Bech32 and P2SH^2

Luke Dashjr opened a discussion regarding why Bech32 was omitted from previous P2SH2 improvements.

For those unfamiliar with the concept, the idea is to have the address include the single SHA256 hash of the public key or script, rather than RIPEMD160(SHA256(pubkey)) or SHA256(SHA256(script)). The sender would then perform the second hash to produce the output. Doing this would in the future enable relaying the “middle-hash” as a way to prove the final hash is in fact a hash itself, thereby proving it is not embedded data spam.

Bech32 seems like a huge missed opportunity to add this, since everyone will probably be upgrading to it at some point.

Luke went on to post a possible Bech32 revision/replacement. Gregory Maxwell commented that P2SH2 wasn’t a serious proposal, but more of a thought experiment. He went on to say:

I don’t think it offers much useful in the context of Bitcoin today. Particularly since weight calculations have made output space relatively more expensive and fees are at quite non-negligible rates interest in “storing data” in outputs should at least not be increasing.

However since Bech32 was pushed to the public so quickly it was suggested that it would not be a good idea to add additional address diversity at this time.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.