chore: dip-17/18 suggestions

README.md

@@ -2,7 +2,7 @@
 
 DIP stands for Dash Improvement Proposal. Similar to Bitcoin's [BIPs](https://github.com/bitcoin/bips/), a DIP is a design document providing information to the Dash community, or describing a new feature for Dash or its processes or environment. The DIP should provide a concise technical specification of the feature and a rationale for the feature.
 
 Because Dash is forked from the Bitcoin codebase, many of the BIPs can be applied to Dash as well (a list of the BIPs updated to include Dash-specific details can be found [here](https://github.com/dashevo/bips)). The purpose of the DIPs is not to duplicate those which exist as BIPs, but to introduce protocol upgrades or feature specifications which are unique to Dash.
 
 ## Contributions
 
@@ -33,6 +33,8 @@
 [14](dip-0014.md) | Applications | Extended Key Derivation using 256-Bit Unsigned Integers | Samuel Westrich | Informational | Proposed
 [15](dip-0015.md) | Applications | DashPay | Samuel Westrich, Eric Britten | Standard | Proposed
 [16](dip-0016.md) | Applications | Headers First Synchronization on Simple Payment Verification Wallets | Samuel Westrich | Informational | Proposed
+[17](dip-0017.md) | Consensus | Dash Platform Payment Addresses and HD Derivation | Samuel Westrich | Standard | Proposed
+[18](dip-0018.md) | Consensus | Dash Platform Payment Address Encodings | Samuel Westrich | Standard | Proposed
 [20](dip-0020.md) | Consensus | Dash Opcode Updates | Mart Mangus | Standard | Final
 [21](dip-0021.md) | Consensus | LLMQ DKG Data Sharing | dustinface | Standard | Final
 [22](dip-0022.md) | Consensus | Making InstantSend Deterministic using Quorum Cycles | Samuel Westrich, UdjinM6 | Standard | Final

dip-0017.md

@@ -6,7 +6,7 @@
   Comments-Summary: No comments yet.
   Status: Draft
   Type: Standard
-  Created: 2024-05-23
+  Created: 2025-11-28
   License: MIT License
   Replaces: -
   Superseded-By: -
@@ -16,6 +16,7 @@
 
 1. [Abstract](#abstract)
 1. [Motivation](#motivation)
+1. [Prior Work](#prior-work)
 1. [Specification](#specification)
    1. [Overview](#overview)
    1. [Derivation Path Definition](#derivation-path-definition)
@@ -31,79 +32,88 @@
 
 # Abstract
 
-This DIP defines Dash Platform payment addresses (“D-addresses”) and their hierarchical deterministic (HD) derivation under DIP-9. It uses Dash coin type 5' on mainnet and coin type 1' on test networks, and introduces a new DIP-9 feature index for Platform payments. The specification standardizes derivation paths (including account separation) and wallet/hardware wallet guidance for Platform payment keys. Address encoding (version bytes and formats) and script-hash address formats are defined in DIP-0018.
+This DIP defines Dash Platform payment addresses (“D-addresses”) and their hierarchical deterministic (HD) derivation under [DIP-9](dip-0009.md). It uses Dash coin type 5' on mainnet and coin type 1' on test networks, and introduces a new [DIP-9](dip-0009.md) feature index for Platform payments. The specification standardizes derivation paths (including account separation) and wallet/hardware wallet guidance for Platform payment keys. Address encoding (version bytes and formats) and script-hash address formats are defined in [DIP-18](dip-0018.md).
 
