URL in a
15 | way that allows the client and server to negotiate the content of the
16 | response using the HTTP Accept: header field.  Specifically, the client
17 | can indicate to the server whether it prefers to receive a bitcoin URI or
18 | a payment request.
19 | 
20 | Implementation of this BIP does not require full payment request ([[bip-0070.mediawiki|BIP 70]]) support.
21 | 
22 | ==Motivation==
23 | 
24 | The payment protocol augments the bitcoin: uri scheme with an additional
25 | "payment" parameter that specifies a URL where a payment request can be
26 | downloaded.  This creates long URIs that, when rendered as a QR code, have
27 | a high information density.  Dense QR codes can be difficult to scan resulting
28 | in a more frustrating user experience.  The goal is to create a standard that
29 | would allow QR scanning wallets to use less dense QR codes.  It also makes
30 | general purpose QR code scanners more usable with bitcoin accepting
31 | websites.
32 | 
33 | ==Specification==
34 | 
35 | QR scanning wallets will consider a non bitcoin URI scanned from a QR code to
36 | be an end point where either a bitcoin URI or a payment request can be obtained.
37 | 
38 | A wallet client uses the Accept: HTTP header to specify whether it can accept
39 | a payment request, a URI, or both.  A media type of text/uri-list specifies that
40 | the client accepts a bitcoin URI. A media type of application/bitcoin-paymentrequest
41 | specifies that the client can process a payment request.  In the absence of an
42 | Accept: header, the server is expected to respond with text/html suitable for
43 | rendering in a browser.  An HTML response will ensure that QR codes scanned
44 | by non Bitcoin wallet QR scanners are useful (they could render an HTML page
45 | with a payment link that when clicked would open a wallet on the device).
46 | 
47 | It is not required that the client and server support the full semantics of an
48 | HTTP Accept header.  If application/bitcoin-paymentrequest is specified in the
49 | header, the server should send a payment request regardless of anything else
50 | specified in the Accept header.  If text/uri-list is specified (but not
51 | application/bitcoin-paymentrequest), a valid Bitcoin URI should be returned.  If
52 | neither is specified, the server can return an HTML page.  When a uri-list is returned
53 | only the first item in the list is used (and expected to be a bitcoin URI), any additional
54 | URIs should be ignored.
55 | 
56 | ==Compatibility==
57 | 
58 | Only QR scanning wallets that implement this BIP will be able to process QR
59 | codes containing payment request URLs.  There are two possible workarounds for QR
60 | scanning wallets that do not implement this BIP: 1) the server gives the user an
61 | option to change the QR code to a bitcoin: URI or 2) the user scans the code with
62 | a generic QR code scanner.
63 | 
64 | In the second scenario, if the server responds with a webpage containing a link
65 | to a bitcoin URI, the user can complete the payment by clicking that link provided
66 | the user has a wallet installed on their device and it supports bitcoin URIs.  If the
67 | wallet/device does not have support for bitcoin URIs, the user can fall back on
68 | address copy/paste.
69 | 
70 | This BIP should be fully compatible with BIP 70 assuming it is required that wallets
71 | implementing BIP 70 make use of the Accept: HTTP header when retrieving a
72 | payment request.
73 | 
74 | ==Examples==
75 | The first image below is of a bitcoin URI with an amount and payment request
76 | specified (note, this is a fairly minimal URI as it does not contain a
77 | label and the request URL is of moderate size).  The second image is a QR
78 | code with only the payment request url specified.
79 | 
80 | <img src=bip-0073/a.png></img><img src=bip-0073/b.png></img>
81 | 


--------------------------------------------------------------------------------
/bip-0011.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 11
 3 |   Title: M-of-N Standard Transactions
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Accepted
 6 |   Type: Standards Track
 7 |   Created: 18-10-2011
 8 |   Post-History: 02-10-2011
 9 | </pre>
10 | 
11 | ==Abstract==
12 | 
13 | This BIP proposes M-of-N-signatures required transactions as a new 'standard' transaction type.
14 | 
15 | ==Motivation==
16 | 
17 | Enable secured wallets, escrow transactions, and other use cases where redeeming funds requires more than a single signature.
18 | 
19 | A couple of motivating use cases:
20 | 
21 | * A wallet secured by a "wallet protection service" (WPS).  2-of-2 signatures required transactions will be used, with one signature coming from the (possibly compromised) computer with the wallet and the second signature coming from the WPS. When sending protected bitcoins, the user's bitcoin client will contact the WPS with the proposed transaction and it can then contact the user for confirmation that they initiated the transaction and that the transaction details are correct. Details for how clients and WPS's communicate are outside the scope of this BIP. Side note: customers should insist that their wallet protection service provide them with copies of the private key(s) used to secure their wallets that they can safely store off-line, so that their coins can be spent even if the WPS goes out of business.
22 | 
23 | * Three-party escrow (buyer, seller and trusted dispute agent). 2-of-3 signatures required transactions will be used. The buyer and seller and agent will each provide a public key, and the buyer will then send coins into a 2-of-3 CHECKMULTISIG transaction and send the seller and the agent the transaction id. The seller will fulfill their obligation and then ask the buyer to co-sign a transaction ( already signed by seller ) that sends the tied-up coins to him (seller).<br />If the buyer and seller cannot agree, then the agent can, with the cooperation of either buyer or seller, decide what happens to the tied-up coins.  Details of how buyer, seller, and agent communicate to gather signatures or public keys are outside the scope of this BIP.
24 | 
25 | ==Specification==
26 | 
27 | A new standard transaction type (scriptPubKey) that is relayed by clients and included in mined blocks:
28 | 
29 |     m {pubkey}...{pubkey} n OP_CHECKMULTISIG
30 | 
31 | But only for n less than or equal to 3.
32 | 
33 | OP_CHECKMULTISIG transactions are redeemed using a standard scriptSig:
34 |     OP_0 ...signatures...
35 | 
36 | (OP_0 is required because of a bug in OP_CHECKMULTISIG; it pops one too many items off the execution stack, so a dummy value must be placed on the stack).
37 | 
38 | The current Satoshi bitcoin client does not relay or mine transactions with scriptSigs larger than 200 bytes; to accomodate 3-signature transactions, this will be increased to 500 bytes.
39 | 
40 | ==Rationale==
41 | 
42 | OP_CHECKMULTISIG is already an enabled opcode, and is the most straightforward way to support several important use cases.
43 | 
44 | One argument against using OP_CHECKMULTISIG is that old clients and miners count it as "20 sigops" for purposes of computing how many signature operations are in a block, and there is a hard limit of 20,000 sigops per block-- meaning a maximum of 1,000 multisig transactions per block. Creating multisig transactions using multiple OP_CHECKSIG operations allows more of them per block.
45 | 
46 | The counter-argument is that these new multi-signature transactions will be used in combination with OP_EVAL (see the OP_EVAL BIP), and '''will''' be counted accurately. And in any case, as transaction volume rises the hard-coded maximum block size will have to be addressed, and the rules for counting number-of-signature-operations-in-a-block can be addressed at that time.
47 | 
48 | A weaker argument is OP_CHECKMULTISIG should not be used because it pops one too many items off the stack during validation. Adding an extra OP_0 placeholder to the scriptSig adds only 1 byte to the transaction, and any alternative that avoids OP_CHECKMULTISIG adds at least several bytes of opcodes.
49 | 
50 | ==Implementation==
51 | 
52 | OP_CHECKMULTISIG is already supported by old clients and miners as a non-standard transaction type.
53 | 
54 | https://github.com/gavinandresen/bitcoin-git/tree/op_eval
55 | 
56 | == Post History ==
57 | 
58 | * [https://bitcointalk.org/index.php?topic=46538 OP_EVAL proposal]
59 | 


--------------------------------------------------------------------------------
/bip-0060.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 60
 3 |   Title: Fixed Length "version" Message (Relay-Transactions Field)
 4 |   Author: Amir Taaki <genjix@riseup.net>
 5 |   Status: Draft
 6 |   Type: Standards Track
 7 |   Created: 16-06-2013
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | [[BIP 0037]] introduced a new flag to version messages which says whether to relay new transaction messages to that node.
13 | 
14 | The protocol version was upgraded to 70001, and the (now accepted) BIP 0037 became implemented.
15 | 
16 | The implementation is problematic because the RelayTransactions flag is an optional part of the version message stream.
17 | 
18 | ==Motivation==
19 | 
20 | One property of Bitcoin messages is their fixed number of fields. This keeps the format simple and easily understood. Adding optional fields to messages will cause deserialisation issues when other fields come after the optional one.
21 | 
22 | As an example, the length of version messages might be checked to ensure the byte stream is consistent. With optional fields, this checking is no longer possible. This is desirable to check for consistency inside internal deserialization code, and proper formatting of version messages originating from other nodes. In the future with diversification of the Bitcoin network, it will become desirable to enforce this kind of strict adherance to standard messages with field length compliance with every protocol version.
23 | 
24 | Another property of fixed-length field messages is the ability to pass stream operators around for deserialization. This property is also lost, as now the deserialisation code must know the remaining length of bytes to parse. The parser now requires an additional piece of information (remaining size of the stream) for parsing instead of being a dumb reader.
25 | 
26 | ==Specification==
27 | === version ===
28 | 
29 | When a node creates an outgoing connection, it will immediately advertise its version. The remote node will respond with its version. No futher communication is possible until both peers have exchanged their version.
30 | 
31 | Payload:
32 | 
33 | {|class="wikitable"
34 | ! Field Size !! Description !! Data type !! Comments
35 | |-
36 | | 4 || version || int32_t || Identifies protocol version being used by the node
37 | |-
38 | | 8 || services || uint64_t || bitfield of features to be enabled for this connection
39 | |-
40 | | 8 || timestamp || int64_t || standard UNIX timestamp in seconds
41 | |-
42 | | 26 || addr_recv || net_addr || The network address of the node receiving this message
43 | |-
44 | |colspan="4"| version >= 106
45 | |-
46 | | 26 || addr_from || net_addr || The network address of the node emitting this message
47 | |-
48 | | 8 || nonce || uint64_t || Node random nonce, randomly generated every time a version packet is sent. This nonce is used to detect connections to self.
49 | |-
50 | | ? || user_agent || var_str || [[bip-0014.mediawiki|User Agent]] (0x00 if string is 0 bytes long)
51 | |-
52 | | 4 || start_height || int32_t || The last block received by the emitting node
53 | |-
54 | | 1 || relay || bool || Whether the remote peer should announce relayed transactions or not, see [[bip-0037.mediawiki|BIP 0037]], since version >= 70001
55 | |}
56 | 
57 | A "verack" packet shall be sent if the version packet was accepted.
58 | 
59 | The following services are currently assigned:
60 | 
61 | {|class="wikitable"
62 | ! Value !! Name !! Description
63 | |-
64 | | 1 || NODE_NETWORK || This node can be asked for full blocks instead of just headers.
65 | |}
66 | 
67 | === Code Updates ===
68 | 
69 | fRelayTx is added to the PushMessage() call inside PushVersion() (net.cpp)
70 | 
71 | <pre>
72 | void CNode::PushVersion()
73 | {
74 |     /// when NTP implemented, change to just nTime = GetAdjustedTime()
75 |     int64 nTime = (fInbound ? GetAdjustedTime() : GetTime());
76 |     CAddress addrYou = (addr.IsRoutable() && !IsProxy(addr) ? addr : CAddress(CService("0.0.0.0",0)));
77 |     CAddress addrMe = GetLocalAddress(&addr);
78 |     RAND_bytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce));
79 |     printf("send version message: version %d, blocks=%d, us=%s, them=%s, peer=%s\n", PROTOCOL_VERSION, nBestHeight, addrMe.ToString().c_str(), addrYou.ToString().c_str(), addr.ToString().c_str());
80 |     PushMessage("version", PROTOCOL_VERSION, nLocalServices, nTime, addrYou, addrMe,
81 |                 nLocalHostNonce, FormatSubVersion(CLIENT_NAME, CLIENT_VERSION, std::vector<string>()),
82 |                 nBestHeight, true);
83 | }
84 | </pre>
85 | 
86 | Additionally the protocol version is increased from 70001 to 70002.
87 | 
88 | ==Copyright==
89 | 
90 | This document is placed in the public domain.
91 | 


--------------------------------------------------------------------------------
/bip-0039.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP:     BIP-0039
  3 |   Title:   Mnemonic code for generating deterministic keys
  4 |   Authors: Marek Palatinus <slush@satoshilabs.com>
  5 |            Pavol Rusnak <stick@satoshilabs.com>
  6 |            ThomasV <thomasv@bitcointalk.org>
  7 |            Aaron Voisine <voisine@gmail.com>
  8 |   Status:  Draft
  9 |   Type:    Standards Track
 10 |   Created: 10-09-2013
 11 | </pre>
 12 | 
 13 | ==Abstract==
 14 | 
 15 | This BIP describes an usage of mnemonic code or mnemonic sentence - a group of
 16 | easy to remember words - to generate deterministic wallets.
 17 | 
 18 | It consists of two parts: generating the mnemonic and converting it into
 19 | a binary seed. This seed can be later used to generate deterministic wallets
 20 | using BIP-0032 or similar methods.
 21 | 
 22 | ==Motivation==
 23 | 
 24 | Such mnemonic code or mnemonic sentence is much easier to work with than working
 25 | with the binary data directly (or its hexadecimal interpretation). The sentence
 26 | could be writen down on paper (e.g. for storing in a secure location such as
 27 | safe), told over telephone or other voice communication method, or memorized
 28 | in ones memory (this method is called brainwallet).
 29 | 
 30 | ==Generating the mnemonic==
 31 | 
 32 | First, we decide how much entropy we want mnemonic to encode. Recommended size
 33 | is 128-256 bits, but basically any multiple of 32 bits will do. More bits
 34 | mean more security, but also longer word sentence.
 35 | 
 36 | We take initial entropy of ENT bits and compute its checksum by taking first
 37 | ENT / 32 bits of its SHA256 hash. We append these bits to the end of the initial
 38 | entropy. Next we take these concatenated bits and split them into groups of 11
 39 | bits. Each group encodes number from 0-2047 which is a position in a wordlist.
 40 | We convert numbers into words and use joined words as mnemonic sentence.
 41 | 
 42 | The following table describes the relation between initial entropy length (ENT),
 43 | checksum length (CS) and length of the generated mnemonic sentence (MS) in words.
 44 | 
 45 | <pre>
 46 | CS = ENT / 32
 47 | MS = (ENT + CS) / 11
 48 | 
 49 | |  ENT  | CS | ENT+CS |  MS  |
 50 | +-------+----+--------+------+
 51 | |  128  |  4 |   132  |  12  |
 52 | |  160  |  5 |   165  |  15  |
 53 | |  192  |  6 |   198  |  18  |
 54 | |  224  |  7 |   231  |  21  |
 55 | |  256  |  8 |   264  |  24  |
 56 | </pre>
 57 | 
 58 | ==Wordlist==
 59 | 
 60 | In previous section we described how to pick words from a wordlist. Now we
 61 | describe how does a good wordlist look like.
 62 | 
 63 | a) smart selection of words
 64 |    - wordlist is created in such way that it's enough to type just first four
 65 |      letters to unambiguously identify the word
 66 | 
 67 | b) similar words avoided
 68 |    - words as "build" and "built", "woman" and "women" or "quick" or "quickly"
 69 |      not only make remembering the sentence difficult, but are also more error
 70 |      prone and more difficult to guess (see point below)
 71 |    - we avoid these words by carefully selecting them during addition
 72 | 
 73 | c) sorted wordlists
 74 |    - wordlist is sorted which allow more efficient lookup of the code words
 75 |      (i.e. implementation can use binary search instead of linear search)
 76 |    - this also allows trie (prefix tree) to be used, e.g. for better compression
 77 | 
 78 | Wordlist can contain native characters, but they have to be encoded using UTF-8.
 79 | 
 80 | ==From mnemonic to seed==
 81 | 
 82 | User can decide to protect his mnemonic by passphrase. If passphrase is not present
 83 | an empty string "" is used instead.
 84 | 
 85 | To create binary seed from mnemonic, we use PBKDF2 function with mnemonic sentence
 86 | (in UTF-8) used as a password and string "mnemonic" + passphrase (again in UTF-8)
 87 | used as a salt. Iteration count is set to 4096 and HMAC-SHA512 is used as a pseudo-
 88 | random function. Desired length of the derived key is 512 bits (= 64 bytes).
 89 | 
 90 | This seed can be later used to generate deterministic wallets using BIP-0032 or
 91 | similar methods.
 92 | 
 93 | The conversion of the mnemonic sentence to binary seed is completely independent
 94 | from generating the sentence. This results in rather simple code, there are no
 95 | constraints on sentence structure and clients are free to implement their own
 96 | wordlists or even whole sentence generators (they'll lose the proposed method
 97 | for typo detection in that case, but they can come up with their own).
 98 | 
 99 | Described method also provides plausable deniability, because every passphrase
100 | generates a valid seed (and thus deterministic wallet) but only the correct one
101 | will make the desired wallet available.
102 | 
103 | ==Test vectors==
104 | 
105 | See https://github.com/trezor/python-mnemonic/blob/master/vectors.json
106 | 
107 | ==Reference Implementation==
108 | 
109 | Reference implementation including wordlists is available from
110 | 
111 | http://github.com/trezor/python-mnemonic
112 | 
113 | 


--------------------------------------------------------------------------------
/README.mediawiki:
--------------------------------------------------------------------------------
  1 | People wishing to submit BIPs, first should propose their idea or document to the mailing list. After discussion they should email Greg Maxwell &lt;gmaxwell@gmail.com&gt;. After copy-editing and acceptance, it will be published here.
  2 | 
  3 | We are fairly liberal with approving BIPs, and try not to be too involved in decision making on behalf of the community. The exception is in very rare cases of dispute resolution when a decision is contentious and cannot be agreed upon. In those cases, the conservative option will always be preferred.
  4 | 
  5 | Having a BIP here does not make it a formally accepted standard until its status becomes Active. For a BIP to become Active requires the mutual consent of the community.
  6 | 
  7 | Those proposing changes should consider that ultimately consent may rest with the consensus of the Bitcoin users (see also: [https://en.bitcoin.it/wiki/Economic_majority economic majority]).
  8 | 
  9 | {| class="wikitable sortable" style="width: auto; text-align: center; font-size: smaller; table-layout: fixed;"
 10 | !Number
 11 | !Title
 12 | !Owner
 13 | !Status
 14 | |- style="background-color: #cfffcf"
 15 | | [[bip-0001.mediawiki|1]]
 16 | | BIP Purpose and Guidelines
 17 | | Amir Taaki
 18 | | Active
 19 | |-
 20 | | [[bip-0010.mediawiki|10]]
 21 | | Multi-Sig Transaction Distribution
 22 | | Alan Reiner
 23 | | Draft
 24 | |- style="background-color: #cfffcf"
 25 | | [[bip-0011.mediawiki|11]]
 26 | | M-of-N Standard Transactions
 27 | | Gavin Andresen
 28 | | Accepted
 29 | |- style="background-color: #ffcfcf"
 30 | | [[bip-0012.mediawiki|12]]
 31 | | OP_EVAL
 32 | | Gavin Andresen
 33 | | Withdrawn
 34 | |- style="background-color: #cfffcf"
 35 | | [[bip-0013.mediawiki|13]]
 36 | | Address Format for pay-to-script-hash
 37 | | Gavin Andresen
 38 | | Final
 39 | |- style="background-color: #cfffcf"
 40 | | [[bip-0014.mediawiki|14]]
 41 | | Protocol Version and User Agent
 42 | | Amir Taaki, Patrick Strateman
 43 | | Accepted
 44 | |- style="background-color: #ffcfcf"
 45 | | [[bip-0015.mediawiki|15]]
 46 | | Aliases
 47 | | Amir Taaki
 48 | | Withdrawn
 49 | |- style="background-color: #cfffcf"
 50 | | [[bip-0016.mediawiki|16]]
 51 | | Pay To Script Hash
 52 | | Gavin Andresen
 53 | | Accepted
 54 | |- style="background-color: #ffcfcf"
 55 | | [[bip-0017.mediawiki|17]]
 56 | | OP_CHECKHASHVERIFY (CHV)
 57 | | Luke Dashjr
 58 | | Withdrawn
 59 | |-
 60 | | [[bip-0018.mediawiki|18]]
 61 | | hashScriptCheck
 62 | | Luke Dashjr
 63 | | Draft
 64 | |-
 65 | | [[bip-0019.mediawiki|19]]
 66 | | M-of-N Standard Transactions (Low SigOp)
 67 | | Luke Dashjr
 68 | | Draft
 69 | |- style="background-color: #ffcfcf"
 70 | | [[bip-0020.mediawiki|20]]
 71 | | URI Scheme
 72 | | Luke Dashjr
 73 | | Replaced
 74 | |- style="background-color: #cfffcf"
 75 | | [[bip-0021.mediawiki|21]]
 76 | | URI Scheme
 77 | | Nils Schneider, Matt Corallo
 78 | | Accepted
 79 | |- style="background-color: #cfffcf"
 80 | | [[bip-0022.mediawiki|22]]
 81 | | getblocktemplate - Fundamentals
 82 | | Luke Dashjr
 83 | | Accepted
 84 | |- style="background-color: #cfffcf"
 85 | | [[bip-0023.mediawiki|23]]
 86 | | getblocktemplate - Pooled Mining
 87 | | Luke Dashjr
 88 | | Accepted
 89 | |- style="background-color: #cfffcf"
 90 | | [[bip-0030.mediawiki|30]]
 91 | | Duplicate transactions
 92 | | Pieter Wuille
 93 | | Accepted
 94 | |- style="background-color: #cfffcf"
 95 | | [[bip-0031.mediawiki|31]]
 96 | | Pong message
 97 | | Mike Hearn
 98 | | Accepted
 99 | |- style="background-color: #cfffcf"
100 | | [[bip-0032.mediawiki|32]]
101 | | Hierarchical Deterministic Wallets
102 | | Pieter Wuille
103 | | Accepted
104 | |-
105 | | [[bip-0033.mediawiki|33]]
106 | | Stratized Nodes
107 | | Amir Taaki
108 | | Draft
109 | |- style="background-color: #cfffcf"
110 | | [[bip-0034.mediawiki|34]]
111 | | Block v2, Height in coinbase
112 | | Gavin Andresen
113 | | Accepted
114 | |- style="background-color: #cfffcf"
115 | | [[bip-0035.mediawiki|35]]
116 | | mempool message
117 | | Jeff Garzik
118 | | Accepted
119 | |-
120 | | [[bip-0036.mediawiki|36]]
121 | | Custom Services
122 | | Stefan Thomas
123 | | Draft
124 | |- style="background-color: #cfffcf"
125 | | [[bip-0037.mediawiki|37]]
126 | | Bloom filtering
127 | | Mike Hearn and Matt Corallo
128 | | Accepted
129 | |-
130 | | [[bip-0038.mediawiki|38]]
131 | | Passphrase-protected private key
132 | | Mike Caldwell
133 | | Draft
134 | |-
135 | | [[bip-0039.mediawiki|39]]
136 | | Mnemonic code for generating deterministic keys
137 | | Slush
138 | | Draft
139 | |-
140 | | 40
141 | | Stratum wire protocol
142 | | Slush
143 | | BIP number allocated
144 | |-
145 | | 41
146 | | Stratum mining protocol
147 | | Slush
148 | | BIP number allocated
149 | <!-- 42-49 reserved for stratum extensions -->
150 | |-
151 | | [[bip-0050.mediawiki|50]]
152 | | March 2013 Chain Fork Post-Mortem
153 | | Gavin Andresen
154 | | Draft
155 | <!-- 50 series reserved for a group of post-mortems -->
156 | |-
157 | | [[bip-0060.mediawiki|60]]
158 | | Fixed Length "version" Message (Relay-Transactions Field)
159 | | Amir Taaki
160 | | Draft
161 | |-
162 | | [[bip-0070.mediawiki|70]]
163 | | Payment protocol
164 | | Gavin Andresen
165 | | Draft
166 | |-
167 | | [[bip-0071.mediawiki|71]]
168 | | Payment protocol MIME types
169 | | Gavin Andresen
170 | | Draft
171 | |-
172 | | [[bip-0072.mediawiki|72]]
173 | | Payment protocol URIs
174 | | Gavin Andresen
175 | | Draft
176 | |-
177 | | [[bip-0073.mediawiki|73]]
178 | | Use "Accept" header with Payment Request URLs
179 | | Stephen Pair
180 | | Draft
181 | |}
182 | 
183 | <!-- IMPORTANT!  See the instructions at the top of this page, do NOT JUST add BIPs here! -->
184 | 


