PSBT and Offline Signing
Tidecoin keeps the standard PSBT container and adds Tidecoin proprietary records for PQHD origin metadata. These records let an offline signer connect a visible public key to a PQHD seed ID and hardened derivation path without exposing the master seed to the online machine.
This page is the PSBT integration reference. It is not the full wallet API reference; see RPC Reference for exact command arguments.
Proprietary record
Tidecoin PQHD origin metadata is encoded as a PSBT proprietary record:
| Field | Value |
|---|---|
| Proprietary identifier | ASCII tidecoin. |
| Subtype | 0x01. |
| Map scope | Input or output proprietary map. |
| Key data | Serialized Tidecoin PQ public key. |
| Value | Seed ID plus six hardened path elements. |
The serialized public key in key data is the Tidecoin PQ public key:
scheme_prefix || raw_scheme_public_keyThe scheme prefix in the public key must match the scheme element in the PQHD path.
Value layout
The proprietary value stores:
seed_id32 || compact_size(path_len) || path_element[0] || ... || path_element[5]| Component | Encoding | Requirement |
|---|---|---|
seed_id32 | 32 bytes | PQHD SeedID32. |
path_len | CompactSize | Must be 6. |
| Path elements | Six little-endian uint32 values | Every element must be hardened. |
The path must validate as PQHD v1:
10007h / 6868h / schemeh / accounth / changeh / indexhchangeh must be 0h or 1h. The scheme element must be one of the registered
PQ scheme prefixes.
Decoded RPC display
When Tidecoin Core decodes a PSBT and recognizes PQHD origin records, it exposes
them as pqhd_origins objects on inputs or outputs:
| Field | Meaning |
|---|---|
pubkey | Tidecoin PQ public key bytes, hex encoded. |
seed_id | PQHD SeedID32, hex encoded. |
path | Hardened derivation path formatted like an HD keypath. |
The raw proprietary record is still preserved in the normal proprietary array.
Creating PSBTs with PQHD origins
Wallet RPCs suppress PQHD origin metadata by default for privacy. Include it only when a signing workflow needs it.
Commands that support the option expose it as include_pqhd_origins:
tidecoin-cli -rpcwallet="watch" walletprocesspsbt "<psbt>" false ALL true trueFor commands that accept an options object, set:
{
"include_pqhd_origins": true
}Exact argument positions vary by command. Check help <command> or
RPC Reference before wiring a production client.
Offline signing flow
A conservative offline signing flow is:
- Online watch wallet builds an unsigned or partially signed PSBT.
- Online wallet includes PQHD origin records for inputs that require offline signing.
- Operator transfers the PSBT to the offline signer.
- Offline signer decodes the PSBT and validates every PQHD origin record.
- Offline signer checks destination addresses, amounts, fees, and change.
- Offline signer derives leaf keys from local PQHD seed material and signs.
- Offline signer finalizes or returns a partially signed PSBT.
- Online broadcaster runs
testmempoolaccept. - Online broadcaster submits the final transaction.
The offline signer should refuse to sign if the PQHD path is non-hardened, has the wrong purpose or coin type, has a scheme mismatch, references an unknown seed ID, or asks for a scheme not active on the target network.
Validation checklist
Before accepting a PQHD origin record:
| Check | Requirement |
|---|---|
| Identifier | Exactly tidecoin. |
| Subtype | Exactly 0x01. |
| Public key | Valid Tidecoin PQ public key. |
| Seed ID | Present and known to the signer. |
| Path length | Exactly six elements. |
| Hardened bits | Every path element is hardened. |
| Purpose and coin type | 10007h and 6868h. |
| Scheme match | Path scheme equals public-key prefix. |
| Change branch | 0h or 1h. |
Unknown Tidecoin proprietary subtypes should be preserved during PSBT processing, but they should not be interpreted as signing authorization.
Privacy boundary
PQHD origin records are not private keys, but they do reveal wallet structure: seed IDs, account paths, change branches, and public keys. Do not include them in PSBTs sent to counterparties or public services unless the recipient genuinely needs them.
Source of truth
| Topic | Source |
|---|---|
| Proprietary identifier and subtype | ../tidecoin/src/psbt.h |
| PQHD origin encode/decode | ../tidecoin/src/psbt.cpp |
| Wallet PSBT origin insertion | ../tidecoin/src/wallet/scriptpubkeyman.cpp |
RPC decoded pqhd_origins display | ../tidecoin/src/rpc/rawtransaction.cpp |
| PQHD descriptor/path rules | PQHD Integration |
See also: Wallet Integration, Protocol / PQHD, Wallets / Import and Export.