 # Motivation
 
-Dash Platform enables value transfers distinct from Dash Core chain UTXO transactions. Wallets require an unambiguous address type, network-specific encodings, and deterministic derivation paths that coexist with BIP-44 Core chain funds and existing DIP-9 features (masternodes, identities, DashPay). This DIP provides a single standard so wallets, hardware wallets, and services can implement Platform payments.
+Dash Platform enables value transfers distinct from Dash Core chain UTXO transactions. Wallets require an unambiguous address type, network-specific encodings, and deterministic derivation paths that coexist with BIP-44 Core chain funds and existing [DIP-9](dip-0009.md) features (masternodes, identities, DashPay). This DIP provides a single standard so wallets, hardware wallets, and services can implement Platform payments.
+
+# Prior Work
+
+* [DIP-0009: Feature Derivation Paths](https://github.com/dashpay/dips/blob/master/dip-0009.md)
+* [DIP-0013: Identities in Hierarchical Deterministic Wallets](https://github.com/dashpay/dips/blob/master/dip-0013.md)
+* [DIP-0015: DashPay](https://github.com/dashpay/dips/blob/master/dip-0015.md)
+* [BIP-0032: Hierarchical Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki)
+* [BIP-0044: Multi-Account Hierarchy for Deterministic Wallets](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki)
 
 # Specification
 
 ## Overview
 
-Platform payment keys identify recipients of value on Dash Platform. This value includes Dash Credits, which represent DASH held on Platform, as well as other Platform-based payments. These keys are independent of Dash Platform identities and do not belong to an identity’s key set. Instead, they function as standalone payment keys that hold value outside of any identity. They use a single secp256k1 key pair and are not script-based. They are not valid Dash Core chain addresses and MUST NOT be used for Core chain transactions. Their encoding format is specified in DIP-0018.
+Platform payment keys identify recipients of value on Dash Platform. This value includes Dash Credits, which represent DASH held on Platform, as well as other Platform-based payments. These keys are independent of Dash Platform identities and do not belong to an identity’s key set. Instead, they function as standalone payment keys that hold value outside of any identity. They use a single secp256k1 key pair and are not script-based. They are not valid Dash Core chain addresses and MUST NOT be used for Core chain transactions. Their encoding format is specified in [DIP-18](dip-0018.md).
 
 ## Derivation Path Definition
 
-The Platform payment feature is assigned DIP-9 feature index `17'`. The canonical derivation path is:
+The Platform payment feature is assigned [DIP-9](dip-0009.md) feature index `17'`. The canonical derivation path is:
 
