Skip to content

Commit 6b9138c

Browse files
achow101achow101
committed
BIP 390: Add MuSig2 descriptor BIP
1 parent 48ebcb2 commit 6b9138c

File tree

3 files changed

+127
-0
lines changed

3 files changed

+127
-0
lines changed

README.mediawiki

+7
Original file line numberDiff line numberDiff line change
@@ -1219,6 +1219,13 @@ Those proposing changes should consider that ultimately consent may rest with th
12191219
| Informational
12201220
| Draft
12211221
|-
1222+
| [[bip-0390.mediawiki|390]]
1223+
| Applications
1224+
| musig() Descriptor Key Expression
1225+
| Ava Chow
1226+
| Informational
1227+
| Draft
1228+
|-
12221229
| [[bip-0431.mediawiki|431]]
12231230
| Applications
12241231
| Topology Restrictions for Pinning

bip-0380.mediawiki

+3
Original file line numberDiff line numberDiff line change
@@ -332,4 +332,7 @@ This Table lists all available Script expressions and the BIPs specifying them.
332332
|-
333333
| <tt>tr(KEY)</tt>, <tt>tr(KEY, TREE)</tt>
334334
| [[bip-0386.mediawiki|386]]
335+
|-
336+
| <tt>musig(KEY, KEY, ..., KEY)</tt>
337+
| [[bip-0390.mediawiki|390]]
335338
|}

