Re: [bitcoin-dev] Taproot Fields for PSBT

2021-11-24 Thread Pieter Wuille via bitcoin-dev 
On Wednesday, November 24th, 2021 at 7:44 AM, Sjors Provoost via bitcoin-dev 
 wrote:

> Hi Andrew,
>
> I'm confused why PSBT_IN_TAP_BIP32_DERIVATION and 
> PSBT_OUT_TAP_BIP32_DERIVATION
> contain not just the derivation path for the xonlypubkey, but also the 
> tapleaf merkle path.
>
> First I thought it was perhaps necessary in order for a signer to guess which
> script leaves it can sign with its own keys. But you can't really know that 
> without
> actually seeing the script. When a signer looks at a script, it presumably 
> already
> knows the leaf path.

No, that's exactly it. Signers aren't expected to know or understand scripts 
ahead of time. With a field telling them which keys are present in which 
leaves, and how those keys are derived, they can sign without fully 
understanding the script, or needing the ability to parse the relevant script 
at all. The actual script information is there too of course, for those that do 
want to analyze it, or factor that into the decision whether to sign or not.

Cheers,

--
Pieter___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-11-24 Thread Greg Sanders via bitcoin-dev 
I may be misunderstanding the question, but it seems essential data for the
finalizer role, which may not know such information on its own.

On Wed, Nov 24, 2021 at 11:15 PM Sjors Provoost via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi Andrew,
>
> I'm confused why PSBT_IN_TAP_BIP32_DERIVATION and
> PSBT_OUT_TAP_BIP32_DERIVATION
> contain not just the derivation path for the xonlypubkey, but also the
> tapleaf merkle path.
>
> First I thought it was perhaps necessary in order for a signer to guess
> which
> script leaves it can sign with its own keys. But you can't really know
> that without
> actually seeing the script. When a signer looks at a script, it presumably
> already
> knows the leaf path.
>
> - Sjors
>
> Op 22 jun. 2021, om 23:22 heeft Andrew Chow via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> het volgende geschreven:
>
> Hi All,
>
> I would like to propose a BIP which defines new fields for Taproot
> support in PSBT.
>
> The full text is below, and the rendered file can be found at
>
>
> Now at: https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki
>
> -
> | Taproot Key BIP 32 Derivation Path
> | PSBT_IN_TAP_BIP32_DERIVATION = 0x16
> | 
> | The 32 byte X-only public key
> |  * <32-bit uint> <32-bit uint>*
> | A compact size unsigned integer representing the number of leaf
> hashes, followed by a list of leaf hashes, followed by the master key
> fingerprint concatenated with the derivation path of the public key. The
> derivation path is represented as 32-bit little endian unsigned integer
> indexes concatenated with each other. Public keys are those needed to
> spend this output. The leaf hashes are of the leaves which involve this
> public key.
>
>
> |-
> | Taproot Key BIP 32 Derivation Path
> | PSBT_OUT_TAP_BIP32_DERIVATION = 0x07
> | 
> | The 32 byte X-only public key
> |  * <32-bit uint> <32-bit uint>*
>
>
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-11-24 Thread Sjors Provoost via bitcoin-dev 
Hi Andrew,

I'm confused why PSBT_IN_TAP_BIP32_DERIVATION and PSBT_OUT_TAP_BIP32_DERIVATION
contain not just the derivation path for the xonlypubkey, but also the tapleaf 
merkle path.

First I thought it was perhaps necessary in order for a signer to guess which
script leaves it can sign with its own keys. But you can't really know that 
without
actually seeing the script. When a signer looks at a script, it presumably 
already
knows the leaf path.

- Sjors

> Op 22 jun. 2021, om 23:22 heeft Andrew Chow via bitcoin-dev 
>  het volgende geschreven:
> 
> Hi All,
> 
> I would like to propose a BIP which defines new fields for Taproot
> support in PSBT.
> 
> The full text is below, and the rendered file can be found at

Now at: https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki 


> -
> | Taproot Key BIP 32 Derivation Path
> | PSBT_IN_TAP_BIP32_DERIVATION = 0x16
> | 
> | The 32 byte X-only public key
> |  * <32-bit uint> <32-bit uint>*
> | A compact size unsigned integer representing the number of leaf
> hashes, followed by a list of leaf hashes, followed by the master key
> fingerprint concatenated with the derivation path of the public key. The
> derivation path is represented as 32-bit little endian unsigned integer
> indexes concatenated with each other. Public keys are those needed to
> spend this output. The leaf hashes are of the leaves which involve this
> public key.

> |-
> | Taproot Key BIP 32 Derivation Path
> | PSBT_OUT_TAP_BIP32_DERIVATION = 0x07
> | 
> | The 32 byte X-only public key
> |  * <32-bit uint> <32-bit uint>*
> 



signature.asc
Description: Message signed with OpenPGP
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-07-08 Thread Jeremy via bitcoin-dev 
Suggestion:

It should be allowed that different keys can specify different sighash
flags.

As an example, if chaperone signatures were desired with anyprevout, it
would be required to specify that the anyprevout key sign with APO and the
chaperone sign with ALL. As another example, Sapio emulator oracles sign
with SIGHASH_ALL whereas other signatories might be instructed to sign with
a different flag.