-```
+```text
 m / 9' / coin_type' / 17' / account' / key_class' / index
 ```
 
 Normative requirements:
 
-- `purpose'` MUST be `9'`.
-- `coin_type'` MUST be `5'` on mainnet (Dash SLIP-44 coin type) and MUST be `1'` on testnet/devnet/regtest (SLIP-44 test coin type), consistent with BIP-44 conventions.
-- `account'` MUST be hardened. `0'` is the default account. Additional accounts MAY be used following BIP-44-style multi-account semantics.
-- `feature'` MUST be `17'` (Platform payment feature).
-- `key_class'` MUST be hardened. The default class for Platform payment receive keys is `0'`. Additional hardened classes MAY be defined by future DIPs; `1'` is reserved for wallet-internal or change-like segregation if a wallet chooses to implement it.
-- `index` MUST be non-hardened (`0 ≤ index ≤ 2³¹−1`).
-- No BIP-44 change level is used; privacy is obtained by incrementing `index` and optionally segregating with `key_class'`.
+* `purpose'` MUST be `9'`.
+* `coin_type'` MUST be `5'` on mainnet (Dash SLIP-44 coin type) and MUST be `1'` on testnet/devnet/regtest (SLIP-44 test coin type), consistent with BIP-44 conventions.
+* `feature'` MUST be `17'` (Platform payment feature).
+* `account'` MUST be hardened. `0'` is the default account. Additional accounts MAY be used following BIP-44-style multi-account semantics.
+* `key_class'` MUST be hardened. The default class for Platform payment receive keys is `0'`. Additional hardened classes MAY be defined by future DIPs; `1'` is reserved for wallet-internal or change-like segregation if a wallet chooses to implement it. Wallets MUST ignore unknown key_class values rather than rejecting the entire account.
+* `index` MUST be non-hardened (`0 ≤ index ≤ 2³¹−1`).
+* No BIP-44 change level is used; privacy is obtained by incrementing `index` and optionally segregating with `key_class'`.
 
 Default account paths:
 
-- Mainnet: `m/9'/5'/17'/0'/0'/index`
-- Testnet/Devnet/Regtest: `m/9'/1'/17'/0'/0'/index` (coin type `1'` for test networks).
+| Network(s) | Default account path |
+|-|-|
+| Mainnet | `m/9'/5'/17'/0'/0'/index` |
+| Testnet / Devnet / Regtest | `m/9'/1'/17'/0'/0'/index` (coin type `1'` for test networks) |
 
 Wallets MAY derive and expose an extended public key at `m/9'/5'/17'/account'/key_class'` (mainnet) or `m/9'/1'/17'/account'/key_class'` (test networks) for watch-only or monitoring. They MUST NOT expose hardened parent levels.
 
 Accounts follow BIP-44 semantics: `account'` partitions user-controlled sets of Platform payment keys, enabling multiple profiles or organizational separations while preserving hardened isolation between accounts.
 
-
 ## Wallet and Hardware Wallet Behavior
 
-- Wallets MUST derive Platform payment keys only from `m/9'/5'/17'/account'/key_class'/index` (mainnet) or `m/9'/1'/17'/account'/key_class'/index` (test networks). Address encoding of the resulting public keys is specified in DIP-0018.
-- Wallets SHOULD clearly separate Platform chain balances from Core chain balances in UI and storage.
-- Wallets SHOULD rotate addresses by incrementing `index` to avoid reuse; a default gap limit of 20 is RECOMMENDED for discovery.
-- Wallets MAY support watch-only by exporting the xpub at `m/9'/5'/17'/account'/key_class'` (mainnet) or `m/9'/1'/17'/account'/key_class'` (test networks).
-- Wallets MAY present multiple accounts following BIP-44 semantics (distinct `account'` values), and SHOULD clearly label the active account in UI.
-- Hardware wallets MUST whitelist the above derivation path and display a label such as “Dash Platform address” when showing or signing.
-- Hardware wallets MUST apply the address encodings defined in DIP-0018 and MUST NOT reinterpret these as Core chain P2PKH/P2SH.
-- If a wallet does not implement Platform, it simply never derives the `17'` feature path.
+* Wallets MUST derive Platform payment keys only from `m/9'/5'/17'/account'/key_class'/index` (mainnet) or `m/9'/1'/17'/account'/key_class'/index` (test networks). Address encoding of the resulting public keys is specified in [DIP-18](dip-0018.md).
+* Wallets SHOULD clearly separate Platform chain balances from Core chain balances in UI and storage.
+* Wallets SHOULD rotate addresses by incrementing `index` to avoid reuse; a default gap limit of 20 is RECOMMENDED for discovery.
+* Wallets MAY support watch-only by exporting the xpub at `m/9'/5'/17'/account'/key_class'` (mainnet) or `m/9'/1'/17'/account'/key_class'` (test networks).
+* Wallets MAY present multiple accounts following BIP-44 semantics (distinct `account'` values), and SHOULD clearly label the active account in UI.
