diff --git a/README b/README
deleted file mode 100644
index e87a4913..00000000
--- a/README
+++ /dev/null
@@ -1,3 +0,0 @@
-Bitcoin Improvement Proposals
-
-See BIP 0001 for more information.
diff --git a/README.mediawiki b/README.mediawiki
new file mode 100644
index 00000000..ea9783a7
--- /dev/null
+++ b/README.mediawiki
@@ -0,0 +1,264 @@
+People wishing to submit BIPs, first should propose their idea or document to the mailing list. After discussion they should email Greg Maxwell <gmaxwell@gmail.com>. After copy-editing and acceptance, it will be published here.
+
+We are fairly liberal with approving BIPs, and try not to be too involved in decision making on behalf of the community. The exception is in very rare cases of dispute resolution when a decision is contentious and cannot be agreed upon. In those cases, the conservative option will always be preferred.
+
+Having a BIP here does not make it a formally accepted standard until its status becomes Active. For a BIP to become Active requires the mutual consent of the community.
+
+Those proposing changes should consider that ultimately consent may rest with the consensus of the Bitcoin users (see also: [https://en.bitcoin.it/wiki/Economic_majority economic majority]).
+
+{| class="wikitable sortable" style="width: auto; text-align: center; font-size: smaller; table-layout: fixed;"
+!Number
+!Title
+!Owner
+!Type
+!Status
+|- style="background-color: #cfffcf"
+| [[bip-0001.mediawiki|1]]
+| BIP Purpose and Guidelines
+| Amir Taaki
+| Standard
+| Active
+|-
+| [[bip-0010.mediawiki|10]]
+| Multi-Sig Transaction Distribution
+| Alan Reiner
+| Informational
+| Draft
+|- style="background-color: #cfffcf"
+| [[bip-0011.mediawiki|11]]
+| M-of-N Standard Transactions
+| Gavin Andresen
+| Standard
+| Accepted
+|- style="background-color: #ffcfcf"
+| [[bip-0012.mediawiki|12]]
+| OP_EVAL
+| Gavin Andresen
+| Standard
+| Withdrawn
+|- style="background-color: #cfffcf"
+| [[bip-0013.mediawiki|13]]
+| Address Format for pay-to-script-hash
+| Gavin Andresen
+| Standard
+| Final
+|- style="background-color: #cfffcf"
+| [[bip-0014.mediawiki|14]]
+| Protocol Version and User Agent
+| Amir Taaki, Patrick Strateman
+| Standard
+| Accepted
+|- style="background-color: #ffcfcf"
+| [[bip-0015.mediawiki|15]]
+| Aliases
+| Amir Taaki
+| Standard
+| Deferred
+|- style="background-color: #cfffcf"
+| [[bip-0016.mediawiki|16]]
+| Pay To Script Hash
+| Gavin Andresen
+| Standard
+| Final
+|- style="background-color: #ffcfcf"
+| [[bip-0017.mediawiki|17]]
+| OP_CHECKHASHVERIFY (CHV)
+| Luke Dashjr
+| Withdrawn
+| Draft
+|-
+| [[bip-0018.mediawiki|18]]
+| hashScriptCheck
+| Luke Dashjr
+| Standard
+| Draft
+|-
+| [[bip-0019.mediawiki|19]]
+| M-of-N Standard Transactions (Low SigOp)
+| Luke Dashjr
+| Standard
+| Draft
+|- style="background-color: #ffcfcf"
+| [[bip-0020.mediawiki|20]]
+| URI Scheme
+| Luke Dashjr
+| Standard
+| Replaced
+|- style="background-color: #cfffcf"
+| [[bip-0021.mediawiki|21]]
+| URI Scheme
+| Nils Schneider, Matt Corallo
+| Standard
+| Accepted
+|- style="background-color: #cfffcf"
+| [[bip-0022.mediawiki|22]]
+| getblocktemplate - Fundamentals
+| Luke Dashjr
+| Standard
+| Accepted
+|- style="background-color: #cfffcf"
+| [[bip-0023.mediawiki|23]]
+| getblocktemplate - Pooled Mining
+| Luke Dashjr
+| Standard
+| Accepted
+|- style="background-color: #cfffcf"
+| [[bip-0030.mediawiki|30]]
+| Duplicate transactions
+| Pieter Wuille
+| Standard
+| Final
+|- style="background-color: #cfffcf"
+| [[bip-0031.mediawiki|31]]
+| Pong message
+| Mike Hearn
+| Standard
+| Accepted
+|- style="background-color: #cfffcf"
+| [[bip-0032.mediawiki|32]]
+| Hierarchical Deterministic Wallets
+| Pieter Wuille
+| Informational
+| Accepted
+|-
+| [[bip-0033.mediawiki|33]]
+| Stratized Nodes
+| Amir Taaki
+| Standard
+| Draft
+|- style="background-color: #cfffcf"
+| [[bip-0034.mediawiki|34]]
+| Block v2, Height in coinbase
+| Gavin Andresen
+| Standard
+| Accepted
+|- style="background-color: #cfffcf"
+| [[bip-0035.mediawiki|35]]
+| mempool message
+| Jeff Garzik
+| Standard
+| Accepted
+|-
+| [[bip-0036.mediawiki|36]]
+| Custom Services
+| Stefan Thomas
+| Standard
+| Draft
+|- style="background-color: #cfffcf"
+| [[bip-0037.mediawiki|37]]
+| Bloom filtering
+| Mike Hearn and Matt Corallo
+| Standard
+| Accepted
+|-
+| [[bip-0038.mediawiki|38]]
+| Passphrase-protected private key
+| Mike Caldwell
+| Standard
+| Draft
+|-
+| [[bip-0039.mediawiki|39]]
+| Mnemonic code for generating deterministic keys
+| Slush
+| Standard
+| Draft
+|-
+| 40
+| Stratum wire protocol
+| Slush
+| Standard
+| BIP number allocated
+|-
+| 41
+| Stratum mining protocol
+| Slush
+| Standard
+| BIP number allocated
+|-
+| [[bip-0042.mediawiki|42]]
+| A finite monetary supply for Bitcoin
+| Pieter Wuille
+| Standard
+| Draft
+|-
+| [[bip-0043.mediawiki|43]]
+| Purpose Field for Deterministic Wallets
+| Slush
+| Standard
+| Draft
+|-
+| [[bip-0044.mediawiki|44]]
+| Multi-Account Hierarchy for Deterministic Wallets
+| Slush
+| Standard
+| Draft
+|-
+| [[bip-0045.mediawiki|45]]
+| Structure for Deterministic P2SH Multisignature Wallets
+| Manuel Araoz
+| Standard
+| Draft
+|-
+| [[bip-0050.mediawiki|50]]
+| March 2013 Chain Fork Post-Mortem
+| Gavin Andresen
+| Informational
+| Draft
+<!-- 50 series reserved for a group of post-mortems -->
+|-
+| [[bip-0060.mediawiki|60]]
+| Fixed Length "version" Message (Relay-Transactions Field)
+| Amir Taaki
+| Standard
+| Draft
+|-
+| [[bip-0061.mediawiki|61]]
+| "reject" P2P message
+| Gavin Andresen
+| Standard
+| Final
+|-
+| [[bip-0062.mediawiki|62]]
+| Dealing with malleability
+| Pieter Wuille
+| Standard
+| Draft
+|-
+| 63
+| Stealth Addresses
+| Peter Todd
+| Standard
+| BIP number allocated
+|-
+| [[bip-0064.mediawiki|64]]
+| getutxos message
+| Mike Hearn
+| Standard
+| Draft
+|-
+| [[bip-0070.mediawiki|70]]
+| Payment protocol
+| Gavin Andresen
+| Standard
+| Final
+|-
+| [[bip-0071.mediawiki|71]]
+| Payment protocol MIME types
+| Gavin Andresen
+| Standard
+| Final
+|-
+| [[bip-0072.mediawiki|72]]
+| Payment protocol URIs
+| Gavin Andresen
+| Standard
+| Final
+|-
+| [[bip-0073.mediawiki|73]]
+| Use "Accept" header with Payment Request URLs
+| Stephen Pair
+| Standard
+| Draft
+|}
+
+<!-- IMPORTANT!  See the instructions at the top of this page, do NOT JUST add BIPs here! -->
diff --git a/bip-0001.md b/bip-0001.mediawiki
similarity index 81%
rename from bip-0001.md
rename to bip-0001.mediawiki
index 433126b1..5c8a544f 100644
--- a/bip-0001.md
+++ b/bip-0001.mediawiki
@@ -1,10 +1,9 @@
 <pre>
   BIP: 1
   Title: BIP Purpose and Guidelines
-  Author: Amir Taaki <genjix@riseup.net>
-  Status: Active
+  Status: Accepted
   Type: Standards Track
-  Created: 19-08-2011
+  Created: 2011-08-19
 </pre>
 
 ==What is a BIP?==
@@ -13,37 +12,36 @@ BIP stands for Bitcoin Improvement Proposal. A BIP is a design document providin
 
 We intend BIPs to be the primary mechanisms for proposing new features, for collecting community input on an issue, and for documenting the design decisions that have gone into Bitcoin. The BIP author is responsible for building consensus within the community and documenting dissenting opinions.
 
-Because the BIPs are maintained as text files in a versioned repository, their revision history is the historical record of the feature proposal
-.
+Because the BIPs are maintained as text files in a versioned repository, their revision history is the historical record of the feature proposal.
 ==BIP Types==
 
 There are three kinds of BIP:
 
-* A Standards Track BIP describes any change that affects most or all Bitcoin implementations, such as a change to the network protocol, a change in block or transaction validitity rules, or any change or addition that affects the interoperability of applications using Bitcoin.
+* A Standards Track BIP describes any change that affects most or all Bitcoin implementations, such as a change to the network protocol, a change in block or transaction validity rules, or any change or addition that affects the interoperability of applications using Bitcoin.
 * An Informational BIP describes a Bitcoin design issue, or provides general guidelines or information to the Bitcoin community, but does not propose a new feature. Informational BIPs do not necessarily represent a Bitcoin community consensus or recommendation, so users and implementors are free to ignore Informational BIPs or follow their advice.
 * A Process BIP describes a process surrounding Bitcoin, or proposes a change to (or an event in) a process. Process BIPs are like Standards Track BIPs but apply to areas other than the Bitcoin protocol itself. They may propose an implementation, but not to Bitcoin's codebase; they often require community consensus; unlike Informational BIPs, they are more than recommendations, and users are typically not free to ignore them. Examples include procedures, guidelines, changes to the decision-making process, and changes to the tools or environment used in Bitcoin development. Any meta-BIP is also considered a Process BIP.
 
 ==BIP Work Flow==
 
-The BIP editors assign BIP numbers and change their status. Please send all BIP-related email to <BIPs@Bitcoin.org> (no cross-posting please). Also see BIP Editor Responsibilities & Workflow below.
+The BIP editors assign BIP numbers and change their status. Please send all BIP-related email to the BIP editor, which is listed under [[#BIP_Editors|BIP Editors]] below. Also see [[#BIP_Editor_Responsibilities__Workflow|BIP Editor Responsibilities & Workflow]].
 
-The BIP process begins with a new idea for Bitcoin. It is highly recommended that a single BIP contain a single key proposal or new idea. Small enhancements or patches often don't need a BIP and can be injected into the Bitcoin development work flow with a patch submission to the Bitcoin issue tracker. The more focussed the BIP, the more successful it tends to be. The BIP editor reserves the right to reject BIP proposals if they appear too unfocussed or too broad. If in doubt, split your BIP into several well-focussed ones.
+The BIP process begins with a new idea for Bitcoin. It is highly recommended that a single BIP contain a single key proposal or new idea. Small enhancements or patches often don't need a BIP and can be injected into the Bitcoin development work flow with a patch submission to the Bitcoin issue tracker. The more focused the BIP, the more successful it tends to be. The BIP editor reserves the right to reject BIP proposals if they appear too unfocused or too broad. If in doubt, split your BIP into several well-focused ones.
 
-Each BIP must have a champion -- someone who writes the BIP using the style and format described below, shepherds the discussions in the appropriate forums, and attempts to build community consensus around the idea. The BIP champion (a.k.a. Author) should first attempt to ascertain whether the idea is BIP-able. Posting to the [https://bitcointalk.org/index.php?board=6.0 Development&Technical Discussion] forum or the [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net] mailing list is the best way to go about this.
+Each BIP must have a champion -- someone who writes the BIP using the style and format described below, shepherds the discussions in the appropriate forums, and attempts to build community consensus around the idea. The BIP champion (a.k.a. Author) should first attempt to ascertain whether the idea is BIP-able. Posting to the [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net] mailing list (and maybe the [https://bitcointalk.org/index.php?board=6.0 Development&Technical Discussion] forum) is the best way to go about this.
 
 Vetting an idea publicly before going as far as writing a BIP is meant to save the potential author time. Many ideas have been brought forward for changing Bitcoin that have been rejected for various reasons. Asking the Bitcoin community first if an idea is original helps prevent too much time being spent on something that is guaranteed to be rejected based on prior discussions (searching the internet does not always do the trick). It also helps to make sure the idea is applicable to the entire community and not just the author. Just because an idea sounds good to the author does not mean it will work for most people in most areas where Bitcoin is used.
 
 Once the champion has asked the Bitcoin community as to whether an idea has any chance of acceptance, a draft BIP should be presented to [http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development bitcoin-development@lists.sourceforge.net]. This gives the author a chance to flesh out the draft BIP to make properly formatted, of high quality, and to address initial concerns about the proposal.
 
-Following a discussion, the proposal should be sent to the Bitcoin-dev list with the draft BIP and the BIP editors <BIPs@Bitcoin.org>. This draft must be written in BIP style as described below, else it will be sent back without further regard until proper formatting rules are followed.
+Following a discussion, the proposal should be sent to the Bitcoin-dev list and the BIP editor with the draft BIP. This draft must be written in BIP style as described below, else it will be sent back without further regard until proper formatting rules are followed.
 
-If the BIP editor approves, he will assign the BIP a number, label it as Standards Track, Informational, or Process, give it status "Draft", and create and create a page for it on the [[Bitcoin_Improvement_Proposals|Bitcoin Wiki]]. The BIP editor will not unreasonably deny a BIP. Reasons for denying BIP status include duplication of effort, being technically unsound, not providing proper motivation or addressing backwards compatibility, or not in keeping with the Bitcoin philosophy.
+If the BIP editor approves, he will assign the BIP a number, label it as Standards Track, Informational, or Process, give it status "Draft", and add it to the git repository. The BIP editor will not unreasonably deny a BIP. Reasons for denying BIP status include duplication of effort, being technically unsound, not providing proper motivation or addressing backwards compatibility, or not in keeping with the Bitcoin philosophy.
 
-The BIP author may update the Draft as necessary on the wiki.
+The BIP author may update the Draft as necessary in the git repository. Updates to drafts may also be submitted by the author as pull requests.
 
 Standards Track BIPs consist of two parts, a design document and a reference implementation. The BIP should be reviewed and accepted before a reference implementation is begun, unless a reference implementation will aid people in studying the BIP. Standards Track BIPs must include an implementation -- in the form of code, a patch, or a URL to same -- before it can be considered Final.
 
-BIP authors are responsible for collecting community feedback on a BIP before submitting it for review. However, wherever possible, long open-ended discussions on public mailing lists should be avoided. Strategies to keep the discussions efficient include: setting up a separate SIG mailing list for the topic, having the BIP author accept private comments in the early design phases, setting up a wiki page, etc. BIP authors should use their discretion here.
+BIP authors are responsible for collecting community feedback on a BIP before submitting it for review. However, wherever possible, long open-ended discussions on public mailing lists should be avoided. Strategies to keep the discussions efficient include: setting up a separate SIG mailing list for the topic, having the BIP author accept private comments in the early design phases, setting up a wiki page or git repository, etc. BIP authors should use their discretion here.
 
 For a BIP to be accepted it must meet certain minimum criteria. It must be a clear and complete description of the proposed enhancement. The enhancement must represent a net improvement. The proposed implementation, if applicable, must be solid and must not complicate the protocol unduly.
 
@@ -57,7 +55,7 @@ BIPs can also be superseded by a different BIP, rendering the original obsolete.
 
 The possible paths of the status of BIPs are as follows:
 
-[[File:bip-0001-1.png]]
+<img src=bip-0001/process.png></img>
 
 Some Informational and Process BIPs may also have a status of "Active" if they are never meant to be completed. E.g. BIP 1 (this BIP).
 
@@ -69,9 +67,9 @@ Each BIP should have the following parts:
 
 * Abstract -- a short (~200 word) description of the technical issue being addressed.
 
-* Copyright/public domain -- Each BIP must either be explicitly labelled as placed in the public domain (see this BIP as an example) or licensed under the Open Publication License [7].
+* Copyright/public domain -- Each BIP must either be explicitly labelled as placed in the public domain (see this BIP as an example) or licensed under the Open Publication License.
 
-* Specification -- The technical specification should describe the syntax and semantics of any new language feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current Bitcoin platforms (Satoshi, BitcoinJ, bitcoin-js, libbitcoin).
+* Specification -- The technical specification should describe the syntax and semantics of any new feature. The specification should be detailed enough to allow competing, interoperable implementations for any of the current Bitcoin platforms (Satoshi, BitcoinJ, bitcoin-js, libbitcoin).
 
 * Motivation -- The motivation is critical for BIPs that want to change the Bitcoin protocol. It should clearly explain why the existing protocol specification is inadequate to address the problem that the BIP solves. BIP submissions without sufficient motivation may be rejected outright.
 
@@ -87,7 +85,7 @@ Each BIP should have the following parts:
 
 ==BIP Formats and Templates==
 
-BIPs should be written in mediawiki wiki syntax. Image files should be included in the current subdirectory for that BIP.
+BIPs should be written in mediawiki or markdown format. Image files should be included in a subdirectory for that BIP.
 
 ==BIP Header Preamble==
 
@@ -101,7 +99,7 @@ Each BIP must begin with an RFC 822 style header preamble. The headers must appe
   Status: <Draft | Active | Accepted | Deferred | Rejected |
            Withdrawn | Final | Superseded>
   Type: <Standards Track | Informational | Process>
-  Created: <date created on, in dd-mm-yyyy format>
+  Created: <date created on, in ISO 8601 (yyyy-mm-dd) format>
 * Post-History: <dates of postings to bitcoin mailing list>
 * Replaces: <BIP number>
 * Superseded-By: <BIP number>
@@ -126,7 +124,7 @@ While a BIP is in private discussions (usually during the initial Draft phase),
 
 The Type header specifies the type of BIP: Standards Track, Informational, or Process.
 
-The Created header records the date that the BIP was assigned a number, while Post-History is used to record the dates of when new versions of the BIP are posted to bitcoin mailing lists. Both headers should be in dd-mmm-yyyy format, e.g. 14-Aug-2001.
+The Created header records the date that the BIP was assigned a number, while Post-History is used to record the dates of when new versions of the BIP are posted to bitcoin mailing lists. Both headers should be in yyyy-mm-dd format, e.g. 2001-08-14.
 
 BIPs may have a Requires header, indicating the BIP numbers that this BIP depends on.
 
@@ -139,10 +137,15 @@ BIPs may include auxiliary files such as diagrams. Such files must be named BIP-
 
 It occasionally becomes necessary to transfer ownership of BIPs to a new champion. In general, we'd like to retain the original author as a co-author of the transferred BIP, but that's really up to the original author. A good reason to transfer ownership is because the original author no longer has the time or interest in updating it or following through with the BIP process, or has fallen off the face of the 'net (i.e. is unreachable or not responding to email). A bad reason to transfer ownership is because you don't agree with the direction of the BIP. We try to build consensus around a BIP, but if that's not possible, you can always submit a competing BIP.
 
-If you are interested in assuming ownership of a BIP, send a message asking to take over, addressed to both the original author and the BIP editor <BIPs@bitcoin.org>. If the original author doesn't respond to email in a timely manner, the BIP editor will make a unilateral decision (it's not like such decisions can't be reversed :).
-BIP Editor Responsibilities & Workflow
+If you are interested in assuming ownership of a BIP, send a message asking to take over, addressed to both the original author and the BIP editor. If the original author doesn't respond to email in a timely manner, the BIP editor will make a unilateral decision (it's not like such decisions can't be reversed :).
 
-A BIP editor must subscribe to the <BIPs@bitcoin.org> list. All BIP-related correspondence should be sent (or CC'd) to <BIPs@bitcoin.org> (but please do not cross-post!).
+==BIP Editors==
+
+The current BIP editor is Gregory Maxwell who can be contacted at [[mailto:gmaxwell@gmail.com|gmaxwell@gmail.com]].
+
+==BIP Editor Responsibilities & Workflow==
+
+A BIP editor must subscribe to the Bitcoin development mailing list. All BIP-related correspondence should be sent (or CC'd) to gmaxwell@gmail.com.
 
 For each new BIP that comes in an editor does the following:
 
@@ -156,9 +159,9 @@ Once the BIP is ready for the repository, the BIP editor will:
 
 * Assign a BIP number (almost always just the next available number, but sometimes it's a special/joke number, like 666 or 3141).
 
-* List the BIP in BIP 0 (in two places: the categorized list, and the numeric list).
+* Add the BIP to the [https://github.com/bitcoin/bips bitcoin/bips] repository on GitHub.
 
-* Add the BIP to the wiki.
+* List the BIP in [[README.mediawiki]]
 
 * Send email back to the BIP author with next steps (post to bitcoin mailing list).
 
@@ -168,5 +171,4 @@ The editors don't pass judgement on BIPs. We merely do the administrative & edit
 
 ==History==
 
-This document was derived heavily from Python's PEP-0001. In many places text was simply copied and modified. Although the PEP-0001 text was written by Barry Warsaw, Jeremy Hylton, and David Goodger, they are not responsible for its use in the Bitcoin Improvement Process, and should not be bothered with technical questions specific to Bitcoin or the BIP process. Please direct all comments to the Bitcoin editors or the forums at bitcointalk.org.
-
+This document was derived heavily from Python's PEP-0001. In many places text was simply copied and modified. Although the PEP-0001 text was written by Barry Warsaw, Jeremy Hylton, and David Goodger, they are not responsible for its use in the Bitcoin Improvement Process, and should not be bothered with technical questions specific to Bitcoin or the BIP process. Please direct all comments to the BIP editors or the Bitcoin development mailing list.
diff --git a/bip-0001-1.png b/bip-0001/process.png
similarity index 100%
rename from bip-0001-1.png
rename to bip-0001/process.png
diff --git a/bip-0010.md b/bip-0010.md
deleted file mode 100644
index bd96ed6b..00000000
--- a/bip-0010.md
+++ /dev/null
@@ -1,98 +0,0 @@
-<pre>
-  BIP: 10
-  Title: Multi-Sig Transaction Distribution
-  Author: Alan Reiner  
-  Status: Draft 
-  Type: Informational
-  Created: 28-10-2011
-</pre>
-
-A multi-signature transaction is one where a certain number of Bitcoins are "encumbered" with more than one recipient address.  The subsequent transaction that spends these coins will require each party involved (or some subset, depending on the script), to see the final, proposed transaction, and sign it with their private key.  This necessarily requires collaboration between all parties -- to propose a distribution of encumbered funds, collect signatures from all necessary participants, and then broadcast the completed transaction.
-
-This BIP describes a protocol to standardize the representation of proposal transactions and the subsequent collection of signatures to execute multi-signature transactions.  The goal is to encourage a standard that guarantees interoperability of all programs that implement it.  
-
-==Motivation==
-
-The enabling of multi-signature transactions in Bitcoin will introduce a great deal of extra functionality to the users of the network, but also a great deal of extra complexity.  Executing a multi-signature tx will be a multi-step process, and will potentially get worse with multiple clients, each implementing this process differently.  By providing an efficient, standardized technique, we can improve the chance that developers will adopt compatible protocols and not bifurcate the user-base based on client selection.
-
-==Specification==
-
-This BIP proposes the following process, with terms in quotes referring to recommended terminology that should be encouraged across all implementations.  
-
-#  One party will initiate this process by creating a "Distribution Proposal", which could be abbreviated DP, or TxDP
-#  Transaction preparation -- the user creating the TxDP will create the transaction as they would like to see it spent (obviously without the signatures).  Then they will go through each input and replace its script with the script of the txout that the input is spending.  The reason for is so that ''receiving parties can sign with their private key without needing access to the blockchain.'' 
-#  This TxDP will be serialized (see below), which will include a tag identifying the TxDP in the serialization, as well as in the filename, if it is saved to file.
-#  The TxDP will have an "DP ID" which is the hash of the TxDP in Base58 -- the reason for the specific naming convention is to make sure it is not confused with the actual the transaction ID that it will have after it is broadcast (the transaction ID cannot be determined until after all signatures are collected).  The final Tx ID can be referred to as its "Broadcast ID", in order to distinguish it from the pre-signed ID. 
-#  The TxDP will have an unordered list of sig-pubkey pairs which represent collected signatures.  If you receive a TxDP missing only your signature, you can broadcast it as soon as you sign it.
-#  Identical TxDP objects with different signatures can be easily combined
-#  For cases where the TxDP might be put into a file to be sent via email, it should use .txdp or .btcdp suffix
-
-
-Anyone adopting BIP 0010 for multi-sig transactions will use the following format (without indentation):
-
-     '-----BEGIN-TRANSACTION-TXDPID-------'
-     ("_TXDIST_") (magicBytes) (base58Txid) (varIntTxSize)
-        (preparedTxSerializedHexLine0)
-        (preparedTxSerializedHexLine1)
-        (preparedTxSerializedHexLine2) 
-        ...
-     ("_TXINPUT_") (00) (InputValue)
-        ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
-        (SigHexRemainingLines)
-        ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
-        (SigHexRemainingLines)
-     ("_TXINPUT_") (01) (InputValue)
-        ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
-        (SigHexRemainingLines)
-     ("_TXINPUT_") (02) (InputValue)
-     '-------END-TRANSACTION-TXDPID-------'
-
-A multi-signature proposal that has 3 signatures on it could be stored in a file "Tx_QrtZ3K42n.txdp" and it would look something like:
-
- '''-----BEGIN-TXDP-----'''
- '''_TXDIST_f9beb4d9_QrtZ3K42n_fda5'''
- 204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e642062 
- 61696c6f757420666f722062616e6b73ffffffff0100f2052a01000000434104 
- 678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6 
- 49f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f 
- ac00000000f9beb4d9d7000000010000006fe28c0ab6f1b372c1a6a246ae63f7 
- 4f931e8365e15a089c68d6190000000000982051fd1e4ba744bbbe680e1fee14 
- 677ba1a3c3540bf7b1cdb606e857233e0e61bc6649ffff001d01e36299010100 
- fe328f9a3920119cbd3f1311f830039832abb3baf284625151f328f9a3920
- '''_TXINPUT_00_23.13000000'''
- _SIG_1Gffm3Kj3_02_7e_fa8d9127149200f568383a089c68d61900000000009
- 8205bbbe680e1fee1467744bbbe680e1fee14677ba1a3c3540bf7b1cdb606e85
- 7233e0e61bc6649
- '''_TXINPUT_01_4.00000000'''
- '''_TXINPUT_02_10.00000000'''
- _SIG_1QRTt83p8_007f ffff00db606e857233e0e61bc6649ffff00db60831f9
- 6efa8d9127149200f568383a089c68d619000000000098205bbbe680e1fee1
- 46770e1fee14677ba1a3c35
- _SIG_1m3Rk38fd_007f
- ffff00db606e857233e0e61bc6649ffff00db606efa8d9127149200f568383a0
- 89c68d619000000000098205bbbe680e1fee146770e1fee14677ba1a3c35
- '''------END-TXDP------'''
-
-In this transaction, there are 3 inputs, providing 23.13, 4.0 and 10.0 BTC, respectively.  Input 0 has one signature, input 1 has zero signatures, and input 2 has two signatures.
-
-The style of communication is taken directly from PGP/GPG, which uses blocks of ASCII like this to communicate encrypted messages and signatures.  This serialization is compact, and will be interpretted the same in all character encodings.  It can be copied inline into an email, or saved in a text file.  The advantage over the analogous PGP encoding is that there are some human readable elements to it, for users that wish to examine the TxDP packet manually, instead of requiring a program/parser to simply determine the core elements of the TxDP.
-
-A party receiving this TxDP can simply add their signature to the appropriate _TXINPUT_ line.  If that is the last signature required, they can broadcast it themselves.  Any software that implements this standard should be able to combine multiple TxDPs into a single TxDP.  However, even without the programmatic support, a user could manually combine them by copying the appropriate _TXSIGS_ lines between serializations, though it should not be the recommended method for combining TxDPs.
-
-== Reference Implementation ==
-
-This proposal has been implemented and tested in the ''Armory'' Bitcoin software for use in offline-wallet transaction signing (as a 1-of-1 transaction).  Armory does not have Multi-signature transaction support yet, but all the code is implemented, just untested.  The source code for this implementation be found in the [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py Armory Github project].  The PyTxDistProposal class implements all features of BIP 0010:
-  
-[https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4616 Create TxDP from list of unspent TxOuts]
-
-[https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4840 Serialization of TxDP]
-
-[https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4879 Unserialize a TxDP]
-
-[https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4795 Convert Completed TxDP to Broadcast-Tx]
-
-==Known Issues==
-
-One of the reasons TxDPs are versatile, is the ability for a device to "understand" and sign a transaction '''without''' access to the blockchain.  However, this means that any information included in the TxDP that is not part of the final broadcast transaction (such as input values), cannot be verified by the device.  i.e. Someone could create a TxDP and lie about the values of each input, knowing that the signing device will not be able to verify those values.  Since the final, serialized transaction does not include input values, the subsequent signature will be valid no matter what inputs values were provided.
-
-This is only a minor issue, since developers who are concerned about such "attacks" can choose to ignore non-signed fields in the TxDP.  Or, they can guarantee that all TxDPs will pass through a trusted system that ''does'' have access to the blockchain and can verify such information.
diff --git a/bip-0010.mediawiki b/bip-0010.mediawiki
new file mode 100644
index 00000000..b3d750ba
--- /dev/null
+++ b/bip-0010.mediawiki
@@ -0,0 +1,100 @@
+<pre>
+  BIP: 10
+  Title: Multi-Sig Transaction Distribution
+  Author: Alan Reiner
+  Status: Draft
+  Type: Informational
+  Created: 2011-10-28
+</pre>
+
+A multi-signature transaction is one where a certain number of Bitcoins are "encumbered" with more than one recipient address.  The subsequent transaction that spends these coins will require each party involved (or some subset, depending on the script), to see the proposed transaction and sign it with their private key.  This necessarily requires collaboration between all parties -- to propose a distribution of encumbered funds, collect signatures from all necessary participants, and then broadcast the completed transaction.
+
+This BIP describes a way standardize the encoding of proposal transactions, to assist with signature collection and broadcast (which includes regular, 1-of-1 transactions requiring signatures from an offline computer).  The goal is to encourage a standard that guarantees interoperability of all programs that implement it.
+
+
+==Motivation==
+
+The enabling of multi-signature transactions in Bitcoin will introduce a great deal of extra functionality to the users of the network, but also a great deal of extra complexity.  Executing a multi-signature tx will be a multi-step process, and will potentially get worse with multiple clients, each implementing this process differently.  By providing an efficient, standardized technique, we can improve the chance that developers will adopt compatible protocols and not bifurcate the user-base based on client selection.
+
+In addition to providing a general encoding scheme for transaction signing/collection, it does not require the signing device to hold any blockchain information (all information needed for verification and signing is part of the encoding).  This enables the existence of very lightweight devices that can be used for signing since they do not need the blockchain -- only a minimal set of Bitcoin tools and an ECDSA module.  Therefore, BIP 0010 has benefit beyond just multi-signature transactions.
+
+==Specification==
+
+This BIP proposes the following process, with terms in quotes referring to recommended terminology that should be encouraged across all implementations.
+
+#  One party will initiate this process by creating a "Distribution Proposal", which could be abbreviated DP, or TxDP
+#  The user creating the TxDP (the preparer) will create the transaction as they would like to see it spent, but with blank TxIn scripts (where the signatures scripts will eventually go).
+#  The proposed transaction will be spending a set of unspent TxOuts available in the blockchain.  The full transactions containing these TxOuts will be serialized and included, as well.  This so that the values of the TxIns can be verified before signing (the prev-tx-hash is part of the data being signed, but the value is not).  By including the full tx, the signing party can verify that the tx matches the OutPoint hash, and then verify input values, all without any access to the blockchain.
+#  The TxDP will have an "DP ID" or "Unsigned ID" which is the hash of the proposed transaction with blanked scripts, in Base58.  This is a specific naming convention to make sure it is not confused with the actual the transaction ID that it will have after it is broadcast (the transaction ID cannot be determined until after all signatures are collected).  The final Tx ID can be referred to as its "Broadcast ID", in order to distinguish it from the pre-signed ID.
+#  The TxDP will have a potentially-unordered list of sig-pubkey pairs which represent collected signatures.  If you receive a TxDP missing only your signature, you can broadcast it as soon as you sign it.
+#  Identical TxDP objects with different signatures can be easily combined.  This allows one party to send out all the requests for signatures at once, and combine them all when they are received (instead of having to "pass it around".
+#  For cases where the TxDP might be put into a file or sent via email, it should use .txdp or .btcdp suffix
+
+Anyone adopting BIP 0010 for multi-sig transactions will use the following format (without indentation):
+
+<pre>
+ '-----BEGIN-TRANSACTION-TXDPID-------'
+ ("_TXDIST_") (magicBytes) (base58Txid) (varIntTxSize)
+    (serializedTxListInHex_Line1)
+    (serializedTxListInHex_Line2)
+    (serializedTxListInHex_Line3)
+    ...
+ ("_TXINPUT_") (00) (InputValue)
+    ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
+    (SigHexRemainingLines)
+    ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
+    (SigHexRemainingLines)
+ ("_TXINPUT_") (01) (InputValue)
+    ("_SIG_") (AddrBase58) (SigBytes) (SigHexPart0)
+    (SigHexRemainingLines)
+ ("_TXINPUT_") (02) (InputValue)
+ '-------END-TRANSACTION-TXDPID-------'
+</pre>
+
+The following is an example TxDP from Armory, produced while running on the test network.  Its DPID is 3fX59xPj:
+
+</pre>
+ -----BEGIN-TRANSACTION-3fX59xPj-------------------------------------------------
+ _TXDIST_fabfb5da_3fX59xPj_00a0
+ 010000000292807c8e70a28c687daea2998d6273d074e56fa8a55a0b10556974cf2b526e61000000
+ 0000ffffffffe3c1ee0711611b01af3dee55b1484f0d6b65d17dce4eff0e6e06242e6cf457e10000
+ 000000ffffffff02b0feea0b000000001976a91457996661391fa4e95bed27d7e8fe47f47cb8e428
+ 88ac00a0acb9030000001976a914dc504e07b1107110f601fb679dd3f56cee9ff71e88ac00000000
+ 0100000001eb626e4f73d88f415a8e8cb32b8d73eed47aa1039d0ed2f013abdc741ce6828c010000
+ 008c493046022100b0da540e4924518f8989a9da798ca2d9e761b69a173b8cc41a3e3e3c6d77cd50
+ 022100ecfa61730e58005338420516744ef680428dcfc05022dec70a851365c8575b190141042dc5
+ be3afa5887aee4a377032ed014361b0b9b61eb3ea6b8a8821bfe13ee4b65cd25d9630e4f227a53e8
+ bf637f85452c9981bcbd64ef77e22ce97b0f547c783effffffff0200d6117e030000001976a914cf
+ f580fd243f64f0ad7bf69faf41c0bf42d86d8988ac00205fa0120000001976a9148d573ef6984fd9
+ f8847d420001f7ac49b222a24988ac000000000100000001f2782db40ae147398a31cff9c7cc3423
+ 014a073a92e463741244330cc304168f000000008c493046022100c9311b9eef0cc69219cb96838f
+ dd621530a80c46269a00dccc66498bc03ccf7a0221003742ee652a0a76fd28ad81aa73bb7f7a0a6a
+ 81850af58f62d9a184d10e5eec30014104f815e8ef4cad584e04974889d7636e8933803d2e72991d
+ b5288c9e953c2465533905f98b7b688898c7c1f0708f2e49f0dd0abc06859ffed5144e8a1018a4e8
+ 63ffffffff02008c8647000000001976a914d4e211215967f8e3744693bf85f47eb4ee9567fc88ac
+ 603d4e95010000001976a914e9a6b50901c1969d2b0fd43a3ccfa3fef3291efe88ac00000000
+ _TXINPUT_00_150.00000000
+ _SIG_mzUYGfqGpyXmppYpmWJ31Y4zTxR4ZCod22_00_008c
+ 4930460221007699967c3ec09d072599558d2e7082fae0820206b63aa66afea124634ed11a080221
+ 0003346f7e963e645ecae2855026dc7332eb7237012539b34cd441c3cef97fbd4d01410497d5e1a0
+ 0e1db90e893d1f2e547e2ee83b5d6bf4ddaa3d514e6dc2d94b6bcb5a72be1fcec766b8c382502caa
+ 9ec09fe478bad07d3f38ff47b2eb42e681c384cc
+ _TXINPUT_01_12.00000000
+ _SIG_mzvaN8JUhHLz3Gdec1zBRxs5rNaYLQnbD1_01_008c
+ 49304602210081554f8b08a1ad8caa69e34f4794d54952dac7c5efcf2afe080985d6bd5b00770221
+ 00dea20ca3dbae1d15ec61bec57b4b8062e7d7c47614aba032c5a32f651f471cfd014104c30936d2
+ 456298a566aa76fefeab8a7cb7a91e8a936a11757c911b4c669f0434d12ab0936fc13986b156156f
+ 9b389ed244bbb580112be07dbe23949a4764dffb
+ -------END-TRANSACTION-3fX59xPj-------------------------------------------------
+</pre>
+
+In this transaction, there are two inputs, one of 150 BTC and the other of 12 BTC.  This transaction combines 162 BTC to create two outputs, one of 160 BTC, one 1.9995 BTC, and a tx fee of 0.0005.  In this TxDP, both inputs have been signed, and thus could broadcast immediately.
+
+The style of communication is taken directly from PGP/GPG, which uses blocks of ASCII like this to communicate encrypted messages and signatures.  This serialization is compact, and will be interpretted the same in all character encodings.  It can be copied inline into an email, or saved in a text file.  The advantage over the analogous PGP encoding is that there are some human readable elements to it, for users that wish to examine the TxDP packet manually, instead of requiring a program to parse the core elements of the TxDP.
+
+A party receiving this TxDP can simply add their signature to the appropriate _TXINPUT_ line.  If that is the last signature required, they can broadcast it themselves.  Any software that implements this standard should be able to combine multiple TxDPs into a single TxDP.  However, even without the programmatic support, a user could manually combine them by copying the appropriate _TXSIGS_ lines between serializations, though it is not the recommended method for combining TxDPs.
+
+== Reference Implementation ==
+
+This proposal has been implemented and tested in the ''Armory'' Bitcoin software for use in offline-wallet transaction signing (as a 1-of-1 transaction), and will eventually use it for multi-signature transcations.  The source code for this implementation be found in the [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py Armory Github project].  Specifically, the [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L4704 PyTxDistProposal class] implements all features of BIP 0010.  It contains reference code for both
+[https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L5095 serializing a TxDP] and [https://github.com/etotheipi/BitcoinArmory/blob/qtdev/armoryengine.py#L5143 unserializing a TxDP].
diff --git a/bip-0011.md b/bip-0011.mediawiki
similarity index 98%
rename from bip-0011.md
rename to bip-0011.mediawiki
index 3eba9337..2499ac03 100644
--- a/bip-0011.md
+++ b/bip-0011.mediawiki
@@ -4,8 +4,8 @@
   Author: Gavin Andresen <gavinandresen@gmail.com>
   Status: Accepted
   Type: Standards Track
-  Created: 18-10-2011
-  Post-History: 02-10-2011
+  Created: 2011-10-18
+  Post-History: 2011-10-02
 </pre>
 
 ==Abstract==
@@ -56,4 +56,3 @@ https://github.com/gavinandresen/bitcoin-git/tree/op_eval
 == Post History ==
 
 * [https://bitcointalk.org/index.php?topic=46538 OP_EVAL proposal]
-
diff --git a/bip-0012.md b/bip-0012.mediawiki
similarity index 99%
rename from bip-0012.md
rename to bip-0012.mediawiki
index 37542ebd..ee2fda6b 100644
--- a/bip-0012.md
+++ b/bip-0012.mediawiki
@@ -4,7 +4,7 @@
   Author: Gavin Andresen <gavinandresen@gmail.com>
   Status: Withdrawn
   Type: Standards Track
-  Created: 18-10-2011
+  Created: 2011-10-18
 </pre>
 
 ==Abstract==
@@ -81,5 +81,3 @@ https://bitcointalk.org/index.php?topic=46538
 "Bitcoin Address 01" BIP
 
 M-of-N Multisignature Transactions BIP 11
-
-
diff --git a/bip-0013.md b/bip-0013.mediawiki
similarity index 78%
rename from bip-0013.md
rename to bip-0013.mediawiki
index 97b8b8b5..a537d16a 100644
--- a/bip-0013.md
+++ b/bip-0013.mediawiki
@@ -1,11 +1,12 @@
 <pre>
   BIP: 13
-  Title: Address Format for OP_EVAL
+  Title: Address Format for pay-to-script-hash
   Author: Gavin Andresen <gavinandresen@gmail.com>
-  Status: Accepted
+  Status: Final
   Type: Standards Track
-  Created: 18-10-2011
+  Created: 2011-10-18
 </pre>
+
 ==Abstract==
 
 This BIP describes a new type of Bitcoin address to support arbitrarily complex transactions.  Complexity in this context is defined as what information is needed by the recipient to respend the received coins, in contrast to needing a single ECDSA private key as in current implementations of Bitcoin.
@@ -22,13 +23,13 @@ The new bitcoin address type is constructed in the same manner as existing bitco
 
     base58-encode: [one-byte version][20-byte hash][4-byte checksum]
 
-Version byte is 2 for a main-network address, 109 for a testnet address.
+Version byte is 5 for a main-network address, 196 for a testnet address.
 The 20-byte hash is the hash of the script that will be used to redeem the coins.
-And the 4-byte checksum is the first four bytes of the SHA256 hash of the version and hash.
+And the 4-byte checksum is the first four bytes of the double SHA256 hash of the version and hash.
 
 ==Rationale==
 
-One criticism is that bitcoin addresses should be deprecated in favor of a more user-friendly mechanism for payments, and that this will just encourage continued use of a poorly designed mechanism. 
+One criticism is that bitcoin addresses should be deprecated in favor of a more user-friendly mechanism for payments, and that this will just encourage continued use of a poorly designed mechanism.
 
 Another criticism is that bitcoin addresses are inherently insecure because there is no identity information tied to them; if you only have a bitcoin address, how can you be certain that you're paying who or what you think you're paying?
 
@@ -38,15 +39,18 @@ This is one piece of the simplest path to a more secure bitcoin infrastructure.
 
 Assuming that typing in bitcoin addresses manually will become increasingly rare in the future, and given that the existing checksum method for bitcoin addresses seems to work "well enough" in practice and has already been implemented multiple times, the Author believes no change to the checksum algorithm is necessary.
 
+The leading version bytes are chosen so that, after base58 encoding, the leading character is consistent: for the main network, byte 5 becomes the character '3'. For the testnet, byte 196 is encoded into '2'.
+
 ==Backwards Compatibility==
 
 This proposal is not backwards compatible, but it fails gracefully-- if an older implementation is given one of these new bitcoin addresses, it will report the address as invalid and will refuse to create a transaction.
 
 ==Reference Implementation==
 
-https://github.com/gavinandresen/bitcoin-git/tree/op_eval
+See base58.cpp1/base58.h at https://github.com/bitcoin/bitcoin/src
 
 ==See Also==
 
-The OP_EVAL BIP.
-
+* [[bip-0012.mediawiki|BIP 12: OP_EVAL, the original P2SH design]]
+* [[bip-0016.mediawiki|BIP 16: Pay to Script Hash (aka "/P2SH/")]]
+* [[bip-0017.mediawiki|BIP 17: OP_CHECKHASHVERIFY, another P2SH design]]
diff --git a/bip-0014.md b/bip-0014.mediawiki
similarity index 97%
rename from bip-0014.md
rename to bip-0014.mediawiki
index 12cbacbc..111eb78b 100644
--- a/bip-0014.md
+++ b/bip-0014.mediawiki
@@ -1,12 +1,12 @@
 <pre>
   BIP: 14
-  Title: Protocol Version and User Agent
+  Title: BIP Protocol Version and User Agent
   Author: Amir Taaki <genjix@riseup.net>
           Patrick Strateman <bitcoin-bips@covertinferno.org>
   Status: Accepted
   Type: Standards Track
-  Created: 10-11-2011
-  Post-History: 02-11-2011
+  Created: 2011-11-10
+  Post-History: 2011-11-02
 </pre>
 
 In this document, bitcoin will be used to refer to the protocol while Satoshi will refer to the current client in order to prevent confusion.
@@ -66,7 +66,7 @@ Here bitcoin-qt and Spesmilo may use protocol version 5.0, however the internal
 * Version numbers in the form of Major.Minor.Revision (2.6.41)
 * Repository builds using a date in the format of YYYYMMDD (20110128)
 
-For git repository builds, implementations are free to use the git commitish. However the issue lies in that it is not immediately obvious without the repository which version proceeds another. For this reason, we lightly recommend dates in the format specified above, although this is by no means a requirement.
+For git repository builds, implementations are free to use the git commitish. However the issue lies in that it is not immediately obvious without the repository which version precedes another. For this reason, we lightly recommend dates in the format specified above, although this is by no means a requirement.
 
 Optional -r1, -r2, ... can be appended to user agent version numbers. This is another light recommendation, but not a requirement. Implementations are free to specify version numbers in whatever format needed insofar as it does not include (, ), : or / to interfere with the user agent syntax.
 
@@ -80,11 +80,10 @@ Reserved symbols are therefore: / : ( )
 
 They should not be misused beyond what is specified in this section.
 
-* / seperates the code-stack
+* / separates the code-stack
 * : specifies the implementation version of the particular stack
 * ( and ) delimits a comment which optionally separates data using ;
 
 == Timeline ==
 
 When this document was published, the bitcoin protocol and Satoshi client versions were currently at 0.5 and undergoing changes. In order to minimise disruption and allow the undergoing changes to be completed, the next protocol version at 0.6 became peeled from the client version (also at 0.6). As of that time (January 2012), protocol and implementation version numbers are distinct from each other.
-
diff --git a/bip-0015.md b/bip-0015.mediawiki
similarity index 73%
rename from bip-0015.md
rename to bip-0015.mediawiki
index 8f86335d..c08498f1 100644
--- a/bip-0015.md
+++ b/bip-0015.mediawiki
@@ -1,12 +1,14 @@
 <pre>
   BIP: 15
-  Title: Aliases
+  Title: BIP Aliases
   Author: Amir Taaki <genjix@riseup.net>
-  Status: Withdrawn
+  Status: Deferred
   Type: Standards Track
-  Created: 10-12-2011
+  Created: 2011-12-10
 </pre>
 
+[[bip-0070.mediawiki|BIP 0070]] (payment protocol) may be seen as the alternative to Aliases.
+
 Using vanilla bitcoin, to send funds to a destination, an address in the form 1Hd44nkJfNAcPJeZyrGC5sKJS1TzgmCTjjZ is needed. The problem with using addresses is they are not easy to remember. An analogy can be thought if one were required to enter the IP address of their favourite websites if domain names did not exist.
 
 This document aims to layout through careful argument, a bitcoin alias system. This is a big modification to the protocol that is not easily changed in the future and has big ramifications. There is impetus in getting it correct the first time. Aliases have to be robust and secure.
@@ -31,7 +33,7 @@ Their FirstBits alias becomes:
 
 It is enough information to be given the FirstBits alias ''1brmlab''. When someone wishes to make a purchase, without FirstBits, they either have to type out their address laboriously by hand, scan their QR code (which requires a mobile handset that this author does not own) or find their address on the internet to copy and paste into the client to send bitcoins. FirstBits alleviates this impracticality by providing an easy method to make payments.
 