--------------------------------------------------------------------------------
/bip-0012.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 12
 3 |   Title: OP_EVAL
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Withdrawn
 6 |   Type: Standards Track
 7 |   Created: 18-10-2011
 8 | </pre>
 9 | 
10 | ==Abstract==
11 | 
12 | This BIP describes a new opcode (OP_EVAL) for the [https://en.bitcoin.it/wiki/Script Bitcoin scripting system], and a new 'standard' transaction type that uses it to enables the receiver of bitcoins to specify the transaction type needed to re-spend them.
13 | 
14 | ==Motivation==
15 | 
16 | Enable "end-to-end" secure wallets and payments to fund escrow transactions or other complex transactions in a way that is backwards-compatible for old clients and miners.
17 | 
18 | ==Specification==
19 | 
20 | OP_EVAL will re-define the existing OP_NOP1 opcode, and will function as follows:
21 | 
22 | * When executed during transaction verification, pops the item from the top of the stack, deserializes it, and executes the resulting script.
23 | * If there is no item on the top of the stack or the item is not a valid script then transaction validation fails.
24 | * If there are any OP_CODESEPARATORs in the deserialized script then transaction validation fails.
25 | * If there are any OP_EVALs in the deserialized script they are also executed, but recursion is limited to a depth of 2.
26 | * Transaction verification must fail if interpreting OP_EVAL as a no-op would cause the verification to fail.
27 | 
28 | A new standard transaction type (scriptPubKey) that is relayed by clients and included in mined blocks is also defined:
29 | 
30 |     DUP HASH160 {20-byte-hash-value} EQUALVERIFY OP_EVAL
31 | 
32 | Which is redeemed by a standard scriptSig:
33 |     ...signatures... {serialized script}
34 | 
35 | Transactions that redeem standard OP_EVAL scriptPubKeys are only considered standard if the ''serialized script'' is, itself, one of the standard transaction types.
36 | 
37 | ==Rationale==
38 | 
39 | OP_EVAL allows the receiver of bitcoins to specify how they can be spent when they are spent, instead of requiring the sender of the bitcoins to know the details of how the bitcoins may be redeemed. The sender only needs to know the hash of the ''serialized script'', and one new type of bitcoin address can be used to fund arbitrarily complex transactions.
40 | 
41 | If ''serialized script'' is a large or complicated multi-signature script, then the burden of paying for it (in increased transaction fees due to more signature operations or transaction size) is shifted from the sender to the receiver.
42 | 
43 | The main objection to OP_EVAL is that it adds complexity, and complexity is the enemy of security. Also, evaluating data as code has a long record of being a source of security vulnerabilties.
44 | 
45 | That same argument can be applied to the existing Bitcoin 'scripting' system; scriptPubKeys are transmit as data across the network and are then interpreted by every bitcoin implementation. OP_EVAL just moves the data that will be interpreted. It is debatable whether or not the entire idea of putting a little interpreted expression evaluation language at the core of Bitcoin was brilliant or stupid, but the existence of OP_EVAL does not make the expression language less secure.
46 | 
47 | There is a 1-confirmation attack on old clients that interepret OP_EVAL as a no-op, but it is expensive and difficult in practice. The attack is:
48 | 
49 | # Attacker creates an OP_EVAL transaction that is valid as seen by old clients, but invalid for new clients.
50 | # Attacker also creates a standard transaction that spends the OP_EVAL transaction, and pays the victim.
51 | # Attacker manages to mine a block that contains both transactions. If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block.
52 | 
53 | The attack is expensive because it requires the attacker create a block that they know will be invalidated. It is difficult because bitcoin businesses should not accept 1-confirmation transactions for higher-value transactions.
54 | 
55 | ==Backwards Compatibility==
56 | 
57 | Surprisingly, because OP_EVAL redefines the OP_NOP1 opcode, standard OP_EVAL transactions will validate with old clients and miners. They will check only that the ''serialized script'' hashes to the correct value; the OP_EVAL will be interpreted as a no-op, and as long as the hash is correct the transaction will be considered valid (no signature checking will be done by old clients and miners).
58 | 
59 | Old clients will ignore OP_EVAL transactions and transactions that depend on them until they are put into a block by either an old miner that includes non-standard transactions in its blocks or by a new miner.
60 | 
61 | Avoiding a block-chain split by malicious OP_EVAL transactions requires careful handling of two cases:
62 | 
63 | # An OP_EVAL transaction that is invalid for new clients/miners but valid for old clients/miners.
64 | # An OP_EVAL transaction that is valid for new clients/miners but invalid for old clients/miners.
65 | 
66 | For case (1), new clients and miners will be coded to interpret OP_EVAL as a no-op until February 1, 2012. Before then, miners will be asked to put the string "OP_EVAL" in blocks that they produce so that hashing power that supports the new opcode can be gauged.  If less than 50% of miners accept the change as of January 15, 2012 the rollout will be postponed until more than 50% of hashing power supports OP_EVAL (the rollout will be rejected if it becomes clear that a majority of hashing power will not be achieved).
67 | 
68 | For case (2), new clients and miners will be written to make sure that transactions involving OP_EVAL are valid if OP_EVAL is interpreted as a no-op.
69 | Example of a transaction that must fail for both old and new miners/clients:
70 |   scriptSig:  {serialized OP_11}
71 |   scriptPubKey:  OP_EVAL OP_11 OP_EQUAL
72 | 
73 | ==Reference Implementation==
74 | 
75 | https://github.com/gavinandresen/bitcoin-git/tree/op_eval
76 | 
77 | ==See Also==
78 | 
79 | https://bitcointalk.org/index.php?topic=46538
80 | 
81 | "Bitcoin Address 01" BIP
82 | 
83 | M-of-N Multisignature Transactions BIP 11
84 | 


--------------------------------------------------------------------------------
/bip-0021.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 21
  3 |   Title: URI Scheme
  4 |   Author: Nils Schneider <nils.schneider@gmail.com>
  5 |           Matt Corallo <bip21@bluematt.me>
  6 |   Status: Accepted
  7 |   Type: Standards Track
  8 |   Created: 29-01-2012
  9 | </pre>
 10 | 
 11 | This BIP is a modification of an earlier [[bip-0020.mediawiki|BIP 0020]] by Luke Dashjr. BIP 0020 was based off an earlier document by Nils Schneider. The alternative payment amounts in BIP 0020 have been removed.
 12 | 
 13 | ==Abstract==
 14 | This BIP proposes a URI scheme for making Bitcoin payments.
 15 | 
 16 | ==Motivation==
 17 | The purpose of this URI scheme is to enable users to easily make payments by simply clicking links on webpages or scanning QR Codes.
 18 | 
 19 | ==Specification==
 20 | 
 21 | === General rules for handling (important!) ===
 22 | 
 23 | Bitcoin clients MUST NOT act on URIs without getting the user's authorization.
 24 | They SHOULD require the user to manually approve each payment individually, though in some cases they MAY allow the user to automatically make this decision.
 25 | 
 26 | === Operating system integration ===
 27 | Graphical bitcoin clients SHOULD register themselves as the handler for the "bitcoin:" URI scheme by default, if no other handler is already registered. If there is already a registered handler, they MAY prompt the user to change it once when they first run the client.
 28 | 
 29 | === BNF grammar ===
 30 | 
 31 | (See also [[#Simpler syntax|a simpler representation of syntax]])
 32 | 
 33 |  bitcoinurn     = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ]
 34 |  bitcoinaddress = base58 *base58
 35 |  bitcoinparams  = *bitcoinparam
 36 |  bitcoinparam   = amountparam | labelparam | messageparam | otherparam | reqparam
 37 |  amountparam    = "amount=" *digit [ "." *digit ]
 38 |  labelparam     = "label=" *pchar
 39 |  messageparam   = "message=" *pchar
 40 |  otherparam     = pchar *pchar "=" *pchar
 41 |  reqparam       = "req-" pchar *pchar "=" *pchar
 42 | 
 43 | === Query Keys ===
 44 | 
 45 | *label: Label for that address (e.g. name of receiver)
 46 | *address: bitcoin address
 47 | *message: message that describes the transaction to the user ([[#Examples|see examples below]])
 48 | *size: amount of base bitcoin units ([[#Transfer amount/size|see below]])
 49 | *(others): optional, for future extensions
 50 | 
 51 | ==== Transfer amount/size ====
 52 | 
 53 | If an amount is provided, it MUST be specified in decimal BTC.
 54 | All amounts MUST contain no commas and use a period (.) as the separating character to separate whole numbers and decimal fractions.
 55 | I.e. amount=50.00 or amount=50 is treated as 50 BTC, and amount=50,000.00 is invalid.
 56 | 
 57 | Bitcoin clients MAY display the amount in any format that is not intended to deceive the user.
 58 | They SHOULD choose a format that is foremost least confusing, and only after that most reasonable given the amount requested.
 59 | For example, so long as the majority of users work in BTC units, values should always be displayed in BTC by default, even if mBTC or TBC would otherwise be a more logical interpretation of the amount.
 60 | == Rationale ==
 61 | 
 62 | ===Payment identifiers, not person identifiers===
 63 | Current best practices are that a unique address should be used for every transaction.
 64 | Therefore, a URI scheme should not represent an exchange of personal information, but a one-time payment.
 65 | 
 66 | ===Accessibility (URI scheme name)===
 67 | Should someone from the outside happen to see such a URI, the URI scheme name already gives a description.
 68 | A quick search should then do the rest to help them find the resources needed to make their payment.
 69 | Other proposed names sound much more cryptic; the chance that someone googles that out of curiosity are much slimmer.
 70 | Also, very likely, what he will find are mostly technical specifications - not the best introduction to bitcoin.
 71 | 
 72 | ==Forward compatibility==
 73 | Variables which are prefixed with a req- are considered required.  If a client does not implement any variables which are prefixed with req-, it MUST consider the entire URI invalid.  Any other variables which are not implemented, but which are not prefixed with a req-, can be safely ignored.
 74 | 
 75 | ==Backward compatibility==
 76 | As this BIP is written, several clients already implement a bitcoin: URI scheme similar to this one, however usually without the additional "req-" prefix requirement.  Thus, it is recommended that additional variables prefixed with req- not be used in a mission-critical way until a grace period of 6 months from the finalization of this BIP has passed in order to allow client developers to release new versions, and users of old clients to upgrade.
 77 | 
 78 | == Appendix ==
 79 | 
 80 | === Simpler syntax ===
 81 | 
 82 | This section is non-normative and does not cover all possible syntax.
 83 | Please see the BNF grammar above for the normative syntax.
 84 | 
 85 | [foo] means optional, &lt;bar&gt; are placeholders
 86 | 
 87 |  <nowiki>bitcoin:<address>[?amount=<amount>][?label=<label>][?message=<message>]</nowiki>
 88 | 
 89 | === Examples ===
 90 | 
 91 | Just the address:
 92 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W
 93 | 
 94 | Address with name:
 95 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?label=Luke-Jr
 96 | 
 97 | Request 20.30 BTC to "Luke-Jr":
 98 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?amount=20.3&label=Luke-Jr
 99 | 
100 | Request 50 BTC with message:
101 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?amount=50&label=Luke-Jr&message=Donation%20for%20project%20xyz
102 | 
103 | Some future version that has variables which are (currently) not understood and required and thus invalid:
104 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?req-somethingyoudontunderstand=50&req-somethingelseyoudontget=999
105 | 
106 | Some future version that has variables which are (currently) not understood but not required and thus valid:
107 |  bitcoin:175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W?somethingyoudontunderstand=50&somethingelseyoudontget=999
108 | 
109 | Characters must be URI encoded properly.
110 | 
111 | == Reference Implementations ==
112 | === Bitcoin clients ===
113 | * Bitcoin-Qt supports the old version of Bitcoin URIs (ie without the req- prefix), with Windows and KDE integration as of commit 70f55355e29c8e45b607e782c5d76609d23cc858.
114 | 
115 | 


--------------------------------------------------------------------------------
/bip-0050.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 50
 3 |   Title: March 2013 Chain Fork Post-Mortem
 4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
 5 |   Status: Draft
 6 |   Type: Informational
 7 |   Created: 20-03-2013
 8 | </pre>
 9 | 
10 | ==What went wrong==
11 | A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected hard fork of the chain. The pre-0.8 incompatible chain at that point had around 60% of the hash power ensuring the split did not automatically resolve.
12 | 
13 | In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block.
14 | 
15 | During this time there was at least [https://bitcointalk.org/index.php?topic=152348.0 one large double spend].  However, it was done by someone experimenting to see if it was possible and was not intended to be malicious.
16 | 
17 | ==What went right==
18 | * The split was detected very quickly.
19 | * The right people were online and available in IRC or could be raised via Skype.
20 | * Marek Palatinus and Michael Marsee quickly downgraded their nodes to restore a pre-0.8 chain as canonical, despite the fact that this caused them to sacrifice significant amounts of money and they were the ones running the bug-free version.
21 | * Deposits to the major exchanges and payments via BitPay were also suspended (and then un-suspended) very quickly.
22 | * Fortunately, the only attack on a merchant was done by someone who was not intending to actually steal money
23 | 
24 | ==Root cause==
25 | Bitcoin versions prior to 0.8 configure an insufficient number of Berkeley DB locks to process large but technically valid blocks. Berkeley DB locks have to be manually configured by API users depending on anticipated load. The manual says this:
26 | 
27 | :The recommended algorithm for selecting the maximum number of locks, lockers, and lock objects is to run the application under stressful conditions and then review the lock system's statistics to determine the maximum number of locks, lockers, and lock objects that were used. Then, double these values for safety.
28 | 
29 | Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.
30 | 
31 | Bitcoin 0.8 does not use Berkeley DB. It uses LevelDB instead, which does not require this kind of pre-configuration. Therefore it was able to process the forking block successfully.
32 | 
33 | Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs.
34 | 
35 | This would be an issue even if the entire network was running version 0.7.2. It is theoretically possible for one 0.7.2 node to create a block that others are unable to validate, or for 0.7.2 nodes to create block re-orgs that peers cannot validate, because the contents of each node's blkindex.dat database is not identical, and the number of locks required depends on the exact arrangement of the blkindex.dat on disk (locks are acquired per-page).
36 | 
37 | ==Action items==
38 | 
39 | ===Immediately===
40 | 
41 | '''Done''': Release a version 0.8.1, forked directly from 0.8.0, that, for the next two months has the following new rules:
42 | # Reject blocks that could cause more than 10,000 locks to be taken.
43 | # Limit the maximum block-size created to 500,000 bytes
44 | # Release a patch for older versions that implements the same rules, but also increases the maximum number of locks to 120,000
45 | # Create a web page on bitcoin.org that will urge users to upgrade to 0.8.1, but will tell them how to set DB_CONFIG to 120,000 locks if they absolutely cannot.
46 | # Over the next 2 months, send a series of alerts to users of older versions, pointing to the web page.
47 | 
48 | ===Alert system===
49 | 
50 | '''Done''': Review who has access to the alert system keys, make sure they all have contact information for each other, and get good timezone overlap by people with access to the keys.
51 | 
52 | '''Done''': Implement a new bitcoind feature so services can get timely notification of alerts:  -alertnotify=<command>   Run command when an AppliesToMe() alert is received.
53 | 
54 | '''Done''': Pre-generate 52 test alerts, and set a time every week when they are broadcast on -testnet (so -alertnotify scripts can be tested in as-close-to-real-world conditions as possible).
55 | 
56 | Idea from Michael Gronager: encourage merchants/exchanges (and maybe pools) to run new code behind a bitcoind running the network-majority version.
57 | 
58 | ===Safe mode===
59 | 
60 | '''Done''': Perhaps trigger an alert if there is a long enough side chain detected, even if it is not the main chain. Pools could use this to automatically suspend payouts if a long side-chain suddenly appeared out of nowhere (it’s hard for an attacker to mine such a thing).
61 | 
62 | ===Testing===
63 | 
64 | Start running bots on the testnet that grab some coins from a testnet faucet, generate large numbers of random transactions that split/recombine them and then send them back to the faucet. Randomized online testing on the testnet might have revealed the pathological block type earlier.
65 | 
66 | ===Double spending===
67 | 
68 | A double spend attack was successful, despite that both sides of the chain heard about the transactions in the same order. The reason is most likely that the memory pools were cleared when the mining pool nodes were downgraded. A solution is for nodes to sync their mempools to each other at startup, however, this requires a memory pool expiry policy to be implemented as currently node restarts are the only way for unconfirmed transactions to be evicted from the system.
69 | 
70 | ===Resolution===
71 | 
72 | On 16 August, 2013 block 252,451 (0x0000000000000024b58eeb1134432f00497a6a860412996e7a260f47126eed07) was accepted by the main network, forking unpatched nodes off the network.
73 | 


--------------------------------------------------------------------------------
/bip-0014.mediawiki:
--------------------------------------------------------------------------------
 1 | <pre>
 2 |   BIP: 14
 3 |   Title: BIP Protocol Version and User Agent
 4 |   Author: Amir Taaki <genjix@riseup.net>
 5 |           Patrick Strateman <bitcoin-bips@covertinferno.org>
 6 |   Status: Accepted
 7 |   Type: Standards Track
 8 |   Created: 10-11-2011
 9 |   Post-History: 02-11-2011
10 | </pre>
11 | 
12 | In this document, bitcoin will be used to refer to the protocol while Satoshi will refer to the current client in order to prevent confusion.
13 | 
14 | == Past Situation ==
15 | 
16 | Bitcoin as a protocol began life with the Satoshi client. Now that the community is diversifying, a number of alternative clients with their own codebases written in a variety of languages (Java, Python, Javascript, C++) are rapidly developing their own feature-sets.
17 | 
18 | Embedded in the protocol is a version number. Primarily this version number is in the "version" and "getblocks" messages, but is also in the "block" message to indicate the software version that created that block. Currently this version number is the same version number as that of the client. This document is a proposal to separate the protocol version from the client version, together with a proposed method to do so.
19 | 
20 | == Rationale ==
21 | 
22 | With non-separated version numbers, every release of the Satoshi client will increase its internal version number. Primarily this holds every other client hostage to a game of catch-up with Satoshi version number schemes. This plays against the decentralised nature of bitcoin, by forcing every software release to remain in step with the release schedule of one group of bitcoin developers.
23 | 
24 | Version bumping can also introduce incompatibilities and fracture the network. In order that the health of the network is maintained, the development of the protocol as a shared common collaborative process requires being split off from the implementation of that protocol. Neutral third entities to guide the protocol with representatives from all groups, present the chance for bitcoin to grow in a positive manner with minimal risks.
25 | 
26 | By using a protocol version, we set all implementations on the network to a common standard. Everybody is able to agree within their confines what is protocol and what is implementation-dependent. A user agent string is offered as a 'vanity-plate' for clients to distinguish themselves in the network.
27 | 
28 | Separation of the network protocol from the implemention, and forming development of said protocol by means of a mutual consensus among participants, has the democratic disadvantage when agreement is hard to reach on contentious issues. To mitigate this issue, strong communication channels and fast release schedules are needed, and are outside the scope of this document (concerning a process-BIP type).
29 | 
30 | User agents provide extra tracking information that is useful for keeping tabs on network data such as client implementations used or common architectures/operating-systems. In the rare case they may even provide an emergency method of shunning faulty clients that threaten network health- although this is strongly unrecommended and extremely bad form. The user agent does not provide a method for clients to work around and behave differently to different implementations, as this will lead to protocol fracturing.
31 | 
32 | In short:
33 | 
34 | * Protocol version: way to distinguish between nodes and behave different accordingly.
35 | * User agent: simple informational tool. Protocol should not be modified depending on user agent.
36 | 
37 | == Browser User-Agents ==
38 | 
39 | [http://tools.ietf.org/html/rfc1945 RFC 1945] vaguely specifies a user agent to be a string of the product with optional comments.
40 | 
41 |   Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.6) Gecko/20100127 Gentoo Shiretoko/3.5.6
42 | 
43 | User agents are most often parsed by computers more than humans. The space delimited format, does not provide an easy, fast or efficient way for parsing. The data contains no structure indicating hierarchy in this placement.
44 | 
45 | The most immediate pieces of information there are the browser product, rendering engine and the build (Gentoo Shiretoko) together with version number. Various other pieces of information as included as comments such as desktop environment, platform, language and revision number of the build.
46 | 
47 | == Proposal ==
48 | 
49 | The version field in "version" and "getblocks" packets will become the protocol version number. The version number in the "blocks" reflects the protocol version from when that block was created.
50 | 
51 | The currently unused sub_version_num field in "version" packets will become the new user-agent string.
52 | 
53 | Bitcoin user agents are a modified browser user agent with more structure to aid parsers and provide some coherence. In bitcoin, the software usually works like a stack starting from the core code-base up to the end graphical interface. Therefore the user agent strings codify this relationship.
54 | 
55 | Basic format:
56 | 
57 |   /Name:Version/Name:Version/.../
58 | 
59 | Example:
60 | 
61 |   /Satoshi:5.64/bitcoin-qt:0.4/
62 |   /Satoshi:5.12/Spesmilo:0.8/
63 | 
64 | Here bitcoin-qt and Spesmilo may use protocol version 5.0, however the internal codebase they use are different versions of the same software. The version numbers are not defined to any strict format, although this guide recommends:
65 | 
66 | * Version numbers in the form of Major.Minor.Revision (2.6.41)
67 | * Repository builds using a date in the format of YYYYMMDD (20110128)
68 | 
69 | For git repository builds, implementations are free to use the git commitish. However the issue lies in that it is not immediately obvious without the repository which version proceeds another. For this reason, we lightly recommend dates in the format specified above, although this is by no means a requirement.
70 | 
71 | Optional -r1, -r2, ... can be appended to user agent version numbers. This is another light recommendation, but not a requirement. Implementations are free to specify version numbers in whatever format needed insofar as it does not include (, ), : or / to interfere with the user agent syntax.
72 | 
73 | An optional comments field after the version number is also allowed. Comments should be delimited by brackets (...). The contents of comments is entirely implementation defined although this BIP recommends the use of semi-colons ; as a delimiter between pieces of information.
74 | 
75 | Example:
76 | 
77 |   /BitcoinJ:0.2(iPad; U; CPU OS 3_2_1)/AndroidBuild:0.8/
78 | 
79 | Reserved symbols are therefore: / : ( )
80 | 
81 | They should not be misused beyond what is specified in this section.
82 | 
83 | * / seperates the code-stack
84 | * : specifies the implementation version of the particular stack
85 | * ( and ) delimits a comment which optionally separates data using ;
86 | 
87 | == Timeline ==
88 | 
89 | When this document was published, the bitcoin protocol and Satoshi client versions were currently at 0.5 and undergoing changes. In order to minimise disruption and allow the undergoing changes to be completed, the next protocol version at 0.6 became peeled from the client version (also at 0.6). As of that time (January 2012), protocol and implementation version numbers are distinct from each other.
90 | 


