diff --git a/bip-0001-1.png b/bip-0001-1.png new file mode 100644 index 00000000..51eb2b25 Binary files /dev/null and b/bip-0001-1.png differ diff --git a/bip-0001.txt b/bip-0001.txt new file mode 100644 index 00000000..8057839b --- /dev/null +++ b/bip-0001.txt @@ -0,0 +1,172 @@ +
+  BIP: 1
+  Title: BIP Purpose and Guidelines
+  Author: Amir Taaki 
+  Status: Draft
+  Type: Standards Track
+  Created: 19-08-2011
+
+ +==What is a BIP?== + +BIP stands for Bitcoin Improvement Proposal. A BIP is a design document providing information to the Bitcoin community, or describing a new feature for Bitcoin or its processes or environment. The BIP should provide a concise technical specification of the feature and a rationale for the feature. + +We intend BIPs to be the primary mechanisms for proposing new features, for collecting community input on an issue, and for documenting the design decisions that have gone into Bitcoin. The BIP author is responsible for building consensus within the community and documenting dissenting opinions. + +Because the BIPs are maintained as text files in a versioned repository, their revision history is the historical record of the feature proposal +. +==BIP Types== + +There are three kinds of BIP: + +* A Standards Track BIP describes any change that affects most or all Bitcoin implementations, such as a change to the network protocol, a change in block or transaction validitity rules, or any change or addition that affects the interoperability of applications using Bitcoin. +* An Informational BIP describes a Bitcoin design issue, or provides general guidelines or information to the Bitcoin community, but does not propose a new feature. Informational BIPs do not necessarily represent a Bitcoin community consensus or recommendation, so users and implementors are free to ignore Informational BIPs or follow their advice. +* A Process BIP describes a process surrounding Bitcoin, or proposes a change to (or an event in) a process. Process BIPs are like Standards Track BIPs but apply to areas other than the Bitcoin protocol itself. They may propose an implementation, but not to Bitcoin's codebase; they often require community consensus; unlike Informational BIPs, they are more than recommendations, and users are typically not free to ignore them. Examples include procedures, guidelines, changes to the decision-making process, and changes to the tools or environment used in Bitcoin development. Any meta-BIP is also considered a Process BIP. + +==BIP Work Flow== + +The BIP editors assign BIP numbers and change their status. Please send all BIP-related email to (no cross-posting please). Also see BIP Editor Responsibilities & Workflow below. + +The BIP process begins with a new idea for Bitcoin. It is highly recommended that a single BIP contain a single key proposal or new idea. Small enhancements or patches often don't need a BIP and can be injected into the Bitcoin development work flow with a patch submission to the Bitcoin issue tracker. The more focussed the BIP, the more successful it tends to be. The BIP editor reserves the right to reject BIP proposals if they appear too unfocussed or too broad. If in doubt, split your BIP into several well-focussed ones. + +Each BIP must have a champion -- someone who writes the BIP using the style and format described below, shepherds the discussions in the appropriate forums, and attempts to build community consensus around the idea. The BIP champion (a.k.a. Author) should first attempt to ascertain whether the idea is BIP-able. Posting to the [https://bitcointalk.org/index.php?board=6.0 Development&Technical Discussion] forum or the [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net] mailing list is the best way to go about this. + +Vetting an idea publicly before going as far as writing a BIP is meant to save the potential author time. Many ideas have been brought forward for changing Bitcoin that have been rejected for various reasons. Asking the Bitcoin community first if an idea is original helps prevent too much time being spent on something that is guaranteed to be rejected based on prior discussions (searching the internet does not always do the trick). It also helps to make sure the idea is applicable to the entire community and not just the author. Just because an idea sounds good to the author does not mean it will work for most people in most areas where Bitcoin is used. + +Once the champion has asked the Bitcoin community as to whether an idea has any chance of acceptance, a draft BIP should be presented to [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net]. This gives the author a chance to flesh out the draft BIP to make properly formatted, of high quality, and to address initial concerns