-Together with Vanitygen (vanity generator), it becomes possible to create memorable unique named addresses. Addresses that are meaningful, rather than an odd assemblage of letters and numbers but add context to the destination.
+Together with [[vanitygen|Vanitygen (vanity generator)]], it becomes possible to create memorable unique named addresses. Addresses that are meaningful, rather than an odd assemblage of letters and numbers but add context to the destination.
 
 However FirstBits has its own problems. One is that the possible aliases one is able to generate is limited by the available computing power available. It may not be feasible to generate a complete or precise alias that is wanted- only approximates may be possible. It is also computationally resource intensive which means a large expenditure of power for generating unique aliases in the future, and may not scale up to the level of individuals at home or participants with hand-held devices in an environment of ubiquitous computing.
 
@@ -49,6 +51,8 @@ Security wise, DNS is unsafe and insecure by design. It is possible to spoof rec
 
 As of Dec 2011, DNSSEC is still not yet a defacto standard on the internet. Should a participant in the bitcoin network wish to use DNS TXT records, they would in addition to having to configure DNS, be able to setup DNSSEC. This may not be feasible, especially where some registrars provide access to DNS through a web interface only.
 
+The disadvantage of DNS TXT records is that updating a record takes time. This encourages people to not use new addresses per transaction which has certain security issues.
+
 === Server Service ===
 
 Aside from using DNS TXT records, another possibility is using the domain name system to lookup hosts and then contact a service running on a predefined port to get the bitcoin address.
@@ -91,7 +95,7 @@ It also scales reasonably- anybody wishing to run a naming service can attach a
 
 A naive implementation is provided below as an example.
 
-<source lang="cpp">
+<pre>
 // resolv.h
 #ifndef NOMRESOLV_H__
 #define NOMRESOLV_H__
@@ -145,7 +149,7 @@ private:
     bool Perform();
 
     // CURL error message
-    char pErrorBuffer[CURL_ERROR_SIZE];  
+    char pErrorBuffer[CURL_ERROR_SIZE];
     // CURL response
     string strBuffer;
     // CURL handle
@@ -153,9 +157,9 @@ private:
 };
 
 #endif
-</source>
+</pre>
 
-<source lang="cpp">
+<pre>
 // resolv.cpp
 #include "resolv.h"
 
@@ -164,16 +168,16 @@ private:
 #include "access.h"
 
 // callback used to write response from the server
-static int writer(char *pData, size_t nSize, size_t nNmemb, std::string *pBuffer)  
-{  
-  int nResult = 0;  
-  if (pBuffer != NULL)  
-  {  
-    pBuffer->append(pData, nSize * nNmemb);  
-    // How much did we write?  
-    nResult = nSize * nNmemb;  
-  }  
-  return nResult;  
+static int writer(char *pData, size_t nSize, size_t nNmemb, std::string *pBuffer)
+{
+  int nResult = 0;
+  if (pBuffer != NULL)
+  {
+    pBuffer->append(pData, nSize * nNmemb);
+    // How much did we write?
+    nResult = nSize * nNmemb;
+  }
+  return nResult;
 }
 
 NameResolutionService::NameResolutionService()
@@ -181,17 +185,17 @@ NameResolutionService::NameResolutionService()
     // Initialise CURL with our various options.
     curl = curl_easy_init();
     // This goes first in case of any problems below. We get an error message.
-    curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, pErrorBuffer);  
+    curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, pErrorBuffer);
     // fail when server sends >= 404
-    curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);  
-    curl_easy_setopt(curl, CURLOPT_HEADER, 0);  
-    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);  
+    curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1);
+    curl_easy_setopt(curl, CURLOPT_HEADER, 0);
+    curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1);
     curl_easy_setopt(curl, CURLOPT_POSTREDIR, CURL_REDIR_POST_302);
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);  
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writer);
     curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_TRY);
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
     // server response goes in strBuffer
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &strBuffer);  
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &strBuffer);
     pErrorBuffer[0] = '\0';
 }
 NameResolutionService::~NameResolutionService()
@@ -209,7 +213,7 @@ void NameResolutionService::ExplodeHandle(const string& strHandle, string& strNi
 bool NameResolutionService::Perform()
 {
     // Called after everything has been setup. This actually does the request.
-    CURLcode result = curl_easy_perform(curl);  
+    CURLcode result = curl_easy_perform(curl);
     return (result == CURLE_OK);
 }
 
@@ -229,7 +233,7 @@ string NameResolutionService::FetchAddress(const string& strHandle, string& strA
     // construct url for GET request
     string strRequestUrl = strDomain + "/bitcoin-alias/?handle=" + pszEncodedNick;
     // Pass URL to CURL
-    curl_easy_setopt(curl, CURLOPT_URL, strRequestUrl.c_str());  
+    curl_easy_setopt(curl, CURLOPT_URL, strRequestUrl.c_str());
     if (!Perform())
         return pErrorBuffer;
     // Server should respond with a JSON that has the address in.
@@ -273,7 +277,7 @@ const Object CheckMaybeThrow(const string& strJsonIn)
     // Now check for a key called "error"
     const Value& error  = find_value(request, "error");
     // It's an error JSON! so propagate the error.
-    if (error.type() != null_type)   
+    if (error.type() != null_type)
         throw JSONRPCError(-4, error.get_str());
     // Return JSON object
     return request;
@@ -284,7 +288,7 @@ const string CollectAddress(const string& strIn)
     // If the handle does not have an @ in it, then it's a normal base58 bitcoin address
     if (strIn.find('@') == (size_t)-1)
         return strIn;
-    
+
     // Open the lookup service
     NameResolutionService ns;
     // We established that the input string is not a BTC address, so we use it as a handle now.
@@ -308,7 +312,7 @@ Value rpc_send(const Array& params, bool fHelp)
         throw runtime_error(
             "send <name@domain or address> <amount>\n"
             "<amount> is a real and is rounded to the nearest 0.01");
-    
+
     // Intelligent function which looks up address given handle, or returns address
     string strAddy = CollectAddress(params[0].get_str());
     int64 nAmount = AmountFromValue(params[1]);
@@ -321,5 +325,77 @@ Value rpc_send(const Array& params, bool fHelp)
 }
 
 ...
-</source>
+</pre>
+
+=== IP Transactions ===
+
+An IP transaction is an old transaction format in bitcoin that is disabled and possibly could be deprecated. It involves being given an IP address to make payment to. Upon connecting to the node and requesting their public key using "checkorder", they will respond with a script in the form:
+
+  <public key> OP_CHECKSIG
+
+Similar to coinbase output transactions. IP transactions have the advantage of being able to contain additional metadata which can be useful in many transactions. Currently no authentication is done making the scheme insecure against man in the middle (MITM) attacks.
+
+This proposal seeks to enable DNS lookups for IP transactions.
+
+The "checkorder" message would contain a destination account, which could map to different isolated sets of keypairs/wallets running under the same host. The exact mapping from the checkorder reference info to the local system is implementation defined.
+
+By using DNS lookups, the MITM problem with IP transactions could be mitigated by storing a public key in a DNS TXT record. This public key would be used for all future "reply" messages originating from that host. First time use would require a confirmation for acceptance of that public key; like with SSH. Should the "reply" message not match the accepted public key, then the host will be given an error.
+
+[[Category:BIP|E]]
+
+=== Namecoin ID ===
+
+This proposal uses the Namecoin blockchain to associate an alias with a bitcoin address. Bitcoin queries a namecoin node. This retreives the structured data containing the bitcoin address(es) associated with this alias.
+
+Using a decentralised domain name system like Namecoin, means no external server or entity needs to be trusted unlike the other proposals listed here. This indicates a system with the advantage of having a high availability and ease of entry (no restrictions for users to create aliases).
+
+Two examples are presented below. The first shows a simpler format, while the second shows several Bitcoin addresses in a structured format.
+
+ $ namecoind name_show id/khal
+ {
+   "bitcoin" : "1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T"
+ }
+
+ $ namecoind name_show id/khal
+ {
+   "bitcoin" :
+   {
+     "default" : "1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T",
+     "donation": "1J3EKMfboca3SESWGrQKESsG1MA9yK6vN4"
+   }
+ }
+
+'''More possibilities :'''
+
+* Allow to securely use '''unsecured channels'''
+You can put an url and a bitcoin address that will be used to sign the result. It means that a query to this url will return a bitcoin address and a signature. Bitcoin can then check (with the verify_message function) that the returned address has not been replaced by another one.
+ $ namecoind name_show id/khal
+ {
+   "bitcoin" :
+   {
+     "url" : "http://merchant.com/bitcoin/getnewaddres/",
+     "signedWith" : "1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T"
+   }
+ }
+
+* Allow to get a different address each time, or per user, per order, etc
+ $ namecoind name_show id/khal
+ {
+   "bitcoin" :
+   {
+     "url" : "http://merchant.com/bitcoin/getaddres/{Your customer id}",
+     "signedWith" : "1KHAL8bUjnkMRMg9yd2dNrYnJgZGH8Nj6T",
+     "useOnce": false
+   }
+ }
+In the above example, bitcoin will ask the user for "Your customer id" and replace that value in the url before making the http request. The merchant will receive the request and give the user a payment address associated with that customer.
+
+Any text can be put into the brackets, allowing merchants to adapt it to all their needs.
+
+
+* Specification is extensible
+
+New features can be added later to support uncovered cases.
+
 
+See the specification of [http://dot-bit.org/Namespace:Identity Namecoin ID] for more informations.
diff --git a/bip-0016.md b/bip-0016.mediawiki
similarity index 78%
rename from bip-0016.md
rename to bip-0016.mediawiki
index 68c03547..0a539fc2 100644
--- a/bip-0016.md
+++ b/bip-0016.mediawiki
@@ -2,9 +2,9 @@
   BIP: 16
   Title: Pay to Script Hash
   Author: Gavin Andresen <gavinandresen@gmail.com>
-  Status: Accepted
+  Status: Final
   Type: Standards Track
-  Created: 03-01-2012
+  Created: 2012-01-03
 </pre>
 
 ==Abstract==
@@ -29,7 +29,7 @@ This new transaction type is redeemed by a standard scriptSig:
 
     ...signatures... {serialized script}
 
-Transactions that redeem these pay-to-script outpoints are only considered standard if the ''serialized script'' is, itself, one of the other standard transaction types.
+Transactions that redeem these pay-to-script outpoints are only considered standard if the ''serialized script'' - also referred to as the ''redeemScript'' - is, itself, one of the other standard transaction types.
 
 The rules for validating these outpoints when relaying transactions or considering them for inclusion in a new block are as follows:
 
@@ -37,7 +37,7 @@ The rules for validating these outpoints when relaying transactions or consideri
 # Normal validation is done: an initial stack is created from the signatures and {serialized script}, and the hash of the script is computed and validation fails immediately if it does not match the hash in the outpoint.
 # {serialized script} is popped off the initial stack, and the transaction is validated again using the popped stack and the deserialized script as the scriptPubKey.
 
-These same rules shall be applied when validating transactions in blocks with timestamps after February 15, 2012 (see the Backwards Compatibility section for details).
+These new rules should only be applied when validating transactions in blocks with timestamps >= 1333238400 (Apr 1 2012) <ref>[https://github.com/bitcoin/bitcoin/commit/8f188ece3c82c4cf5d52a3363e7643c23169c0ff Remove -bip16 and -paytoscripthashtime command-line arguments]</ref>. There are transaction earlier than 13333238400 in the block chain that fail these new validation rules. <ref>[http://blockexplorer.com/tx/6a26d2ecb67f27d1fa5524763b49029d7106e91e3cc05743073461a719776192 Transaction 6a26d2ecb67f27d1fa5524763b49029d7106e91e3cc05743073461a719776192]</ref>. Older transactions must be validated under the old rules. (see the Backwards Compatibility section for details).
 
 For example, the scriptPubKey and corresponding scriptSig for a one-signature-required transaction is:
 
@@ -88,7 +88,7 @@ Avoiding a block-chain split by malicious pay-to-script transactions requires ca
 
 * A pay-to-script-hash transaction that is invalid for new clients/miners but valid for old clients/miners.
 
-To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time. 
+To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time.
 
 To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "/P2SH/" in the input of the coinbase transaction for blocks that they create.
 
@@ -96,13 +96,21 @@ On February 1, 2012, the block-chain will be examined to determine the number of
 
 If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
 
+===520-byte limitation on serialized script size===
+
+As a consequence of the requirement for backwards compatiblity the serialized script is itself subject to the same rules as any other PUSHDATA operation, including the rule that no data greater than 520 bytes may be pushed to the stack. Thus is it not possible to spend a P2SH output if the redemption script it refers to is >520 bytes in length. For instance while the OP_CHECKMULTISIG opcode can itself accept up to 20 pubkeys, with 33-byte compressed pubkeys it is only possible to spend a P2SH output requiring a maximum of 15 pubkeys to redeem: 3 bytes + 15 pubkeys * 34 bytes/pubkey = 513 bytes.
+
+
 ==Reference Implementation==
 
-Coming Soon
+https://gist.github.com/gavinandresen/3966071
 
 ==See Also==
 
 * https://bitcointalk.org/index.php?topic=46538
-* The [[BIP 0013|Address format for Pay to Script Hash BIP]]
-* M-of-N Multisignature Transactions [[BIP 0011|BIP 11]]
+* The [[bip-0013.mediawiki|Address format for Pay to Script Hash BIP]]
+* M-of-N Multisignature Transactions [[bip-0011.mediawiki|BIP 11]]
+* [[bip-0016/qa.mediawiki|Quality Assurance test checklist]]
 
+== References ==
+<references>
diff --git a/bip-0016/qa.mediawiki b/bip-0016/qa.mediawiki
new file mode 100644
index 00000000..6a8a08dc
--- /dev/null
+++ b/bip-0016/qa.mediawiki
@@ -0,0 +1,190 @@
+This page is a Quality Assurance test plan for [[BIP 16]].  If you see a test missing, please add it.
+If you can help test, please edit this page to sign-off on it.
+
+{| class="wikitable"
+|-
+! Done !! Test Procedure !! Tested by
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 0.6 on testnet and main net<br />
+Send coins using GUI, RCP sendtoaddress, and RCP sendmany commands<br />
+Result: coins sent in all cases
+| Gavin Andresen
+
+|- style="color:green;"
+| &#x2713;
+| Test multisig 1-of-1<br />
+Run 0.6 bitcoind, get a public key with: ./bitcoind -testnet validateaddress $(./bitcoind -testnet getnewaddress)<br />
+Generate a multisig 1-of-1 address: ./bitcoind addmultisigaddress 1 {public key from above}<br />
+Send-to-self some bitcoins using that address<br />
+Result: transaction is confirmed by network, displays properly in listtransactions.
+Result: balance is unaffected
+| Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
+
+
+|- style="color:green;"
+| &#x2713;
+| Test multisig 1-of-2<br />
+Run 0.6 bitcoind, get 2 new bitcoin addresses<br />
+Generate a multisig 1-of-2 address: ./bitcoind addmultisigaddress 1 {address1} {address2}<br />
+Send-to-self some bitcoins using that address<br />
+Result: transaction is confirmed by network, displays properly in listtransactions.
+Result: bitcoin balance is unaffected.
+| Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
+
+
+|- style="color:green;"
+| &#x2713;
+| Test multisig 1-of-3, 2-of-3, 3-of-3<br />
+Repeat test procedures above, with the other new multisignature transaction types
+| Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
+
+|- style="color:green;"
+| &#x2713;
+| Test multisig send-to-other<br />
+Repeat test procedures above, but use two bitcoinds, prepared as follows:<br />
+bitcoind 1 : Run getnewaddress and addmultisigaddress<br />
+bitcoind 2 : Just addmultisigaddress<br />
+Send coins from 2 to 1 using the address<br />
+Result: transaction is accepted/confirmed by network<br />
+Result: balance for 2 goes down, listtransactions for 2 displays correct result<br />
+Result: balance for 1 goes up, listtransactions for 1 displays correct result<br />
+| Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
+
+
+|- style="color:green;"
+| &#x2713;
+| Test redeeming multisignature transactions<br />
+Fund a new, empty wallet entirely with multisig transactions<br />
+Wait for transactions to confirm<br />
+Use sendtoaddress and sendmany to generate spend-from-multisig transactions<br />
+Spend to both single-address and multisig address, and test send-to-other and send-to-self<br />
+Result: transactions are accepted/confirmed by network<br />
+Result: balance decreases, listtransactions displays correct information<br />
+| Gavin Andresen; see transactions in [http://blockexplorer.com/testnet/block/000000001bdceba3936f2ea6a55311ac7b6030e327f1960e892620fcde6abf5f testnet block 44989]
+
+
+|- style="color:green;"
+| &#x2713;
+| Run 0.6 Bitcoin-Qt GUI on one of the test wallets from above<br />
+Result: balance and transactions displayed correctly
+| Gavin Andresen
+
+|- style="color:orange;"
+| &#x2713;
+| Run BIP-16-capable backport Bitcoin 0.3.19 through 0.5.1 on testnet and main net<br />
+Send coins using GUI, RCP sendtoaddress, and RCP sendmany commands<br />
+Result: coins sent in all cases
+| Gavin Andresen (tested 0.3.19, 0.3.24 and 0.5.1)
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
+Mine coins using built-in miner<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
+Mine coins using getwork interface<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen
+
+|- style="color:green;"
+|
+| Run BIP-16-capable Bitcoin 0.6.0 on testnet<br />
+Mine coins using getmemorypool interface<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gregory Maxwell; Using p2pool see [https://blockexplorer.com/testnet/rawblock/00000000040367fcb750b6f064db6955b6c7c6218fb625e3dfed6b5c19c97107 testnet block 45400] (and many others, also tested on mainnet) 
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 0.3.19 through 0.5.1 backports on testnet<br />
+Mine coins using built-in miner<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen (tested all on a testnet-in-a-box)
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
+Mine coins using getwork interface<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen (tested all on a testnet-in-a-box)
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 0.3.19 through 0.5.1 backports on testnet<br />
+Mine coins using built-in miner<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen (tested all on a testnet-in-a-box)
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
+Mine coins using getwork interface<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| Gavin Andresen (tested all on a testnet-in-a-box)
+|- style="color:red;"
+
+|- style="color:red;"
+|
+| Run BIP-16-capable Bitcoin 3.19 through 0.5.1 backports on testnet<br />
+Mine coins using getmemorypool interface<br />
+Result: blocks accepted, show up on blockexplorer.com/testnet<br />
+Result: mined blocks' coinbase contains /P2SH/ string
+| 
+
+|- style="color:green;"
+| &#x2713;
+| Create/run unit tests for:<br />
+multisignature signing/verification<br />
+multisignature invalid signature failure<br />
+multisignature IsStandard() success/failure<br />
+extraction of addresses from multisignature transactions<br />
+BIP 16 IsStandard() success/failure (including failure with OP_PUSHDATA1/2/4)<br />
+BIP 16 AreInputsStandard() success/failure<br />
+BIP 16 compatibility with other 3 standard transaction types<br />
+BIP 16 no-recursion test<br />
+BIP 16 switchover date logic<br />
+OP_CHECKMULTISIG counting of signature operations inside BIP 16 transactions<br />
+| Gavin Andresen (see test/multisig_tests.cpp, test/script_tests.cpp, test/script_P2SH_tests.cpp, test/sigopcount_tests.cpp in the bitcoin source tree; 'make test_bitcoin' in src/ directory to compile)
+
+|- style="color:green;"
+| &#x2713;
+| Create/run 'transaction fuzzer' to stress-test BIP 16 transactions
+| Gavin Andresen (https://github.com/gavinandresen/bitcoin-git/tree/fuzzer , run twice on both testnet-in-a-box and testnet with 100,000 'fuzzed' transactions each test run) Valid fuzzed transactions appeared in (for example) [http://blockexplorer.com/testnet/block/000000001587c859649cea954e921ba4efd77707fb327dd53e122fd7b89636c4 testnet block 44987]
+
+|- style="color:green;"
+| &#x2713;
+| Run Bitcoin 0.6 on main net <br />
+Result: blocks created properly
+Result: blocks include /P2SH/ string in their coinbase
+| various mining pools
+
+|- style="color:green;"
+| &#x2713;
+| Run BIP 16 vinced_mergedmine backport on main net <br />
+Result: blocks created properly
+Result: blocks include /P2SH/ string in their coinbase
+| (Gavin for slush: after bug fixes, running with no issues)<br />
+
+|- style="color:green;"
+| &#x2713;
+| Test chain-split handling on testnet-in-a-box <br />
+Create two valid hash, invalid signature transactions in two blocks separated in time on a testnet-in-a-box chain<br />
+Run a bitcoind to synchronize with the chain, with -paytoscripthashtime set in between the two blocks<br/>
+Result: first transaction/block accepted, second causes a chain split<br/>
+Re-run bitcoind with -paytoscripthashtime in the future<br/>
+Result: entire chain accepted
+| Gavin Andresen: testnet-in-a-box files at: http://www.skypaint.com/bitcoin/bip16chain.tar.gz first half-valid BIP16 transaction at block 2431 (time 1328202835) second at block 2436 (time 1328204241)<br />
+
+|}
diff --git a/bip-0017.md b/bip-0017.mediawiki
similarity index 94%
rename from bip-0017.md
rename to bip-0017.mediawiki
index 0cd5d708..07dca967 100644
--- a/bip-0017.md
+++ b/bip-0017.mediawiki
@@ -2,9 +2,9 @@
   BIP: 17
   Title: OP_CHECKHASHVERIFY (CHV)
   Author: Luke Dashjr <luke+bip17@dashjr.org>
-  Status: Withdrawn
-  Type: Standards Track
-  Created: 18-01-2012
+  Status: Draft
+  Type: Withdrawn
+  Created: 2012-01-18
 </pre>
 
 ==Abstract==
@@ -26,7 +26,7 @@ OP_CHECKHASHVERIFY will re-define the existing OP_NOP2 opcode, and will function
 * If the hashes match, do nothing, proceed as if an OP_NOP; if they do not match, the script fails immediately.
 * Note that in the case of a matched hash, the top stack item (the hash being compared with) is <u>not</u> popped off the stack. This is for backward compatibility.
 
-This opcode reassignment shall be applied when validating transactions in blocks only with timestamps after February 20, 2012 (see the Backwards Compatibility section for details).
+This opcode reassignment shall be applied when validating transactions in blocks only with timestamps after February 23, 2012 (see the Backwards Compatibility section for details).
 
 A new standard transaction type that is relayed and included in mined blocks is defined:
 
@@ -82,7 +82,7 @@ To gracefully upgrade and ensure no long-lasting block-chain split occurs, more
 
 To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "p2sh/CHV" in the input of the coinbase transaction for blocks that they create.
 
-On February 3, 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If at least 60% contain "p2sh/CHV" in their coinbase, then all blocks with timestamps after 18 Feb 2012, 00:00:00 GMT shall have their pay-to-script-hash transactions validated.
+On February 8, 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If at least 60% contain "p2sh/CHV" in their coinbase, then all blocks with timestamps after 23 Feb 2012, 00:00:00 GMT shall have their pay-to-script-hash transactions validated.
 
 If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
 
@@ -96,7 +96,6 @@ OP_NOP2 is used, so existing OP_EVAL (BIP 12) transactions in the block chain ca
 
 ==See Also==
 
-* The [[BIP 0013|Address format for Pay to Script Hash BIP]]
-* [[BIP 0011|M-of-N Multisignature Transactions (BIP 11)]]
+* The [[bip-0013.mediawiki|Address format for Pay to Script Hash BIP]]
+* [[bip-0011.mediawiki|M-of-N Multisignature Transactions (BIP 11)]]
 * Example BIP 17 transaction chain: [http://blockexplorer.com/tx/b8fd633e7713a43d5ac87266adc78444669b987a56b3a65fb92d58c2c4b0e84d a] [http://blockexplorer.com/tx/eb3b82c0884e3efa6d8b0be55b4915eb20be124c9766245bcc7f34fdac32bccb b] [http://blockexplorer.com/tx/055707ce7fea7b9776fdc70413f65ceec413d46344424ab01acd5138767db137 c] [http://blockexplorer.com/tx/6d36bc17e947ce00bb6f12f8e7a56a1585c5a36188ffa2b05e10b4743273a74b d]
-
diff --git a/bip-0018.mediawiki b/bip-0018.mediawiki
new file mode 100644
index 00000000..023b2bfb
--- /dev/null
+++ b/bip-0018.mediawiki
@@ -0,0 +1,126 @@
+<pre>
+  BIP: 18
+  Title: hashScriptCheck
+  Author: Luke Dashjr <luke+bip17@dashjr.org>
+  Status: Draft
+  Type: Standards Track
+  Created: 2012-01-27
+</pre>
+
+==Abstract==
+
+This BIP modifies the basic format of transaction inputs and outputs, replacing the current scriptSig and scriptPubKey (scripts executed to validate a transaction) with new contents: dataSig, scriptCheck, and hashScriptCheck.
+
+==Motivation==
+
+The purpose of pay-to-script-hash is to move the responsibility for supplying the conditions to redeem a transaction from the sender of the funds to the redeemer.
+
+The benefit is allowing a sender to fund any arbitrary transaction, no matter how complicated, using a fixed-length 20-byte hash that is short enough to scan from a QR code or easily copied and pasted.
+
+==Specification==
+
+scriptSig and scriptPubKey are hereby deemed to be deprecated.
+Bitcoin-compatible clients MUST still continue to support them for compatibility, but it should not be used for any new transaction types.
+Services and people which send Bitcoins SHOULD continue to support old pubkey-based addresses for the time being.
+Services and people which receive Bitcoins MAY continue to generate and use old pubkey-based addresses.
+
+To replace these, there are 3 new elements:
+* dataSig is included in place of scriptSig in transaction inputs, and contains multiple serialized data elements
+* scriptCheck is the final element of dataSig, and is executed with the preceding dataSig elements preloaded onto the stack (the element immediately before scriptCheck is the top of the stack)
+* hashScriptCheck is included in place of scriptPubKey in transaction outputs, to specify the hash of the scriptCheck allowed to redeem it
+
+dataSig is to be encoded the same as a push-only script.
+
+hashScriptCheck must be encoded exactly so:
+
+    0xa9 0x14 (20-byte-hash-value) 0x87
+
+This can be interpreted by legacy (pre-BIP 18) clients as the following script:
+
+    OP_HASH160 [20-byte-hash-value] OP_EQUAL
+
+If this template is not matched exactly OR the transaction is in a block with a timestamp before the hashScriptCheck activation date, validation MUST proceed in backward-compatibility mode, using scriptSig+scriptPubKey rather than dataSig+scriptCheck+hashScriptCheck.
+
+A hashScriptCheck-compliant input is valid only if:
+* dataSig MUST NOT contain any operations other than "push data" (it is data, not a script; no mixing scriptSig with hashScriptCheck)
+* scriptCheck MUST hash (using Bitcoin's Hash160 algorithm) to the output's hashScriptCheck.
+* scriptCheck MUST be executed with the dataSig-based stack specified above (ie, not including scriptCheck itself) to perform validation (this does not imply clients are required to validate transactions).
+* scriptCheck must not abort, and must leave a true value on the top of the stack. This is the current behaviour for scriptSig+scriptPubKey.
+
+The new scriptCheck SHOULD be checked against "standard transaction" templates by miners.
+
+For example, the hashScriptCheck and corresponding dataSig for a one-signature-required transaction is:
+
+    scriptCheck: [pubkey] OP_CHECKSIG
+    dataSig: [signature] {[pubkey] OP_CHECKSIG}
+    hashScriptCheck: [20-byte-hash of {[pubkey] OP_CHECKSIG}]
+
+===Signature operation limits for scriptCheck===
+
+Signature operations in scriptCheck do not follow the same rules previously applied to scriptSig and scriptPubKey.
+Instead, they shall contribute to the maximum number allowed per block (20,000) as follows:
+
+# OP_CHECKSIG and OP_CHECKSIGVERIFY count as 1 signature operation, whether or not they are evaluated.
+# OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY immediately preceded by OP_1 through OP_16 are counted as 1 to 16 signature operation, whether or not they are evaluated.
+# All other OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY are counted as 20 signature operations.
+
+Examples:
+
++3 signature operations:
+    2 [pubkey1] [pubkey2] [pubkey3] 3 OP_CHECKMULTISIG
+
++22 signature operations
+    OP_CHECKSIG OP_IF OP_CHECKSIGVERIFY OP_ELSE OP_CHECKMULTISIGVERIFY OP_ENDIF
+
+==Rationale==
+
+This BIP replaces BIPs 12 and 17, which propose extensions to the Script system to allow scriptPubKey to outsource its verification.
+It also replaces BIP 16, which is identical in terms of protocol, but suggests a specific implementation and does not deprecate scriptPubKey to maintain protocol consistency.
+
+The Motivation for this BIP (and BIP 13, the pay-to-script-hash address type) is somewhat controversial; several people feel that it is unnecessary, and complex/multisignature transaction types should be supported by simply giving the sender the complete {serialized script}. The author believes that this BIP will minimize the changes needed to all of the supporting infrastructure that has already been created to send funds to a base58-encoded-20-byte bitcoin addresses, allowing merchants and exchanges and other software to start supporting multisignature transactions sooner.
+
+The signature operation counting rules are intended to be easy and quick to implement by statically scanning scriptCheck.
+Bitcoin imposes a maximum-number-of-signature-operations per block to prevent denial-of-service attacks on miners.
+If there was no limit, a rogue miner might broadcast a block that required hundreds of thousands of ECDSA signature operations to validate, and it might be able to get a head start computing the next block while the rest of the network worked to validate the current one.
+
+There is a 1-confirmation attack on old implementations, but it is expensive and difficult in practice. The attack is:
+
+# Attacker creates a pay-to-script-hash transaction that is valid when interpreted as scriptPubKey, but contains an invalid scriptCheck, and sends themselves some coins using it.
+# Attacker also creates a standard transaction that spends the pay-to-script transaction, and pays the victim who is running old software.
+# Attacker mines a block that contains both transactions.
+
+If the victim accepts the 1-confirmation payment, then the attacker wins because both transactions will be invalidated when the rest of the network overwrites the attacker's invalid block.
+
+The attack is expensive because it requires the attacker create a block that they know will be invalidated by the rest of the network. It is difficult because creating blocks is difficult and users should not accept 1-confirmation transactions for higher-value transactions.
+
+==Backwards Compatibility==
+
+hashScriptCheck transactions are non-standard to old implementations, which will (typically) not relay them nor include them in blocks.
+
+Old implementations will validate that scriptCheck's hash value matches when they validate blocks created by software that fully support this BIP, but will do no other validation.
+
+Avoiding a block-chain split by malicious pay-to-script transactions requires careful handling of one case:
+
+* A pay-to-script-hash transaction that is invalid for new clients/miners but valid for old clients/miners.
+
+To gracefully upgrade and ensure no long-lasting block-chain split occurs, more than 50% of miners must support full validation of the new transaction type and must switch from the old validation rules to the new rules at the same time.
+
+To judge whether or not more than 50% of hashing power supports this BIP, miners are asked to upgrade their software and put the string "/P2SH/" in the input of the coinbase transaction for blocks that they create.
+
+At 00:00:00 UTC on 15 Mar 2012, the block-chain will be examined to determine the number of blocks supporting pay-to-script-hash for the previous 7 days. If 550 or more contain "/P2SH/" in their coinbase, then all blocks with timestamps after 00:00:00 UTC on 1 Apr 2012 shall have their pay-to-script-hash transactions fully validated. Approximately 1,000 blocks are created in a week; 550 should, therefore, be approximately 55% of the network supporting the new feature.
+
+If a majority of hashing power does not support the new validation rules, then rollout will be postponed (or rejected if it becomes clear that a majority will never be achieved).
+
+==Forwards Compatibility ==
+The first two bytes of hashScriptCheck specify the hash algorithm and length used to verify scriptCheck.
+This BIP only allows Bitcoin's Hash160 algorithm, but leaves open the possibility of a future BIP implementing others.
+
+==Reference Implementation==
+
+https://github.com/gavinandresen/bitcoin-git/tree/pay_to_script_hash
+
+==See Also==
+
+* The [[bip-0013.mediawiki|Address format for Pay to Script Hash BIP]]
+* [[bip-0016.mediawiki|BIP 16 - Pay to Script Hash (aka "/P2SH/")]]
+* M-of-N Multisignature Transactions [[bip-0011.mediawiki|BIP 11]]
diff --git a/bip-0019.md b/bip-0019.mediawiki
similarity index 97%
rename from bip-0019.md
rename to bip-0019.mediawiki
index b17175ec..7784e084 100644
--- a/bip-0019.md
+++ b/bip-0019.mediawiki
@@ -4,7 +4,7 @@
   Author: Luke Dashjr <luke+bip17@dashjr.org>
   Status: Draft
   Type: Standards Track
-  Created: 30-01-2012
+  Created: 2012-01-30
 </pre>
 
 ==Abstract==
@@ -58,13 +58,10 @@ scriptSig:
 ==Rationale==
 
 OP_CHECKMULTISIG is already an enabled opcode, and is the most straightforward way to support several important use cases.
-This is already specified in [[BIP 0011]].
+This is already specified in [[bip-0011.mediawiki|BIP 0011]].
 However, each OP_CHECKMULTISIG counts toward the block limit as 20 sigops, which only allows 1000 total multisig transactions in a block.
 Using OP_CHECKSIG only counts as 1 per signature, so can scale better.
 
 ==Implementation==
 
 All used operations are already supported by old clients and miners as a non-standard transaction type.
-
-[[Category:BIP|C]]
-
diff --git a/bip-0020.md b/bip-0020.mediawiki
similarity index 93%
rename from bip-0020.md
rename to bip-0020.mediawiki
index a96d8d03..fad634b7 100644
--- a/bip-0020.md
+++ b/bip-0020.mediawiki
@@ -2,12 +2,12 @@
   BIP: 20
   Title: URI Scheme
   Author: Luke Dashjr <luke+bip@dashjr.org>
-  Status: Rejected
+  Status: Replaced
   Type: Standards Track
-  Created: 10-01-2011
+  Created: 2011-01-10
 </pre>
 
-BIP 0020 is based off an earlier document by Nils Schneider.
+BIP 0020 is based off an earlier document by Nils Schneider. '''And has been replaced by BIP 0021'''
 
 ==Abstract==
 This BIP proposes a URI scheme for making Bitcoin payments.
@@ -55,7 +55,7 @@ Graphical bitcoin clients SHOULD register themselves as the handler for the "bit
 ==== Transfer amount/size ====
 
 If an amount is provided, it may be specified either in decimal or, when prefixed with a single "x" character, hexadecimal.
-The number SHOULD be followed by "X" <digits> to signify an exponent to the base multiplier.
+The number SHOULD be followed by "X" &lt;digits&gt; to signify an exponent to the base multiplier.
 Thus, "X8" multiplies your number by 100,000,000.
 For decimal values, this means the standard BTC unit.
 For hexadecimal values, this means ᵇTBC units (which are equivalent to 42.94967296 BTC).
@@ -92,9 +92,11 @@ Make it possible for later generations to improve our work, to mend our errors,
 This section is non-normative and does not cover all possible syntax.
 Please see the [[#BNF grammar|BNF grammar]] above for the normative syntax.
 
-[foo] means optional, <bar> are placeholders
+[foo] means optional, &lt;bar&gt; are placeholders
 
+<pre>
  bitcoin:<address>[;version=1.0][?amount=<amount>][?label=<label>][?message=<message>][?send=<private key>]
+</pre>
 
 === Examples ===
 
@@ -127,15 +129,21 @@ Characters must be URI encoded properly.
 ===Sending money via private key===
 To send a payment to someone else first construct a new keypair. You may want to use a [[mini private key format]], or you may also use a full private key for more security depending on the amount being sent and how long you expect to pass before a claim. Now create and publish a transaction with an output of the amount you wish to send. Use this script in that output:
 
+<pre>
  <pubkey> OP_CHECKSIG
+</pre>
 
 Construct an address from the public key. Encode the URI as below:
 
+<pre>
  bitcoin:<address>?send=<base 58 encoded private key>
+</pre>
 
-You may optionally include amount or message fields as well. In a wallet to claim money sent this way search for an incoming transaction with the output script form above, where <address> matches the public key in the script. When you find the transaction create a claim transaction with an input script of this form:
+You may optionally include amount or message fields as well. In a wallet to claim money sent this way search for an incoming transaction with the output script form above, where &lt;address&gt; matches the public key in the script. When you find the transaction create a claim transaction with an input script of this form:
 
+<pre>
  <sig>
+</pre>
 
 This claims the money you were sent. Until your claim transaction has confirmed the sender may take their money back.
 
@@ -145,6 +153,7 @@ This claims the money you were sent. Until your claim transaction has confirmed
 
 === Parsing amount ===
 ==== ECMAScript ====
+<pre>
  reAmount = /^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$/i;
  function parseAmount(txt) {
     var m = txt.match(reAmount);
@@ -161,8 +170,10 @@ This claims the money you were sent. Until your claim transaction has confirmed
             (m[4] ? Math.pow(10, m[4]) : 1e8)
     );
  }
+</pre>
 
 ==== Python ====
+<pre>
  m = re.match(r'^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$', amount, re.IGNORECASE)
  if m.group(5):
      amount = float(int(m.group(5), 16))
@@ -178,8 +189,10 @@ This claims the money you were sent. Until your claim transaction has confirmed
          amount *= 10 ** int(m.group(4))
      else:
          amount *= 100000000
+</pre>
 
 ==== C# ====
+<pre>
  Regex amountExpression = new Regex(@"^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$", RegexOptions.IgnoreCase);
  Match match = amountExpression.Match(value);
  if (match.Success)
@@ -189,11 +202,11 @@ This claims the money you were sent. Until your claim transaction has confirmed
          long hexDecimal = 0;
          if (match.Groups[7].Success)
              hexDecimal = Convert.ToInt64(match.Groups[7].Value, 16) * (long)Math.Pow(16, -match.Groups[7].Length);
- 
+
          long hexExponent = 0x10000;
          if (match.Groups[9].Success)
              hexExponent = (long)Math.Pow(16, Convert.ToInt32(match.Groups[9].Value, 16));
- 
+
          Amount = (Convert.ToInt64(match.Groups[5].Value, 16) + hexDecimal) * hexExponent;
      }
      else
@@ -204,8 +217,4 @@ This claims the money you were sent. Until your claim transaction has confirmed
          Amount = (long)(decimal.Parse(match.Groups[2].Value) * decimalExponent);
      }
  }
-
-[[Category:Developer]]
-[[Category:Technical]]
-[[Category:BIP|D]]
-
+</pre>
diff --git a/bip-0021.md b/bip-0021.mediawiki
similarity index 72%
rename from bip-0021.md
rename to bip-0021.mediawiki
index fa77e4b5..00d9a537 100644
--- a/bip-0021.md
+++ b/bip-0021.mediawiki
@@ -5,10 +5,10 @@
           Matt Corallo <bip21@bluematt.me>
   Status: Accepted
   Type: Standards Track
-  Created: 29-01-2012
+  Created: 2012-01-29
 </pre>
 
-This BIP is a modification of an earlier [[BIP 0020]] by Luke Dashjr. BIP 0020 was based off an earlier document by Nils Schneider. The alternative payment amounts in BIP 0020 have been removed.
+This BIP is a modification of an earlier [[bip-0020.mediawiki|BIP 0020]] by Luke Dashjr. BIP 0020 was based off an earlier document by Nils Schneider. The alternative payment amounts in BIP 0020 have been removed.
 
 ==Abstract==
 This BIP proposes a URI scheme for making Bitcoin payments.
@@ -26,20 +26,29 @@ They SHOULD require the user to manually approve each payment individually, thou
 === Operating system integration ===
 Graphical bitcoin clients SHOULD register themselves as the handler for the "bitcoin:" URI scheme by default, if no other handler is already registered. If there is already a registered handler, they MAY prompt the user to change it once when they first run the client.
 
-=== BNF grammar ===
+=== General Format ===
+
+Bitcoin URIs follow the general format for URIs as set forth in RFC 3986. The path component consists of a bitcoin address, and the query component provides additional payment options.
+
+Elements of the query component may contain characters outside the valid range. These must first be encoded according to UTF-8, and then each octet of the corresponding UTF-8 sequence must be percent-encoded as described in RFC 3986.
+
+=== ABNF grammar ===
 
 (See also [[#Simpler syntax|a simpler representation of syntax]])
 
  bitcoinurn     = "bitcoin:" bitcoinaddress [ "?" bitcoinparams ]
- bitcoinaddress = base58 *base58
- bitcoinparams  = *bitcoinparam
- standardparam  = amountparam | labelparam | messageparam | otherparam
- bitcoinparam   = standardparam | reqparam
+ bitcoinaddress = *base58
+ bitcoinparams  = bitcoinparam [ "&" bitcoinparams ]
+ bitcoinparam   = [ amountparam / labelparam / messageparam / otherparam / reqparam ]
  amountparam    = "amount=" *digit [ "." *digit ]
- labelparam     = "label=" *pchar
- messageparam   = "message=" *pchar
- otherparam     = pchar *pchar "=" *pchar
- reqparam       = "req-" standardparam
+ labelparam     = "label=" *qchar
+ messageparam   = "message=" *qchar
+ otherparam     = qchar *qchar [ "=" *qchar ]
+ reqparam       = "req-" qchar *qchar [ "=" *qchar ]
+
+Here, "qchar" corresponds to valid characters of an RFC 3986 URI query component, excluding the "=" and "&" characters, which this BIP takes as separators.
+
+The scheme component ("bitcoin:") is case-insensitive, and implementations must accept any combination of uppercase and lowercase letters. The rest of the URI is case-sensitive, including the query parameter keys.
 
 === Query Keys ===
 
@@ -71,7 +80,7 @@ Other proposed names sound much more cryptic; the chance that someone googles th
 Also, very likely, what he will find are mostly technical specifications - not the best introduction to bitcoin.
 
 ==Forward compatibility==
-Variables which are prefixed with a req- are considered required.  If a client does not implement any variables which are prefixed with req-, it MUST consider the entire URI invalid.  Any other variables which are not implemented, but which are not prefixed with a req-, can be safely ignored.  
+Variables which are prefixed with a req- are considered required.  If a client does not implement any variables which are prefixed with req-, it MUST consider the entire URI invalid.  Any other variables which are not implemented, but which are not prefixed with a req-, can be safely ignored.
 
 ==Backward compatibility==
 As this BIP is written, several clients already implement a bitcoin: URI scheme similar to this one, however usually without the additional "req-" prefix requirement.  Thus, it is recommended that additional variables prefixed with req- not be used in a mission-critical way until a grace period of 6 months from the finalization of this BIP has passed in order to allow client developers to release new versions, and users of old clients to upgrade.
@@ -81,11 +90,11 @@ As this BIP is written, several clients already implement a bitcoin: URI scheme
 === Simpler syntax ===
 
 This section is non-normative and does not cover all possible syntax.
-Please see the [[#BNF grammar|BNF grammar]] above for the normative syntax.
+Please see the BNF grammar above for the normative syntax.
 
-[foo] means optional, <bar> are placeholders
+[foo] means optional, &lt;bar&gt; are placeholders
 
- bitcoin:<address>[?amount=<amount>][?label=<label>][?message=<message>]
+ <nowiki>bitcoin:<address>[?amount=<amount>][?label=<label>][?message=<message>]</nowiki>
 
 === Examples ===
 
@@ -111,9 +120,5 @@ Characters must be URI encoded properly.
 
