Skip to main content

Bitcoin Address Scheme

Every Sui address has its own unique Hashi Bitcoin deposit address. This gives Hashi a lightweight way to identify which Sui address to credit for a deposit. All Hashi deposit addresses are P2TR (Pay-to-Taproot) with a Taproot tree of two leaves:

  1. A 2-of-2 multisig script between Hashi and the Guardian, used for all normal spends.
  2. A recovery script that lets the Hashi key alone spend the output after a 60-day BIP-68 relative timelock enforced by OP_CHECKSEQUENCEVERIFY (BIP-112). This is an escape hatch: if the Guardian key is ever lost, funds become recoverable by the MPC committee once the delay elapses. The delay is measured from when the UTXO confirms and is baked into the script, so changing it changes every deposit address.

The exact descriptor is:

tr({i}, {multi_a(2, {g}, {h}), and_v(v:older({delay}), pk({h}))})

where:

  • H is the base Hashi MPC public key, available onchain.
  • h = derive(H, d) is the child public key derived from H using derivation path d (the depositor's Sui address).
  • g is the guardian's fixed public key.
  • delay is the 60-day relative timelock, encoded as the BIP-68 sequence 0x0040278D (4_204_429): the time-based type bit (1 << 22) OR'd with 10_125 (= ceil(60 * 24 * 60 * 60 / 512), the count of 512-second units in 60 days).
  • i is the NUMS (nothing-up-my-sleeve) internal key defined in BIP-341 (50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0) with no known private key, ensuring all spends occur through the script path.

The key derivation is not BIP-32. It is a purpose-built unhardened derivation over secp256k1, keyed by the Sui address, giving each depositor a unique Bitcoin address while the master signing key remains shared across the MPC committee.