about the proposal. + +Following a discussion, the proposal should be sent to the Bitcoin-dev list with the draft BIP and the BIP editors . This draft must be written in BIP style as described below, else it will be sent back without further regard until proper formatting rules are followed. + +If the BIP editor approves, he will assign the BIP a number, label it as Standards Track, Informational, or Process, give it status "Draft", and create and create a page for it on the [[Bitcoin_Improvement_Proposals|Bitcoin Wiki]]. The BIP editor will not unreasonably deny a BIP. Reasons for denying BIP status include duplication of effort, being technically unsound, not providing proper motivation or addressing backwards compatibility, or not in keeping with the Bitcoin philosophy. + +The BIP author may update the Draft as necessary on the wiki. + +Standards Track BIPs consist of two parts, a design document and a reference implementation. The BIP should be reviewed and accepted before a reference implementation is begun, unless a reference implementation will aid people in studying the BIP. Standards Track BIPs must include an implementation -- in the form of code, a patch, or a URL to same -- before it can be considered Final. + +BIP authors are responsible for collecting community feedback on a BIP before submitting it for review. However, wherever possible, long open-ended discussions on public mailing lists should be avoided. Strategies to keep the discussions efficient include: setting up a separate SIG mailing list for the topic, having the BIP author accept private comments in the early design phases, setting up a wiki page, etc. BIP authors should use their discretion here. + +For a BIP to be accepted it must meet certain minimum criteria. It must be a clear and complete description of the proposed enhancement. The enhancement must represent a net improvement. The proposed implementation, if applicable, must be solid and must not complicate the protocol unduly. + +Once a BIP has been accepted, the reference implementation must be completed. When the reference implementation is complete and accepted by the community, the status will be changed to "Final". + +A BIP can also be assigned status "Deferred". The BIP author or editor can assign the BIP this status when no progress is being made on the BIP. Once a BIP is deferred, the BIP editor can re-assign it to draft status. + +A BIP can also be "Rejected". Perhaps after all is said and done it was not a good idea. It is still important to have a record of this fact. + +BIPs can also be superseded by a different BIP, rendering the original obsolete. This is intended for Informational BIPs, where version 2 of an API can replace version 1. + +The possible paths of the status of BIPs are as follows: + +[[File:bip-0001-1.png]] + +Some Informational and Process BIPs may also have a status of "Active" if they are never meant to be completed. E.g. BIP 1 (this BIP). + +==What belongs in a successful BIP?== + +Each BIP should have the following parts: + +* Preamble -- RFC 822 style headers containing meta-data about the BIP, including the BIP number, a short descriptive title (limited to a maximum of 44 characters), the names, and optionally the contact info for each author, etc. + +* Abstract -- a short (~200 word) description of the technical issue being addressed. + +* Copyright/public domain -- Each BIP must either be explicitly labelled as placed in the public domain (see this BIP as an example) or licensed under the Open Publication License [7]. + +* Specification -- The technical specification should describe the syntax and semantics of any new language feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current Bitcoin platforms (Satoshi, BitcoinJ, bitcoin-js, libbitcoin). + +* Motivation -- The motivation is critical for BIPs that want to change the Bitcoin protocol. It should clearly explain why the existing protocol specification is inadequate to address the problem that the BIP solves. BIP submissions without sufficient motivation may be rejected outright. + +* Rationale -- The rationale fleshes out the specification by describing what motivated the design and why particular design decisions were made. It should describe alternate designs that were considered and related work, e.g. how the feature is supported in other languages. + +* The rationale should provide evidence of consensus within the community and discuss important objections or concerns raised during discussion. + +* Backwards Compatibility -- All BIPs that introduce backwards incompatibilities must include a section describing these incompatibilities and their severity. The BIP must explain how the author proposes to deal with these incompatibilities. BIP submissions