 == Reference Implementations ==
 === Bitcoin clients ===
-* [[Bitcoin-Qt]] supports the old version of Bitcoin URIs (ie without the req- prefix), with Windows and KDE integration as of commit 70f55355e29c8e45b607e782c5d76609d23cc858.
-
-[[Category:Developer]]
-[[Category:Technical]]
-[[Category:BIP|D]]
+* Bitcoin-Qt supports the old version of Bitcoin URIs (ie without the req- prefix), with Windows and KDE integration as of commit 70f55355e29c8e45b607e782c5d76609d23cc858.
 
diff --git a/bip-0022.md b/bip-0022.md
deleted file mode 100644
index f03f486d..00000000
--- a/bip-0022.md
+++ /dev/null
@@ -1,206 +0,0 @@
-<pre>
-  BIP: 22
-  Title: getmemorypool
-  Author: Luke Dashjr <luke+bip22@dashjr.org>
-  Status: Accepted
-  Type: Standards Track
-  Created: 28-02-2012
-</pre>
-
-==Abstract==
-
-This BIP describes a new JSON-RPC method for "smart" Bitcoin miners and proxies.
-Instead of sending a simple block header for hashing, the entire block structure is sent, and left to the miner to (optionally) customize and assemble.
-
-==Specification==
-
-===JSON-RPC Method: getmemorypool===
-
-A new JSON-RPC method is defined, called "getmemorypool".
-It takes no arguments.
-If arguments are provided, it may wrap the "submitblock" JSON-RPC method (described later), cast to a Boolean return value (true = share accepted).
-
-getmemorypool MUST return a JSON Object containing at least the following keys, all of which relate to the block header:
-{| class="wikitable"
-! Key !! Required !! Type !! Description
-|-
-| bits || {{Yes}} || String || the compressed difficulty in hexadecimal
-|-
-| curtime || {{Yes}} || Number || the current time as seen by the server (recommended for block time)
-|-
-| height || {{Yes|Should}} || Number || the height of the block we are looking for
-|-
-| previousblockhash || {{Yes}} || String || the hash of the previous block, in big-endian converted to hexadecimal
-|-
-| transactions || {{Yes|Should}} || Array of Strings || Bitcoin transactions encoded in hexadecimal (byte-for-byte), not including coinbase
-|-
-| version || {{Yes}} || Number || always 1 (at least for bitcoin)
-|-
-| coinbasetxn || {{Patch|or ↓}} || String || hexadecimal byte-for-byte coinbase transaction
-|-
-| coinbasevalue || {{Patch|or ↑}} || Number || total funds available for the coinbase
-|-
-| coinbaseaux || {{No}} || Object || data that SHOULD or MUST (depending on mutable flags) be included in the coinbase's scriptSig content. Only the values (hexadecimal byte-for-byte) in this Object should be included, not the keys.
-|-
-| expires || {{No}} || Number || how many seconds (beginning from when the server sent the response) this work is valid for, at most
-|-
-| fulltarget || {{No}} || String || the number which full results should be less than, in big-endian hexadecimal (see [[#Mutations|"share/*" mutations]])
-|-
-| longpoll || {{No}} || String || URI for [[#Long Polling|long polling]]
-|-
-| maxtime || {{No}} || Number || the maximum time allowed
-|-
-| maxtimeoff || {{No}} || Number || the maximum time allowed (as a moving offset from "curtime" - every second, the actual maxtime is incremented by 1; for example, "maxtimeoff":0 means "time" may be incremented by 1 every second)
-|-
-| mintime || {{No}} || Number || the minimum time allowed
-|-
-| mintimeoff || {{No}} || Number || the minimum time allowed (as a moving offset from "curtime")
-|-
-| mutable || {{No}} || Array of Strings || different manipulations that the server explicitly allows to be made (see [[#Mutations|Mutations]])
-|-
-| noncerange || {{No}} || String || two 32-bit integers, concatenated in big-endian hexadecimal, which represent the valid ranges of nonces the miner may scan
-|-
-| submitold || {{No}} || Boolean || only relevant for [[#Long Polling|long poll]] responses; indicates if work received prior to this response remains potentially valid (default) and should have its shares submitted; if false, the miner may wish to discard its share queue
-|-
-| target || {{No}} || String || the number which valid results must be less than, in big-endian hexadecimal
-|-
-| txrequired || {{No}} || Number || this many of the first transactions provided must be present in the final block, even if the "transactions/remove" mutation is allowed
-|-
-| workid || {{No}} || String or Number || if provided, this value must be returned with results (see [[#JSON-RPC Method: submitblock|"submitblock"]])
-|}
-
-====Mutations====
-
-Any of these may be listed in the "mutable" key to signify modifications the miner is allowed to make:
-
-{| class="wikitable"
-! Value !! Significance
-|-
-| coinbase/append
-| append the provided coinbase scriptSig
-|-
-| coinbase
-| provide their own coinbase; if one is provided, it may be replaced or modified (implied if "coinbasetxn" omitted)
-|-
-| generation
-| add or remove outputs from the coinbase/generation transaction (implied if "coinbasetxn" omitted)
-|-
-| share/coinbase
-| if the block hash is less than "target", but not less than "fulltarget", only return the block header and coinbase transaction, but only if the other transactions are unmodified from those proposed in the getmemorypool job
-|-
-| share/merkle
-| if the block hash is less than "target", but not less than "fulltarget", only return the block header, coinbase transaction, and merkle tree connecting that transaction to the root (in the form of repeated right-side SHA256 hashes) in "submitblock"
-|-
-| share/truncate
-| if the block hash is less than "target", but not less than "fulltarget", only return the block header in "submitblock"
-|-
-| time/increment
-| change the time header to a value after "time" (implied if "maxtime" or "maxtimeoff" are provided)
-|-
-| time/decrement
-| change the time header to a value before "time" (implied if "mintime" is provided)
-|-
-| time
-| modify the time header of the block
-|-
-| transactions/add
-| add other valid transactions to the block
-|-
-| transactions/remove
-| remove transactions provided by the server
-|-
-| transactions
-| add or remove transactions (both of the above; implied if "transactions" omitted from result)
-|-
-| prevblock
-| use the work with other previous-blocks; this implicitly allows removing transactions that are no longer valid, unless they are part of the "txrequired" count; it also implies adjusting "height" as necessary
-|}
-
-Note that miners are NOT required to implement any of these mutations.
-
-==== Long Polling ====
-If the server supports long polling, it SHOULD include the "longpoll" key with a relative or absolute URI.
-The absolute URI MAY specify a different port than the original connection.
-Miners MAY start a request to this long polling URI with a standard JSON-RPC request (POST with data) and same basic authorization.
-This request SHOULD NOT be processed nor answered by the server until it wishes to replace the current block data.
-Clients SHOULD make this request with a very long request timeout and MUST accept the server sending response headers with "chunked" Transfer-Encoding delaying the completion of the final JSON response.
-
-Upon receiving a completed response:
-* Only if "submitold" is provided and false, the client MAY discard the results of past operations and MUST begin working on the new work immediately.
-* The client SHOULD begin working on the new work received as soon as possible, if not immediately.
-* The client SHOULD make a new request to the same long polling URI.
-
-If a client receives an incomplete or invalid response, it SHOULD retry the request with an exponential backoff.
-Clients MAY implement this backoff with limitations (such as maximum backoff time) or any algorithm as deemed suitable.
-It is however forbidden to simply retry immediately with no delay after more than one failure.
-In the case of a "Forbidden" response (for example, HTTP 403), a client SHOULD NOT attempt to retry without user intervention.
-
-===JSON-RPC Method: submitblock===
-A new JSON-RPC method is defined, called "submitblock".
-It takes one to two arguments.
-The first argument is the block data; this may be truncated or merkle-ified depending on the "share/truncate" or "share/merkle" mutations, respectively.
-The second argument, if provided, is an Object.
-The only defined key of this Object is the "workid" provided by the server:
-if a "workid" was specified, it must be submitted with the share/block.
-
-This method MUST return either null (when a share is accepted), a String describing briefly the reason the share was rejected, or an Object of these with a key for each merged-mining chain the share was submitted to.
-
-Possible reasons a share may be rejected include, but are not limited to:
-{| class="wikitable"
-! Reason !! Description
-|-
-| bad-cb-flag || the server detected a feature-signifying flag that it does not allow
-|-
-| bad-cb-length || the coinbase was too long (bitcoin limit is 100 bytes)
-|-
-| bad-cb-prefix || the server only allows appending to the coinbase, but it was modified beyond that
-|-
-| bad-diffbits || "bits" were changed
-|-
-| bad-prevblk || the previous-block is not the one the server intends to build on
-|-
-| bad-txnmrklroot || the block header's merkle root did not match the transaction merkle tree
-|-
-| bad-txns || the server didn't like something about the transactions in the block
-|-
-| bad-version || the version was wrong
-|-
-| duplicate || the server already processed this block data
-|-
-| high-hash || the block header did not hash to a value lower than the specified target
-|-
-| rejected || a generic rejection without details
-|-
-| stale-prevblk || the previous-block is no longer the one the server intends to build on
-|-
-| stale-work || the work this block was based on is no longer accepted
-|-
-| time-invalid || the time was not acceptable
-|-
-| time-too-new || the time was too far in the future
-|-
-| time-too-old || the time was too far in the past
-|-
-| unknown-user || the user submitting the block was not recognized
-|-
-| unknown-work || the template or workid could not be identified
-|}
-
-=== Known Bugs ===
-This BIP should not be promoted from Draft status until these are addressed:
-* Noncerange might not be possible to support for all workers, so a way to signal support is needed
-* Longpolling currently assumes URI-based requests, which is not implied by JSON-RPC.
-* ''(feel free to add issues here)''
-
-==Motivation==
-
-There is reasonable concerns about mining currently being too centralized on pools, and the amount of control these pools hold.
-By exposing the details of the block proposals to the miners, they are enabled to audit and possibly modify the block before hashing it.
-
-There is also a very minor load reduction on the pool server, since it does not need to calculate SHA256 for the block's merkle tree.
-
-==Reference Implementation==
-
-* [https://gitorious.org/bitcoin/eloipool Eloipool]
-* [http://luke.dashjr.org/programs/bitcoin/w/bitcoind/luke-jr.git/blobdiff/722d9387be4b267b689d7b7d78daeb7157bd12d8..gmp_bip:/src/bitcoinrpc.cpp bitcoind]
-
diff --git a/bip-0022.mediawiki b/bip-0022.mediawiki
new file mode 100644
index 00000000..ffb303bc
--- /dev/null
+++ b/bip-0022.mediawiki
@@ -0,0 +1,240 @@
+<pre>
+  BIP: 22
+  Title: getblocktemplate - Fundamentals
+  Author: Luke Dashjr <luke+bip22@dashjr.org>
+  Status: Accepted
+  Type: Standards Track
+  Created: 2012-02-28
+</pre>
+
+==Abstract==
+
+This BIP describes a new JSON-RPC method for "smart" Bitcoin miners and proxies.
+Instead of sending a simple block header for hashing, the entire block structure is sent, and left to the miner to (optionally) customize and assemble.
+
+==Specification==
+
+===Block Template Request===
+
+A JSON-RPC method is defined, called "getblocktemplate".
+It accepts exactly one argument, which MUST be an Object of request parameters.
+If the request parameters include a "mode" key, that is used to explicitly select between the default "template" request or a [[bip-0023.mediawiki#Block Proposal|"proposal"]].
+
+Block template creation can be influenced by various parameters:
+{| class="wikitable"
+!colspan=4|template request
+|-
+! Key !! Required !! Type !! Description
+|-
+| capabilities || {{No}} || Array of Strings || SHOULD contain a list of the following, to indicate client-side support: [[#Optional: Long Polling|"longpoll"]], "coinbasetxn", "coinbasevalue", [[bip-0023.mediawiki#Block Proposal|"proposal"]], [[bip-0023.mediawiki#Logical Services|"serverlist"]], "workid", and any of the [[bip-0023.mediawiki#Mutations|mutations]]
+|-
+| mode || {{No}} || String || MUST be "template" or omitted
+|}
+
+getblocktemplate MUST return a JSON Object containing the following keys:
+{| class="wikitable"
+!colspan=4| template
+|-
+! Key !! Required !! Type !! Description
+|-
+| bits || {{Yes}} || String || the compressed difficulty in hexadecimal
+|-
+| curtime || {{Yes}} || Number || the current time as seen by the server (recommended for block time) - note this is not necessarily the system clock, and must fall within the mintime/maxtime rules
+|-
+| height || {{Yes}} || Number || the height of the block we are looking for
+|-
+| previousblockhash || {{Yes}} || String || the hash of the previous block, in big-endian hexadecimal
+|-
+| sigoplimit || {{No}} || Number || number of sigops allowed in blocks
+|-
+| sizelimit || {{No}} || Number || number of bytes allowed in blocks
+|-
+| transactions || {{Yes|Should}} || Array of Objects || Objects containing [[#Transactions Object Format|information for Bitcoin transactions]] (excluding coinbase)
+|-
+| version || {{Yes}} || Number || always 1 or 2 (at least for bitcoin) - clients MUST understand the implications of the version they use (eg, comply with [[bip-0034.mediawiki|BIP 0034]] for version 2)
+|-
+| coinbaseaux || {{No}} || Object || data that SHOULD be included in the coinbase's scriptSig content. Only the values (hexadecimal byte-for-byte) in this Object should be included, not the keys. This does not include the block height, which is required to be included in the scriptSig by [[bip-0034.mediawiki|BIP 0034]]. It is advisable to encode values inside "PUSH" opcodes, so as to not inadvertantly expend SIGOPs (which are counted toward limits, despite not being executed).
+|-
+| coinbasetxn || {{Patch|this or ↓}} || Object || [[#Transactions Object Format|information for coinbase transaction]]
+|-
+| coinbasevalue || {{Patch|this or ↑}} || Number || total funds available for the coinbase (in Satoshis)
+|-
+| workid || {{No}} || String || if provided, this value must be returned with results (see [[#Block Submission|Block Submission]])
+|}
+
+==== Transactions Object Format ====
+
+The Objects listed in the response's "transactions" key contains these keys:
+
+{| class="wikitable"
+!colspan=3|template "transactions" element
+|-
+! Key !! Type !! Description
+|-
+| data || String || transaction data encoded in hexadecimal (byte-for-byte)
+|-
+| depends || Array of Numbers || other transactions before this one (by 1-based index in "transactions" list) that must be present in the final block if this one is; if key is not present, dependencies are unknown and clients MUST NOT assume there aren't any
+|-
+| fee || Number || difference in value between transaction inputs and outputs (in Satoshis); for coinbase transactions, this is a negative Number of the total collected block fees (ie, not including the block subsidy); if key is not present, fee is unknown and clients MUST NOT assume there isn't one
+|-
+| hash || String || hash/id encoded in little-endian hexadecimal
+|-
+| required || Boolean || if provided and true, this transaction must be in the final block
+|-
+| sigops || Number || total number of SigOps, as counted for purposes of block limits; if key is not present, sigop count is unknown and clients MUST NOT assume there aren't any
+|}
+
+Only the "data" key is required, but servers should provide the others if they are known.
+
+===Block Submission===
+
+A JSON-RPC method is defined, called "submitblock", to submit potential blocks (or shares).
+It accepts two arguments:
+the first is always a String of the hex-encoded block data to submit;
+the second is an Object of parameters, and is optional if parameters are not needed.
+
+{| class="wikitable"
+!colspan=3|submitblock parameters (2nd argument)
+|-
+! Key !! Type !! Description
+|-
+| workid || String || if the server provided a workid, it MUST be included with submissions
+|}
+
+This method MUST return either null (when a share is accepted), a String describing briefly the reason the share was rejected, or an Object of these with a key for each merged-mining chain the share was submitted to.
+
+===Optional: Long Polling===
+
+{| class="wikitable"
+! colspan="3" | template request
+|-
+! Key !! Type !! Description
+|-
+| capabilities || Array of Strings || miners which support long polling SHOULD provide a list including the String "longpoll"
+|-
+| longpollid || String || "longpollid" of job to monitor for expiration; required and valid only for long poll requests
+|}
+
+{| class="wikitable"
+! colspan="3" | template
+|-
+! Key !! Type !! Description
+|-
+| longpollid || String || identifier for long poll request; MUST be omitted if the server does not support long polling
+|-
+| longpolluri || String || if provided, an alternate URI to use for long poll requests
+|-
+| submitold || Boolean || only relevant for long poll responses: indicates if work received prior to this response remains potentially valid (default) and should have its shares submitted; if false, the miner may wish to discard its share queue
+|}
+
+If the server supports long polling, it MUST include a "longpollid" key in block templates, and it MUST be unique for each event:
+any given "longpollid" should check for only one condition and not be reused.
+For example, a server which has a long poll wakeup only for new blocks might use the previous block hash.
+However, clients should not assume the "longpollid" has any specific meaning.
+It MAY supply the "longpolluri" key with a relative or absolute URI, which MAY specify a completely different resource than the original connection, including port number.
+If "longpolluri" is provided by the server, clients MUST only attempt to use that URI for longpoll requests.
+
+Clients MAY start a longpoll request with a standard JSON-RPC request (in the case of HTTP transport, POST with data) and same authorization, setting the "longpollid" parameter in the request to the value provided by the server.
+
+This request SHOULD NOT be processed nor answered by the server until it wishes to replace the current block data as identified by the "longpollid".
+Clients SHOULD make this request with a very long request timeout and MUST accept servers sending a partial response in advance (such as HTTP headers with "chunked" Transfer-Encoding), and only delaying the completion of the final JSON response until processing.
+
+Upon receiving a completed response:
+* Only if "submitold" is provided and false, the client MAY discard the results of past operations and MUST begin working on the new work immediately.
+* The client SHOULD begin working on the new work received as soon as possible, if not immediately.
+* The client SHOULD make a new request to the same long polling URI.
+
+If a client receives an incomplete or invalid response, it SHOULD retry the request with an exponential backoff.
+Clients MAY implement this backoff with limitations (such as maximum backoff time) or any algorithm as deemed suitable.
+It is, however, forbidden to simply retry immediately with no delay after more than one failure.
+In the case of a "Forbidden" response (for example, HTTP 403), a client SHOULD NOT attempt to retry without user intervention.
+
+===Optional: Template Tweaking===
+
+{| class="wikitable"
+! colspan="3" | template request
+|-
+! Key !! Type !! Description
+|-
+| sigoplimit || Number or Boolean || maximum number of sigops to include in template
+|-
+| sizelimit || Number or Boolean || maximum number of bytes to use for the entire block
+|-
+| maxversion || Number || highest block version number supported
+|}
+
+For "sigoplimit" and "sizelimit", negative values and zero are offset from the server-determined block maximum.
+If a Boolean is provided and true, the default limit is used; if false, the server is instructed not to use any limits on returned template.
+Servers SHOULD respect these desired maximums, but are NOT required to:
+clients SHOULD check that the returned template satisfies their requirements appropriately.
+
+===Appendix: Example Rejection Reasons===
+Possible reasons a share may be rejected include, but are not limited to:
+{| class="wikitable"
+!colspan=2| share rejection reasons
+|-
+! Reason !! Description
+|-
+| bad-cb-flag || the server detected a feature-signifying flag that it does not allow
+|-
+| bad-cb-length || the coinbase was too long (bitcoin limit is 100 bytes)
+|-
+| bad-cb-prefix || the server only allows appending to the coinbase, but it was modified beyond that
+|-
+| bad-diffbits || "bits" were changed
+|-
+| bad-prevblk || the previous-block is not the one the server intends to build on
+|-
+| bad-txnmrklroot || the block header's merkle root did not match the transaction merkle tree
+|-
+| bad-txns || the server didn't like something about the transactions in the block
+|-
+| bad-version || the version was wrong
+|-
+| duplicate || the server already processed this block data
+|-
+| high-hash || the block header did not hash to a value lower than the specified target
+|-
+| rejected || a generic rejection without details
+|-
+| stale-prevblk || the previous-block is no longer the one the server intends to build on
+|-
+| stale-work || the work this block was based on is no longer accepted
+|-
+| time-invalid || the time was not acceptable
+|-
+| time-too-new || the time was too far in the future
+|-
+| time-too-old || the time was too far in the past
+|-
+| unknown-user || the user submitting the block was not recognized
+|-
+| unknown-work || the template or workid could not be identified
+|}
+
+==Motivation==
+
+bitcoind's JSON-RPC server can no longer support the load of generating the work required to productively mine Bitcoin, and external software specializing in work generation has become necessary.
+At the same time, new independent node implementations are maturing to the point where they will also be able to support miners.
+
+A common standard for communicating block construction details is necessary to ensure compatibility between the full nodes and work generation software.
+
+==Rationale==
+Why not just deal with transactions as hashes (txids)?
+* Servers might not have access to the transaction database, or miners may wish to include transactions not broadcast to the network as a whole.
+* Miners may opt not to do full transaction verification, and may not have access to the transaction database on their end.
+
+What is the purpose of "workid"?
+* If servers allow all mutations, it may be hard to identify which job it is based on. While it may be possible to verify the submission by its content, it is much easier to compare it to the job issued. It is very easy for the miner to keep track of this. Therefore, using a "workid" is a very cheap solution to enable more mutations.
+
+Why should "sigops" be provided for transactions?
+* Due to the [[bip-0016.mediawiki|BIP 0016]] changes regarding rules on block sigops, it is impossible to count sigops from the transactions themselves (the sigops in the scriptCheck must also be included in the count).
+
+==Reference Implementation==
+
+* [https://gitorious.org/bitcoin/eloipool Eloipool (server)]
+* [http://gitorious.org/bitcoin/libblkmaker libblkmaker (client)]
+* [https://github.com/bitcoin/bitcoin/pull/936/files bitcoind (minimal server)]
+
+==See Also==
+* [[bip-0023.mediawiki|BIP 23: getblocktemplate - Pooled Mining]]
diff --git a/bip-0023.mediawiki b/bip-0023.mediawiki
new file mode 100644
index 00000000..a53b00bf
--- /dev/null
+++ b/bip-0023.mediawiki
@@ -0,0 +1,296 @@
+<pre>
+  BIP: 23
+  Title: getblocktemplate - Pooled Mining
+  Author: Luke Dashjr <luke+bip22@dashjr.org>
+  Status: Accepted
+  Type: Standards Track
+  Created: 2012-02-28
+</pre>
+
+==Abstract==
+
+This BIP describes extensions to the getblocktemplate JSON-RPC call to enhance pooled mining.
+
+==Specification==
+
+Note that all sections of this specification are optional extensions on top of [[BIP 0022|BIP 22]].
+
+===Summary Support Levels===
+
+Something can be said to have BIP 23 Level 1 support if it implements at least:
+* [http://www.ietf.org/rfc/rfc1945.txt RFC 1945]
+* [http://json-rpc.org/wiki/specification JSON-RPC 1.0]
+* [[bip-0022.mediawiki|BIP 22 (non-optional sections)]]
+* [[bip-0022.mediawiki#Optional: Long Polling|BIP 22 Long Polling]]
+* [[#Basic Pool Extensions|BIP 23 Basic Pool Extensions]]
+* [[#Mutations|BIP 23 Mutation "coinbase/append"]]
+* [[#Submission Abbreviation|BIP 23 Submission Abbreviation "submit/coinbase"]]
+* [[#Mutations|BIP 23 Mutation "time/increment"]] (only required for servers)
+
+It can be said to have BIP 23 Level 2 support if it also implements:
+* [[#Mutations|BIP 23 Mutation "transactions/add"]]
+* [[#Block Proposals|BIP 23 Block Proposals]]
+
+===Basic Pool Extensions===
+
+{| class="wikitable"
+! colspan="3" | template request
+|-
+! Key !! Type !! Description
+|-
+| target || String || desired target for block template (may be ignored)
+|}
+
+{| class="wikitable"
+!colspan="3"| template
+|-
+! Key !! Type !! Description
+|-
+| expires || Number || how many seconds (beginning from when the server sent the response) this work is valid for, at most
+|-
+| target || String || the number which valid results must be less than, in big-endian hexadecimal
+|}
+
+===Block Proposal===
+
+Servers may indicate support for proposing blocks by including a capability string in their original template:
+{| class="wikitable"
+!colspan="3"| template
+|-
+! Key !! Type !! Description
+|-
+| capabilities || Array of Strings || MAY contain "proposal" to indicate support for block proposal
+|-
+| reject-reason || String || Reason the proposal was invalid as-is (only applicable in response to proposals)
+|}
+
+If supported, a miner MAY propose a block to the server for general validation at any point before the job expires.
+This is accomplished by calling getblocktemplate with two keys:
+{| class="wikitable"
+!colspan=3| getblocktemplate parameters
+|-
+! Key !! Type !! Description
+|-
+| data || String || MUST be hex-encoded block data
+|-
+| mode || String || MUST be "proposal"
+|-
+| workid || String || if the server provided a workid, it MUST be included with proposals
+|}
+
+The block data MUST be validated and checked against the server's usual acceptance rules (excluding the check for a valid proof-of-work).
+If it is found to be in violation of any of these rules, the server MUST return one of the following:
+* Null if it is acceptable as-is, with the same workid (if any) as provided. Note that this SHOULD NOT invalidate the old template's claim to the same workid.
+* A String giving the reason for the rejection (see [[bip-0022.mediawiki#appendix-example-rejection-reasons|example rejection reasons]]).
+* A "delta" block template (with changes needed); in this case, any missing keys are assumed to default to those in the proposed block or, if not applicable, the original block template it was based on. This template MAY also include a "reject-reason" key with a String of the reason for rejection.
+
+It is RECOMMENDED that servers which merely need to track the proposed block for later share/* submissions, return a simple Object of the form:
+ {"workid":"new workid"}
+
+Clients SHOULD assume their proposed block will remain valid if the only changes they make are to the portion of the coinbase scriptSig they themselves provided (if any) and the time header.
+Servers SHOULD NOT break this assumption without good cause.
+
+===Mutations===
+
+{| class="wikitable"
+! colspan="3" | template request
+|-
+! Key !! Type !! Description
+|-
+| nonces || Number || size of nonce range the miner needs; if not provided, the server SHOULD assume the client requires 2<sup>32</sup>
+|}
+
+{| class="wikitable"
+!colspan=3| template
+|-
+! Key !! Type !! Description
+|-
+| maxtime || Number || the maximum time allowed
+|-
+| maxtimeoff || Number || the maximum time allowed (as a moving offset from "curtime" - every second, the actual maxtime is incremented by 1; for example, "maxtimeoff":0 means "time" may be incremented by 1 every second)
+|-
+| mintime || Number || the minimum time allowed
+|-
+| mintimeoff || Number || the minimum time allowed (as a moving offset from "curtime")
+|-
+| mutable || Array of Strings || different manipulations that the server explicitly allows to be made
+|-
+| noncerange || String || two 32-bit integers, concatenated in big-endian hexadecimal, which represent the valid ranges of nonces the miner may scan
+|}
+
+If the block template contains a "mutable" key, it is a list of these to signify modifications the miner is allowed to make:
+
+{| class="wikitable"
+!colspan=2| mutations
+|-
+! Value !! Significance
+|-
+| coinbase/append
+| append the provided coinbase scriptSig
+|-
+| coinbase
+| provide their own coinbase; if one is provided, it may be replaced or modified (implied if "coinbasetxn" omitted)
+|-
+| generation
+| add or remove outputs from the coinbase/generation transaction (implied if "coinbasetxn" omitted)
+|-
+| time/increment
+| change the time header to a value after "time" (implied if "maxtime" or "maxtimeoff" are provided)
+|-
+| time/decrement
+| change the time header to a value before "time" (implied if "mintime" is provided)
+|-
+| time
+| modify the time header of the block
+|-
+| transactions/add (or "transactions")
+| add other valid transactions to the block (implied if "transactions" omitted from result)
+|-
+| prevblock
+| use the work with other previous-blocks; this implicitly allows removing transactions that are no longer valid (but clients SHOULD attempt to propose removal of any required transactions); it also implies adjusting "height" as necessary
+|-
+| version/force
+| encode the provide block version, even if the miner doesn't understand it
+|-
+| version/reduce
+| use an older block version than the one provided (for example, if the client does not support the version provided)
+|}
+
+===Submission Abbreviation===
+
+{| class="wikitable"
+!colspan=3| template
+|-
+! Key !! Type !! Description
+|-
+| fulltarget || String || the number which full results should be less than, in big-endian hexadecimal (see "share/*" mutations)
+|-
+| mutable || Array of Strings || different manipulations that the server explicitly allows to be made, including abbreviations
+|}
+
+If the block template contains a "mutable" key, it is a list of these to signify modifications the miner is allowed to make:
+
+{| class="wikitable"
+!colspan=2| abbreviation mutations
+|-
+! Value !! Significance
+|-
+| submit/hash
+| each transaction being sent in a request, that the client is certain the server knows about, may be replaced by its hash in little-endian hexadecimal, prepended by a ":" character
+|-
+| submit/coinbase
+| if the "transactions" provided by the server are used as-is with no changes, submissions may omit transactions after the coinbase (transaction count varint remains included with the full number of transactions)
+|-
+| submit/truncate
+| if the "coinbasetxn" and "transactions" provided by the server are used as-is with no changes, submissions may contain only the block header; if only the scriptSig of "coinbasetxn" is modified, the params Object MUST contain a "coinbasesig" key with the content, or a "coinbaseadd" with appended data (if only appending)
+|-
+| share/coinbase
+| same as "submit/coinbase", but only if the block hash is greater than "fulltarget"
+|-
+| share/merkle
+| if the block hash is greater than "fulltarget", the non-coinbase transactions may be replaced with a merkle chain connecting it to the root
+|-
+| share/truncate
+| same as "submit/truncate", but only if the block hash is greater than "fulltarget"
+|}
+
+==== Format of Data for Merkle-Only Shares ====
+
+The format used for submitting shares with the "share/merkle" mutation shall be the 80-byte block header, the total number of transactions encoded in Bitcoin variable length number format, the coinbase transaction, and then finally the little-endian SHA256 hashes of each link in the merkle chain connecting it to the merkle root.
+
+===Logical Services===
+
+{| class="wikitable"
+! colspan="3" | template request
+|-
+! Key !! Type !! Description
+|-
+| capabilities || Array of Strings || miners which support this SHOULD provide a list including the String "serverlist"
+|}
+
+{| class="wikitable"
+!colspan=3| template
+|-
+! Key !! Type !! Description
+|-
+| serverlist || Array of Objects || list of servers in this single logical service
+|}
+
+If the "serverlist" parameter is provided, clients MAY choose to intelligently treat the server as part of a larger single logical service.
+
+Each host Object in the Array is comprised of the following fields:
+{| class="wikitable"
+!colspan=3| serverlist element
+|-
+! Key !! Type !! Description
+|-
+| uri || String || URI of the individual server; if authentication information is omitted, the same authentication used for this request MUST be assumed
+|-
+| avoid ||  Number || number of seconds to avoid using this server
+|-
+| priority || Number || an integer priority of this host (default: 0)
+|-
+| sticky || Number || number of seconds to stick to this server when used
+|-
+| update || Boolean || whether this server may update the serverlist (default: true)
+|-
+| weight || Number || a relative weight for hosts with the same priority (default: 1)
+|}
+
+When choosing which actual server to get the next job from, URIs MUST be tried in order of their "priority" key, lowest Number first.
+Where the priority of URIs is the same, they should be chosen from in random order, weighed by their "weight" key.
+Work proposals and submissions MUST be made to the same server that issued the job.
+Clients MAY attempt to submit to other servers if, and only if, the original server cannot be reached.
+If cross-server share submissions are desired, services SHOULD instead use the equivalent domain name system (DNS) features (RFCs [http://tools.ietf.org/html/rfc1794 1794] and [http://tools.ietf.org/html/rfc2782 2782]).
+
+Updates to the Logical Service server list may only be made by the original server, or servers listed with the "update" key missing or true.
+Clients MAY choose to advertise serverlist capability to servers with a false "update" key, but if so, MUST treat the server list provided as a subset of the current one, only considered in the context of this server.
+At least one server with "update" privilege MUST be attempted at least once daily.
+
+If the "sticky" key is provided, then when that server is used, it should be used consistently for at least that many seconds, if possible.
+
+A permanent change in server URI MAY be indicated with a simple "serverlist" parameter:
+ "serverlist":[{"uri": "http://newserver"}]
+
+A temporary delegation to another server for 5 minutes MAY be indicated likewise:
+ "serverlist":[{"uri": "", avoid: 300}, {"uri": "http://newserver", "update": false}]
+
+==Motivation==
+
+There is reasonable concerns about mining currently being too centralized on pools, and the amount of control these pools hold.
+By exposing the details of the block proposals to the miners, they are enabled to audit and possibly modify the block before hashing it.
+
+To encourage widespread adoption, this BIP should be a complete superset of the existing centralized getwork protocol, so pools are not required to make substantial changes to adopt it.
+
+==Rationale==
+Why allow servers to restrict the complete coinbase and nonce range?
+* This is necessary to provide a complete superset of JSON-RPC getwork functionality, so that pools may opt to enable auditing without significantly changing or increasing the complexity of their share validation or mining policies.
+* Since noncerange is optional (both for getwork and this BIP), neither clients nor servers are required to support it.
+
+Why specify "time/*" mutations at all?
+* In most cases, these are implied by the mintime/mintimecur/maxtime/maxtimecur keys, but there may be cases that there are no applicable minimums/maximums.
+
+What is the purpose of the "prevblock" mutation?
+* There are often cases where a miner has processed a new block before the server. If the server allows "prevblock" mutation, the miner may begin mining on the new block immediately, without waiting for a new template.
+
+Why must both "mintime"/"maxtime" and "mintimeoff"/"maxtimeoff" keys be defined?
+* In some cases, the limits may be unrelated to the current time (such as the Bitcoin network itself; the minimum is always a fixed median time)
+* In other cases, the limits may be bounded by other rules (many pools limit the time header to within 5 minutes of when the share is submitted to them).
+
+Is "target" really needed?
+* Some pools work with lower targets, and should not be expected to waste bandwidth ignoring shares that don't meet it.
+* Required to be a proper superset of getwork.
+* As mining hashrates grow, some miners may need the ability to request a lower target from their pools to be able to manage their bandwidth use.
+
+What is the purpose of the "hash" transaction list format?
+* Non-mining tools may wish to simply get a list of memory pool transactions.
+* Humans may wish to view their current memory pool.
+
+==Reference Implementation==
+
+* [http://gitorious.org/bitcoin/libblkmaker libblkmaker]
+* [https://gitorious.org/bitcoin/eloipool Eloipool]
+* [https://github.com/bitcoin/bitcoin/pull/936/files bitcoind]
+
+==See Also==
+* [[bip-0022.mediawiki|BIP 22: getblocktemplate - Fundamentals]]
diff --git a/bip-0030.md b/bip-0030.mediawiki
similarity index 77%
rename from bip-0030.md
rename to bip-0030.mediawiki
index bffd6df9..135d3006 100644
--- a/bip-0030.md
+++ b/bip-0030.mediawiki
@@ -2,9 +2,9 @@
   BIP: 30
   Title: Duplicate transactions
   Author: Pieter Wuille <pieter.wuille@gmail.com>
-  Status: Accepted
+  Status: Final
   Type: Standards Track
-  Created: 22-02-2012
+  Created: 2012-02-22
 </pre>
 
 ==Abstract==
@@ -15,9 +15,9 @@ So far, the Bitcoin reference implementation always assumed duplicate transactio
 
 ==Specification==
 To counter this problem, the following network rule is introduced:
-*Blocks are not allowed to contain a transaction whose hash matches that of an earlier transaction in the same chain, unless that earlier transaction was already fully spent before said block.
+*Blocks are not allowed to contain a transaction whose identifier matches that of an earlier, not-fully-spent transaction in the same chain.
 
-This rule is to be applied to all blocks whose timestamp is after march 15, 2012, 0:00 UTC (unix timestamp 1331769600).
+This rule initially applied to all blocks whose timestamp is after March 15, 2012, 00:00 UTC (testnet: February 20, 2012 00:00 UTC). It was later extended by Commit [https://github.com/bitcoin/bitcoin/commit/ab91bf39b7c11e9c86bb2043c24f0f377f1cf514 Apply BIP30 checks to all blocks except the two historic violations.] to apply to all blocks except the two historic blocks at heights 91842 and 91880 on the main chain that had to be grandfathered in.
 
 ==Rationale==
 Whatever solution is used, the following law must be obeyed to guarantee sane behaviour: the set of usable
@@ -40,9 +40,8 @@ The addition of this rule only makes some previously-valid blocks invalid. This
 ==Implementation==
 A patch for the reference client can be found on https://github.com/sipa/bitcoin/tree/nooverwritetx
 
-==Acknowledgements==
-Thanks to Russell O'Connor for finding and demonstrating this problem and helping test the patch, and to Ben Reeves for pointing out a few weaknesses in the implementation.
+This BIP was implemented in Commit [https://github.com/bitcoin/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 Do not allow overwriting unspent transactions (BIP 30)]
+There have been additional commits to refine the implementation of this BIP.
 
-[[Category:Developer]]
-[[Category:Technical]]
-[[Category:BIP|D]]
+==Acknowledgements==
+Thanks to Russell O'Connor for finding and demonstrating this problem, and helping test the patch.
diff --git a/bip-0031.md b/bip-0031.mediawiki
similarity index 84%
rename from bip-0031.md
rename to bip-0031.mediawiki
index 3252fca2..8adcd295 100644
--- a/bip-0031.md
+++ b/bip-0031.mediawiki
@@ -2,9 +2,9 @@
   BIP: 31
   Title: Pong message
   Author: Mike Hearn <hearn@google.com>
-  Status: Draft
+  Status: Accepted
   Type: Standards Track
-  Created: 11-04-2012
+  Created: 2012-04-11
 </pre>
 
 ==Abstract==
@@ -25,15 +25,14 @@ All of these can be solved by a backwards compatible protocol modification.
 
 ==Specification==
 
-When the protocol version as negotiated in the "ver" message is greater than or equal to 70000, the "ping" message can contain a uint64 field called "nonce". A peer sending "ping" can set the nonce to a random value, and it is then echoed back by the recipient in a new "pong" message that also contains a single uint64 field.
+When the protocol version as negotiated in the "ver" message is greater than 60000, the "ping" message must contain a uint64 field called "nonce". A peer sending "ping" should set the nonce to a random value, and it is then echoed back by the recipient in a new "pong" message that also contains a single uint64 field.
 
 In this way, the client can send a ping and measure the time taken to receive the corresponding pong. If a client sends two pings before hearing back the first pong, the responses can be distinguished using the nonce. If the client chooses to never overlap pings in this way it should simply set the nonce value to zero.
 
 ==Backward compatibility==
 
-Clients must opt-in to the new feature by advertising a protocol version >= 70000. Clients with older protocol versions are not expected to provide a nonce in the ping message and will not be sent a pong.
+Clients must opt-in to the new feature by advertising a protocol version > 60000. Clients with older protocol versions are not expected to provide a nonce in the ping message and will not be sent a pong.
 
