diff --git a/bip-0388.mediawiki b/bip-0388.mediawiki index 5e4238da27..805b20dda9 100644 --- a/bip-0388.mediawiki +++ b/bip-0388.mediawiki @@ -83,7 +83,7 @@ We set two fundamental design goals: * Minimize the amount of information that is shown on screen - so that the user can actually validate it. * Minimize the number of times the user has to validate such information. -Designing a secure protocol for the coordination of a descriptor wallet among distant parties is also a challenging problem that is out of scope in this document. See [[bip-0129.mediawiki|BIP-129 (Bitcoin Secure Multisig Setup)]] for an approach designed for multisignature wallets. Regardless of the approach, the ability for the user to carefully verify all the details of the spending policies using the hardware signer's screen is a prerequisite for security in adversarial environments. +Designing a secure protocol for the coordination of a descriptor wallet among distant parties is also a challenging problem that is out of scope in this document. See [[bip-0129.mediawiki|BIP-129 (Bitcoin Secure Multisig Setup)]] for an approach designed for multisig wallets. Regardless of the approach, the ability for the user to carefully verify all the details of the spending policies using the hardware signer's screen is a prerequisite for security in adversarial environments. === Policy registration as a solution === @@ -111,11 +111,11 @@ Once the previously registered policy is correctly identified and approved by th While reusing a pubkey in different branches of a miniscript is explicitly forbidden by miniscript (as it has certain negative security implications), it is still reasonable to reuse the same xpub in multiple places, albeit with different final steps of derivation (so that the actual pubkeys that are used in the script are indeed different). -In fact, there are many reasonable spending policies with a quadratic size in the number of participants. For example, using Taproot, a 3-of-5 multisignature wallet could use: +In fact, there are many reasonable spending policies with a quadratic size in the number of participants. For example, using Taproot, a 3-of-5 threshold wallet could use: * a key path with a 5-of-5 [[bip-0327.mediawiki|MuSig2]] aggregated key * a script tree with 11 leaves: ** 10 different scripts using a 3-of-3 MuSig2 aggregated key, plus -** a final leaf with a fallback 3-of-5 multisignature using multi_a (in case interactive signing is not available). +** a final leaf with a fallback 3-of-5 multisig using multi_a (in case interactive signing is not available). With each xpub being 118 bytes long, the repetition of xpubs makes the descriptor become extremely large. @@ -240,9 +240,9 @@ Common single-signature account patterns: * sh(wpkh(@0/**)) (nested segwit). * tr(@0/**) (taproot single-signature account). -Common multisignature schemes: +Common multisig schemes: * wsh(multi(2,@0/**,@1/**)) - SegWit 2-of-2 multisignature, keys in order. -* sh(sortedmulti(2,@0/**,@1/**,@2/**)) - Legacy 2-of-3 multisignature, sorted keys. +* sh(sortedmulti(2,@0/**,@1/**,@2/**)) - Legacy 2-of-3 multisig, sorted keys. * tr(musig(@0/**,@1/**)) - MuSig2 2-of-2 in the taproot keypath Some miniscript policies in wsh: