diff options
author | Jonas Nick <jonasd.nick@gmail.com> | 2022-10-24 20:33:05 +0000 |
---|---|---|
committer | Jonas Nick <jonasd.nick@gmail.com> | 2022-10-24 20:33:05 +0000 |
commit | be340277fcaa57a813a898700c1aef9637cfa90e (patch) | |
tree | 29be8bb3f74f6f3d704c4424e5445546039a990d /bip-0341.mediawiki | |
parent | 6545b81022212a9f1c814f6ce1673e84bc02c910 (diff) | |
download | bips-be340277fcaa57a813a898700c1aef9637cfa90e.tar.xz |
BIP 341: Fix taproot_tweak_pubkey
`lift_x` returns `None` if the input integer is not an X coordinate on the curve
to indicate failure. `point_add`, on the other hand, interprets `None` as the
point at infinity. Therefore, without this commit, if the internal `pubkey` is
not a valid X coordinate, the function will not fail, which contradicts the
specification in the "Script validation rules section". Instead, it sets `Q` to
`t*G`.
Diffstat (limited to 'bip-0341.mediawiki')
-rw-r--r-- | bip-0341.mediawiki | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/bip-0341.mediawiki b/bip-0341.mediawiki index 504514e..17a1797 100644 --- a/bip-0341.mediawiki +++ b/bip-0341.mediawiki @@ -182,7 +182,10 @@ def taproot_tweak_pubkey(pubkey, h): t = int_from_bytes(tagged_hash("TapTweak", pubkey + h)) if t >= SECP256K1_ORDER: raise ValueError - Q = point_add(lift_x(int(pubkey)), point_mul(G, t)) + P = lift_x(int_from_bytes(pubkey)) + if P is None: + raise ValueError + Q = point_add(P, point_mul(G, t)) return 0 if has_even_y(Q) else 1, bytes_from_int(x(Q)) def taproot_tweak_seckey(seckey0, h): |