 ==Implementation==
 
 https://github.com/bitcoin/bitcoin/pull/932/files
-
diff --git a/bip-0032.md b/bip-0032.md
deleted file mode 100644
index bc424fe5..00000000
--- a/bip-0032.md
+++ /dev/null
@@ -1,132 +0,0 @@
-<pre>
-  BIP: 32
-  Title: Hierarchical Deterministic Wallets
-  Author: Pieter Wuille
-  Status: Draft
-  Type: Informational
-  Created: 11-02-2012
-</pre>
-
-==Abstract==
-
-This document describes hierarchical determinstic wallets (or "HD Wallets"): wallets which can be shared partially or entirely with different systems, each with or without the ability to spend coins.
-
-The specification is intended to set a standard for deterministic wallets that can be interchanged between different clients. Although the wallets described here have many features, not all are required by supporting clients.
-
-==Motivation==
-
-The Bitcoin reference client uses randomly generated keys. In order to avoid the necessity for a backup after every transaction, (by default) 100 keys are cached in a pool of reserve keys. Still, these wallets are not intended to be shared and used on several systems simultaneously. They support hiding their private keys by using the wallet encrypt feature and not sharing the password, but such "neutered" wallets lose the power to generate public keys as well. 
-
-Deterministic wallets do not require such frequent backups, and elliptic curve mathematics permit schemes where one can calculate the public keys without revealing the private keys. This permits for example a webshop business to let its webserver generate a fresh addresses (public key hashes) for each order or for each customer, without giving the webserver access to the corresponding private keys (which are required for spending the received funds).
-
-However, deterministic wallets typically consist of a single "chain" of keypairs. The fact that there is only one chain means that sharing a wallet happens on an all-or-nothing basis. However, in some cases one only wants some (public) keys to be shared and recoverable. In the example of a webshop, the webserver does not need access to all public keys of the merchant's wallet; only to those addresses which are used to receive customer's payments, and not for example the change addresses that are generated when the merchant spends money. Hierarchical deterministic wallets allow such selective sharing by supporting multiple keypair chains, derived from a single root.
-
-==Specification==
-
-===Conventions===
-
-In the rest of this text we will assume the public key cryptography used in Bitcoin, namely elliptic curve cryptography using the field and curve parameters defined by secp256k1 (http://www.secg.org/index.php?action=secg,docs_secg). Variables below are either:
-* integers modulo the order of the curve, serialized as 32 bytes, most significant byte first.
-* coordinates of points on the curve, serialized as specified in SEC1: either compressed ([0x02 or 0x03] + 32 byte x coordinate), or uncompressed (0x04 + 32 byte x coordinate + 32 byte y coordinate).
-* byte sequences
-
-Addition (+) of two coordinates is defined as application of the EC group operation. Multiplication (*) of an integer and a coordinate is defined as repeated application of the EC group operation. The generator element of the curve is called G. The public key K corresponding to the private key k is calculated as k*G. We do not distinguish between numbers or coordinates and their serialization as byte sequences.
-
-===Extended keys===
-
-In what follows, we will define a function that derives a number of child keys from a parent key. In order to prevent these from depending solely on the key itself, we extend both private and public keys first with an extra 256 bits of entropy. This extension, called the chain code, is identical for corresponding private and public keys, and consists of 32 bytes.
-
-We represent an extended private key as (k,c), with k the normal private key, and c the chain code. An extended public key is represented as (K,c), with K the normal public key and c the chain code.
-
-===Child key derivation function===
-
-We define the child key derivation function CKD((k<sub>par</sub>,c<sub>par</sub>),n), which takes a parent extended secret key (k<sub>par</sub>,c<sub>par</sub>) and a 32-bit integer n, to produce a child extended secret key (k<sub>n</sub>,c<sub>n</sub>).
-
-To define (k<sub>n</sub>,c<sub>n</sub>) = CKD((k<sub>par</sub>,c<sub>par</sub>),n):
-* call I = HMAC-SHA512(Key=c<sub>par</sub>, Data=k<sub>par</sub>*G || n), where k<sub>par</sub>*G is the public key corresponding to k<sub>par</sub>, || is concatenation, and n is encoded as a 32 bits unsigned integer, most significant byte first.
-* Split I into two 32-byte sequences, I<sub>L</sub> and I<sub>R</sub>.
-* k<sub>n</sub> is equal to I<sub>L</sub>*k<sub>par</sub>.
-* c<sub>n</sub> is equal to I<sub>R</sub>.
-
-We also define a version that operates on extended public keys instead of private ones: (K<sub>n</sub>,c<sub>n</sub>) = CKD'((K<sub>par</sub>,c<sub>par</sub>),n):
-* call I = HMAC-SHA512(Key=c<sub>par</sub>, Data=K<sub>par</sub> || n), where n is encoded a 32 bits unsigned integer, most significant byte first.
-* Split I into two 32-byte sequences, I<sub>L</sub> and I<sub>R</sub>.
-* K<sub>n</sub> is equal to I<sub>L</sub>*K<sub>par</sub>.
-* c<sub>n</sub> is equal to I<sub>R</sub>.
-
-Note that the extended public key corresponding to the evaluation of CKD(x,n) is identical to the evaluation of CKD'(X,n), with X the extended public key corresponding to x. Symbolically, CKD(x,n)*G = CKD'(x*G,n). This implies that CKD' can be used to derive all public keys corresponding to the private keys that CKD would find. It cannot be used to retrieve the private keys, however.
-
-The HMAC-SHA512 function is specified in [http://tools.ietf.org/html/rfc4231 RFC 4231].
-
-===The key tree===
-
-The next step is cascading several CKD constructions to build a tree. We start with one root, the master extended key m. By evaluating CKD(m,n) for several values of n, we get a number of first-degree derivative nodes. As each of these is again an extended key, CKD can be applied to those as well. To shorten notation, we will write CKD(CKD(CKD(m,n<sub>1</sub>),n<sub>2</sub>),n<sub>3</sub>) as m/n<sub>1</sub>/n<sub>2</sub>/n<sub>3</sub> now.
-
-Each leaf node in the tree corresponds to an actual keypair, while the internal nodes correspond to the collection of keypairs that descends from them. The chain codes of the leaf nodes are ignored, and only their embedded private or public key is used. Because of this construction, knowing an extended private key allows reconstruction of all descendant private keys and public keys, and knowing an extended public keys allows reconstruction of all descendant public keys.
-
-===Serialization format===
-
-Extended public and private keys are serialized as follows:
-* 1 byte: version byte (mainnet: 0x06 public, 0x0C private; testnet: 0xC6 public, 0xCC private)
-* 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 descendants, .... 
-* 4 bytes: the first 32 bits of RIPEMD160(SHA256(K<sub>par</sub>)), a "fingerprint" of the parent's key. Note that this corresponds to the first 32 bits of the data in the "address" corresponding to the parent's key.
-* 4 bytes: child number. This is the number n in x<sub>n</sub> = x<sub>par</sub>/n, with x<sub>n</sub> the key being serialized. This is encoded in MSB order.
-* 32 bytes: the chain code
-* the rest: the normal public or private key serialization (65 or 33 bytes for public keys, 32 or 33 bytes for private keys).
-
-This 74, 75 or 107 byte structure can be encoded like other Bitcoin data in Base58, by first adding 32 checksum bits (derived from the double SHA-256 checksum), and then converting to the Base58 representation. This results in a base58-encoded string of 107, 108 or 152 characters.
-
-
-===Master key generation===
-
-The total number of possible extended keypairs is almost 2^512, but the produced keys are only 256 bits long, and offer about half of that in terms of security. Therefore, master keys are not generated directly, but instead from a potentially short seed value.
-
-* Generate a seed S of a chosen length (at least 128 bits) from a (P)RNG.
-* Calculate I = HMAC-SHA512(key="Bitcoin seed", msg=S)
-* Split I into two 32-byte sequences, I<sub>l</sub> and I<sub>r</sub>.
-* Use I<sub>l</sub> as master secret key, and I<sub>r</sub> as master chain code.
-
-[[File:BIP32-derivation.png]]
-
-===Wallet structure===
-
-The previous sections specified key trees and their nodes. The next step is imposing a wallet structure on this tree. 
-
-An HDW is organized as several 'accounts'. Accounts are numbered, the default account ("") being number 0. Clients are not required to support more than one account - if not, they only use the default account.
-
-Each account is composed of two keypair chains: an internal and an external one. The external keychain is used to generate new public addresses, while the internal keychain is used for all other operations (change addresses, generation addresses, ..., anything that doesn't need to be communicated). Clients that do not support separate keychains for these should use the external one for everything.
-
- * m/i/0/k corresponds to the k'th keypair of the external chain of account number i of the HDW derived from master m.
- * m/i/1/k corresponds to the k'th keypair of the internal chain of account number i of the HDW derived from master m.
-
-==Use cases==
-
-===Full wallet sharing: m===
-
-In cases where two systems need to access a single shared wallet, and both need to be able to perform spendings, one needs to share the master private extended key. Nodes can keep a pool of N look-ahead keys cached for external chains, to watch for incoming payments. The look-ahead for internal chains can be very small, as no gaps are to be expected here. An extra look-ahead could be active for the first unused account's chains - triggering the creation of a new account when used. Note that the name of the account will still need to be entered manually and cannot be synchronized via the block chain.
-
-===Audits: M===
-
-In case an auditor needs full access to the list of incoming and outgoing payments, one can share the master public extended key. This will allow the auditor to see all transactions from and to the wallet, in all accounts, but not a single secret key.
-
-===Per-office balances: m/i===
-
-When a business has several independent offices, they can all use wallets derived from a single master. This will allow the headquarters to maintain a super-wallet that sees all incoming and outgoing transactions of all offices, and even permit moving money between the offices.
-
-===Recurrant business-to-business transactions: M/i/0===
-
-In case two business partners often transfer money, one can use the extended public key for the external chain of a specific account (M/i/0) as a sort of "super address", allowing frequent transactions that cannot (easily) be associated, but without needing to request a new address for each payment.
-Such a mechanism could also be used by mining pool operators as variable payout address.
-
-===Unsecure money receiver: M/i/0===
-
-When an unsecure webserver is used to run an e-commerce site, it needs to know public addresses that be used to receive payments. The webserver only needs to know the public extended key of the external chain of a single account. This means someone illegally obtaining access to the webserver can at most see all incoming payments, but will not (trivially) be able to distinguish outgoing transactions, nor see payments received by other webservers if there are several ones.
-
-==Compatibility==
-
-==Test Vectors==
-
-==Acknowledgements==
-
-* Gregory Maxwell for the original idea of type-2 deterministic wallets, and many discussions about it.
-* Alan Reiner for the implementation of this scheme in Armory, and the suggestions that followed from that.
diff --git a/bip-0032.mediawiki b/bip-0032.mediawiki
new file mode 100644
index 00000000..619d5d62
--- /dev/null
+++ b/bip-0032.mediawiki
@@ -0,0 +1,284 @@
+RECENT CHANGES:
+* (16 Apr 2013) Added private derivation for i ≥ 0x80000000 (less risk of parent private key leakage)
+* (30 Apr 2013) Switched from multiplication by I<sub>L</sub> to addition of I<sub>L</sub> (faster, easier implementation)
+* (25 May 2013) Added test vectors
+* (15 Jan 2014) Rename keys with index ≥ 0x8000000 to hardened keys, and add explicit conversion functions.
+
+<pre>
+  BIP: 32
+  Title: Hierarchical Deterministic Wallets
+  Author: Pieter Wuille
+  Status: Accepted
+  Type: Informational
+  Created: 2012-02-11
+</pre>
+
+==Abstract==
+
+This document describes hierarchical deterministic wallets (or "HD Wallets"): wallets which can be shared partially or entirely with different systems, each with or without the ability to spend coins.
+
+The specification is intended to set a standard for deterministic wallets that can be interchanged between different clients. Although the wallets described here have many features, not all are required by supporting clients.
+
+The specification consists of two parts. In a first part, a system for deriving a tree of keypairs from a single seed is presented. The second part demonstrates how to build a wallet structure on top of such a tree.
+
+==Motivation==
+
+The Bitcoin reference client uses randomly generated keys. In order to avoid the necessity for a backup after every transaction, (by default) 100 keys are cached in a pool of reserve keys. Still, these wallets are not intended to be shared and used on several systems simultaneously. They support hiding their private keys by using the wallet encrypt feature and not sharing the password, but such "neutered" wallets lose the power to generate public keys as well.
+
+Deterministic wallets do not require such frequent backups, and elliptic curve mathematics permit schemes where one can calculate the public keys without revealing the private keys. This permits for example a webshop business to let its webserver generate fresh addresses (public key hashes) for each order or for each customer, without giving the webserver access to the corresponding private keys (which are required for spending the received funds).
+
+However, deterministic wallets typically consist of a single "chain" of keypairs. The fact that there is only one chain means that sharing a wallet happens on an all-or-nothing basis. However, in some cases one only wants some (public) keys to be shared and recoverable. In the example of a webshop, the webserver does not need access to all public keys of the merchant's wallet; only to those addresses which are used to receive customer's payments, and not for example the change addresses that are generated when the merchant spends money. Hierarchical deterministic wallets allow such selective sharing by supporting multiple keypair chains, derived from a single root.
+
+==Specification: Key derivation==
+
+===Conventions===
+
+In the rest of this text we will assume the public key cryptography used in Bitcoin, namely elliptic curve cryptography using the field and curve parameters defined by secp256k1 (http://www.secg.org/index.php?action=secg,docs_secg). Variables below are either:
+* Integers modulo the order of the curve (referred to as n).
+* Coordinates of points on the curve.
+* Byte sequences.
+
+Addition (+) of two coordinate pair is defined as application of the EC group operation.
+Concatenation (||) is the operation of appending one byte sequence onto another.
+
+As standard conversion functions, we assume:
+* point(p): returns the coordinate pair resulting from EC point multiplication (repeated application of the EC group operation) of the secp256k1 base point with the integer p.
+* ser<sub>32</sub>(i): serialize a 32-bit unsigned integer i as a 4-byte sequence, most significant byte first.
+* ser<sub>256</sub>(p): serializes the integer p as a 32-byte sequence, most significant byte first.
+* ser<sub>P</sub>(P): serializes the coordinate pair P = (x,y) as a byte sequence using SEC1's compressed form: (0x02 or 0x03) || ser<sub>256</sub>(x), where the header byte depends on the parity of the omitted y coordinate.
+* parse<sub>256</sub>(p): interprets a 32-byte sequence as a 256-bit number, most significant byte first.
+
+
+===Extended keys===
+
+In what follows, we will define a function that derives a number of child keys from a parent key. In order to prevent these from depending solely on the key itself, we extend both private and public keys first with an extra 256 bits of entropy. This extension, called the chain code, is identical for corresponding private and public keys, and consists of 32 bytes.
+
+We represent an extended private key as (k, c), with k the normal private key, and c the chain code. An extended public key is represented as (K, c), with K = point(k) and c the chain code.
+
+Each extended key has 2<sup>31</sup> normal child keys, and 2<sup>31</sup> hardened child keys. Each of these child keys has an index. The normal child keys use indices 0 through 2<sup>31</sup>-1. The hardened child keys use indices 2<sup>31</sup> through 2<sup>32</sup>-1. To ease notation for hardened key indices, a number i<sub>H</sub> represents i+2<sup>31</sup>.
+
+===Child key derivation (CKD) functions===
+
+Given a parent extended key and an index i, it is possible to compute the corresponding child extended key. The algorithm to do so depends on whether the child is a hardened key or not (or, equivalently, whether i ≥ 2<sup>31</sup>), and whether we're talking about private or public keys.
+
+====Private parent key &rarr; private child key====
+
+The function CKDpriv((k<sub>par</sub>, c<sub>par</sub>), i) &rarr; (k<sub>i</sub>, c<sub>i</sub>) computes a child extended private key from the parent extended private key:
+* Check whether i ≥ 2<sup>31</sup> (whether the child is a hardened key).
+** If so (hardened child): let I = HMAC-SHA512(Key = c<sub>par</sub>, Data = 0x00 || ser<sub>256</sub>(k<sub>par</sub>) || ser<sub>32</sub>(i)). (Note: The 0x00 pads the private key to make it 33 bytes long.)
+** If not (normal child): let I = HMAC-SHA512(Key = c<sub>par</sub>, Data = ser<sub>P</sub>(point(k<sub>par</sub>)) || ser<sub>32</sub>(i)).
+* Split I into two 32-byte sequences, I<sub>L</sub> and I<sub>R</sub>.
+* The returned child key k<sub>i</sub> is parse<sub>256</sub>(I<sub>L</sub>) + k<sub>par</sub> (mod n).
+* The returned chain code c<sub>i</sub> is I<sub>R</sub>.
+* In case parse<sub>256</sub>(I<sub>L</sub>) ≥ n or k<sub>i</sub> = 0, the resulting key is invalid, and one should proceed with the next value for i. (Note: this has probability lower than 1 in 2<sup>127</sup>.)
+
+The HMAC-SHA512 function is specified in [http://tools.ietf.org/html/rfc4231 RFC 4231].
+
+====Public parent key &rarr; public child key====
+
+The function CKDpub((K<sub>par</sub>, c<sub>par</sub>), i) &rarr; (K<sub>i</sub>, c<sub>i</sub>) computes a child extended public key from the parent extended public key. It is only defined for non-hardened child keys.
+* Check whether i ≥ 2<sup>31</sup> (whether the child is a hardened key).
+** If so (hardened child): return failure
+** If not (normal child): let I = HMAC-SHA512(Key = c<sub>par</sub>, Data = ser<sub>P</sub>(K<sub>par</sub>) || ser<sub>32</sub>(i)).
+* Split I into two 32-byte sequences, I<sub>L</sub> and I<sub>R</sub>.
+* The returned child key K<sub>i</sub> is point(parse<sub>256</sub>(I<sub>L</sub>)) + K<sub>par</sub>.
+* The returned chain code c<sub>i</sub> is I<sub>R</sub>.
+* In case parse<sub>256</sub>(I<sub>L</sub>) ≥ n or K<sub>i</sub> is the point at infinity, the resulting key is invalid, and one should proceed with the next value for i.
+
+====Private parent key &rarr; public child key====
+
+The function N((k, c)) &rarr; (K, c) computes the extended public key corresponding to an extended private key (the "neutered" version, as it removes the ability to sign transactions).
+* The returned key K is point(k).
+* The returned chain code c is just the passed chain code.
+
+To compute the public child key of a parent private key:
+* N(CKDpriv((k<sub>par</sub>, c<sub>par</sub>), i)) (works always).
+* CKDpub(N(k<sub>par</sub>, c<sub>par</sub>), i) (works only for non-hardened child keys).
+The fact that they are equivalent is what makes non-hardened keys useful (one can derive child public keys of a given parent key without knowing any private key), and also what distinguishes them from hardened keys. The reason for not always using non-hardened keys (which are more useful) is security; see further for more information.
+
+====Public parent key &rarr; private child key====
+
+This is not possible.
+
+===The key tree===
+
+The next step is cascading several CKD constructions to build a tree. We start with one root, the master extended key m. By evaluating CKDpriv(m,i) for several values of i, we get a number of level-1 derived nodes. As each of these is again an extended key, CKDpriv can be applied to those as well.
+
+To shorten notation, we will write CKDpriv(CKDpriv(CKDpriv(m,3<sub>H</sub>),2),5) as m/3<sub>H</sub>/2/5. Equivalently for public keys, we write CKDpub(CKDpub(CKDpub(M,3),2,5) as M/3/2/5. This results in the following identities:
+* N(m/a/b/c) = N(m/a/b)/c = N(m/a)/b/c = N(m)/a/b/c = M/a/b/c.
+* N(m/a<sub>H</sub>/b/c) = N(m/a<sub>H</sub>/b)/c = N(m/a<sub>H</sub>)/b/c.
+However, N(m/a<sub>H</sub>) cannot be rewritten as N(m)/a<sub>H</sub>, as the latter is not possible.
+
+Each leaf node in the tree corresponds to an actual key, while the internal nodes correspond to the collections of keys that descend from them. The chain codes of the leaf nodes are ignored, and only their embedded private or public key is relevant. Because of this construction, knowing an extended private key allows reconstruction of all descendant private keys and public keys, and knowing an extended public keys allows reconstruction of all descendant non-hardened public keys.
+
+===Key identifiers===
+
+Extended keys can be identified by the Hash160 (RIPEMD160 after SHA256) of the serialized ECSDA public key K, ignoring the chain code. This corresponds exactly to the data used in traditional Bitcoin addresses. It is not advised to represent this data in base58 format though, as it may be interpreted as an address that way (and wallet software is not required to accept payment to the chain key itself).
+
+The first 32 bits of the identifier are called the key fingerprint.
+
+===Serialization format===
+
+Extended public and private keys are serialized as follows:
+* 4 byte: version bytes (mainnet: 0x0488B21E public, 0x0488ADE4 private; testnet: 0x043587CF public, 0x04358394 private)
+* 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ....
+* 4 bytes: the fingerprint of the parent's key (0x00000000 if master key)
+* 4 bytes: child number. This is ser<sub>32</sub>(i) for i in x<sub>i</sub> = x<sub>par</sub>/i, with x<sub>i</sub> the key being serialized. (0x00000000 if master key)
+* 32 bytes: the chain code
+* 33 bytes: the public key or private key data (ser<sub>P</sub>(K) for public keys, 0x00 || ser<sub>256</sub>(k) for private keys)
+
+This 78 byte structure can be encoded like other Bitcoin data in Base58, by first adding 32 checksum bits (derived from the double SHA-256 checksum), and then converting to the Base58 representation. This results in a Base58-encoded string of up to 112 characters. Because of the choice of the version bytes, the Base58 representation will start with "xprv" or "xpub" on mainnet, "tprv" or "tpub" on testnet.
+
+Note that the fingerprint of the parent only serves as a fast way to detect parent and child nodes in software, and software must be willing to deal with collisions. Internally, the full 160-bit identifier could be used.
+
+When importing a serialized extended public key, implementations must verify whether the X coordinate in the public key data corresponds to a point on the curve. If not, the extended public key is invalid.
+
+===Master key generation===
+
+The total number of possible extended keypairs is almost 2<sup>512</sup>, but the produced keys are only 256 bits long, and offer about half of that in terms of security. Therefore, master keys are not generated directly, but instead from a potentially short seed value.
+
+* Generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.
+* Calculate I = HMAC-SHA512(Key = "Bitcoin seed", Data = S)
+* Split I into two 32-byte sequences, I<sub>L</sub> and I<sub>R</sub>.
+* Use parse<sub>256</sub>(I<sub>L</sub>) as master secret key, and I<sub>R</sub> as master chain code.
+In case I<sub>L</sub> is 0 or ≥n, the master key is invalid.
+
+<img src=bip-0032/derivation.png></img>
+
+==Specification: Wallet structure==
+
+The previous sections specified key trees and their nodes. The next step is imposing a wallet structure on this tree. The layout defined in this section is a default only, though clients are encouraged to mimick it for compatibility, even if not all features are supported.
+
+===The default wallet layout===
+
+An HDW is organized as several 'accounts'. Accounts are numbered, the default account ("") being number 0. Clients are not required to support more than one account - if not, they only use the default account.
+
+Each account is composed of two keypair chains: an internal and an external one. The external keychain is used to generate new public addresses, while the internal keychain is used for all other operations (change addresses, generation addresses, ..., anything that doesn't need to be communicated). Clients that do not support separate keychains for these should use the external one for everything.
+* m/i<sub>H</sub>/0/k corresponds to the k'th keypair of the external chain of account number i of the HDW derived from master m.
+* m/i<sub>H</sub>/1/k corresponds to the k'th keypair of the internal chain of account number i of the HDW derived from master m.
+
+===Use cases===
+
+====Full wallet sharing: m====
+
+In cases where two systems need to access a single shared wallet, and both need to be able to perform spendings, one needs to share the master private extended key. Nodes can keep a pool of N look-ahead keys cached for external chains, to watch for incoming payments. The look-ahead for internal chains can be very small, as no gaps are to be expected here. An extra look-ahead could be active for the first unused account's chains - triggering the creation of a new account when used. Note that the name of the account will still need to be entered manually and cannot be synchronized via the block chain.
+
+====Audits: N(m/*)====
+
+In case an auditor needs full access to the list of incoming and outgoing payments, one can share all account public extended keys. This will allow the auditor to see all transactions from and to the wallet, in all accounts, but not a single secret key.
+
+====Per-office balances: m/i<sub>H</sub>====
+
+When a business has several independent offices, they can all use wallets derived from a single master. This will allow the headquarters to maintain a super-wallet that sees all incoming and outgoing transactions of all offices, and even permit moving money between the offices.
+
+====Recurrent business-to-business transactions: N(m/i<sub>H</sub>/0)====
+
+In case two business partners often transfer money, one can use the extended public key for the external chain of a specific account (M/i h/0) as a sort of "super address", allowing frequent transactions that cannot (easily) be associated, but without needing to request a new address for each payment.
+Such a mechanism could also be used by mining pool operators as variable payout address.
+
+====Unsecure money receiver: N(m/i<sub>H</sub>/0)====
+
+When an unsecure webserver is used to run an e-commerce site, it needs to know public addresses that are used to receive payments. The webserver only needs to know the public extended key of the external chain of a single account. This means someone illegally obtaining access to the webserver can at most see all incoming payments, but will not (trivially) be able to distinguish outgoing transactions, nor see payments received by other webservers if there are several ones.
+
+==Compatibility==
+
+To comply with this standard, a client must at least be able to import an extended public or private key, to give access to its direct descendants as wallet keys. The wallet structure (master/account/chain/subchain) presented in the second part of the specification is advisory only, but is suggested as a minimal structure for easy compatibility - even when no separate accounts or distinction between internal and external chains is made. However, implementations may deviate from it for specific needs; more complex applications may call for a more complex tree structure.
+
+==Security==
+
+In addition to the expectations from the EC public-key cryptography itself:
+* Given a public key K, an attacker cannot find the corresponding private key more efficiently than by solving the EC discrete logarithm problem (assumed to require 2<sup>128</sup> group operations).
+the intended security properties of this standard are:
+* Given a child extended private key (k<sub>i</sub>,c<sub>i</sub>) and the integer i, an attacker cannot find the parent private key k<sub>par</sub> more efficiently than a 2<sup>256</sup> brute force of HMAC-SHA512.
+* Given any number (2 ≤ N ≤ 2<sup>32</sup>-1) of (index, extended private key) tuples (i<sub>j</sub>,(k<sub>i<sub>j</sub></sub>,c<sub>i<sub>j</sub></sub>)), with distinct i<sub>j</sub>'s, determining whether they are derived from a common parent extended private key (i.e., whether there exists a (k<sub>par</sub>,c<sub>par</sub>) such that for each j in (0..N-1) CKDpriv((k<sub>par</sub>,c<sub>par</sub>),i<sub>j</sub>)=(k<sub>i<sub>j</sub></sub>,c<sub>i<sub>j</sub></sub>)), cannot be done more efficiently than a 2<sup>256</sup> brute force of HMAC-SHA512.
+Note however that the following properties does not exist:
+* Given a parent extended public key (K<sub>par</sub>,c<sub>par</sub>) and a child public key (K<sub>i</sub>), it is hard to find i.
+* Given a parent extended public key (K<sub>par</sub>,c<sub>par</sub>) and a non-hardened child private key (k<sub>i</sub>), it is hard to find k<sub>par</sub>.
+
+===Implications===
+
+Private and public keys must be kept safe as usual. Leaking a private key means access to coins - leaking a public key can mean loss of privacy.
+
+Somewhat more care must be taken regarding extended keys, as these correspond to an entire (sub)tree of keys.
+
+One weakness that may not be immediately obvious, is that knowledge of a parent extended public key plus any non-hardened private key descending from it is equivalent to knowing the parent extended private key (and thus every private and public key descending from it). This means that extended public keys must be treated more carefully than regular public keys.
+It is also the reason for the existence of hardened keys, and why they are used for the account level in the tree. This way, a leak of account-specific (or below) private key never risks compromising the master or other accounts.
+
+
+==Test Vectors==
+
+===Test vector 1===
+
+Master (hex): 000102030405060708090a0b0c0d0e0f
+* Chain m
+** ext pub: xpub661MyMwAqRbcFtXgS5sYJABqqG9YLmC4Q1Rdap9gSE8NqtwybGhePY2gZ29ESFjqJoCu1Rupje8YtGqsefD265TMg7usUDFdp6W1EGMcet8
+** ext prv: xprv9s21ZrQH143K3QTDL4LXw2F7HEK3wJUD2nW2nRk4stbPy6cq3jPPqjiChkVvvNKmPGJxWUtg6LnF5kejMRNNU3TGtRBeJgk33yuGBxrMPHi
+* Chain m/0<sub>H</sub>
+** ext pub: xpub68Gmy5EdvgibQVfPdqkBBCHxA5htiqg55crXYuXoQRKfDBFA1WEjWgP6LHhwBZeNK1VTsfTFUHCdrfp1bgwQ9xv5ski8PX9rL2dZXvgGDnw
+** ext prv: xprv9uHRZZhk6KAJC1avXpDAp4MDc3sQKNxDiPvvkX8Br5ngLNv1TxvUxt4cV1rGL5hj6KCesnDYUhd7oWgT11eZG7XnxHrnYeSvkzY7d2bhkJ7
+* Chain m/0<sub>H</sub>/1
+** ext pub: xpub6ASuArnXKPbfEwhqN6e3mwBcDTgzisQN1wXN9BJcM47sSikHjJf3UFHKkNAWbWMiGj7Wf5uMash7SyYq527Hqck2AxYysAA7xmALppuCkwQ
+** ext prv: xprv9wTYmMFdV23N2TdNG573QoEsfRrWKQgWeibmLntzniatZvR9BmLnvSxqu53Kw1UmYPxLgboyZQaXwTCg8MSY3H2EU4pWcQDnRnrVA1xe8fs
+* Chain m/0<sub>H</sub>/1/2<sub>H</sub>
+** ext pub: xpub6D4BDPcP2GT577Vvch3R8wDkScZWzQzMMUm3PWbmWvVJrZwQY4VUNgqFJPMM3No2dFDFGTsxxpG5uJh7n7epu4trkrX7x7DogT5Uv6fcLW5
+** ext prv: xprv9z4pot5VBttmtdRTWfWQmoH1taj2axGVzFqSb8C9xaxKymcFzXBDptWmT7FwuEzG3ryjH4ktypQSAewRiNMjANTtpgP4mLTj34bhnZX7UiM
+* Chain m/0<sub>H</sub>/1/2<sub>H</sub>/2
+** ext pub: xpub6FHa3pjLCk84BayeJxFW2SP4XRrFd1JYnxeLeU8EqN3vDfZmbqBqaGJAyiLjTAwm6ZLRQUMv1ZACTj37sR62cfN7fe5JnJ7dh8zL4fiyLHV
+** ext prv: xprvA2JDeKCSNNZky6uBCviVfJSKyQ1mDYahRjijr5idH2WwLsEd4Hsb2Tyh8RfQMuPh7f7RtyzTtdrbdqqsunu5Mm3wDvUAKRHSC34sJ7in334
+* Chain m/0<sub>H</sub>/1/2<sub>H</sub>/2/1000000000
+** ext pub: xpub6H1LXWLaKsWFhvm6RVpEL9P4KfRZSW7abD2ttkWP3SSQvnyA8FSVqNTEcYFgJS2UaFcxupHiYkro49S8yGasTvXEYBVPamhGW6cFJodrTHy
+** ext prv: xprvA41z7zogVVwxVSgdKUHDy1SKmdb533PjDz7J6N6mV6uS3ze1ai8FHa8kmHScGpWmj4WggLyQjgPie1rFSruoUihUZREPSL39UNdE3BBDu76
+
+===Test vector 2===
+
+Master (hex): fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542
+* Chain m
+** ext pub: xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB
+** ext prv: xprv9s21ZrQH143K31xYSDQpPDxsXRTUcvj2iNHm5NUtrGiGG5e2DtALGdso3pGz6ssrdK4PFmM8NSpSBHNqPqm55Qn3LqFtT2emdEXVYsCzC2U
+* Chain m/0
+** ext pub: xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH
+** ext prv: xprv9vHkqa6EV4sPZHYqZznhT2NPtPCjKuDKGY38FBWLvgaDx45zo9WQRUT3dKYnjwih2yJD9mkrocEZXo1ex8G81dwSM1fwqWpWkeS3v86pgKt
+* Chain m/0/2147483647<sub>H</sub>
+** ext pub: xpub6ASAVgeehLbnwdqV6UKMHVzgqAG8Gr6riv3Fxxpj8ksbH9ebxaEyBLZ85ySDhKiLDBrQSARLq1uNRts8RuJiHjaDMBU4Zn9h8LZNnBC5y4a
+** ext prv: xprv9wSp6B7kry3Vj9m1zSnLvN3xH8RdsPP1Mh7fAaR7aRLcQMKTR2vidYEeEg2mUCTAwCd6vnxVrcjfy2kRgVsFawNzmjuHc2YmYRmagcEPdU9
+* Chain m/0/2147483647<sub>H</sub>/1
+** ext pub: xpub6DF8uhdarytz3FWdA8TvFSvvAh8dP3283MY7p2V4SeE2wyWmG5mg5EwVvmdMVCQcoNJxGoWaU9DCWh89LojfZ537wTfunKau47EL2dhHKon
+** ext prv: xprv9zFnWC6h2cLgpmSA46vutJzBcfJ8yaJGg8cX1e5StJh45BBciYTRXSd25UEPVuesF9yog62tGAQtHjXajPPdbRCHuWS6T8XA2ECKADdw4Ef
+* Chain m/0/2147483647<sub>H</sub>/1/2147483646<sub>H</sub>
+** ext pub: xpub6ERApfZwUNrhLCkDtcHTcxd75RbzS1ed54G1LkBUHQVHQKqhMkhgbmJbZRkrgZw4koxb5JaHWkY4ALHY2grBGRjaDMzQLcgJvLJuZZvRcEL
+** ext prv: xprvA1RpRA33e1JQ7ifknakTFpgNXPmW2YvmhqLQYMmrj4xJXXWYpDPS3xz7iAxn8L39njGVyuoseXzU6rcxFLJ8HFsTjSyQbLYnMpCqE2VbFWc
+* Chain m/0/2147483647<sub>H</sub>/1/2147483646<sub>H</sub>/2
+** ext pub: xpub6FnCn6nSzZAw5Tw7cgR9bi15UV96gLZhjDstkXXxvCLsUXBGXPdSnLFbdpq8p9HmGsApME5hQTZ3emM2rnY5agb9rXpVGyy3bdW6EEgAtqt
+** ext prv: xprvA2nrNbFZABcdryreWet9Ea4LvTJcGsqrMzxHx98MMrotbir7yrKCEXw7nadnHM8Dq38EGfSh6dqA9QWTyefMLEcBYJUuekgW4BYPJcr9E7j
+
+==Implementations==
+
+Two Python implementations exist:
+
+PyCoin (https://github.com/richardkiss/pycoin) is a suite of utilities for dealing with Bitcoin that includes BIP0032 wallet features.  BIP32Utils (https://github.com/jmcorgan/bip32utils) is a library and command line interface specifically focused on BIP0032 wallets and scripting.
+
+A Java implementation is available at https://github.com/bitsofproof/supernode/blob/1.1/api/src/main/java/com/bitsofproof/supernode/api/ExtendedKey.java
+
+A C++ implementation is available at https://github.com/CodeShark/CoinClasses/tree/master/tests/hdwallets
+
+An Objective-C implementation is available at https://github.com/oleganza/CoreBitcoin/blob/master/CoreBitcoin/BTCKeychain.h
+
+A Ruby implementation is available at https://github.com/wink/money-tree
+
+Two Go implementations exist:
+
+hdkeychain (https://github.com/conformal/btcutil/tree/master/hdkeychain) provides an API for bitcoin hierarchical deterministic extended keys (BIP0032).  Go HD Wallet (https://github.com/WeMeetAgain/go-hdwallet).
+
+A JavaScript implementation is available at https://github.com/sarchar/brainwallet.github.com/tree/bip32
+
+A PHP implemetation is available at https://github.com/Bit-Wasp/bitcoin-lib-php
+
+A C# implementation is available at https://github.com/NicolasDorier/NBitcoin (ExtKey, ExtPubKey)
+
+A Haskell implementation is available at https://github.com/haskoin/haskoin
+
+==Acknowledgements==
+
+* Gregory Maxwell for the original idea of type-2 deterministic wallets, and many discussions about it.
+* Alan Reiner for the implementation of this scheme in Armory, and the suggestions that followed from that.
+* Mike Caldwell for the version bytes to obtain human-recognizable Base58 strings.
diff --git a/bip-0032/derivation.png b/bip-0032/derivation.png
new file mode 100644
index 00000000..7e2e78f6
Binary files /dev/null and b/bip-0032/derivation.png differ
diff --git a/bip-0033.md b/bip-0033.mediawiki
similarity index 98%
rename from bip-0033.md
rename to bip-0033.mediawiki
index 2095acb1..6768e198 100644
--- a/bip-0033.md
+++ b/bip-0033.mediawiki
@@ -4,7 +4,7 @@
   Author: Amir Taaki <genjix@riseup.net>
   Status: Draft
   Type: Standards Track
-  Created: 15-05-2012
+  Created: 2012-05-15
 </pre>
 
 == Abstract ==
@@ -13,7 +13,7 @@ As the Bitcoin network scales, roles are fast becoming specialised. In the begin
 
 Bitcoin's blockchain becomes more unwieldy for end users over time, negatively affecting the usability of Bitcoin clients. As it grows, it becomes ever more impractical to deal with on portable devices or low end machines. Several proposals have been put forward to deal with this such as lightweight (headers-only) clients and skipping validation for blocks before the last checkpoint. However these measures are at best stop-gap workarounds to stave off a growing problem.
 
-This document will examine a proposal which will be termed ''stratized nodes'', a modification off an earlier concept termed ''blockchain service''.
+This document will examine a proposal which will be termed ''stratized nodes'', a modification of an earlier concept termed ''blockchain service''.
 
 == History ==
 
diff --git a/bip-0034.md b/bip-0034.mediawiki
similarity index 96%
rename from bip-0034.md
rename to bip-0034.mediawiki
index 46326d59..528a9301 100644
--- a/bip-0034.md
+++ b/bip-0034.mediawiki
@@ -1,5 +1,3 @@
-{{bip}}
-
 <pre>
   BIP: 34
   Title: Block v2, Height in Coinbase
@@ -32,8 +30,3 @@ All older clients are compatible with this change. Users and merchants should no
 ==Implementation==
 
 https://github.com/bitcoin/bitcoin/pull/1526
-
-[[Category:Developer]]
-[[Category:Technical]]
-[[Category:BIP|D]]
-
diff --git a/bip-0035.md b/bip-0035.mediawiki
similarity index 95%
rename from bip-0035.md
rename to bip-0035.mediawiki
index 2863f4c4..cdadd1d7 100644
--- a/bip-0035.md
+++ b/bip-0035.mediawiki
@@ -1,5 +1,3 @@
-{{bip}}
-
 <pre>
   BIP: 35
   Title: mempool message
@@ -38,8 +36,3 @@ Older clients remain 100% compatible and interoperable after this change.
 ==Implementation==
 
