1
0
mirror of https://github.com/bitcoin/bips.git synced 2025-01-18 05:12:47 +01:00

Merge pull request #1717 from kdmukai/patch-3

[BIP-373] Slight rewrite of evenness byte footnote for clarity
This commit is contained in:
Jon Atack 2024-12-17 13:07:42 -08:00 committed by GitHub
commit 671c4628e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -52,17 +52,16 @@ The new per-input types are defined as follows:
| rowspan="2"| 0, 2
|-
| The MuSig2 aggregate public key (compressed) <ref>'''Why the compressed aggregate public key instead of x-only?'''
BIP 32 requires public keys to include their evenness byte. Aggregate public keys are expected to be
derived from, following [[bip-0328.mediawiki|BIP 328]], and therefore will
need to include the evenness. Furthermore, PSBT_IN_TAP_BIP32_DERIVATION fields include fingerprints
to identify master keys, and these fingerprints require y-coordinate of the public key,
so x-only serialization can't be used. By including
the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT
will still be able to identify which keys are derived from the aggregate key by computing and then
comparing the fingerprints. This is necessary for the signer to apply the correct tweaks to their
partial signature.</ref> from the <tt>KeyAgg</tt> algorithm. This key may or may not appear
(as x-only) in the Taproot output key, the internal key, or in a script. It may instead be a parent public
key from which the Taproot output key, internal key, or keys in a script were derived.
BIP 32 public keys can be derived from a BIP 327 MuSig2 aggregate public key (see: [[bip-0328.mediawiki|BIP 328]]).
But since BIP 32 requires public keys to include their evenness byte, BIP 327 MuSig2 aggregate public keys must
include their evenness byte as well. Furthermore, PSBT_IN_TAP_BIP32_DERIVATION fields include fingerprints to identify
master keys, and these fingerprints require the y-coordinate of the public key, so x-only serialization can't be used.
By including the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT will
still be able to identify which keys are derived from the aggregate key by computing and then comparing the
fingerprints. This is necessary for the signer to apply the correct tweaks to their partial signature.</ref> from the
<tt>KeyAgg</tt> algorithm. This key may or may not appear (as x-only) in the Taproot output key, the internal key, or
in a script. It may instead be a parent public key from which the Taproot output key, internal key, or keys in a script
were derived.
| A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order
required for aggregation. If sorting was done, then the keys must be in the sorted order.
|-