From 3251e847e0f4bbb989aaa9e16b30fdec01f770fc Mon Sep 17 00:00:00 2001
From: brqgoo <100725376+brqgoo@users.noreply.github.com>
Date: Tue, 7 Feb 2023 22:55:47 +0300
Subject: [PATCH] Update 02.md

---
 02.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/02.md b/02.md
index 49b0343..075a60e 100644
--- a/02.md
+++ b/02.md
@@ -26,17 +26,19 @@ Inconvenient for onboarding new users who have no UTXO possession in the beginni
 ## Specification
 This BDS proposes a non-interactive channel opening scheme called _channel addresses_. _Channel addresses_ make it possible to craft on-chain bitcoin addresses such that when funded, becomes a payment channel between _to_self_ and _to_remote_, where the channel funds are initially kept on _to_self_ side.
 
-The specification first defines how to derive child public keys from a parent _npub_ using  plain tweaking. Then passing derived child keys to key aggregation algorithm (KeyAgg) to obtain the aggregate public key for BIP340 verification. And finally applying X-only tweaking to 2-of-2 aggregate public key to add a single-leaf script path spend. The added script path spend enforces a non-interactive refund closure. The refund closure permits _to_self_ to spend funds after a relative locktime, similar to pre-segwit timeout channel design.
+The specification first defines how to derive child public keys from a parent _npub_ using  plain tweaking. Then passing derived child keys to key aggregation algorithm (KeyAgg) to obtain the aggregate public key, and finally applying an x-only tweak to 2-of-2 aggregate public key to add a single-leaf script path. The added script path enforces a non-interactive refund closure that permits _to_self_ to spend funds after a relative locktime, similar to pre-segwit timeout channel design.
 
 Adding a non-interactive refund closure to a 2-of-2 multisig removes the need to craft a refund transaction in advance of funding a channel output. _to_self_ can exit from the script path after the expiry if the _to_remote_ happens to be non-collaborative in exchanging signatures for a refund.
 
-Ultimately, it's _to_remote_ responsibility to close the channel shortly before channel expiry. While this design consume more on-chain footprint than a regular channel formation, its anticipated _to_self_ users to mostly receive funds over [_silent swaps_](https://github.com/bits-wallet/specs/blob/main/04.md) and rarely through _channel addresses_.
+Ultimately, it's _to_remote_ responsibility to close the channel shortly before channel expiry. While this design consume more on-chain footprint over time than a regular channel formations, its anticipated _to_self_ users to mostly receive funds over [_silent swaps_](https://github.com/bits-wallet/specs/blob/main/04.md) and rarely through _channel addresses_.
 
+## Crafting Channel Addresses
+
+ The number  _u_  of the number of channel addresses: _2<sup>32</sup>_.
 ### Child Key Derivation
  - The nostr parent secret key _nsec_: a 32-byte array.
  - The nostr parent public key _npub_: _cbytes(int(nsec)⋅G)_.
  - The tweak derivation secret  _ds_: a 32-byte array. 
- -  The number  _u_  of child keys _2<sup>32</sup>_.
  - Let _ds_ = _hash<sub>BDS-02/dersec</sub>(nsec)_.
  -  For _i = 1 .. u_:
  - - The BDS-02 child secret key _sk<sub>i</sub>_.
@@ -47,20 +49,20 @@ Ultimately, it's _to_remote_ responsibility to close the channel shortly before
  - - Let _sk<sub>i</sub>_ = _bytes(32, (int(nsec) + int(t<sub>i</sub> )) mod n)_.
 
 ### Key Aggregation
- -  The number  _u_  of child keys : _2<sup>32</sup>_.
 -  For _i = 1 < u< 2<sup>32</sup>_:
 - - The _to_self_ :  32-byte x-only user child public key.
 - - The _to_remote_ :  32-byte x-only well-known LSP public key.
 - - The _keygen_ctx_ :  MuSig2 keygen context containing the aggregate key.
-- - The _addr_ : Expiring channel address.
 - - Let _to_self_ = _cbytes(pk<sub>i</sub>)_.
 - - Let _to_remote_ = _cbytes(bytes(33, 0x025de7cd8fd3a0a38f1cab124defd4c3043203c3f2b66328484e321d3ede5f84f6))_.
 - -  Let _keygen_ctx<sub>i</sub>_ = _KeyAgg([to_self, to_remote])_.
 - -  Let Q<sub>i</sub>, gacc<sub>i</sub>, and , tacc<sub>i</sub> = _keygen_ctx<sub>i</sub>_.
 
 ### Adding Refund Closure
+-  For _i = 1 < u< 2<sup>32</sup>_:
 - - The _ex_ :  a 2-byte minimally encoded channel expiry as relative locktime.
 - - The _ts_ : a 39-byte raw tapscript for a non-interactive refund closure.
+- - - The _addr_ : Expiring channel address.
 - - Let  _ex_ = _CScriptNum(26280)_.
 - - Let  _ts_ = `<ex> OP_CHECKSEQUENCEVERIFY OP_DROP <to_self> OP_CHECKSIG`.
 - - Let _ts<sub>hash</sub>_ = _hash<sub>TapLeaf</sub>(0xc0 || 0x27 || ts)_.