without a sufficient backwards compatibility treatise may be rejected outright. + +* Reference Implementation -- The reference implementation must be completed before any BIP is given status "Final", but it need not be completed before the BIP is accepted. It is better to finish the specification and rationale first and reach consensus on it before writing code. + +* The final implementation must include test code and documentation appropriate for the Bitcoin protocol. + +==BIP Formats and Templates== + +BIPs should be written in mediawiki wiki syntax. Image files should be included in the current subdirectory for that BIP. + +==BIP Header Preamble== + +Each BIP must begin with an RFC 822 style header preamble. The headers must appear in the following order. Headers marked with "*" are optional and are described below. All other headers are required. + +
+  BIP: 
+  Title: 
+  Author: 
+* Discussions-To: 
+  Status: 
+  Type: 
+  Created: 
+* Post-History: 
+* Replaces: 
+* Superseded-By: 
+* Resolution: 
+
+ +The Author header lists the names, and optionally the email addresses of all the authors/owners of the BIP. The format of the Author header value must be + + Random J. User + +if the email address is included, and just + + Random J. User + +if the address is not given. + +If there are multiple authors, each should be on a separate line following RFC 2822 continuation line conventions. + +Note: The Resolution header is required for Standards Track BIPs only. It contains a URL that should point to an email message or other web resource where the pronouncement about the BIP is made. + +While a BIP is in private discussions (usually during the initial Draft phase), a Discussions-To header will indicate the mailing list or URL where the BIP is being discussed. No Discussions-To header is necessary if the BIP is being discussed privately with the author, or on the bitcoin email mailing lists. + +The Type header specifies the type of BIP: Standards Track, Informational, or Process. + +The Created header records the date that the BIP was assigned a number, while Post-History is used to record the dates of when new versions of the BIP are posted to bitcoin mailing lists. Both headers should be in dd-mmm-yyyy format, e.g. 14-Aug-2001. + +BIPs may have a Requires header, indicating the BIP numbers that this BIP depends on. + +BIPs may also have a Superseded-By header indicating that a BIP has been rendered obsolete by a later document; the value is the number of the BIP that replaces the current document. The newer BIP must have a Replaces header containing the number of the BIP that it rendered obsolete. +Auxiliary Files + +BIPs may include auxiliary files such as diagrams. Such files must be named BIP-XXXX-Y.ext, where "XXXX" is the BIP number, "Y" is a serial number (starting at 1), and "ext" is replaced by the actual file extension (e.g. "png"). + +==Transferring BIP Ownership== + +It occasionally becomes necessary to transfer ownership of BIPs to a new champion. In general, we'd like to retain the original author as a co-author of the transferred BIP, but that's really up to the original author. A good reason to transfer ownership is because the original author no longer has the time or interest in updating it or following through with the BIP process, or has fallen off the face of the 'net (i.e. is unreachable or not responding to email). A bad reason to transfer ownership is because you don't agree with the direction of the BIP. We try to build consensus around a BIP, but if that's not possible, you can always submit a competing BIP. + +If you are interested in assuming ownership of a BIP, send a message asking to take over, addressed to both the original author and the BIP editor . If the original author doesn't respond to email in a timely manner, the BIP editor will make a unilateral decision (it's not like such decisions can't be reversed :). +BIP Editor Responsibilities & Workflow + +A BIP editor must subscribe to the list. All BIP-related correspondence should be sent (or CC'd) to (but please do not cross-post!). + +For each new BIP that comes in an editor does the following: + +* Read the BIP to check if it is ready: sound and complete. The ideas must make technical sense, even if they don't seem likely to be accepted. +* The title should accurately describe the content. +* Edit the BIP for language (spelling, grammar, sentence structure, etc.), markup (for reST BIPs), code style (examples should match BIP 8 & 7). + +If the BIP isn't ready, the editor will send it back to the author for revision, with specific instructions. + +Once the BIP is ready for the repository, the BIP editor will: + +* Assign a BIP number (almost always just the next available number, but