diff options
| author | Sebastian Falbesoner <sebastian.falbesoner@gmail.com> | 2024-06-22 01:18:37 +0200 |
|---|---|---|
| committer | Sebastian Falbesoner <sebastian.falbesoner@gmail.com> | 2024-06-22 01:40:19 +0200 |
| commit | 47033c62dc101080c31c1e8a88118ae8288f6d36 (patch) | |
| tree | 4a1119a4f005b79290004fd9c05c04aa47c06267 /bip-0352.mediawiki | |
| parent | 70a714372f3d7b3f68b61e5dcd68eecdcc6c3b41 (diff) | |
BIP-352: sending: add step to fail if input privkeys sum a is zero
The test vector data was generated with a Python script
(see https://github.com/theStack/bitcoin/blob/bc15ea8d0f282908b912dbf62bba816ecd82424d/contrib/silentpayments/submit_input_pubkeys_infinity_tx.py),
leading to the following output:
---------------------------------------------------------------------------------------------------------
Privkey 1: a6df6a0bb448992a301df4258e06a89fe7cf7146f59ac3bd5ff26083acb22ceb
Privkey 2: 592095f44bb766d5cfe20bda71f9575ed2df6b9fb9addc7e5fdffe0923841456
Pubkey 1: 02557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975
Pubkey 2: 03557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975
scriptPubKey 1: 00149d9e24f9fab4e35bf1a6df4b46cb533296ac0792
scriptPubKey 2: 00149860538b5575962776ed0814ae222c7d60c72d7b
Address 1: tb1qnk0zf706kn34hudxma95dj6nx2t2cpujz7j5t5
Address 2: tb1qnps98z64wktzwahdpq22ug3v04svwttm7gs8wn
-> Funding tx submitted: 3a286147b25e16ae80aff406f2673c6e565418c40f45c071245cdebc8a94174e
Taproot output address for spending tx: tb1pqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqkgkkf5
-> Spending tx submitted: fe788cf6578d547819def43d79e6c8f0153d4885f5a343d12bd03f34507aabd6
---------------------------------------------------------------------------------------------------------
Diffstat (limited to 'bip-0352.mediawiki')
| -rw-r--r-- | bip-0352.mediawiki | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bip-0352.mediawiki b/bip-0352.mediawiki index f36f359..def4d0b 100644 --- a/bip-0352.mediawiki +++ b/bip-0352.mediawiki @@ -302,6 +302,7 @@ After the inputs have been selected, the sender can create one or more outputs f * Collect the private keys for each input from the ''[[#inputs-for-shared-secret-derivation|Inputs For Shared Secret Derivation]]'' list * For each private key ''a<sub>i</sub>'' corresponding to a [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP341] taproot output, check that the private key produces a point with an even Y coordinate and negate the private key if not<ref name="why_negate_taproot_private_keys">'''Why do taproot private keys need to be checked?''' Recall from [https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki BIP340] that each X-only public key has two corresponding private keys, ''d'' and ''n - d''. To maintain parity between sender and receiver, it is necessary to use the private key corresponding to the even Y coordinate when performing the ECDH step since the receiver will assume the even Y coordinate when summing the taproot X-only public keys.</ref> * Let ''a = a<sub>1</sub> + a<sub>2</sub> + ... + a<sub>n</sub>'', where each ''a<sub>i</sub>'' has been negated if necessary +** If ''a = 0'', fail * Generate the ''input_hash'' with the smallest outpoint lexicographically and ''A = a·G'', using the method described above * Group receiver silent payment addresses by ''B<sub>scan</sub>'' (e.g. each group consists of one ''B<sub>scan</sub>'' and one or more ''B<sub>m</sub>'') * For each group: |