Miniscript tapscript support (Pr 2 of 3) #275
Conversation
sanket1729
force-pushed
the
multi_a
branch
3 times, most recently
from
b61d72a to
b7961c4
Compare
sanket1729
changed the title
sanket1729
force-pushed
the
multi_a
branch
2 times, most recently
from
a1b1d09 to
cc6786d
Compare
src/descriptor/sh.rs
Outdated
| .expect("Size checked in Miniscript")) | ||
| } | ||
| ShInner::Ms(ref ms) => { | ||
| Ok(bitcoin::Address::p2sh(&ms.encode(), network) |
There was a problem hiding this comment.
why not propagate the error?
There was a problem hiding this comment.
Agreed, it is much safer to do so. This does not rely on size check being the only error.
sanket1729
changed the title
src/interpreter/mod.rs
Outdated
| @@ -189,34 +189,34 @@ impl<'txin> Interpreter<'txin> { | |||
| unsigned_tx: &'a bitcoin::Transaction, | |||
| input_idx: usize, | |||
| amount: u64, | |||
| ) -> impl Fn(&bitcoin::PublicKey, BitcoinSig) -> bool + 'a { | |||
| ) -> Result<impl Fn(&bitcoin::PublicKey, BitcoinSig) -> bool + 'a, Error> { | |||
There was a problem hiding this comment.
In e458d98:
I think, rather than returning an error here, we should return a closure that always returns false. But I'm not sure.
There was a problem hiding this comment.
maybe you want a closure that always returns a Result<bool, Error>?
There was a problem hiding this comment.
This should return an error if the input_idx is out of bounds.
On related note, I think we need a major redesign of this for taproot support anyways. This is currently hacked together that supports segwitv0 and legacy sighash. For taproot, we need entire sets of prevouts, it may be worth considering redesigning this entire API (yet) again :P
| // This a privacy issue, we are only selecting the first available | ||
| // sigs. Incase pk at pos 1 is not selected, we know we did not have access to it | ||
| // bitcoin core also implements the same logic for MULTISIG, so I am not bothering | ||
| // permuting the sigs for now |
There was a problem hiding this comment.
In c05eb7c:
Ok to leave this comment here, but TBH I don't think there's any way we could eliminate this privacy leak. If the first signature is missing then the resulting witnesses will have a different distribution than if it's not ... which will become apparent over time.
Although, I guess, in practice users are unlikely to reuse keys in visible ways, so an adversary will have only a one-shot view of the signature distribution.
There was a problem hiding this comment.
utACK mod some code style comments and proposal to re-use types which will be introduced in rust-bitcoin (once they got merged).
Also think that Tap context should be renamed to TapScript, since taproot may have more scripts in the future and Tap context requirements cover only leaf hash version 0xC0, but not other future versions with their own contexts
| if frag_name == "multi" { | ||
| pks.map(|pks| Terminal::Multi(k, pks)) | ||
| } else { | ||
| // must be multi_a | ||
| pks.map(|pks| Terminal::MultiA(k, pks)) | ||
| } |
There was a problem hiding this comment.
I do believe this should be match; otherwise with future TapLeaf version-defined post-TapScripts we will not have a compiler error here
There was a problem hiding this comment.
There is a match check that frag_name is either multi or multi_a. I don't see an issue with doing an if-else here.
("multi", n) | ("multi_a", n) => {
// code..
if frag_name == "multi" {
pks.map(|pks| Terminal::Multi(k, pks))
} else {
// must be multi_a
pks.map(|pks| Terminal::MultiA(k, pks))
}
}
sanket1729
force-pushed
the
multi_a
branch
2 times, most recently
from
6257229 to
6dc83da
Compare
|
Pushed another branch. Some portions of this PR were merged in rust-bitcoin, so the review here should be (slightly) easy. Since this depends on a specific from rust-bitcoin, it is not possible to run integration tests on these because the dependencies operate on rust-bitcoin release. I think I should have considered this before merging the integration tests PR, but now we have to wait for a rust-bitcoincore-rpc release too. |
sanket1729
changed the title
sanket1729
force-pushed
the
multi_a
branch
2 times, most recently
from
ed385fc to
7070067
Compare
|
The last commit message has a description for why it was needed |
Iter keys in `MultiA` Fix witness generation for `MultiA`
NoChecks context needs to know how to serialize the given public key or where to lookup for it's signature (schnorr or ecdsa). The simplest way to convey this information is to separate out NoChecks for ecdsa and schnorr. When using NoChecksEcdsa the associated type bitcoin::PublicKey or when using NoChecksSchnorr, the associated type XOnlyPublicKey should take care of it.
|
Rebased on ready for review. |
There was a problem hiding this comment.
ACK 42e4c50
I'm a little unsure about the last commit - splitting NoChecks. In this PR, NoChecksSchnorr is not actually used and the interpreter continues to be ECDSA-only. It's not obvious how to taproot-enable the interpreter, so I trust you have a plan in mind that will make use of the new split NoChecks.
I do have a plan for it. Our test-cases actually fail if we don't have this. We do a fancy interpreter check after we finalize a psbt to see that everything is good before we spend it. In that we need to serialize a script, We need some way to figure out This was also done partly to address #275 (comment) in this PR. |
|
Ah, I forgot about the PSBT sanity check. Makes sense! |
Adds support for MultiA script fragment. Builds on top of #255 .
Do not merge this until we have a rust-bitcoin release