sometimes it's a special/joke number, like 666 or 3141). + +* List the BIP in BIP 0 (in two places: the categorized list, and the numeric list). + +* Add the BIP to the wiki. + +* Send email back to the BIP author with next steps (post to bitcoin mailing list). + +Many BIPs are written and maintained by developers with write access to the Bitcoin codebase. The BIP editors monitor BIP changes, and correct any structure, grammar, spelling, or markup mistakes we see. + +The editors don't pass judgement on BIPs. We merely do the administrative & editorial part. Except for times like this, there's relatively low volume. + +==History== + +This document was derived heavily from Python's PEP-0001. In many places text was simply copied and modified. Although the PEP-0001 text was written by Barry Warsaw, Jeremy Hylton, and David Goodger, they are not responsible for its use in the Bitcoin Improvement Process, and should not be bothered with technical questions specific to Bitcoin or the BIP process. Please direct all comments to the Bitcoin editors or the forums at bitcointalk.org. + diff --git a/bip-0011.txt b/bip-0011.txt new file mode 100644 index 00000000..e5257ba2 --- /dev/null +++ b/bip-0011.txt @@ -0,0 +1,57 @@ +
+  BIP: 11
+  Title: M-of-N Standard Transactions
+  Author: Gavin Andresen 
+  Status: Draft
+  Type: Standards Track
+  Created: 18-10-2011
+  Post-History: 02-10-2011
+
+ +==Abstract== + +This BIP proposes M-of-N-signatures required transactions as a new 'standard' transaction type. + +==Motivation== + +Enable secured wallets, escrow transactions, and other use cases where redeeming funds requires more than a single signature. + +A couple of motivating use cases: + +* A wallet secured by a "wallet protection service" (WPS). 2-of-2 signatures required transactions will be used, with one signature coming from the (possibly compromised) computer with the wallet and the second signature coming from the WPS. When sending protected bitcoins, the user's bitcoin client will contact the WPS with the proposed transaction and it can then contact the user for confirmation that they initiated the transaction and that the transaction details are correct. Details for how clients and WPS's communicate are outside the scope of this BIP. Side note: customers should insist that their wallet protection service provide them with copies of the private key(s) used to secure their wallets that they can safely store off-line, so that their coins can be spent even if the WPS goes out of business. + +* Three-party escrow (buyer, seller and trusted dispute agent). 2-of-3 signatures required transactions will be used. The buyer and seller and agent will each provide a public key, and the buyer will then send coins into a 2-of-3 CHECKMULTISIG transaction and send the seller and the agent the transaction id. The seller will fulfill their obligation and then ask the buyer to co-sign a transaction ( already signed by seller ) that sends the tied-up coins to him (seller).
If the buyer and seller cannot agree, then the agent can, with the cooperation of either buyer or seller, decide what happens to the tied-up coins. Details of how buyer, seller, and agent communicate to gather signatures or public keys are outside the scope of this BIP. + +==Specification== + +A new standard transaction type (scriptPubKey) that is relayed by clients and included in mined blocks: + + m {pubkey}...{pubkey} n OP_CHECKMULTISIG + +But only for n less than or equal to 3. + +OP_CHECKMULTISIG transactions are redeemed using a standard scriptSig: + OP_0 ...signatures... + +(OP_0 is required because of a bug in OP_CHECKMULTISIG; it pops one too many items off the execution stack, so a dummy value must be placed on the stack). + +==Rationale== + +OP_CHECKMULTISIG is already an enabled opcode, and is the most straightforward way to support several important use cases. + +One argument against using OP_CHECKMULTISIG is that old clients and miners count it as "20 sigops" for purposes of computing how many signature operations are in a block, and there is a hard limit of 20,000 sigops per block-- meaning a maximum of 1,000 multisig transactions per block. Creating multisig transactions using multiple OP_CHECKSIG operations allows more of them per block. + +The counter-argument is that these new multi-signature transactions will be used in combination with OP_EVAL (see the OP_EVAL BIP), and '''will''' be counted accurately. And in any case, as transaction volume rises the hard-coded maximum block size will have to be addressed, and the rules for counting number-of-signature-operations-in-a-block can be addressed at that time. + +A weaker argument is OP_CHECKMULTISIG should not be used because it pops one too many items off the stack during validation. Adding an extra OP_0 placeholder to the scriptSig adds only 1 byte to the transaction, and any alternative that avoids OP_CHECKMULTISIG adds at least several bytes of opcodes. + +==Implementation== + +OP_CHECKMULTISIG is already supported by old clients and miners as a non-standard transaction type. + +https://github.com/gavinandresen/bitcoin-git/tree/op_eval + +== Post History == + +* [https://bitcointalk.org/index.php?topic=46538 OP_EVAL proposal] + diff --git a/bip-0012.txt b/bip-0012.txt new file mode 100644 index 00000000..2ef52633 --- /dev/null +++ b/bip-0012.txt @@ -0,0 +1,84 @@ +
