BIP 341: Fix taproot_tweak_pubkey

`lift_x` returns `None` if the input integer is not an X coordinate on the curve to indicate failure. `point_add`, on the other hand, interprets `None` as the point at infinity. Therefore, without this commit, if the internal `pubkey` is not a valid X coordinate, the function will not fail, which contradicts the specification in the "Script validation rules section". Instead, it sets `Q` to `t*G`.
author: Jonas Nick <jonasd.nick@gmail.com> 2022-10-24 20:33:05 +0000
committer: Jonas Nick <jonasd.nick@gmail.com> 2022-10-24 20:33:05 +0000
commit: be340277fcaa57a813a898700c1aef9637cfa90e (patch)
tree: 29be8bb3f74f6f3d704c4424e5445546039a990d /bip-0341.mediawiki
parent: 6545b81022212a9f1c814f6ce1673e84bc02c910 (diff)
download: bips-be340277fcaa57a813a898700c1aef9637cfa90e.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/bip-0341.mediawiki b/bip-0341.mediawiki
index 504514e..17a1797 100644
--- a/bip-0341.mediawiki
+++ b/bip-0341.mediawiki
@@ -182,7 +182,10 @@ def taproot_tweak_pubkey(pubkey, h):
     t = int_from_bytes(tagged_hash("TapTweak", pubkey + h))
     if t >= SECP256K1_ORDER:
         raise ValueError
-    Q = point_add(lift_x(int(pubkey)), point_mul(G, t))
+    P = lift_x(int_from_bytes(pubkey))
+    if P is None:
+        raise ValueError
+    Q = point_add(P, point_mul(G, t))
     return 0 if has_even_y(Q) else 1, bytes_from_int(x(Q))
 
 def taproot_tweak_seckey(seckey0, h):
author	Jonas Nick <jonasd.nick@gmail.com>	2022-10-24 20:33:05 +0000
committer	Jonas Nick <jonasd.nick@gmail.com>	2022-10-24 20:33:05 +0000
commit	be340277fcaa57a813a898700c1aef9637cfa90e (patch)
tree	29be8bb3f74f6f3d704c4424e5445546039a990d /bip-0341.mediawiki
parent	6545b81022212a9f1c814f6ce1673e84bc02c910 (diff)
download	bips-be340277fcaa57a813a898700c1aef9637cfa90e.tar.xz