--------------------------------------------------------------------------------
/bip-0033.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 33
  3 |   Title: Stratized Nodes
  4 |   Author: Amir Taaki <genjix@riseup.net>
  5 |   Status: Draft
  6 |   Type: Standards Track
  7 |   Created: 15-05-2012
  8 | </pre>
  9 | 
 10 | == Abstract ==
 11 | 
 12 | As the Bitcoin network scales, roles are fast becoming specialised. In the beginning, a single Bitcoin user would perform the synonymous roles of miner, merchant and end-user. With the growth however of this system, these functions are being abstracted away to specialised services as a natural part of Bitcoin's growth.
 13 | 
 14 | Bitcoin's blockchain becomes more unwieldy for end users over time, negatively affecting the usability of Bitcoin clients. As it grows, it becomes ever more impractical to deal with on portable devices or low end machines. Several proposals have been put forward to deal with this such as lightweight (headers-only) clients and skipping validation for blocks before the last checkpoint. However these measures are at best stop-gap workarounds to stave off a growing problem.
 15 | 
 16 | This document will examine a proposal which will be termed ''stratized nodes'', a modification of an earlier concept termed ''blockchain service''.
 17 | 
 18 | == History ==
 19 | 
 20 | Jan Moller created BCCAPI in 2011. BCCAPI allowed a user's client to delegate blockchain interaction to a remote server. This server would store and manage the blockchain while the user client would run queries against that server.
 21 | 
 22 | ThomasV later created Electrum server. BCCAPI's server backend was proprietary, and Electrum required a full Free Software stack. Electrum's server was an adhoc temporary replacement. As it grew and became used, issues started to appear in its design.
 23 | 
 24 | Marek Palatinus (slush) drafted a new standard called Stratum to replace Electrum's server. Stratum has multiple transports and is usable as a blockchain server by merchants, miners and user-clients. Electrum moved to using a Stratum implementation first relying on ABE/bitcoind and more recently libbitcoin.
 25 | 
 26 | Stratum is unmaintained by Marek Palatinus, suffers from easy resource starvation and denial of service attacks, and is insecure. The proposal specified here is intended to replace the Stratum's role as a blockchain for user-clients. The proposal here is solely concerned with removing the onus of blockchain validation and lookups from user-clients to specialised services in a secure manner. Any secondary benefits or uses are purely incidental.
 27 | 
 28 | == Overview ==
 29 | 
 30 | During the initial handshake between Bitcoin nodes, a version packet is sent. version packets have a bitfield called services. Nodes can fill this field to tell the network how they behave and which services they support. NODE_NETWORK (1) means a node can be asked for full blocks for example.
 31 | 
 32 | We propose two more values of NODE_SERVICE (2) and NODE_STRATIZED (4).
 33 | 
 34 | === NODE_SERVICE ===
 35 | 
 36 | * A blockchain service which supports the additional messages "getoutputs" and "getspends".
 37 | * Does not respond to "getdata" messages by itself (unless NODE_NETWORK is specified)
 38 | * If NODE_NETWORK is specified, then "getdata" for transactions will retrieve them not only from the memory pool but also check the blockchain if necessary.
 39 | 
 40 | === NODE_STRATIZED ===
 41 | 
 42 | * A node which uses the stratized strategy specified in this document.
 43 | * NODE_STRATIZED will relay inventories for accepted transactions.
 44 | * Does not support "getblocks" as stratized nodes do not contain the entire blockchain.
 45 | 
 46 | Apart from the differences noted above, the nodes are otherwise unchanged in their behaviour from NODE_NETWORK.
 47 | 
 48 | == Specification ==
 49 | 
 50 | === Initialisation ===
 51 | 
 52 | Four new messages are defined which are represented below in C-like pseudocode.
 53 | 
 54 | "getoutputs"
 55 | <pre>
 56 | struct decoded_address
 57 | {
 58 |     uint8_t payment_type;
 59 |     uint8_t address_hash[16];
 60 | };
 61 | 
 62 | struct get_outputs
 63 | {
 64 |     decoded_address dest;
 65 | };
 66 | </pre>
 67 | 
 68 | "outputs"
 69 | <pre>
 70 | struct point_t
 71 | {
 72 |     uint8_t hash[32];
 73 |     uint32_t index;
 74 | };
 75 | 
 76 | struct outputs
 77 | {
 78 |     decoded_address dest;
 79 |     uint64_t number_outputs;  // variable uint
 80 |     point_t outpoints[];
 81 | };
 82 | </pre>
 83 | 
 84 | "getspend"
 85 | <pre>
 86 | struct get_spend
 87 | {
 88 |     point_t outpoint;
 89 | };
 90 | </pre>
 91 | 
 92 | "spend"
 93 | <pre>
 94 | struct spend
 95 | {
 96 |     point_t outpoint, inpoint;
 97 | };
 98 | </pre>
 99 | 
100 | These four messages allow a node to discover the history of a Bitcoin address without needing direct access to the blockchain.
101 | 
102 | A typical use case might look like:
103 | # Send "getoutputs" for a decoded Bitcoin address.
104 | # Receive "outputs", and loop through each contained output point:
105 | ## Send "getdata" to download the transaction for that point.
106 | ## Send "getspend" for each output point.
107 | # Receive "spend":
108 | ## Send "getdata" to download the transaction for that input point.
109 | 
110 | This sequence allows the gradual but fast build up of history for an address.
111 | 
112 | === Updates ===
113 | 
114 | Nodes receive "inv" messages as normal from service nodes, issuing "getdata" to download the block or transaction data. From this they check for newly sent (in the input points) or received (in the output points) payments in the transaction data.
115 | 
116 | Note that blocks must at minimum have their merkle root validated and transactions must be checked for uniqueness by stratized nodes.
117 | 
118 | == Security ==
119 | 
120 | The concern here is that stratized nodes are at the mercy of blockchain services. This proposal deals with that issue by designing this protocol in such a way that the implementation can resolve the common history between multiple services.
121 | 
122 | A stratized node will typically connect to 8 blockchain services. It will only accept an output, spend or inventory vector that has been sent by a common subset of all those services (6 in our example). This spreads the risk between all services, and does not make a node vulnerable to any one rogue blockchain service.
123 | 
124 | == Privacy ==
125 | 
126 | The other strategy for thin clients termed ''headers-only'' or ''Simplified. Payment. Verification.'' have the same privacy issues as this proposal. SPV resolves this problem by sending out fake requests for transaction data which obfuscates the client data. By sending out a sufficient number of fake requests, privacy can be kept to a sufficient level.
127 | 
128 | == Rationale ==
129 | 
130 | NODE_SERVICE does not respond to "getdata" requests by itself (unless used in conjunction with NODE_NETWORK) to prevent starvation attacks. This allows a single trusted NODE_SERVICE architecture (possibly acting as a front-end to multiple backends) to service very many nodes while externalising the costs to the Bitcoin network.
131 | 
132 | NODE_STRATIZED tries its best to maintain the facade and help upkeep the Bitcoin network (see relaying), but cannot support "getblocks" as it does not have the entire blockchain.
133 | 
134 | == Backwards Compatibility ==
135 | 
136 | This proposal is an addon to the current Bitcoin network, and is completely backwards compatible.
137 | 


--------------------------------------------------------------------------------
/bip-0017.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 17
  3 |   Title: OP_CHECKHASHVERIFY (CHV)
  4 |   Author: Luke Dashjr <luke+bip17@dashjr.org>
  5 |   Status: Draft
  6 |   Type: Withdrawn
  7 |   Created: 18-01-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP describes a new opcode (OP_CHECKHASHVERIFY) for the Bitcoin scripting system, and a new 'standard' transaction type that uses it to enables the receiver of bitcoins to specify the transaction type needed to re-spend them.
 13 | 
 14 | ==Motivation==
 15 | 
 16 | The purpose of pay-to-script-hash is to move the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer.
 17 | 
 18 | The benefit is allowing a sender to fund any arbitrary transaction, no matter how complicated, using a fixed-length 20-byte hash that is short enough to scan from a QR code or easily copied and pasted.
 19 | 
 20 | ==Specification==
 21 | 
 22 | OP_CHECKHASHVERIFY will re-define the existing OP_NOP2 opcode, and will function as follows when executed:
 23 | 
 24 | * First, hash the end of the prior script (in the general case, scriptSig; if no prior script, a null string is hashed) beginning from the last evaluated OP_CODESEPARATOR onward (or from the beginning of the script, if no OP_CODESEPARATOR was present)
 25 | * Then, compare this with the item on the top of the stack (if there is none, the script fails immediately)
 26 | * If the hashes match, do nothing, proceed as if an OP_NOP; if they do not match, the script fails immediately.
 27 | * Note that in the case of a matched hash, the top stack item (the hash being compared with) is <u>not</u> popped off the stack. This is for backward compatibility.
 28 | 
 29 | This opcode reassignment shall be applied when validating transactions in blocks only with timestamps after February 23, 2012 (see the Backwards Compatibility section for details).
 30 | 
 31 | A new standard transaction type that is relayed and included in mined blocks is defined:
 32 | 
 33 |     [20-byte-hash-value] OP_CHECKHASHVERIFY OP_DROP
 34 | 
 35 | [20-byte-hash-value] shall be the push-20-bytes-onto-the-stack opcode (0x14) followed by exactly 20 bytes.
 36 | 
 37 | This new transaction type is redeemed by a standard scriptSig:
 38 | 
 39 |     ...signatures... OP_CODESEPARATOR {script}
 40 | 
 41 | Transactions that redeem these pay-to-script outpoints are only considered standard if they contain exactly one OP_CODESEPARATOR and the appended ''script'' is, itself, one of the other standard transaction types.
 42 | 
 43 | ==Example==
 44 | 
 45 | For example, the scriptPubKey and corresponding scriptSig for a one-signature-required transaction is:
 46 | 
 47 |     scriptSig: [signature] OP_CODESEPARATOR [pubkey] OP_CHECKSIG
 48 |     scriptPubKey: [20-byte-hash of {[pubkey] OP_CHECKSIG} ] OP_CHECKHASHVERIFY OP_DROP
 49 | 
 50 | 2-of-3:
 51 | 
 52 |     scriptSig: [signatures...] OP_CODESEPARATOR 2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG
 53 |     scriptPubKey: [20-byte-hash of {2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG} ] OP_CHECKHASHVERIFY OP_DROP
 54 | 
 55 | ==Rationale==
 56 | 
 57 | This BIP replaces BIP 12 and BIP 16, which propose evaluating a Script from the stack after verifying its hash.
 58 | 
 59 | The Motivation for this BIP (and BIP 13, the pay-to-script-hash address type) is somewhat controversial; several people feel that it is unnecessary, and complex/multisignature transaction types should be supported by simply giving the sender the complete {serialized script}. The author believes that this BIP will minimize the changes needed to all of the supporting infrastructure that has already been created to send funds to a base58-encoded-20-byte bitcoin addresses, allowing merchants and exchanges and other software to start supporting multisignature transactions sooner.
 60 | 
 61 | There is a 1-confirmation attack on old implementations, but it is expensive and difficult in practice. The attack is:
 62 | 
 63 | # Attacker creates a pay-to-script-hash transaction that is valid as seen by old software, but invalid for new implementation, and sends themselves some coins using it.
 64 | # Attacker also creates a standard transaction that spends the pay-to-script transaction, and pays the victim who is running old software.
 65 | # Attacker mines a block that contains both transactions.
 66 | 
 67 | If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block.
 68 | 
 69 | The attack is expensive because it requires the attacker create a block that they know will be invalidated by the rest of the network. It is difficult because creating blocks is difficult and users should not accept 1-confirmation transactions for higher-value transactions.
 70 | 
 71 | ==Backwards Compatibility==
 72 | 
 73 | These transactions are non-standard to old implementations, which will (typically) not relay them nor include them in blocks.
 74 | 
 75 | Old implementations will not validate that the {script}'s hash value matches when they validate blocks created by software that fully support this BIP.
 76 | 
 77 | Avoiding a block-chain split by malicious pay-to-script transactions requires careful handling of one case:
 78 | 
 79 | * A pay-to-script-hash transaction that is invalid for new clients/miners but valid for old clients/miners.
 80 | 
 81 | To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time. 
 82 | 
 83 | To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "p2sh/CHV" in the input of the coinbase transaction for blocks that they create.
 84 | 
 85 | On February 8, 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If at least 60% contain "p2sh/CHV" in their coinbase, then all blocks with timestamps after 23 Feb 2012, 00:00:00 GMT shall have their pay-to-script-hash transactions validated.
 86 | 
 87 | If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
 88 | 
 89 | OP_NOP2 is used, so existing OP_EVAL (BIP 12) transactions in the block chain can still be redeemed.
 90 | 
 91 | ==Reference Implementation==
 92 | 
 93 | [https://gitorious.org/~Luke-Jr/bitcoin/luke-jr-bitcoin/commits/checkhashverify Validation, sending, and receiving for bitcoind git master]
 94 | 
 95 | [https://gitorious.org/~Luke-Jr/bitcoin/luke-jr-bitcoin/commits/checkhashverify_backport Validation only for 0.3.19+]
 96 | 
 97 | ==See Also==
 98 | 
 99 | * The [[bip-0013.mediawiki|Address format for Pay to Script Hash BIP]]
100 | * [[bip-0011.mediawiki|M-of-N Multisignature Transactions (BIP 11)]]
101 | * Example BIP 17 transaction chain: [http://blockexplorer.com/tx/b8fd633e7713a43d5ac87266adc78444669b987a56b3a65fb92d58c2c4b0e84d a] [http://blockexplorer.com/tx/eb3b82c0884e3efa6d8b0be55b4915eb20be124c9766245bcc7f34fdac32bccb b] [http://blockexplorer.com/tx/055707ce7fea7b9776fdc70413f65ceec413d46344424ab01acd5138767db137 c] [http://blockexplorer.com/tx/6d36bc17e947ce00bb6f12f8e7a56a1585c5a36188ffa2b05e10b4743273a74b d]
102 | 


--------------------------------------------------------------------------------
/bip-0016.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 16
  3 |   Title: Pay to Script Hash
  4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
  5 |   Status: Final
  6 |   Type: Standards Track
  7 |   Created: 03-01-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP describes a new "standard" transaction type for the Bitcoin scripting system, and defines additional validation rules that apply only to the new transactions.
 13 | 
 14 | ==Motivation==
 15 | 
 16 | The purpose of pay-to-script-hash is to move the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer.
 17 | 
 18 | The benefit is allowing a sender to fund any arbitrary transaction, no matter how complicated, using a fixed-length 20-byte hash that is short enough to scan from a QR code or easily copied and pasted.
 19 | 
 20 | ==Specification==
 21 | 
 22 | A new standard transaction type that is relayed and included in mined blocks is defined:
 23 | 
 24 |     OP_HASH160 [20-byte-hash-value] OP_EQUAL
 25 | 
 26 | [20-byte-hash-value] shall be the push-20-bytes-onto-the-stack opcode (0x14) followed by exactly 20 bytes.
 27 | 
 28 | This new transaction type is redeemed by a standard scriptSig:
 29 | 
 30 |     ...signatures... {serialized script}
 31 | 
 32 | Transactions that redeem these pay-to-script outpoints are only considered standard if the ''serialized script'' is, itself, one of the other standard transaction types.
 33 | 
 34 | The rules for validating these outpoints when relaying transactions or considering them for inclusion in a new block are as follows:
 35 | 
 36 | # Validation fails if there are any operations other than "push data" operations in the scriptSig.
 37 | # Normal validation is done: an initial stack is created from the signatures and {serialized script}, and the hash of the script is computed and validation fails immediately if it does not match the hash in the outpoint.
 38 | # {serialized script} is popped off the initial stack, and the transaction is validated again using the popped stack and the deserialized script as the scriptPubKey.
 39 | 
 40 | These new rules should only be applied when validating transactions in blocks with timestamps >= 1333238400 (Apr 1 2012) <ref>[https://github.com/bitcoin/bitcoin/commit/8f188ece3c82c4cf5d52a3363e7643c23169c0ff Remove -bip16 and -paytoscripthashtime command-line arguments]</ref>. There are transaction earlier than 13333238400 in the block chain that fail these new validation rules. <ref>[http://blockexplorer.com/tx/6a26d2ecb67f27d1fa5524763b49029d7106e91e3cc05743073461a719776192 Transaction 6a26d2ecb67f27d1fa5524763b49029d7106e91e3cc05743073461a719776192]</ref>. Older transactions must be validated under the old rules. (see the Backwards Compatibility section for details).
 41 | 
 42 | For example, the scriptPubKey and corresponding scriptSig for a one-signature-required transaction is:
 43 | 
 44 |     scriptSig: [signature] {[pubkey] OP_CHECKSIG}
 45 |     scriptPubKey: OP_HASH160 [20-byte-hash of {[pubkey] OP_CHECKSIG} ] OP_EQUAL
 46 | 
 47 | Signature operations in the {serialized script} shall contribute to the maximum number allowed per block (20,000) as follows:
 48 | 
 49 | # OP_CHECKSIG and OP_CHECKSIGVERIFY count as 1 signature operation, whether or not they are evaluated.
 50 | # OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY immediately preceded by OP_1 through OP_16 are counted as 1 to 16 signature operation, whether or not they are evaluated.
 51 | # All other OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY are counted as 20 signature operations.
 52 | 
 53 | Examples:
 54 | 
 55 | +3 signature operations:
 56 |     {2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG}
 57 | 
 58 | +22 signature operations
 59 |     {OP_CHECKSIG OP_IF OP_CHECKSIGVERIFY OP_ELSE OP_CHECKMULTISIGVERIFY OP_ENDIF}
 60 | 
 61 | ==Rationale==
 62 | 
 63 | This BIP replaces BIP 12, which proposed a new Script opcode ("OP_EVAL") to accomplish everything in this BIP and more.
 64 | 
 65 | The Motivation for this BIP (and BIP 13, the pay-to-script-hash address type) is somewhat controversial; several people feel that it is unnecessary, and complex/multisignature transaction types should be supported by simply giving the sender the complete {serialized script}. The author believes that this BIP will minimize the changes needed to all of the supporting infrastructure that has already been created to send funds to a base58-encoded-20-byte bitcoin addresses, allowing merchants and exchanges and other software to start supporting multisignature transactions sooner.
 66 | 
 67 | Recognizing one 'special' form of scriptPubKey and performing extra validation when it is detected is ugly. However, the consensus is that the alternatives are either uglier, are more complex to implement, and/or expand the power of the expression language in dangerous ways.
 68 | 
 69 | The signature operation counting rules are intended to be easy and quick to implement by statically scanning the {serialized script}. Bitcoin imposes a maximum-number-of-signature-operations per block to prevent denial-of-service attacks on miners. If there was no limit, a rogue miner might broadcast a block that required hundreds of thousands of ECDSA signature operations to validate, and it might be able to get a head start computing the next block while the rest of the network worked to validate the current one.
 70 | 
 71 | There is a 1-confirmation attack on old implementations, but it is expensive and difficult in practice. The attack is:
 72 | 
 73 | # Attacker creates a pay-to-script-hash transaction that is valid as seen by old software, but invalid for new implementation, and sends themselves some coins using it.
 74 | # Attacker also creates a standard transaction that spends the pay-to-script transaction, and pays the victim who is running old software.
 75 | # Attacker mines a block that contains both transactions.
 76 | 
 77 | If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block.
 78 | 
 79 | The attack is expensive because it requires the attacker create a block that they know will be invalidated by the rest of the network. It is difficult because creating blocks is difficult and users should not accept 1-confirmation transactions for higher-value transactions.
 80 | 
 81 | ==Backwards Compatibility==
 82 | 
 83 | These transactions are non-standard to old implementations, which will (typically) not relay them or include them in blocks.
 84 | 
 85 | Old implementations will validate that the {serialize script}'s hash value matches when they validate blocks created by software that fully support this BIP, but will do no other validation.
 86 | 
 87 | Avoiding a block-chain split by malicious pay-to-script transactions requires careful handling of one case:
 88 | 
 89 | * A pay-to-script-hash transaction that is invalid for new clients/miners but valid for old clients/miners.
 90 | 
 91 | To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time.
 92 | 
 93 | To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "/P2SH/" in the input of the coinbase transaction for blocks that they create.
 94 | 
 95 | On February 1, 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If 550 or more contain "/P2SH/" in their coinbase, then all blocks with timestamps after 15 Feb 2012, 00:00:00 GMT shall have their pay-to-script-hash transactions fully validated. Approximately 1,000 blocks are created in a week; 550 should, therefore, be approximately 55% of the network supporting the new feature.
 96 | 
 97 | If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
 98 | 
 99 | ==Reference Implementation==
100 | 
101 | https://gist.github.com/gavinandresen/3966071
102 | 
103 | ==See Also==
104 | 
105 | * https://bitcointalk.org/index.php?topic=46538
106 | * The [[BIP 0013|Address format for Pay to Script Hash BIP]]
107 | * M-of-N Multisignature Transactions [[BIP 0011|BIP 11]]
108 | * [[bip-0016/qa.mediawiki|Quality Assurance test checklist]]
109 | 
110 | == References ==
111 | <references>
112 | 


