LogoLogo
  • README
  • Contribute
    • Discuss on Github
  • Example
    • Banana-Powered Bitcoin Wallet Control Protocol
  • Apps
    • The deployment-info.json Specification
  • Wallet
    • Transaction Creation
    • Data Encryption and Decryption
    • Digital Signature Creation and Verification
    • Input Redemption
    • HTTP Wallet Communications Substrate
    • XDM Wallet Communications Substrate
    • Window Wallet Communication Substrate
    • Wallet Transaction Output Tracking (Output Baskets)
    • Submitting Received Payments to a Wallet
    • Certificate Creation and Revelation
    • Unified Abstract Wallet-to-Application Messaging Layer
    • Transaction Labels and List Actions
    • Output Basket Removal and Certificate Deletion
    • Group Permissions for App Access
    • Extensible Proof-Type Format for Specific Key Linkage Claims
    • P Protocols: Allowing future wallet protocol permission schemes
    • P Baskets: Allowing Future Wallet Basket and Digital Asset Permission Schemes
    • Unified, Vendor-Neutral, Unchanging, and Open BSV Blockchain Standard Wallet-to-Application Interface
  • Transactions
    • Everett-style Transaction Envelopes
    • Simplified Payment Verification
    • Merkle proof standardised format
    • TSC Proof Format with Heights
    • Raw Transaction Format
    • TXO Transaction Object Format
    • Transaction Extended Format (EF)
    • Merkle Path JSON format
    • Compound Merkle Path Format
    • Background Evaluation Extended Format (BEEF) Transactions
    • Simplified Payment Verification
    • Merkle Path Binary Format
    • BSV Unified Merkle Path (BUMP) Format
    • Graph Aware Sync Protocol
    • Scalable Transaction Processing in the BSV Network
    • Atomic BEEF Transactions
    • BEEF V2 Txid Only Extension
  • Scripts
    • Bitcoin Script Binary, Hex and ASM Formats
    • Bitcoin Script Assembly Language
    • Pay to Public Key Hash
    • Pay to R Puzzle Hash
    • Pay to False Return
    • Pay to True Return
    • Push TX
    • Bare Multi-Signature
    • Pay to Push Drop
  • Tokens
    • There is no BRC-20
    • Definition of UTXOs as Bitcoin Tokens
    • Token Exchange Protocol for UTXO-based Overlay Networks
    • Mandala Token Protocol
  • Overlays
    • Overlay Network Data Synchronization
    • Confederacy Host Interconnect Protocol (CHIP)
    • Overlay Network Lookup Services
    • Confederacy Lookup Availability Protocol (CLAP)
    • Universal Hash Resolution Protocol
    • Overlay Network Transaction History Tracking
    • Private Overlays with P2PKH Transactions
    • Standardized Naming Conventions for BRC-22 Topic Managers and BRC-24 Lookup Services
    • Overlay Services Synchronization Architecture
    • Diverse Facilitators and URL Protocols for SHIP and SLAP Overlay Advertisements
  • Payments
    • Direct Payment Protocol (DPP)
    • Paymail Payment Destinations
    • Simple Authenticated BSV P2PKH Payment Protocol
    • PacketPay HTTP Payment Mechanism
    • Hybrid Payment Mode for DPP
    • HTTPS Transport Mechanism for DPP
    • Paymail BEEF Transaction
    • HTTP Service Monetization Framework
  • Peer-to-Peer
    • Authrite Mutual Authentication
    • PeerServ Message Relay Interface
    • PeerServ Host Interconnect Protocol
    • Identity Certificates
    • Genealogical Identity Protocol
    • Publishing Trust Anchor Details at an Internet Domain
    • Message Signature Creation and Verification
    • Serialization Format for Portable Encrypted Messages
    • Defining a Scalable IPv6 Multicast Protocol for Blockchain Transaction Broadcast and Update Delivery
    • Proven Identity Key Exchange (PIKE)
    • Peer-to-Peer Mutual Authentication and Certificate Exchange Protocol
    • HTTP Transport for BRC-103 Mutual Authentication
  • Key Derivation
    • BIP32 Key Derivation Scheme
    • BSV Key Derivation Scheme (BKDS)
    • Security Levels, Protocol IDs, Key IDs and Counterparties
    • Admin-reserved and Prohibited Key Derivation Protocols
    • Revealing Key Linkages
    • Protecting BRC-69 Key Linkage Information in Transit
    • Mnemonic For Master Private Key
    • Linked Key Derivation Scheme
    • Bidirectionally Authenticated Derivation of Privacy Restricted Type 42 Keys
    • Limitations of BRC-69 Key Linkage Revelation
    • Verifiable Revelation of Shared Secrets Using Schnorr Protocol
  • Outpoints
    • Format for Bitcoin Outpoints
    • Spending Instructions Extension for UTXO Storage Format
  • Opinions
    • Users should never see an address
    • List of user experiences
    • Legitimate Uses for mAPI
    • Security and Scalability Benefits of UTXO-based Overlay Networks
    • Improving on MLD for BSV Multicast Services
    • Web 3.0 Standard (at a high level)
    • Thoughts on the Mandala Network
    • Outputs, Overlays, and Scripts in the Mandala Network
  • State Machines
    • Simplifying State Machine Event Chains in Bitcoin
Powered by GitBook
On this page
  • Abstract
  • Motivation
  • Scope and Assumptions
  • Specification
  • Integration with Existing Standards
  • Proof Encryption with BRC-72
  • Proof Formats
  • Proof-Type Enumeration
  • Example: Proof-Type Zero
  • Implementation Guidelines
  • Wallet and Application Behavior
  • Future-Proofing
  • Security Considerations
  • Future Work
  • References
  • Conclusion