The current sighashtype key is per-input:
- If a sighash type is provided, the signer must check that the sighash is
acceptable. If unacceptable, they must fail.
- If a sighash type is not provided, the signer should sign using
SIGHASH_ALL, but may use any sighash type they wish.

So a new per-key mapping can be added safely.

I have no strong opinions on the format for said per-key sighash hints.

Why do this now? Well, I requested it when spec'ing V2 as well, but it
would be nice to get it spec'd and implemented.


--
@JeremyRubin 



On Mon, Jun 28, 2021 at 1:32 PM Salvatore Ingala via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Hi Andrew,
>
> Thanks for the clarification, I was indeed reading it under the mistaken
> assumption that only one leaf would be added to the PSBT.
>
> En passant, for the less experienced readers, it might be helpful if the
> key types that are possibly present multiple times (with different keydata)
> were somehow labeled in the tables.
>
> Best,
> Salvatore Ingala
> ___
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-06-28 Thread Salvatore Ingala via bitcoin-dev 
Hi Andrew,

Thanks for the clarification, I was indeed reading it under the mistaken
assumption that only one leaf would be added to the PSBT.

En passant, for the less experienced readers, it might be helpful if the
key types that are possibly present multiple times (with different keydata)
were somehow labeled in the tables.

Best,
Salvatore Ingala
___
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-06-28 Thread Andrew Chow via bitcoin-dev 
Hi Salvatore,

On 6/28/21 6:03 AM, Salvatore Ingala wrote:

> Hi Andrew,
>
> I just have a small suggestion on this proposal.
>
> On Tue, 22 Jun 2021 at 23:29, Andrew Chow via bitcoin-dev 
>  wrote:
>
>> | Taproot Leaf Script
>> | PSBT_IN_TAP_LEAF_SCRIPT = 0x15
>> | 
>> | The control block for this leaf as specified in BIP 341. The control
>> block contains the merkle tree path to this leaf.
>> |

Re: [bitcoin-dev] Taproot Fields for PSBT

2021-06-28 Thread Salvatore Ingala via bitcoin-dev 
Hi Andrew,

I just have a small suggestion on this proposal.

On Tue, 22 Jun 2021 at 23:29, Andrew Chow via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> | Taproot Leaf Script
> | PSBT_IN_TAP_LEAF_SCRIPT = 0x15
> | 
> | The control block for this leaf as specified in BIP 341. The control
> block contains the merkle tree path to this leaf.
> |

[bitcoin-dev] Taproot Fields for PSBT

2021-06-22 Thread Andrew Chow via bitcoin-dev 
Hi All,

I would like to propose a BIP which defines new fields for Taproot
support in PSBT.

The full text is below, and the rendered file can be found at
https://github.com/achow101/bips/blob/taproot-psbt/bip-taproot-psbt.mediawiki.

Andrew Chow

---


   BIP: taproot-psbt
   Layer: Applications
   Title: Taproot Fields for PSBT
   Author: Andrew Chow 
   Comments-Summary: No comments yet.
   Comments-URI:
https://github.com/bitcoin/bips/wiki/Comments:BIP-taproot-psbt
   Status: draft
   Type: Standards Track
   Created: 2021-06-21
   License: BSD-2-Clause


==Introduction==

===Abstract===

This document proposes additional fields for BIP 174 PSBTv0 and BIP 370
PSBTv2 that allow for
BIP 340/341/342 Taproot data to be included in a PSBT of any version.
These will be fields for
signatures and scripts that are relevant to the creation of Taproot inputs.

===Copyright===

This BIP is licensed under the 2-clause BSD license.

===Motivation===

BIPs 340, 341, and 342 specify Taproot which provides a wholly new way
to create and spend Bitcoin outputs.
The existing PSBT fields are unable to support Taproot due to the new
signature algorithm and the method
by which scripts are embedded inside of a Taproot output. Therefore new
fields must be defined to allow
PSBTs to carry the information necessary for signing Taproot inputs.

==Specification==

The new per-input types are defined as follows:

{|
! Name
! 
! 
!  Description
! 
!  Description
! Versions Requiring Inclusion
! Versions Requiring Exclusion
! Versions Allowing Inclusion
|-
| Taproot Key Spend Signature
| PSBT_IN_TAP_KEY_SIG = 0x13
| None
| No key data '''Why is there no key data for
PSBT_IN_TAP_KEY_SIG'''The signature in a key path spend
corresponds directly with the pubkey provided in the output script. Thus
it is not necessary to provide any metadata that attaches the key path
spend signature to a particular pubkey.
| 
| The 64 or 65 byte Schnorr signature for key path spending a Taproot
output.
|
|
| 0, 2
|-
| Taproot Script Spend Signature
| PSBT_IN_TAP_SCRIPT_SIG = 0x14
|  
| The 32 byte X-only public key concatenated with the 32 byte hash of
the leaf it is part of.
| 
| The 64 or 65 byte Schnorr signature for this pubkey and leaf combination.
|
|
| 0, 2
|-
| Taproot Leaf Script
| PSBT_IN_TAP_LEAF_SCRIPT = 0x15
| 
| The control block for this leaf as specified in BIP 341. The control
block contains the merkle tree path to this leaf.
|