 https://github.com/bitcoin/bitcoin/pull/1641
-
-[[Category:Developer]]
-[[Category:Technical]]
-[[Category:BIP|D]]
-
diff --git a/bip-0036.mediawiki b/bip-0036.mediawiki
new file mode 100644
index 00000000..9c61fdb6
--- /dev/null
+++ b/bip-0036.mediawiki
@@ -0,0 +1,153 @@
+<pre>
+  BIP: 36
+  Title: Custom Services
+  Author: Stefan Thomas <justmoon@members.fsf.org>
+  Status: Draft
+  Type: Standards Track
+  Created: 2012-08-03
+</pre>
+
+==Abstract==
+
+This BIP adds new fields to the <code>version</code> message which clients can use to announce custom services without polluting the limited 64-bit <code>services</code> field. It also makes some non-binding recommendations regarding the implementation of custom services.
+
+==Motivation==
+
+We would like to encourage experimentation with custom services that extend the Bitcoin protocol with useful functionality. Examples include Distributed Hash Tables (DHT), distributed pools, lightweight client support protocols, directed message routing and support for custom transports. However, without a general framework for protocol extensions, these custom services are likely to collide in various ways. This BIP provides such a framework.
+
+==Specification==
+
+Two new fields are added to the <code>version</code> command, after <code>extra_height</code>:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 1+ || service_count || [[Protocol_specification#Variable_length_integer|var_int]] || Number of extra services
+|-
+| ? || service_list || service[] || List of service definitions
+|}
+
+The service definitions <code>service[]</code> are given in the following format:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| ? || service_name || [[#Variable length string|var_str]] || Unique service identifier
+|-
+| 4 || service_version || uint32_t || Identifies service version being used by the node
+|-
+| ? || service_data || [[#Variable length string|var_str]] || Additional service-specific data
+|}
+
+A node MUST NOT announce two services with the same <code>service_name</code>. If a remote node sends such a <code>version</code> message the client MAY disconnect.
+
+The <code>service_version</code> is service-specific and can be any integer. Higher versions SHOULD be higher integers. When a service is standardized, it is assigned a <code>NODE_*</code> constant for use with the <code>services</code> field and future iterations of the protocol depend on the Bitcoin protocol version. Both the <code>NODE_*</code> flag and the custom service entry MAY be provided for the duration of a transitional period.
+
+Services SHOULD pass an empty string (0x00) as <code>service_data</code> and use a custom handshake to initialize their protocol, exchange information about capabilities etc. Note that to become a standardized service, a service MUST NOT rely on <code>service_data</code> since there is no corresponding mechanism for the standard services defined in the <code>services</code> field.
+
+However, services MAY use <code>service_data</code> if they do not intend to become standard services and need a simple way to transmit a small amount of initialization data. For example, a node offering a custom transport like UDP or WebSocket, may choose to announce this as a service and include the port number in <code>service_data</code>. The format for <code>service_data</code> is service-specific and may be any binary or ASCII data. For ease of debugging, a human-readable (ASCII) format is generally recommended.
+
+===Service identifier===
+
+Each service SHOULD choose a new identifier that is not used by any other service. To register a new identifier, add it to the [[Service identifiers]] wiki page along with the name of the maintainer and a way to contact them. Please do not register identifiers unless you are actually using them.
+
+Service identifiers that are reserved or used by an accepted BIP MUST NOT be used except in the way specified by that BIP.
+
+Service identifiers MUST be between five (5) and eleven (11) characters long. Service identifiers MUST use only ASCII characters, excluding: / * _ :
+
+Valid examples:
+* <code>MySampleSvc</code>
+* <code>smartserv</code>
+* <code>P-Pool</code>
+
+Valid, but discouraged examples:
+
+* <code>MySVC 1.0</code> (use <code>service_version</code> to differentiate versions)
+* <code>@@---.</code> (identifiers should be pronounceable)
+* <code>lightweight</code> (avoid too generic names)
+
+Invalid examples:
+
+* <code>Pppc</code> (too short)
+* <code>SuperService</code> (too long)
+* <code>Cool_Svc</code> (invalid character)
+
+===Optional: Custom commands===
+
+Bitcoin command names are limited to 12 characters. That doesn't leave a lot of space for both the service identifier and the service command. Therefore we recommend that all service commands SHOULD be represented by a single "command" on the Bitcoin network. This command SHOULD consist of the exact service identifier to avoid collisions with other services, prefixed by an underscore to avoid collisions with current or future Bitcoin protocol messages. For example: <code>_MySampleSvc</code>
+
+The service-specific command name SHOULD then be specified in an extra header in the payload:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 12 || subcommand || char[12] || ASCII string identifying the service command, NULL padded (non-NULL padding results in packet rejected)
+|-
+| ? || subpayload || uchar[] || The actual data
+|}
+
+The length of <code>subpayload</code> is derived from the length of the total payload minus twelve (12) bytes for the <code>subcommand</code>. Implementations MUST NOT rely on this format to be used by unknown services. Clients SHOULD ignore any services or subcommands they don't explicitly understand.
+
+The recommended way to refer to messages following this format in documentation is by the service identifier, followed by a colon, followed by the subcommand. For example, the subcommand <code>search</code> for the <code>MySampleSvc</code> service would be referred to as: <code>MySampleSvc:search</code>
+
+Full hexdump of an example <code>MySampleSvc:search</code> message:
+
+<pre>
+0000   F9 BE B4 D9 5F 4D 79 53  61 6D 70 6C 65 53 76 63   ...._MySampleSvc
+0010   14 00 00 00 73 D5 56 77  73 65 61 72 63 68 00 00   ....s.Vwsearch..
+0020   00 00 00 00 12 34 56 78  9A BC DE F0               .....4Vx....
+
+Message header:
+ F9 BE B4 D9                                                                   - Main network magic bytes
+ 5F 4D 79 53 61 6D 70 6C 65 53 76 63                                           - "_MySampleSvc" command
+ 14 00 00 00                                                                   - Payload is 20 bytes long
+                                                                                 (includes 12 bytes for subcommand)
+ 73 D5 56 77                                                                   - Checksum
+
+Service header:
+ 73 65 61 72 63 68 00 00 00 00 00 00                                           - "search" subcommand
+
+Search message:
+ 12 34 56 78 9A BC DE F0                                                       - Payload
+</pre>
+
+==Standardization==
+
+Custom services may become standard parts of the protocol. Services which wish to become part of the Bitcoin protocol MUST fulfill the following criteria:
+
+* MUST NOT use <code>service_data</code>; Standard services have no corresponding field
+* MUST use a peer discovery mechanism which specifies one bit per node, same as the <code>services</code> field in <code>addr</code> messages
+* MUST NOT use any subcommands that conflict with current or planned Bitcoin protocol commands
+
+The standardization process will usually take place as follows:
+
+# The service is implemented and tested.
+# Once the API is known to be relatively stable it is formalized and submitted as a BIP.
+# Once the BIP is accepted, the service is assigned a <code>NODE_*</code> constant and the transitional period starts:
+#* Clients MUST understand both the announcement of the service via the <code>services</code> field and via <code>service_list</code> and include both methods in their own <code>version</code> message.
+#* Clients MUST accept both the wrapped form messages like <code>MySampleSvc:search</code> as well as the corresponding non-namespaced messages like <code>search</code>. Clients MUST only send wrapped messages.
+#* During the transitional period the API of the service MUST NOT change.
+# After the transitional period:
+#* Clients MUST only announce the service via the <code>services</code> field.
+#* Clients MUST only send unwrapped messages.
+# Future changes to the service API now require a BIP and an increase in the Bitcoin protocol version.
+
+This process of adding a service to the Bitcoin protocol should only be undertaken for services where there is a strong rationale for doing so. Services MAY also be standardized as custom services via a BIP while maintaining the custom service format.
+
+==Rationale==
+
+This BIP aims to fulfill the following goals:
+
+* Minimize the risk of namespace collisions, ambiguities or other issues arising from conflicting custom services
+* Provide an easy upgrade path for custom services to become standardized services with their own <code>NODE_*</code> flag
+* Place minimum restrictions on custom service authors
+* Allow custom services to be created with minimum effort
+* Allow clients to support multiple/many custom services at once
+
+To achieve these goals this BIP adds two new fields to the <code>version</code> message. It would have been possible to avoid changes to <code>version</code> by adding a new message instead. However, it makes sense to keep both types of service announcements in the same message so that the life cycle of standardized services and custom services remains exactly the same. This also simplifies detecting a service which is in the transition from a custom to a standardized service (and being announced using both methods.)
+
+Finally, this BIP defines both explicitly and implicitly some useful common nomenclature that can be used when discussing custom services, e.g. "subcommand", "subpayload", "service identifier" and the colon format for referring to subcommands.
+
+==Copyright==
+
+This document is placed in the public domain.
diff --git a/bip-0037.mediawiki b/bip-0037.mediawiki
new file mode 100644
index 00000000..f1561be3
--- /dev/null
+++ b/bip-0037.mediawiki
@@ -0,0 +1,204 @@
+<pre>
+  BIP: 37
+  Title: Connection Bloom filtering
+  Author: Mike Hearn <hearn@google.com>, Matt Corallo <bip@bluematt.me>
+  Status: Accepted
+  Type: Standards Track
+  Created: 2012-10-24
+</pre>
+
+==Abstract==
+
+This BIP adds new support to the peer-to-peer protocol that allows peers to reduce the amount of transaction data they are sent. Peers have the option of setting ''filters'' on each connection they make after the version handshake has completed. A filter is defined as a [http://en.wikipedia.org/wiki/Bloom_filter Bloom filter] on data derived from transactions. A Bloom filter is a probabilistic data structure which allows for testing set membership - they can have false positives but not false negatives.
+
+This document will not go into the details of how Bloom filters work and the reader is referred to Wikipedia for an introduction to the topic.
+
+==Motivation==
+
+As Bitcoin grows in usage the amount of bandwidth needed to download blocks and transaction broadcasts increases. Clients implementing ''simplified payment verification'' do not attempt to fully verify the block chain, instead just checking that block headers connect together correctly and trusting that the transactions in a chain of high difficulty are in fact valid. See the Bitcoin paper for more detail on this mode.
+
+Today, [[Simplified_Payment_Verification|SPV]] clients have to download the entire contents of blocks and all broadcast transactions, only to throw away the vast majority of the transactions that are not relevant to their wallets. This slows down their synchronization process, wastes users bandwidth (which on phones is often metered) and increases memory usage. All three problems are triggering real user complaints for the Android "Bitcoin Wallet" app which implements SPV mode. In order to make chain synchronization fast, cheap and able to run on older phones with limited memory we want to have remote peers throw away irrelevant transactions before sending them across the network.
+
+==Design rationale==
+
+The most obvious way to implement the stated goal would be for clients to upload lists of their keys to the remote node. We take a more complex approach for the following reasons:
+
+* Privacy: Because Bloom filters are probabilistic, with the false positive rate chosen by the client, nodes can trade off precision vs bandwidth usage. A node with access to lots of bandwidth may choose to have a high FP rate, meaning the remote peer cannot accurately know which transactions belong to the client and which don't. A node with very little bandwidth may choose to use a very accurate filter meaning that they only get sent transactions actually relevant to their wallet, but remote peers may be able to correlate transactions with IP addresses (and each other).
+* Bloom filters are compact and testing membership in them is fast. This results in satisfying performance characteristics with minimal risk of opening up potential for DoS attacks.
+
+==Specification==
+
+===New messages===
+
+We start by adding three new messages to the protocol:
+
+* <code>filterload</code>, which sets the current Bloom filter on the connection
+* <code>filteradd</code>, which adds the given data element to the connections current filter without requiring a completely new one to be set
+* <code>filterclear</code>, which deletes the current filter and goes back to regular pre-BIP37 usage.
+
+Note that there is no filterremove command because by their nature, Bloom filters are append-only data structures. Once an element is added it cannot be removed again without rebuilding the entire structure from scratch.
+
+The <code>filterload</code> command is defined as follows:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| ? || filter || uint8_t[] || The filter itself is simply a bit field of arbitrary byte-aligned size. The maximum size is 36,000 bytes.
+|-
+| 4 || nHashFuncs || uint32_t || The number of hash functions to use in this filter. The maximum value allowed in this field is 50.
+|-
+| 4 || nTweak || uint32_t || A random value to add to the seed value in the hash function used by the bloom filter.
+|-
+| 1 || nFlags || uint8_t || A set of flags that control how matched items are added to the filter.
+|}
+
+See below for a description of the Bloom filter algorithm and how to select nHashFuncs and filter size for a desired false positive rate.
+
+Upon receiving a <code>filterload</code> command, the remote peer will immediately restrict the broadcast transactions it announces (in inv packets) to transactions matching the filter, where the matching algorithm is specified below. The flags control the update behaviour of the matching algorithm.
+
+The <code>filteradd</code> command is defined as follows:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| ? || data || uint8_t[] || The data element to add to the current filter.
+|}
+
+The data field must be smaller than or equal to 520 bytes in size (the maximum size of any potentially matched object).
+
+The given data element will be added to the Bloom filter. A filter must have been previously provided using <code>filterload</code>. This command is useful if a new key or script is added to a clients wallet whilst it has connections to the network open, it avoids the need to re-calculate and send an entirely new filter to every peer (though doing so is usually advisable to maintain anonymity).
+
+The <code>filterclear</code> command has no arguments at all.
+
+After a filter has been set, nodes don't merely stop announcing non-matching transactions, they can also serve filtered blocks. A filtered block is defined by the <code>merkleblock</code> message and is defined like this:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 4 || version || uint32_t || Block version information, based upon the software version creating this block
+|-
+| 32 || prev_block || char[32] || The hash value of the previous block this particular block references
+|-
+| 32 || merkle_root || char[32] || The reference to a Merkle tree collection which is a hash of all transactions related to this block
+|-
+| 4 || timestamp || uint32_t || A timestamp recording when this block was created (Limited to 2106!)
+|-
+| 4 || bits || uint32_t || The calculated difficulty target being used for this block
+|-
+| 4 || nonce || uint32_t || The nonce used to generate this block… to allow variations of the header and compute different hashes
+|-
+| 4 || total_transactions || uint32_t || Number of transactions in the block (including unmatched ones)
+|-
+| ? || hashes || uint256[] || hashes in depth-first order (including standard varint size prefix)
+|-
+| ? || flags || byte[] || flag bits, packed per 8 in a byte, least significant bit first (including standard varint size prefix)
+|}
+
+See below for the format of the partial merkle tree hashes and flags.
+
+Thus, a <code>merkleblock</code> message is a block header, plus a part of a merkle tree which can be used to extract identifying information for transactions that matched the filter and prove that the matching transaction data really did appear in the solved block. Clients can use this data to be sure that the remote node is not feeding them fake transactions that never appeared in a real block, although lying through omission is still possible.
+
+===Extensions to existing messages===
+
+The <code>version</code> command is extended with a new field:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 1 byte || fRelay || bool || If false then broadcast transactions will not be announced until a filter{load,add,clear} command is received. If missing or true, no change in protocol behaviour occurs.
+|}
+
+SPV clients that wish to use Bloom filtering would normally set fRelay to false in the version message, then set a filter based on their wallet (or a subset of it, if they are overlapping different peers). Being able to opt-out of inv messages until the filter is set prevents a client being flooded with traffic in the brief window of time between finishing version handshaking and setting the filter.
+
+The <code>getdata</code> command is extended to allow a new type in the <code>inv</code> submessage. The type field can now be <code>MSG_FILTERED_BLOCK (== 3)</code> rather than <code>MSG_BLOCK</code>. If no filter has been set on the connection, a request for filtered blocks is ignored. If a filter has been set, a <code>merkleblock</code> message is returned for the requested block hash. In addition, because a <code>merkleblock</code> message contains only a list of transaction hashes, transactions matching the filter should also be sent in separate tx messages after the merkleblock is sent. This avoids a slow roundtrip that would otherwise be required (receive hashes, didn't see some of these transactions yet, ask for them).  Note that because there is currently no way to request transactions which are already in a block from a node (aside from requesting the full block), the set of matching transactions that the requesting node hasn't either received or announced with an inv must be sent and any additional transactions which match the filter may also be sent.  This allows for clients (such as the reference client) to limit the number of invs it must remember a given node to have announced while still providing nodes with, at a minimum, all the transactions it needs.
+
+===Filter matching algorithm===
+
+The filter can be tested against arbitrary pieces of data, to see if that data was inserted by the client. Therefore the question arises of what pieces of data should be inserted/tested.
+
+To determine if a transaction matches the filter, the following algorithm is used. Once a match is found the algorithm aborts.
+
+# Test the hash of the transaction itself.
+# For each output, test each data element of the output script. This means each hash and key in the output script is tested independently. '''Important:''' if an output matches whilst testing a transaction, the node might need to update the filter by inserting the serialized COutPoint structure. See below for more details.
+# For each input, test the serialized COutPoint structure.
+# For each input, test each data element of the input script (note: input scripts only ever contain data elements).
+# Otherwise there is no match.
+
+In this way addresses, keys and script hashes (for P2SH outputs) can all be added to the filter. You can also match against classes of transactions that are marked with well known data elements in either inputs or outputs, for example, to implement various forms of [[Smart property]].
+
+The test for outpoints is there to ensure you can find transactions spending outputs in your wallet, even though you don't know anything about their form. As you can see, once set on a connection the filter is '''not static''' and can change throughout the connections lifetime. This is done to avoid the following race condition:
+
+# A client sets a filter matching a key in their wallet. They then start downloading the block chain. The part of the chain that the client is missing is requested using getblocks.
+# The first block is read from disk by the serving peer. It contains TX 1 which sends money to the clients key. It matches the filter and is thus sent to the client.
+# The second block is read from disk by the serving peer. It contains TX 2 which spends TX 1. However TX 2 does not contain any of the clients keys and is thus not sent. The client does not know the money they received was already spent.
+
+By updating the bloom filter atomically in step 2 with the discovered outpoint, the filter will match against TX 2 in step 3 and the client will learn about all relevant transactions, despite that there is no pause between the node processing the first and second blocks.
+
+The nFlags field of the filter controls the nodes precise update behaviour and is a bit field.
+
+* <code>BLOOM_UPDATE_NONE (0)</code> means the filter is not adjusted when a match is found.
+* <code>BLOOM_UPDATE_ALL (1)</code> means if the filter matches any data element in a scriptPubKey the outpoint is serialized and inserted into the filter.
+* <code>BLOOM_UPDATE_P2PUBKEY_ONLY (2)</code> means the outpoint is inserted into the filter only if a data element in the scriptPubKey is matched, and that script is of the standard "pay to pubkey" or "pay to multisig" forms.
+
+These distinctions are useful to avoid too-rapid degradation of the filter due to an increasing false positive rate. We can observe that a wallet which expects to receive only payments of the standard pay-to-address form doesn't need automatic filter updates because any transaction that spends one of its own outputs has a predictable data element in the input (the pubkey that hashes to the address). If a wallet might receive pay-to-address outputs and also pay-to-pubkey or pay-to-multisig outputs then BLOOM_UPDATE_P2PUBKEY_ONLY is appropriate, as it avoids unnecessary expansions of the filter for the most common types of output but still ensures correct behaviour with payments that explicitly specify keys.
+
+Obviously, nFlags == 1 or nFlags == 2 mean that the filter will get dirtier as more of the chain is scanned. Clients should monitor the observed false positive rate and periodically refresh the filter with a clean one.
+
+===Partial Merkle branch format===
+
+A ''Merkle tree'' is a way of arranging a set of items as leaf nodes of tree in which the interior nodes are hashes of the concatenations of their child hashes. The root node is called the ''Merkle root''. Every Bitcoin block contains a Merkle root of the tree formed from the blocks transactions. By providing some elements of the trees interior nodes (called a ''Merkle branch'') a proof is formed that the given transaction was indeed in the block when it was being mined, but the size of the proof is much smaller than the size of the original block.
+
+====Constructing a partial merkle tree object====
+
+* Traverse the merkle tree from the root down, and for each encountered node:
+** Check whether this node corresponds to a leaf node (transaction) that is to be included OR any parent thereof:
+*** If so, append a '1' bit to the flag bits
+*** Otherwise, append a '0' bit.
+** Check whether this node is a internal node (non-leaf) AND is the parent of an included leaf node:
+*** If so:
+**** Descend into its left child node, and process the subtree beneath it entirely (depth-first).
+**** If this node has a right child node too, descend into it as well.
+*** Otherwise: append this node's hash to the hash list.
+
+====Parsing a partial merkle tree object====
+
+As the partial block message contains the number of transactions in the entire block, the shape of the merkle tree is known before hand. Again, traverse this tree, computing traversed node's hashes along the way:
+* Read a bit from the flag bit list:
+** If it is '0':
+*** Read a hash from the hashes list, and return it as this node's hash.
+** If it is '1' and this is a leaf node:
+*** Read a hash from the hashes list, store it as a matched txid, and return it as this node's hash.
+** If it is '1' and this is an internal node:
+*** Descend into its left child tree, and store its computed hash as L.
+*** If this node has a right child as well:
+**** Descend into its right child, and store its computed hash as R.
+**** If L == R, the partial merkle tree object is invalid.
+**** Return Hash(L || R).
+*** If this node has no right child, return Hash(L || L).
+
+The partial merkle tree object is only valid if:
+* All hashes in the hash list were consumed and no more.
+* All bits in the flag bits list were consumed (except padding to make it into a full byte), and no more.
+* The hash computed for the root node matches the block header's merkle root.
+* The block header is valid, and matches its claimed proof of work.
+* In two-child nodes, the hash of the left and right branches was never equal.
+
+===Bloom filter format===
+
+A Bloom filter is a bit-field in which bits are set based on feeding the data element to a set of different hash functions. The number of hash functions used is a parameter of the filter. In Bitcoin we use version 3 of the 32-bit Murmur hash function. To get N "different" hash functions we simply initialize the Murmur algorithm with the following formula:
+
+<code>nHashNum * 0xFBA4C795 + nTweak</code>
+
+i.e. if the filter is initialized with 4 hash functions and a tweak of 0x00000005, when the second function (index 1) is needed h1 would be equal to 4221880218.
+
+When loading a filter with the <code>filterload</code> command, there are two parameters that can be chosen. One is the size of the filter in bytes. The other is the number of hash functions to use. To select the parameters you can use the following formulas:
+
+Let N be the number of elements you wish to insert into the set and P be the probability of a false positive, where 1.0 is "match everything" and zero is unachievable.
+
+The size S of the filter in bytes is given by <code>(-1 / pow(log(2), 2) * N * log(P)) / 8</code>. Of course you must ensure it does not go over the maximum size (36,000: selected as it represents a filter of 20,000 items with false positive rate of &lt; 0.1% or 10,000 items and a false positive rate of &lt; 0.0001%).
+
+The number of hash functions required is given by <code>S * 8 / N * log(2)</code>.
+
+==Copyright==
+
+This document is placed in the public domain.
diff --git a/bip-0038.mediawiki b/bip-0038.mediawiki
new file mode 100644
index 00000000..4fc3207b
--- /dev/null
+++ b/bip-0038.mediawiki
@@ -0,0 +1,288 @@
+<pre>
+  BIP: 38
+  Title: Passphrase-protected private key
+  Authors: Mike Caldwell
+           Aaron Voisine <voisine@gmail.com>
+  Status: Draft (Some confusion applies: The announcements for this never made it to the list, so it hasn't had public discussion)
+  Type: Standards Track
+  Created: 2012-11-20
+</pre>
+
+==Abstract==
+A method is proposed for encrypting and encoding a passphrase-protected Bitcoin private key record in the form of a 58-character Base58Check-encoded printable string.  Encrypted private key records are intended for use on paper wallets and physical Bitcoins.  Each record string contains all the information needed to reconstitute the private key except for a passphrase, and the methodology uses salting and ''scrypt'' to resist brute-force attacks.
+
+The method provides two encoding methodologies - one permitting any known private key to be encrypted with any passphrase, and another permitting a shared private key generation scheme where the party generating the final key string and its associated Bitcoin address (such as a physical bitcoin manufacturer) knows only a string derived from the original passphrase, and where the original passphrase is needed in order to actually redeem funds sent to the associated Bitcoin address.
+
+A 32-bit hash of the resulting Bitcoin address is encoded in plaintext within each encrypted key, so it can be correlated to a Bitcoin address with reasonable probability by someone not knowing the passphrase.  The complete Bitcoin address can be derived through successful decryption of the key record.
+
+==Motivation==
+The motivation to make this proposal stems from observations of the way physical bitcoins and paper wallets are used.
+
+An issuer of physical bitcoins must be trustworthy and trusted.  Even if trustworthy, users are rightful to be skeptical about a third party with theoretical access to take their funds.  A physical bitcoin that cannot be compromised by its issuer is always more intrinsically valuable than one that can.
+
+A two-factor physical bitcoin solution is highly useful to individuals and organizations wishing to securely own bitcoins without any risk of electronic theft and without the responsibility of climbing the technological learning curve necessary to produce such an environment themselves.  Two-factor physical bitcoins allow a secure storage solution to be put in a box and sold on the open market, greatly enlarging the number of people who are able to securely store bitcoins.
+
+Existing methodologies for creating two-factor physical bitcoins are limited and cumbersome.  At the time of this proposal, a user could create their own private key, submit the public key to the physical bitcoin issuer, and then receive a physical bitcoin that must be kept together with some sort of record of the user-generated private key, and finally, must be redeemed through a tool.  The fact that the physical bitcoin must be kept together with a user-produced private key negates much of the benefit of the physical bitcoin - the user may as well just print and maintain a private key.
+
+A standardized password-protected private key format makes acquiring and redeeming two-factor physical bitcoins simpler for the user.  Instead of maintaining a private key that cannot be memorized, the user may choose a passphrase of their choice.  The passphrase may be much shorter than the length of a typical private key, short enough that they could use a label or engraver to permanently commit their passphrase to their physical Bitcoin piece once they have received it.  By adopting a standard way to encrypt a private key, we maximize the possibility that they'll be able to redeem their funds in the venue of their choice, rather than relying on an executable redemption tool they may not wish to download.
+
+Password and passphrase-protected private keys enable new practical use cases for sending bitcoins from person to person.  Someone wanting to send bitcoins through postal mail could send a password-protected paper wallet and give the recipient the passphrase over the phone or e-mail, making the transfer safe from interception of either channel.  A user of paper wallets or Bitcoin banknote-style vouchers ("cash") could carry funded encrypted private keys while leaving a copy at home as an element of protection against accidental loss or theft.  A user of paper wallets who leaves bitcoins in a bank vault or safety deposit box could keep the password at home or share it with trusted associates as protection against someone at the bank gaining access to the paper wallets and spending from them.  The foreseeable and unforeseeable use cases for password-protected private keys are numerous.
+
+==Copyright==
+This proposal is hereby placed in the public domain.
+
+==Rationale==
+:'''''User story:''' As a Bitcoin user who uses paper wallets, I would like the ability to add encryption, so that my Bitcoin paper storage can be two factor: something I have plus something I know.''
+:'''''User story:''' As a Bitcoin user who would like to pay a person or a company with a private key, I do not want to worry that any part of the communication path may result in the interception of the key and theft of my funds.  I would prefer to offer an encrypted private key, and then follow it up with the password using a different communication channel (e.g. a phone call or SMS).''
+:'''''User story:''' (EC-multiplied keys) As a user of physical bitcoins, I would like a third party to be able to create password-protected Bitcoin private keys for me, without them knowing the password, so I can benefit from the physical bitcoin without the issuer having access to the private key.  I would like to be able to choose a password whose minimum length and required format does not preclude me from memorizing it or engraving it on my physical bitcoin, without exposing me to an undue risk of password cracking and/or theft by the manufacturer of the item.''
+:'''''User story:''' (EC multiplied keys) As a user of paper wallets, I would like the ability to generate a large number of Bitcoin addresses protected by the same password, while enjoying a high degree of security (highly expensive scrypt parameters), but without having to incur the scrypt delay for each address I generate.
+
+==Specification==
+This proposal makes use of the following functions and definitions:
+
+*'''AES256Encrypt, AES256Decrypt''': the simple form of the well-known AES block cipher without consideration for initialization vectors or block chaining.  Each of these functions takes a 256-bit key and 16 bytes of input, and deterministically yields 16 bytes of output.
+*'''SHA256''', a well-known hashing algorithm that takes an arbitrary number of bytes as input and deterministically yields a 32-byte hash.
+*'''scrypt''': A well-known key derivation algorithm.  It takes the following parameters: (string) password, (string) salt, (int) n, (int) r, (int) p, (int) length, and deterministically yields an array of bytes whose length is equal to the length parameter.
+*'''ECMultiply''': Multiplication of an elliptic curve point by a scalar integer with respect to the [[secp256k1]] elliptic curve.
+*'''G, N''': Constants defined as part of the [[secp256k1]] elliptic curve.  G is an elliptic curve point, and N is a large positive integer.
+*'''[[Base58Check]]''': a method for encoding arrays of bytes using 58 alphanumeric characters commonly used in the Bitcoin ecosystem.
+
+===Prefix===
+It is proposed that the resulting Base58Check-encoded string start with a '6'.  The number '6' is intended to represent, from the perspective of the user, "a private key that needs something else to be usable" - an umbrella definition that could be understood in the future to include keys participating in multisig transactions, and was chosen with deference to the existing prefix '5' most commonly observed in [[Wallet Import Format]] which denotes an unencrypted private key.
+
+It is proposed that the second character ought to give a hint as to what is needed as a second factor, and for an encrypted key requiring a passphrase, the uppercase letter P is proposed.
+
+To keep the size of the encrypted key down, no initialization vectors (IVs) are used in the AES encryption.  Rather, suitable values for IV-like use are derived using scrypt from the passphrase and from using a 32-bit hash of the resulting Bitcoin address as salt.
+
+===Proposed specification===
+
+* Object identifier prefix: 0x0142 (non-EC-multiplied) or 0x0143 (EC-multiplied).  These are constant bytes that appear at the beginning of the Base58Check-encoded record, and their presence causes the resulting string to have a predictable prefix.
+* How the user sees it: 58 characters always starting with '6P'
+** Visual cues are present in the third character for visually identifying the EC-multiply and compress flag.
+* Count of payload bytes (beyond prefix): 37
+** 1 byte (''flagbyte''): 
+*** the most significant two bits are set as follows to preserve the visibility of the compression flag in the prefix, as well as to keep the payload within the range of allowable values that keep the "6P" prefix intact.  For non-EC-multiplied keys, the bits are 11.  For EC-multiplied keys, the bits are 00.
+*** the bit with value 0x20 when set indicates the key should be converted to a bitcoin address using the compressed public key format.
+*** the bits with values 0x10 and 0x08 are reserved for a future specification that contemplates using multisig as a way to combine the factors such that parties in possession of the separate factors can independently sign a proposed transaction without requiring that any party possess both factors.  These bits must be 0 to comply with this version of the specification.
+*** the bit with value 0x04 indicates whether a lot and sequence number are encoded into the first factor, and activates special behavior for including them in the decryption process.  This applies to EC-multiplied keys only.  Must be 0 for non-EC-multiplied keys.
+*** remaining bits are reserved for future use and must all be 0 to comply with this version of the specification.
+** 4 bytes: SHA256(SHA256(expected_bitcoin_address))[0...3], used both for typo checking and as salt
+**16 bytes: Contents depend on whether EC multiplication is used.
+**16 bytes: lasthalf: An AES-encrypted key material record (contents depend on whether EC multiplication is used)
+* Range in base58check encoding for non-EC-multiplied keys without compression (prefix 6PR):
+** Minimum value: 6PRHv1jg1ytiE4kT2QtrUz8gEjMQghZDWg1FuxjdYDzjUkcJeGdFj9q9Vi (based on 01 42 C0 plus thirty-six 00's)
+** Maximum value: 6PRWdmoT1ZursVcr5NiD14p5bHrKVGPG7yeEoEeRb8FVaqYSHnZTLEbYsU (based on 01 42 C0 plus thirty-six FF's) 
+* Range in base58check encoding for non-EC-multiplied keys with compression (prefix 6PY):
+** Minimum value: 6PYJxKpVnkXUsnZAfD2B5ZsZafJYNp4ezQQeCjs39494qUUXLnXijLx6LG (based on 01 42 E0 plus thirty-six 00's)
+** Maximum value: 6PYXg5tGnLYdXDRZiAqXbeYxwDoTBNthbi3d61mqBxPpwZQezJTvQHsCnk (based on 01 42 E0 plus thirty-six FF's) 
+* Range in base58check encoding for EC-multiplied keys without compression (prefix 6Pf):
+** Minimum value: 6PfKzduKZXAFXWMtJ19Vg9cSvbFg4va6U8p2VWzSjtHQCCLk3JSBpUvfpf (based on 01 43 00 plus thirty-six 00's)
+** Maximum value: 6PfYiPy6Z7BQAwEHLxxrCEHrH9kasVQ95ST1NnuEnnYAJHGsgpNPQ9dTHc (based on 01 43 00 plus thirty-six FF's)
+* Range in base58check encoding for EC-multiplied keys with compression (prefix 6Pn):
+** Minimum value: 6PnM2wz9LHo2BEAbvoGpGjMLGXCom35XwsDQnJ7rLiRjYvCxjpLenmoBsR (based on 01 43 20 plus thirty-six 00's)
+** Maximum value: 6PnZki3vKspApf2zym6Anp2jd5hiZbuaZArPfa2ePcgVf196PLGrQNyVUh (based on 01 43 20 plus thirty-six FF's)
+
+====Encryption when EC multiply flag is not used====
+Encrypting a private key without the EC multiplication offers the advantage that any known private key can be encrypted.  The party performing the encryption must know the passphrase.
+
+Encryption steps:
+# Compute the Bitcoin address (ASCII), and take the first four bytes of SHA256(SHA256()) of it.  Let's call this "addresshash".
+# Derive a key from the passphrase using scrypt
+#*Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8 and normalized using Unicode Normalization Form C (NFC).  salt is ''addresshash'' from the earlier step, n=16384, r=8, p=8, length=64 (n, r, p are provisional and subject to consensus)
+#*Let's split the resulting 64 bytes in half, and call them ''derivedhalf1'' and ''derivedhalf2''.
+# Do AES256Encrypt(block = bitcoinprivkey[0...15] xor derivedhalf1[0...15], key = derivedhalf2), call the 16-byte result ''encryptedhalf1''
+# Do AES256Encrypt(block = bitcoinprivkey[16...31] xor derivedhalf1[16...31], key = derivedhalf2), call the 16-byte result ''encryptedhalf2''
+
+The encrypted private key is the Base58Check-encoded concatenation of the following, which totals 39 bytes without Base58 checksum:
+* 0x01 0x42 + ''flagbyte'' + ''salt'' + ''encryptedhalf1'' + ''encryptedhalf2''
+
+Decryption steps:
+# Collect encrypted private key and passphrase from user.
+# Derive ''derivedhalf1'' and ''derivedhalf2'' by passing the passphrase and ''addresshash'' into scrypt function.
+# Decrypt ''encryptedhalf1'' and ''encryptedhalf2'' using AES256Decrypt, merge them to form the encrypted private key.
+# Convert that private key into a Bitcoin address, honoring the compression preference specified in ''flagbyte'' of the encrypted key record.
+# Hash the Bitcoin address, and verify that ''addresshash'' from the encrypted private key record matches the hash.  If not, report that the passphrase entry was incorrect.
+
+====Encryption when EC multiply mode is used====
+Encrypting a private key with EC multiplication offers the ability for someone to generate encrypted keys knowing only an EC point derived from the original passphrase and some salt generated by the passphrase's owner, and without knowing the passphrase itself.  Only the person who knows the original passphrase can decrypt the private key.  A code known as an ''intermediate code'' conveys the information needed to generate such a key without knowledge of the passphrase.
+
+This methodology does not offer the ability to encrypt a known private key - this means that the process of creating encrypted keys is also the process of generating new addresses.  On the other hand, this serves a security benefit for someone possessing an address generated this way: if the address can be recreated by decrypting its private key with a passphrase, and it's a strong passphrase one can be certain only he knows himself, then he can safely conclude that nobody could know the private key to that address.
+
+The person who knows the passphrase and who is the intended beneficiary of the private keys is called the ''owner''.  He will generate one or more "intermediate codes", which are the first factor of a two-factor redemption system, and will give them to someone else we'll call ''printer'', who generates a key pair with an intermediate code can know the address and encrypted private key, but cannot decrypt the private key without the original passphrase.
+
+An intermediate code should, but is not required to, embed a printable "lot" and "sequence" number for the benefit of the user.  The proposal forces these lot and sequence numbers to be included in any valid private keys generated from them.  An owner who has requested multiple private keys to be generated for him will be advised by applications to ensure that each private key has a unique lot and sequence number consistent with the intermediate codes he generated.  These mainly help protect ''owner'' from potential mistakes and/or attacks that could be made by ''printer''.
+
+The "lot" and "sequence" number are combined into a single 32 bit number.  20 bits are used for the lot number and 12 bits are used for the sequence number, such that the lot number can be any decimal number between 0 and 1048575, and the sequence number can be any decimal number between 0 and 4095.  For programs that generate batches of intermediate codes for an ''owner'', it is recommended that lot numbers be chosen at random within the range 100000-999999 and that sequence numbers are assigned starting with 1.
+
+Steps performed by ''owner'' to generate a single intermediate code, if lot and sequence numbers are being included:
+# Generate 4 random bytes, call them ''ownersalt''.
+# Encode the lot and sequence numbers as a 4 byte quantity (big-endian): lotnumber * 4096 + sequencenumber.  Call these four bytes ''lotsequence''.
+# Concatenate ''ownersalt'' + ''lotsequence'' and call this ''ownerentropy''.
+# Derive a key from the passphrase using scrypt
+#* Parameters: ''passphrase'' is the passphrase itself encoded in UTF-8 and normalized using Unicode Normalization Form C (NFC).  salt is ''ownersalt''. n=16384, r=8, p=8, length=32.
+#* Call the resulting 32 bytes ''prefactor''.
+#* Take SHA256(SHA256(''prefactor'' + ''ownerentropy'')) and call this ''passfactor''. The "+" operator is concatenation.
+# Compute the elliptic curve point G * ''passfactor'', and convert the result to compressed notation (33 bytes).  Call this ''passpoint''.  Compressed notation is used for this purpose regardless of whether the intent is to create Bitcoin addresses with or without compressed public keys.
+# Convey ''ownersalt'' and ''passpoint'' to the party generating the keys, along with a checksum to ensure integrity.
+#* The following Base58Check-encoded format is recommended for this purpose: magic bytes "2C E9 B3 E1 FF 39 E2 51" followed by ''ownerentropy'', and then ''passpoint''.  The resulting string will start with the word "passphrase" due to the constant bytes, will be 72 characters in length, and encodes 49 bytes (8 bytes constant + 8 bytes ''ownerentropy'' + 33 bytes ''passpoint'').  The checksum is handled in the Base58Check encoding.  The resulting string is called ''intermediate_passphrase_string''.
+
+If lot and sequence numbers are not being included, then follow the same procedure with the following changes:
+* ''ownersalt'' is 8 random bytes instead of 4, and ''lotsequence'' is omitted.  ''ownerentropy'' becomes an alias for ''ownersalt''.
+* The SHA256 conversion of ''prefactor'' to ''passfactor'' is omitted.  Instead, the output of scrypt is used directly as ''passfactor''.
+* The magic bytes are "2C E9 B3 E1 FF 39 E2 53" instead (the last byte is 0x53 instead of 0x51).
+
+Steps to create new encrypted private keys given ''intermediate_passphrase_string'' from ''owner'' (so we have ''ownerentropy'', and ''passpoint'', but we do not have ''passfactor'' or the passphrase):
+# Set ''flagbyte''.
+#* Turn on bit 0x20 if the Bitcoin address will be formed by hashing the compressed public key (optional, saves space, but many Bitcoin implementations aren't compatible with it)
+#* Turn on bit 0x04 if ''ownerentropy'' contains a value for ''lotsequence''.  (While it has no effect on the keypair generation process, the decryption process needs this flag to know how to process ''ownerentropy'')
+# Generate 24 random bytes, call this ''seedb''.  Take SHA256(SHA256(''seedb'')) to yield 32 bytes, call this ''factorb''.
+# ECMultiply ''passpoint'' by ''factorb''.  Use the resulting EC point as a public key and hash it into a Bitcoin address using either compressed or uncompressed public key methodology (specify which methodology is used inside ''flagbyte'').  This is the generated Bitcoin address, call it ''generatedaddress''.
+# Take the first four bytes of SHA256(SHA256(''generatedaddress'')) and call it ''addresshash''.
+# Now we will encrypt ''seedb''.  Derive a second key from ''passpoint'' using scrypt
+#*Parameters: ''passphrase'' is ''passpoint'' provided from the first party (expressed in binary as 33 bytes).  ''salt'' is ''addresshash'' + ''ownerentropy'', n=1024, r=1, p=1, length=64.  The "+" operator is concatenation.
+#*Split the result into two 32-byte halves and call them ''derivedhalf1'' and ''derivedhalf2''.
+# Do AES256Encrypt(block = (seedb[0...15] xor derivedhalf1[0...15]), key = derivedhalf2), call the 16-byte result ''encryptedpart1''
+# Do AES256Encrypt(block = ((encryptedpart1[8...15] + seedb[16...23]) xor derivedhalf1[16...31]), key = derivedhalf2), call the 16-byte result ''encryptedpart2''.  The "+" operator is concatenation.