Was this helpful?

Edit on GitHub
Export as PDF
  1. Wallet

Extensible Proof-Type Format for Specific Key Linkage Claims

Ty Everett (ty@projectbabbage.com)

Abstract

This BRC proposes an extensible format for including zero-knowledge proofs (ZKPs) in specific key linkage revelations as per BRC-69 Method 2. While BRC-94 addresses limitations of BRC-69 Method 1 through a Schnorr-based ZKP, there is currently no standardized method for provable specific key linkage claims in Method 2. Given the rapid evolution of ZKP technologies, this specification introduces a proof-type enumeration scheme to accommodate future proof mechanisms. By defining a flexible proof-type field, we allow for the inclusion of various ZKP schemes as they become available, ensuring that wallets and applications can adopt and support them over time, eventually converging on standardized formats.

Motivation

We aim to provide a method for proving specific key linkage revelations under BRC-69 Method 2. However, current ZKP techniques may not fully support this requirement, as these technologies are still maturing. This proposal allows us to proceed with standardizing wallet interactions and linkage proofs while accommodating future advancements in ZKP capabilities. By introducing an extensible proof-type field, we create a flexible mechanism for integrating new proof schemes as they emerge, fostering innovation and facilitating eventual convergence on standard proofs.

Scope and Assumptions

This specification focuses on proofs of a specific computation: that a prover (Alice) has computed a shared secret between herself and a counterparty (Bob), and used it as a SHA-256-HMAC key over a defined invoice number to derive a specific linkage offset value. The approach is constrained to non-interactive proof schemes, as interactive proofs are impractical for our use case.

We make the following assumptions:

  1. Non-Interactive Proofs: Only non-interactive proof schemes are considered, as per existing standards like STARKs.

  2. External Verification: Proof verification is expected to be performed by external systems or verifiers, not within the wallet itself.

  3. Encrypted Proof Payloads: Proof payloads are encrypted according to BRC-72 to ensure confidentiality during transmission.

Specification

Integration with Existing Standards

We build on the existing standards:

  • BRC-69: Defines methods for revealing key linkages.

  • BRC-72: Specifies encryption of linkage information in transit using BRC-2.

  • BRC-94: Provides a Schnorr-based ZKP for counterparty-level linkage revelation (Method 1).

This proposal extends these standards by defining an extensible proof-type format for specific key linkage claims (Method 2).

Proof Encryption with BRC-72

All proofs are encrypted using the mechanism defined in BRC-72.