--------------------------------------------------------------------------------
/bip-0018.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 18
  3 |   Title: hashScriptCheck
  4 |   Author: Luke Dashjr <luke+bip17@dashjr.org>
  5 |   Status: Draft
  6 |   Type: Standards Track
  7 |   Created: 27-01-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP modifies the basic format of transaction inputs and outputs, replacing the current scriptSig and scriptPubKey (scripts executed to validate a transaction) with new contents: dataSig, scriptCheck, and hashScriptCheck.
 13 | 
 14 | ==Motivation==
 15 | 
 16 | The purpose of pay-to-script-hash is to move the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer.
 17 | 
 18 | The benefit is allowing a sender to fund any arbitrary transaction, no matter how complicated, using a fixed-length 20-byte hash that is short enough to scan from a QR code or easily copied and pasted.
 19 | 
 20 | ==Specification==
 21 | 
 22 | scriptSig and scriptPubKey are hereby deemed to be deprecated.
 23 | Bitcoin-compatible clients MUST still continue to support them for compatibility, but it should not be used for any new transaction types.
 24 | Services and people which send Bitcoins SHOULD continue to support old pubkey-based addresses for the time being.
 25 | Services and people which receive Bitcoins MAY continue to generate and use old pubkey-based addresses.
 26 | 
 27 | To replace these, there are 3 new elements:
 28 | * dataSig is included in place of scriptSig in transaction inputs, and contains multiple serialized data elements
 29 | * scriptCheck is the final element of dataSig, and is executed with the preceding dataSig elements preloaded onto the stack (the element immediately before scriptCheck is the top of the stack)
 30 | * hashScriptCheck is included in place of scriptPubKey in transaction outputs, to specify the hash of the scriptCheck allowed to redeem it
 31 | 
 32 | dataSig is to be encoded the same as a push-only script.
 33 | 
 34 | hashScriptCheck must be encoded exactly so:
 35 | 
 36 |     0xa9 0x14 (20-byte-hash-value) 0x87
 37 | 
 38 | This can be interpreted by legacy (pre-BIP 18) clients as the following script:
 39 | 
 40 |     OP_HASH160 [20-byte-hash-value] OP_EQUAL
 41 | 
 42 | If this template is not matched exactly OR the transaction is in a block with a timestamp before the hashScriptCheck activation date, validation MUST proceed in backward-compatibility mode, using scriptSig+scriptPubKey rather than dataSig+scriptCheck+hashScriptCheck.
 43 | 
 44 | A hashScriptCheck-compliant input is valid only if:
 45 | * dataSig MUST NOT contain any operations other than "push data" (it is data, not a script; no mixing scriptSig with hashScriptCheck)
 46 | * scriptCheck MUST hash (using Bitcoin's Hash160 algorithm) to the output's hashScriptCheck.
 47 | * scriptCheck MUST be executed with the dataSig-based stack specified above (ie, not including scriptCheck itself) to perform validation (this does not imply clients are required to validate transactions).
 48 | * scriptCheck must not abort, and must leave a true value on the top of the stack. This is the current behaviour for scriptSig+scriptPubKey.
 49 | 
 50 | The new scriptCheck SHOULD be checked against "standard transaction" templates by miners.
 51 | 
 52 | For example, the hashScriptCheck and corresponding dataSig for a one-signature-required transaction is:
 53 | 
 54 |     scriptCheck: [pubkey] OP_CHECKSIG
 55 |     dataSig: [signature] {[pubkey] OP_CHECKSIG}
 56 |     hashScriptCheck: [20-byte-hash of {[pubkey] OP_CHECKSIG}]
 57 | 
 58 | ===Signature operation limits for scriptCheck===
 59 | 
 60 | Signature operations in scriptCheck do not follow the same rules previously applied to scriptSig and scriptPubKey.
 61 | Instead, they shall contribute to the maximum number allowed per block (20,000) as follows:
 62 | 
 63 | # OP_CHECKSIG and OP_CHECKSIGVERIFY count as 1 signature operation, whether or not they are evaluated.
 64 | # OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY immediately preceded by OP_1 through OP_16 are counted as 1 to 16 signature operation, whether or not they are evaluated.
 65 | # All other OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY are counted as 20 signature operations.
 66 | 
 67 | Examples:
 68 | 
 69 | +3 signature operations:
 70 |     2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG
 71 | 
 72 | +22 signature operations
 73 |     OP_CHECKSIG OP_IF OP_CHECKSIGVERIFY OP_ELSE OP_CHECKMULTISIGVERIFY OP_ENDIF
 74 | 
 75 | ==Rationale==
 76 | 
 77 | This BIP replaces BIPs 12 and 17, which propose extensions to the Script system to allow scriptPubKey to outsource its verification.
 78 | It also replaces BIP 16, which is identical in terms of protocol, but suggests a specific implementation and does not deprecate scriptPubKey to maintain protocol consistency.
 79 | 
 80 | The Motivation for this BIP (and BIP 13, the pay-to-script-hash address type) is somewhat controversial; several people feel that it is unnecessary, and complex/multisignature transaction types should be supported by simply giving the sender the complete {serialized script}. The author believes that this BIP will minimize the changes needed to all of the supporting infrastructure that has already been created to send funds to a base58-encoded-20-byte bitcoin addresses, allowing merchants and exchanges and other software to start supporting multisignature transactions sooner.
 81 | 
 82 | The signature operation counting rules are intended to be easy and quick to implement by statically scanning scriptCheck.
 83 | Bitcoin imposes a maximum-number-of-signature-operations per block to prevent denial-of-service attacks on miners.
 84 | If there was no limit, a rogue miner might broadcast a block that required hundreds of thousands of ECDSA signature operations to validate, and it might be able to get a head start computing the next block while the rest of the network worked to validate the current one.
 85 | 
 86 | There is a 1-confirmation attack on old implementations, but it is expensive and difficult in practice. The attack is:
 87 | 
 88 | # Attacker creates a pay-to-script-hash transaction that is valid when interpreted as scriptPubKey, but contains an invalid scriptCheck, and sends themselves some coins using it.
 89 | # Attacker also creates a standard transaction that spends the pay-to-script transaction, and pays the victim who is running old software.
 90 | # Attacker mines a block that contains both transactions.
 91 | 
 92 | If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block.
 93 | 
 94 | The attack is expensive because it requires the attacker create a block that they know will be invalidated by the rest of the network. It is difficult because creating blocks is difficult and users should not accept 1-confirmation transactions for higher-value transactions.
 95 | 
 96 | ==Backwards Compatibility==
 97 | 
 98 | hashScriptCheck transactions are non-standard to old implementations, which will (typically) not relay them nor include them in blocks.
 99 | 
100 | Old implementations will validate that scriptCheck's hash value matches when they validate blocks created by software that fully support this BIP, but will do no other validation.
101 | 
102 | Avoiding a block-chain split by malicious pay-to-script transactions requires careful handling of one case:
103 | 
104 | * A pay-to-script-hash transaction that is invalid for new clients/miners but valid for old clients/miners.
105 | 
106 | To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time.
107 | 
108 | To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "/P2SH/" in the input of the coinbase transaction for blocks that they create.
109 | 
110 | At 00:00:00 UTC on 15 Mar 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If 550 or more contain "/P2SH/" in their coinbase, then all blocks with timestamps after 00:00:00 UTC on 1 Apr 2012 shall have their pay-to-script-hash transactions fully validated. Approximately 1,000 blocks are created in a week; 550 should, therefore, be approximately 55% of the network supporting the new feature.
111 | 
112 | If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
113 | 
114 | ==Forwards Compatibility ==
115 | The first two bytes of hashScriptCheck specify the hash algorithm and length used to verify scriptCheck.
116 | This BIP only allows Bitcoin's Hash160 algorithm, but leaves open the possibility of a future BIP implementing others.
117 | 
118 | ==Reference Implementation==
119 | 
120 | https://github.com/gavinandresen/bitcoin-git/tree/pay_to_script_hash
121 | 
122 | ==See Also==
123 | 
124 | * The [[bip-0013.mediawiki|Address format for Pay to Script Hash BIP]]
125 | * [[bip-0016.mediawiki|BIP 16 - Pay to Script Hash (aka "/P2SH/")]]
126 | * M-of-N Multisignature Transactions [[bip-0011.mediawiki|BIP 11]]
127 | 


--------------------------------------------------------------------------------
/bip-0010.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 10
  3 |   Title: Multi-Sig Transaction Distribution
  4 |   Author: Alan Reiner
  5 |   Status: Draft
  6 |   Type: Informational
  7 |   Created: 28-10-2011
  8 | </pre>
  9 | 
 10 | A multi-signature transaction is one where a certain number of Bitcoins are "encumbered" with more than one recipient address.  The subsequent transaction that spends these coins will require each party involved (or some subset, depending on the script), to see the proposed transaction and sign it with their private key.  This necessarily requires collaboration between all parties -- to propose a distribution of encumbered funds, collect signatures from all necessary participants, and then broadcast the completed transaction.
 11 | 
 12 | This BIP describes a way standardize the encoding of proposal transactions, to assist with signature collection and broadcast (which includes regular, 1-of-1 transactions requiring signatures from an offline computer).  The goal is to encourage a standard that guarantees interoperability of all programs that implement it.
 13 | 
 14 | 
 15 | ==Motivation==
 16 | 
 17 | The enabling of multi-signature transactions in Bitcoin will introduce a great deal of extra functionality to the users of the network, but also a great deal of extra complexity.  Executing a multi-signature tx will be a multi-step process, and will potentially get worse with multiple clients, each implementing this process differently.  By providing an efficient, standardized technique, we can improve the chance that developers will adopt compatible protocols and not bifurcate the user-base based on client selection.
 18 | 
 19 | In addition to providing a general encoding scheme for transaction signing/collection, it does not require the signing device to hold any blockchain information (all information needed for verification and signing is part of the encoding).  This enables the existence of very lightweight devices that can be used for signing since they do not need the blockchain -- only a minimal set of Bitcoin tools and an ECDSA module.  Therefore, BIP 0010 has benefit beyond just multi-signature transactions.
 20 | 
 21 | ==Specification==
 22 | 
 23 | This BIP proposes the following process, with terms in quotes referring to recommended terminology that should be encouraged across all implementations.
 24 | 
 25 | #  One party will initiate this process by creating a "Distribution Proposal", which could be abbreviated DP, or TxDP
 26 | #  The user creating the TxDP (the preparer) will create the transaction as they would like to see it spent, but with blank TxIn scripts (where the signatures scripts will eventually go).
 27 | #  The proposed transaction will be spending a set of unspent TxOuts available in the blockchain.  The full transactions containing these TxOuts will be serialized and included, as well.  This so that the values of the TxIns can be verified before signing (the prev-tx-hash is part of the data being signed, but the value is not).  By including the full tx, the signing party can verify that the tx matches the OutPoint hash, and then verify input values, all without any access to the blockchain.
 28 | #  The TxDP will have an "DP ID" or "Unsigned ID" which is the hash of the proposed transaction with blanked scripts, in Base58.  This is a specific naming convention to make sure it is not confused with the actual the transaction ID that it will have after it is broadcast (the transaction ID cannot be determined until after all signatures are collected).  The final Tx ID can be referred to as its "Broadcast ID", in order to distinguish it from the pre-signed ID.
 29 | #  The TxDP will have an potentially-unordered list of sig-pubkey pairs which represent collected signatures.  If you receive a TxDP missing only your signature, you can broadcast it as soon as you sign it.
 30 | #  Identical TxDP objects with different signatures can be easily combined.  This allows one party to send out all the requests for signatures at once, and combine them all when they are received (instead of having to "pass it around".
 31 | #  For cases where the TxDP might be put into a file or sent via email, it should use .txdp or .btcdp suffix
 32 | 
 33 | Anyone adopting BIP 0010 for multi-sig transactions will use the following format (without indentation):
 34 | 
 35 | <pre>
 36 |  '-----BEGIN-TRANSACTION-TXDPID-------'
 37 |  ("_TXDIST_") (magicBytes) (base58Txid) (varIntTxSize)
 38 |     (serializedTxListInHex_Line1)
 39 |     (serializedTxListInHex_Line2)
 40 |     (serializedTxListInHex_Line3)
 41 |     ...
 42 |  ("_TXINPUT_") (00) (InputValue)
 43 |     ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
 44 |     (SigHexRemainingLines)
 45 |     ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
 46 |     (SigHexRemainingLines)
 47 |  ("_TXINPUT_") (01) (InputValue)
 48 |     ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
 49 |     (SigHexRemainingLines)
 50 |  ("_TXINPUT_") (02) (InputValue)
 51 |  '-------END-TRANSACTION-TXDPID-------'
 52 | </pre>
 53 | 
 54 | The following is an example TxDP from Armory, produced while running on the test network.  Its DPID is 3fX59xPj:
 55 | 
 56 | </pre>
 57 |  -----BEGIN-TRANSACTION-3fX59xPj-------------------------------------------------
 58 |  _TXDIST_fabfb5da_3fX59xPj_00a0
 59 |  010000000292807c8e70a28c687daea2998d6273d074e56fa8a55a0b10556974cf2b526e61000000
 60 |  0000ffffffffe3c1ee0711611b01af3dee55b1484f0d6b65d17dce4eff0e6e06242e6cf457e10000
 61 |  000000ffffffff02b0feea0b000000001976a91457996661391fa4e95bed27d7e8fe47f47cb8e428
 62 |  88ac00a0acb9030000001976a914dc504e07b1107110f601fb679dd3f56cee9ff71e88ac00000000
 63 |  0100000001eb626e4f73d88f415a8e8cb32b8d73eed47aa1039d0ed2f013abdc741ce6828c010000
 64 |  008c493046022100b0da540e4924518f8989a9da798ca2d9e761b69a173b8cc41a3e3e3c6d77cd50
 65 |  022100ecfa61730e58005338420516744ef680428dcfc05022dec70a851365c8575b190141042dc5
 66 |  be3afa5887aee4a377032ed014361b0b9b61eb3ea6b8a8821bfe13ee4b65cd25d9630e4f227a53e8
 67 |  bf637f85452c9981bcbd64ef77e22ce97b0f547c783effffffff0200d6117e030000001976a914cf
 68 |  f580fd243f64f0ad7bf69faf41c0bf42d86d8988ac00205fa0120000001976a9148d573ef6984fd9
 69 |  f8847d420001f7ac49b222a24988ac000000000100000001f2782db40ae147398a31cff9c7cc3423
 70 |  014a073a92e463741244330cc304168f000000008c493046022100c9311b9eef0cc69219cb96838f
 71 |  dd621530a80c46269a00dccc66498bc03ccf7a0221003742ee652a0a76fd28ad81aa73bb7f7a0a6a
 72 |  81850af58f62d9a184d10e5eec30014104f815e8ef4cad584e04974889d7636e8933803d2e72991d
 73 |  b5288c9e953c2465533905f98b7b688898c7c1f0708f2e49f0dd0abc06859ffed5144e8a1018a4e8
 74 |  63ffffffff02008c8647000000001976a914d4e211215967f8e3744693bf85f47eb4ee9567fc88ac
 75 |  603d4e95010000001976a914e9a6b50901c1969d2b0fd43a3ccfa3fef3291efe88ac00000000
 76 |  _TXINPUT_00_150.00000000
 77 |  _SIG_mzUYGfqGpyXmppYpmWJ31Y4zTxR4ZCod22_00_008c
 78 |  4930460221007699967c3ec09d072599558d2e7082fae0820206b63aa66afea124634ed11a080221
 79 |  0003346f7e963e645ecae2855026dc7332eb7237012539b34cd441c3cef97fbd4d01410497d5e1a0
 80 |  0e1db90e893d1f2e547e2ee83b5d6bf4ddaa3d514e6dc2d94b6bcb5a72be1fcec766b8c382502caa
 81 |  9ec09fe478bad07d3f38ff47b2eb42e681c384cc
 82 |  _TXINPUT_01_12.00000000
 83 |  _SIG_mzvaN8JUhHLz3Gdec1zBRxs5rNaYLQnbD1_01_008c
 84 |  49304602210081554f8b08a1ad8caa69e34f4794d54952dac7c5efcf2afe080985d6bd5b00770221
 85 |  00dea20ca3dbae1d15ec61bec57b4b8062e7d7c47614aba032c5a32f651f471cfd014104c30936d2
 86 |  456298a566aa76fefeab8a7cb7a91e8a936a11757c911b4c669f0434d12ab0936fc13986b156156f
 87 |  9b389ed244bbb580112be07dbe23949a4764dffb
 88 |  -------END-TRANSACTION-3fX59xPj-------------------------------------------------
 89 | </pre>
 90 | 
 91 | In this transaction, there are two inputs, one of 150 BTC and the other of 12 BTC.  This transaction combines 162 BTC to create two outputs, one of 160 BTC, one 1.9995 BTC, and a tx fee of 0.0005.  In this TxDP, both inputs have been signed, and thus could broadcast immediately.
 92 | 
 93 | The style of communication is taken directly from PGP/GPG, which uses blocks of ASCII like this to communicate encrypted messages and signatures.  This serialization is compact, and will be interpretted the same in all character encodings.  It can be copied inline into an email, or saved in a text file.  The advantage over the analogous PGP encoding is that there are some human readable elements to it, for users that wish to examine the TxDP packet manually, instead of requiring a program to parse the core elements of the TxDP.
 94 | 
 95 | A party receiving this TxDP can simply add their signature to the appropriate _TXINPUT_ line.  If that is the last signature required, they can broadcast it themselves.  Any software that implements this standard should be able to combine multiple TxDPs into a single TxDP.  However, even without the programmatic support, a user could manually combine them by copying the appropriate _TXSIGS_ lines between serializations, though it is not the recommended method for combining TxDPs.
 96 | 
 97 | == Reference Implementation ==
 98 | 
 99 | This proposal has been implemented and tested in the ''Armory'' Bitcoin software for use in offline-wallet transaction signing (as a 1-of-1 transaction), and will eventually use it for multi-signature transcations.  The source code for this implementation be found in the [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py Armory Github project].  Specifically, the [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4704 PyTxDistProposal class] implements all features of BIP 0010.  It contains reference code for both
100 | [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L5095 serializing a TxDP] and [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L5143 unserializing a TxDP].
101 | 


--------------------------------------------------------------------------------
/bip-0016/qa.mediawiki:
--------------------------------------------------------------------------------
  1 | This page is a Quality Assurance test plan for [[BIP 16]].  If you see a test missing, please add it.
  2 | If you can help test, please edit this page to sign-off on it.
  3 | 
  4 | {| class="wikitable"
  5 | |-
  6 | ! Done !! Test Procedure !! Tested by
  7 | 
  8 | |- style="color:green;"
  9 | | &#x2713;
 10 | | Run BIP-16-capable Bitcoin 0.6 on testnet and main net<br />
 11 | Send coins using GUI, RCP sendtoaddress, and RCP sendmany commands<br />
 12 | Result: coins sent in all cases
 13 | | Gavin Andresen
 14 | 
 15 | |- style="color:green;"
 16 | | &#x2713;
 17 | | Test multisig 1-of-1<br />
 18 | Run 0.6 bitcoind, get a public key with: ./bitcoind -testnet validateaddress $(./bitcoind -testnet getnewaddress)<br />
 19 | Generate a multisig 1-of-1 address: ./bitcoind addmultisigaddress 1 {public key from above}<br />
 20 | Send-to-self some bitcoins using that address<br />
 21 | Result: transaction is confirmed by network, displays properly in listtransactions.
 22 | Result: balance is unaffected
 23 | | Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
 24 | 
 25 | 
 26 | |- style="color:green;"
 27 | | &#x2713;
 28 | | Test multisig 1-of-2<br />
 29 | Run 0.6 bitcoind, get 2 new bitcoin addresses<br />
 30 | Generate a multisig 1-of-2 address: ./bitcoind addmultisigaddress 1 {address1} {address2}<br />
 31 | Send-to-self some bitcoins using that address<br />
 32 | Result: transaction is confirmed by network, displays properly in listtransactions.
 33 | Result: bitcoin balance is unaffected.
 34 | | Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
 35 | 
 36 | 
 37 | |- style="color:green;"
 38 | | &#x2713;
 39 | | Test multisig 1-of-3, 2-of-3, 3-of-3<br />
 40 | Repeat test procedures above, with the other new multisignature transaction types
 41 | | Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
 42 | 
 43 | |- style="color:green;"
 44 | | &#x2713;
 45 | | Test multisig send-to-other<br />
 46 | Repeat test procedures above, but use two bitcoinds, prepared as follows:<br />
 47 | bitcoind 1 : Run getnewaddress and addmultisigaddress<br />
 48 | bitcoind 2 : Just addmultisigaddress<br />
 49 | Send coins from 2 to 1 using the address<br />
 50 | Result: transaction is accepted/confirmed by network<br />
 51 | Result: balance for 2 goes down, listtransactions for 2 displays correct result<br />
 52 | Result: balance for 1 goes up, listtransactions for 1 displays correct result<br />
 53 | | Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
 54 | 
 55 | 
 56 | |- style="color:green;"
 57 | | &#x2713;
 58 | | Test redeeming multisignature transactions<br />
 59 | Fund a new, empty wallet entirely with multisig transactions<br />
 60 | Wait for transactions to confirm<br />
 61 | Use sendtoaddress and sendmany to generate spend-from-multisig transactions<br />
 62 | Spend to both single-address and multisig address, and test send-to-other and send-to-self<br />
 63 | Result: transactions are accepted/confirmed by network<br />
 64 | Result: balance decreases, listtransactions displays correct information<br />
 65 | | Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
 66 | 
 67 | 
 68 | |- style="color:green;"
 69 | | &#x2713;
 70 | | Run 0.6 Bitcoin-Qt GUI on one of the test wallets from above<br />
 71 | Result: balance and transactions displayed correctly
 72 | | Gavin Andresen
 73 | 
 74 | |- style="color:orange;"
 75 | | &#x2713;
 76 | | Run BIP-16-capable backport Bitcoin 0.3.19 through 0.5.1 on testnet and main net<br />
 77 | Send coins using GUI, RCP sendtoaddress, and RCP sendmany commands<br />
 78 | Result: coins sent in all cases
 79 | | Gavin Andresen (tested 0.3.19, 0.3.24 and 0.5.1)
 80 | 
 81 | |- style="color:green;"
 82 | | &#x2713;
 83 | | Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
 84 | Mine coins using built-in miner<br />
 85 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
 86 | Result: mined blocks' coinbase contains /P2SH/ string
 87 | | Gavin Andresen
 88 | 
 89 | |- style="color:green;"
 90 | | &#x2713;
 91 | | Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
 92 | Mine coins using getwork interface<br />
 93 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
 94 | Result: mined blocks' coinbase contains /P2SH/ string
 95 | | Gavin Andresen
 96 | 
 97 | |- style="color:green;"
 98 | |
 99 | | Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
100 | Mine coins using getmemorypool interface<br />
101 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
102 | Result: mined blocks' coinbase contains /P2SH/ string
103 | | Gregory Maxwell; Using p2pool see [https://blockexplorer.com/testnet/rawblock/00000000040367fcb750b6f064db6955b6c7c6218fb625e3dfed6b5c19c97107 testnet block 45400] (and many others, also tested on mainnet) 
104 | 
105 | |- style="color:green;"
106 | | &#x2713;
107 | | Run BIP-16-capable Bitcoin 0.3.19 through 0.5.1 backports on testnet<br />
108 | Mine coins using built-in miner<br />
109 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
110 | Result: mined blocks' coinbase contains /P2SH/ string
111 | | Gavin Andresen (tested all on a testnet-in-a-box)
112 | 
113 | |- style="color:green;"
114 | | &#x2713;
115 | | Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
116 | Mine coins using getwork interface<br />
117 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
118 | Result: mined blocks' coinbase contains /P2SH/ string
119 | | Gavin Andresen (tested all on a testnet-in-a-box)
120 | 
121 | |- style="color:green;"
122 | | &#x2713;
123 | | Run BIP-16-capable Bitcoin 0.3.19 through 0.5.1 backports on testnet<br />
124 | Mine coins using built-in miner<br />
125 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
126 | Result: mined blocks' coinbase contains /P2SH/ string
127 | | Gavin Andresen (tested all on a testnet-in-a-box)
128 | 
129 | |- style="color:green;"
130 | | &#x2713;
131 | | Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
132 | Mine coins using getwork interface<br />
133 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
134 | Result: mined blocks' coinbase contains /P2SH/ string
135 | | Gavin Andresen (tested all on a testnet-in-a-box)
136 | |- style="color:red;"
137 | 
138 | |- style="color:red;"
139 | |
140 | | Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
141 | Mine coins using getmemorypool interface<br />
142 | Result: blocks accepted, show up on blockexplorer.com/testnet<br />
143 | Result: mined blocks' coinbase contains /P2SH/ string
144 | | 
145 | 
146 | |- style="color:green;"
147 | | &#x2713;
148 | | Create/run unit tests for:<br />
149 | multisignature signing/verification<br />
150 | multisignature invalid signature failure<br />
151 | multisignature IsStandard() success/failure<br />
152 | extraction of addresses from multisignature transactions<br />
153 | BIP 16 IsStandard() success/failure (including failure with OP_PUSHDATA1/2/4)<br />
154 | BIP 16 AreInputsStandard() success/failure<br />
155 | BIP 16 compatibility with other 3 standard transaction types<br />
156 | BIP 16 no-recursion test<br />
157 | BIP 16 switchover date logic<br />
158 | OP_CHECKMULTISIG counting of signature operations inside BIP 16 transactions<br />
159 | | Gavin Andresen (see test/multisig_tests.cpp, test/script_tests.cpp, test/script_P2SH_tests.cpp, test/sigopcount_tests.cpp in the bitcoin source tree; 'make test_bitcoin' in src/ directory to compile)
160 | 
161 | |- style="color:green;"
162 | | &#x2713;
163 | | Create/run 'transaction fuzzer' to stress-test BIP 16 transactions
164 | | Gavin Andresen (https://github.com/gavinandresen/bitcoin-git/tree/fuzzer , run twice on both testnet-in-a-box and testnet with 100,000 'fuzzed' transactions each test run) Valid fuzzed transactions appeared in (for example) [http://blockexplorer.com/testnet/block/000000001587c859649cea954e921ba4efd77707fb327dd53e122fd7b89636c4 testnet block 44987]
165 | 
166 | |- style="color:green;"
167 | | &#x2713;
168 | | Run Bitcoin 0.6 on main net <br />
169 | Result: blocks created properly
170 | Result: blocks include /P2SH/ string in their coinbase
171 | | various mining pools
172 | 
173 | |- style="color:green;"
174 | | &#x2713;
175 | | Run BIP 16 vinced_mergedmine backport on main net <br />
176 | Result: blocks created properly
177 | Result: blocks include /P2SH/ string in their coinbase
178 | | (Gavin for slush: after bug fixes, running with no issues)<br />
179 | 
180 | |- style="color:green;"
181 | | &#x2713;
182 | | Test chain-split handling on testnet-in-a-box <br />
183 | Create two valid hash, invalid signature transactions in two blocks separated in time on a testnet-in-a-box chain<br />
184 | Run a bitcoind to synchronize with the chain, with -paytoscripthashtime set in between the two blocks<br/>
185 | Result: first transaction/block accepted, second causes a chain split<br/>
186 | Re-run bitcoind with -paytoscripthashtime in the future<br/>
187 | Result: entire chain accepted
188 | | Gavin Andresen: testnet-in-a-box files at: http://www.skypaint.com/bitcoin/bip16chain.tar.gz first half-valid BIP16 transaction at block 2431 (time 1328202835) second at block 2436 (time 1328204241)<br />
189 | 
190 | |}
191 | 