+* Hardware wallets MUST whitelist the above derivation path and display a label such as “Dash Platform address” when showing or signing.
+* Hardware wallets MUST apply the address encodings defined in [DIP-18](dip-0018.md) and MUST NOT reinterpret these as Core chain P2PKH/P2SH.
+* If a wallet does not implement Platform, it simply never derives the `17'` feature path.
 
 # Rationale
 
-- **Coin type 5' on mainnet, 1' on test networks:** Mainnet keeps Dash SLIP-44 coin type 5', while testnet/devnet/regtest follow SLIP-44 convention with coin type 1'. This avoids new registry allocations and keeps all Dash features under the established namespaces.
-- **DIP-9 vs BIP-44:** DIP-9’s feature level cleanly separates Platform addresses from Core chain funds and from identities/masternodes without overloading BIP-44’s change level or accounts.
-- **Feature index 17':** The next available DIP-9 feature after 16' (DashPay) is reserved for Platform payments, avoiding collisions with existing features.
-- **Hardened upper levels:** `9'/coin_type'/17'/account'/key_class'` isolate Platform keys from other features and from each other. An xpub leak below `key_class'` cannot compromise hardened parents.
-- **Non-hardened leaf index:** Enables watch-only, auditing, and future multisig/shared-custody schemes that rely on unhardened derivation of child public keys. Fully hardened leaves were rejected to preserve these capabilities.
-- **Accounts retained:** A hardened `account'` level maintains BIP-44-style multi-account semantics while still isolating Platform keys under the DIP-9 feature branch.
-- **No BIP-44 change level:** Platform addresses are not UTXO change outputs; a linear `index` (optionally partitioned by `key_class'`) keeps the model simple for hardware wallets and avoids misuse of the 0/1 change bit.
+* **Coin type 5' on mainnet, 1' on test networks:** Mainnet keeps Dash SLIP-44 coin type 5', while testnet/devnet/regtest follow SLIP-44 convention with coin type 1'. This avoids new registry allocations and keeps all Dash features under the established namespaces.
+* **DIP-9 vs BIP-44:** DIP-9’s feature level cleanly separates Platform addresses from Core chain funds and from identities/masternodes without overloading BIP-44’s change level or accounts.
+* **Feature index 17':** The next available [DIP-9](dip-0009.md) feature after 16' (DashPay) is reserved for Platform payments, avoiding collisions with existing features.
+* **Hardened upper levels:** `9'/coin_type'/17'/account'/key_class'` isolate Platform keys from other features and from each other. An xpub leak below `key_class'` cannot compromise hardened parents.
+* **Non-hardened leaf index:** Enables watch-only, auditing, and future multisig/shared-custody schemes that rely on unhardened derivation of child public keys. Fully hardened leaves were rejected to preserve these capabilities.
+* **Accounts retained:** A hardened `account'` level maintains BIP-44-style multi-account semantics while still isolating Platform keys under the [DIP-9](dip-0009.md) feature branch.
+* **No BIP-44 change level:** Platform addresses are not UTXO change outputs; a linear `index` (optionally partitioned by `key_class'`) keeps the model simple for hardware wallets and avoids misuse of the 0/1 change bit.
 
 # Backwards Compatibility
 
-- Classic Dash addresses (`X...`, `7...`, `y...`, `8...`) are unaffected. Nodes do not accept D-addresses in Core chain scripts.
-- DIP-3/8 masternode derivations and DIP-13 identity derivations remain unchanged.
-- Existing seeds stay valid; wallets can add Platform support without migration.
-- Wallets unaware of Platform will not derive `m/9'/5'/17'/...` and therefore will not interfere with Platform balances.
+* Classic Dash addresses (`X...`, `7...`, `y...`, `8...`) are unaffected. Nodes do not accept D-addresses in Core chain scripts.
+* DIP-[3](dip-0003.md)/[8](dip-0008.md) masternode derivations and [DIP-13](dip-0013.md) identity derivations remain unchanged.
+* Existing seeds stay valid; wallets can add Platform support without migration.
+* Wallets unaware of Platform will not derive `m/9'/5'/17'/...` and therefore will not interfere with Platform balances.
 
 # Reference Implementation
 
 The following pseudo-code is normative for deriving a Platform payment address:
 
-```
+```text
 function platform_payment_key(seed, account, key_class, index, network):
     # seed: BIP-39/BIP-32 seed bytes
     # account: hardened int (default 0)
@@ -127,29 +137,29 @@ function platform_payment_key(seed, account, key_class, index, network):
     }
 ```
 
