mirrors/bitcoin-bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2024-11-19 01:40:05 +01:00
Code Issues Projects Releases Wiki Activity

373: Clarify where keys in MuSig fields may appear in the Taproot output

Browse Source 
- The aggregate pubkey in `PSBT_{IN,OUT}_MUSIG2_PARTICIPANT_PUBKEYS` does not have to
  appear anywhere in the Taproot output.
- The plain pubkeys in `PSBT_IN_MUSIG2_PUB_NONCE` and
  `PSBT_IN_MUSIG2_PARTIAL_SIG` must be either the output pubkey, or
  appears in a script, and not the internal key.
This commit is contained in:
Ava Chow 2024-11-06 17:42:24 -05:00
parent 40e91fdb94
commit 0ff32bd4c2
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
bip-0373.mediawiki
View File

@ -59,9 +59,9 @@ to identify master keys, and these fingerprints require full compressed public k
the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT
will still be able to identify which keys are derived from the aggregate key by computing and then will still be able to identify which keys are derived from the aggregate key by computing and then
comparing the fingerprints. This is necessary for the signer to apply the correct tweaks to their comparing the fingerprints. This is necessary for the signer to apply the correct tweaks to their
partial signature.</ref> from the <tt>KeyAgg</tt> algorithm. This key may or may not partial signature.</ref> from the <tt>KeyAgg</tt> algorithm. This key may or may not appear
be in the script directly (as x-only). It may instead be a parent public key from which the public keys in the (as x-only) in the Taproot output key, the internal key, or in a script. It may instead be a parent public
script were derived. key from which the Taproot output key, internal key, or keys in a script were derived.
| A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order | A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order
required for aggregation. If sorting was done, then the keys must be in the sorted order. required for aggregation. If sorting was done, then the keys must be in the sorted order.
|- |-
@ -75,10 +75,10 @@ required for aggregation. If sorting was done, then the keys must be in the sort
|- |-
| The compressed public key of the participant providing this nonce, followed by the plain public | The compressed public key of the participant providing this nonce, followed by the plain public
key the participant is providing the nonce for, followed by the BIP 341 tapleaf hash of key the participant is providing the nonce for, followed by the BIP 341 tapleaf hash of
the Taproot leaf script that will be signed. If the aggregate key is the taproot internal key or the the Taproot leaf script that will be signed. If the aggregate key is the Taproot internal key or the
taproot output key, then the tapleaf hash must be omitted. The plain public key must be Taproot output key, then the tapleaf hash must be omitted. The plain public key must be
the key found in the script and not the aggregate public key that it was derived from, if it was the Taproot output key or found in a script. It is not the internal key nor the aggregate public key that
derived from an aggregate key. it was derived from, if it was derived from an aggregate key.
| The public nonce produced by the <tt>NonceGen</tt> algorithm. | The public nonce produced by the <tt>NonceGen</tt> algorithm.
|- |-
| rowspan="2"|MuSig2 Participant Partial Signature | rowspan="2"|MuSig2 Participant Partial Signature
@ -91,10 +91,10 @@ derived from an aggregate key.
|- |-
| The compressed public key of the participant providing this partial signature, followed by the | The compressed public key of the participant providing this partial signature, followed by the
plain public key the participant is providing the signature for, followed by the BIP 341 tapleaf hash plain public key the participant is providing the signature for, followed by the BIP 341 tapleaf hash
of the Taproot leaf script that will be signed. If the aggregate key is the taproot internal key or of the Taproot leaf script that will be signed. If the aggregate key is the Taproot internal key or
the taproot output key, then the tapleaf hash must be omitted. Note that the plain public key must the Taproot output key, then the tapleaf hash must be omitted. Note that the plain public key must be
be the key found in the script and not the aggregate public key that it was derived from, if it was the Taproot output key or found in a script. It is not the internal key nor the aggregate public key that
derived from an aggregate key. it was derived from, if it was derived from an aggregate key.
| The partial signature produced by the <tt>Sign</tt> algorithm. | The partial signature produced by the <tt>Sign</tt> algorithm.
|} |}
@ -118,8 +118,8 @@ The new per-output types are defined as follows:
| rowspan="2"|0, 2 | rowspan="2"|0, 2
|- |-
| The MuSig2 aggregate plain public key from the <tt>KeyAgg</tt> algorithm. This key may or may not | The MuSig2 aggregate plain public key from the <tt>KeyAgg</tt> algorithm. This key may or may not
be in the script directly. It may instead be a parent public key from which the public keys in the appear (as x-only) in the Taproot output key, the internal key, or in a script. It may instead be a parent
script were derived. public key from which the Taproot output key, internal key, or keys in a script were derived.
| A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order | A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order
required for aggregation. If sorting was done, then the keys must be in the sorted order. required for aggregation. If sorting was done, then the keys must be in the sorted order.
|} |}