Skip to content

Add test vectors for BIP 341 SigMsg #1191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Add test vectors for BIP 341 SigMsg #1191

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fa40b5a
Add test vectors for BIP 341 SigMsg
giacomocaironi Sep 26, 2021
061d915
Tweak taproot keys
giacomocaironi Oct 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
105 changes: 105 additions & 0 deletions bip-0341.mediawiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,111 @@ The reason for this is to increase leaf entropy and prevent an observer from lea

== Test vectors ==

=== SIGHASH ALL ===

The following is an unsigned transaction:
02000000025f6092ec9bb430830dfc344260dd5a03cf355186e774be49b2fe5c362f56cb8d00000000000000000061431892d76aa28b5ed1e3da8800fa0d7190c4b4f22be5f416d2d07e573b32e10100000000000000000100ca9a3b000000001976a914682dfdbc97ab5c31300f36d3c12c6fd854b1b35a88ac00000000

The first input comes from a P2WPKH
scriptPubKey : 0014196a5bea745288a7f947993c28e3a0f2108d2e0a value: 5.0
private key : 6b3973ee2ce444ada0147716925f6f77569350804835498593dd3be95163d558
public key : 0271be339aeae9ed2c6a5a7f8ac5f49638da387612be881c7ed2fb3848b0ef8a6c

The second input comes from a P2TR
scriptPubKey : 5120cdf7dec1d4282be1bcca13f3f7cf5befec97c68911fd5a3b461aac419557fd17, value: 6
private key : cf3780a32ef3b2d70366f0124ee40195a251044e82a13146106be75ee049ac02

To sign it with a nHashType of SIGHASH_ALL:

shaPrevouts:
SHA256(5f6092ec9bb430830dfc344260dd5a03cf355186e774be49b2fe5c362f56cb8d0000000061431892d76aa28b5ed1e3da8800fa0d7190c4b4f22be5f416d2d07e573b32e101000000)
= 32553b113292dfa8216546e721388a6c19c76626ca65dc187e0348d6ed445f81

shaAmounts:
SHA256(0065cd1d000000000046c32300000000)
= 5733468db74734c00efa0b466bca091d8f1aab074af2538f36bd0a734a5940c5

shaScriptpubkeys:
SHA256(160014196a5bea745288a7f947993c28e3a0f2108d2e0a225120cdf7dec1d4282be1bcca13f3f7cf5befec97c68911fd5a3b461aac419557fd17)
= 189f262af17538f5e5df96b574a51c29038341001b8fd5ae356f985b9b880f1f

shaSequences:
SHA256(0000000000000000)
= af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

shaOutputs:
SHA256(00ca9a3b000000001976a914682dfdbc97ab5c31300f36d3c12c6fd854b1b35a88ac)
= 8cdee56004a241f9c79cc55b7d79eaed04909d84660502a2d4e9c357c2047cf5

hash preimage: 0000020000000000000032553b113292dfa8216546e721388a6c19c76626ca65dc187e0348d6ed445f815733468db74734c00efa0b466bca091d8f1aab074af2538f36bd0a734a5940c5189f262af17538f5e5df96b574a51c29038341001b8fd5ae356f985b9b880f1faf5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc8cdee56004a241f9c79cc55b7d79eaed04909d84660502a2d4e9c357c2047cf50001000000

sigHash: 71cc53d93fa4419e6ea19eeacd4c6ad57d82ee5dee8810cfa5b1a91efbd48329
signature: f6bfa62fd9edb4b823e35d9e72043ec0709fda7ee836d9acb9ebc9709746bc87c67ec4d32e08c92f16aa2e52bbff034d414d89d9e10d5ccc2785acd021c893f8

