Merge #21246: doc: Correction for VerifyTaprootCommitment comments

6a0a6e7d05 Correction for VerifyTaprootCommitment comments (Russell O'Connor)

Pull request description:

  According to BIP-341, 'p' is called the taproot *internal* key, not inner key.

ACKs for top commit:
  sipa:
    ACK 6a0a6e7d05
  benthecarman:
    ACK 6a0a6e7d05
  theStack:
    ACK 6a0a6e7d05

Tree-SHA512: 94f553476a8404bff4b2d5724a1a54c5f530b987a616cd00a3800095f245c06e3c7a9066c729976f32069a56029406859a70ba523151d333dc1ed874f242bce8
pull/826/head
fanquake 4 years ago
commit fbf5d16238
No known key found for this signature in database
GPG Key ID: 2EEB9F5CC09526C1

@ -1834,7 +1834,7 @@ static bool ExecuteWitnessScript(const Span<const valtype>& stack_span, const CS
static bool VerifyTaprootCommitment(const std::vector<unsigned char>& control, const std::vector<unsigned char>& program, const CScript& script, uint256& tapleaf_hash) static bool VerifyTaprootCommitment(const std::vector<unsigned char>& control, const std::vector<unsigned char>& program, const CScript& script, uint256& tapleaf_hash)
{ {
const int path_len = (control.size() - TAPROOT_CONTROL_BASE_SIZE) / TAPROOT_CONTROL_NODE_SIZE; const int path_len = (control.size() - TAPROOT_CONTROL_BASE_SIZE) / TAPROOT_CONTROL_NODE_SIZE;
//! The inner pubkey (x-only, so no Y coordinate parity). //! The internal pubkey (x-only, so no Y coordinate parity).
const XOnlyPubKey p{uint256(std::vector<unsigned char>(control.begin() + 1, control.begin() + TAPROOT_CONTROL_BASE_SIZE))}; const XOnlyPubKey p{uint256(std::vector<unsigned char>(control.begin() + 1, control.begin() + TAPROOT_CONTROL_BASE_SIZE))};
//! The output pubkey (taken from the scriptPubKey). //! The output pubkey (taken from the scriptPubKey).
const XOnlyPubKey q{uint256(program)}; const XOnlyPubKey q{uint256(program)};
@ -1852,9 +1852,9 @@ static bool VerifyTaprootCommitment(const std::vector<unsigned char>& control, c
} }
k = ss_branch.GetSHA256(); k = ss_branch.GetSHA256();
} }
// Compute the tweak from the Merkle root and the inner pubkey. // Compute the tweak from the Merkle root and the internal pubkey.
k = (CHashWriter(HASHER_TAPTWEAK) << MakeSpan(p) << k).GetSHA256(); k = (CHashWriter(HASHER_TAPTWEAK) << MakeSpan(p) << k).GetSHA256();
// Verify that the output pubkey matches the tweaked inner pubkey, after correcting for parity. // Verify that the output pubkey matches the tweaked internal pubkey, after correcting for parity.
return q.CheckPayToContract(p, k, control[0] & 1); return q.CheckPayToContract(p, k, control[0] & 1);
} }

