diff options
Diffstat (limited to 'bip-0373.mediawiki')
| -rw-r--r-- | bip-0373.mediawiki | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/bip-0373.mediawiki b/bip-0373.mediawiki index 3d09943..006c69b 100644 --- a/bip-0373.mediawiki +++ b/bip-0373.mediawiki @@ -52,17 +52,16 @@ The new per-input types are defined as follows: | rowspan="2"| 0, 2 |- | The MuSig2 aggregate public key (compressed) <ref>'''Why the compressed aggregate public key instead of x-only?''' -BIP 32 requires public keys to include their evenness byte. Aggregate public keys are expected to be -derived from, following [[bip-0328.mediawiki|BIP 328]], and therefore will -need to include the evenness. Furthermore, PSBT_IN_TAP_BIP32_DERIVATION fields include fingerprints -to identify master keys, and these fingerprints require y-coordinate of the public key, -so x-only serialization can't be used. By including -the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT -will still be able to identify which keys are derived from the aggregate key by computing and then -comparing the fingerprints. This is necessary for the signer to apply the correct tweaks to their -partial signature.</ref> from the <tt>KeyAgg</tt> algorithm. This key may or may not appear -(as x-only) in the Taproot output key, the internal key, or in a script. It may instead be a parent public -key from which the Taproot output key, internal key, or keys in a script were derived. +BIP 32 public keys can be derived from a BIP 327 MuSig2 aggregate public key (see: [[bip-0328.mediawiki|BIP 328]]). +But since BIP 32 requires public keys to include their evenness byte, BIP 327 MuSig2 aggregate public keys must +include their evenness byte as well. Furthermore, PSBT_IN_TAP_BIP32_DERIVATION fields include fingerprints to identify +master keys, and these fingerprints require the y-coordinate of the public key, so x-only serialization can't be used. +By including the aggregate key as a full public key, signers that are unaware of the MuSig2 outside of the PSBT will +still be able to identify which keys are derived from the aggregate key by computing and then comparing the +fingerprints. This is necessary for the signer to apply the correct tweaks to their partial signature.</ref> from the +<tt>KeyAgg</tt> algorithm. This key may or may not appear (as x-only) in the Taproot output key, the internal key, or +in a script. It may instead be a parent public key from which the Taproot output key, internal key, or keys in a script +were derived. | A list of the compressed public keys of the participants in the MuSig2 aggregate key in the order required for aggregation. If sorting was done, then the keys must be in the sorted order. |- |