+
+The encrypted private key is the Base58Check-encoded concatenation of the following, which totals 39 bytes without Base58 checksum:
+* 0x01 0x43 + ''flagbyte'' + ''addresshash'' + ''ownerentropy'' + ''encryptedpart1''[0...7] + ''encryptedpart2''
+
+=====Confirmation code=====
+The party generating the Bitcoin address has the option to return a ''confirmation code'' back to ''owner'' which allows ''owner'' to independently verify that he has been given a Bitcoin address that actually depends on his passphrase, and to confirm the lot and sequence numbers (if applicable).  This protects ''owner'' from being given a Bitcoin address by the second party that is unrelated to the key derivation and possibly spendable by the second party.  If a Bitcoin address given to ''owner'' can be successfully regenerated through the confirmation process, ''owner'' can be reasonably assured that any spending without the passphrase is infeasible.  This confirmation code is 75 characters starting with "cfrm38".
+
+To generate it, we need ''flagbyte'', ''ownerentropy'', ''factorb'', ''derivedhalf1'' and ''derivedhalf2'' from the original encryption operation.
+# ECMultiply ''factorb'' by G, call the result ''pointb''.  The result is 33 bytes.
+# The first byte is 0x02 or 0x03.  XOR it by (derivedhalf2[31] & 0x01), call the resulting byte ''pointbprefix''.
+# Do AES256Encrypt(block = (pointb[1...16] xor derivedhalf1[0...15]), key = derivedhalf2) and call the result ''pointbx1''.
+# Do AES256Encrypt(block = (pointb[17...32] xor derivedhalf1[16...31]), key = derivedhalf2) and call the result ''pointbx2''.
+# Concatenate ''pointbprefix'' + ''pointbx1'' + ''pointbx2'' (total 33 bytes) and call the result ''encryptedpointb''.
+
+The result is a Base58Check-encoded concatenation of the following:
+* 0x64 0x3B 0xF6 0xA8 0x9A + ''flagbyte'' + ''addresshash'' + ''ownerentropy'' + ''encryptedpointb''
+
+A confirmation tool, given a passphrase and a confirmation code, can recalculate the address, verify the address hash, and then assert the following: "It is confirmed that Bitcoin address ''address'' depends on this passphrase".  If applicable: "The lot number is ''lotnumber'' and the sequence number is ''sequencenumber''."
+
+To recalculate the address:
+# Derive ''passfactor'' using scrypt with ''ownerentropy'' and the user's passphrase and use it to recompute ''passpoint''
+# Derive decryption key for ''pointb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownerentropy''
+# Decrypt ''encryptedpointb'' to yield ''pointb''
+# ECMultiply ''pointb'' by ''passfactor''. Use the resulting EC point as a public key and hash it into ''address'' using either compressed or uncompressed public key methodology as specifid in ''flagbyte''.
+
+=====Decryption=====
+# Collect encrypted private key and passphrase from user.
+# Derive ''passfactor'' using scrypt with ''ownersalt'' and the user's passphrase and use it to recompute ''passpoint''
+# Derive decryption key for ''seedb'' using scrypt with ''passpoint'', ''addresshash'', and ''ownerentropy''
+# Decrypt ''encryptedpart2'' using AES256Decrypt to yield the last 8 bytes of ''seedb'' and the last 8 bytes of ''encryptedpart1''.
+# Decrypt ''encryptedpart1'' to yield the remainder of ''seedb''.
+# Use ''seedb'' to compute ''factorb''.
+# Multiply ''passfactor'' by ''factorb'' mod N to yield the private key associated with ''generatedaddress''.
+# Convert that private key into a Bitcoin address, honoring the compression preference specified in the encrypted key.
+# Hash the Bitcoin address, and verify that ''addresshash'' from the encrypted private key record matches the hash.  If not, report that the passphrase entry was incorrect.
+
+==Backwards compatibility==
+Backwards compatibility is minimally applicable since this is a new standard that at most extends [[Wallet Import Format]].  It is assumed that an entry point for private key data may also accept existing formats of private keys (such as hexadecimal and [[Wallet Import Format]]); this draft uses a key format that cannot be mistaken for any existing one and preserves auto-detection capabilities.
+
+==Suggestions for implementers of proposal with alt-chains==
+If this proposal is accepted into alt-chains, it is requested that the unused flag bytes not be used for denoting that the key belongs to an alt-chain.
+
+Alt-chain implementers should exploit the address hash for this purpose.  Since each operation in this proposal involves hashing a text representation of a coin address which (for Bitcoin) includes the leading '1', an alt-chain can easily be denoted simply by using the alt-chain's preferred format for representing an address.  Alt-chain implementers may also change the prefix such that encrypted addresses do not start with "6P".
+
+==Discussion item: scrypt parameters==
+This proposal leaves the scrypt parameters up in the air.  The following items are proposed for consideration:
+
+The main goal of scrypt is to reduce the feasibility of brute force attacks.  It must be assumed that an attacker will be able to use an efficient implementation of scrypt.  The parameters should force a highly efficient implementation of scrypt to wait a decent amount of time to slow attacks.
+
+On the other hand, an unavoidably likely place where scrypt will be implemented is using slow interpreted languages such as javascript.  What might take milliseconds on an efficient scrypt implementation may take seconds in javascript.
+
+It is believed, however, that someone using a javascript implementation is probably dealing with codes by hand, one at a time, rather than generating or processing large batches of codes.  Thus, a wait time of several seconds is acceptable to a user.
+
+A private key redemption process that forces a server to consume several seconds of CPU time would discourage implementation by the server owner, because they would be opening up a denial of service avenue by inviting users to make numerous attempts to invoke the redemption process.  However, it's also feasible for the server owner to implement his redemption process in such a way that the decryption is done by the user's browser, offloading the task from his own server (and providing another reason why the chosen scrypt parameters should be tolerant of javascript-based decryptors).
+
+The preliminary values of 16384, 8, and 8 are hoped to offer the following properties:
+* Encryption/decryption in javascript requiring several seconds per operation
+* Use of the parallelization parameter provides a modest opportunity for speedups in environments where concurrent threading is available - such environments would be selected for processes that must handle bulk quantities of encryption/decryption operations.  Estimated time for an operation is in the tens or hundreds of milliseconds.
+
+==Reference implementation==
+Added to alpha version of Casascius Bitcoin Address Utility for Windows available at:
+
+* via https: https://casascius.com/btcaddress-alpha.zip
+* at github: https://github.com/casascius/Bitcoin-Address-Utility
+
+Click "Tools" then "PPEC Keygen" (provisional name)
+
+==Test vectors==
+
+===No compression, no EC multiply===
+
+Test 1:
+*Passphrase: TestingOneTwoThree
+*Encrypted: 6PRVWUbkzzsbcVac2qwfssoUJAN1Xhrg6bNk8J7Nzm5H7kxEbn2Nh2ZoGg
+*Unencrypted (WIF): 5KN7MzqK5wt2TP1fQCYyHBtDrXdJuXbUzm4A9rKAteGu3Qi5CVR
+*Unencrypted (hex): CBF4B9F70470856BB4F40F80B87EDB90865997FFEE6DF315AB166D713AF433A5
+
+Test 2:
+*Passphrase: Satoshi
+*Encrypted: 6PRNFFkZc2NZ6dJqFfhRoFNMR9Lnyj7dYGrzdgXXVMXcxoKTePPX1dWByq
+*Unencrypted (WIF): 5HtasZ6ofTHP6HCwTqTkLDuLQisYPah7aUnSKfC7h4hMUVw2gi5
+*Unencrypted (hex): 09C2686880095B1A4C249EE3AC4EEA8A014F11E6F986D0B5025AC1F39AFBD9AE
+
+Test 3:
+*Passphrase ϓ␀𐐀💩 (<tt>\u03D2\u0301\u0000\U00010400\U0001F4A9</tt>; [http://codepoints.net/U+03D2 GREEK UPSILON WITH HOOK], [http://codepoints.net/U+0301 COMBINING ACUTE ACCENT], [http://codepoints.net/U+0000 NULL], [http://codepoints.net/U+10400 DESERET CAPITAL LETTER LONG I], [http://codepoints.net/U+1F4A9 PILE OF POO])
+*Encrypted key: 6PRW5o9FLp4gJDDVqJQKJFTpMvdsSGJxMYHtHaQBF3ooa8mwD69bapcDQn
+*Bitcoin Address: 16ktGzmfrurhbhi6JGqsMWf7TyqK9HNAeF
+*Unencrypted private key (WIF): 5Jajm8eQ22H3pGWLEVCXyvND8dQZhiQhoLJNKjYXk9roUFTMSZ4
+* ''Note:'' The non-standard UTF-8 characters in this passphrase should be NFC normalized to result in a passphrase of <tt>0xcf9300f0909080f09f92a9</tt> before further processing
+
+===Compression, no EC multiply===
+
+Test 1:
+*Passphrase: TestingOneTwoThree
+*Encrypted: 6PYNKZ1EAgYgmQfmNVamxyXVWHzK5s6DGhwP4J5o44cvXdoY7sRzhtpUeo
+*Unencrypted (WIF): L44B5gGEpqEDRS9vVPz7QT35jcBG2r3CZwSwQ4fCewXAhAhqGVpP
+*Unencrypted (hex): CBF4B9F70470856BB4F40F80B87EDB90865997FFEE6DF315AB166D713AF433A5
+
+Test 2:
+*Passphrase: Satoshi
+*Encrypted: 6PYLtMnXvfG3oJde97zRyLYFZCYizPU5T3LwgdYJz1fRhh16bU7u6PPmY7
+*Unencrypted (WIF): KwYgW8gcxj1JWJXhPSu4Fqwzfhp5Yfi42mdYmMa4XqK7NJxXUSK7
+*Unencrypted (hex): 09C2686880095B1A4C249EE3AC4EEA8A014F11E6F986D0B5025AC1F39AFBD9AE
+
+===EC multiply, no compression, no lot/sequence numbers===
+
+Test 1:
+*Passphrase: TestingOneTwoThree
+*Passphrase code: passphrasepxFy57B9v8HtUsszJYKReoNDV6VHjUSGt8EVJmux9n1J3Ltf1gRxyDGXqnf9qm
+*Encrypted key: 6PfQu77ygVyJLZjfvMLyhLMQbYnu5uguoJJ4kMCLqWwPEdfpwANVS76gTX
+*Bitcoin address: 1PE6TQi6HTVNz5DLwB1LcpMBALubfuN2z2
+*Unencrypted private key (WIF): 5K4caxezwjGCGfnoPTZ8tMcJBLB7Jvyjv4xxeacadhq8nLisLR2
+*Unencrypted private key (hex): A43A940577F4E97F5C4D39EB14FF083A98187C64EA7C99EF7CE460833959A519
+
+Test 2:
+*Passphrase: Satoshi
+*Passphrase code: passphraseoRDGAXTWzbp72eVbtUDdn1rwpgPUGjNZEc6CGBo8i5EC1FPW8wcnLdq4ThKzAS
+*Encrypted key: 6PfLGnQs6VZnrNpmVKfjotbnQuaJK4KZoPFrAjx1JMJUa1Ft8gnf5WxfKd
+*Bitcoin address: 1CqzrtZC6mXSAhoxtFwVjz8LtwLJjDYU3V
+*Unencrypted private key (WIF): 5KJ51SgxWaAYR13zd9ReMhJpwrcX47xTJh2D3fGPG9CM8vkv5sH
+*Unencrypted private key (hex): C2C8036DF268F498099350718C4A3EF3984D2BE84618C2650F5171DCC5EB660A
+
+===EC multiply, no compression, lot/sequence numbers===
+
+Test 1:
+*Passphrase: MOLON LABE
+*Passphrase code: passphraseaB8feaLQDENqCgr4gKZpmf4VoaT6qdjJNJiv7fsKvjqavcJxvuR1hy25aTu5sX 
+*Encrypted key: 6PgNBNNzDkKdhkT6uJntUXwwzQV8Rr2tZcbkDcuC9DZRsS6AtHts4Ypo1j
+*Bitcoin address: 1Jscj8ALrYu2y9TD8NrpvDBugPedmbj4Yh
+*Unencrypted private key (WIF): 5JLdxTtcTHcfYcmJsNVy1v2PMDx432JPoYcBTVVRHpPaxUrdtf8
+*Unencrypted private key (hex): 44EA95AFBF138356A05EA32110DFD627232D0F2991AD221187BE356F19FA8190
+*Confirmation code: cfrm38V8aXBn7JWA1ESmFMUn6erxeBGZGAxJPY4e36S9QWkzZKtaVqLNMgnifETYw7BPwWC9aPD
+*Lot/Sequence: 263183/1
+
+Test 2: 
+*Passphrase (all letters are Greek - test UTF-8 compatibility with this): ΜΟΛΩΝ ΛΑΒΕ
+*Passphrase code: passphrased3z9rQJHSyBkNBwTRPkUGNVEVrUAcfAXDyRU1V28ie6hNFbqDwbFBvsTK7yWVK 
+*Encrypted private key: 6PgGWtx25kUg8QWvwuJAgorN6k9FbE25rv5dMRwu5SKMnfpfVe5mar2ngH
+*Bitcoin address: 1Lurmih3KruL4xDB5FmHof38yawNtP9oGf
+*Unencrypted private key (WIF): 5KMKKuUmAkiNbA3DazMQiLfDq47qs8MAEThm4yL8R2PhV1ov33D
+*Unencrypted private key (hex): CA2759AA4ADB0F96C414F36ABEB8DB59342985BE9FA50FAAC228C8E7D90E3006
+*Confirmation code: cfrm38V8G4qq2ywYEFfWLD5Cc6msj9UwsG2Mj4Z6QdGJAFQpdatZLavkgRd1i4iBMdRngDqDs51
+*Lot/Sequence: 806938/1
diff --git a/bip-0039.mediawiki b/bip-0039.mediawiki
new file mode 100644
index 00000000..b6aebfb8
--- /dev/null
+++ b/bip-0039.mediawiki
@@ -0,0 +1,137 @@
+<pre>
+  BIP:     BIP-0039
+  Title:   Mnemonic code for generating deterministic keys
+  Authors: Marek Palatinus <slush@satoshilabs.com>
+           Pavol Rusnak <stick@satoshilabs.com>
+           Aaron Voisine <voisine@gmail.com>
+           Sean Bowe <ewillbefull@gmail.com>
+  Status:  Draft
+  Type:    Standards Track
+  Created: 2013-09-10
+</pre>
+
+==Abstract==
+
+This BIP describes the implementation of a mnemonic code or mnemonic sentence --
+a group of easy to remember words -- for the generation of deterministic wallets.
+
+It consists of two parts: generating the mnemonic, and converting it into a
+binary seed. This seed can be later used to generate deterministic wallets using
+BIP-0032 or similar methods.
+
+==Motivation==
+
+A mnemonic code or sentence is superior for human interaction compared to the
+handling of raw binary or hexidecimal representations of a wallet seed. The
+sentence could be written on paper or spoken over the telephone.
+
+This guide is meant to be a way to transport computer-generated randomness with
+a human readable transcription. It's not a way to process user-created
+sentences (also known as brainwallets) into a wallet seed.
+
+==Generating the mnemonic==
+
+The mnemonic must encode entropy in a multiple of 32 bits. With more entropy
+security is improved but the sentence length increases. We refer to the
+initial entropy length as ENT. The recommended size of ENT is 128-256 bits.
+
+First, an initial entropy of ENT bits is generated. A checksum is generated by
+taking the first <pre>ENT / 32</pre> bits of its SHA256 hash. This checksum is
+appended to the end of the initial entropy. Next, these concatenated bits
+are split into groups of 11 bits, each encoding a number from 0-2047, serving
+as an index into a wordlist. Finally, we convert these numbers into words and
+use the joined words as a mnemonic sentence.
+
+The following table describes the relation between the initial entropy
+length (ENT), the checksum length (CS) and the length of the generated mnemonic
+sentence (MS) in words.
+
+<pre>
+CS = ENT / 32
+MS = (ENT + CS) / 11
+
+|  ENT  | CS | ENT+CS |  MS  |
++-------+----+--------+------+
+|  128  |  4 |   132  |  12  |
+|  160  |  5 |   165  |  15  |
+|  192  |  6 |   198  |  18  |
+|  224  |  7 |   231  |  21  |
+|  256  |  8 |   264  |  24  |
+</pre>
+
+==Wordlist==
+
+An ideal wordlist has the following characteristics:
+
+a) smart selection of words
+   - the wordlist is created in such way that it's enough to type the first four
+     letters to unambiguously identify the word
+
+b) similar words avoided
+   - word pairs like "build" and "built", "woman" and "women", or "quick" and "quickly"
+     not only make remembering the sentence difficult, but are also more error
+     prone and more difficult to guess
+
+c) sorted wordlists
+   - the wordlist is sorted which allows for more efficient lookup of the code words
+     (i.e. implementations can use binary search instead of linear search)
+   - this also allows trie (a prefix tree) to be used, e.g. for better compression
+
+The wordlist can contain native characters, but they must be encoded in UTF-8
+using Normalization Form Compatibility Decomposition (NFKD).
+
+==From mnemonic to seed==
+
+A user may decide to protect their mnemonic with a passphrase. If a passphrase is not
+present, an empty string "" is used instead.
+
+To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic
+sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again
+in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as
+the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).
+
+This seed can be later used to generate deterministic wallets using BIP-0032 or
+similar methods.
+
+The conversion of the mnemonic sentence to a binary seed is completely independent
+from generating the sentence. This results in rather simple code; there are no
+constraints on sentence structure and clients are free to implement their own
+wordlists or even whole sentence generators, allowing for flexibility in wordlists
+for typo detection or other purposes.
+
+Although using a mnemonic not generated by the algorithm described in "Generating the
+mnemonic" section is possible, this is not advised and software must compute a
+checksum for the mnemonic sentence using a wordlist and issue a warning if it is
+invalid.
+
+The described method also provides plausible deniability, because every passphrase
+generates a valid seed (and thus a deterministic wallet) but only the correct one
+will make the desired wallet available.
+
+==Wordlists==
+
+* [[bip-0039/bip-0039-wordlists.md|Moved to separate document]]
+
+==Test vectors==
+
+The test vectors include input entropy, mnemonic and seed. The
+passphrase "TREZOR" is used for all vectors.
+
+https://github.com/trezor/python-mnemonic/blob/master/vectors.json
+
+Also see https://github.com/bip32JP/bip32JP.github.io/blob/master/test_JP_BIP39.json
+
+(Japanese wordlist test with heavily normalized symbols as passphrase)
+
+==Reference Implementation==
+
+Reference implementation including wordlists is available from
+
+http://github.com/trezor/python-mnemonic
+
+==Other Implementations==
+
+Objective-C - https://github.com/nybex/NYMnemonic
+
+Haskell - https://github.com/haskoin/haskoin
+
diff --git a/bip-0039/bip-0039-wordlists.md b/bip-0039/bip-0039-wordlists.md
new file mode 100644
index 00000000..28cd97ae
--- /dev/null
+++ b/bip-0039/bip-0039-wordlists.md
@@ -0,0 +1,26 @@
+#Wordlists
+
+* [English](english.txt)
+* [Japanese](japanese.txt)
+* [Spanish](spanish.txt)
+
+##Wordlists (Special Considerations)
+
+###Japanese
+
+1. Users will most likely separate the words with UTF-8 ideographic space.  
+(UTF-8 bytes: 0xE38080) When generating the seed, normalization as per the spec will
+automatically change these into normal ASCII spaces. Depending on the font, displaying the
+words should use the UTF-8 ideographic space if it looks like the symbols are too close.
+
+2. Word-wrapping doesn't work well, so making sure that words only word-wrap at one of the  
+ideographic spaces may be a necessary step. As a long word split in two could be mistaken easily  
+for two smaller words (This would be a problem with any of the 3 character sets in Japanese)
+
+###Spanish
+
+1. Words can be uniquely determined typing the first 4 characters (sometimes less).
+
+2. Special Spanish characters like 'ñ', 'ü', 'á', etc... are considered equal to 'n', 'u', 'a', etc... in terms of identifying a word. Therefore, there is no need to use a Spanish keyboard to introduce the passphrase, an application with the Spanish wordlist will be able to identify the words after the first 4 chars have been typed even if the chars with accents have been replaced with the equivalent without accents.
+
+3. There are no words in common between the Spanish wordlist and any other language wordlist, therefore it is possible to detect the language with just one word.
diff --git a/bip-0039/english.txt b/bip-0039/english.txt
new file mode 100644
index 00000000..942040ed
--- /dev/null
+++ b/bip-0039/english.txt
@@ -0,0 +1,2048 @@
+abandon
+ability
+able
+about
+above
+absent
+absorb
+abstract
+absurd
+abuse
+access
+accident
+account
+accuse
+achieve
+acid
+acoustic
+acquire
+across
+act
+action
+actor
+actress
+actual
+adapt
+add
+addict
+address
+adjust
+admit
+adult
+advance
+advice
+aerobic
+affair
+afford
+afraid
+again
+age
+agent
+agree
+ahead
+aim
+air
+airport
+aisle
+alarm
+album
+alcohol
+alert
+alien
+all
+alley
+allow
+almost
+alone
+alpha
+already
+also
+alter
+always
+amateur
+amazing
+among
+amount
+amused
+analyst
+anchor
+ancient
+anger
+angle
+angry
+animal
+ankle
+announce
+annual
+another
+answer
+antenna
+antique
+anxiety
+any
+apart
+apology
+appear
+apple
+approve
+april
+arch
+arctic
+area
+arena
+argue
+arm
+armed
+armor
+army
+around
+arrange
+arrest
+arrive
+arrow
+art
+artefact
+artist
+artwork
+ask
+aspect
+assault
+asset
+assist
+assume
+asthma
+athlete
+atom
+attack
+attend
+attitude
+attract
+auction
+audit
+august
+aunt
+author
+auto
+autumn
+average
+avocado
+avoid
+awake
+aware
+away
+awesome
+awful
+awkward
+axis
+baby
+bachelor
+bacon
+badge
+bag
+balance
+balcony
+ball
+bamboo
+banana
+banner
+bar
+barely
+bargain
+barrel
+base
+basic
+basket
+battle
+beach
+bean
+beauty
+because
+become
+beef
+before
+begin
+behave
+behind
+believe
+below
+belt
+bench
+benefit
+best
+betray
+better
+between
+beyond
+bicycle
+bid
+bike
+bind
+biology
+bird
+birth
+bitter
+black
+blade
+blame
+blanket
+blast
+bleak
+bless
+blind
+blood
+blossom
+blouse
+blue
+blur
+blush
+board
+boat
+body
+boil
+bomb
+bone
+bonus
+book
+boost
+border
+boring
+borrow
+boss
+bottom
+bounce
+box
+boy
+bracket
+brain
+brand
+brass
+brave
+bread
+breeze
+brick
+bridge
+brief
+bright
+bring
+brisk
+broccoli
+broken
+bronze
+broom
+brother
+brown
+brush
+bubble
+buddy
+budget
+buffalo
+build
+bulb
+bulk
+bullet
+bundle
+bunker
+burden
+burger
+burst
+bus
+business
+busy
+butter
+buyer
+buzz
+cabbage
+cabin
+cable
+cactus
+cage
+cake
+call
+calm
+camera
+camp
+can
+canal
+cancel
+candy
+cannon
+canoe
+canvas
+canyon
+capable
+capital
+captain
+car
+carbon
+card
+cargo
+carpet
+carry
+cart
+case
+cash
+casino
+castle
+casual
+cat
+catalog
+catch
+category
+cattle
+caught
+cause
+caution
+cave
+ceiling
+celery
+cement
+census
+century
+cereal
+certain
+chair
+chalk
+champion
+change
+chaos
+chapter
+charge
+chase
+chat
+cheap
+check
+cheese
+chef
+cherry
+chest
+chicken
+chief
+child
+chimney
+choice
+choose
+chronic
+chuckle
+chunk
+churn
+cigar
+cinnamon
+circle
+citizen
+city
+civil
+claim
+clap
+clarify
+claw
+clay
+clean
+clerk
+clever
+click
+client
+cliff
+climb
+clinic
+clip
+clock
+clog
+close
+cloth
+cloud
+clown
+club
+clump
+cluster
+clutch
+coach
+coast
+coconut
+code
+coffee
+coil
+coin
+collect
+color
+column
+combine
+come
+comfort
+comic
+common
+company
+concert
+conduct
+confirm
+congress
+connect
+consider
+control
+convince
+cook
+cool
+copper
+copy
+coral
+core
+corn
+correct
+cost
+cotton
+couch
+country
+couple
+course
+cousin
+cover
+coyote
+crack
+cradle
+craft
+cram
+crane
+crash
+crater
+crawl
+crazy
+cream
+credit
+creek
+crew
+cricket
+crime
+crisp
+critic
+crop
+cross
+crouch
+crowd
+crucial
+cruel
+cruise
+crumble
+crunch
+crush
+cry
+crystal
+cube
+culture
+cup
+cupboard
+curious
+current
+curtain
+curve
+cushion
+custom
+cute
+cycle
+dad
+damage
+damp
+dance
+danger
+daring
+dash
+daughter
+dawn
+day
+deal
+debate
+debris
+decade
+december
+decide
+decline
+decorate
+decrease
+deer
+defense
+define
+defy
+degree
+delay
+deliver
+demand
+demise
+denial
+dentist
+deny
+depart
+depend
+deposit
+depth
+deputy
+derive
+describe
+desert
+design
+desk
+despair
+destroy
+detail
+detect
+develop
+device
+devote
+diagram
+dial
+diamond
+diary
+dice
+diesel
+diet
+differ
+digital
+dignity
+dilemma
+dinner
+dinosaur
+direct
+dirt
+disagree
+discover
+disease
+dish
+dismiss
+disorder
+display
+distance
+divert
+divide
+divorce
+dizzy
+doctor
+document
+dog
+doll
+dolphin
+domain
+donate
+donkey
+donor
+door
+dose
+double
+dove
+draft
+dragon
+drama
+drastic
+draw
+dream
+dress
+drift
+drill
+drink
+drip
+drive
+drop
+drum
+dry
+duck
+dumb
+dune
+during
+dust
+dutch
+duty
+dwarf
+dynamic
+eager
+eagle
+early
+earn
+earth
+easily
+east
+easy
+echo
+ecology
+economy
+edge
+edit
+educate
+effort
+egg
+eight
+either
+elbow
+elder
+electric
+elegant
+element
+elephant
+elevator
+elite
+else
+embark
+embody
+embrace
+emerge
+emotion
+employ
+empower
+empty
+enable
+enact
+end
+endless
+endorse
+enemy
+energy
+enforce
+engage
+engine
+enhance
+enjoy
+enlist
+enough
+enrich
+enroll
+ensure
+enter
+entire
+entry
+envelope
+episode
+equal
+equip
+era
+erase
+erode
+erosion
+error
+erupt
+escape
+essay
+essence
+estate
+eternal
+ethics
+evidence
+evil
+evoke
+evolve
+exact
+example
+excess
+exchange
+excite
+exclude
+excuse
+execute
+exercise
+exhaust
+exhibit
+exile
+exist
+exit
+exotic
+expand
+expect
+expire
+explain
+expose
+express
+extend
+extra
+eye
+eyebrow
+fabric
+face
+faculty
+fade
+faint
+faith
+fall
+false
+fame
+family
+famous
+fan
+fancy
+fantasy
+farm
+fashion
+fat
+fatal
+father
+fatigue
+fault
+favorite
+feature
+february
+federal
+fee
+feed
+feel
+female
+fence
+festival
+fetch
+fever
+few
+fiber
+fiction
+field
+figure
+file
+film
+filter
+final
+find
+fine
+finger
+finish
+fire
+firm
+first
+fiscal
+fish
+fit
+fitness
+fix
+flag
+flame
+flash
+flat
+flavor
+flee
+flight
+flip
+float
+flock
+floor
+flower
+fluid
+flush
+fly
+foam
+focus
+fog
+foil
+fold
+follow
+food
+foot
+force
+forest
+forget
+fork
+fortune
+forum
+forward
+fossil
+foster
+found
+fox
+fragile
+frame
+frequent
+fresh
+friend
+fringe
+frog
+front
+frost
+frown
+frozen
+fruit
+fuel
+fun
+funny
+furnace
+fury
+future
+gadget
+gain
+galaxy
+gallery
+game
+gap
+garage
+garbage
+garden
+garlic
+garment
+gas
+gasp
+gate
+gather
+gauge
+gaze
+general
+genius
+genre
+gentle
+genuine
+gesture
+ghost
+giant
+gift
+giggle
+ginger
+giraffe
+girl
+give
+glad
+glance
+glare
+glass
+glide
+glimpse
+globe
+gloom
+glory
+glove
+glow
+glue
+goat
+goddess
+gold
+good
+goose
+gorilla
+gospel
+gossip
+govern
+gown
+grab
+grace
+grain
+grant
+grape
+grass
+gravity
+great
+green
+grid
+grief
+grit
+grocery
+group
+grow
+grunt
+guard
+guess
+guide
+guilt
+guitar
+gun
+gym
+habit
+hair
+half
+hammer
+hamster
+hand
+happy
+harbor
+hard
+harsh
+harvest
+hat
+have
+hawk
+hazard
+head
+health
+heart
+heavy
+hedgehog
+height
+hello
+helmet
+help
+hen
+hero
+hidden
+high
+hill
+hint
+hip
+hire
+history
+hobby
+hockey
+hold
+hole
+holiday
+hollow
+home
+honey
+hood
+hope
+horn
+horror
+horse
+hospital
+host
+hotel
+hour
+hover
+hub
+huge
+human
+humble
+humor
+hundred
+hungry
+hunt
+hurdle
+hurry
+hurt
+husband
+hybrid
+ice
+icon
+idea
+identify
+idle
+ignore
+ill
+illegal
+illness
+image
+imitate
+immense
+immune
+impact
+impose
+improve
+impulse
+inch
+include
+income
+increase
+index
+indicate
+indoor
+industry
+infant
+inflict
+inform
+inhale
+inherit
+initial
+inject
+injury
+inmate
+inner
+innocent
+input
+inquiry
+insane
+insect
+inside
+inspire
+install
+intact
+interest
+into
+invest
+invite
+involve
+iron
+island
+isolate
+issue
+item
+ivory
+jacket
+jaguar
+jar
+jazz
+jealous
+jeans
+jelly
+jewel
+job
+join
+joke
+journey
+joy
+judge
+juice
+jump
+jungle
+junior
+junk
+just
+kangaroo
+keen
+keep
+ketchup
+key
+kick
+kid
+kidney
+kind
+kingdom
+kiss
+kit
+kitchen
+kite
+kitten
+kiwi
+knee
+knife
+knock
+know
+lab
+label
+labor
+ladder
+lady
+lake
+lamp
+language
+laptop
+large
+later
+latin
+laugh
+laundry
+lava
+law
+lawn
+lawsuit
+layer
+lazy
+leader
+leaf
+learn
+leave
+lecture
+left
+leg
+legal
+legend
+leisure
+lemon
+lend
+length
+lens
+leopard
+lesson
+letter
+level
+liar
+liberty
+library
+license
+life
+lift
+light
+like
+limb
+limit
+link
+lion
+liquid
+list
+little
+live
+lizard
+load
+loan
+lobster
+local
+lock
+logic
+lonely
+long
+loop
+lottery
+loud
+lounge
+love
+loyal
+lucky
+luggage
+lumber
+lunar
+lunch
+luxury
+lyrics
+machine
+mad
+magic
+magnet
+maid
+mail
+main
+major
+make
+mammal
+man
+manage
+mandate
+mango
+mansion
+manual
+maple
+marble
+march
+margin
+marine
+market
+marriage
+mask
+mass
+master
+match
+material
+math
+matrix
+matter
+maximum
+maze
+meadow
+mean
+measure
+meat
+mechanic
+medal
+media
+melody
+melt
+member
+memory
+mention
+menu
+mercy
+merge
+merit
+merry
+mesh
+message
+metal
+method
+middle
+midnight
+milk
+million
+mimic
+mind
+minimum
+minor
+minute
+miracle
+mirror
+misery
+miss
+mistake
+mix
+mixed
+mixture
+mobile
+model
+modify
+mom
+moment
+monitor
+monkey
+monster
+month
+moon
+moral
+more
+morning
+mosquito
+mother
+motion
+motor
+mountain
+mouse
+move
+movie
+much
+muffin
+mule
+multiply
+muscle
+museum
+mushroom
+music
+must
+mutual
+myself
+mystery
+myth
+naive
+name
+napkin
+narrow
+nasty
+nation
+nature
+near
+neck
+need
+negative
+neglect
+neither
+nephew
+nerve
+nest
+net
+network
+neutral
+never
+news
+next
+nice
+night
+noble
+noise
+nominee
+noodle
+normal
+north
+nose
+notable
+note
+nothing
+notice
+novel
+now
+nuclear
+number
+nurse
+nut
+oak
+obey
+object
+oblige
+obscure
+observe
+obtain
+obvious
+occur
+ocean
+october
+odor
+off
+offer
+office
+often
+oil
+okay
+old
+olive
+olympic
+omit
+once
+one
+onion
+online
+only
+open
+opera
+opinion
+oppose
+option
+orange
+orbit
+orchard
+order
+ordinary
+organ
+orient
+original
+orphan
+ostrich
+other
+outdoor
+outer
+output
+outside
+oval
+oven
+over
+own
+owner
+oxygen
+oyster
+ozone
+pact
+paddle
+page
+pair
+palace
+palm
+panda
+panel
+panic
+panther
+paper
+parade
+parent
+park
+parrot
+party
+pass
+patch
+path
+patient
+patrol
+pattern
+pause
+pave
+payment
+peace
+peanut
+pear
+peasant
+pelican
+pen
+penalty
+pencil
+people
+pepper
+perfect
+permit
+person
+pet
+phone
+photo
+phrase
+physical
+piano
+picnic
+picture
+piece
+pig
+pigeon
+pill
+pilot
+pink
+pioneer
+pipe
+pistol
+pitch
+pizza
+place
+planet
+plastic
+plate
+play
+please
+pledge
+pluck
+plug
+plunge
+poem
+poet
+point
+polar
+pole
+police
+pond
+pony
+pool
+popular
+portion
+position
+possible
+post
+potato
+pottery
+poverty
+powder
+power
+practice
+praise
+predict
+prefer
+prepare
+present
+pretty
+prevent
+price
+pride
+primary
+print
+priority
+prison
+private
+prize
+problem
+process
+produce
+profit
+program
+project
+promote
+proof
+property
+prosper
+protect
+proud
+provide
+public
+pudding
+pull
+pulp
+pulse
+pumpkin
+punch
+pupil
+puppy
+purchase
+purity
+purpose
+purse
+push
+put
+puzzle
+pyramid
+quality
+quantum
+quarter
+question
+quick
+quit
+quiz
+quote
+rabbit
+raccoon
+race
+rack
+radar
+radio
+rail
+rain
+raise
+rally
+ramp
+ranch
+random
+range
+rapid
+rare
+rate
+rather
+raven
+raw
+razor
+ready
+real
+reason
+rebel
+rebuild
+recall
+receive
+recipe
+record
+recycle
+reduce
+reflect
+reform
+refuse
+region
+regret
+regular
+reject
+relax
+release
+relief
+rely
+remain
+remember
+remind
+remove
+render
+renew
+rent
+reopen
+repair
+repeat
+replace
+report
+require
+rescue
+resemble
+resist
+resource
+response
+result
+retire
+retreat
+return
+reunion
+reveal
+review
+reward
+rhythm
+rib
+ribbon
+rice
+rich
+ride
+ridge
+rifle
+right
+rigid
+ring
+riot
+ripple
+risk
+ritual
+rival
+river
+road
+roast
+robot
+robust
+rocket
+romance
+roof
+rookie
+room
+rose
+rotate
+rough
+round
+route
+royal
+rubber
+rude
+rug
+rule
+run
+runway
+rural
+sad
+saddle
+sadness
+safe
+sail
+salad
+salmon
+salon
+salt
+salute
+same
+sample
+sand
+satisfy
+satoshi
+sauce
+sausage
+save
+say
+scale
+scan
+scare
+scatter
+scene
+scheme
+school
+science
+scissors
+scorpion
+scout
+scrap
+screen
+script
+scrub
+sea
+search
+season
+seat
+second
+secret
+section
+security
+seed
+seek
+segment
+select
+sell
+seminar
+senior
+sense
+sentence
+series
+service
+session
+settle
+setup
+seven
+shadow
+shaft
+shallow
+share
+shed
+shell
+sheriff
+shield
+shift
+shine
+ship
+shiver
+shock
+shoe
+shoot
+shop
+short
+shoulder
+shove
+shrimp
+shrug
+shuffle
+shy
+sibling
+sick
+side
+siege
+sight
+sign
+silent
+silk
+silly
+silver
+similar
+simple
+since
+sing
+siren
+sister
+situate
+six
+size
+skate
+sketch
+ski
+skill
+skin
+skirt
+skull
+slab
+slam
+sleep
+slender
+slice
+slide
+slight
+slim
+slogan
+slot
+slow
+slush
+small
+smart
+smile
+smoke
+smooth
+snack
+snake
+snap
+sniff
+snow
+soap
+soccer
+social
+sock
+soda
+soft
+solar
+soldier
+solid
+solution
+solve
+someone
+song
+soon
+sorry
+sort
+soul
+sound
+soup
+source
+south
+space
+spare
+spatial
+spawn
+speak
+special
+speed
+spell
+spend
+sphere
+spice
+spider
+spike
+spin
+spirit
+split
+spoil
+sponsor
+spoon
+sport
+spot
+spray
+spread
+spring
+spy
+square
+squeeze
+squirrel
+stable
+stadium
+staff
+stage
+stairs
+stamp
+stand
+start
+state
+stay
+steak
+steel
+stem
+step
+stereo
+stick
+still
+sting
+stock
+stomach
+stone
+stool
+story
+stove
+strategy
+street
+strike
+strong
+struggle
+student
+stuff
+stumble
+style
+subject
+submit
+subway
+success
+such
+sudden
+suffer
+sugar
+suggest
+suit
+summer
+sun
+sunny
+sunset
+super
+supply
+supreme
+sure
+surface
+surge
+surprise
+surround
+survey
+suspect
+sustain
+swallow
+swamp
+swap
+swarm
+swear
+sweet
+swift
+swim
+swing
+switch
+sword
+symbol
+symptom
+syrup
+system
+table
+tackle
+tag
+tail
+talent
+talk
+tank
+tape
+target
+task
+taste
+tattoo
+taxi
+teach
+team
+tell
+ten
+tenant
+tennis
+tent
+term
+test
+text
+thank
+that
+theme
+then
+theory
+there
+they
+thing
+this
+thought
+three
+thrive
+throw
+thumb
+thunder
+ticket
+tide
+tiger
+tilt
+timber
+time
+tiny
+tip
+tired
+tissue
+title
+toast
+tobacco
+today
+toddler
+toe
+together
+toilet
+token
+tomato
+tomorrow
+tone
+tongue
+tonight
+tool
+tooth
+top
+topic
+topple
+torch
+tornado
+tortoise
+toss
+total
+tourist
+toward
+tower
+town
+toy
+track
+trade
+traffic
+tragic
+train
+transfer
+trap
+trash
+travel
+tray
+treat
+tree
+trend
+trial
+tribe
+trick
+trigger
+trim
+trip
+trophy
+trouble
+truck
+true
+truly
+trumpet
+trust
+truth
+try
+tube
+tuition
+tumble
+tuna
+tunnel
+turkey
+turn
+turtle
+twelve
+twenty
+twice
+twin
+twist
+two
+type
+typical
+ugly
+umbrella
+unable
+unaware
+uncle
+uncover
+under
+undo
+unfair
+unfold
+unhappy
+uniform
+unique
+unit
+universe
+unknown
+unlock
+until
+unusual
+unveil
+update
+upgrade
+uphold
+upon
+upper
+upset
+urban
+urge
+usage
+use
+used
+useful
+useless
+usual
+utility
+vacant
+vacuum
+vague
+valid
+valley
+valve
+van
+vanish
+vapor
+various
+vast
+vault
+vehicle
+velvet
+vendor
+venture
+venue
+verb
+verify
+version
+very
+vessel
+veteran
+viable
+vibrant
+vicious
+victory
+video
+view
+village
+vintage
+violin
+virtual
+virus
+visa
+visit
+visual
+vital
+vivid
+vocal
+voice
+void
+volcano
+volume
+vote
+voyage
+wage
+wagon
+wait
+walk
+wall
+walnut
+want
+warfare
+warm
+warrior
+wash
+wasp
+waste
+water
+wave
+way
+wealth
+weapon
+wear
+weasel
+weather
+web
+wedding
+weekend
+weird
+welcome
+west
+wet
+whale
+what
+wheat
+wheel
+when
+where
+whip
+whisper
+wide
+width
+wife
+wild
+will
+win
+window
+wine
+wing
+wink
+winner
+winter
+wire
+wisdom
+wise
+wish
+witness
+wolf
+woman
+wonder
+wood
+wool
+word
+work
+world
+worry
+worth
+wrap
+wreck
+wrestle
+wrist
+write
+wrong
+yard
+year
+yellow
+you
+young
+youth
+zebra
+zero
+zone
+zoo
diff --git a/bip-0039/japanese.txt b/bip-0039/japanese.txt
new file mode 100644
index 00000000..c4c9dca4
--- /dev/null
+++ b/bip-0039/japanese.txt
@@ -0,0 +1,2048 @@
+あいこくしん
+あいさつ
+あいだ
+あおぞら
+あかちゃん
+あきる
+あけがた
+あける
+あこがれる
+あさい
+あさひ
+あしあと
+あじわう
+あずかる
+あずき
+あそぶ
+あたえる
+あたためる
+あたりまえ
+あたる
+あつい
+あつかう
+あっしゅく
+あつまり
+あつめる
+あてな
+あてはまる
+あひる
+あぶら
+あぶる
+あふれる
+あまい
+あまど
+あまやかす
+あまり
+あみもの
+あめりか
+あやまる
+あゆむ
+あらいぐま
+あらし
+あらすじ
+あらためる
+あらゆる
+あらわす
+ありがとう
+あわせる
+あわてる
+あんい
+あんがい
+あんこ
+あんぜん
+あんてい
+あんない
+あんまり
+いいだす
+いおん
+いがい
+いがく
+いきおい
+いきなり
+いきもの
+いきる
+いくじ
+いくぶん
+いけばな
+いけん
+いこう
+いこく
+いこつ
+いさましい
+いさん
+いしき
+いじゅう
+いじょう
+いじわる
+いずみ
+いずれ
+いせい
+いせえび
+いせかい
+いせき
+いぜん
+いそうろう
+いそがしい
+いだい
+いだく
+いたずら
+いたみ
+いたりあ
+いちおう
+いちじ
+いちど
+いちば
+いちぶ
+いちりゅう
+いつか
+いっしゅん
+いっせい
+いっそう
+いったん
+いっち
+いってい
+いっぽう
+いてざ
+いてん
+いどう
+いとこ
+いない
+いなか
+いねむり
+いのち
+いのる
+いはつ
+いばる
+いはん
+いびき
+いひん
+いふく
+いへん
+いほう
+いみん
+いもうと
+いもたれ
+いもり
+いやがる
+いやす
+いよかん
+いよく
+いらい
+いらすと
+いりぐち
+いりょう
+いれい
+いれもの
+いれる
+いろえんぴつ
+いわい
+いわう
+いわかん
+いわば
+いわゆる
+いんげんまめ
+いんさつ
+いんしょう
+いんよう
+うえき
+うえる
+うおざ
+うがい
+うかぶ
+うかべる
+うきわ
+うくらいな
+うくれれ
+うけたまわる
+うけつけ
+うけとる
+うけもつ
+うける
+うごかす
+うごく
+うこん
+うさぎ
+うしなう
+うしろがみ
+うすい
+うすぎ
+うすぐらい
+うすめる
+うせつ
+うちあわせ
+うちがわ
+うちき
+うちゅう
+うっかり
+うつくしい
+うったえる
+うつる
+うどん
+うなぎ
+うなじ
+うなずく
+うなる
+うねる
+うのう
+うぶげ
+うぶごえ
+うまれる
+うめる
+うもう
+うやまう
+うよく
+うらがえす
+うらぐち
+うらない
+うりあげ
+うりきれ
+うるさい
+うれしい
+うれゆき
+うれる
+うろこ
+うわき
+うわさ
+うんこう
+うんちん
+うんてん
+うんどう
+えいえん
+えいが
+えいきょう
+えいご
+えいせい
+えいぶん
+えいよう
+えいわ
+えおり
+えがお
+えがく
+えきたい
+えくせる
+えしゃく
+えすて
+えつらん
+えのぐ
+えほうまき
+えほん
+えまき
+えもじ
+えもの
+えらい
+えらぶ
+えりあ
+えんえん
+えんかい
+えんぎ
+えんげき
+えんしゅう
+えんぜつ
+えんそく
+えんちょう
+えんとつ
+おいかける
+おいこす
+おいしい
+おいつく
+おうえん
+おうさま
+おうじ
+おうせつ
+おうたい
+おうふく
+おうべい
+おうよう
+おえる
+おおい
+おおう
+おおどおり
+おおや
+おおよそ
+おかえり
+おかず
+おがむ
+おかわり
+おぎなう
+おきる
+おくさま
+おくじょう
+おくりがな
+おくる
+おくれる
+おこす
+おこなう
+おこる
+おさえる
+おさない
+おさめる
+おしいれ
+おしえる
+おじぎ
+おじさん
+おしゃれ
+おそらく
+おそわる
+おたがい
+おたく
+おだやか
+おちつく
+おっと
+おつり
+おでかけ
+おとしもの
+おとなしい
+おどり
+おどろかす
+おばさん
+おまいり
+おめでとう
+おもいで
+おもう
+おもたい
+おもちゃ
+おやつ
+おやゆび
+およぼす
+おらんだ
+おろす
+おんがく
+おんけい
+おんしゃ
+おんせん
+おんだん
+おんちゅう
+おんどけい
+かあつ
+かいが
+がいき
+がいけん
+がいこう
+かいさつ
+かいしゃ
+かいすいよく
+かいぜん
+かいぞうど
+かいつう
+かいてん
+かいとう
+かいふく
+がいへき
+かいほう
+かいよう
+がいらい
+かいわ
+かえる
+かおり
+かかえる
+かがく
+かがし
+かがみ
+かくご
+かくとく
+かざる
+がぞう
+かたい
+かたち
+がちょう
+がっきゅう
+がっこう
+がっさん
+がっしょう
+かなざわし
+かのう
+がはく
+かぶか
+かほう
+かほご
+かまう
+かまぼこ
+かめれおん
+かゆい
+かようび
+からい
+かるい
+かろう
+かわく
+かわら
+がんか
+かんけい
+かんこう
+かんしゃ
+かんそう
+かんたん
+かんち
+がんばる
+きあい
+きあつ
+きいろ
+ぎいん
+きうい
+きうん
+きえる
+きおう
+きおく
+きおち
+きおん
+きかい
+きかく
+きかんしゃ
+ききて
+きくばり
+きくらげ
+きけんせい
+きこう
+きこえる
+きこく
+きさい
+きさく
+きさま
+きさらぎ
+ぎじかがく
+ぎしき
+ぎじたいけん
+ぎじにってい
+ぎじゅつしゃ
+きすう
+きせい
+きせき
+きせつ
+きそう
+きぞく
+きぞん
+きたえる
+きちょう
+きつえん
+ぎっちり
+きつつき
+きつね
+きてい
+きどう
+きどく
+きない
+きなが
+きなこ
+きぬごし
+きねん
+きのう
+きのした
+きはく
+きびしい
+きひん
+きふく
+きぶん
+きぼう
+きほん
+きまる
+きみつ
+きむずかしい
+きめる
+きもだめし
+きもち
+きもの
+きゃく
+きやく
+ぎゅうにく
+きよう
+きょうりゅう
+きらい
+きらく
+きりん
+きれい
+きれつ
+きろく
+ぎろん
+きわめる
+ぎんいろ
+きんかくじ
+きんじょ
+きんようび
+ぐあい
+くいず
+くうかん
+くうき
+くうぐん
+くうこう
+ぐうせい
+くうそう
+ぐうたら
+くうふく
+くうぼ
+くかん
+くきょう
+くげん
+ぐこう
+くさい
+くさき
+くさばな
+くさる
+くしゃみ
+くしょう
+くすのき
+くすりゆび
+くせげ
+くせん
+ぐたいてき
+くださる
+くたびれる
+くちこみ
+くちさき
+くつした
+ぐっすり
+くつろぐ
+くとうてん
+くどく
+くなん
+くねくね
+くのう
+くふう
+くみあわせ
+くみたてる
+くめる
+くやくしょ
+くらす
+くらべる
+くるま
+くれる
+くろう
+くわしい
+ぐんかん
+ぐんしょく
+ぐんたい
+ぐんて
+けあな
+けいかく
+けいけん
+けいこ
+けいさつ
+げいじゅつ
+けいたい
+げいのうじん
+けいれき
+けいろ
+けおとす
+けおりもの
+げきか
+げきげん
+げきだん
+げきちん
+げきとつ
+げきは
+げきやく
+げこう
+げこくじょう
+げざい
+けさき
+げざん
+けしき
+けしごむ
+けしょう
+げすと
+けたば
+けちゃっぷ
+けちらす
+けつあつ
+けつい
+けつえき
+けっこん
+けつじょ
+けっせき
+けってい
+けつまつ
+げつようび
+げつれい
+けつろん
+げどく
+けとばす
+けとる
+けなげ
+けなす
+けなみ
+けぬき
+げねつ
+けねん
+けはい
+げひん
+けぶかい
+げぼく
+けまり
+けみかる
+けむし
+けむり
+けもの
+けらい
+けろけろ
+けわしい
+けんい
+けんえつ
+けんお
+けんか
+げんき
+けんげん
+けんこう
+けんさく
+けんしゅう
+けんすう
+げんそう
+けんちく
+けんてい
+けんとう
+けんない
+けんにん
+げんぶつ
+けんま
+けんみん
+けんめい
+けんらん
+けんり
+こあくま
+こいぬ
+こいびと
+ごうい
+こうえん
+こうおん
+こうかん
+ごうきゅう
+ごうけい
+こうこう
+こうさい
+こうじ
+こうすい
+ごうせい
+こうそく
+こうたい
+こうちゃ
+こうつう
+こうてい
+こうどう
+こうない
+こうはい
+ごうほう
+ごうまん
+こうもく
+こうりつ
+こえる
+こおり
+ごかい
+ごがつ
+ごかん
+こくご
+こくさい
+こくとう
+こくない
+こくはく
+こぐま
+こけい
+こける
+ここのか
+こころ
+こさめ
+こしつ
+こすう
+こせい
+こせき
+こぜん
+こそだて
+こたい
+こたえる
+こたつ
+こちょう
+こっか
+こつこつ
+こつばん
+こつぶ
+こてい
+こてん
+ことがら
+ことし
+ことば
+ことり
+こなごな
+こねこね
+このまま
+このみ
+このよ
+ごはん
+こひつじ
+こふう
+こふん
+こぼれる
+ごまあぶら
+こまかい
+ごますり
+こまつな
+こまる
+こむぎこ
+こもじ
+こもち
+こもの
+こもん
+こやく
+こやま
+こゆう
+こゆび
+こよい
+こよう
+こりる
+これくしょん
+ころっけ
+こわもて
+こわれる
+こんいん
+こんかい
+こんき
+こんしゅう
+こんすい
+こんだて
+こんとん
+こんなん
+こんびに
+こんぽん
+こんまけ
+こんや
+こんれい
+こんわく
+ざいえき
+さいかい
+さいきん
+ざいげん
+ざいこ
+さいしょ
+さいせい
+ざいたく
+ざいちゅう
+さいてき
+ざいりょう
+さうな
+さかいし
+さがす
+さかな
+さかみち
+さがる
+さぎょう
+さくし
+さくひん
+さくら
+さこく
+さこつ
+さずかる
+ざせき
+さたん
+さつえい
+ざつおん
+ざっか
+ざつがく
+さっきょく
+ざっし
+さつじん
+ざっそう
+さつたば
+さつまいも
+さてい
+さといも
+さとう
+さとおや
+さとし
+さとる
+さのう
+さばく
+さびしい
+さべつ
+さほう
+さほど
+さます
+さみしい
+さみだれ
+さむけ
+さめる
+さやえんどう
+さゆう
+さよう
+さよく
+さらだ
+ざるそば
+さわやか
+さわる
+さんいん
+さんか
+さんきゃく
+さんこう
+さんさい
+ざんしょ
+さんすう
+さんせい
+さんそ
+さんち
+さんま
+さんみ
+さんらん
+しあい
+しあげ
+しあさって
+しあわせ
+しいく
+しいん
+しうち
+しえい
+しおけ
+しかい
+しかく
+じかん
+しごと
+しすう
+じだい
+したうけ
+したぎ
+したて
+したみ
+しちょう
+しちりん
+しっかり
+しつじ
+しつもん
+してい
+してき
+してつ
+じてん
+じどう
+しなぎれ
+しなもの
+しなん
+しねま
+しねん
+しのぐ
+しのぶ
+しはい
+しばかり
+しはつ
+しはらい
+しはん
+しひょう
+しふく
+じぶん
+しへい
+しほう
+しほん
+しまう
+しまる
+しみん
+しむける
+じむしょ
+しめい
+しめる
+しもん
+しゃいん
+しゃうん
+しゃおん
+じゃがいも
+しやくしょ
+しゃくほう
+しゃけん
+しゃこ
+しゃざい
+しゃしん
+しゃせん
+しゃそう
+しゃたい
+しゃちょう
+しゃっきん
+じゃま
+しゃりん
+しゃれい
+じゆう
+じゅうしょ
+しゅくはく
+じゅしん
+しゅっせき
+しゅみ
+しゅらば
+じゅんばん
+しょうかい
+しょくたく
+しょっけん
+しょどう
+しょもつ
+しらせる
+しらべる
+しんか
+しんこう
+じんじゃ
+しんせいじ
+しんちく
+しんりん
+すあげ
+すあし
+すあな
+ずあん
+すいえい
+すいか
+すいとう
+ずいぶん
+すいようび
+すうがく
+すうじつ
+すうせん
+すおどり
+すきま
+すくう
+すくない
+すける
+すごい
+すこし
+ずさん
+すずしい
+すすむ
+すすめる
+すっかり
+ずっしり
+ずっと
+すてき
+すてる
+すねる
+すのこ
+すはだ
+すばらしい
+ずひょう
+ずぶぬれ
+すぶり
+すふれ
+すべて
+すべる
+ずほう
+すぼん
+すまい
+すめし
+すもう
+すやき
+すらすら
+するめ
+すれちがう
+すろっと
+すわる
+すんぜん
+すんぽう
+せあぶら
+せいかつ
+せいげん
+せいじ
+せいよう
+せおう
+せかいかん
+せきにん
+せきむ
+せきゆ
+せきらんうん
+せけん
+せこう
+せすじ
+せたい
+せたけ
+せっかく
+せっきゃく
+ぜっく
+せっけん
+せっこつ
+せっさたくま
+せつぞく
+せつだん
+せつでん
+せっぱん
+せつび
+せつぶん
+せつめい
+せつりつ
+せなか
+せのび
+せはば
+せびろ
+せぼね
+せまい
+せまる
+せめる
+せもたれ
+せりふ
+ぜんあく
+せんい
+せんえい
+せんか
+せんきょ
+せんく
+せんげん
+ぜんご
+せんさい
+せんしゅ
+せんすい
+せんせい
+せんぞ
+せんたく
+せんちょう
+せんてい
+せんとう
+せんぬき
+せんねん
+せんぱい
+ぜんぶ
+ぜんぽう
+せんむ
+せんめんじょ
+せんもん
+せんやく
+せんゆう
+せんよう
+ぜんら
+ぜんりゃく
+せんれい
+せんろ
+そあく
+そいとげる
+そいね
+そうがんきょう
+そうき
+そうご
+そうしん
+そうだん
+そうなん
+そうび
+そうめん
+そうり
+そえもの
+そえん
+そがい
+そげき
+そこう
+そこそこ
+そざい
+そしな
+そせい
+そせん
+そそぐ
+そだてる
+そつう
+そつえん
+そっかん
+そつぎょう
+そっけつ
+そっこう
+そっせん
+そっと
+そとがわ
+そとづら
+そなえる
+そなた
+そふぼ
+そぼく
+そぼろ
+そまつ
+そまる
+そむく
+そむりえ
+そめる
+そもそも
+そよかぜ
+そらまめ
+そろう
+そんかい
+そんけい
+そんざい
+そんしつ
+そんぞく
+そんちょう
+ぞんび
+ぞんぶん
+そんみん
+たあい
+たいいん
+たいうん
+たいえき
+たいおう
+だいがく
+たいき
+たいぐう
+たいけん
+たいこ
+たいざい
+だいじょうぶ
+だいすき
+たいせつ
+たいそう
+だいたい
+たいちょう
+たいてい
+だいどころ
+たいない
+たいねつ
+たいのう
+たいはん
+だいひょう
+たいふう
+たいへん
+たいほ
+たいまつばな
+たいみんぐ
+たいむ
+たいめん
+たいやき
+たいよう
+たいら
+たいりょく
+たいる
+たいわん
+たうえ
+たえる
+たおす
+たおる
+たおれる
+たかい
+たかね
+たきび
+たくさん
+たこく
+たこやき
+たさい
+たしざん
+だじゃれ
+たすける
+たずさわる
+たそがれ
+たたかう
+たたく
+ただしい
+たたみ
+たちばな
+だっかい
+だっきゃく
+だっこ
+だっしゅつ
+だったい
+たてる
+たとえる
+たなばた
+たにん
+たぬき
+たのしみ
+たはつ
+たぶん
+たべる
+たぼう
+たまご
+たまる
+だむる
+ためいき
+ためす
+ためる
+たもつ
+たやすい
+たよる
+たらす
+たりきほんがん
+たりょう
+たりる
+たると
+たれる
+たれんと
+たろっと
+たわむれる
+だんあつ
+たんい
+たんおん
+たんか
+たんき
+たんけん
+たんご
+たんさん
+たんじょうび
+だんせい
+たんそく
+たんたい
+だんち
+たんてい
+たんとう
+だんな
+たんにん
+だんねつ
+たんのう
+たんぴん
+だんぼう
+たんまつ
+たんめい
+だんれつ
+だんろ
+だんわ
+ちあい
+ちあん
+ちいき
+ちいさい
+ちえん
+ちかい
+ちから
+ちきゅう
+ちきん
+ちけいず
+ちけん
+ちこく
+ちさい
+ちしき
+ちしりょう
+ちせい
+ちそう
+ちたい
+ちたん
+ちちおや
+ちつじょ
+ちてき
+ちてん
+ちぬき
+ちぬり
+ちのう
+ちひょう
+ちへいせん
+ちほう
+ちまた
+ちみつ
+ちみどろ
+ちめいど
+ちゃんこなべ
+ちゅうい
+ちゆりょく
+ちょうし
+ちょさくけん
+ちらし
+ちらみ
+ちりがみ
+ちりょう
+ちるど
+ちわわ
+ちんたい
+ちんもく
+ついか
+ついたち
+つうか
+つうじょう
+つうはん
+つうわ
+つかう
+つかれる
+つくね
+つくる
+つけね
+つける
+つごう
+つたえる
+つづく
+つつじ
+つつむ
+つとめる
+つながる
+つなみ
+つねづね
+つのる
+つぶす
+つまらない
+つまる
+つみき
+つめたい
+つもり
+つもる
+つよい
+つるぼ
+つるみく
+つわもの
+つわり
+てあし
+てあて
+てあみ
+ていおん
+ていか
+ていき
+ていけい
+ていこく
+ていさつ
+ていし
+ていせい
+ていたい
+ていど
+ていねい
+ていひょう
+ていへん
+ていぼう
+てうち
+ておくれ
+てきとう
+てくび
+でこぼこ
+てさぎょう
+てさげ
+てすり
+てそう
+てちがい
+てちょう
+てつがく
+てつづき
+でっぱ
+てつぼう
+てつや
+でぬかえ
+てぬき
+てぬぐい
+てのひら
+てはい
+てぶくろ
+てふだ
+てほどき
+てほん
+てまえ
+てまきずし
+てみじか
+てみやげ
+てらす
+てれび
+てわけ
+てわたし
+でんあつ
+てんいん
+てんかい
+てんき
+てんぐ
+てんけん
+てんごく
+てんさい
+てんし
+てんすう
+でんち
+てんてき
+てんとう
+てんない
+てんぷら
+てんぼうだい
+てんめつ
+てんらんかい
+でんりょく
+でんわ
+どあい
+といれ
+どうかん
+とうきゅう
+どうぐ
+とうし
+とうむぎ
+とおい
+とおか
+とおく
+とおす
+とおる
+とかい
+とかす
+ときおり
+ときどき
+とくい
+とくしゅう
+とくてん
+とくに
+とくべつ
+とけい
+とける
+とこや
+とさか
+としょかん
+とそう
+とたん
+とちゅう
+とっきゅう
+とっくん
+とつぜん
+とつにゅう
+とどける
+ととのえる
+とない
+となえる
+となり
+とのさま
+とばす
+どぶがわ
+とほう
+とまる
+とめる
+ともだち
+ともる
+どようび
+とらえる
+とんかつ
+どんぶり
+ないかく
+ないこう
+ないしょ
+ないす
+ないせん
+ないそう
+なおす
+ながい
+なくす
+なげる
+なこうど
+なさけ
+なたでここ
+なっとう
+なつやすみ
+ななおし
+なにごと
+なにもの
+なにわ
+なのか
+なふだ
+なまいき
+なまえ
+なまみ
+なみだ
+なめらか
+なめる
+なやむ
+ならう
+ならび
+ならぶ
+なれる
+なわとび
+なわばり
+にあう
+にいがた
+にうけ
+におい
+にかい
+にがて
+にきび
+にくしみ
+にくまん
+にげる
+にさんかたんそ
+にしき
+にせもの
+にちじょう
+にちようび
+にっか
+にっき
+にっけい
+にっこう
+にっさん
+にっしょく
+にっすう
+にっせき
+にってい
+になう
+にほん
+にまめ
+にもつ
+にやり
+にゅういん
+にりんしゃ
+にわとり
+にんい
+にんか
+にんき
+にんげん
+にんしき
+にんずう
+にんそう
+にんたい
+にんち
+にんてい
+にんにく
+にんぷ
+にんまり
+にんむ
+にんめい
+にんよう
+ぬいくぎ
+ぬかす
+ぬぐいとる
+ぬぐう
+ぬくもり
+ぬすむ
+ぬまえび
+ぬめり
+ぬらす
+ぬんちゃく
+ねあげ
+ねいき
+ねいる
+ねいろ
+ねぐせ
+ねくたい
+ねくら
+ねこぜ
+ねこむ
+ねさげ
+ねすごす
+ねそべる
+ねだん
+ねつい
+ねっしん
+ねつぞう
+ねったいぎょ
+ねぶそく
+ねふだ
+ねぼう
+ねほりはほり
+ねまき
+ねまわし
+ねみみ
+ねむい
+ねむたい
+ねもと
+ねらう
+ねわざ
+ねんいり
+ねんおし
+ねんかん
+ねんきん
+ねんぐ
+ねんざ
+ねんし
+ねんちゃく
+ねんど
+ねんぴ
+ねんぶつ
+ねんまつ
+ねんりょう
+ねんれい
+のいず
+のおづま
+のがす
+のきなみ
+のこぎり
+のこす
+のこる
+のせる
+のぞく
+のぞむ
+のたまう
+のちほど
+のっく
+のばす
+のはら
+のべる
+のぼる
+のみもの
+のやま
+のらいぬ
+のらねこ
+のりもの
+のりゆき
+のれん
+のんき
+ばあい
+はあく
+ばあさん
+ばいか
+ばいく
+はいけん
+はいご
+はいしん
+はいすい
+はいせん
+はいそう
+はいち
+ばいばい
+はいれつ
+はえる
+はおる
+はかい
+ばかり
+はかる
+はくしゅ
+はけん
+はこぶ
+はさみ
+はさん
+はしご
+ばしょ
+はしる
+はせる
+ぱそこん
+はそん
+はたん
+はちみつ
+はつおん
+はっかく
+はづき
+はっきり
+はっくつ
+はっけん
+はっこう
+はっさん
+はっしん
+はったつ
+はっちゅう
+はってん
+はっぴょう
+はっぽう
+はなす
+はなび
+はにかむ
+はぶらし
+はみがき
+はむかう
+はめつ
+はやい
+はやし
+はらう
+はろうぃん
+はわい
+はんい
+はんえい
+はんおん
+はんかく
+はんきょう
+ばんぐみ
+はんこ
+はんしゃ
+はんすう
+はんだん
+ぱんち
+ぱんつ
+はんてい
+はんとし
+はんのう
+はんぱ
+はんぶん
+はんぺん
+はんぼうき
+はんめい
+はんらん
+はんろん
+ひいき
+ひうん
+ひえる
+ひかく
+ひかり
+ひかる
+ひかん
+ひくい
+ひけつ
+ひこうき
+ひこく
+ひさい
+ひさしぶり
+ひさん
+びじゅつかん
+ひしょ
+ひそか
+ひそむ
+ひたむき
+ひだり
+ひたる
+ひつぎ
+ひっこし
+ひっし
+ひつじゅひん
+ひっす
+ひつぜん
+ぴったり
+ぴっちり
+ひつよう
+ひてい
+ひとごみ
+ひなまつり
+ひなん
+ひねる
+ひはん
+ひびく
+ひひょう
+ひほう
+ひまわり
+ひまん
+ひみつ
+ひめい
+ひめじし
+ひやけ
+ひやす
+ひよう
+びょうき
+ひらがな
+ひらく
+ひりつ
+ひりょう
+ひるま
+ひるやすみ
+ひれい
+ひろい
+ひろう
+ひろき
+ひろゆき
+ひんかく
+ひんけつ
+ひんこん
+ひんしゅ
+ひんそう
+ぴんち
+ひんぱん
+びんぼう
+ふあん
+ふいうち
+ふうけい
+ふうせん
+ぷうたろう
+ふうとう
+ふうふ
+ふえる
+ふおん
+ふかい
+ふきん
+ふくざつ
+ふくぶくろ
+ふこう
+ふさい
+ふしぎ
+ふじみ
+ふすま
+ふせい
+ふせぐ
+ふそく
+ぶたにく
+ふたん
+ふちょう
+ふつう
+ふつか
+ふっかつ
+ふっき
+ふっこく
+ぶどう
+ふとる
+ふとん
+ふのう
+ふはい
+ふひょう
+ふへん
+ふまん
+ふみん
+ふめつ
+ふめん
+ふよう
+ふりこ
+ふりる
+ふるい
+ふんいき
+ぶんがく
+ぶんぐ
+ふんしつ
+ぶんせき
+ふんそう
+ぶんぽう
+へいあん
+へいおん
+へいがい
+へいき
+へいげん
+へいこう
+へいさ
+へいしゃ
+へいせつ
+へいそ
+へいたく
+へいてん
+へいねつ
+へいわ
+へきが
+へこむ
+べにいろ
+べにしょうが
+へらす
+へんかん
+べんきょう
+べんごし
+へんさい
+へんたい
+べんり
+ほあん
+ほいく
+ぼうぎょ
+ほうこく
+ほうそう
+ほうほう
+ほうもん
+ほうりつ
+ほえる
+ほおん
+ほかん
+ほきょう
+ぼきん
+ほくろ
+ほけつ
+ほけん
+ほこう
+ほこる
+ほしい
+ほしつ
+ほしゅ
+ほしょう
+ほせい
+ほそい
+ほそく
+ほたて
+ほたる
+ぽちぶくろ
+ほっきょく
+ほっさ
+ほったん
+ほとんど
+ほめる
+ほんい
+ほんき
+ほんけ
+ほんしつ
+ほんやく
+まいにち
+まかい
+まかせる
+まがる
+まける
+まこと
+まさつ
+まじめ
+ますく
+まぜる
+まつり
+まとめ
+まなぶ
+まぬけ
+まねく
+まほう
+まもる
+まゆげ
+まよう
+まろやか
+まわす
+まわり
+まわる
+まんが
+まんきつ
+まんぞく
+まんなか
+みいら
+みうち
+みえる
+みがく
+みかた
+みかん
+みけん
+みこん
+みじかい
+みすい
+みすえる
+みせる
+みっか
+みつかる
+みつける
+みてい
+みとめる
+みなと
+みなみかさい
+みねらる
+みのう
+みのがす
+みほん
+みもと
+みやげ
+みらい
+みりょく
+みわく
+みんか
+みんぞく
+むいか
+むえき
+むえん
+むかい
+むかう
+むかえ
+むかし
+むぎちゃ
+むける
+むげん
+むさぼる
+むしあつい
+むしば
+むじゅん
+むしろ
+むすう
+むすこ
+むすぶ
+むすめ
+むせる
+むせん
+むちゅう
+むなしい
+むのう
+むやみ
+むよう
+むらさき
+むりょう
+むろん
+めいあん
+めいうん
+めいえん
+めいかく
+めいきょく
+めいさい
+めいし
+めいそう
+めいぶつ
+めいれい
+めいわく
+めぐまれる
+めざす
+めした
+めずらしい
+めだつ
+めまい
+めやす
+めんきょ
+めんせき
+めんどう
+もうしあげる
+もうどうけん
+もえる
+もくし
+もくてき
+もくようび
+もちろん
+もどる
+もらう
+もんく
+もんだい
+やおや
+やける
+やさい
+やさしい
+やすい
+やすたろう
+やすみ
+やせる
+やそう
+やたい
+やちん
+やっと
+やっぱり
+やぶる
+やめる
+ややこしい
+やよい
+やわらかい
+ゆうき
+ゆうびんきょく
+ゆうべ
+ゆうめい
+ゆけつ
+ゆしゅつ
+ゆせん
+ゆそう
+ゆたか
+ゆちゃく
+ゆでる
+ゆにゅう
+ゆびわ
+ゆらい
+ゆれる
+ようい
+ようか
+ようきゅう
+ようじ
+ようす
+ようちえん
+よかぜ
+よかん
+よきん
+よくせい
+よくぼう
+よけい
+よごれる
+よさん
+よしゅう
+よそう
+よそく
+よっか
+よてい
+よどがわく
+よねつ
+よやく
+よゆう
+よろこぶ
+よろしい
+らいう
+らくがき
+らくご
+らくさつ
+らくだ
+らしんばん
+らせん
+らぞく
+らたい
+らっか
+られつ
+りえき
+りかい
+りきさく
+りきせつ
+りくぐん
+りくつ
+りけん
+りこう
+りせい
+りそう
+りそく
+りてん
+りねん
+りゆう
+りゅうがく
+りよう
+りょうり
+りょかん
+りょくちゃ
+りょこう
+りりく
+りれき
+りろん
+りんご
+るいけい
+るいさい
+るいじ
+るいせき
+るすばん
+るりがわら
+れいかん
+れいぎ
+れいせい
+れいぞうこ
+れいとう
+れいぼう
+れきし
+れきだい
+れんあい
+れんけい
+れんこん
+れんさい
+れんしゅう
+れんぞく
+れんらく
+ろうか
+ろうご
+ろうじん
+ろうそく
+ろくが
+ろこつ
+ろじうら
+ろしゅつ
+ろせん
+ろてん
+ろめん
+ろれつ
+ろんぎ
+ろんぱ
+ろんぶん
+ろんり
+わかす
+わかめ
+わかやま
+わかれる
+わしつ
+わじまし
+わすれもの
+わらう
+われる
diff --git a/bip-0039/spanish.txt b/bip-0039/spanish.txt
new file mode 100644
index 00000000..d0900c2c
--- /dev/null
+++ b/bip-0039/spanish.txt
@@ -0,0 +1,2048 @@
+ábaco
+abdomen
+abeja
+abierto
+abogado
+abono
+aborto
+abrazo
+abrir
+abuelo
+abuso
+acabar
+academia
+acceso
+acción
+aceite
+acelga
+acento
+aceptar
+ácido
+aclarar
+acné
+acoger
+acoso
+activo
+acto
+actriz
+actuar
+acudir
+acuerdo
+acusar
+adicto
+admitir
+adoptar
+adorno
+aduana
+adulto
+aéreo
+afectar
+afición
+afinar
+afirmar
+ágil
+agitar
+agonía
+agosto
+agotar
+agregar
+agrio
+agua
+agudo
+águila
+aguja
+ahogo
+ahorro
+aire
+aislar
+ajedrez
+ajeno
+ajuste
+alacrán
+alambre
+alarma
+alba
+álbum
+alcalde
+aldea
+alegre
+alejar
+alerta
+aleta
+alfiler
+alga
+algodón
+aliado
+aliento
+alivio
+alma
+almeja
+almíbar
+altar
+alteza
+altivo
+alto
+altura
+alumno
+alzar
+amable
+amante
+amapola
+amargo
+amasar
+ámbar
+ámbito
+ameno
+amigo
+amistad
+amor
+amparo
+amplio
+ancho
+anciano
+ancla
+andar
+andén
+anemia
+ángulo
+anillo
+ánimo
+anís
+anotar
+antena
+antiguo
+antojo
+anual
+anular
+anuncio
+añadir
+añejo
+año
+apagar
+aparato
+apetito
+apio
+aplicar
+apodo
+aporte
+apoyo
+aprender
+aprobar
+apuesta
+apuro
+arado
+araña
+arar
+árbitro
+árbol
+arbusto
+archivo
+arco
+arder
+ardilla
+arduo
+área
+árido
+aries
+armonía
+arnés
+aroma
+arpa
+arpón
+arreglo
+arroz
+arruga
+arte
+artista
+asa
+asado
+asalto
+ascenso
+asegurar
+aseo
+asesor
+asiento
+asilo
+asistir
+asno
+asombro
+áspero
+astilla
+astro
+astuto
+asumir
+asunto
+atajo
+ataque
+atar
+atento
+ateo
+ático
+atleta
+átomo
+atraer
+atroz
+atún
+audaz
+audio
+auge
+aula
+aumento
+ausente
+autor
+aval
+avance
+avaro
+ave
+avellana
+avena
+avestruz
+avión
+aviso
+ayer
+ayuda
+ayuno
+azafrán
+azar
+azote
+azúcar
+azufre
+azul
+baba
+babor
+bache
+bahía
+baile
+bajar
+balanza
+balcón
+balde
+bambú
+banco
+banda
+baño
+barba
+barco
+barniz
+barro
+báscula
+bastón
+basura
+batalla
+batería
+batir
+batuta
+baúl
+bazar
+bebé
+bebida
+bello
+besar
+beso
+bestia
+bicho
+bien
+bingo
+blanco
+bloque
+blusa
+boa
+bobina
+bobo
+boca
+bocina
+boda
+bodega
+boina
+bola
+bolero
+bolsa
+bomba
+bondad
+bonito
+bono
+bonsái
+borde
+borrar
+bosque
+bote
+botín
+bóveda
+bozal
+bravo
+brazo
+brecha
+breve
+brillo
+brinco
+brisa
+broca
+broma
+bronce
+brote
+bruja
+brusco
+bruto
+buceo
+bucle
+bueno
+buey
+bufanda
+bufón
+búho
+buitre
+bulto
+burbuja
+burla
+burro
+buscar
+butaca
+buzón
+caballo
+cabeza
+cabina
+cabra
+cacao
+cadáver
+cadena
+caer
+café
+caída
+caimán
+caja
+cajón
+cal
+calamar
+calcio
+caldo
+calidad
+calle
+calma
+calor
+calvo
+cama
+cambio
+camello
+camino
+campo
+cáncer
+candil
+canela
+canguro
+canica
+canto
+caña
+cañón
+caoba
+caos
+capaz
+capitán
+capote
+captar
+capucha
+cara
+carbón
+cárcel
+careta
+carga
+cariño
+carne
+carpeta
+carro
+carta
+casa
+casco
+casero
+caspa
+castor
+catorce
+catre
+caudal
+causa
+cazo
+cebolla
+ceder
+cedro
+celda
+célebre
+celoso
+célula
+cemento
+ceniza
+centro
+cerca
+cerdo
+cereza
+cero
+cerrar
+certeza
+césped
+cetro
+chacal
+chaleco
+champú
+chancla
+chapa
+charla
