KIP: Multisig Wallet Conventions for Kaspa#39
KIP: Multisig Wallet Conventions for Kaspa#39InKasWeRust wants to merge 2 commits intokaspanet:masterfrom
Conversation
Informational KIP. Documents wallet-level conventions for Kaspa multisig built atop kaspa-wallet-pskt. Proposes no consensus changes.
Changes from the original submission: - sigOpCount rule: corrected from `= N` to `M ≤ sigOpCount ≤ N` per @biryukovmaxim. M is tight under this KIP's lex-sort + ordered-emission conventions; N remains a safe upper bound. References upstream get_sig_op_count and op_check_multisig_schnorr_or_ecdsa in crypto/txscript/src/lib.rs. - Redeem script arithmetic: fixed formula from `2 + N*33` to `3 + N*33` for M,N ≤ 16. 2-of-3 is 102 bytes, not 101. Verified against the reference implementation's build_script(). - QR capacity table: corrected ECC-level labeling. Now uses authoritative ISO/IEC 18004 ECC-L values (134/230/458 bytes at V6/V9/V14) with frame counts that account for the 3-byte framing header. - Layer B compact descriptor: tightened from "65 bytes compressed pubkey with key-origin" to explicit "33-byte compressed pubkey || 32-byte chain_code". - Cosigner ordering: added note that upstream multisig_redeem_script does not sort internally, so wallets MUST sort before calling. Positions the ordering rule as a KIP-introduced convention. - Added Technical References section: concrete pointers to upstream PSKT integration points (Finalizer, ScriptBuilder, pay_to_script_hash_signature_script, PartialSigs BTreeMap ordering pitfall, Signature enum) and consensus validation reference. - Measured bip32Derivations per-cosigner JSON cost (~139 bytes) replaces an earlier estimate in Appendix A.1. - Acknowledgement to @biryukovmaxim for review feedback. No normative scope changes beyond the sigOpCount rule.
|
Pushed a follow-up addressing @biryukovmaxim's sigOpCount feedback |
|
Data point from a ceremony on mainnet today — the estimate in Appendix A.1 holds up in practice. |
1 participant
Draft KIP proposing wallet-level conventions for Kaspa multisig,
built on top of the existing kaspa-wallet-pskt substrate. The KIP
is Informational — it proposes no consensus changes.
It covers four things:
Wallet-convention defaults that PSKT deliberately leaves open:
derivation path, cosigner pubkey ordering, redeem-script
construction, and a two-layer descriptor format (canonical +
compact).
Three existing Kaspa consensus behaviors that currently lack
documentation and that fail-close at broadcast time when
wallet authors miss them:
Transport framing suggestions (QR, NFC, USB) — non-normative.
A non-normative appendix proposing optional PSKT size
reductions intended to broaden the set of devices that can
meaningfully participate in Kaspa multisig ceremonies
(sub-$20 hardware signers with constrained cameras). These
are candidates for upstream discussion with the
kaspa-wallet-pskt maintainers, not unilateral KIP additions.
Reference implementation: KasSigner (air-gapped ESP32-S3 hardware
signer) + KasSee (browser WASM companion). Mainnet proof of
end-to-end operation via a 2-of-3 multisig transaction:
407d948930db9cf5ca77eb0448f0a64182643fcaded423a752a5aebfc86e8c4e
A dedicated research.kas.pa discussion thread will be opened once
initial review feedback arrives on this PR — the Comments-URI
field is left as TBD until then.
Happy to iterate on scope, wording, or structure. Flagging this
as Draft so the KIP number assignment can happen during review.