  • Counterparty-Level Revelations: Encrypted according to BRC-72, including both the shared secret and the Schnorr proof as per BRC-94.

  • Specific Key Revelations: Encrypted according to BRC-72, including the linkage offset and the proof payload defined herein.

Proof Formats

Counterparty-Level Proof Format (BRC-94)

We define a binary format for the encrypted Schnorr proof payload for counterparty-level revelations:

Field

Bytes

Description

R

33

Nonce public key point R in compressed 33-byte DER format.

S'

33

Nonce shared secret point S' in compressed 33-byte DER format.

z

Variable

Response scalar z as a big-endian integer.

This binary data is concatenated in the above order, then encrypted as per BRC-72 alongside the shared secret, and returned by the wallet to the verifier.

Specific Key Proof Format (BRC-97)

We define a binary format for the encrypted payload for specific key linkage proofs:

Field

Bytes

Description

Proof-Type

1

One-byte unsigned integer (0-255), indicating the proof scheme used.

Proof

Variable

Proof payload, format depends on Proof-Type.

This binary data is assembled by first specifying the Proof-Type, followed by the Proof payload (if applicable), then encrypted as per BRC-72 alongside the specific linkage offset, and returned by the wallet to the verifier.

Proof-Type Enumeration

We introduce a proof-type numbering scheme:

  • Proof-Type 0: Indicates no proof is provided. Verifiers must trust the prover when the proof-type is zero. The Proof payload is empty.

  • Proof-Types 1-255: Reserved for future proof schemes. As new ZKP methods become available, they can be assigned unique proof-type identifiers within this range, along with their specific proof formats.

Example: Proof-Type Zero

When Proof-Type is zero:

  • The Proof payload is empty.

  • The verifier receives the encrypted linkage offset but must trust the prover's claim, as there's no way to independently verify the correctness without a proof.

Implementation Guidelines

Wallet and Application Behavior

  • Wallets: Should implement the ability to generate and include the Proof-Type and Proof payload in the encrypted data when performing specific key linkage revelations.

  • Verifiers: Should be able to parse the Proof-Type field and handle the Proof payload accordingly, based on supported proof schemes.

Future-Proofing

  • As new ZKP methods are developed and standardized, new BRCs can define additional proof-types (1-255) and their corresponding proof formats.

  • Wallets and verifiers should be designed to be extensible, allowing for the addition of new proof-types without significant changes to underlying architectures.

Security Considerations

  • Confidentiality: All proof payloads must be encrypted as per BRC-72 to ensure that sensitive linkage information is protected during transit.

  • Trust: When using Proof-Type 0 (no proof), verifiers must be aware that they are relying on the prover's honesty, as no independent verification is possible.

Future Work

Future specifications may define new proof-types (1-255) along with their proof formats and verification methods. Potential avenues include:

  • Proof-Type 1: Could be assigned to a specific ZKP scheme (e.g., Bulletproofs, STARKs, SNARKs) that is suitable for proving specific key linkage claims.

  • Standardization: As the ecosystem converges on preferred proof schemes, updates to this BRC can formalize these proofs, promoting interoperability.

References

  • BRC-2: BRC Encryption Standard

  • BRC-69: Revealing Key Linkages

  • BRC-72: Protecting BRC-69 Key Linkage Information in Transit

  • BRC-93: Limitations of BRC-69 Key Linkage Revelation

  • BRC-94: Verifiable Revelation of Shared Secrets Using Schnorr Protocol

  • STARKs: Scalable, Transparent, and Post-Quantum Secure Computational Integrity

Conclusion

This BRC provides a flexible and extensible framework for including proof schemes in specific key linkage revelations, accommodating future advancements in ZKP technology. By standardizing the proof-type field, we enable wallets and applications to adopt new proof mechanisms as they emerge, facilitating independent verification of specific key linkage claims while maintaining backward compatibility and fostering innovation in the BSV blockchain ecosystem.

PreviousGroup Permissions for App AccessNextP Protocols: Allowing future wallet protocol permission schemes

Last updated 3 months ago

Was this helpful?