+chico
+chiste
+chivo
+choque
+choza
+chuleta
+chupar
+ciclón
+ciego
+cielo
+cien
+cierto
+cifra
+cigarro
+cima
+cinco
+cine
+cinta
+ciprés
+circo
+ciruela
+cisne
+cita
+ciudad
+clamor
+clan
+claro
+clase
+clave
+cliente
+clima
+clínica
+cobre
+cocción
+cochino
+cocina
+coco
+código
+codo
+cofre
+coger
+cohete
+cojín
+cojo
+cola
+colcha
+colegio
+colgar
+colina
+collar
+colmo
+columna
+combate
+comer
+comida
+cómodo
+compra
+conde
+conejo
+conga
+conocer
+consejo
+contar
+copa
+copia
+corazón
+corbata
+corcho
+cordón
+corona
+correr
+coser
+cosmos
+costa
+cráneo
+cráter
+crear
+crecer
+creído
+crema
+cría
+crimen
+cripta
+crisis
+cromo
+crónica
+croqueta
+crudo
+cruz
+cuadro
+cuarto
+cuatro
+cubo
+cubrir
+cuchara
+cuello
+cuento
+cuerda
+cuesta
+cueva
+cuidar
+culebra
+culpa
+culto
+cumbre
+cumplir
+cuna
+cuneta
+cuota
+cupón
+cúpula
+curar
+curioso
+curso
+curva
+cutis
+dama
+danza
+dar
+dardo
+dátil
+deber
+débil
+década
+decir
+dedo
+defensa
+definir
+dejar
+delfín
+delgado
+delito
+demora
+denso
+dental
+deporte
+derecho
+derrota
+desayuno
+deseo
+desfile
+desnudo
+destino
+desvío
+detalle
+detener
+deuda
+día
+diablo
+diadema
+diamante
+diana
+diario
+dibujo
+dictar
+diente
+dieta
+diez
+difícil
+digno
+dilema
+diluir
+dinero
+directo
+dirigir
+disco
+diseño
+disfraz
+diva
+divino
+doble
+doce
+dolor
+domingo
+don
+donar
+dorado
+dormir
+dorso
+dos
+dosis
+dragón
+droga
+ducha
+duda
+duelo
+dueño
+dulce
+dúo
+duque
+durar
+dureza
+duro
+ébano
+ebrio
+echar
+eco
+ecuador
+edad
+edición
+edificio
+editor
+educar
+efecto
+eficaz
+eje
+ejemplo
+elefante
+elegir
+elemento
+elevar
+elipse
+élite
+elixir
+elogio
+eludir
+embudo
+emitir
+emoción
+empate
+empeño
+empleo
+empresa
+enano
+encargo
+enchufe
+encía
+enemigo
+enero
+enfado
+enfermo
+engaño
+enigma
+enlace
+enorme
+enredo
+ensayo
+enseñar
+entero
+entrar
+envase
+envío
+época
+equipo
+erizo
+escala
+escena
+escolar
+escribir
+escudo
+esencia
+esfera
+esfuerzo
+espada
+espejo
+espía
+esposa
+espuma
+esquí
+estar
+este
+estilo
+estufa
+etapa
+eterno
+ética
+etnia
+evadir
+evaluar
+evento
+evitar
+exacto
+examen
+exceso
+excusa
+exento
+exigir
+exilio
+existir
+éxito
+experto
+explicar
+exponer
+extremo
+fábrica
+fábula
+fachada
+fácil
+factor
+faena
+faja
+falda
+fallo
+falso
+faltar
+fama
+familia
+famoso
+faraón
+farmacia
+farol
+farsa
+fase
+fatiga
+fauna
+favor
+fax
+febrero
+fecha
+feliz
+feo
+feria
+feroz
+fértil
+fervor
+festín
+fiable
+fianza
+fiar
+fibra
+ficción
+ficha
+fideo
+fiebre
+fiel
+fiera
+fiesta
+figura
+fijar
+fijo
+fila
+filete
+filial
+filtro
+fin
+finca
+fingir
+finito
+firma
+flaco
+flauta
+flecha
+flor
+flota
+fluir
+flujo
+flúor
+fobia
+foca
+fogata
+fogón
+folio
+folleto
+fondo
+forma
+forro
+fortuna
+forzar
+fosa
+foto
+fracaso
+frágil
+franja
+frase
+fraude
+freír
+freno
+fresa
+frío
+frito
+fruta
+fuego
+fuente
+fuerza
+fuga
+fumar
+función
+funda
+furgón
+furia
+fusil
+fútbol
+futuro
+gacela
+gafas
+gaita
+gajo
+gala
+galería
+gallo
+gamba
+ganar
+gancho
+ganga
+ganso
+garaje
+garza
+gasolina
+gastar
+gato
+gavilán
+gemelo
+gemir
+gen
+género
+genio
+gente
+geranio
+gerente
+germen
+gesto
+gigante
+gimnasio
+girar
+giro
+glaciar
+globo
+gloria
+gol
+golfo
+goloso
+golpe
+goma
+gordo
+gorila
+gorra
+gota
+goteo
+gozar
+grada
+gráfico
+grano
+grasa
+gratis
+grave
+grieta
+grillo
+gripe
+gris
+grito
+grosor
+grúa
+grueso
+grumo
+grupo
+guante
+guapo
+guardia
+guerra
+guía
+guiño
+guion
+guiso
+guitarra
+gusano
+gustar
+haber
+hábil
+hablar
+hacer
+hacha
+hada
+hallar
+hamaca
+harina
+haz
+hazaña
+hebilla
+hebra
+hecho
+helado
+helio
+hembra
+herir
+hermano
+héroe
+hervir
+hielo
+hierro
+hígado
+higiene
+hijo
+himno
+historia
+hocico
+hogar
+hoguera
+hoja
+hombre
+hongo
+honor
+honra
+hora
+hormiga
+horno
+hostil
+hoyo
+hueco
+huelga
+huerta
+hueso
+huevo
+huida
+huir
+humano
+húmedo
+humilde
+humo
+hundir
+huracán
+hurto
+icono
+ideal
+idioma
+ídolo
+iglesia
+iglú
+igual
+ilegal
+ilusión
+imagen
+imán
+imitar
+impar
+imperio
+imponer
+impulso
+incapaz
+índice
+inerte
+infiel
+informe
+ingenio
+inicio
+inmenso
+inmune
+innato
+insecto
+instante
+interés
+íntimo
+intuir
+inútil
+invierno
+ira
+iris
+ironía
+isla
+islote
+jabalí
+jabón
+jamón
+jarabe
+jardín
+jarra
+jaula
+jazmín
+jefe
+jeringa
+jinete
+jornada
+joroba
+joven
+joya
+juerga
+jueves
+juez
+jugador
+jugo
+juguete
+juicio
+junco
+jungla
+junio
+juntar
+júpiter
+jurar
+justo
+juvenil
+juzgar
+kilo
+koala
+labio
+lacio
+lacra
+lado
+ladrón
+lagarto
+lágrima
+laguna
+laico
+lamer
+lámina
+lámpara
+lana
+lancha
+langosta
+lanza
+lápiz
+largo
+larva
+lástima
+lata
+látex
+latir
+laurel
+lavar
+lazo
+leal
+lección
+leche
+lector
+leer
+legión
+legumbre
+lejano
+lengua
+lento
+leña
+león
+leopardo
+lesión
+letal
+letra
+leve
+leyenda
+libertad
+libro
+licor
+líder
+lidiar
+lienzo
+liga
+ligero
+lima
+límite
+limón
+limpio
+lince
+lindo
+línea
+lingote
+lino
+linterna
+líquido
+liso
+lista
+litera
+litio
+litro
+llaga
+llama
+llanto
+llave
+llegar
+llenar
+llevar
+llorar
+llover
+lluvia
+lobo
+loción
+loco
+locura
+lógica
+logro
+lombriz
+lomo
+lonja
+lote
+lucha
+lucir
+lugar
+lujo
+luna
+lunes
+lupa
+lustro
+luto
+luz
+maceta
+macho
+madera
+madre
+maduro
+maestro
+mafia
+magia
+mago
+maíz
+maldad
+maleta
+malla
+malo
+mamá
+mambo
+mamut
+manco
+mando
+manejar
+manga
+maniquí
+manjar
+mano
+manso
+manta
+mañana
+mapa
+máquina
+mar
+marco
+marea
+marfil
+margen
+marido
+mármol
+marrón
+martes
+marzo
+masa
+máscara
+masivo
+matar
+materia
+matiz
+matriz
+máximo
+mayor
+mazorca
+mecha
+medalla
+medio
+médula
+mejilla
+mejor
+melena
+melón
+memoria
+menor
+mensaje
+mente
+menú
+mercado
+merengue
+mérito
+mes
+mesón
+meta
+meter
+método
+metro
+mezcla
+miedo
+miel
+miembro
+miga
+mil
+milagro
+militar
+millón
+mimo
+mina
+minero
+mínimo
+minuto
+miope
+mirar
+misa
+miseria
+misil
+mismo
+mitad
+mito
+mochila
+moción
+moda
+modelo
+moho
+mojar
+molde
+moler
+molino
+momento
+momia
+monarca
+moneda
+monja
+monto
+moño
+morada
+morder
+moreno
+morir
+morro
+morsa
+mortal
+mosca
+mostrar
+motivo
+mover
+móvil
+mozo
+mucho
+mudar
+mueble
+muela
+muerte
+muestra
+mugre
+mujer
+mula
+muleta
+multa
+mundo
+muñeca
+mural
+muro
+músculo
+museo
+musgo
+música
+muslo
+nácar
+nación
+nadar
+naipe
+naranja
+nariz
+narrar
+nasal
+natal
+nativo
+natural
+náusea
+naval
+nave
+navidad
+necio
+néctar
+negar
+negocio
+negro
+neón
+nervio
+neto
+neutro
+nevar
+nevera
+nicho
+nido
+niebla
+nieto
+niñez
+niño
+nítido
+nivel
+nobleza
+noche
+nómina
+noria
+norma
+norte
+nota
+noticia
+novato
+novela
+novio
+nube
+nuca
+núcleo
+nudillo
+nudo
+nuera
+nueve
+nuez
+nulo
+número
+nutria
+oasis
+obeso
+obispo
+objeto
+obra
+obrero
+observar
+obtener
+obvio
+oca
+ocaso
+océano
+ochenta
+ocho
+ocio
+ocre
+octavo
+octubre
+oculto
+ocupar
+ocurrir
+odiar
+odio
+odisea
+oeste
+ofensa
+oferta
+oficio
+ofrecer
+ogro
+oído
+oír
+ojo
+ola
+oleada
+olfato
+olivo
+olla
+olmo
+olor
+olvido
+ombligo
+onda
+onza
+opaco
+opción
+ópera
+opinar
+oponer
+optar
+óptica
+opuesto
+oración
+orador
+oral
+órbita
+orca
+orden
+oreja
+órgano
+orgía
+orgullo
+oriente
+origen
+orilla
+oro
+orquesta
+oruga
+osadía
+oscuro
+osezno
+oso
+ostra
+otoño
+otro
+oveja
+óvulo
+óxido
+oxígeno
+oyente
+ozono
+pacto
+padre
+paella
+página
+pago
+país
+pájaro
+palabra
+palco
+paleta
+pálido
+palma
+paloma
+palpar
+pan
+panal
+pánico
+pantera
+pañuelo
+papá
+papel
+papilla
+paquete
+parar
+parcela
+pared
+parir
+paro
+párpado
+parque
+párrafo
+parte
+pasar
+paseo
+pasión
+paso
+pasta
+pata
+patio
+patria
+pausa
+pauta
+pavo
+payaso
+peatón
+pecado
+pecera
+pecho
+pedal
+pedir
+pegar
+peine
+pelar
+peldaño
+pelea
+peligro
+pellejo
+pelo
+peluca
+pena
+pensar
+peñón
+peón
+peor
+pepino
+pequeño
+pera
+percha
+perder
+pereza
+perfil
+perico
+perla
+permiso
+perro
+persona
+pesa
+pesca
+pésimo
+pestaña
+pétalo
+petróleo
+pez
+pezuña
+picar
+pichón
+pie
+piedra
+pierna
+pieza
+pijama
+pilar
+piloto
+pimienta
+pino
+pintor
+pinza
+piña
+piojo
+pipa
+pirata
+pisar
+piscina
+piso
+pista
+pitón
+pizca
+placa
+plan
+plata
+playa
+plaza
+pleito
+pleno
+plomo
+pluma
+plural
+pobre
+poco
+poder
+podio
+poema
+poesía
+poeta
+polen
+policía
+pollo
+polvo
+pomada
+pomelo
+pomo
+pompa
+poner
+porción
+portal
+posada
+poseer
+posible
+poste
+potencia
+potro
+pozo
+prado
+precoz
+pregunta
+premio
+prensa
+preso
+previo
+primo
+príncipe
+prisión
+privar
+proa
+probar
+proceso
+producto
+proeza
+profesor
+programa
+prole
+promesa
+pronto
+propio
+próximo
+prueba
+público
+puchero
+pudor
+pueblo
+puerta
+puesto
+pulga
+pulir
+pulmón
+pulpo
+pulso
+puma
+punto
+puñal
+puño
+pupa
+pupila
+puré
+quedar
+queja
+quemar
+querer
+queso
+quieto
+química
+quince
+quitar
+rábano
+rabia
+rabo
+ración
+radical
+raíz
+rama
+rampa
+rancho
+rango
+rapaz
+rápido
+rapto
+rasgo
+raspa
+rato
+rayo
+raza
+razón
+reacción
+realidad
+rebaño
+rebote
+recaer
+receta
+rechazo
+recoger
+recreo
+recto
+recurso
+red
+redondo
+reducir
+reflejo
+reforma
+refrán
+refugio
+regalo
+regir
+regla
+regreso
+rehén
+reino
+reír
+reja
+relato
+relevo
+relieve
+relleno
+reloj
+remar
+remedio
+remo
+rencor
+rendir
+renta
+reparto
+repetir
+reposo
+reptil
+res
+rescate
+resina
+respeto
+resto
+resumen
+retiro
+retorno
+retrato
+reunir
+revés
+revista
+rey
+rezar
+rico
+riego
+rienda
+riesgo
+rifa
+rígido
+rigor
+rincón
+riñón
+río
+riqueza
+risa
+ritmo
+rito
+rizo
+roble
+roce
+rociar
+rodar
+rodeo
+rodilla
+roer
+rojizo
+rojo
+romero
+romper
+ron
+ronco
+ronda
+ropa
+ropero
+rosa
+rosca
+rostro
+rotar
+rubí
+rubor
+rudo
+rueda
+rugir
+ruido
+ruina
+ruleta
+rulo
+rumbo
+rumor
+ruptura
+ruta
+rutina
+sábado
+saber
+sabio
+sable
+sacar
+sagaz
+sagrado
+sala
+saldo
+salero
+salir
+salmón
+salón
+salsa
+salto
+salud
+salvar
+samba
+sanción
+sandía
+sanear
+sangre
+sanidad
+sano
+santo
+sapo
+saque
+sardina
+sartén
+sastre
+satán
+sauna
+saxofón
+sección
+seco
+secreto
+secta
+sed
+seguir
+seis
+sello
+selva
+semana
+semilla
+senda
+sensor
+señal
+señor
+separar
+sepia
+sequía
+ser
+serie
+sermón
+servir
+sesenta
+sesión
+seta
+setenta
+severo
+sexo
+sexto
+sidra
+siesta
+siete
+siglo
+signo
+sílaba
+silbar
+silencio
+silla
+símbolo
+simio
+sirena
+sistema
+sitio
+situar
+sobre
+socio
+sodio
+sol
+solapa
+soldado
+soledad
+sólido
+soltar
+solución
+sombra
+sondeo
+sonido
+sonoro
+sonrisa
+sopa
+soplar
+soporte
+sordo
+sorpresa
+sorteo
+sostén
+sótano
+suave
+subir
+suceso
+sudor
+suegra
+suelo
+sueño
+suerte
+sufrir
+sujeto
+sultán
+sumar
+superar
+suplir
+suponer
+supremo
+sur
+surco
+sureño
+surgir
+susto
+sutil
+tabaco
+tabique
+tabla
+tabú
+taco
+tacto
+tajo
+talar
+talco
+talento
+talla
+talón
+tamaño
+tambor
+tango
+tanque
+tapa
+tapete
+tapia
+tapón
+taquilla
+tarde
+tarea
+tarifa
+tarjeta
+tarot
+tarro
+tarta
+tatuaje
+tauro
+taza
+tazón
+teatro
+techo
+tecla
+técnica
+tejado
+tejer
+tejido
+tela
+teléfono
+tema
+temor
+templo
+tenaz
+tender
+tener
+tenis
+tenso
+teoría
+terapia
+terco
+término
+ternura
+terror
+tesis
+tesoro
+testigo
+tetera
+texto
+tez
+tibio
+tiburón
+tiempo
+tienda
+tierra
+tieso
+tigre
+tijera
+tilde
+timbre
+tímido
+timo
+tinta
+tío
+típico
+tipo
+tira
+tirón
+titán
+títere
+título
+tiza
+toalla
+tobillo
+tocar
+tocino
+todo
+toga
+toldo
+tomar
+tono
+tonto
+topar
+tope
+toque
+tórax
+torero
+tormenta
+torneo
+toro
+torpedo
+torre
+torso
+tortuga
+tos
+tosco
+toser
+tóxico
+trabajo
+tractor
+traer
+tráfico
+trago
+traje
+tramo
+trance
+trato
+trauma
+trazar
+trébol
+tregua
+treinta
+tren
+trepar
+tres
+tribu
+trigo
+tripa
+triste
+triunfo
+trofeo
+trompa
+tronco
+tropa
+trote
+trozo
+truco
+trueno
+trufa
+tubería
+tubo
+tuerto
+tumba
+tumor
+túnel
+túnica
+turbina
+turismo
+turno
+tutor
+ubicar
+úlcera
+umbral
+unidad
+unir
+universo
+uno
+untar
+uña
+urbano
+urbe
+urgente
+urna
+usar
+usuario
+útil
+utopía
+uva
+vaca
+vacío
+vacuna
+vagar
+vago
+vaina
+vajilla
+vale
+válido
+valle
+valor
+válvula
+vampiro
+vara
+variar
+varón
+vaso
+vecino
+vector
+vehículo
+veinte
+vejez
+vela
+velero
+veloz
+vena
+vencer
+venda
+veneno
+vengar
+venir
+venta
+venus
+ver
+verano
+verbo
+verde
+vereda
+verja
+verso
+verter
+vía
+viaje
+vibrar
+vicio
+víctima
+vida
+vídeo
+vidrio
+viejo
+viernes
+vigor
+vil
+villa
+vinagre
+vino
+viñedo
+violín
+viral
+virgo
+virtud
+visor
+víspera
+vista
+vitamina
+viudo
+vivaz
+vivero
+vivir
+vivo
+volcán
+volumen
+volver
+voraz
+votar
+voto
+voz
+vuelo
+vulgar
+yacer
+yate
+yegua
+yema
+yerno
+yeso
+yodo
+yoga
+yogur
+zafiro
+zanja
+zapato
+zarza
+zona
+zorro
+zumo
+zurdo
diff --git a/bip-0042.mediawiki b/bip-0042.mediawiki
new file mode 100644
index 00000000..d7ce71c4
--- /dev/null
+++ b/bip-0042.mediawiki
@@ -0,0 +1,77 @@
+<pre>
+  BIP: 42
+  Title: A finite monetary supply for Bitcoin
+  Author: Pieter Wuille <pieter.wuille@gmail.com>
+  Status: Draft
+  Type: Standards Track
+  Created: 2014-04-01
+</pre>
+
+==Abstract==
+
+Although it is widely believed that Satoshi was an inflation-hating goldbug he never said this, and in fact programmed Bitcoin's money supply to grow indefinitely, forever. He modeled the monetary supply as 4 gold mines being discovered per mibillenium (1024 years), with equal intervals between them, each one being depleted over the course of 140 years.
+
+This poses obvious problems, however. Prominent among them is the discussion on what to call 1 billion Bitcoin, which symbol color to use for it, and when wallet clients should switch to it by default.
+
+To combat this, this document proposes a controversial change: making Bitcoin's monetary supply finite.
+
+==Details==
+
+As is well known, Satoshi was a master programmer whose knowledge of C++ was surpassed only by his knowledge of Japanese culture. The code below:
+
+    int64_t nSubsidy = 50 * COIN;
+    // Subsidy is cut in half every 210,000 blocks
+    // which will occur approximately every 4 years.
+    nSubsidy >>= (nHeight / 210000);
+
+is carefully written to rely on undefined behaviour in the C++ specification - perhaps so it can be hardware accelerated in future.
+
+The block number is divided by 210000 (the "apparent" subsidy halving interval in blocks), and the result is used as input for a binary shift, applied to the original payout (50 BTC), expressed in base units. Thanks to the new-goldmine interval being exactly 64 times the halving interval, and 64 being the size in bits of the currency datatype, the cycle repeats itself every 64 halvings on all currently supported platforms.
+
+Despite the nice showoff of underhanded programming skills - we want Bitcoin to be well-specified. Otherwise, we're clearly in for a bumpy ride:
+
+<img src="bip-0042/inflation.png"></img>
+
+Note that several other programming languages do not exhibit this behaviour, making new implementations likely to be slower and generally more bogus than Bitcoin Core. For example, Python unexpectedly returns 0 when shifting an integer beyond its size.
+
+==Other solutions==
+
+===Floating-point approximation===
+
+An obvious solution would be to reimplement the shape of the subsidy curve using floating-point approximations, such as simulated annealing or quantitative easing, which have already proven their worth in consensus systems. Unfortunately, since the financial crisis everyone considers numbers with decimal points in them fishy, and integers are not well supported by Javascript. 
+
+===Truncation===
+
+An alternative solution would be to represent the total number of bitcoins as a string:
+
+    "21000000000000000000000"
+
+and then use string manipulation to remove the rightmost zero every 4 years, give or take a leap-year:
+
+    strSubsidy = strSubsidy.substr(0, strSubsidy.size() - 2);
+
+This style relies less heavily on clever C++ and is more familiar to the Core Dev Team who are primarily PHP programmers.
+
+==Proposal==
+
+Instead, how about we stop thinking about long term issues when we'll all be dead (barring near lightspeed travel, cryogenic revival, or other technology— like cryptocurrency— which only exists in science fiction).
+
+A softfork (see BIP16, BIP34, BIP62) will take place on april 1st 2214, permanently setting the subsidy to zero. The result of this will be that the total currency supply will be limited to 42 halfmillion (including the genesis coinbase output, which is not actually spendable).
+
+==Implementation==
+
+An implementation for the reference client can be found on https://github.com/bitcoin/bitcoin/pull/3842 .
+
+==Compatibility==
+
+Given the moderate time frame over which this change is to be implemented, we expect all miners to choose to screw themselves and deploy this change before 2214.
+
+If they don't, and a minority remains on the old code base, a fork may occur. Essentially, they'll be mining fool's gold after that time.
+
+==Acknowledgements==
+
+Thanks to Gregory Maxwell for proposing this solution, and to Mike Hearn for insights into web development. Also thanks to "ditto-b" on github to implement a prototype ahead of time.
+
+==Copyright==
+
+This document is placed in the public domain.
diff --git a/bip-0042/inflation.png b/bip-0042/inflation.png
new file mode 100644
index 00000000..3ebc2549
Binary files /dev/null and b/bip-0042/inflation.png differ
diff --git a/bip-0043.mediawiki b/bip-0043.mediawiki
new file mode 100644
index 00000000..8f20fc8c
--- /dev/null
+++ b/bip-0043.mediawiki
@@ -0,0 +1,64 @@
+<pre>
+  BIP:     BIP-0043
+  Title:   Purpose Field for Deterministic Wallets
+  Authors: Marek Palatinus <slush@satoshilabs.com>
+           Pavol Rusnak <stick@satoshilabs.com>
+  Status:  Draft
+  Type:    Standards Track
+  Created: 2014-04-24
+</pre>
+
+==Abstract==
+
+This BIP introduces a "Purpose Field" for use in deterministic wallets
+based on algorithm described in BIP-0032 (BIP32 from now on).
+
+==Motivation==
+
+Although Hierarchical Deterministic Wallet structure as described by BIP32
+is an important step in user experience and security of the cryptocoin wallets,
+the BIP32 specification offers implementors too many degrees of freedom.
+Multiple implementations may claim they are BIP32 compatible, but in fact
+they can produce wallets with different logical structures making them
+non-interoperable. This situation unfortunately renders "BIP32 compatible"
+statement rather useless.
+
+
+==Purpose==
+
+We propose the first level of BIP32 tree structure to be used as "purpose".
+This purpose determines the further structure beneath this node.
+
+<pre>
+m / purpose' / *
+</pre>
+
+Apostrophe indicates that BIP32 hardened derivation is used.
+
+We encourage different schemes to apply for assigning a separate BIP number
+and use the same number for purpose field, so addresses won't be generated
+from overlapping BIP32 spaces.
+
+Example: Scheme described in BIP44 should use 44' (or 0x8000002C) as purpose.
+
+Note that m / 0' / * is already taken by BIP32 (default account), which
+preceded this BIP.
+
+Not all wallets may want to support the full range of features and possibilities
+described in these BIPs. Instead of choosing arbitrary subset of defined features
+and calling themselves BIPxx compatible, we suggest that software which needs
+only a limited structure should describe such structure in another BIP and use
+different "purpose" value.
+
+
+==Node serialization==
+
+Because this scheme can be used to generate nodes for more cryptocurrencies
+at once, or even something totally unrelated to cryptocurrencies, there's no
+point in using a special version magic described in section "Serialization
+format" of BIP32. We suggest to use always 0x0488B21E for public and 0x0488ADE4
+for private nodes (leading to prefixes "xpub" and "xprv" respectively).
+
+==Reference==
+
+* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]]
diff --git a/bip-0044.mediawiki b/bip-0044.mediawiki
new file mode 100644
index 00000000..8f8f48eb
--- /dev/null
+++ b/bip-0044.mediawiki
@@ -0,0 +1,272 @@
+<pre>
+  BIP:     BIP-0044
+  Title:   Multi-Account Hierarchy for Deterministic Wallets
+  Authors: Marek Palatinus <slush@satoshilabs.com>
+           Pavol Rusnak <stick@satoshilabs.com>
+  Status:  Draft
+  Type:    Standards Track
+  Created: 2014-04-24
+</pre>
+
+==Abstract==
+
+This BIP defines a logical hierarchy for deterministic wallets based on an algorithm
+described in BIP-0032 (BIP32 from now on) and purpose scheme described in
+BIP-0043 (BIP43 from now on).
+
+This BIP is a particular application of BIP43.
+
+==Motivation==
+
+The hierarchy proposed in this paper is quite comprehensive. It allows the handling of
+multiple coins, multiple accounts, external and internal chains per account and
+millions of addresses per chain.
+
+==Path levels==
+
+We define the following 5 levels in BIP32 path:
+
+<pre>
+m / purpose' / coin_type' / account' / change / address_index
+</pre>
+
+Apostrophe in the path indicates that BIP32 hardened derivation is used.
+
+Each level has a special meaning, described in the chapters below.
+
+===Purpose===
+
+Purpose is a constant set to 44' (or 0x8000002C) following the BIP43 recommendation.
+It indicates that the subtree of this node is used according to this specification.
+
+Hardened derivation is used at this level.
+
+===Coin type===
+
+One master node (seed) can be used for unlimited number of independent
+cryptocoins such as Bitcoin, Litecoin or Namecoin. However, sharing the same
+space for various cryptocoins has some disadvantages.
+
+This level creates a separate subtree for every cryptocoin, avoiding
+reusing addresses across cryptocoins and improving privacy issues.
+
+Coin type is a constant, set for each cryptocoin. Cryptocoin developers may ask
+for registering unused number for their project.
+
+The list of already allocated coin types is in the chapter
+"Registered coin types" below.
+
+Hardened derivation is used at this level.
+
+===Account===
+
+This level splits the key space into independent user identities,
+so the wallet never mixes the coins across different accounts.
+
+Users can use these accounts to organize the funds in the same
+fashion as bank accounts; for donation purposes (where all
+addresses are considered public), for saving purposes,
+for common expenses etc.
+
+Accounts are numbered from index 0 in sequentially increasing manner.
+This number is used as child index in BIP32 derivation.
+
+Hardened derivation is used at this level.
+
+Software should prevent a creation of an account if a previous account does not
+have a transaction history (meaning none of its addresses have been used before).
+
+Software needs to discover all used accounts after importing the seed from
+an external source. Such an algorithm is described in "Account discovery" chapter.
+
+===Change===
+
+Constant 0 is used for external chain and constant 1 for internal chain (also
+known as change addresses). External chain is used for addresses that are meant
+to be visible outside of the wallet (e.g. for receiving payments). Internal
+chain is used for addresses which are not meant to be visible outside of the
+wallet and is used for return transaction change.
+
+Public derivation is used at this level.
+
+===Index===
+
+Addresses are numbered from index 0 in sequentially increasing manner.
+This number is used as child index in BIP32 derivation.
+
+Public derivation is used at this level.
+
+==Account discovery==
+
+When the master seed is imported from an external source the software should
+start to discover the accounts in the following manner:
+
+# derive the first account's node (index = 0)
+# derive the external chain node of this account
+# scan addresses of the external chain; respect the gap limit described below
+# if no transactions are found on the external chain, stop discovery
+# if there are some transactions, increase the account index and go to step 1
+
+This algorithm is successful because software should disallow creation of new
+accounts if previous one has no transaction history, as described in chapter
+"Account" above.
+
+Please note that the algorithm works with the transaction history, not account
+balances, so you can have an account with 0 total coins and the algorithm will
+still continue with discovery.
+
+===Address gap limit===
+
+Address gap limit is currently set to 20. If the software hits 20 unused
+addresses in a row, it expects there are no used addresses beyond this point
+and stops searching the address chain. We scan just the external chains, because
+internal chains receive only coins that come from the associated external chains.
+
+Wallet software should warn when the user is trying to exceed the gap limit on
+an external chain by generating a new address.
+
+==Registered coin types==
+
+These are the default registered coin types for usage in level 2 of BIP44
+described in chapter "Coin type" above.
+
+All these constants are used as hardened derivation.
+
+{|
+!index
+!hexa
+!coin
+|-
+|0
+|0x80000000
+|Bitcoin
+|-
+|1
+|0x80000001
+|Bitcoin Testnet
+|}
+
+This BIP is not a central directory for the registered coin types, please
+visit SatoshiLabs that maintains the full list:
+
+[[http://doc.satoshilabs.com/slips/slip-0044.html|SLIP-0044 : Registered coin types for BIP-0044]]
+
+To register a new coin type, an existing wallet that implements the standard
+is required. This can be done [[https://github.com/satoshilabs/docs/blob/master/slips/slip-0044.rst|here]].
+
+==Examples==
+
+{|
+!coin
+!account
+!chain
+!address
+!path
+|-
+|Bitcoin
+|first
+|external
+|first
+|m / 44' / 0' / 0' / 0 / 0
+|-
+|Bitcoin
+|first
+|external
+|second
+|m / 44' / 0' / 0' / 0 / 1
+|-
+|Bitcoin
+|first
+|change
+|first
+|m / 44' / 0' / 0' / 1 / 0
+|-
+|Bitcoin
+|first
+|change
+|second
+|m / 44' / 0' / 0' / 1 / 1
+|-
+|Bitcoin
+|second
+|external
+|first
+|m / 44' / 0' / 1' / 0 / 0
+|-
+|Bitcoin
+|second
+|external
+|second
+|m / 44' / 0' / 1' / 0 / 1
+|-
+|Bitcoin
+|second
+|change
+|first
+|m / 44' / 0' / 1' / 1 / 0
+|-
+|Bitcoin
+|second
+|change
+|second
+|m / 44' / 0' / 1' / 1 / 1
+|-
+|Bitcoin Testnet
+|first
+|external
+|first
+|m / 44' / 1' / 0' / 0 / 0
+|-
+|Bitcoin Testnet
+|first
+|external
+|second
+|m / 44' / 1' / 0' / 0 / 1
+|-
+|Bitcoin Testnet
+|first
+|change
+|first
+|m / 44' / 1' / 0' / 1 / 0
+|-
+|Bitcoin Testnet
+|first
+|change
+|second
+|m / 44' / 1' / 0' / 1 / 1
+|-
+|Bitcoin Testnet
+|second
+|external
+|first
+|m / 44' / 1' / 1' / 0 / 0
+|-
+|Bitcoin Testnet
+|second
+|external
+|second
+|m / 44' / 1' / 1' / 0 / 1
+|-
+|Bitcoin Testnet
+|second
+|change
+|first
+|m / 44' / 1' / 1' / 1 / 0
+|-
+|Bitcoin Testnet
+|second
+|change
+|second
+|m / 44' / 1' / 1' / 1 / 1
+|}
+
+==Compatible wallets==
+
+* [[https://mytrezor.com|myTREZOR web wallet]] ([[https://github.com/trezor/webwallet|source]])
+* [[https://play.google.com/store/apps/details?id=com.bonsai.wallet32|Wallet32 @ Android]] ([[https://github.com/ksedgwic/Wallet32|source]])
+* [[https://play.google.com/store/apps/details?id=com.mycelium.wallet|Mycelium Bitcoin Wallet (Android)]] ([[https://github.com/mycelium-com/wallet|source]])
+
+==Reference==
+
+* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]]
+* [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]]
diff --git a/bip-0045.mediawiki b/bip-0045.mediawiki
new file mode 100644
index 00000000..3710ce85
--- /dev/null
+++ b/bip-0045.mediawiki
@@ -0,0 +1,256 @@
+<pre>
+  BIP:     BIP-0045
+  Title:   Structure for Deterministic P2SH Multisignature Wallets
+  Authors: Manuel Araoz <manu@bitpay.com>
+           Ryan X. Charles <ryan@bitpay.com>
+           Matias Alejo Garcia <matias@bitpay.com>
+  Status:  Draft
+  Type:    Standards Track
+  Created: 2014-04-25
+</pre>
+
+==Abstract==
+
+This BIP defines a structure for hierarchical deterministic P2SH multi-party
+multi-signature wallets (HDPM wallets from now on) based on the algorithm
+described in BIP-0032 (BIP32 from now on) and purpose scheme described in 
+BIP-0043 (BIP43 from now on).
+This BIP is a particular application of BIP43.
+
+==Motivation==
+
+The structure proposed in this document allows for standard ways to create,
+use, import, and store HDPM wallets. It allows to handle multiple parties sharing
+an m-of-n wallet, on the following assumptions:
+* n parties share an m-of-n wallet.
+* Each party generates their master private keys independently.
+* Multisig P2SH is used for all addresses.
+* BIP32 is used to derive public keys, then create a multisig script, and the corresponding P2SH address for that script.
+* Address generation should not require communication between parties. (Thus, all parties must be able to generate all public keys)
+* Transaction creation and signing requires communication between parties.
+
+This BIP will allow interoperability between various HDPM wallet implementations.
+
+==Specification==
+
+We define the following levels in BIP32 path:
+
+<code>
+m / purpose' / cosigner_index / change / address_index
+</code>
+
+Apostrophe in the path indicates that BIP32 hardened derivation is used.
+
+Each level has special meaning described in the chapters below.
+
+===Purpose===
+
+Purpose is a constant set to 45, following the BIP43 recommendation.
+It indicates that the subtree of this node is used according to this specification.
+
+<code>
+m / purpose' / *
+</code>
+
+Hardened derivation is used at this level.
+
+
+===Cosigner Index===
+
+The index of the party creating a P2SH multisig address. The indices can
+be determined independently by lexicographically sorting the purpose public
+keys of each cosigner. Each cosigner creates addresses on it's own branch,
+even though they have independent extended master public key, as explained 
+in the "Address generation" section.
+
+Note that the master public key is not shared amongst the cosigners. Only the
+hardened purpose extended public key is shared, and this is what is used to
+derive child extended public keys.
+
+Software should only use indices corresponding to each of the N cosigners
+sequentially. For example, for a 2-of-3 HDPM wallet, having the following
+purpose public keys:
+<pre>
+03a473275a750a20b7b71ebeadfec83130c014da4b53f1c4743fcf342af6589a38
+039863fb5f07b667d9b1ca68773c6e6cdbcac0088ffba9af46f6f6acd153d44463
+03f76588e06c0d688617ef365d1e58a7f1aa84daa3801380b1e7f12acc9a69cd13
+</pre>
+
+it should use `m / purpose ' / 0 / *` for 
+`039863fb5f07b667d9b1ca68773c6e6cdbcac0088ffba9af46f6f6acd153d44463`, 
+`m / purpose ' / 1 / *` for
+`03a473275a750a20b7b71ebeadfec83130c014da4b53f1c4743fcf342af6589a38`,
+and `m / purpose ' / 2 / *` for
+`03f76588e06c0d688617ef365d1e58a7f1aa84daa3801380b1e7f12acc9a69cd13`,
+as dictated by their lexicographical order.
+
+
+Software needs to discover all used indexes when importing the seed from
+an external source. Such algorithm is described in "Address discovery" chapter.
+
+Non-hardened derivation is used at this level.
+
+===Change===
+
+Constant 0 is used for external chain and constant 1 for internal chain (also
+known as change addresses). External chain is used for addresses that are meant
+to be visible outside of the wallet (e.g. for receiving payments). Internal
+chain is used for addresses which are not meant to be visible outside of the
+wallet and is used for return transaction change.
+
+For example, if cosigner 2 wants to generate a change address, he would use
+`m / purpose ' / 2 / 1 / *`, and `m / purpose ' / 2 / 0 / *` for a receive
+address.
+
+Non-hardened derivation is used at this level.
+
+===Address Index===
+
+Addresses are numbered from index 0 in sequentially increasing manner.
+This number is used as child index in BIP32 derivation.
+
+Non-hardened derivation is used at this level.
+
+===HDPM Wallet High-level Description===
+Each party generates their own extended master keypair and shares the
+extended purpose' public key with the others, which is stored encrypted.
+Each party can generate any of the other's derived public keys, but only
+his own private keys. 
+
+===Address Generation Procedure===
+When generating an address, each party can independently generate the N needed
+public keys. They do this by deriving the public key in each of the different
+trees, but using the same path. They can then generate the multisig script (by
+lexicographically sorting the public keys) and the corresponding p2sh address.
+In this way, each path corresponds to an address, but the public keys for that
+address come from different trees.
+
+====Receive address case====
+Each cosigner generates addresses only on his own branch. One of the n
+cosigners wants to receive a payment, and the others are offline. He
+knows the last used index in his own branch, because only he generates
+addresses there. Thus, he can generate the public keys for all of the
+others using the next index, and calculate the needed script for the address.
+
+Example: Cosigner #2 wants to receive a payment to the shared wallet. His last
+used index on his own branch is 4. Then, the path for the next receive
+address is `m/$purpose/2/1/5`. He uses this same path in all of the cosigners
+trees to generate a public key for each one, and from that he gets the new
+p2sh address.
+====Change address case====
+Again, each cosigner generates addresses only on his own branch. One of the
+n cosigners wants to create an outgoing payment, for which he'll need a change
+address. He generates a new address using the same procedure as above, but
+using a separate index to track the used change addresses. 
+
+Example: Cosigner #5 wants to send a payment from the shared wallet, for which
+he'll need a change address. His last used change index on his own branch is
+11. Then, the path for the next change address is `m/$purpose/5/0/12`. He uses
+this same path in all of the cosigners trees to generate a public key for each
+one, and from that he gets the new p2sh address.
+
+
+===Transaction creation and signing===
+When creating a transaction, first one of the parties creates a Transaction
+Proposal. This is a transaction that spends some output stored in any of the
+p2sh multisig addresses (corresponding to any of the copayers' branches).
+This proposal is sent to the other parties, who decide if they want to sign.
+If they approve the proposal, they can generate their needed private key for
+that specific address (using the same path that generated the public key in
+that address, but deriving the private key instead), and sign it. Once the
+proposal reaches m signatures, any cosigner can broadcast it to the network,
+becoming final. The specifics of how this proposal is structured, and the
+protocol to accept or reject it, belong to another BIP, in my opinion. 
+
+===Address discovery===
+
+When the master seed is imported from an external source the software should
+start to discover the accounts in the following manner:
+
+# derive the first account's node (index = 0)
+# derive the external chain node of this account
+# scan addresses of the external chain; respect the gap limit described below
+# if no transactions are found on the external chain stop discovery
+# if there are some transactions, increase the account index and go to step 1
+
+This algorithm is correct, because software should disallow creation of new
+accounts if previous one has no transaction history as described in chapter
+"Account" above.
+
+Please note that the algorithm works with the transaction history, not account
+balances, so you can have account with total 0 coins and the algorithm will
+still continue with discovery.
+
+===Address gap limit===
+
+Address gap limit is currently set to 20. If the software hits 20 unused
+addresses in a row, it expects there are no used addresses beyond this point
+and stops searching the address chain.
+
+Wallet software should warn when user is trying to exceed the gap limit on
+an external chain by generating a new address.
+
+
+===Rationale===
+
+This stucture provides a general way of doing HDPM wallets between m-of-n
+parties. Here are some explanations about the design decisions made.
+
+The reason for using separate branches for each cosigner is we don't want
+two of them generating the same address and receiving simultaneous payments
+to it. The ideal case is that each address receives at most one payment,
+requested by the corresponding cosigner. 
+
+==Examples==
+
+{|
+!cosigner_index
+!change
+!address_index
+!path
+|-
+|first
+|receive
+|first
+| m / 45' / 0 / 0 / 0
+|-
+|first
+|receive
+|second
+| m / 45' / 0 / 0 / 1
+|-
+|first
+|receive
+|fifth
+| m / 45' / 0 / 0 / 4
+|-
+|first
+|change
+|first
+| m / 45' / 0 / 1 / 0
+|-
+|first
+|change
+|second
+| m / 45' / 0 / 1 / 1
+|-
+|second
+|receive
+|first
+| m / 45' / 1 / 0 / 0
+|-
+|third
+|change
+|tenth
+| m / 45' / 2 / 1 / 9
+|}
+
+==Compatible walets==
+
+* [[https://copay.io|Copay wallet]] ([[https://github.com/bitpay/copay|source]])
+
+==Reference==
+
+* [[bip-0032.mediawiki|BIP32 - Hierarchical Deterministic Wallets]]
+* [[bip-0043.mediawiki|BIP43 - Purpose Field for Deterministic Wallets]]
+* [[https://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg05156.html|Original mailing list discussion]]
diff --git a/bip-0050.mediawiki b/bip-0050.mediawiki
new file mode 100644
index 00000000..9ff29d6f
--- /dev/null
+++ b/bip-0050.mediawiki
@@ -0,0 +1,72 @@
+<pre>
+  BIP: 50
+  Title: March 2013 Chain Fork Post-Mortem
+  Author: Gavin Andresen <gavinandresen@gmail.com>
+  Status: Draft
+  Type: Informational
+  Created: 2013-03-20
+</pre>
+
+==What went wrong==
+A block that had a larger number of total transaction inputs than previously seen was mined and broadcasted. Bitcoin 0.8 nodes were able to handle this, but some pre-0.8 Bitcoin nodes rejected it, causing an unexpected hard fork of the chain. The pre-0.8 incompatible chain at that point had around 60% of the hash power ensuring the split did not automatically resolve.
+
+In order to restore a canonical chain as soon as possible, BTCGuild and Slush downgraded their Bitcoin 0.8 nodes to 0.7 so their pools would also reject the larger block. This placed majority hashpower on the chain without the larger block.
+
+During this time there was at least [https://bitcointalk.org/index.php?topic=152348.0 one large double spend].  However, it was done by someone experimenting to see if it was possible and was not intended to be malicious.
+
+==What went right==
+* The split was detected very quickly.
+* The right people were online and available in IRC or could be raised via Skype.
+* Marek Palatinus and Michael Marsee quickly downgraded their nodes to restore a pre-0.8 chain as canonical, despite the fact that this caused them to sacrifice significant amounts of money and they were the ones running the bug-free version.
+* Deposits to the major exchanges and payments via BitPay were also suspended (and then un-suspended) very quickly.
+* Fortunately, the only attack on a merchant was done by someone who was not intending to actually steal money
+
+==Root cause==
+Bitcoin versions prior to 0.8 configure an insufficient number of Berkeley DB locks to process large but technically valid blocks. Berkeley DB locks have to be manually configured by API users depending on anticipated load. The manual says this:
+
+:The recommended algorithm for selecting the maximum number of locks, lockers, and lock objects is to run the application under stressful conditions and then review the lock system's statistics to determine the maximum number of locks, lockers, and lock objects that were used. Then, double these values for safety.
+
+Because max-sized blocks had been successfully processed on the testnet, it did not occur to anyone that there could be blocks that were smaller but require more locks than were available. Prior to 0.7 unmodified mining nodes self-imposed a maximum block size of 500,000 bytes, which further prevented this case from being triggered. 0.7 made the target size configurable and miners had been encouraged to increase this target in the week prior to the incident.
+
+Bitcoin 0.8 does not use Berkeley DB. It uses LevelDB instead, which does not require this kind of pre-configuration. Therefore it was able to process the forking block successfully.
+
+Note that BDB locks are also required during processing of re-organizations. Versions prior to 0.8 may be unable to process some valid re-orgs.
+
+This would be an issue even if the entire network was running version 0.7.2. It is theoretically possible for one 0.7.2 node to create a block that others are unable to validate, or for 0.7.2 nodes to create block re-orgs that peers cannot validate, because the contents of each node's blkindex.dat database is not identical, and the number of locks required depends on the exact arrangement of the blkindex.dat on disk (locks are acquired per-page).
+
+==Action items==
+
+===Immediately===
+
+'''Done''': Release a version 0.8.1, forked directly from 0.8.0, that, for the next two months has the following new rules:
+# Reject blocks that could cause more than 10,000 locks to be taken.
+# Limit the maximum block-size created to 500,000 bytes
+# Release a patch for older versions that implements the same rules, but also increases the maximum number of locks to 120,000
+# Create a web page on bitcoin.org that will urge users to upgrade to 0.8.1, but will tell them how to set DB_CONFIG to 120,000 locks if they absolutely cannot.
+# Over the next 2 months, send a series of alerts to users of older versions, pointing to the web page.
+
+===Alert system===
+
+'''Done''': Review who has access to the alert system keys, make sure they all have contact information for each other, and get good timezone overlap by people with access to the keys.
+
+'''Done''': Implement a new bitcoind feature so services can get timely notification of alerts:  -alertnotify=<command>   Run command when an AppliesToMe() alert is received.
+
+'''Done''': Pre-generate 52 test alerts, and set a time every week when they are broadcast on -testnet (so -alertnotify scripts can be tested in as-close-to-real-world conditions as possible).
+
+Idea from Michael Gronager: encourage merchants/exchanges (and maybe pools) to run new code behind a bitcoind running the network-majority version.
+
+===Safe mode===
+
+'''Done''': Perhaps trigger an alert if there is a long enough side chain detected, even if it is not the main chain. Pools could use this to automatically suspend payouts if a long side-chain suddenly appeared out of nowhere (it’s hard for an attacker to mine such a thing).
+
+===Testing===
+
+Start running bots on the testnet that grab some coins from a testnet faucet, generate large numbers of random transactions that split/recombine them and then send them back to the faucet. Randomized online testing on the testnet might have revealed the pathological block type earlier.
+
+===Double spending===
+
+A double spend attack was successful, despite that both sides of the chain heard about the transactions in the same order. The reason is most likely that the memory pools were cleared when the mining pool nodes were downgraded. A solution is for nodes to sync their mempools to each other at startup, however, this requires a memory pool expiry policy to be implemented as currently node restarts are the only way for unconfirmed transactions to be evicted from the system.
+
+===Resolution===
+
+On 16 August, 2013 block 252,451 (0x0000000000000024b58eeb1134432f00497a6a860412996e7a260f47126eed07) was accepted by the main network, forking unpatched nodes off the network.
diff --git a/bip-0060.mediawiki b/bip-0060.mediawiki
new file mode 100644
index 00000000..ae9592ad
--- /dev/null
+++ b/bip-0060.mediawiki
@@ -0,0 +1,90 @@
+<pre>
+  BIP: 60
+  Title: Fixed Length "version" Message (Relay-Transactions Field)
+  Author: Amir Taaki <genjix@riseup.net>
+  Status: Draft
+  Type: Standards Track
+  Created: 2013-06-16
+</pre>
+
+==Abstract==
+
+[[BIP 0037]] introduced a new flag to version messages which says whether to relay new transaction messages to that node.
+
+The protocol version was upgraded to 70001, and the (now accepted) BIP 0037 became implemented.
+
+The implementation is problematic because the RelayTransactions flag is an optional part of the version message stream.
+
+==Motivation==
+
+One property of Bitcoin messages is their fixed number of fields. This keeps the format simple and easily understood. Adding optional fields to messages will cause deserialisation issues when other fields come after the optional one.
+
+As an example, the length of version messages might be checked to ensure the byte stream is consistent. With optional fields, this checking is no longer possible. This is desirable to check for consistency inside internal deserialization code, and proper formatting of version messages originating from other nodes. In the future with diversification of the Bitcoin network, it will become desirable to enforce this kind of strict adherance to standard messages with field length compliance with every protocol version.
+
+Another property of fixed-length field messages is the ability to pass stream operators around for deserialization. This property is also lost, as now the deserialisation code must know the remaining length of bytes to parse. The parser now requires an additional piece of information (remaining size of the stream) for parsing instead of being a dumb reader.
+
+==Specification==
+=== version ===
+
+When a node creates an outgoing connection, it will immediately advertise its version. The remote node will respond with its version. No futher communication is possible until both peers have exchanged their version.
+
+Payload:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 4 || version || int32_t || Identifies protocol version being used by the node
+|-
+| 8 || services || uint64_t || bitfield of features to be enabled for this connection
+|-
+| 8 || timestamp || int64_t || standard UNIX timestamp in seconds
+|-
+| 26 || addr_recv || net_addr || The network address of the node receiving this message
+|-
+|colspan="4"| version >= 106
+|-
+| 26 || addr_from || net_addr || The network address of the node emitting this message
+|-
+| 8 || nonce || uint64_t || Node random nonce, randomly generated every time a version packet is sent. This nonce is used to detect connections to self.
+|-
+| ? || user_agent || var_str || [[bip-0014.mediawiki|User Agent]] (0x00 if string is 0 bytes long)
+|-
+| 4 || start_height || int32_t || The last block received by the emitting node
+|-
+| 1 || relay || bool || Whether the remote peer should announce relayed transactions or not, see [[bip-0037.mediawiki|BIP 0037]], since version >= 70001
+|}
+
+A "verack" packet shall be sent if the version packet was accepted.
+
+The following services are currently assigned:
+
+{|class="wikitable"
+! Value !! Name !! Description
+|-
+| 1 || NODE_NETWORK || This node can be asked for full blocks instead of just headers.
+|}
+
+=== Code Updates ===
+
+fRelayTx is added to the PushMessage() call inside PushVersion() (net.cpp)
+
+<pre>
+void CNode::PushVersion()
+{
+    /// when NTP implemented, change to just nTime = GetAdjustedTime()
+    int64 nTime = (fInbound ? GetAdjustedTime() : GetTime());
+    CAddress addrYou = (addr.IsRoutable() && !IsProxy(addr) ? addr : CAddress(CService("0.0.0.0",0)));
+    CAddress addrMe = GetLocalAddress(&addr);
+    RAND_bytes((unsigned char*)&nLocalHostNonce, sizeof(nLocalHostNonce));
+    printf("send version message: version %d, blocks=%d, us=%s, them=%s, peer=%s\n", PROTOCOL_VERSION, nBestHeight, addrMe.ToString().c_str(), addrYou.ToString().c_str(), addr.ToString().c_str());
+    PushMessage("version", PROTOCOL_VERSION, nLocalServices, nTime, addrYou, addrMe,
+                nLocalHostNonce, FormatSubVersion(CLIENT_NAME, CLIENT_VERSION, std::vector<string>()),
+                nBestHeight, true);
+}
+</pre>
+
+Additionally the protocol version is increased from 70001 to 70002.
+
+==Copyright==
+
+This document is placed in the public domain.
diff --git a/bip-0061.mediawiki b/bip-0061.mediawiki
new file mode 100644
index 00000000..a18a4e60
--- /dev/null
+++ b/bip-0061.mediawiki
@@ -0,0 +1,153 @@
+<pre>
+  BIP: 61
+  Title: Reject P2P message
+  Author: Gavin Andresen <gavinandresen@gmail.com>
+  Status: Final
+  Type: Standards Track
+  Created: 2014-06-18
+</pre>
+
+==Abstract==
+
+This BIP describes a new message type for the Bitcoin peer-to-peer network.
+
+==Motivation==
+
+Giving peers feedback about why their blocks or transactions are rejected, or
+why they are being banned for not following the protocol helps