bip-0390.mediawiki

+117
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
<pre>
2+
BIP: 390
3+
Layer: Applications
4+
Title: musig() Descriptor Key Expression
5+
Author: Ava Chow <[email protected]>
6+
Comments-Summary: No comments yet.
7+
Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0390
8+
Status: Draft
9+
Type: Informational
10+
Created: 2024-01-15
11+
License: CC0-1.0
12+
</pre>
13+
14+
==Abstract==
15+
16+
This document specifies a <tt>musig()</tt> key expression for output script descriptors.
17+
<tt>musig()</tt> expressions take multiple keys and produce an aggregate public key using BIP 327.
18+
19+
==Copyright==
20+
21+
This BIP is licensed under the Creative Commons CC0 1.0 Universal license.
22+
23+
==Motivation==
24+
25+
BIP 327 introduces the MuSig2 Multi-Signature scheme. It is useful to have a way for keys to be used
26+
in a MuSig2 aggregate key to be expressed in descriptors so that wallets can more easily use MuSig2.
27+
28+
==Specification==
29+
30+
A new key expression is defined: <tt>musig()</tt>.
31+
32+
===<tt>musig(KEY, KEY, ..., KEY)</tt>===
33+
34+
The <tt>musig(KEY, KEY, ..., KEY)</tt> expression can only be used inside of a <tt>tr()</tt>
35+
expression as a key expression. It additionally cannot be nested within another <tt>musig()</tt>
36+
expression. Repeated participant public keys are not allowed. The aggregate public key is produced
37+
by using the <tt>KeyAgg</tt> algorithm on all KEYs specified in the expression after performing all
38+
specified derivation. As with script expressions, KEY can contain child derivation specified by
39+
<tt>/*</tt>. A new aggregate public key will be computed for each child index. Keys must be sorted
40+
with the <tt>KeySort</tt> algorithm after all derivation and prior to aggregation<ref>'''Why must
41+
the keys be sorted prior to aggregation?''' Although the descriptor's written form sets an order
42+
for the keys that could be used for aggregation, the order should not matter as MuSig2 philosophically
43+
operates over a set of keys, with the order merely being an implementation detail in aggregation
44+
itself. Requiring sorting of keys prior to aggregation enforces this philosophy as keys can be
45+
written in the descriptor in any order with the end result still being the same. Furthermore, this
46+
aids with recovery where the descriptor was not backed up as users will not need to also have
47+
backed up, or guess, the correct order of keys.</ref>.
48+
49+
===<tt>musig(KEY, KEY, ..., KEY)/NUM/.../*</tt>===
50+
51+
<tt>musig(KEY, KEY, ..., KEY)/NUM/.../*</tt> expressions are also allowed, with the same usage
52+
restrictions as in the previous section. The aggregate public key
53+
is first computed as described above, with the keys also being sorted after all derivation and prior
54+
to aggreation. Then further BIP 32 derivation will be performed on the aggregate public key as described in
55+
[[bip-0328.mediawiki|BIP 328]]. As there is no aggregate private key,
56+
only unhardened derivation from the aggregate public key is allowed, and thus the derivation steps
57+
following the <tt>musig()</tt> expression cannot contain
58+
<tt>/NUMh</tt> or <tt>/NUM'</tt> derivation steps nor <tt>/*h</tt>, or <tt>/*'</tt> child derivation.
59+
For these <tt>musig()</tt> expressions, the KEY expressions contained within must be xpubs or derived from
60+
xpubs, and cannot contain child derivation as specified by a <tt>/*</tt>, <tt>/*'</tt>, or <tt>/*h</tt>.
61+
62+
==Test Vectors==
63+
64+
Valid descriptors containing followed by the scripts they produce. Descriptors involving derived child keys
65+
will have the 0th, 1st, and 2nd scripts listed.
66+
67+
* <tt>rawtr(musig(KwDiBf89QgGbjEhKnhXJuH7LrciVrZi3qYjgd9M7rFU74sHUHy8S,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
68+
** <tt>5120789d937bade6673538f3e28d8368dda4d0512f94da44cf477a505716d26a1575</tt>
69+
* <tt>tr(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
70+
** <tt>512079e6c3e628c9bfbce91de6b7fb28e2aec7713d377cf260ab599dcbc40e542312</tt>
71+
* <tt>rawtr(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0/*)</tt>
72+
** <tt>51209508c08832f3bb9d5e8baf8cb5cfa3669902e2f2da19acea63ff47b93faa9bfc</tt>
73+
** <tt>51205ca1102663025a83dd9b5dbc214762c5a6309af00d48167d2d6483808525a298</tt>
74+
** <tt>51207dbed1b89c338df6a1ae137f133a19cae6e03d481196ee6f1a5c7d1aeb56b166</tt>
75+
* <tt>tr(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0/*,pk(f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9))</tt>
76+
** <tt>51201d377b637b5c73f670f5c8a96a2c0bb0d1a682a1fca6aba91fe673501a189782</tt>
77+
** <tt>51208950c83b117a6c208d5205ffefcf75b187b32512eb7f0d8577db8d9102833036</tt>
78+
** <tt>5120a49a477c61df73691b77fcd563a80a15ea67bb9c75470310ce5c0f25918db60d</tt>
79+
* <tt>tr(f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,pk(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0/*))</tt>
80+
** <tt>512068983d461174afc90c26f3b2821d8a9ced9534586a756763b68371a404635cc8</tt>
81+
** <tt>5120368e2d864115181bdc8bb5dc8684be8d0760d5c33315570d71a21afce4afd43e</tt>
82+
** <tt>512097a1e6270b33ad85744677418bae5f59ea9136027223bc6e282c47c167b471d5</tt>
83+
84+
Invalid descriptors
85+
86+
* <tt>musig()</tt> is not allowed in <tt>pk()</tt>: <tt>pk(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
87+
* <tt>musig()</tt> is not allowed in <tt>pkh()</tt>: <tt>pkh(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
88+
* <tt>musig()</tt> is not allowed in <tt>wpkh()</tt>: <tt>wpkh(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
89+
* <tt>musig()</tt> is not allowed in <tt>combo()</tt>: <tt>combo(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
90+
* <tt>musig()</tt> is not allowed in <tt>sh(wpkh())</tt>: <tt>sh(wpkh(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66)))</tt>
91+
* <tt>musig()</tt> is not allowed in <tt>sh(wsh())</tt>: <tt>sh(wsh(pk(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))))</tt>
92+
* <tt>musig()</tt> is not allowed in <tt>wsh()</tt>: <tt>wsh(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
93+
* <tt>musig()</tt> is not allowed in <tt>sh()</tt>: <tt>sh(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66))</tt>
94+
* Ranged <tt>musig()</tt> requires all participants to be xpubs: <tt>tr(musig(02f9308a019258c31049344f85f89d5229b531c845836f99b08601f113bce036f9,03dff1d77f2a671c5f36183726db2341be58feae1da2deced843240f7b502ba659,023590a94e768f8e1815c2f24b4d80a8e3149316c3518ce7b7ad338368d038ca66)/0/0)</tt>
95+
* Cannot have ranged participants if <tt>musig()</tt> is also ranged: <tt>tr(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL/*,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0/*)</tt>
96+
* <tt>musig()</tt> cannot have hardened derivation steps: <tt>tr(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0h/*)</tt>
97+
* <tt>musig()</tt> cannot have hardened child derivation: <tt>tr(musig(xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL,xpub68NZiKmJWnxxS6aaHmn81bvJeTESw724CRDs6HbuccFQN9Ku14VQrADWgqbhhTHBaohPX4CjNLf9fq9MYo6oDaPPLPxSb7gwQN3ih19Zm4Y)/0/*h)</tt>
98+
99+
==Backwards Compatibility==
100+
101+
<tt>musig()</tt> expressions use the format and general operation specified in
102+
[[bip-0380.mediawiki|BIP 380]]. As these are a set of wholly new expressions, they are not compatible
103+
with any implementation. However the keys are produced using a standard process so existing software
104+
are likely to be familiar with them.
105+
106+
==Rationale==
107+
108+
<references/>
109+
110+
==Reference Implementation==
111+
112+
TBD
113+
114+
==Acknowledgements==
115+
116+
Thanks to Pieter Wuille, Andrew Poelstra, Sanket Kanjalkar, Salvatore Ingala, and all others who
117+
participated in discussions on this topic.

0 commit comments

Comments
 (0)