--------------------------------------------------------------------------------
/bip-0020.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 20
  3 |   Title: URI Scheme
  4 |   Author: Luke Dashjr <luke+bip@dashjr.org>
  5 |   Status: Replaced
  6 |   Type: Standards Track
  7 |   Created: 10-01-2011
  8 | </pre>
  9 | 
 10 | BIP 0020 is based off an earlier document by Nils Schneider. '''And has been replaced by BIP 0021'''
 11 | 
 12 | ==Abstract==
 13 | This BIP proposes a URI scheme for making Bitcoin payments.
 14 | 
 15 | ==Motivation==
 16 | The purpose of this URI scheme is to enable users to easily make payments by simply clicking links on webpages or scanning QR Codes.
 17 | 
 18 | ==Specification==
 19 | 
 20 | === General rules for handling (important!) ===
 21 | 
 22 | Bitcoin clients MUST NOT act on URIs without getting the user's authorization.
 23 | They SHOULD require the user to manually approve each payment individually, though in some cases they MAY allow the user to automatically make this decision.
 24 | 
 25 | === Operating system integration ===
 26 | Graphical bitcoin clients SHOULD register themselves as the handler for the "bitcoin:" URI scheme by default, if no other handler is already registered. If there is already a registered handler, they MAY prompt the user to change it once when they first run the client.
 27 | 
 28 | === BNF grammar ===
 29 | 
 30 | (See also [[#Simpler syntax|a simpler representation of syntax]])
 31 | 
 32 |  bitcoinurn      = "bitcoin:" bitcoinaddress [ ";version=" bitcoinversion ] [ "?" bitcoinparams ]
 33 |  bitcoinaddress  = base58 *base58
 34 |  bitcoinversion  = "1.0"
 35 |  bitcoinparams   = *bitcoinparam
 36 |  bitcoinparam    = amountparam | labelparam | messageparam | sendparam | otherparam
 37 |  amountparam     = "amount=" amount
 38 |  amount          = amountdecimal | amounthex
 39 |  amountdecimal   = *digit [ "." *digit ] [ "X" *digit ]
 40 |  amounthex       = "x" *hexdigit [ "." *hexdigit ] [ "X" *hexdigit ]
 41 |  labelparam      = "label=" *pchar
 42 |  messageparam    = "message=" *pchar
 43 |  sendparam       = "send=" *pchar
 44 |  otherparam      = pchar *pchar "=" *pchar
 45 | 
 46 | === Query Keys ===
 47 | 
 48 | *label: Label for that address (e.g. name of receiver)
 49 | *address: bitcoin address
 50 | *message: message that shown to the user after scanning the QR code
 51 | *size: amount of base bitcoin units ([[#Transfer amount/size|see below]])
 52 | *send: used to send bitcoin, rather than to request them
 53 | *(others): optional, for future extensions
 54 | 
 55 | ==== Transfer amount/size ====
 56 | 
 57 | If an amount is provided, it may be specified either in decimal or, when prefixed with a single "x" character, hexadecimal.
 58 | The number SHOULD be followed by "X" &lt;digits&gt; to signify an exponent to the base multiplier.
 59 | Thus, "X8" multiplies your number by 100,000,000.
 60 | For decimal values, this means the standard BTC unit.
 61 | For hexadecimal values, this means ᵇTBC units (which are equivalent to 42.94967296 BTC).
 62 | If exponent is omitted, implementations SHOULD assume X8 for decimal numbers, and X4 for hexadecimal numbers.
 63 | I.e. amount=50.00 is treated as 50 BTC, and amount=x40 is treated as 40 TBC.
 64 | When specifying bitcoin base units, "X0" SHOULD be used.
 65 | 
 66 | Bitcoin clients MAY display the amount in any format that is not intended to deceive the user.
 67 | They SHOULD choose a format that is foremost least confusing, and only after that most reasonable given the amount requested.
 68 | For example, so long as the majority of users work in BTC units, values should always be displayed in BTC by default, even if mBTC or TBC would otherwise be a more logical interpretation of the amount.
 69 | 
 70 | == Rationale ==
 71 | 
 72 | ===Payment identifiers, not person identifiers===
 73 | Current best practices are that a unique address should be used for every transaction.
 74 | Therefore, a URI scheme should not represent an exchange of personal information, but a one-time payment.
 75 | 
 76 | ===Accessibility (URI scheme name)===
 77 | Should someone from the outside happen to see such a URI, the URI scheme name already gives a description.
 78 | A quick search should then do the rest to help them find the resources needed to make their payment.
 79 | Other proposed names sound much more cryptic; the chance that someone googles that out of curiosity are much slimmer.
 80 | Also, very likely, what he will find are mostly technical specifications - not the best introduction to bitcoin.
 81 | 
 82 | ==Forward compatibility==
 83 | We want URIs generated in 2011 to still work in 2036: think about extensibility.
 84 | Of course we can make only educated guesses about the future, but don't act as if there is none.
 85 | This should be the best we can do, but it should not be seen as set in stone.
 86 | Make it possible for later generations to improve our work, to mend our errors, without breaking the URIs created now.
 87 | 
 88 | == Appendix ==
 89 | 
 90 | === Simpler syntax ===
 91 | 
 92 | This section is non-normative and does not cover all possible syntax.
 93 | Please see the [[#BNF grammar|BNF grammar]] above for the normative syntax.
 94 | 
 95 | [foo] means optional, &lt;bar&gt; are placeholders
 96 | 
 97 | <pre>
 98 |  bitcoin:<address>[;version=1.0][?amount=<amount>][?label=<label>][?message=<message>][?send=<private key>]
 99 | </pre>
100 | 
101 | === Examples ===
102 | 
103 | Just the address:
104 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L
105 | 
106 | Address with name:
107 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?label=Luke-Jr
108 | 
109 | Request 20.30 BTC to "Luke-Jr":
110 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=20.3X8&label=Luke-Jr
111 | 
112 | Request 400 TBC:
113 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=x400X4
114 | 
115 | Request 4000 TBC:
116 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=x4X7
117 | 
118 | Request 5 uBTC:
119 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=5X2
120 | 
121 | Request 50 BTC with message:
122 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=50X8&label=Luke-Jr&message=Donation%20for%20project%20xyz
123 | 
124 | Send 1 BTC:
125 |  bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=1X8&send=S4b3N3oGqDqR5jNuxEvDwf
126 | 
127 | Characters must be URI encoded properly.
128 | 
129 | ===Sending money via private key===
130 | To send a payment to someone else first construct a new keypair. You may want to use a [[mini private key format]], or you may also use a full private key for more security depending on the amount being sent and how long you expect to pass before a claim. Now create and publish a transaction with an output of the amount you wish to send. Use this script in that output:
131 | 
132 | <pre>
133 |  <pubkey> OP_CHECKSIG
134 | </pre>
135 | 
136 | Construct an address from the public key. Encode the URI as below:
137 | 
138 | <pre>
139 |  bitcoin:<address>?send=<base 58 encoded private key>
140 | </pre>
141 | 
142 | You may optionally include amount or message fields as well. In a wallet to claim money sent this way search for an incoming transaction with the output script form above, where &lt;address&gt; matches the public key in the script. When you find the transaction create a claim transaction with an input script of this form:
143 | 
144 | <pre>
145 |  <sig>
146 | </pre>
147 | 
148 | This claims the money you were sent. Until your claim transaction has confirmed the sender may take their money back.
149 | 
150 | == Reference Implementations ==
151 | === Bitcoin clients ===
152 | * [[Spesmilo]] supports all valid Bitcoin URIs, with Windows and KDE integration
153 | 
154 | === Parsing amount ===
155 | ==== ECMAScript ====
156 | <pre>
157 |  reAmount = /^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$/i;
158 |  function parseAmount(txt) {
159 |     var m = txt.match(reAmount);
160 |     return m[5] ? (
161 |         (
162 |             parseInt(m[5], 16) +
163 |             (m[7] ? (parseInt(m[7], 16) * Math.pow(16, -(m[7].length))) : 0)
164 |         ) * (
165 |             m[9] ? Math.pow(16, parseInt(m[9], 16)) : 0x10000
166 |         )
167 |     ) : (
168 |             m[2]
169 |         *
170 |             (m[4] ? Math.pow(10, m[4]) : 1e8)
171 |     );
172 |  }
173 | </pre>
174 | 
175 | ==== Python ====
176 | <pre>
177 |  m = re.match(r'^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$', amount, re.IGNORECASE)
178 |  if m.group(5):
179 |      amount = float(int(m.group(5), 16))
180 |      if m.group(7):
181 |          amount += float(int(m.group(7), 16)) * pow(16, -(len(m.group(7))))
182 |      if m.group(9):
183 |          amount *= pow(16, int(m.group(9), 16))
184 |      else:
185 |          amount *= 0x10000
186 |  else:
187 |      amount = Decimal(m.group(2))
188 |      if m.group(4):
189 |          amount *= 10 ** int(m.group(4))
190 |      else:
191 |          amount *= 100000000
192 | </pre>
193 | 
194 | ==== C# ====
195 | <pre>
196 |  Regex amountExpression = new Regex(@"^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$", RegexOptions.IgnoreCase);
197 |  Match match = amountExpression.Match(value);
198 |  if (match.Success)
199 |  {
200 |      if (match.Groups[5].Success)
201 |      {
202 |          long hexDecimal = 0;
203 |          if (match.Groups[7].Success)
204 |              hexDecimal = Convert.ToInt64(match.Groups[7].Value, 16) * (long)Math.Pow(16, -match.Groups[7].Length);
205 | 
206 |          long hexExponent = 0x10000;
207 |          if (match.Groups[9].Success)
208 |              hexExponent = (long)Math.Pow(16, Convert.ToInt32(match.Groups[9].Value, 16));
209 | 
210 |          Amount = (Convert.ToInt64(match.Groups[5].Value, 16) + hexDecimal) * hexExponent;
211 |      }
212 |      else
213 |      {
214 |          long decimalExponent = 100000000;
215 |          if (match.Groups[4].Success)
216 |              decimalExponent = (long)Math.Pow(10, int.Parse(match.Groups[4].Value));
217 |          Amount = (long)(decimal.Parse(match.Groups[2].Value) * decimalExponent);
218 |      }
219 |  }
220 | </pre>
221 | 


--------------------------------------------------------------------------------
/bip-0036.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 36
  3 |   Title: Custom Services
  4 |   Author: Stefan Thomas <justmoon@members.fsf.org>
  5 |   Status: Draft
  6 |   Type: Standards Track
  7 |   Created: 03-08-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP adds new fields to the <code>version</code> message which clients can use to announce custom services without polluting the limited 64-bit <code>services</code> field. It also makes some non-binding recommendations regarding the implementation of custom services.
 13 | 
 14 | ==Motivation==
 15 | 
 16 | We would like to encourage experimentation with custom services that extend the Bitcoin protocol with useful functionality. Examples include Distributed Hash Tables (DHT), distributed pools, lightweight client support protocols, directed message routing and support for custom transports. However, without a general framework for protocol extensions, these custom services are likely to collide in various ways. This BIP provides such a framework.
 17 | 
 18 | ==Specification==
 19 | 
 20 | Two new fields are added to the <code>version</code> command, after <code>extra_height</code>:
 21 | 
 22 | {|class="wikitable"
 23 | ! Field Size !! Description !! Data type !! Comments
 24 | |-
 25 | | 1+ || service_count || [[Protocol_specification#Variable_length_integer|var_int]] || Number of extra services
 26 | |-
 27 | | ? || service_list || service[] || List of service definitions
 28 | |}
 29 | 
 30 | The service definitions <code>service[]</code> are given in the following format:
 31 | 
 32 | {|class="wikitable"
 33 | ! Field Size !! Description !! Data type !! Comments
 34 | |-
 35 | | ? || service_name || [[#Variable length string|var_str]] || Unique service identifier
 36 | |-
 37 | | 4 || service_version || uint32_t || Identifies service version being used by the node
 38 | |-
 39 | | ? || service_data || [[#Variable length string|var_str]] || Additional service-specific data
 40 | |}
 41 | 
 42 | A node MUST NOT announce two services with the same <code>service_name</code>. If a remote node sends such a <code>version</code> message the client MAY disconnect.
 43 | 
 44 | The <code>service_version</code> is service-specific and can be any integer. Higher versions SHOULD be higher integers. When a service is standardized, it is assigned a <code>NODE_*</code> constant for use with the <code>services</code> field and future iterations of the protocol depend on the Bitcoin protocol version. Both the <code>NODE_*</code> flag and the custom service entry MAY be provided for the duration of a transitional period.
 45 | 
 46 | Services SHOULD pass an empty string (0x00) as <code>service_data</code> and use a custom handshake to initialize their protocol, exchange information about capabilities etc. Note that to become a standardized service, a service MUST NOT rely on <code>service_data</code> since there is no corresponding mechanism for the standard services defined in the <code>services</code> field.
 47 | 
 48 | However, services MAY use <code>service_data</code> if they do not intend to become standard services and need a simple way to transmit a small amount of initialization data. For example, a node offering a custom transport like UDP or WebSocket, may choose to announce this as a service and include the port number in <code>service_data</code>. The format for <code>service_data</code> is service-specific and may be any binary or ASCII data. For ease of debugging, a human-readable (ASCII) format is generally recommended.
 49 | 
 50 | ===Service identifier===
 51 | 
 52 | Each service SHOULD choose a new identifier that is not used by any other service. To register a new identifier, add it to the [[Service identifiers]] wiki page along with the name of the maintainer and a way to contact them. Please do not register identifiers unless you are actually using them.
 53 | 
 54 | Service identifiers that are reserved or used by an accepted BIP MUST NOT be used except in the way specified by that BIP.
 55 | 
 56 | Service identifiers MUST be between five (5) and eleven (11) characters long. Service identifiers MUST use only ASCII characters, excluding: / * _ :
 57 | 
 58 | Valid examples:
 59 | * <code>MySampleSvc</code>
 60 | * <code>smartserv</code>
 61 | * <code>P-Pool</code>
 62 | 
 63 | Valid, but discouraged examples:
 64 | 
 65 | * <code>MySVC 1.0</code> (use <code>service_version</code> to differentiate versions)
 66 | * <code>@@---.</code> (identifiers should be pronounceable)
 67 | * <code>lightweight</code> (avoid too generic names)
 68 | 
 69 | Invalid examples:
 70 | 
 71 | * <code>Pppc</code> (too short)
 72 | * <code>SuperService</code> (too long)
 73 | * <code>Cool_Svc</code> (invalid character)
 74 | 
 75 | ===Optional: Custom commands===
 76 | 
 77 | Bitcoin command names are limited to 12 characters. That doesn't leave a lot of space for both the service identifier and the service command. Therefore we recommend that all service commands SHOULD be represented by a single "command" on the Bitcoin network. This command SHOULD consist of the exact service identifier to avoid collisions with other services, prefixed by an underscore to avoid collisions with current or future Bitcoin protocol messages. For example: <code>_MySampleSvc</code>
 78 | 
 79 | The service-specific command name SHOULD then be specified in an extra header in the payload:
 80 | 
 81 | {|class="wikitable"
 82 | ! Field Size !! Description !! Data type !! Comments
 83 | |-
 84 | | 12 || subcommand || char[12] || ASCII string identifying the service command, NULL padded (non-NULL padding results in packet rejected)
 85 | |-
 86 | | ? || subpayload || uchar[] || The actual data
 87 | |}
 88 | 
 89 | The length of <code>subpayload</code> is derived from the length of the total payload minus twelve (12) bytes for the <code>subcommand</code>. Implementations MUST NOT rely on this format to be used by unknown services. Clients SHOULD ignore any services or subcommands they don't explicitly understand.
 90 | 
 91 | The recommended way to refer to messages following this format in documentation is by the service identifier, followed by a colon, followed by the subcommand. For example, the subcommand <code>search</code> for the <code>MySampleSvc</code> service would be referred to as: <code>MySampleSvc:search</code>
 92 | 
 93 | Full hexdump of an example <code>MySampleSvc:search</code> message:
 94 | 
 95 | <pre>
 96 | 0000   F9 BE B4 D9 5F 4D 79 53  61 6D 70 6C 65 53 76 63   ...._MySampleSvc
 97 | 0010   14 00 00 00 73 D5 56 77  73 65 61 72 63 68 00 00   ....s.Vwsearch..
 98 | 0020   00 00 00 00 12 34 56 78  9A BC DE F0               .....4Vx....
 99 | 
100 | Message header:
101 |  F9 BE B4 D9                                                                   - Main network magic bytes
102 |  5F 4D 79 53 61 6D 70 6C 65 53 76 63                                           - "_MySampleSvc" command
103 |  14 00 00 00                                                                   - Payload is 20 bytes long
104 |                                                                                  (includes 12 bytes for subcommand)
105 |  73 D5 56 77                                                                   - Checksum
106 | 
107 | Service header:
108 |  73 65 61 72 63 68 00 00 00 00 00 00                                           - "search" subcommand
109 | 
110 | Search message:
111 |  12 34 56 78 9A BC DE F0                                                       - Payload
112 | </pre>
113 | 
114 | ==Standardization==
115 | 
116 | Custom services may become standard parts of the protocol. Services which wish to become part of the Bitcoin protocol MUST fulfill the following criteria:
117 | 
118 | * MUST NOT use <code>service_data</code>; Standard services have no corresponding field
119 | * MUST use a peer discovery mechanism which specifies one bit per node, same as the <code>services</code> field in <code>addr</code> messages
120 | * MUST NOT use any subcommands that conflict with current or planned Bitcoin protocol commands
121 | 
122 | The standardization process will usually take place as follows:
123 | 
124 | # The service is implemented and tested.
125 | # Once the API is known to be relatively stable it is formalized and submitted as a BIP.
126 | # Once the BIP is accepted, the service is assigned a <code>NODE_*</code> constant and the transitional period starts:
127 | #* Clients MUST understand both the announcement of the service via the <code>services</code> field and via <code>service_list</code> and include both methods in their own <code>version</code> message.
128 | #* Clients MUST accept both the wrapped form messages like <code>MySampleSvc:search</code> as well as the corresponding non-namespaced messages like <code>search</code>. Clients MUST only send wrapped messages.
129 | #* During the transitional period the API of the service MUST NOT change.
130 | # After the transitional period:
131 | #* Clients MUST only announce the service via the <code>services</code> field.
132 | #* Clients MUST only send unwrapped messages.
133 | # Future changes to the service API now require a BIP and an increase in the Bitcoin protocol version.
134 | 
135 | This process of adding a service to the Bitcoin protocol should only be undertaken for services where there is a strong rationale for doing so. Services MAY also be standardized as custom services via a BIP while maintaining the custom service format.
136 | 
137 | ==Rationale==
138 | 
139 | This BIP aims to fulfill the following goals:
140 | 
141 | * Minimize the risk of namespace collisions, ambiguities or other issues arising from conflicting custom services
142 | * Provide an easy upgrade path for custom services to become standardized services with their own <code>NODE_*</code> flag
143 | * Place minimum restrictions on custom service authors
144 | * Allow custom services to be created with minimum effort
145 | * Allow clients to support multiple/many custom services at once
146 | 
147 | To achieve these goals this BIP adds two new fields to the <code>version</code> message. It would have been possible to avoid changes to <code>version</code> by adding a new message instead. However, it makes sense to keep both types of service announcements in the same message so that the life cycle of standardized services and custom services remains exactly the same. This also simplifies detecting a service which is in the transition from a custom to a standardized service (and being announced using both methods.)
148 | 
149 | Finally, this BIP defines both explicitly and implicitly some useful common nomenclature that can be used when discussing custom services, e.g. "subcommand", "subpayload", "service identifier" and the colon format for referring to subcommands.
150 | 
151 | ==Copyright==
152 | 
153 | This document is placed in the public domain.
154 | 