+interoperability between different implementations.
+
+It also gives SPV (simplified payment verification) clients a hint that something
+may be wrong when their transactions are rejected due to insufficient priority
+or fees.
+
+==Specification==
+
+Data types in this specification are as described at https://en.bitcoin.it/wiki/Protocol_specification
+
+===reject===
+
+One new message type "reject" is introduced. It is sent directly to a peer in response to a "version", "tx" or "block" message.
+
+For example, the message flow between two peers for a relayed transaction that is rejected for some reason would be:
+
+ --> inv
+ <-- getdata
+ --> tx
+ <-- reject
+
+All implementations of the P2P protocol version 70,002 and later should support the reject message.
+
+====common payload====
+
+
+Every reject message begins with the following fields. Some messages append extra, message-specific data.
+
+{|
+| Field Size || Name || Data type || Comments
+|-
+| variable || response-to-msg || var_str || Message that triggered the reject
+|-
+| 1 || reject-code || uint8_t || 0x01 through 0x4f (see below)
+|-
+| variable || reason || var_string || Human-readable message for debugging
+|}
+
+The human-readable string is intended only for debugging purposes; in particular, different implementations may
+use different strings. The string should not be shown to users or used for anthing besides diagnosing
+interoperability problems.
+
+The following reject code categories are used; in the descriptions below, "server" is the peer generating
+the reject message, "client" is the peer that will receive the message.
+
+{|
+| Range || Category
+|-
+| 0x01-0x0f || Protocol syntax errors
+|-
+| 0x10-0x1f || Protocol semantic errors
+|-
+| 0x40-0x4f || Server policy rule
+|}
+
+==== rejection codes common to all message types ====
+
+{|
+| Code || Description
+|-
+| 0x01 || Message could not be decoded
+|}
+
+==== reject version codes ====
+
+Codes generated during the intial connection process in response to a "version" message:
+
+{|
+| Code || Description
+|-
+| 0x11 || Client is an obsolete, unsupported version
+|-
+| 0x12 || Duplicate version message received
+|}
+
+==== reject tx payload, codes ====
+
+Transaction rejection messages extend the basic message with the transaction id hash:
+
+{|
+| Field Size || Name || Data type || Comments
+|-
+| 32 || hash || char[32] || transaction that is rejected
+|}
+
+The following codes are used:
+
+{|
+| Code || Description
+|-
+| 0x10 || Transaction is invalid for some reason (invalid signature, output value greater than input, etc.)
+|-
+| 0x40 || Not mined/relayed because it is "non-standard" (type or version unknown by the server)
+|-
+| 0x41 || One or more output amounts are below the 'dust' threshold
+|-
+| 0x42 || Transaction does not have enough fee/priority to be relayed or mined
+|}
+
+==== payload, reject block ====
+
+Block rejection messages extend the basic message with the block header hash:
+
+{|
+| Field Size || Name || Data type || Comments
+|-
+| 32 || hash || char[32] || block (hash of block header) that is rejected
+|}
+
+Rejection codes:
+
+{|
+| code || description
+|-
+| 0x10 || Block is invalid for some reason (invalid proof-of-work, invalid signature, etc)
+|-
+| 0x11 || Block's version is no longer supported
+|-
+| 0x43 || Inconsistent with a compiled-in checkpoint
+|}
+
+Note: blocks that are not part of the server's idea of the current best chain, but are otherwise valid, should not trigger reject messages.
+
+== Compatibility ==
+
+The reject message is backwards-compatible; older peers that do not recognize the reject message will ignore it.
+
+== Implementation notes ==
+
+Implementors must consider what happens if an attacker either sends them
+reject messages for valid transactions/blocks or sends them random
+reject messages, and should beware of possible denial-of-service attacks.
+For example, notifying the user of every reject message received
+would make it trivial for an attacker to mount an annoy-the-user attack.
+Even merely writing every reject message to a debugging log could make
+an implementation vulnerable to a fill-up-the-users-disk attack.
diff --git a/bip-0062.mediawiki b/bip-0062.mediawiki
new file mode 100644
index 00000000..4cca4cdf
--- /dev/null
+++ b/bip-0062.mediawiki
@@ -0,0 +1,114 @@
+<pre>
+  BIP: 62
+  Title: Dealing with malleability
+  Author: Pieter Wuille <pieter.wuille@gmail.com>
+  Status: Draft
+  Type: Standards Track
+  Created: 2014-03-12
+</pre>
+
+==Abstract==
+
+This document specifies proposed changes to the Bitcoin transaction validity rules in order to make malleability of transactions impossible (at least when the sender doesn't choose to avoid it).
+
+==Motivation==
+
+As of february 2014, Bitcoin transactions are malleable in multiple ways. This means a (valid) transaction can be modified in-flight, without invalidating it, but without access to the relevant private keys.
+
+This is a problem for multiple reasons:
+* The sender may not recognize his own transaction after being modified.
+* The sender may create transactions that spend change created by the original transaction. In case the modified transaction gets mined, this becomes invalid.
+* Modified transactions are effectively double-spends which can be created without malicious intent (of the sender), but can be used to make other attacks easier.
+
+Several sources of malleability are known:
+
+# '''Non-DER encoded ECDSA signatures''' Right now, the Bitcoin reference client uses OpenSSL to validate signatures. As OpenSSL accepts more than serializations that strictly adhere to the DER standard, this is a source of malleability. Since v0.8.0, non-DER signatures are no longer relayed already.
+# '''Non-push operations in scriptSig''' Any sequence of script operations in scriptSig that results in the intended data pushes, but is not just a push of that data, results in an alternative transaction with the same validity.
+# '''Push operations in scriptSig of non-standard size type''' The Bitcoin scripting language has several push operators (OP_0, single-byte pushes, data pushes of up to 75 bytes, OP_PUSHDATA1, OP_PUSHDATA2, OP_PUSHDATA4). As the later ones have the same result as the former ones, they result in additional possibilities.
+# '''Zero-padded number pushes''' In cases where scriptPubKey opcodes use inputs that are interpreted as numbers, they can be zero padded.
+# '''Inherent ECDSA signature malleability''' ECDSA signatures themselves are already malleable: taking the negative of the number S inside (modulo the curve order) does not invalidate it.
+# '''Superfluous scriptSig operations''' Adding extra data pushes at the start of scripts, which are not consumed by the corresponding scriptPubKey, is also a source of malleability.
+# '''Inputs ignored by scripts''' If a scriptPubKey starts with an OP_DROP, for example, the last data push of the corresponding scriptSig will always be ignored.
+# '''Sighash flags based masking''' Sighash flags can be used to ignore certain parts of a script when signing.
+# '''New signatures by the sender''' The sender (or anyone with access to the relevant private keys) is always able to create new signatures that spend the same inputs to the same outputs.
+# '''Signature reordering''' If a signature is valid for more than one pubkey, for instance due to a CHECKMULTISIG where two or more of the keys are equivalent, the order of signatures can be changed.
+The first six and part of the seventh can be fixed by extra consensus rules, but the last three can't. Not being able to fix #7 means that even with these new consensus rules, it will always be possible to create outputs whose spending transactions will all be malleable. However, when restricted to using a safe set of output scripts, extra consensus rules can make spending transactions optionally non-malleable (if the spender chooses to; as he can always bypass #8 and #9 himself).
+
+==Specification==
+
+===New rules===
+
+Seven extra rules are introduced, to combat exactly the seven first sources of malleability listed above:
+# '''Require DER encoded ECDSA signatures''' An ECDSA signature passed to OP_CHECKSIG, OP_CHECKSIGVERIFY, OP_CHECKMULTISIG or OP_CHECKMULTISIGVERIFY must be encoded using strict DER encoding, though the hashtype byte that follows it can be anything. Doing a verification with any non-DER signature passed to it makes the entire script evaluate to False, even when an invalid signature is encountered before (which would otherwise make the opcode evaluate to False, but not necessarily the entire script). See reference: [[#der-encoding|DER encoding]].
+# '''Only push operations in scriptSig''' Only data pushes are allowed in scriptSig. Evaluating any other operation makes the script evaluate to false. See reference: [[#push-operators|Push operators]].
+# '''No push operations of non-standard size type''' The smallest possible push operation must be used when possible. Pushing data using an operation that could be encoded in a shorter way makes the script evaluate to false. See reference: [[#push-operators|Push operators]].
+# '''No zero-padded number pushes''' Any time a script opcode consumes a stack value that is interpreted as a number, it must be encoded in its shortest possible form. 'Negative zero' is not allowed. See reference: [[#numbers|Numbers]].
+# '''Require low S in ECDSA signatures''' We require that the S value inside ECDSA signatures is at most the curve order divided by 2 (essentially restricting this value to its lower half range). See reference: [[#low-s-values-in-signatures|Low S values in signatures]].
+# '''No superfluous scriptSig operations''' scriptPubKey evaluation will be required to result in a single non-zero value. If any extra data elements remain on the stack, the script evaluates to false. For P2SH scripts, this check is only done after the redeemscript evaluation, not after the actual script evaluation.
+# '''Inputs ignored by scripts are 0''' The (unnecessary) extra stack element consumed by OP_CHECKMULTISIG and OP_CHECKMULTISIGVERIFY must be the empty byte array (the result of OP_0). Anything else makes the script evaluate to false.
+
+===Block validity===
+
+To introduce these new rules in the network, we add both v3 blocks and v2 transactions.
+The same mechanism as in BIP 0034 is used to introduce v3 blocks. When 75% of the past 1000 blocks are v3, a new consensus rule is activated:
+* All transactions in v3 blocks are required to follow rules #1 and #2.
+* v2 transactions in v3 blocks are required to follow rules #3-#7 as well. Transactions with version 1 or a version higher than 2 do not have this requirement, even when in a v3 block.
+
+When 95% of the past 1000 blocks are v3 or higher, v2 blocks become invalid entirely. Note however that v1 transactions remain valid forever.
+
+===References===
+
+Below is a summary of the effects on signatures, their encoding and data pushes.
+
+====Low S values in signatures====
+
+The value S in signatures must be between 0x1 and 0x7FFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF 5D576E73 57A4501D DFE92F46 681B20A0 (inclusive). If S is too high, simply replace it by S' = 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141 - S.
+
+The constraints on the value R is unchanged w.r.t. ECDSA, and can be between 0x1 and 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140 (inclusive).
+
+====DER encoding====
+For reference, here is how to encode signatures correctly in DER format.
+
+0x30 [total-length] 0x02 [R-length] [R] 0x02 [S-length] [S]
+* total-length: 1-byte length descriptor of everything that follows, excluding the sighash byte.
+* R-length: 1-byte length descriptor of the R value that follows.
+* R: arbitrary-length big-endian encoded R value. It cannot start with any 0x00 bytes, unless the first byte that follows is 0x80 or higher, in which case a single 0x00 is required.
+* S-length: 1-byte length descriptor of the S value that follows.
+* S: arbitrary-length big-endian encoded S value. The same rules apply as for R.
+
+The DER signature is followed by a 1-byte hashtype flag, which is Bitcoin-specific and not part of DER.
+
+This is already enforced by the reference client as of version 0.8.0 (only as relay policy, not as a consensus rule).
+
+This rule, combined with the low S requirement above, results in S-length being at most 32 (and R-length at most 33), and the total signature size being at most 72 bytes (and on average 71.494 bytes).
+
+====Push operators====
+
+* Pushing an empty byte sequence must use OP_0.
+* Pushing a 1-byte sequence of byte 0x01 through 0x10 must use OP_n.
+* Pushing the byte 0x81 must use OP_1NEGATE.
+* Pushing any other byte sequence up to 75 bytes must use the normal data push (opcode byte n, with n the number of bytes, followed n bytes of data being pushed).
+* Pushing 76 to 255 bytes must use OP_PUSHDATA1.
+* Pushing 256 to 520 bytes must use OP_PUSHDATA2.
+* OP_PUSHDATA4 can never be used, as pushes over 520 bytes are not allowed, and those below can be done using other operators.
+* Any other operation is not considered to be a push.
+
+====Numbers====
+
+The native data type of stack elements is byte arrays, but some operations interpret arguments as integers. The used encoding is little endian with an explicit sign bit (the highest bit of the last byte). The shortest encodings for numbers are (with the range boundaries encodings given in hex between ()).
+* 0: OP_0; (00)
+* 1..16: OP_1..OP_16; (51)..(60)
+* -1: OP_1NEGATE; (79)
+* -127..-2 and 17..127: normal 1-byte data push; (01 FF)..(01 82) and (01 11)..(01 7F)
+* -32767..-128 and 128..32767: normal 2-byte data push; (02 FF FF)..(02 80 80) and (02 80 00)..(02 FF 7F)
+* -8388607..-32768 and 32768..8388607: normal 3-byte data push; (03 FF FF FF)..(03 00 80 80) and (03 00 80 00)..(03 FF FF 7F)
+* -2147483647..-8388608 and 8388608..2147483647: normal 4-byte data push; (04 FF FF FF FF)..(04 00 00 80 80) and (04 00 00 80 00)..(04 FF FF FF 7F)
+* Any other numbers cannot be encoded.
+
+In particular, note that zero could be encoded as (01 80) (negative zero) if using the non-shortest form is allowed.
+
+==Compatibility==
+
+'''Relay of transactions''' A new node software version is released which makes v2 transactions standard, and relays them when their scriptSigs satisfy the above rules. Relaying of v1 transactions is unaffected. A v1 transaction spending an output created by a v2 transaction is also unaffected.
+
+'''Wallet updates''' As v2 transactions are non-standard currently, it is not possible to start creating them immediately. Software can be checked to comply to the new rules of course, but using v2 should only start when a significant part of the network's nodes has upgraded to compatible code. Its intended meaning is "I want this transaction protected from malleability", and remains a choice of the wallet software.
diff --git a/bip-0064.mediawiki b/bip-0064.mediawiki
new file mode 100644
index 00000000..b03dcac1
--- /dev/null
+++ b/bip-0064.mediawiki
@@ -0,0 +1,103 @@
+<pre>
+  BIP: 64
+  Title: getutxo message
+  Author: Mike Hearn <hearn@vinumeris.com>
+  Status: Draft
+  Type: Standards Track
+  Created: 2014-06-10
+</pre>
+
+==Abstract==
+
+This document describes a small P2P protocol extension that performs UTXO lookups given a set of outpoints.
+
+==Motivation==
+
+All full Bitcoin nodes maintain a database called the unspent transaction output set. This set is
+how double spending is checked for: to be valid a transaction must identify unspent outputs in this
+set using an identifier called an "outpoint", which is merely the hash of the output's containing
+transaction plus an index.
+
+The ability to query this can sometimes be useful for a lightweight/SPV client which does not have
+the full UTXO set at hand. For example, it can be useful in applications implementing assurance
+contracts to do a quick check when a new pledge becomes visible to test whether that pledge was
+already revoked via a double spend. Although this message is not strictly necessary because e.g.
+such an app could be implemented by fully downloading and storing the block chain, it is useful for
+obtaining acceptable performance and resolving various UI cases.
+
+Another example of when this data can be useful is for performing floating fee calculations in an
+SPV wallet. This use case requires some other changes to the Bitcoin protocol however, so we will
+not dwell on it here.
+
+==Specification==
+
+Two new messages are defined. The "getutxos" message has the following structure:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 1 || check mempool || bool || Whether to apply mempool transactions during the calculation, thus exposing their UTXOs and removing outputs that they spend.
+|-
+| ? || outpoints || vector<COutPoint> || The list of outpoints to be queried. Each outpoint is serialized in the same way it is in a tx message.
+|}
+
+The response message "utxos" has the following structure:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 4 || chain height || uint32 || The height of the chain at the moment the result was calculated.
+|-
+| 32 || chain tip hash || uint256 || Block hash of the top of the chain at the moment the result was calculated.
+|-
+| ? || hit bitmap || byte[] || An array of bytes encoding one bit for each outpoint queried. Each bit indicates whether the queried outpoint was found in the UTXO set or not.
+|-
+| ? || result utxos || result[] || A list of result objects (defined below), one for each outpoint that is unspent (i.e. has a bit set in the bitmap).
+|}
+
+The result object is defined as:
+
+{|class="wikitable"
+! Field Size !! Description !! Data type !! Comments
+|-
+| 4 || tx version || uint32 || The version number of the transaction the UTXO was found in.
+|-
+| 4 || height || uint32 || The height of the block containing the defining transaction, or 0x7FFFFFFF if the tx is in the mempool.
+|-
+| ? || output || CTxOut || The output itself, serialized in the same way as in a tx message.
+|}
+
+==Backward compatibility==
+
+Nodes indicate support by advertising a protocol version above 70003 and by setting a new
+NODE_GETUTXO flag in their nServices field, which has a value of 2 (the second bit of the field).
+
+==Authentication==
+
+The UTXO set is not currently authenticated by anything. There are proposals to resolve this by
+introducing a new consensus rule that commits to a root hash of the UTXO set in blocks, however this
+feature is not presently available in the Bitcoin protocol. Once it is, the utxos message could be
+upgraded to include Merkle branches showing inclusion of the UTXOs in the committed sets.
+
+If the requesting client is looking up outputs for a signed transaction that they have locally, the
+client can partly verify the returned output by running the input scripts with it. Currently this
+verifies only that the script is correct. A future version of the Bitcoin protocol is likely to also
+allow the value to be checked in this way. It does not show that the output is really unspent or was
+ever actually created in the block chain however. Additionally, the form of the provided scriptPubKey 
+should be checked before execution to ensure the remote peer doesn't just set the script to OP_TRUE.
+
+If the requesting client has a mapping of chain heights to block hashes in the best chain e.g.
+obtained via getheaders, then they can obtain a proof that the output did at one point exist by
+requesting the block and searching for the output within it. When combined with Bloom filtering this
+can be reasonably efficient.
+
+Note that even when the outputs are being checked against something this protocol has the same
+security model as Bloom filtering: a remote node can lie through omission by claiming the requested
+UTXO does not exist / was already spent (they are the same, from the perspective of a full node).
+Querying multiple nodes and combining their answers can be a partial solution to this, although as
+nothing authenticates the Bitcoin P2P network a man in the middle could still yield incorrect
+results.
+
+==Implementation==
+
+https://github.com/bitcoin/bitcoin/pull/4351/files
\ No newline at end of file
diff --git a/bip-0070.mediawiki b/bip-0070.mediawiki
new file mode 100644
index 00000000..c2f77254
--- /dev/null
+++ b/bip-0070.mediawiki
@@ -0,0 +1,318 @@
+<pre>
+  BIP: 70
+  Title: Payment Protocol
+  Authors: Gavin Andresen <gavinandresen@gmail.com>, Mike Hearn <mhearn@bitcoinfoundation.org>
+  Status: Final
+  Type: Standards Track
+  Created: 2013-07-29
+</pre>
+
+==Abstract==
+
+This BIP describes a protocol for communication between a merchant and their customer, enabling
+both a better customer experience and better security against man-in-the-middle attacks on
+the payment process.
+
+==Motivation==
+
+The current, minimal Bitcoin payment protocol operates as follows:
+
+# Customer adds items to an online shopping basket, and decides to pay using Bitcoin.
+# Merchant generates a unique payment address, associates it with the customer's order, and asks the customer to pay.
+# Customer copies the Bitcoin address from the merchant's web page and pastes it into whatever wallet they are using OR follows a bitcoin: link and their wallet is launched with the amount to be paid.
+# Customer authorizes payment to the merchant's address and broadcasts the transaction through the Bitcoin p2p network.
+# Merchant's server detects payment and after sufficient transaction confirmations considers the transaction final.
+
+This BIP extends the above protocol to support several new features:
+
+# Human-readable, secure payment destinations-- customers will be asked to authorize payment to "example.com" instead of an inscrutable, 34-character bitcoin address.
+# Secure proof of payment, which the customer can use in case of a dispute with the merchant.
+# Resistance from man-in-the-middle attacks that replace a merchant's bitcoin address with an attacker's address before a transaction is authorized with a hardware wallet.
+# Payment received messages, so the customer knows immediately that the merchant has received, and has processed (or is processing) their payment.
+# Refund addresses, automatically given to the merchant by the customer's wallet software, so merchants do not have to contact customers before refunding overpayments or orders that cannot be fulfilled for some reason.
+
+==Protocol==
+
+This BIP describes payment protocol messages encoded using Google's Protocol
+Buffers, authenticated using X.509 certificates, and communicated over
+http/https. Future BIPs might extend this payment protocol to other
+encodings, PKI systems, or transport protocols.
+
+The payment protocol consists of three messages; PaymentRequest, Payment,
+and PaymentACK, and begins with the customer somehow indicating that
+they are ready to pay and the merchant's server responding with a
+PaymentRequest message:
+
+<img src=bip-0070/Protocol_Sequence.png></img>
+
+==Messages==
+
+The Protocol Buffers messages are defined in [[bip-0070/paymentrequest.proto|paymentrequest.proto]].
+
+===Output===
+
+Outputs are used in PaymentRequest messages to specify where a payment (or
+part of a payment) should be sent. They are also used in Payment messages
+to specify where a refund should be sent.
+<pre>
+    message Output {
+	optional uint64 amount = 1 [default = 0];
+        optional bytes script = 2;
+    }
+</pre>
+{|
+| amount || Number of satoshis (0.00000001 BTC) to be paid
+|-
+| script || a "TxOut" script where payment should be sent. This will normally be one of the standard Bitcoin transaction scripts (e.g. pubkey OP_CHECKSIG). This is optional to enable future extensions to this protocol that derive Outputs from a master public key and the PaymentRequest data itself.
+|}
+
+===PaymentDetails/PaymentRequest===
+
+Payment requests are split into two messages to support future extensibility.
+The bulk of the information is contained in the PaymentDetails message. It is
+wrapped inside a PaymentRequest message, which contains meta-information
+about the merchant and a digital signature.
+<pre>
+    message PaymentDetails {
+        optional string network = 1 [default = "main"];
+        repeated Output outputs = 2;
+        required uint64 time = 3;
+        optional uint64 expires = 4;
+        optional string memo = 5;
+        optional string payment_url = 6;
+        optional bytes merchant_data = 7;
+    }
+</pre>
+{|
+| network || either "main" for payments on the production Bitcoin network, or "test" for payments on test network. If a client receives a PaymentRequest for a network it does not support it must reject the request.
+|-
+| outputs || one or more outputs where Bitcoins are to be sent. If the sum of outputs.amount is zero, the customer will be asked how much to pay, and the bitcoin client may choose any or all of the Outputs (if there are more than one) for payment. If the sum of outputs.amount is non-zero, then the customer will be asked to pay the sum, and the payment shall be split among the Outputs with non-zero amounts (if there are more than one; Outputs with zero amounts shall be ignored).
+|-
+| time || Unix timestamp (seconds since 1-Jan-1970 UTC) when the PaymentRequest was created.
+|-
+| expires || Unix timestamp (UTC) after which the PaymentRequest should be considered invalid.
+|-
+| memo || UTF-8 encoded, plain-text (no formatting) note that should be displayed to the customer, explaining what this PaymentRequest is for.
+|-
+| payment_url || Secure (usually https) location where a Payment message (see below) may be sent to obtain a PaymentACK.
+|-
+| merchant_data || Arbitrary data that may be used by the merchant to identify the PaymentRequest. May be omitted if the merchant does not need to associate Payments with PaymentRequest or if they associate each PaymentRequest with a separate payment address.
+|}
+
+The payment_url specified in the PaymentDetails should remain valid at least until the PaymentDetails
+expires (or as long as possible if the PaymentDetails does not expire). Note that this is irrespective of
+any state change in the underlying payment request; for example cancellation of an order should not
+invalidate the payment_url, as it is important that the merchant's server can record mis-payments
+in order to refund the payment.
+
+A PaymentRequest is PaymentDetails optionally tied to a merchant's identity:
+<pre>
+    message PaymentRequest {
+        optional uint32 payment_details_version = 1 [default = 1];
+        optional string pki_type = 2 [default = "none"];
+        optional bytes pki_data = 3;
+        required bytes serialized_payment_details = 4;
+        optional bytes signature = 5;
+    }
+</pre>
+{|
+| payment_details_version || See below for a discussion of versioning/upgrading.
+|-
+| pki_type  || public-key infrastructure (PKI) system being used to identify the merchant. All implementation should support "none", "x509+sha256" and "x509+sha1".
+|-
+| pki_data || PKI-system data that identifies the merchant and can be used to create a digital signature. In the case of X.509 certificates, pki_data contains one or more X.509 certificates (see Certificates section below).
+|-
+| serialized_payment_details || A protocol-buffer serialized PaymentDetails message.
+|-
+| signature || digital signature over a hash of the protocol buffer serialized variation of the PaymentRequest message,
+with all serialized fields serialized in numerical order (all current protocol buffer implementations serialize
+fields in numerical order) and signed using the private key that corresponds to the public key in pki_data. Optional fields that are not set
+are not serialized (however, setting a field to its default value will cause it to be serialized and will affect
+the signature). Before serialization, the signature field must be set to an empty value so that the field is included in the signed PaymentRequest hash but contains no data.
+|}
+When a Bitcoin wallet application receives a PaymentRequest, it must authorize payment by doing the following:
+
+# Validate the merchant's identity and signature using the PKI system, if the pki_type is not "none".
+# Validate that customer's system unix time (UTC) is before PaymentDetails.expires. If it is not, then the payment request must be rejected.
+# Display the merchant's identity and ask the customer if they would like to submit payment (e.g. display the "Common Name" in the first X.509 certificate).
+
+PaymentRequest messages larger than 50,000 bytes should be rejected by
+the wallet application, to mitigate denial-of-service attacks.
+
+===Payment===
+
+Payment messages are sent after the customer has authorized payment:
+<pre>
+    message Payment {
+        optional bytes merchant_data = 1;
+        repeated bytes transactions = 2;
+        repeated Output refund_to = 3;
+        optional string memo = 4;
+    }
+</pre>
+{|
+| merchant_data || copied from PaymentDetails.merchant_data. Merchants may use invoice numbers or any other data they require to match Payments to  PaymentRequests. Note that malicious clients may modify the merchant_data, so should be authenticated in some way (for example, signed with a merchant-only key).
+|-
+| transactions || One or more valid, signed Bitcoin transactions that fully pay the PaymentRequest
+|-
+| refund_to || One or more outputs where the merchant may return funds, if necessary. The merchant may return funds using these outputs for up to 2 months
+after the time of the payment request. After that time has expired, parties must negotiate if returning of funds becomes necessary.
+|-
+| memo || UTF-8 encoded, plain-text note from the customer to the merchant.
+|}
+If the customer authorizes payment, then the Bitcoin client:
+
+# Creates and signs one or more transactions that satisfy (pay in full) PaymentDetails.outputs
+# Validate that customer's system unix time (UTC) is still before PaymentDetails.expires. If it is not, the payment should be cancelled.
+# Broadcast the transactions on the Bitcoin p2p network.
+# If PaymentDetails.payment_url is specified, POST a Payment message to that URL. The Payment message is serialized and sent as the body of the POST request.
+
+Errors communicating with the payment_url server should be communicated to the user.
+In the scenario where the merchant's server receives multiple identical Payment
+messages for an individual PaymentRequest, it must acknowledge each. The second
+and further PaymentACK messages sent from the merchant's server may vary by memo
+field to indicate current state of the Payment (for example number of confirmations
+seen on the network). This is required in order to ensure that in case of a transport
+level failure during transmission, recovery is possible by the Bitcoin client
+re-sending the Payment message.
+
+PaymentDetails.payment_url should be secure against man-in-the-middle
+attacks that might alter Payment.refund_to (if using HTTP, it must be
+TLS-protected).
+
+Wallet software sending Payment messages via HTTP must set appropriate
+Content-Type and Accept headers, as specified in BIP 71:
+<pre>Content-Type: application/bitcoin-payment
+Accept: application/bitcoin-paymentack
+</pre>
+
+When the merchant's server receives the Payment message, it must
+determine whether or not the transactions satisfy conditions of
+payment. If and only if they do, if should broadcast the
+transaction(s) on the Bitcoin p2p network.
+
+Payment messages larger than 50,000 bytes should be rejected by
+the merchant's server, to mitigate denial-of-service attacks.
+
+===PaymentACK===
+
+PaymentACK is the final message in the payment protocol; it is sent
+from the merchant's server to the bitcoin wallet in response to a
+Payment message:
+<pre>
+    message PaymentACK {
+        required Payment payment = 1;
+        optional string memo = 2;
+    }
+</pre>
+{|
+| payment || Copy of the Payment message that triggered this PaymentACK. Clients may ignore this if they implement another way of associating Payments with PaymentACKs.
+|-
+| memo || UTF-8 encoded note that should be displayed to the customer giving the status of the transaction (e.g. "Payment of 1 BTC for eleven tribbles accepted for processing.")
+|}
+
+PaymentACK messages larger than 60,000 bytes should be rejected by
+the wallet application, to mitigate denial-of-service attacks. This
+is larger than the limits on Payment and PaymentRequest messages
+as PaymentACK contains a full Payment message within it.
+
+==Localization==
+
+Merchants that support multiple languages should generate
+language-specific PaymentRequests, and either associate the language
+with the request or embed a language tag in the request's
+merchant_data. They should also generate a language-specific
+PaymentACK based on the original request.
+
+For example: A greek-speaking customer browsing the Greek version of a
+merchant's website clicks on a "Αγορά τώρα" link, which generates a
+PaymentRequest with merchant_data set to "lang=el&basketId=11252". The
+customer pays, their bitcoin client sends a Payment message, and the
+merchant's website responds with PaymentACK.message "σας ευχαριστούμε".
+
+==Certificates==
+
+The default PKI system is X.509 certificates (the same system used to
+authenticate web servers). The format of pki_data when pki_type is
+"x509+sha256" or "x509+sha1" is a protocol-buffer-encoded certificate
+chain:
+<pre>
+    message X509Certificates {
+        repeated bytes certificate = 1;
+    }
+</pre>
+If pki_type is "x509+sha256", then the PaymentRequest message is hashed using
+the SHA256 algorithm to produce the message digest that is
+signed. If pki_type is "x509+sha1", then the SHA1 algorithm is
+used.
+
+Each certificate is a DER [ITU.X690.1994] PKIX certificate value. The
+certificate containing the public key of the entity that digitally
+signed the PaymentRequest must be the first certificate. This MUST be
+followed by additional certificates, with each subsequent certificate
+being the one used to certify the previous one, up to (but not
+including) a trusted root authority. The trusted root authority MAY be
+included. The recipient must verify the certificate chain according to
+[RFC5280] and reject the PaymentRequest if any validation failure
+occurs.
+
+Trusted root certificates may be obtained from the operating system;
+if validation is done on a device without an operating system, the
+[http://www.mozilla.org/projects/security/certs/included/index.html Mozilla root store] is recommended.
+
+==Extensibility==
+
+The protocol buffers serialization format is designed to be
+extensible. In particular, new, optional fields can be added to a
+message and will be ignored (but saved/re-transmitted) by old
+implementations.
+
+PaymentDetails messages may be extended with new optional fields and
+still be considered "version 1." Old implementations will be able to
+validate signatures against PaymentRequests containing the new fields,
+but (obviously) will not be able to display whatever information is
+contained in the new, optional fields to the user.
+
+If it becomes necessary at some point in the future for merchants to
+produce PaymentRequest messages that are accepted *only* by new
+implementations, they can do so by defining a new PaymentDetails
+message with version=2. Old implementations should let the user know
+that they need to upgrade their software when they get an up-version
+PaymentDetails message.
+
+Implementations that need to extend messages in this specification shall use
+tags starting at 1000, and shall update the
+[[bip-0070/extensions.mediawiki|extensions page]] via pull-req to avoid
+conflicts with other extensions.
+
+==References==
+
+[[bip-0071.mediawiki|BIP 0071]] : Payment Protocol mime types
+
+[[bip-0072.mediawiki|BIP 0072]] : Payment Protocol bitcoin: URI extensions
+
+Public-Key Infrastructure (X.509) working group :
+http://datatracker.ietf.org/wg/pkix/charter/
+
+Protocol Buffers : https://developers.google.com/protocol-buffers/
+
+==Reference implementation==
+
+Create Payment Request generator : https://bitcoincore.org/~gavin/createpaymentrequest.php ([[https://github.com/gavinandresen/paymentrequest|source]])
+
+BitcoinJ : https://bitcoinj.github.io/payment-protocol#introduction
+
+==See Also==
+
+Javascript Object Signing and Encryption working group :
+http://datatracker.ietf.org/wg/jose/
+
+Wikipedia's page on Invoices: http://en.wikipedia.org/wiki/Invoice
+especially the list of Electronic Invoice standards
+
+sipa's payment protocol proposal: https://gist.github.com/1237788
+
+ThomasV's "Signed Aliases" proposal : http://ecdsa.org/bitcoin_URIs.html
+
+Homomorphic Payment Addresses and the Pay-to-Contract Protocol :
+http://arxiv.org/abs/1212.3257
diff --git a/bip-0070/Protocol_Sequence.png b/bip-0070/Protocol_Sequence.png
new file mode 100644
index 00000000..f5283479
Binary files /dev/null and b/bip-0070/Protocol_Sequence.png differ
diff --git a/bip-0070/extensions.mediawiki b/bip-0070/extensions.mediawiki
new file mode 100644
index 00000000..51400d88
--- /dev/null
+++ b/bip-0070/extensions.mediawiki
@@ -0,0 +1,9 @@
+==BIP70 Extensions==
+
+Add your extension below using tags starting at 1000 and submit a pull-req.
+
+{|
+| Field Number || Extension Name || Field Name || Description
+|-
+| 1000 || [[https://example.com|(unassigned)]] || (unassigned) || (unassigned)
+|}
diff --git a/bip-0070/paymentrequest.proto b/bip-0070/paymentrequest.proto
new file mode 100644
index 00000000..6680810e
--- /dev/null
+++ b/bip-0070/paymentrequest.proto
@@ -0,0 +1,46 @@
+//
+// Simple Bitcoin Payment Protocol messages
+//
+// Use fields 1000+ for extensions;
+// to avoid conflicts, register extensions via pull-req at
+// https://github.com/bitcoin/bips/bip-0070/extensions.mediawiki
+//
+
+package payments;
+option java_package = "org.bitcoin.protocols.payments";
+option java_outer_classname = "Protos";
+
+// Generalized form of "send payment to this/these bitcoin addresses"
+message Output {
+        optional uint64 amount = 1 [default = 0]; // amount is integer-number-of-satoshis
+        required bytes script = 2; // usually one of the standard Script forms
+}
+message PaymentDetails {
+        optional string network = 1 [default = "main"]; // "main" or "test"
+        repeated Output outputs = 2;        // Where payment should be sent
+        required uint64 time = 3;           // Timestamp; when payment request created
+        optional uint64 expires = 4;        // Timestamp; when this request should be considered invalid
+        optional string memo = 5;           // Human-readable description of request for the customer
+        optional string payment_url = 6;    // URL to send Payment and get PaymentACK
+        optional bytes merchant_data = 7;   // Arbitrary data to include in the Payment message
+}
+message PaymentRequest {
+        optional uint32 payment_details_version = 1 [default = 1];
+        optional string pki_type = 2 [default = "none"];  // none / x509+sha256 / x509+sha1
+        optional bytes pki_data = 3;                      // depends on pki_type
+        required bytes serialized_payment_details = 4;    // PaymentDetails
+        optional bytes signature = 5;                     // pki-dependent signature
+}
+message X509Certificates {
+        repeated bytes certificate = 1;    // DER-encoded X.509 certificate chain
+}
+message Payment {
+        optional bytes merchant_data = 1;  // From PaymentDetails.merchant_data
+        repeated bytes transactions = 2;   // Signed transactions that satisfy PaymentDetails.outputs
+        repeated Output refund_to = 3;     // Where to send refunds, if a refund is necessary
+        optional string memo = 4;          // Human-readable message for the merchant
+}
+message PaymentACK {
+        required Payment payment = 1;      // Payment message that triggered this ACK
+        optional string memo = 2;          // human-readable message for customer
+}
diff --git a/bip-0071.mediawiki b/bip-0071.mediawiki
new file mode 100644
index 00000000..1fc84892
--- /dev/null
+++ b/bip-0071.mediawiki
@@ -0,0 +1,46 @@
+<pre>
+  BIP: 71
+  Title: Payment Protocol MIME types
+  Author: Gavin Andresen <gavinandresen@gmail.com>
+  Status: Final
+  Type: Standards Track
+  Created: 2013-07-29
+</pre>
+
+==Abstract==
+
+This BIP defines a MIME (RFC 2046) Media Type for Bitcoin payment
+request messages.
+
+==Motivation==
+
+Wallet or server software that sends payment protocol messages over
+email or http should follow Internet standards for properly
+encapsulating the messages.
+
+==Specification==
+
+The Media Type (Content-Type in HTML/email headers) for bitcoin
+protocol messages shall be:
+
+{|
+| Message || Type/Subtype
+|-
+| PaymentRequest || application/bitcoin-paymentrequest
+|-
+| Payment || application/bitcoin-payment
+|-
+| PaymentACK || application/bitcoin-paymentack
+|}
+
+Payment protocol messages are encoded in binary.
+
+==Example==
+
+A web server generating a PaymentRequest message to initiate the
+payment protocol would precede the binary message data with the
+following headers:
+<pre>
+Content-Type: application/bitcoin-paymentrequest
+Content-Transfer-Encoding: binary
+</pre>
diff --git a/bip-0072.mediawiki b/bip-0072.mediawiki
new file mode 100644
index 00000000..4dcc48b5
--- /dev/null
+++ b/bip-0072.mediawiki
@@ -0,0 +1,69 @@
+<pre>
+  BIP: 72
+  Title: bitcoin: uri extensions for Payment Protocol
+  Author: Gavin Andresen <gavinandresen@gmail.com>
+  Status: Final
+  Type: Standards Track
+  Created: 2013-07-29
+</pre>
+
+==Abstract==
+
+This BIP describes an extension to the bitcoin: URI scheme (BIP 21) to
+support the payment protocol (BIP 70).
+
+==Motivation==
+
+Allow users to click on a link in a web page or email to initiate the
+payment protocol, while being backwards-compatible with existing
+bitcoin wallets.
+
+==Specification==
+
+The bitcoin: URI scheme is extended with an additional, optional
+"r" parameter, whose value is a URL from which a PaymentRequest
+message should be fetched (characters not allowed within the scope
+of a query parameter must be percent-encoded as described in RFC 3986
+and bip-0021).
+
+If the "r" parameter is provided and backwards compatibility
+is not required, then the bitcoin address portion of the URI may be
+omitted (the URI will be of the form: bitcoin:?r=... ).
+
+When Bitcoin wallet software that supports this BIP receives a
+bitcoin: URI with a request parameter, it should ignore the bitcoin
+address/amount/label/message in the URI and instead fetch a
+PaymentRequest message and then follow the payment protocol, as
+described in BIP 70.
+
+Bitcoin wallets must support fetching PaymentRequests via http and
+https protocols; they may support other protocols. Wallets must
+include an "Accept" HTTP header in HTTP(s) requests (as defined
+in RFC 2616):
+
+<pre>Accept: application/bitcoin-paymentrequest</pre>
+
+If a PaymentRequest cannot be obtained (perhaps the server is
+unavailable), then the customer should be informed that the merchant's
+payment processing system is unavailable. In the case of an HTTP
+request, status codes which are neither success nor error (such as
+redirect) should be handled as outlined in RFC 2616.
+
+==Compatibility==
+
+Wallet software that does not support this BIP will simply ignore the
+r parameter and will initiate a payment to bitcoin address.
+
+==Examples==
+A backwards-compatible request:
+<pre>
+bitcoin:mq7se9wy2egettFxPbmn99cK8v5AFq55Lx?amount=0.11&r=https://merchant.com/pay.php?h%3D2a8628fc2fbe
+</pre>
+Non-backwards-compatible equivalent:
+<pre>
+bitcoin:?r=https://merchant.com/pay.php?h%3D2a8628fc2fbe
+</pre>
+
+==References==
+
+[[http://www.w3.org/Protocols/rfc2616/rfc2616.html|RFC 2616]] : Hypertext Transfer Protocol -- HTTP/1.1 
diff --git a/bip-0073.mediawiki b/bip-0073.mediawiki
new file mode 100644
index 00000000..a020fb56
--- /dev/null
+++ b/bip-0073.mediawiki
@@ -0,0 +1,80 @@
+<pre>
+  BIP: 73
+  Title: Use "Accept" header for response type negotiation with Payment Request URLs
+  Author: Stephen Pair <stephen@bitpay.com>
+  Status: Draft
+  Type: Standards Track
+  Created: 2013-08-27
+</pre>
+
+==Abstract==
+
+This BIP describes an enhancement to the payment protocol ([[bip-0070.mediawiki|BIP 70]])
+that addresses the need for short URLs when scanning from QR codes.  It
+generalizes the specification for the behavior of a payment request URL in a
+way that allows the client and server to negotiate the content of the
+response using the HTTP Accept: header field.  Specifically, the client
+can indicate to the server whether it prefers to receive a bitcoin URI or
+a payment request.
+
+Implementation of this BIP does not require full payment request ([[bip-0070.mediawiki|BIP 70]]) support.
+
+==Motivation==
+
+The payment protocol augments the bitcoin: uri scheme with an additional
+"payment" parameter that specifies a URL where a payment request can be
+downloaded.  This creates long URIs that, when rendered as a QR code, have
+a high information density.  Dense QR codes can be difficult to scan resulting
+in a more frustrating user experience.  The goal is to create a standard that
+would allow QR scanning wallets to use less dense QR codes.  It also makes
+general purpose QR code scanners more usable with bitcoin accepting
+websites.
+
+==Specification==
+
+QR scanning wallets will consider a non bitcoin URI scanned from a QR code to
+be an end point where either a bitcoin URI or a payment request can be obtained.
+
+A wallet client uses the Accept: HTTP header to specify whether it can accept
+a payment request, a URI, or both.  A media type of text/uri-list specifies that
+the client accepts a bitcoin URI. A media type of application/bitcoin-paymentrequest
+specifies that the client can process a payment request.  In the absence of an
+Accept: header, the server is expected to respond with text/html suitable for
+rendering in a browser.  An HTML response will ensure that QR codes scanned
+by non Bitcoin wallet QR scanners are useful (they could render an HTML page
+with a payment link that when clicked would open a wallet on the device).
+
+It is not required that the client and server support the full semantics of an
+HTTP Accept header.  If application/bitcoin-paymentrequest is specified in the
+header, the server should send a payment request regardless of anything else
+specified in the Accept header.  If text/uri-list is specified (but not
+application/bitcoin-paymentrequest), a valid Bitcoin URI should be returned.  If
+neither is specified, the server can return an HTML page.  When a uri-list is returned
+only the first item in the list is used (and expected to be a bitcoin URI), any additional
+URIs should be ignored.
+
+==Compatibility==
+
+Only QR scanning wallets that implement this BIP will be able to process QR
+codes containing payment request URLs.  There are two possible workarounds for QR
+scanning wallets that do not implement this BIP: 1) the server gives the user an
+option to change the QR code to a bitcoin: URI or 2) the user scans the code with
+a generic QR code scanner.
+
+In the second scenario, if the server responds with a webpage containing a link
+to a bitcoin URI, the user can complete the payment by clicking that link provided
+the user has a wallet installed on their device and it supports bitcoin URIs.  If the
+wallet/device does not have support for bitcoin URIs, the user can fall back on
+address copy/paste.
+
+This BIP should be fully compatible with BIP 70 assuming it is required that wallets
+implementing BIP 70 make use of the Accept: HTTP header when retrieving a
+payment request.
+
+==Examples==
+The first image below is of a bitcoin URI with an amount and payment request
+specified (note, this is a fairly minimal URI as it does not contain a
+label and the request URL is of moderate size).  The second image is a QR
+code with only the payment request url specified.
+
+<img src=bip-0073/a.png></img><img src=bip-0073/b.png></img>
diff --git a/bip-0073/a.png b/bip-0073/a.png
new file mode 100644
index 00000000..50aebbb5
Binary files /dev/null and b/bip-0073/a.png differ
diff --git a/bip-0073/b.png b/bip-0073/b.png
new file mode 100644
index 00000000..d2e303ba
Binary files /dev/null and b/bip-0073/b.png differ