+  BIP: 12
+  Title: OP_EVAL
+  Author: Gavin Andresen 
+  Status: Draft
+  Type: Standards Track
+  Created: 18-10-2011
+
+ +==Abstract== + +This BIP describes a new opcode (OP_EVAL) for the [https://en.bitcoin.it/wiki/Script Bitcoin scripting system], and a new 'standard' transaction type that uses it to enables the receiver of bitcoins to specify the transaction type needed to re-spend them. + +==Motivation== + +Enable "end-to-end" secure wallets and payments to fund escrow transactions or other complex transactions in a way that is backwards-compatible for old clients and miners. + +==Specification== + +OP_EVAL will re-define the existing OP_NOP1 opcode, and will function as follows: + +* When executed during transaction verification, pops the item from the top of the stack, deserializes it, and executes the resulting script. +* If there is no item on the top of the stack or the item is not a valid script then transaction validation fails. +* If there are any OP_CODESEPARATORs in the deserialized script then transaction validation fails. +* If there are any OP_EVALs in the deserialized script they are also executed, but recursion is limited to a depth of 2. +* Transaction verification must fail if interpreting OP_EVAL as a no-op would cause the verification to fail. + +A new standard transaction type (scriptPubKey) that is relayed by clients and included in mined blocks is also defined: + + DUP HASH160 {20-byte-hash-value} EQUALVERIFY OP_EVAL + +Which is redeemed by a standard scriptSig: + ...signatures... {serialized script} + +Transactions that redeem standard OP_EVAL scriptPubKeys are only considered standard if the ''serialized script'' is, itself, one of the standard transaction types. + +==Rationale== + +OP_EVAL allows the receiver of bitcoins to specify how they can be spent when they are spent, instead of requiring the sender of the bitcoins to know the details of how the bitcoins may be redeemed. The sender only needs to know the hash of the ''serialized script'', and one new type of bitcoin address can be used to fund arbitrarily complex transactions. + +If ''serialized script'' is a large or complicated multi-signature script, then the burden of paying for it (in increased transaction fees due to more signature operations or transaction size) is shifted from the sender to the receiver. + +The main objection to OP_EVAL is that it adds complexity, and complexity is the enemy of security. Also, evaluating data as code has a long record of being a source of security vulnerabilties. + +That same argument can be applied to the existing Bitcoin 'scripting' system; scriptPubKeys are transmit as data across the network and are then interpreted by every bitcoin implementation. OP_EVAL just moves the data that will be interpreted. It is debatable whether or not the entire idea of putting a little interpreted expression evaluation language at the core of Bitcoin was brilliant or stupid, but the existence of OP_EVAL does not make the expression language less secure. + +There is a 1-confirmation attack on old clients that interepret OP_EVAL as a no-op, but it is expensive and difficult in practice. The attack is: + +# Attacker creates an OP_EVAL transaction that is valid as seen by old clients, but invalid for new clients. +# Attacker also creates a standard transaction that spends the OP_EVAL transaction, and pays the victim. +# Attacker manages to mine a block that contains both transactions. If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block. + +The attack is expensive because it requires the attacker create a block that they know will be invalidated. It is difficult because bitcoin businesses should not accept 1-confirmation transactions for higher-value transactions. + +==Backwards Compatibility== + +Surprisingly, because OP_EVAL redefines the OP_NOP1 opcode, standard OP_EVAL transactions will validate with old clients and miners. They will check only that the ''serialized script'' hashes to the correct value; the OP_EVAL will be interpreted as a no-op, and as long as the hash is correct the transaction will be considered valid (no signature checking will be done