Merge pull request bitcoin#459 from jl2012/segwitscript

Add policy descriptions to BIP141 and 143 and address some nits.

bip-0141.mediawiki

@@ -133,12 +133,24 @@ The following definitions are not used for consensus limits, but are suggested t
 
 ''Transaction weight'' is defined as ''Base transaction size'' * 3 + ''Total transaction size'' (ie. the same method as calculating ''Block weight'' from ''Base size'' and ''Total size'').
 
-''Virtual transaction size'' is defined as ''Transaction weight'' / 4 (rounded up to nearest integer).
+''Virtual transaction size'' is defined as ''Transaction weight'' / 4 (rounded up to the next integer).
 
-''Base transaction size'' is the transaction size in bytes with the original transaction serialization without any witness-related data.
+''Base transaction size'' is the size of the transaction serialised with the witness data stripped.
 
 ''Total transaction size'' is the transaction size in bytes serialized as described in [[bip-0144.mediawiki|BIP144]], including base data and witness data.
 
+=== New script semantics ===
+
+Despite that the script language for P2WPKH and P2WSH looks very similar to pre-segregated witness script, there are several notable differences. Users MUST NOT assume that a script spendable in pre-segregated witness system would also be spendable as a P2WPKH or P2WSH script. Before large-scale deployment in the production network, developers should test the scripts on testnet with the default relay policy turned on, and with a small amount of money after BIP141 is activated on mainnet.
+
+A major difference at consensus level is described in [https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki BIP143], as a new transaction digest algorithm for signature verification in version 0 witness program.
+
+Three relay and mining policies are also included in the first release of segregated witness at reference implementation version 0.13.1. Softforks based on these policies are likely to be proposed in the near future. To avoid indefinite delay in transaction confirmation and permanent fund loss in a potential softfork, users MUST observe the new semantics carefully:
+
+# Only compressed public keys are accepted in P2WPKH and P2WSH (See [https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki#Restrictions_on_public_key_type BIP143])
+# The argument of OP_IF/NOTIF in P2WSH must be minimal<ref>https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2016-August/013014.html</ref>
+# Signature(s) must be null vector(s) if an OP_CHECKSIG or OP_CHECKMULTISIG is failed (for both pre-segregated witness script and P2WSH. See [https://github.com/bitcoin/bips/blob/master/bip-0146.mediawiki BIP146])
+
 == Examples ==
 
 === P2WPKH ===

bip-0143.mediawiki

@@ -125,6 +125,11 @@ Refer to the reference implementation, reproduced below, for the precise algorit
   return ss.GetHash();
 </source>
 
+== Restrictions on public key type ==
+As a default policy, only compressed public keys are accepted in P2WPKH and P2WSH. Each public key passed to a sigop inside version 0 witness program must be a compressed key: the first byte MUST be either 0x02 or 0x03, and the size MUST be 33 bytes. Transactions that break this rule will not be relayed or mined by default.
+
+Since this policy is preparation for a future softfork proposal, to avoid potential future funds loss, users MUST NOT use uncompressed keys in version 0 witness programs.
+
 == Example ==
 === Native P2WPKH ===
 
@@ -538,7 +543,7 @@ As a soft fork, older software will continue to operate without modification. No
 
 == Reference Implementation ==
 
-https://github.com/bitcoin/bitcoin/pull/7910
+https://github.com/bitcoin/bitcoin/pull/8149
 
 == References ==
 

bip-0144.mediawiki

@@ -117,7 +117,7 @@ MSG_WITNESS_BLOCK requests will return a block message with transactions that ha
 Special thanks to Gregory Maxwell for originating many of the ideas in this BIP and Luke-Jr for figuring out how to deploy this as a soft fork.
 
 == Reference Implementation ==
-https://github.com/sipa/bitcoin/commits/segwit
+https://github.com/bitcoin/bitcoin/pull/8149
 
 == Copyright ==
 This document is placed in the public domain.