--------------------------------------------------------------------------------
/bip-0022.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 22
  3 |   Title: getblocktemplate - Fundamentals
  4 |   Author: Luke Dashjr <luke+bip22@dashjr.org>
  5 |   Status: Accepted
  6 |   Type: Standards Track
  7 |   Created: 28-02-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP describes a new JSON-RPC method for "smart" Bitcoin miners and proxies.
 13 | Instead of sending a simple block header for hashing, the entire block structure is sent, and left to the miner to (optionally) customize and assemble.
 14 | 
 15 | ==Specification==
 16 | 
 17 | ===Block Template Request===
 18 | 
 19 | A JSON-RPC method is defined, called "getblocktemplate".
 20 | It accepts exactly one argument, which MUST be an Object of request parameters.
 21 | If the request parameters include a "mode" key, that is used to explicitly select between the default "template" request or a [[bip-0023.mediawiki#Block Proposal|"proposal"]].
 22 | 
 23 | Block template creation can be influenced by various parameters:
 24 | {| class="wikitable"
 25 | !colspan=4|template request
 26 | |-
 27 | ! Key !! Required !! Type !! Description
 28 | |-
 29 | | capabilities || {{No}} || Array of Strings || SHOULD contain a list of the following, to indicate client-side support: [[#Optional: Long Polling|"longpoll"]], "coinbasetxn", "coinbasevalue", [[bip-0023.mediawiki#Block Proposal|"proposal"]], [[bip-0023.mediawiki#Logical Services|"serverlist"]], "workid", and any of the [[bip-0023.mediawiki#Mutations|mutations]]
 30 | |-
 31 | | mode || {{No}} || String || MUST be "template" or omitted
 32 | |}
 33 | 
 34 | getblocktemplate MUST return a JSON Object containing the following keys:
 35 | {| class="wikitable"
 36 | !colspan=4| template
 37 | |-
 38 | ! Key !! Required !! Type !! Description
 39 | |-
 40 | | bits || {{Yes}} || String || the compressed difficulty in hexadecimal
 41 | |-
 42 | | curtime || {{Yes}} || Number || the current time as seen by the server (recommended for block time) - note this is not necessarily the system clock, and must fall within the mintime/maxtime rules
 43 | |-
 44 | | height || {{Yes}} || Number || the height of the block we are looking for
 45 | |-
 46 | | previousblockhash || {{Yes}} || String || the hash of the previous block, in big-endian hexadecimal
 47 | |-
 48 | | sigoplimit || {{No}} || Number || number of sigops allowed in blocks
 49 | |-
 50 | | sizelimit || {{No}} || Number || number of bytes allowed in blocks
 51 | |-
 52 | | transactions || {{Yes|Should}} || Array of Objects || Objects containing [[#Transactions Object Format|information for Bitcoin transactions]] (excluding coinbase)
 53 | |-
 54 | | version || {{Yes}} || Number || always 1 or 2 (at least for bitcoin) - clients MUST understand the implications of the version they use (eg, comply with [[bip-0034.mediawiki|BIP 0034]] for version 2)
 55 | |-
 56 | | coinbaseaux || {{No}} || Object || data that SHOULD be included in the coinbase's scriptSig content. Only the values (hexadecimal byte-for-byte) in this Object should be included, not the keys. This does not include the block height, which is required to be included in the scriptSig by [[bip-0034.mediawiki|BIP 0034]]. It is advisable to encode values inside "PUSH" opcodes, so as to not inadvertantly expend SIGOPs (which are counted toward limits, despite not being executed).
 57 | |-
 58 | | coinbasetxn || {{Patch|this or ↓}} || Object || [[#Transactions Object Format|information for coinbase transaction]]
 59 | |-
 60 | | coinbasevalue || {{Patch|this or ↑}} || Number || total funds available for the coinbase (in Satoshis)
 61 | |-
 62 | | workid || {{No}} || String || if provided, this value must be returned with results (see [[#Block Submission|Block Submission]])
 63 | |}
 64 | 
 65 | ==== Transactions Object Format ====
 66 | 
 67 | The Objects listed in the response's "transactions" key contains these keys:
 68 | 
 69 | {| class="wikitable"
 70 | !colspan=3|template "transactions" element
 71 | |-
 72 | ! Key !! Type !! Description
 73 | |-
 74 | | data || String || transaction data encoded in hexadecimal (byte-for-byte)
 75 | |-
 76 | | depends || Array of Numbers || other transactions before this one (by 1-based index in "transactions" list) that must be present in the final block if this one is; if key is not present, dependencies are unknown and clients MUST NOT assume there aren't any
 77 | |-
 78 | | fee || Number || difference in value between transaction inputs and outputs (in Satoshis); for coinbase transactions, this is a negative Number of the total collected block fees (ie, not including the block subsidy); if key is not present, fee is unknown and clients MUST NOT assume there isn't one
 79 | |-
 80 | | hash || String || hash/id encoded in little-endian hexadecimal
 81 | |-
 82 | | required || Boolean || if provided and true, this transaction must be in the final block
 83 | |-
 84 | | sigops || Number || total number of SigOps, as counted for purposes of block limits; if key is not present, sigop count is unknown and clients MUST NOT assume there aren't any
 85 | |}
 86 | 
 87 | Only the "data" key is required, but servers should provide the others if they are known.
 88 | 
 89 | ===Block Submission===
 90 | 
 91 | A JSON-RPC method is defined, called "submitblock", to submit potential blocks (or shares).
 92 | It accepts two arguments:
 93 | the first is always a String of the hex-encoded block data to submit;
 94 | the second is an Object of parameters, and is optional if parameters are not needed.
 95 | 
 96 | {| class="wikitable"
 97 | !colspan=3|submitblock parameters (2nd argument)
 98 | |-
 99 | ! Key !! Type !! Description
100 | |-
101 | | workid || String || if the server provided a workid, it MUST be included with submissions
102 | |}
103 | 
104 | This method MUST return either null (when a share is accepted), a String describing briefly the reason the share was rejected, or an Object of these with a key for each merged-mining chain the share was submitted to.
105 | 
106 | ===Optional: Long Polling===
107 | 
108 | {| class="wikitable"
109 | ! colspan="3" | template request
110 | |-
111 | ! Key !! Type !! Description
112 | |-
113 | | capabilities || Array of Strings || miners which support long polling SHOULD provide a list including the String "longpoll"
114 | |-
115 | | longpollid || String || "longpollid" of job to monitor for expiration; required and valid only for long poll requests
116 | |}
117 | 
118 | {| class="wikitable"
119 | ! colspan="3" | template
120 | |-
121 | ! Key !! Type !! Description
122 | |-
123 | | longpollid || String || identifier for long poll request; MUST be omitted if the server does not support long polling
124 | |-
125 | | longpolluri || String || if provided, an alternate URI to use for long poll requests
126 | |-
127 | | submitold || Boolean || only relevant for long poll responses: indicates if work received prior to this response remains potentially valid (default) and should have its shares submitted; if false, the miner may wish to discard its share queue
128 | |}
129 | 
130 | If the server supports long polling, it MUST include a "longpollid" key in block templates, and it MUST be unique for each event:
131 | any given "longpollid" should check for only one condition and not be reused.
132 | For example, a server which has a long poll wakeup only for new blocks might use the previous block hash.
133 | However, clients should not assume the "longpollid" has any specific meaning.
134 | It MAY supply the "longpolluri" key with a relative or absolute URI, which MAY specify a completely different resource than the original connection, including port number.
135 | If "longpolluri" is provided by the server, clients MUST only attempt to use that URI for longpoll requests.
136 | 
137 | Clients MAY start a longpoll request with a standard JSON-RPC request (in the case of HTTP transport, POST with data) and same authorization, setting the "longpollid" parameter in the request to the value provided by the server.
138 | 
139 | This request SHOULD NOT be processed nor answered by the server until it wishes to replace the current block data as identified by the "longpollid".
140 | Clients SHOULD make this request with a very long request timeout and MUST accept servers sending a partial response in advance (such as HTTP headers with "chunked" Transfer-Encoding), and only delaying the completion of the final JSON response until processing.
141 | 
142 | Upon receiving a completed response:
143 | * Only if "submitold" is provided and false, the client MAY discard the results of past operations and MUST begin working on the new work immediately.
144 | * The client SHOULD begin working on the new work received as soon as possible, if not immediately.
145 | * The client SHOULD make a new request to the same long polling URI.
146 | 
147 | If a client receives an incomplete or invalid response, it SHOULD retry the request with an exponential backoff.
148 | Clients MAY implement this backoff with limitations (such as maximum backoff time) or any algorithm as deemed suitable.
149 | It is, however, forbidden to simply retry immediately with no delay after more than one failure.
150 | In the case of a "Forbidden" response (for example, HTTP 403), a client SHOULD NOT attempt to retry without user intervention.
151 | 
152 | ===Optional: Template Tweaking===
153 | 
154 | {| class="wikitable"
155 | ! colspan="3" | template request
156 | |-
157 | ! Key !! Type !! Description
158 | |-
159 | | sigoplimit || Number or Boolean || maximum number of sigops to include in template
160 | |-
161 | | sizelimit || Number or Boolean || maximum number of bytes to use for the entire block
162 | |-
163 | | maxversion || Number || highest block version number supported
164 | |}
165 | 
166 | For "sigoplimit" and "sizelimit", negative values and zero are offset from the server-determined block maximum.
167 | If a Boolean is provided and true, the default limit is used; if false, the server is instructed not to use any limits on returned template.
168 | Servers SHOULD respect these desired maximums, but are NOT required to:
169 | clients SHOULD check that the returned template satisfies their requirements appropriately.
170 | 
171 | ===Appendix: Example Rejection Reasons===
172 | Possible reasons a share may be rejected include, but are not limited to:
173 | {| class="wikitable"
174 | !colspan=2| share rejection reasons
175 | |-
176 | ! Reason !! Description
177 | |-
178 | | bad-cb-flag || the server detected a feature-signifying flag that it does not allow
179 | |-
180 | | bad-cb-length || the coinbase was too long (bitcoin limit is 100 bytes)
181 | |-
182 | | bad-cb-prefix || the server only allows appending to the coinbase, but it was modified beyond that
183 | |-
184 | | bad-diffbits || "bits" were changed
185 | |-
186 | | bad-prevblk || the previous-block is not the one the server intends to build on
187 | |-
188 | | bad-txnmrklroot || the block header's merkle root did not match the transaction merkle tree
189 | |-
190 | | bad-txns || the server didn't like something about the transactions in the block
191 | |-
192 | | bad-version || the version was wrong
193 | |-
194 | | duplicate || the server already processed this block data
195 | |-
196 | | high-hash || the block header did not hash to a value lower than the specified target
197 | |-
198 | | rejected || a generic rejection without details
199 | |-
200 | | stale-prevblk || the previous-block is no longer the one the server intends to build on
201 | |-
202 | | stale-work || the work this block was based on is no longer accepted
203 | |-
204 | | time-invalid || the time was not acceptable
205 | |-
206 | | time-too-new || the time was too far in the future
207 | |-
208 | | time-too-old || the time was too far in the past
209 | |-
210 | | unknown-user || the user submitting the block was not recognized
211 | |-
212 | | unknown-work || the template or workid could not be identified
213 | |}
214 | 
215 | ==Motivation==
216 | 
217 | bitcoind's JSON-RPC server can no longer support the load of generating the work required to productively mine Bitcoin, and external software specializing in work generation has become necessary.
218 | At the same time, new independent node implementations are maturing to the point where they will also be able to support miners.
219 | 
220 | A common standard for communicating block construction details is necessary to ensure compatibility between the full nodes and work generation software.
221 | 
222 | ==Rationale==
223 | Why not just deal with transactions as hashes (txids)?
224 | * Servers might not have access to the transaction database, or miners may wish to include transactions not broadcast to the network as a whole.
225 | * Miners may opt not to do full transaction verification, and may not have access to the transaction database on their end.
226 | 
227 | What is the purpose of "workid"?
228 | * If servers allow all mutations, it may be hard to identify which job it is based on. While it may be possible to verify the submission by its content, it is much easier to compare it to the job issued. It is very easy for the miner to keep track of this. Therefore, using a "workid" is a very cheap solution to enable more mutations.
229 | 
230 | Why should "sigops" be provided for transactions?
231 | * Due to the [[bip-0016.mediawiki|BIP 0016]] changes regarding rules on block sigops, it is impossible to count sigops from the transactions themselves (the sigops in the scriptCheck must also be included in the count).
232 | 
233 | ==Reference Implementation==
234 | 
235 | * [https://gitorious.org/bitcoin/eloipool Eloipool (server)]
236 | * [http://gitorious.org/bitcoin/libblkmaker libblkmaker (client)]
237 | * [https://github.com/bitcoin/bitcoin/pull/936/files bitcoind (minimal server)]
238 | 
239 | ==See Also==
240 | * [[bip-0023.mediawiki|BIP 23: getblocktemplate - Pooled Mining]]
241 | 


--------------------------------------------------------------------------------
/bip-0070.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 70
  3 |   Title: Payment Protocol
  4 |   Author: Gavin Andresen <gavinandresen@gmail.com>
  5 |   Status: Draft
  6 |   Type: Standards Track
  7 |   Created: 29-07-2013
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP describes a protocol for communication between a merchant and their customer, enabling
 13 | both a better customer experience and better security against man-in-the-middle attacks on
 14 | the payment process.
 15 | 
 16 | ==Motivation==
 17 | 
 18 | The current, minimal Bitcoin payment protocol operates as follows:
 19 | 
 20 | # Customer adds items to an online shopping basket, and decides to pay using Bitcoin.
 21 | # Merchant generates a unique payment address, associates it with the customer's order, and asks the customer to pay.
 22 | # Customer copies the Bitcoin address from the merchant's web page and pastes it into whatever wallet they are using OR follows a bitcoin: link and their wallet is launched with the amount to be paid.
 23 | # Customer authorizes payment to the merchant's address and broadcasts the transaction through the Bitcoin p2p network.
 24 | # Merchant's server detects payment and after sufficient transaction confirmations considers the transaction final.
 25 | 
 26 | This BIP extends the above protocol to support several new features:
 27 | 
 28 | # Human-readable, secure payment destinations-- customers will be asked to authorize payment to "website.com" instead of an inscrutable, 34-character bitcoin address.
 29 | # Secure proof of payment, which the customer can use in case of a dispute with the merchant.
 30 | # Resistance from man-in-the-middle attacks that replace a merchant's bitcoin address with an attacker's address before a transaction is authorized with a hardware wallet.
 31 | # Payment received messages, so the customer knows immediately that the merchant has received, and has processed (or is processing) their payment.
 32 | # Refund addresses, automatically given to the merchant by the customer's wallet software, so merchants do not have to contact customers before refunding overpayments or orders that cannot be fulfilled for some reason.
 33 | 
 34 | ==Protocol==
 35 | 
 36 | This BIP describes payment protocol messages encoded using Google's Protocol
 37 | Buffers, authenticated using X.509 certificates, and communicated over
 38 | http/https. Future BIPs might extend this payment protocol to other
 39 | encodings, PKI systems, or transport protocols.
 40 | 
 41 | The payment protocol consists of three messages; PaymentRequest, Payment,
 42 | and PaymentACK, and begins with the customer somehow indicating that
 43 | they are ready to pay and the merchant's server responding with a
 44 | PaymentRequest message:
 45 | 
 46 | <img src=bip-0070/Protocol_Sequence.png></img>
 47 | 
 48 | ==Messages==
 49 | 
 50 | ===Output===
 51 | 
 52 | Outputs are used in PaymentRequest messages to specify where a payment (or
 53 | part of a payment) should be sent. They are also used in Payment messages
 54 | to specify where a refund should be sent.
 55 | <pre>
 56 |     message Output {
 57 | 	optional uint64 amount = 1 [default = 0];
 58 |         optional bytes script = 2;
 59 |     }
 60 | </pre>
 61 | {|
 62 | | amount || Number of satoshis (0.00000001 BTC) to be paid
 63 | |-
 64 | | script || a "TxOut" script where payment should be sent. This will normally be one of the standard Bitcoin transaction scripts (e.g. pubkey OP_CHECKSIG). This is optional to enable future extensions to this protocol that derive Outputs from a master public key and the PaymentRequest data itself.
 65 | |}
 66 | 
 67 | ===PaymentDetails/PaymentRequest===
 68 | 
 69 | Payment requests are split into two messages to support future extensibility.
 70 | The bulk of the information is contained in the PaymentDetails message. It is
 71 | wrapped inside a PaymentRequest message, which contains meta-information
 72 | about the merchant and a digital signature.
 73 | <pre>
 74 |     message PaymentDetails {
 75 |         optional string network = 1 [default = "main"];
 76 |         repeated Output outputs = 2;
 77 |         required uint64 time = 3;
 78 |         optional uint64 expires = 4;
 79 |         optional string memo = 5;
 80 |         optional string payment_url = 6;
 81 |         optional bytes merchant_data = 7;
 82 |     }
 83 | </pre>
 84 | {|
 85 | | network || either "main" for payments on the production Bitcoin network, or "test" for payments on test network. If a client receives a PaymentRequest for a network it does not support it must reject the request.
 86 | |-
 87 | | outputs|| one or more outputs where Bitcoins are to be sent. If the sum of outputs.amount is zero, the customer will be asked how much to pay, and the bitcoin client may choose any or all of the Outputs (if there are more than one) for payment. If the sum of outputs.amount is non-zero, then the customer will be asked to pay the sum, and the payment shall be split among the Outputs with non-zero amounts (if there are more than one; Outputs with zero amounts shall be ignored).
 88 | |-
 89 | | time|| Unix timestamp (seconds since 1-Jan-1970) when the PaymentRequest was created.
 90 | |-
 91 | | expires|| Unix timestamp after which the PaymentRequest should be considered invalid.
 92 | |-
 93 | | memo|| UTF-8 encoded, plain-text (no formatting) note that should be displayed to the customer, explaining what this PaymentRequest is for.
 94 | |-
 95 | | payment_url|| Secure (usually https) location where a Payment message (see below) may be sent to obtain a PaymentACK.
 96 | |-
 97 | | merchant_data || Arbitrary data that may be used by the merchant to identify the PaymentRequest. May be omitted if the merchant does not need to associate Payments with PaymentRequest or if they associate each PaymentRequest with a separate payment address.
 98 | |}
 99 | 
100 | A PaymentRequest is PaymentDetails optionally tied to a merchant's identity:
101 | <pre>
102 |     message PaymentRequest {
103 |         optional uint32 payment_details_version = 1 [default = 1];
104 |         optional string pki_type = 2 [default = "none"];
105 |         optional bytes pki_data = 3;
106 |         required bytes serialized_payment_details = 4;
107 |         optional bytes signature = 5;
108 |     }
109 | </pre>
110 | {|
111 | | payment_details_version || See below for a discussion of versioning/upgrading.
112 | |-
113 | | pki_type  || public-key infrastructure (PKI) system being used to identify the merchant. All implementation should support "none", "x509+sha256" and "x509+sha1".
114 | |-
115 | | pki_data || PKI-system data that identifies the merchant and can be used to create a digital signature. In the case of X.509 certificates, pki_data one or more X.509 certificates (see Certificates section below).
116 | |-
117 | | serialized_payment_details || A protocol-buffer serialized PaymentDetails message.
118 | |-
119 | | signature || digital signature over a hash of the protocol buffer serialized variation of the PaymentRequest message, where signature is a zero-byte array and fields are serialized in numerical order (all current protocol buffer implementations serialize fields in numerical order), using the public key in pki_data.
120 | |}
121 | When a Bitcoin wallet application receives a PaymentRequest, it must authorize payment by doing the following:
122 | 
123 | # Validate the merchant's identity and signature using the PKI system, if the pki_type is not "none".
124 | # Validate that the time on the customer's system is before PaymentDetails.expires. If it is not, then the payment request must be rejected.
125 | # Display the merchant's identity and ask the customer if they would like to submit payment (e.g. display the "Common Name" in the first X.509 certificate).
126 | 
127 | PaymentRequest messages larger than 50,000 bytes should be rejected by
128 | the wallet application, to mitigate denial-of-service attacks.
129 | 
130 | ===Payment===
131 | 
132 | Payment messages are sent after the customer has authorized payment:
133 | <pre>
134 |     message Payment {
135 |         optional bytes merchant_data = 1;
136 |         repeated bytes transactions = 2;
137 |         repeated Output refund_to = 3;
138 |         optional string memo = 4;
139 |     }
140 | </pre>
141 | {|
142 | | merchant_data || copied from PaymentDetails.merchant_data. Merchants may use invoice numbers or any other data they require to match Payments to  PaymentRequests. Note that malicious clients may modify the merchant_data, so should be authenticated in some way (for example, signed with a merchant-only key).
143 | |-
144 | | transactions || One or more valid, signed Bitcoin transactions that fully pay the PaymentRequest
145 | |-
146 | | refund_to || One or more outputs where the merchant may return funds, if necessary.
147 | |-
148 | | memo || UTF-8 encoded, plain-text note from the customer to the merchant.
149 | |}
150 | If the customer authorizes payment, then the Bitcoin client:
151 | 
152 | # Creates and signs one or more transactions that satisfy (pay in full) PaymentDetails.outputs
153 | # Broadcast the transactions on the Bitcoin p2p network.
154 | # If PaymentDetails.payment_url is specified, POST a Payment message to that URL. The Payment message is serialized and sent as the body of the POST request.
155 | 
156 | Errors communicating with the payment_url server should be communicated to the user.
157 | 
158 | PaymentDetails.payment_url should be secure against man-in-the-middle
159 | attacks that might alter Payment.refund_to (if using HTTP, it must be
160 | TLS-protected).
161 | 
162 | Wallet software sending Payment messages via HTTP must set appropriate
163 | Content-Type and Accept headers, as specified in BIP 71:
164 | <pre>Content-Type: application/bitcoin-payment
165 | Accept: application/bitcoin-paymentack
166 | </pre>
167 | 
168 | When the merchant's server receives the Payment message, it must
169 | determine whether or not the transactions satisfy conditions of
170 | payment. If and only if they do, if should broadcast the
171 | transaction(s) on the Bitcoin p2p network.
172 | 
173 | ===PaymentACK===
174 | 
175 | PaymentACK is the final message in the payment protocol; it is sent
176 | from the merchant's server to the bitcoin wallet in response to a
177 | Payment message:
178 | <pre>
179 |     message PaymentACK {
180 |         required Payment payment = 1;
181 |         optional string memo = 2;
182 |     }
183 | </pre>
184 | {|
185 | | payment || Copy of the Payment message that triggered this PaymentACK. Clients may ignore this if they implement another way of associating Payments with PaymentACKs.
186 | |-
187 | | memo || UTF-8 encoded note that should be displayed to the customer giving the status of the transaction (e.g. "Payment of 1 BTC for eleven tribbles accepted for processing.")
188 | |}
189 | 
190 | ==Localization==
191 | 
192 | Merchants that support multiple languages should generate
193 | language-specific PaymentRequests, and either associate the language
194 | with the request or embed a language tag in the request's
195 | merchant_data. They should also generate a language-specific
196 | PaymentACK based on the original request.
197 | 
198 | For example: A greek-speaking customer browsing the Greek version of a
199 | merchant's website clicks on a "Αγορά τώρα" link, which generates a
200 | PaymentRequest with merchant_data set to "lang=el&basketId=11252". The
201 | customer pays, their bitcoin client sends a Payment message, and the
202 | merchant's website responds with PaymentACK.message "σας ευχαριστούμε".
203 | 
204 | ==Certificates==
205 | 
206 | The default PKI system is X.509 certificates (the same system used to
207 | authenticate web servers). The format of pki_data when pki_type is
208 | "x509+sha256" or "x509+sha1" is a protocol-buffer-encoded certificate
209 | chain:
210 | <pre>
211 |     message X509Certificates {
212 |         repeated bytes certificate = 1;
213 |     }
214 | </pre>
215 | If pki_type is "x509+sha256", then the Payment message is hashed using
216 | the SHA256 algorithm to produce the message digest that is
217 | signed. If pki_type is "x509+sha1", then the SHA1 algorithm is
218 | used.
219 | 
220 | Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The
221 | certificate containing the public key of the entity that digitally
222 | signed the PaymentRequest must be the first certificate. This MAY be
223 | followed by additional certificates, with each subsequent certificate
224 | being the one used to certify the previous one, up to a trusted root
225 | authority.  The recipient must verify the certificate chain according to
226 | [RFC5280] and reject the PaymentRequest if any validation failure
227 | occurs.
228 | 
229 | Trusted root certificates may be obtained from the operating system;
230 | if validation is done on a device without an operating system, the
231 | [http://www.mozilla.org/projects/security/certs/included/index.html Mozilla root store] is recommended.
232 | 
233 | ==Extensibility==
234 | 
235 | The protocol buffers serialization format is designed to be
236 | extensible. In particular, new, optional fields can be added to a
237 | message and will be ignored (but saved/re-transmitted) by old
238 | implementations.
239 | 
240 | PaymentDetails messages may be extended with new optional fields and
241 | still be considered "version 1." Old implementations will be able to
242 | validate signatures against PaymentRequests containing the new fields,
243 | but (obviously) will not be able to display whatever information is
244 | contained in the new, optional fields to the user.
245 | 
246 | If it becomes necessary at some point in the future for merchants to
247 | produce PaymentRequest messages that are accepted *only* by new
248 | implementations, they can do so by defining a new PaymentDetails
249 | message with version=2. Old implementations should let the user know
250 | that they need to upgrade their software when they get an up-version
251 | PaymentDetails message.
252 | 
253 | Implementations that need to extend messages in this specification
254 | shall use tags starting at 1000, and shall update the wiki page at
255 | https://en.bitcoin.it/wiki/Payment_Request to avoid conflicts with
256 | other extensions.
257 | 
258 | ==References==
259 | 
260 | [[bip-0071.mediawiki|BIP 0071]] : Payment Protocol mime types
261 | 
262 | [[bip-0072.mediawiki|BIP 0072]] : Payment Protocol bitcoin: URI extensions
263 | 
264 | Public-Key Infrastructure (X.509) working group :
265 | http://datatracker.ietf.org/wg/pkix/charter/
266 | 
267 | Protocol Buffers : https://developers.google.com/protocol-buffers/
268 | 
269 | ==See Also==
270 | 
271 | Javascript Object Signing and Encryption working group :
272 | http://datatracker.ietf.org/wg/jose/
273 | 
274 | Wikipedia's page on Invoices: http://en.wikipedia.org/wiki/Invoice
275 | especially the list of Electronic Invoice standards
276 | 
277 | sipa's payment protocol proposal: https://gist.github.com/1237788
278 | 
279 | ThomasV's "Signed Aliases" proposal : http://ecdsa.org/bitcoin_URIs.html
280 | 
281 | Homomorphic Payment Addresses and the Pay-to-Contract Protocol :
282 | http://arxiv.org/abs/1212.3257
283 | 