The serialized signed transaction is: 020000000001025f6092ec9bb430830dfc344260dd5a03cf355186e774be49b2fe5c362f56cb8d00000000000000000061431892d76aa28b5ed1e3da8800fa0d7190c4b4f22be5f416d2d07e573b32e10100000000000000000100ca9a3b000000001976a914682dfdbc97ab5c31300f36d3c12c6fd854b1b35a88ac0247304402203120452eed289de04e17740232b5f97fac0bc91e4cbb7750bb3d9f4f3c09477b02207e4e363c8d7914f707ff3ddf84e3201f9e402a7dccd02be5d7739d91b0f91adf01210271be339aeae9ed2c6a5a7f8ac5f49638da387612be881c7ed2fb3848b0ef8a6c0140f6bfa62fd9edb4b823e35d9e72043ec0709fda7ee836d9acb9ebc9709746bc87c67ec4d32e08c92f16aa2e52bbff034d414d89d9e10d5ccc2785acd021c893f800000000

=== SIGHASH ANYONECANPAY ===

The following is an unsigned transaction:
02000000015c82840e7a0e5283c5516e742352566408de5c40d45ab0a2f872b37f188976c200000000000000000002003b5808000000001600141192fac5233e4eefa18859396b74851de18f8f4700e1f5050000000022512032c22a6e048b9d4183f612bc1b73a58fc0d4e7f548fd71b732063645d43f420200000000

The input comes from a P2TR
scriptPubKey : 512047d9aa62ea308a01efbbb3b277feb3a6ec578181db98ae0d740ef34ae5e747d7 value: 2.5
private key : 3c1d300faf1d8706fd07137e1cc1d59967ccc0efa6212fc03b2ac7c382fa9133

To sign it with a nHashType of SIGHASH_ANYONECANPAY:

shaOutputs:
SHA256(003b5808000000001600141192fac5233e4eefa18859396b74851de18f8f4700e1f5050000000022512032c22a6e048b9d4183f612bc1b73a58fc0d4e7f548fd71b732063645d43f4202)
= d070f96ca70c4dea1042a92e6abf04883e75bd3ad7dd4dcdf18153cda431cbd8

hash preimage: 00810200000000000000d070f96ca70c4dea1042a92e6abf04883e75bd3ad7dd4dcdf18153cda431cbd8005c82840e7a0e5283c5516e742352566408de5c40d45ab0a2f872b37f188976c20000000080b2e60e0000000022512047d9aa62ea308a01efbbb3b277feb3a6ec578181db98ae0d740ef34ae5e747d700000000

sigHash: 239b0c2eb416d4e0d649b3fd05ce86e032aae1bab4497358399d662fc8abe1c8
signature: 2b96116907e2576d77615d95875ee1f103af1f508fcfd592c29ae860e7c4a2ad376802f28b75b3a03d7aa82d0ef63619798124a1a608be3d0967d97b0c191ac381

The serialized signed transaction is: 020000000001015c82840e7a0e5283c5516e742352566408de5c40d45ab0a2f872b37f188976c200000000000000000002003b5808000000001600141192fac5233e4eefa18859396b74851de18f8f4700e1f5050000000022512032c22a6e048b9d4183f612bc1b73a58fc0d4e7f548fd71b732063645d43f420201412b96116907e2576d77615d95875ee1f103af1f508fcfd592c29ae860e7c4a2ad376802f28b75b3a03d7aa82d0ef63619798124a1a608be3d0967d97b0c191ac38100000000

=== SIGHASH SINGLE ===

The following is an unsigned transaction:
0200000002f4d49508b20d94df7d19b5ce7f7d713140cdad392c23a5ab3c996c19284d5f7b0100000000000000006912ceb41a4e62b77a3b7bec7cd777fbd5c8188821ecb2e1fd0a6e56ed3315920000000000000000000200c2eb0b000000001976a9143bfe0f94eb78a2227664c6ebcf81719467c0106f88ac00a3e11100000000220020f1dca6047a919edc31378db3c5fcd1e93eea73f9c7fd8632ab47f18c8b8165f400000000

