diff --git a/_autocrossref.yaml b/_autocrossref.yaml index 627812fd..c34bb6ba 100644 --- a/_autocrossref.yaml +++ b/_autocrossref.yaml @@ -36,6 +36,7 @@ change output: change outputs: change output child key: child keys: child key +child private and public keys: child key child public key: child public keys: child public key coinbase: coinbase transaction @@ -122,7 +123,9 @@ p2pkh: p2sh: p2sh multisig: parent chain code: +parent key: parent private key: +parent private and public keys: parent key parent public key: Payment message: pp payment payment protocol: diff --git a/_includes/guide_wallets.md b/_includes/guide_wallets.md index f645443a..49da269e 100644 --- a/_includes/guide_wallets.md +++ b/_includes/guide_wallets.md @@ -34,6 +34,11 @@ system: a public key distribution program, a signing program, and a networked program. In the subsections below, we will describe common combinations of these parts. +Note: we speak about distributing public keys generically. In many +cases, P2PKH or P2SH hashes will be distributed instead of public keys, +with the actual public keys only being distributed when the outputs +they control are spent. + {% endautocrossref %} #### Full-Service Wallets @@ -219,10 +224,13 @@ design these minimalist wallets: * Pre-populate a database with a number of public keys or addresses, and then distribute on request an output script or address using one of - the database entries. + the database entries. To [avoid key reuse][devguide avoiding key + resuse], webservers should keep track + of used keys and never run out of public keys. This can be made easier + by using parent public keys as suggested in the next method. -* Use a parent public key to create child public keys. To [avoid key - reuse][devguide avoiding key reuse], a method must be used to ensure the same public key isn't +* Use a parent public key to create child public keys. To avoid key + reuse, a method must be used to ensure the same public key isn't distributed twice. This can be a database entry for each key distributed or an incrementing pointer to the current child key index number. @@ -349,7 +357,7 @@ sum divided by a global constant used by all Bitcoin software (*G*): This means that two or more independent programs which agree on a sequence of integers can create a series of unique [child key][]{:#term-child-key}{:.term} pairs from -a single parent key pair without any further communication. +a single [parent key][]{:#term-parent-key}{:.term} pair without any further communication. Moreover, the program which distributes new public keys for receiving payment can do so without any access to the private keys, allowing the public key distribution program to run on a possibly-insecure platform such as diff --git a/_includes/references.md b/_includes/references.md index f85ddfb9..19122917 100644 --- a/_includes/references.md +++ b/_includes/references.md @@ -86,6 +86,7 @@ [P2SH]: /en/developer-guide#term-p2sh "A script which Pays To Script Hashes (P2SH), allowing convenient spending of satoshis to an address referencing a script" [P2SH multisig]: /en/developer-guide#term-p2sh-multisig "A multisig script embedded in the redeemScript of a pay-to-script-hash (P2SH) transaction" [parent chain code]: /en/developer-guide#term-parent-chain-code "A chain code which has helped create child public or private keys" +[parent key]: /en/developer-guide#term-parent-key "In HD wallets, a key capable of deriving child keys" [parent private key]: /en/developer-guide#term-parent-private-key "A private key which has created child private keys" [parent public key]: /en/developer-guide#term-parent-public-key "A public key corresponding to a parent private key which has child private keys" [payment protocol]: /en/developer-guide#term-payment-protocol "The protocol defined in BIP70 which lets spenders get signed payment details from receivers" @@ -101,7 +102,6 @@ [private keys]: /en/developer-guide#term-private-key "The private portion of a keypair which can create signatures which other people can verify using the public key" [pubkey hash]: /en/developer-guide#term-pubkey-hash "The hash of a public key which can be included in a P2PKH output" [public key]: /en/developer-guide#term-public-key "The public portion of a keypair which can be safely distributed to other people so they can verify a signature created with the corresponding private key" -[public keys]: /en/developer-guide#term-public-key "The public portion of a keypair which can be safely distributed to other people so they can verify a signature created with the corresponding private key" [pp amount]: /en/developer-guide#term-pp-amount "Part of the Output part of the PaymentDetails part of a payment protocol where receivers can specify the amount of satoshis they want paid to a particular output script" [pp expires]: /en/developer-guide#term-pp-expires "The expires field of a PaymentDetails where the receiver tells the spender when the PaymentDetails expires" [pp memo]: /en/developer-guide#term-pp-memo "The memo fields of PaymentDetails, Payment, and PaymentACK which allow spenders and receivers to send each other memos"