--------------------------------------------------------------------------------
/bip-0023.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 23
  3 |   Title: getblocktemplate - Pooled Mining
  4 |   Author: Luke Dashjr <luke+bip22@dashjr.org>
  5 |   Status: Accepted
  6 |   Type: Standards Track
  7 |   Created: 28-02-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP describes extensions to the getblocktemplate JSON-RPC call to enhance pooled mining.
 13 | 
 14 | ==Specification==
 15 | 
 16 | Note that all sections of this specification are optional extensions on top of [[BIP 0022|BIP 22]].
 17 | 
 18 | ===Summary Support Levels===
 19 | 
 20 | Something can be said to have BIP 23 Level 1 support if it implements at least:
 21 | * [http://www.ietf.org/rfc/rfc1945.txt RFC 1945]
 22 | * [http://json-rpc.org/wiki/specification JSON-RPC 1.0]
 23 | * [[bip-0022.mediawiki|BIP 22 (non-optional sections)]]
 24 | * [[bip-0022.mediawiki#Optional: Long Polling|BIP 22 Long Polling]]
 25 | * [[#Basic Pool Extensions|BIP 23 Basic Pool Extensions]]
 26 | * [[#Mutations|BIP 23 Mutation "coinbase/append"]]
 27 | * [[#Submission Abbreviation|BIP 23 Submission Abbreviation "submit/coinbase"]]
 28 | * [[#Mutations|BIP 23 Mutation "time/increment"]] (only required for servers)
 29 | 
 30 | It can be said to have BIP 23 Level 2 support if it also implements:
 31 | * [[#Mutations|BIP 23 Mutation "transactions/add"]]
 32 | * [[#Block Proposals|BIP 23 Block Proposals]]
 33 | 
 34 | ===Basic Pool Extensions===
 35 | 
 36 | {| class="wikitable"
 37 | ! colspan="3" | template request
 38 | |-
 39 | ! Key !! Type !! Description
 40 | |-
 41 | | target || String || desired target for block template (may be ignored)
 42 | |}
 43 | 
 44 | {| class="wikitable"
 45 | !colspan="3"| template
 46 | |-
 47 | ! Key !! Type !! Description
 48 | |-
 49 | | expires || Number || how many seconds (beginning from when the server sent the response) this work is valid for, at most
 50 | |-
 51 | | target || String || the number which valid results must be less than, in big-endian hexadecimal
 52 | |}
 53 | 
 54 | ===Block Proposal===
 55 | 
 56 | Servers may indicate support for proposing blocks by including a capability string in their original template:
 57 | {| class="wikitable"
 58 | !colspan="3"| template
 59 | |-
 60 | ! Key !! Type !! Description
 61 | |-
 62 | | capabilities || Array of Strings || MAY contain "proposal" to indicate support for block proposal
 63 | |-
 64 | | reject-reason || String || Reason the proposal was invalid as-is (only applicable in response to proposals)
 65 | |}
 66 | 
 67 | If supported, a miner MAY propose a block to the server for general validation at any point before the job expires.
 68 | This is accomplished by calling getblocktemplate with two keys:
 69 | {| class="wikitable"
 70 | !colspan=3| getblocktemplate parameters
 71 | |-
 72 | ! Key !! Type !! Description
 73 | |-
 74 | | data || String || MUST be hex-encoded block data
 75 | |-
 76 | | mode || String || MUST be "proposal"
 77 | |-
 78 | | workid || String || if the server provided a workid, it MUST be included with proposals
 79 | |}
 80 | 
 81 | The block data MUST be validated and checked against the server's usual acceptance rules (excluding the check for a valid proof-of-work).
 82 | If it is found to be in violation of any of these rules, the server MUST return one of the following:
 83 | * Null if it is acceptable as-is, with the same workid (if any) as provided. Note that this SHOULD NOT invalidate the old template's claim to the same workid.
 84 | * A String giving the reason for the rejection (see [[bip-0022.mediawiki#appendix-example-rejection-reasons|example rejection reasons]]).
 85 | * A "delta" block template (with changes needed); in this case, any missing keys are assumed to default to those in the proposed block or, if not applicable, the original block template it was based on. This template MAY also include a "reject-reason" key with a String of the reason for rejection.
 86 | 
 87 | It is RECOMMENDED that servers which merely need to track the proposed block for later share/* submissions, return a simple Object of the form:
 88 |  {"workid":"new workid"}
 89 | 
 90 | Clients SHOULD assume their proposed block will remain valid if the only changes they make are to the portion of the coinbase scriptSig they themselves provided (if any) and the time header.
 91 | Servers SHOULD NOT break this assumption without good cause.
 92 | 
 93 | ===Mutations===
 94 | 
 95 | {| class="wikitable"
 96 | ! colspan="3" | template request
 97 | |-
 98 | ! Key !! Type !! Description
 99 | |-
100 | | nonces || Number || size of nonce range the miner needs; if not provided, the server SHOULD assume the client requires 2<sup>32</sup>
101 | |}
102 | 
103 | {| class="wikitable"
104 | !colspan=3| template
105 | |-
106 | ! Key !! Type !! Description
107 | |-
108 | | maxtime || Number || the maximum time allowed
109 | |-
110 | | maxtimeoff || Number || the maximum time allowed (as a moving offset from "curtime" - every second, the actual maxtime is incremented by 1; for example, "maxtimeoff":0 means "time" may be incremented by 1 every second)
111 | |-
112 | | mintime || Number || the minimum time allowed
113 | |-
114 | | mintimeoff || Number || the minimum time allowed (as a moving offset from "curtime")
115 | |-
116 | | mutable || Array of Strings || different manipulations that the server explicitly allows to be made
117 | |-
118 | | noncerange || String || two 32-bit integers, concatenated in big-endian hexadecimal, which represent the valid ranges of nonces the miner may scan
119 | |}
120 | 
121 | If the block template contains a "mutable" key, it is a list of these to signify modifications the miner is allowed to make:
122 | 
123 | {| class="wikitable"
124 | !colspan=2| mutations
125 | |-
126 | ! Value !! Significance
127 | |-
128 | | coinbase/append
129 | | append the provided coinbase scriptSig
130 | |-
131 | | coinbase
132 | | provide their own coinbase; if one is provided, it may be replaced or modified (implied if "coinbasetxn" omitted)
133 | |-
134 | | generation
135 | | add or remove outputs from the coinbase/generation transaction (implied if "coinbasetxn" omitted)
136 | |-
137 | | time/increment
138 | | change the time header to a value after "time" (implied if "maxtime" or "maxtimeoff" are provided)
139 | |-
140 | | time/decrement
141 | | change the time header to a value before "time" (implied if "mintime" is provided)
142 | |-
143 | | time
144 | | modify the time header of the block
145 | |-
146 | | transactions/add (or "transactions")
147 | | add other valid transactions to the block (implied if "transactions" omitted from result)
148 | |-
149 | | prevblock
150 | | use the work with other previous-blocks; this implicitly allows removing transactions that are no longer valid (but clients SHOULD attempt to propose removal of any required transactions); it also implies adjusting "height" as necessary
151 | |-
152 | | version/force
153 | | encode the provide block version, even if the miner doesn't understand it
154 | |-
155 | | version/reduce
156 | | use an older block version than the one provided (for example, if the client does not support the version provided)
157 | |}
158 | 
159 | ===Submission Abbreviation===
160 | 
161 | {| class="wikitable"
162 | !colspan=3| template
163 | |-
164 | ! Key !! Type !! Description
165 | |-
166 | | fulltarget || String || the number which full results should be less than, in big-endian hexadecimal (see "share/*" mutations)
167 | |-
168 | | mutable || Array of Strings || different manipulations that the server explicitly allows to be made, including abbreviations
169 | |}
170 | 
171 | If the block template contains a "mutable" key, it is a list of these to signify modifications the miner is allowed to make:
172 | 
173 | {| class="wikitable"
174 | !colspan=2| abbreviation mutations
175 | |-
176 | ! Value !! Significance
177 | |-
178 | | submit/hash
179 | | each transaction being sent in a request, that the client is certain the server knows about, may be replaced by its hash in little-endian hexadecimal, prepended by a ":" character
180 | |-
181 | | submit/coinbase
182 | | if the "transactions" provided by the server are used as-is with no changes, submissions may omit transactions after the coinbase (transaction count varint remains included with the full number of transactions)
183 | |-
184 | | submit/truncate
185 | | if the "coinbasetxn" and "transactions" provided by the server are used as-is with no changes, submissions may contain only the block header; if only the scriptSig of "coinbasetxn" is modified, the params Object MUST contain a "coinbasesig" key with the content, or a "coinbaseadd" with appended data (if only appending)
186 | |-
187 | | share/coinbase
188 | | same as "submit/coinbase", but only if the block hash is greater than "fulltarget"
189 | |-
190 | | share/merkle
191 | | if the block hash is greater than "fulltarget", the non-coinbase transactions may be replaced with a merkle chain connecting it to the root
192 | |-
193 | | share/truncate
194 | | same as "submit/truncate", but only if the block hash is greater than "fulltarget"
195 | |}
196 | 
197 | ==== Format of Data for Merkle-Only Shares ====
198 | 
199 | The format used for submitting shares with the "share/merkle" mutation shall be the 80-byte block header, the total number of transactions encoded in Bitcoin variable length number format, the coinbase transaction, and then finally the little-endian SHA256 hashes of each link in the merkle chain connecting it to the merkle root.
200 | 
201 | ===Logical Services===
202 | 
203 | {| class="wikitable"
204 | ! colspan="3" | template request
205 | |-
206 | ! Key !! Type !! Description
207 | |-
208 | | capabilities || Array of Strings || miners which support this SHOULD provide a list including the String "serverlist"
209 | |}
210 | 
211 | {| class="wikitable"
212 | !colspan=3| template
213 | |-
214 | ! Key !! Type !! Description
215 | |-
216 | | serverlist || Array of Objects || list of servers in this single logical service
217 | |}
218 | 
219 | If the "serverlist" parameter is provided, clients MAY choose to intelligently treat the server as part of a larger single logical service.
220 | 
221 | Each host Object in the Array is comprised of the following fields:
222 | {| class="wikitable"
223 | !colspan=3| serverlist element
224 | |-
225 | ! Key !! Type !! Description
226 | |-
227 | | uri || String || URI of the individual server; if authentication information is omitted, the same authentication used for this request MUST be assumed
228 | |-
229 | | avoid ||  Number || number of seconds to avoid using this server
230 | |-
231 | | priority || Number || an integer priority of this host (default: 0)
232 | |-
233 | | sticky || Number || number of seconds to stick to this server when used
234 | |-
235 | | update || Boolean || whether this server may update the serverlist (default: true)
236 | |-
237 | | weight || Number || a relative weight for hosts with the same priority (default: 1)
238 | |}
239 | 
240 | When choosing which actual server to get the next job from, URIs MUST be tried in order of their "priority" key, lowest Number first.
241 | Where the priority of URIs is the same, they should be chosen from in random order, weighed by their "weight" key.
242 | Work proposals and submissions MUST be made to the same server that issued the job.
243 | Clients MAY attempt to submit to other servers if, and only if, the original server cannot be reached.
244 | If cross-server share submissions are desired, services SHOULD instead use the equivalent domain name system (DNS) features (RFCs [http://tools.ietf.org/html/rfc1794 1794] and [http://tools.ietf.org/html/rfc2782 2782]).
245 | 
246 | Updates to the Logical Service server list may only be made by the original server, or servers listed with the "update" key missing or true.
247 | Clients MAY choose to advertise serverlist capability to servers with a false "update" key, but if so, MUST treat the server list provided as a subset of the current one, only considered in the context of this server.
248 | At least one server with "update" privilege MUST be attempted at least once daily.
249 | 
250 | If the "sticky" key is provided, then when that server is used, it should be used consistently for at least that many seconds, if possible.
251 | 
252 | A permanent change in server URI MAY be indicated with a simple "serverlist" parameter:
253 |  "serverlist":[{"uri": "http://newserver"}]
254 | 
255 | A temporary delegation to another server for 5 minutes MAY be indicated likewise:
256 |  "serverlist":[{"uri": "", avoid: 300}, {"uri": "http://newserver", "update": false}]
257 | 
258 | ==Motivation==
259 | 
260 | There is reasonable concerns about mining currently being too centralized on pools, and the amount of control these pools hold.
261 | By exposing the details of the block proposals to the miners, they are enabled to audit and possibly modify the block before hashing it.
262 | 
263 | To encourage widespread adoption, this BIP should be a complete superset of the existing centralized getwork protocol, so pools are not required to make substantial changes to adopt it.
264 | 
265 | ==Rationale==
266 | Why allow servers to restrict the complete coinbase and nonce range?
267 | * This is necessary to provide a complete superset of JSON-RPC getwork functionality, so that pools may opt to enable auditing without significantly changing or increasing the complexity of their share validation or mining policies.
268 | * Since noncerange is optional (both for getwork and this BIP), neither clients nor servers are required to support it.
269 | 
270 | Why specify "time/*" mutations at all?
271 | * In most cases, these are implied by the mintime/mintimecur/maxtime/maxtimecur keys, but there may be cases that there are no applicable minimums/maximums.
272 | 
273 | What is the purpose of the "prevblock" mutation?
274 | * There are often cases where a miner has processed a new block before the server. If the server allows "prevblock" mutation, the miner may begin mining on the new block immediately, without waiting for a new template.
275 | 
276 | Why must both "mintime"/"maxtime" and "mintimeoff"/"maxtimeoff" keys be defined?
277 | * In some cases, the limits may be unrelated to the current time (such as the Bitcoin network itself; the minimum is always a fixed median time)
278 | * In other cases, the limits may be bounded by other rules (many pools limit the time header to within 5 minutes of when the share is submitted to them).
279 | 
280 | Is "target" really needed?
281 | * Some pools work with lower targets, and should not be expected to waste bandwidth ignoring shares that don't meet it.
282 | * Required to be a proper superset of getwork.
283 | * As mining hashrates grow, some miners may need the ability to request a lower target from their pools to be able to manage their bandwidth use.
284 | 
285 | What is the purpose of the "hash" transaction list format?
286 | * Non-mining tools may wish to simply get a list of memory pool transactions.
287 | * Humans may wish to view their current memory pool.
288 | 
289 | ==Reference Implementation==
290 | 
291 | * [http://gitorious.org/bitcoin/libblkmaker libblkmaker]
292 | * [https://gitorious.org/bitcoin/eloipool Eloipool]
293 | * [https://github.com/bitcoin/bitcoin/pull/936/files bitcoind]
294 | 
295 | ==See Also==
296 | * [[bip-0022.mediawiki|BIP 22: getblocktemplate - Fundamentals]]
297 | 