-Encoding and decoding of these payloads into addresses is specified in DIP-0018.
+Encoding and decoding of these payloads into addresses is specified in [DIP-18](dip-0018.md).
 
 # Security Considerations
 
-- Derivation uses hardened separation at `feature'` and `key_class'`; compromise of a Platform xpub does not expose other features or other key classes.
-- Leakage of the xpub at `m/9'/coin_type'/17'/account'/key_class'` allows derivation of all Platform public keys for that key class but does not leak private keys or other features.
-- Wallets MUST reject attempts to use D-addresses in Core chain transactions to prevent misdirected funds.
-- Hardware wallets MUST show the full derivation path and “Dash Platform address” to reduce key-path confusion attacks.
-- The checksum and distinct prefixes mitigate accidental prefix confusion with `X`/`7`/`y`/`8` addresses.
+* Derivation uses hardened separation at `feature'` and `key_class'`; compromise of a Platform xpub does not expose other features or other key classes.
+* Leakage of the xpub at `m/9'/coin_type'/17'/account'/key_class'` allows derivation of all Platform public keys for that key class but does not leak private keys or other features.
+* Wallets MUST reject attempts to use D-addresses in Core chain transactions to prevent misdirected funds.
+* Hardware wallets MUST show the full derivation path and “Dash Platform address” to reduce key-path confusion attacks.
+* The checksum and distinct prefixes mitigate accidental prefix confusion with `X`/`7`/`y`/`8` addresses.
 
 # Privacy Considerations
 
-- Platform addresses are unshielded; no zk-SNARK privacy is implied by this DIP.
-- Wallets SHOULD avoid address reuse by incrementing `index` and MAY use separate `key_class'` values to segregate user profiles or accounts.
-- Wallets SHOULD avoid correlating Platform `index` progression with Core chain BIP-44 indices to reduce cross-layer linkability.
-- Sharing xpubs at `m/9'/coin_type'/17'/account'/key_class'` enables watch-only but also enables address graph reconstruction for that class; applications should only share when necessary.
+* Platform addresses are unshielded; no zk-SNARK privacy is implied by this DIP.
+* Wallets SHOULD avoid address reuse by incrementing `index` and MAY use separate `key_class'` values to segregate user profiles or accounts.
+* Wallets SHOULD avoid correlating Platform `index` progression with Core chain BIP-44 indices to reduce cross-layer linkability.
+* Sharing xpubs at `m/9'/coin_type'/17'/account'/key_class'` enables watch-only but also enables address graph reconstruction for that class; applications should only share when necessary.
 
 # Test Vectors
 
 Mnemonic (test-only): `abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about`  
 Passphrase: `""` (empty)
 
-All hex strings are lowercase, big-endian. Address encodings for the HASH160 values are specified in DIP-0018.
+All hex strings are lowercase, big-endian. Address encodings for the HASH160 values are specified in [DIP-18](dip-0018.md).
 
 | Vector | Path (mainnet / testnet) | account' | key_class' | index | Private Key (hex) | Compressed Pubkey (hex) | HASH160(pubkey) |
 | ------ | ----------------------- | -------- | ---------- | ----- | ----------------- | ----------------------- | --------------- |
@@ -159,12 +169,12 @@ All hex strings are lowercase, big-endian. Address encodings for the HASH160 val
 
 # DIP-9 Registry Update
 
-Reserve DIP-9 feature index `17'` for “Platform Payment Addresses”:
+Reserve [DIP-9](dip-0009.md) feature index `17'` for “Platform Payment Addresses”:
 
 | Feature Index | Feature | DIP | Note |
 | ------------- | ------- | --- | ---- |
-| `17'` | Platform Payment Addresses | DIP-0017 | Sub-path: `17'/account'/key_class'/index` (default account' = `0'`, key_class' = `0'`) |
+| `17'` | Platform Payment Addresses | DIP-17 | Sub-path: `17'/account'/key_class'/index` (default account' = `0'`, key_class' = `0'`) |
 
 # Copyright
 
-This document is licensed under the MIT License.
+Copyright (c) 2025 Dash Core Group, Inc. [Licensed under the MIT License](https://opensource.org/licenses/MIT)