In this commit, we add a final test case that exercises the act of
generating partial signatures amongst 100 signers, combining them into a
single signature, and finally verifying to make sure the final signature
is valid.
In this commit, we build on the prior two commits by adding the ability
to generate partial musig2 signatures, validate them individually, and
finally combine them into a single signature.
Much of the logic here is unoptimized, and will be optimized in a later
commit. In addition, we also want to eventually have a nicer API to
support the book keeping necessary during multi signing.
In this commit, we add the ability to generate the secret+public nonces,
as well as combine a series of nonces into a single combined nonce
(which is used when doing multi signing).
In this commit, we add the set of key aggregation routines for musig2.
This includes the main public key aggregation method, as well as the
aggregation coefficient which is used to compute "mu" when signing.
The logic in this implementation is based on the musig2 paper, as well
as this spec:
https://github.com/ElementsProject/secp256k1-zkp/blob/master/doc/musig-spec.mediawiki.
Adds a GitHub workflow, and custom docker file, using docker buildx
which builds docker container images for common platforms and publishes
these images to GitHub packages.
The existing values were copied over from the testnet deployment, which
uses a much larger miner confirmation window. As a result, the main
taproot deployment would require thousands of blocks to properly
activate in development environments.
Restrict the available set of system calls to the daemon to the basic
network and filesystem operations on OpenBSD. Further reduce potential
harm by limiting file system access to the btcd data dir and the rpc
files.
Update the fields of GetNetworkInfoResult to reflect the current number
of inbound and outbound peer connections.
* ConnectionsIn - The number of inbound peer connections
* ConnectionsOut - The number of outbound peer connections
BIP-0174 defines the derivation path being encoded as
"<32-bit uint> <32-bit uint>*"
with the asterisk meaning 0 to n times. Which in turn means that an
empty path is valid, only the key fingerprint is mandatory.
In this commit, we demote a series of log statements added while
debugging the modified BIP 9 state machine. These are rather spammy on
mainnet, so we demote the transition logs (moving to a new state) to
debug, and the remaining log (when we're still in started to trace).
In this commit, we update the top level module to use the newly tagged
sub-modules. Once we remove the circular dependant in these sub-modules,
then we'll no longer have to do things like this.
In this commit, we add the deployment parameters of taproot as specified
in the deployment section of BIp 341:
https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#deployment.
Take note of the custom activation threshold, as well as the specified
min activation heights for mainnet only.
In this commit, we add a total of 2760 taproot reference tests generated
by the bitcoind functional tests located at:
https://github.com/bitcoin/bitcoin/blob/master/test/functional/feature_taproot.py.
The tests aren't deterministic (fresh private keys are generated), so we
time we go to update the set of tests, we'll end up with fresh hashes
(the file name is the sha1 of the raw json test) and tests.
In this commit, we implement the new checksig semantics as part of
tapscript validation. Namely:
* OP_CHECKSIGVERIFY no longer pops the OP_TRUE off the stack (TODO(roasbeef): verify))
* the new sig ops semantics are added where each sig deducts 50 from a
starting budget of 50+the weight of the witness
* NULLFAIL is always enforced, meaning invalid sigs MUST be an empty sig array
In this commit, we use the recently added control block and script tree
verification+generation routines to implement full script path
verification within the VM. This includes verifying the script reveal
commitment, and recursing one layer deeper to execute the revealed
witness script as specified by BIP 342.
In this commit, we add a new AssembleTaprootScriptTree function that
given a list of tapscript leaves, generates a valid tapscript root,
along with the auxiliary proof data needed to spend each output.
In this commit, we add a new function `RawTxInTapscriptSignature` that
will be used to generate signatures in the _tapscript_ context. Note
that this differs from top-level taproot as a distinct sighash is used,
and we _always_ accept a root hash to perform the proper tweak.
In this commit, we add a new function to verify the taproot merkle
commitment of a given tapscript leaf. Along the way we add some helper
functions which can be used to construct a taproot output given the raw
script root.
In this commit, we add a new struct to represent the ControlBlock
structure used to feed in the tapscript leaf inclusion proof into the
witness tack. The `ParseControlBlock` parses a would-be control block
and returns an error if it's incorrectly formatted.
In this commit, we add the initial verification logic for top-level
taproot keyspends. Keyspends use the base BIP 341 sighash digest and
don't require any tapscript level functionality for validation.