--------------------------------------------------------------------------------
/bip-0001.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 1
  3 |   Title: BIP Purpose and Guidelines
  4 |   Status: Accepted
  5 |   Type: Standards Track
  6 |   Created: 19-08-2011
  7 | </pre>
  8 | 
  9 | ==What is a BIP?==
 10 | 
 11 | BIP stands for Bitcoin Improvement Proposal. A BIP is a design document providing information to the Bitcoin community, or describing a new feature for Bitcoin or its processes or environment. The BIP should provide a concise technical specification of the feature and a rationale for the feature.
 12 | 
 13 | We intend BIPs to be the primary mechanisms for proposing new features, for collecting community input on an issue, and for documenting the design decisions that have gone into Bitcoin. The BIP author is responsible for building consensus within the community and documenting dissenting opinions.
 14 | 
 15 | Because the BIPs are maintained as text files in a versioned repository, their revision history is the historical record of the feature proposal
 16 | .
 17 | ==BIP Types==
 18 | 
 19 | There are three kinds of BIP:
 20 | 
 21 | * A Standards Track BIP describes any change that affects most or all Bitcoin implementations, such as a change to the network protocol, a change in block or transaction validity rules, or any change or addition that affects the interoperability of applications using Bitcoin.
 22 | * An Informational BIP describes a Bitcoin design issue, or provides general guidelines or information to the Bitcoin community, but does not propose a new feature. Informational BIPs do not necessarily represent a Bitcoin community consensus or recommendation, so users and implementors are free to ignore Informational BIPs or follow their advice.
 23 | * A Process BIP describes a process surrounding Bitcoin, or proposes a change to (or an event in) a process. Process BIPs are like Standards Track BIPs but apply to areas other than the Bitcoin protocol itself. They may propose an implementation, but not to Bitcoin's codebase; they often require community consensus; unlike Informational BIPs, they are more than recommendations, and users are typically not free to ignore them. Examples include procedures, guidelines, changes to the decision-making process, and changes to the tools or environment used in Bitcoin development. Any meta-BIP is also considered a Process BIP.
 24 | 
 25 | ==BIP Work Flow==
 26 | 
 27 | The BIP editors assign BIP numbers and change their status. Please send all BIP-related email to the BIP editor, which is listed under [[#BIP_Editors|BIP Editors]] below. Also see [[#BIP_Editor_Responsibilities__Workflow|BIP Editor Responsibilities & Workflow]].
 28 | 
 29 | The BIP process begins with a new idea for Bitcoin. It is highly recommended that a single BIP contain a single key proposal or new idea. Small enhancements or patches often don't need a BIP and can be injected into the Bitcoin development work flow with a patch submission to the Bitcoin issue tracker. The more focused the BIP, the more successful it tends to be. The BIP editor reserves the right to reject BIP proposals if they appear too unfocused or too broad. If in doubt, split your BIP into several well-focused ones.
 30 | 
 31 | Each BIP must have a champion -- someone who writes the BIP using the style and format described below, shepherds the discussions in the appropriate forums, and attempts to build community consensus around the idea. The BIP champion (a.k.a. Author) should first attempt to ascertain whether the idea is BIP-able. Posting to the [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net] mailing list (and maybe the [https://bitcointalk.org/index.php?board=6.0 Development&Technical Discussion] forum) is the best way to go about this.
 32 | 
 33 | Vetting an idea publicly before going as far as writing a BIP is meant to save the potential author time. Many ideas have been brought forward for changing Bitcoin that have been rejected for various reasons. Asking the Bitcoin community first if an idea is original helps prevent too much time being spent on something that is guaranteed to be rejected based on prior discussions (searching the internet does not always do the trick). It also helps to make sure the idea is applicable to the entire community and not just the author. Just because an idea sounds good to the author does not mean it will work for most people in most areas where Bitcoin is used.
 34 | 
 35 | Once the champion has asked the Bitcoin community as to whether an idea has any chance of acceptance, a draft BIP should be presented to [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net]. This gives the author a chance to flesh out the draft BIP to make properly formatted, of high quality, and to address initial concerns about the proposal.
 36 | 
 37 | Following a discussion, the proposal should be sent to the Bitcoin-dev list and the BIP editor with the draft BIP. This draft must be written in BIP style as described below, else it will be sent back without further regard until proper formatting rules are followed.
 38 | 
 39 | If the BIP editor approves, he will assign the BIP a number, label it as Standards Track, Informational, or Process, give it status "Draft", and add it to the git repository. The BIP editor will not unreasonably deny a BIP. Reasons for denying BIP status include duplication of effort, being technically unsound, not providing proper motivation or addressing backwards compatibility, or not in keeping with the Bitcoin philosophy.
 40 | 
 41 | The BIP author may update the Draft as necessary in the git repository. Updates to drafts may also be submitted by the author as pull requests.
 42 | 
 43 | Standards Track BIPs consist of two parts, a design document and a reference implementation. The BIP should be reviewed and accepted before a reference implementation is begun, unless a reference implementation will aid people in studying the BIP. Standards Track BIPs must include an implementation -- in the form of code, a patch, or a URL to same -- before it can be considered Final.
 44 | 
 45 | BIP authors are responsible for collecting community feedback on a BIP before submitting it for review. However, wherever possible, long open-ended discussions on public mailing lists should be avoided. Strategies to keep the discussions efficient include: setting up a separate SIG mailing list for the topic, having the BIP author accept private comments in the early design phases, setting up a wiki page or git repository, etc. BIP authors should use their discretion here.
 46 | 
 47 | For a BIP to be accepted it must meet certain minimum criteria. It must be a clear and complete description of the proposed enhancement. The enhancement must represent a net improvement. The proposed implementation, if applicable, must be solid and must not complicate the protocol unduly.
 48 | 
 49 | Once a BIP has been accepted, the reference implementation must be completed. When the reference implementation is complete and accepted by the community, the status will be changed to "Final".
 50 | 
 51 | A BIP can also be assigned status "Deferred". The BIP author or editor can assign the BIP this status when no progress is being made on the BIP. Once a BIP is deferred, the BIP editor can re-assign it to draft status.
 52 | 
 53 | A BIP can also be "Rejected". Perhaps after all is said and done it was not a good idea. It is still important to have a record of this fact.
 54 | 
 55 | BIPs can also be superseded by a different BIP, rendering the original obsolete. This is intended for Informational BIPs, where version 2 of an API can replace version 1.
 56 | 
 57 | The possible paths of the status of BIPs are as follows:
 58 | 
 59 | <img src=bip-0001/process.png></img>
 60 | 
 61 | Some Informational and Process BIPs may also have a status of "Active" if they are never meant to be completed. E.g. BIP 1 (this BIP).
 62 | 
 63 | ==What belongs in a successful BIP?==
 64 | 
 65 | Each BIP should have the following parts:
 66 | 
 67 | * Preamble -- RFC 822 style headers containing meta-data about the BIP, including the BIP number, a short descriptive title (limited to a maximum of 44 characters), the names, and optionally the contact info for each author, etc.
 68 | 
 69 | * Abstract -- a short (~200 word) description of the technical issue being addressed.
 70 | 
 71 | * Copyright/public domain -- Each BIP must either be explicitly labelled as placed in the public domain (see this BIP as an example) or licensed under the Open Publication License.
 72 | 
 73 | * Specification -- The technical specification should describe the syntax and semantics of any new feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current Bitcoin platforms (Satoshi, BitcoinJ, bitcoin-js, libbitcoin).
 74 | 
 75 | * Motivation -- The motivation is critical for BIPs that want to change the Bitcoin protocol. It should clearly explain why the existing protocol specification is inadequate to address the problem that the BIP solves. BIP submissions without sufficient motivation may be rejected outright.
 76 | 
 77 | * Rationale -- The rationale fleshes out the specification by describing what motivated the design and why particular design decisions were made. It should describe alternate designs that were considered and related work, e.g. how the feature is supported in other languages.
 78 | 
 79 | * The rationale should provide evidence of consensus within the community and discuss important objections or concerns raised during discussion.
 80 | 
 81 | * Backwards Compatibility -- All BIPs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The BIP must explain how the author proposes to deal with these incompatibilities. BIP submissions without a sufficient backwards compatibility treatise may be rejected outright.
 82 | 
 83 | * Reference Implementation -- The reference implementation must be completed before any BIP is given status "Final", but it need not be completed before the BIP is accepted. It is better to finish the specification and rationale first and reach consensus on it before writing code.
 84 | 
 85 | * The final implementation must include test code and documentation appropriate for the Bitcoin protocol.
 86 | 
 87 | ==BIP Formats and Templates==
 88 | 
 89 | BIPs should be written in mediawiki or markdown format. Image files should be included in a subdirectory for that BIP.
 90 | 
 91 | ==BIP Header Preamble==
 92 | 
 93 | Each BIP must begin with an RFC 822 style header preamble. The headers must appear in the following order. Headers marked with "*" are optional and are described below. All other headers are required.
 94 | 
 95 | <pre>
 96 |   BIP: <BIP number>
 97 |   Title: <BIP title>
 98 |   Author: <list of authors' real names and optionally, email addrs>
 99 | * Discussions-To: <email address>
100 |   Status: <Draft | Active | Accepted | Deferred | Rejected |
101 |            Withdrawn | Final | Superseded>
102 |   Type: <Standards Track | Informational | Process>
103 |   Created: <date created on, in dd-mm-yyyy format>
104 | * Post-History: <dates of postings to bitcoin mailing list>
105 | * Replaces: <BIP number>
106 | * Superseded-By: <BIP number>
107 | * Resolution: <url>
108 | </pre>
109 | 
110 | The Author header lists the names, and optionally the email addresses of all the authors/owners of the BIP. The format of the Author header value must be
111 | 
112 |   Random J. User <address@dom.ain>
113 | 
114 | if the email address is included, and just
115 | 
116 |   Random J. User
117 | 
118 | if the address is not given.
119 | 
120 | If there are multiple authors, each should be on a separate line following RFC 2822 continuation line conventions.
121 | 
122 | Note: The Resolution header is required for Standards Track BIPs only. It contains a URL that should point to an email message or other web resource where the pronouncement about the BIP is made.
123 | 
124 | While a BIP is in private discussions (usually during the initial Draft phase), a Discussions-To header will indicate the mailing list or URL where the BIP is being discussed. No Discussions-To header is necessary if the BIP is being discussed privately with the author, or on the bitcoin email mailing lists.
125 | 
126 | The Type header specifies the type of BIP: Standards Track, Informational, or Process.
127 | 
128 | The Created header records the date that the BIP was assigned a number, while Post-History is used to record the dates of when new versions of the BIP are posted to bitcoin mailing lists. Both headers should be in dd-mmm-yyyy format, e.g. 14-Aug-2001.
129 | 
130 | BIPs may have a Requires header, indicating the BIP numbers that this BIP depends on.
131 | 
132 | BIPs may also have a Superseded-By header indicating that a BIP has been rendered obsolete by a later document; the value is the number of the BIP that replaces the current document. The newer BIP must have a Replaces header containing the number of the BIP that it rendered obsolete.
133 | Auxiliary Files
134 | 
135 | BIPs may include auxiliary files such as diagrams. Such files must be named BIP-XXXX-Y.ext, where "XXXX" is the BIP number, "Y" is a serial number (starting at 1), and "ext" is replaced by the actual file extension (e.g. "png").
136 | 
137 | ==Transferring BIP Ownership==
138 | 
139 | It occasionally becomes necessary to transfer ownership of BIPs to a new champion. In general, we'd like to retain the original author as a co-author of the transferred BIP, but that's really up to the original author. A good reason to transfer ownership is because the original author no longer has the time or interest in updating it or following through with the BIP process, or has fallen off the face of the 'net (i.e. is unreachable or not responding to email). A bad reason to transfer ownership is because you don't agree with the direction of the BIP. We try to build consensus around a BIP, but if that's not possible, you can always submit a competing BIP.
140 | 
141 | If you are interested in assuming ownership of a BIP, send a message asking to take over, addressed to both the original author and the BIP editor. If the original author doesn't respond to email in a timely manner, the BIP editor will make a unilateral decision (it's not like such decisions can't be reversed :).
142 | 
143 | ==BIP Editors==
144 | 
145 | The current BIP editor is Gregory Maxwell who can be contacted at [[mailto:gmaxwell@gmail.com|gmaxwell@gmail.com]].
146 | 
147 | ==BIP Editor Responsibilities & Workflow==
148 | 
149 | A BIP editor must subscribe to the Bitcoin development mailing list. All BIP-related correspondence should be sent (or CC'd) to gmaxwell@gmail.com.
150 | 
151 | For each new BIP that comes in an editor does the following:
152 | 
153 | * Read the BIP to check if it is ready: sound and complete. The ideas must make technical sense, even if they don't seem likely to be accepted.
154 | * The title should accurately describe the content.
155 | * Edit the BIP for language (spelling, grammar, sentence structure, etc.), markup (for reST BIPs), code style (examples should match BIP 8 & 7).
156 | 
157 | If the BIP isn't ready, the editor will send it back to the author for revision, with specific instructions.
158 | 
159 | Once the BIP is ready for the repository, the BIP editor will:
160 | 
161 | * Assign a BIP number (almost always just the next available number, but sometimes it's a special/joke number, like 666 or 3141).
162 | 
163 | * Add the BIP to the [https://github.com/bitcoin/bips bitcoin/bips] repository on GitHub.
164 | 
165 | * List the BIP in [[README.mediawiki]]
166 | 
167 | * Send email back to the BIP author with next steps (post to bitcoin mailing list).
168 | 
169 | Many BIPs are written and maintained by developers with write access to the Bitcoin codebase. The BIP editors monitor BIP changes, and correct any structure, grammar, spelling, or markup mistakes we see.
170 | 
171 | The editors don't pass judgement on BIPs. We merely do the administrative & editorial part. Except for times like this, there's relatively low volume.
172 | 
173 | ==History==
174 | 
175 | This document was derived heavily from Python's PEP-0001. In many places text was simply copied and modified. Although the PEP-0001 text was written by Barry Warsaw, Jeremy Hylton, and David Goodger, they are not responsible for its use in the Bitcoin Improvement Process, and should not be bothered with technical questions specific to Bitcoin or the BIP process. Please direct all comments to the BIP editors or the Bitcoin development mailing list.
176 | 


--------------------------------------------------------------------------------
/bip-0037.mediawiki:
--------------------------------------------------------------------------------
  1 | <pre>
  2 |   BIP: 37
  3 |   Title: Connection Bloom filtering
  4 |   Author: Mike Hearn <hearn@google.com>, Matt Corallo <bip@bluematt.me>
  5 |   Status: Accepted
  6 |   Type: Standards Track
  7 |   Created: 24-10-2012
  8 | </pre>
  9 | 
 10 | ==Abstract==
 11 | 
 12 | This BIP adds new support to the peer-to-peer protocol that allows peers to reduce the amount of transaction data they are sent. Peers have the option of setting ''filters'' on each connection they make after the version handshake has completed. A filter is defined as a [http://en.wikipedia.org/wiki/Bloom_filter Bloom filter] on data derived from transactions. A Bloom filter is a probabilistic data structure which allows for testing set membership - they can have false positives but not false negatives.
 13 | 
 14 | This document will not go into the details of how Bloom filters work and the reader is referred to Wikipedia for an introduction to the topic.
 15 | 
 16 | ==Motivation==
 17 | 
 18 | As Bitcoin grows in usage the amount of bandwidth needed to download blocks and transaction broadcasts increases. Clients implementing ''simplified payment verification'' do not attempt to fully verify the block chain, instead just checking that block headers connect together correctly and trusting that the transactions in a chain of high difficulty are in fact valid. See the Bitcoin paper for more detail on this mode.
 19 | 
 20 | Today, [[Simplified_Payment_Verification|SPV]] clients have to download the entire contents of blocks and all broadcast transactions, only to throw away the vast majority of the transactions that are not relevant to their wallets. This slows down their synchronization process, wastes users bandwidth (which on phones is often metered) and increases memory usage. All three problems are triggering real user complaints for the Android "Bitcoin Wallet" app which implements SPV mode. In order to make chain synchronization fast, cheap and able to run on older phones with limited memory we want to have remote peers throw away irrelevant transactions before sending them across the network.
 21 | 
 22 | ==Design rationale==
 23 | 
 24 | The most obvious way to implement the stated goal would be for clients to upload lists of their keys to the remote node. We take a more complex approach for the following reasons:
 25 | 
 26 | * Privacy: Because Bloom filters are probabilistic, with the false positive rate chosen by the client, nodes can trade off precision vs bandwidth usage. A node with access to lots of bandwidth may choose to have a high FP rate, meaning the remote peer cannot accurately know which transactions belong to the client and which don't. A node with very little bandwidth may choose to use a very accurate filter meaning that they only get sent transactions actually relevant to their wallet, but remote peers may be able to correlate transactions with IP addresses (and each other).
 27 | * Bloom filters are compact and testing membership in them is fast. This results in satisfying performance characteristics with minimal risk of opening up potential for DoS attacks.
 28 | 
 29 | ==Specification==
 30 | 
 31 | ===New messages===
 32 | 
 33 | We start by adding three new messages to the protocol:
 34 | 
 35 | * <code>filterload</code>, which sets the current Bloom filter on the connection
 36 | * <code>filteradd</code>, which adds the given data element to the connections current filter without requiring a completely new one to be set
 37 | * <code>filterclear</code>, which deletes the current filter and goes back to regular pre-BIP37 usage.
 38 | 
 39 | Note that there is no filterremove command because by their nature, Bloom filters are append-only data structures. Once an element is added it cannot be removed again without rebuilding the entire structure from scratch.
 40 | 
 41 | The <code>filterload</code> command is defined as follows:
 42 | 
 43 | {|class="wikitable"
 44 | ! Field Size !! Description !! Data type !! Comments
 45 | |-
 46 | | ? || filter || uint8_t[] || The filter itself is simply a bit field of arbitrary byte-aligned size. The maximum size is 36,000 bytes.
 47 | |-
 48 | | 4 || nHashFuncs || uint32_t || The number of hash functions to use in this filter. The maximum value allowed in this field is 50.
 49 | |-
 50 | | 4 || nTweak || uint32_t || A random value to add to the seed value in the hash function used by the bloom filter.
 51 | |-
 52 | | 1 || nFlags || uint8_t || A set of flags that control how matched items are added to the filter.
 53 | |}
 54 | 
 55 | See below for a description of the Bloom filter algorithm and how to select nHashFuncs and filter size for a desired false positive rate.
 56 | 
 57 | Upon receiving a <code>filterload</code> command, the remote peer will immediately restrict the broadcast transactions it announces (in inv packets) to transactions matching the filter, where the matching algorithm is specified below. The flags control the update behaviour of the matching algorithm.
 58 | 
 59 | The <code>filteradd</code> command is defined as follows:
 60 | 
 61 | {|class="wikitable"
 62 | ! Field Size !! Description !! Data type !! Comments
 63 | |-
 64 | | ? || data || uint8_t[] || The data element to add to the current filter.
 65 | |}
 66 | 
 67 | The data field must be smaller than or equal to 520 bytes in size (the maximum size of any potentially matched object).
 68 | 
 69 | The given data element will be added to the Bloom filter. A filter must have been previously provided using <code>filterload</code>. This command is useful if a new key or script is added to a clients wallet whilst it has connections to the network open, it avoids the need to re-calculate and send an entirely new filter to every peer (though doing so is usually advisable to maintain anonymity).
 70 | 
 71 | The <code>filterclear</code> command has no arguments at all.
 72 | 
 73 | After a filter has been set, nodes don't merely stop announcing non-matching transactions, they can also serve filtered blocks. A filtered block is defined by the <code>merkleblock</code> message and is defined like this:
 74 | 
 75 | {|class="wikitable"
 76 | ! Field Size !! Description !! Data type !! Comments
 77 | |-
 78 | | 4 || version || uint32_t || Block version information, based upon the software version creating this block
 79 | |-
 80 | | 32 || prev_block || char[32] || The hash value of the previous block this particular block references
 81 | |-
 82 | | 32 || merkle_root || char[32] || The reference to a Merkle tree collection which is a hash of all transactions related to this block
 83 | |-
 84 | | 4 || timestamp || uint32_t || A timestamp recording when this block was created (Limited to 2106!)
 85 | |-
 86 | | 4 || bits || uint32_t || The calculated difficulty target being used for this block
 87 | |-
 88 | | 4 || nonce || uint32_t || The nonce used to generate this block… to allow variations of the header and compute different hashes
 89 | |-
 90 | | 4 || total_transactions || uint32_t || Number of transactions in the block (including unmatched ones)
 91 | |-
 92 | | ? || hashes || uint256[] || hashes in depth-first order (including standard varint size prefix)
 93 | |-
 94 | | ? || flags || byte[] || flag bits, packed per 8 in a byte, least significant bit first (including standard varint size prefix)
 95 | |}
 96 | 
 97 | See below for the format of the partial merkle tree hashes and flags.
 98 | 
 99 | Thus, a <code>merkleblock</code> message is a block header, plus a part of a merkle tree which can be used to extract identifying information for transactions that matched the filter and prove that the matching transaction data really did appear in the solved block. Clients can use this data to be sure that the remote node is not feeding them fake transactions that never appeared in a real block, although lying through omission is still possible.
100 | 
101 | ===Extensions to existing messages===
102 | 
103 | The <code>version</code> command is extended with a new field:
104 | 
105 | {|class="wikitable"
106 | ! Field Size !! Description !! Data type !! Comments
107 | |-
108 | | 1 byte || fRelay || bool || If false then broadcast transactions will not be announced until a filter{load,add,clear} command is received. If missing or true, no change in protocol behaviour occurs.
109 | |}
110 | 
111 | SPV clients that wish to use Bloom filtering would normally set fRelay to false in the version message, then set a filter based on their wallet (or a subset of it, if they are overlapping different peers). Being able to opt-out of inv messages until the filter is set prevents a client being flooded with traffic in the brief window of time between finishing version handshaking and setting the filter.
112 | 
113 | The <code>getdata</code> command is extended to allow a new type in the <code>inv</code> submessage. The type field can now be <code>MSG_FILTERED_BLOCK (== 3)</code> rather than <code>MSG_BLOCK</code>. If no filter has been set on the connection, a request for filtered blocks is ignored. If a filter has been set, a <code>merkleblock</code> message is returned for the requested block hash. In addition, because a <code>merkleblock</code> message contains only a list of transaction hashes, transactions matching the filter should also be sent in separate tx messages after the merkleblock is sent. This avoids a slow roundtrip that would otherwise be required (receive hashes, didn't see some of these transactions yet, ask for them).  Note that because there is currently no way to request transactions which are already in a block from a node (aside from requesting the full block), the set of matching transactions that the requesting node hasn't either received or announced with an inv must be sent and any additional transactions which match the filter may also be sent.  This allows for clients (such as the reference client) to limit the number of invs it must remember a given node to have announced while still providing nodes with, at a minimum, all the transactions it needs.
114 | 
115 | ===Filter matching algorithm===
116 | 
117 | The filter can be tested against arbitrary pieces of data, to see if that data was inserted by the client. Therefore the question arises of what pieces of data should be inserted/tested.
118 | 
119 | To determine if a transaction matches the filter, the following algorithm is used. Once a match is found the algorithm aborts.
120 | 
121 | # Test the hash of the transaction itself.
122 | # For each output, test each data element of the output script. This means each hash and key in the output script is tested independently. '''Important:''' if an output matches whilst testing a transaction, the node might need to update the filter by inserting the serialized COutPoint structure. See below for more details.
123 | # For each input, test the serialized COutPoint structure.
124 | # For each input, test each data element of the input script (note: input scripts only ever contain data elements).
125 | # Otherwise there is no match.
126 | 
127 | In this way addresses, keys and script hashes (for P2SH outputs) can all be added to the filter. You can also match against classes of transactions that are marked with well known data elements in either inputs or outputs, for example, to implement various forms of [[Smart property]].
128 | 
129 | The test for outpoints is there to ensure you can find transactions spending outputs in your wallet, even though you don't know anything about their form. As you can see, once set on a connection the filter is '''not static''' and can change throughout the connections lifetime. This is done to avoid the following race condition:
130 | 
131 | # A client sets a filter matching a key in their wallet. They then start downloading the block chain. The part of the chain that the client is missing is requested using getblocks.
132 | # The first block is read from disk by the serving peer. It contains TX 1 which sends money to the clients key. It matches the filter and is thus sent to the client.
133 | # The second block is read from disk by the serving peer. It contains TX 2 which spends TX 1. However TX 2 does not contain any of the clients keys and is thus not sent. The client does not know the money they received was already spent.
134 | 
135 | By updating the bloom filter atomically in step 2 with the discovered outpoint, the filter will match against TX 2 in step 3 and the client will learn about all relevant transactions, despite that there is no pause between the node processing the first and second blocks.
136 | 
137 | The nFlags field of the filter controls the nodes precise update behaviour and is a bit field.
138 | 
139 | * <code>BLOOM_UPDATE_NONE (0)</code> means the filter is not adjusted when a match is found.
140 | * <code>BLOOM_UPDATE_ALL (1)</code> means if the filter matches any data element in a scriptPubKey the outpoint is serialized and inserted into the filter.
141 | * <code>BLOOM_UPDATE_P2PUBKEY_ONLY (2)</code> means the outpoint is inserted into the filter only if a data element in the scriptPubKey is matched, and that script is of the standard "pay to pubkey" or "pay to multisig" forms.
142 | 
143 | These distinctions are useful to avoid too-rapid degradation of the filter due to an increasing false positive rate. We can observe that a wallet which expects to receive only payments of the standard pay-to-address form doesn't need automatic filter updates because any transaction that spends one of its own outputs has a predictable data element in the input (the pubkey that hashes to the address). If a wallet might receive pay-to-address outputs and also pay-to-pubkey or pay-to-multisig outputs then BLOOM_UPDATE_P2PUBKEY_ONLY is appropriate, as it avoids unnecessary expansions of the filter for the most common types of output but still ensures correct behaviour with payments that explicitly specify keys.
144 | 
145 | Obviously, nFlags == 1 or nFlags == 2 mean that the filter will get dirtier as more of the chain is scanned. Clients should monitor the observed false positive rate and periodically refresh the filter with a clean one.
146 | 
147 | ===Partial Merkle branch format===
148 | 
149 | A ''Merkle tree'' is a way of arranging a set of items as leaf nodes of tree in which the interior nodes are hashes of the concatenations of their child hashes. The root node is called the ''Merkle root''. Every Bitcoin block contains a Merkle root of the tree formed from the blocks transactions. By providing some elements of the trees interior nodes (called a ''Merkle branch'') a proof is formed that the given transaction was indeed in the block when it was being mined, but the size of the proof is much smaller than the size of the original block.
150 | 
151 | The encoding works as follows: we traverse the tree in depth-first order, storing a bit for each traversed node, signifying whether the node is the parent of at least one matched leaf txid (or a matched txid itself). In case we are at the leaf level, or this bit is 0, its merkle node hash is stored, and its children are not explored further. Otherwise, no hash is stored, but we recurse into both (or the only) child branch. During decoding, the same depth-first traversal is performed, consuming bits and hashes as they written during encoding.
152 | 
153 | ===Bloom filter format===
154 | 
155 | A Bloom filter is a bit-field in which bits are set based on feeding the data element to a set of different hash functions. The number of hash functions used is a parameter of the filter. In Bitcoin we use version 3 of the 32-bit Murmur hash function. To get N "different" hash functions we simply initialize the Murmur algorithm with the following formula:
156 | 
157 | <code>nHashNum * 0xFBA4C795 + nTweak</code>
158 | 
159 | i.e. if the filter is initialized with 4 hash functions and a tweak of 0x00000005, when the second function (index 1) is needed h1 would be equal to 4221880218.
160 | 
161 | When loading a filter with the <code>filterload</code> command, there are two parameters that can be chosen. One is the size of the filter in bytes. The other is the number of hash functions to use. To select the parameters you can use the following formulas:
162 | 
163 | Let N be the number of elements you wish to insert into the set and P be the probability of a false positive, where 1.0 is "match everything" and zero is unachievable.
164 | 
165 | The size S of the filter in bytes is given by <code>(-1 / pow(log(2), 2) * N * log(P)) / 8</code>. Of course you must ensure it does not go over the maximum size (36,000: selected as it represents a filter of 20,000 items with false positive rate of < 0.1% or 10,000 items and a false positive rate of < 0.0001%).
166 | 
167 | The number of hash functions required is given by <code>S * 8 / N * log(2)</code>.
168 | 
169 | ==Copyright==
170 | 
171 | This document is placed in the public domain.
172 | 


--------------------------------------------------------------------------------