BIP341: Clarify tweaking of secret keys

author: Brandon Black <brandonblack@bitgo.com> 2021-10-29 15:01:39 -0700
committer: Brandon Black <brandonblack@bitgo.com> 2021-11-03 15:05:51 -0700
commit: 6222dc45a301c9b7d83536e2cd97d42899f5cb85 (patch)
tree: 0c0443a9c312211883fe1b3818870dc35e049722
parent: d690408080bbf9c2442502abac9ac0a21db5a378 (diff)
download: bips-6222dc45a301c9b7d83536e2cd97d42899f5cb85.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/bip-0341.mediawiki b/bip-0341.mediawiki
index 8af9c55..400b466 100644
--- a/bip-0341.mediawiki
+++ b/bip-0341.mediawiki
@@ -175,6 +175,8 @@ The parity bit will be required for spending the output with a script path.
 In order to allow spending with the key path, we define <code>taproot_tweak_seckey</code> to compute the secret key for a tweaked public key.
 For any byte string <code>h</code> it holds that <code>taproot_tweak_pubkey(pubkey_gen(seckey), h)[1] == pubkey_gen(taproot_tweak_seckey(seckey, h))</code>.
 
+Note that because tweaks are applied to 32-byte public keys, `taproot_tweak_seckey` may need to negate the secret key before applying the tweak.
+
 <source lang="python">
 def taproot_tweak_pubkey(pubkey, h):
     t = int_from_bytes(tagged_hash("TapTweak", pubkey + h))
author	Brandon Black <brandonblack@bitgo.com>	2021-10-29 15:01:39 -0700
committer	Brandon Black <brandonblack@bitgo.com>	2021-11-03 15:05:51 -0700
commit	6222dc45a301c9b7d83536e2cd97d42899f5cb85 (patch)
tree	0c0443a9c312211883fe1b3818870dc35e049722
parent	d690408080bbf9c2442502abac9ac0a21db5a378 (diff)
download	bips-6222dc45a301c9b7d83536e2cd97d42899f5cb85.tar.xz