@ -177,17 +177,17 @@ def default_negflag(ctx):
"""Default expression for "negflag": tap.negflag.""" """Default expression for "negflag": tap.negflag."""
return get(ctx, "tap").negflag return get(ctx, "tap").negflag
def default_pubkey_inner(ctx): def default_pubkey_internal(ctx):
"""Default expression for "pubkey_inner": tap.inner_pubkey.""" """Default expression for "pubkey_internal": tap.internal_pubkey."""
return get(ctx, "tap").inner_pubkey return get(ctx, "tap").internal_pubkey
def default_merklebranch(ctx): def default_merklebranch(ctx):
"""Default expression for "merklebranch": tapleaf.merklebranch.""" """Default expression for "merklebranch": tapleaf.merklebranch."""
return get(ctx, "tapleaf").merklebranch return get(ctx, "tapleaf").merklebranch
def default_controlblock(ctx): def default_controlblock(ctx):
"""Default expression for "controlblock": combine leafversion, negflag, pubkey_inner, merklebranch.""" """Default expression for "controlblock": combine leafversion, negflag, pubkey_internal, merklebranch."""
return bytes([get(ctx, "leafversion") + get(ctx, "negflag")]) + get(ctx, "pubkey_inner") + get(ctx, "merklebranch") return bytes([get(ctx, "leafversion") + get(ctx, "negflag")]) + get(ctx, "pubkey_internal") + get(ctx, "merklebranch")
def default_sighash(ctx): def default_sighash(ctx):
"""Default expression for "sighash": depending on mode, compute BIP341, BIP143, or legacy sighash.""" """Default expression for "sighash": depending on mode, compute BIP341, BIP143, or legacy sighash."""
@ -341,9 +341,9 @@ DEFAULT_CONTEXT = {
"tapleaf": default_tapleaf, "tapleaf": default_tapleaf,
# The script to push, and include in the sighash, for a taproot script path spend. # The script to push, and include in the sighash, for a taproot script path spend.
"script_taproot": default_script_taproot, "script_taproot": default_script_taproot,
# The inner pubkey for a taproot script path spend (32 bytes). # The internal pubkey for a taproot script path spend (32 bytes).
"pubkey_inner": default_pubkey_inner, "pubkey_internal": default_pubkey_internal,
# The negation flag of the inner pubkey for a taproot script path spend. # The negation flag of the internal pubkey for a taproot script path spend.
"negflag": default_negflag, "negflag": default_negflag,
# The leaf version to include in the sighash (this does not affect the one in the control block). # The leaf version to include in the sighash (this does not affect the one in the control block).
"leafversion": default_leafversion, "leafversion": default_leafversion,
@ -780,8 +780,8 @@ def spenders_taproot_active():
add_spender(spenders, "spendpath/negflag", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"negflag": lambda ctx: 1 - default_negflag(ctx)}, **ERR_WITNESS_PROGRAM_MISMATCH) add_spender(spenders, "spendpath/negflag", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"negflag": lambda ctx: 1 - default_negflag(ctx)}, **ERR_WITNESS_PROGRAM_MISMATCH)
# Test that bitflips in the Merkle branch invalidate it. # Test that bitflips in the Merkle branch invalidate it.
add_spender(spenders, "spendpath/bitflipmerkle", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"merklebranch": bitflipper(default_merklebranch)}, **ERR_WITNESS_PROGRAM_MISMATCH) add_spender(spenders, "spendpath/bitflipmerkle", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"merklebranch": bitflipper(default_merklebranch)}, **ERR_WITNESS_PROGRAM_MISMATCH)
# Test that bitflips in the inner pubkey invalidate it. # Test that bitflips in the internal pubkey invalidate it.
add_spender(spenders, "spendpath/bitflippubkey", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"pubkey_inner": bitflipper(default_pubkey_inner)}, **ERR_WITNESS_PROGRAM_MISMATCH) add_spender(spenders, "spendpath/bitflippubkey", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"pubkey_internal": bitflipper(default_pubkey_internal)}, **ERR_WITNESS_PROGRAM_MISMATCH)
# Test that empty witnesses are invalid. # Test that empty witnesses are invalid.
add_spender(spenders, "spendpath/emptywit", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"witness": []}, **ERR_EMPTY_WITNESS) add_spender(spenders, "spendpath/emptywit", tap=tap, leaf="128deep", **SINGLE_SIG, key=secs[0], failure={"witness": []}, **ERR_EMPTY_WITNESS)
# Test that adding garbage to the control block invalidates it. # Test that adding garbage to the control block invalidates it.

@ -826,11 +826,11 @@ def taproot_tree_helper(scripts):
# A TaprootInfo object has the following fields: # A TaprootInfo object has the following fields:
# - scriptPubKey: the scriptPubKey (witness v1 CScript) # - scriptPubKey: the scriptPubKey (witness v1 CScript)
# - inner_pubkey: the inner pubkey (32 bytes) # - internal_pubkey: the internal pubkey (32 bytes)
# - negflag: whether the pubkey in the scriptPubKey was negated from inner_pubkey+tweak*G (bool). # - negflag: whether the pubkey in the scriptPubKey was negated from internal_pubkey+tweak*G (bool).
# - tweak: the tweak (32 bytes) # - tweak: the tweak (32 bytes)
# - leaves: a dict of name -> TaprootLeafInfo objects for all known leaves # - leaves: a dict of name -> TaprootLeafInfo objects for all known leaves
TaprootInfo = namedtuple("TaprootInfo", "scriptPubKey,inner_pubkey,negflag,tweak,leaves") TaprootInfo = namedtuple("TaprootInfo", "scriptPubKey,internal_pubkey,negflag,tweak,leaves")
# A TaprootLeafInfo object has the following fields: # A TaprootLeafInfo object has the following fields:
# - script: the leaf script (CScript or bytes) # - script: the leaf script (CScript or bytes)

Loading…
Cancel
Save