diff options
| author | Ava Chow <github@achow101.com> | 2024-03-13 11:02:16 -0400 |
|---|---|---|
| committer | Ava Chow <github@achow101.com> | 2024-03-13 11:02:23 -0400 |
| commit | ef6329f052e882db48b133d6974cd549e73a9414 (patch) | |
| tree | 0a06a0ea167262f0f35247268e03b94e6dc1b9d2 /.cirrus.yml | |
| parent | c38157b9b9ad2d3043bd904e572b0a8ef2b276fb (diff) | |
| parent | 28287cfbe18b6c468f76389e9f66bdcf2d00f8d1 (diff) | |
Merge bitcoin/bitcoin#28193: test: add script compression coverage for not-on-curve P2PK outputs
28287cfbe18b6c468f76389e9f66bdcf2d00f8d1 test: add script compression coverage for not-on-curve P2PK outputs (Sebastian Falbesoner)
Pull request description:
This PR adds unit test coverage for the script compression functions `{Compress,Decompress}Script` in the special case of uncompressed P2PK outputs (scriptPubKey: OP_PUSH65 <0x04 ....> OP_CHECKSIG) with [pubkeys that are not fully valid](https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/pubkey.cpp#L297-L302), i.e. where the encoded point is not on the secp256k1 curve. For those outputs, script compression is not possible, as the y coordinate of the pubkey can't be recovered (see also call-site of `IsToPubKey`):
https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/compressor.cpp#L49-L50
Likewise, for a compressed script of an uncompressed P2PK script (i.e. compression ids 4 and 5) where the x coordinate is not on the curve, decompression fails:
https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/compressor.cpp#L122-L129
Note that the term "compression" is used here in two different meanings (though they are related), which might be a little confusing. The encoding of a pubkey can either be compressed (33-bytes with 0x02/0x03 prefixes) or uncompressed (65-bytes with 0x04 prefix). On the other hand there is also compression for whole output scripts, which is used for storing scriptPubKeys in the UTXO set in a compact way (and also for the `dumptxoutset` result, accordingly). P2PK output scripts with uncompressed pubkeys get compressed by storing only the x-coordinate and the sign as a prefix (0x04 = even, 0x05 = odd). Was diving deeper into the subject while working on https://github.com/bitcoin/bitcoin/pull/27432, where the script decompression of uncompressed P2PK needed special handling (see also https://github.com/bitcoin/bitcoin/issues/24628#issuecomment-1108798536).
Trivia: as of now (block 801066), there are 13 uncompressed P2PK outputs in the UTXO set with a pubkey not on the curve (which obviously means they are unspendable).
ACKs for top commit:
achow101:
ACK 28287cfbe18b6c468f76389e9f66bdcf2d00f8d1
tdb3:
ACK for 28287cfbe18b6c468f76389e9f66bdcf2d00f8d1.
cbergqvist:
ACK 28287cf!
marcofleon:
Nicely done, ACK 28287cfbe18b6c468f76389e9f66bdcf2d00f8d1. Built the PR branch, ran the unit and functional tests, everything passed.
Tree-SHA512: 777b6c3065654fbfa1ce94926f4cadb91a9ca9dc4dd4af6008ad77bd1da5416f156ad0dfa880d26faab2e168bf9b27e0a068abc9a2be2534d82bee61ee055c65
Diffstat (limited to '.cirrus.yml')
0 files changed, 0 insertions, 0 deletions