The first input comes from a P2TR
scriptPubKey : 51202de126de239d318671d87138f1029770cf295034dd9c6d82963e5313e181de44 value: 1.0
private key : eb54ef369f599d3da9ecfeab0529160dfc76c92f1e32ade4ba33abd8408a23b8

The second input comes from a P2PKH
scriptPubKey : 76a914a589246bf9c64679b6d186608c2a2bee949f23e088ac, value: 5.0
private key : 5dd3e4e9cd6073da94108e26e8c5c3ccbd510197ab12bd787b19b0e88181da9c
public key : 1da42d0fb59c4aa380bb7c9775d6d2da16f01eda6b3921d227faaa999de16021

To sign it with a nHashType of SIGHASH_SINGLE:

shaPrevouts:
SHA256(f4d49508b20d94df7d19b5ce7f7d713140cdad392c23a5ab3c996c19284d5f7b010000006912ceb41a4e62b77a3b7bec7cd777fbd5c8188821ecb2e1fd0a6e56ed33159200000000)
= c637b7e49b49272269dd8b409682f66cf28191d62028216cb200239ff5e2f8dd

shaAmounts:
SHA256(00e1f505000000000065cd1d00000000)
= 4a3c35ddd52f7ffa12848588e82193156f84a476894a095352892c8f274fc863

shaScriptpubkeys:
SHA256(2251202de126de239d318671d87138f1029770cf295034dd9c6d82963e5313e181de441976a914a589246bf9c64679b6d186608c2a2bee949f23e088ac)
= 14cf06e6666b4c16db4bd40882976c713e7d9bfb37fc68f17739fc8800ea83ee

shaSequences:
SHA256(0000000000000000)
= af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

hash preimage: 00030200000000000000c637b7e49b49272269dd8b409682f66cf28191d62028216cb200239ff5e2f8dd4a3c35ddd52f7ffa12848588e82193156f84a476894a095352892c8f274fc86314cf06e6666b4c16db4bd40882976c713e7d9bfb37fc68f17739fc8800ea83eeaf5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc00000000007b1b0fd12e11d0c5792199a8cd4f4de1e823635e6947909f10d09a3e84cce760

sigHash: c1e5c979e71830bff41fd0237b770d4752b3a8b8d365a69afc999f9f259a868e
signature: d6beda2192878be2044f1dd148dbaaa7c5f51575184cb122d94be7ae1b899633760a2c62c6305a6e5e0236bedd591d7463691ca5d265b197dc5c0cd6e5924b1d03

The serialized signed transaction is: 02000000000102f4d49508b20d94df7d19b5ce7f7d713140cdad392c23a5ab3c996c19284d5f7b0100000000000000006912ceb41a4e62b77a3b7bec7cd777fbd5c8188821ecb2e1fd0a6e56ed331592000000006a483045022100cc57364c2fc8ec973a038a0d859ccfbec969165bd4a1b5cbf91cfa4cd1170b0102206460814f1093b241fc8afd04b61741d5d5ae90fd404e3e7a2500d298d4e8c73503201da42d0fb59c4aa380bb7c9775d6d2da16f01eda6b3921d227faaa999de16021000000000200c2eb0b000000001976a9143bfe0f94eb78a2227664c6ebcf81719467c0106f88ac00a3e11100000000220020f1dca6047a919edc31378db3c5fcd1e93eea73f9c7fd8632ab47f18c8b8165f40141d6beda2192878be2044f1dd148dbaaa7c5f51575184cb122d94be7ae1b899633760a2c62c6305a6e5e0236bedd591d7463691ca5d265b197dc5c0cd6e5924b1d030000000000


The test vectors used in the [https://github.com/bitcoin/bitcoin/blob/3820090bd619ac85ab35eff376c03136fe4a9f04/src/test/script_tests.cpp#L1718 Bitcoin Core unit test framework] can be found [https://github.com/bitcoin-core/qa-assets/blob/main/unit_test_data/script_assets_test.json?raw=true here].

== Rationale ==
Expand Down