by old clients and miners). + +Old clients will ignore OP_EVAL transactions and transactions that depend on them until they are put into a block by either an old miner that includes non-standard transactions in its blocks or by a new miner. + +Avoiding a block-chain split by malicious OP_EVAL transactions requires careful handling of two cases: + +# An OP_EVAL transaction that is invalid for new clients/miners but valid for old clients/miners. +# An OP_EVAL transaction that is valid for new clients/miners but invalid for old clients/miners. + +For case (1), new clients and miners will be coded to interpret OP_EVAL as a no-op until February 1, 2012. Before then, miners will be asked to put the string "OP_EVAL" in blocks that they produce so that hashing power that supports the new opcode can be gauged. If less than 50% of miners accept the change as of January 15, 2012 the rollout will be postponed until more than 50% of hashing power supports OP_EVAL (the rollout will be rejected if it becomes clear that a majority of hashing power will not be achieved). + +For case (2), new clients and miners will be written to make sure that transactions involving OP_EVAL are valid if OP_EVAL is interpreted as a no-op. +Example of a transaction that must fail for both old and new miners/clients: + scriptSig: {serialized OP_11} + scriptPubKey: OP_EVAL OP_11 OP_EQUAL + +==Reference Implementation== + +https://github.com/gavinandresen/bitcoin-git/tree/op_eval + +==See Also== + +https://bitcointalk.org/index.php?topic=46538 + +"Bitcoin Address 01" BIP + +M-of-N Multisignature Transactions BIP 11 + diff --git a/bip-0013.txt b/bip-0013.txt new file mode 100644 index 00000000..1b08085f --- /dev/null +++ b/bip-0013.txt @@ -0,0 +1,52 @@ +
+  BIP: 13
+  Title: Address Format for OP_EVAL
+  Author: Gavin Andresen 
+  Status: Pre-Draft
+  Type: Standards Track
+  Created: 18-10-2011
+
+==Abstract== + +This BIP describes a new type of bitcoin address to support arbitrarily complex transactions. Complexity in this context is defined as what information is needed by the recipient to respend the received coins, in contrast to needing a single ECDSA private key as in current implementations of Bitcoin. + +In essence, an address encoded under this proposal represents the encoded hash of a script, rather than the encoded hash of an ECDSA [[public key]]. + +==Motivation== + +Enable "end-to-end" secure wallets and payments to fund escrow transactions or other complex transactions. Enable third-party wallet security services. + +==Specification== + +The new bitcoin address type is constructed in the same manner as existing bitcoin addresses: + + base58-encode: [one-byte version][20-byte hash][4-byte checksum] + +Version byte is 1 for a main-network address, 112 for a testnet address. +The 20-byte hash is the hash of the script that will be used to redeem the coins. +And the 4-byte checksum is the first four bytes of the SHA256 hash of the version and hash. + +==Rationale== + +One criticism is that bitcoin addresses should be deprecated in favor of a more user-friendly mechanism for payments, and that this will just encourage continued use of a poorly designed mechanism. + +Another criticism is that bitcoin addresses are inherently insecure because there is no identity information tied to them; if you only have a bitcoin address, how can you be certain that you're paying who or what you think you're paying? + +Furthermore, truncating SHA256 is not an optimal checksum; there are much better error-detecting algorithms. If we are introducing a new form of Bitcoin address, then perhaps a better algorithm should be used. + +This is one piece of the simplest path to a more secure bitcoin infrastructure. It is not intended to solve all of bitcoin's usability or security issues, but to be an incremental improvement over what exists today. A future BIP or BIPs should propose more user-friendly mechanisms for making payments, or for verifying that you're sending a payment to the Free Software Foundation and not Joe Random Hacker. + +Assuming that typing in bitcoin addresses manually will become increasingly rare in the future, and given that the existing checksum method for bitcoin addresses seems to work "well enough" in practice and has already been implemented multiple times, the Author believes no change to the checksum algorithm is necessary. + +==Backwards Compatibility== + +This proposal is not backwards compatible, but it fails gracefully-- if an older implementation is given one of these new bitcoin addresses, it will report the address as invalid and will refuse to create a transaction. + +==Reference Implementation== + +https://github.com/gavinandresen/bitcoin-git/tree/op_eval + +==See Also== + +The OP_EVAL BIP. +