diff options
| author | Pieter Wuille <pieter@wuille.net> | 2021-02-01 16:21:59 -0800 |
|---|---|---|
| committer | Pieter Wuille <pieter@wuille.net> | 2021-05-24 12:14:16 -0700 |
| commit | 2fbfb1becb3c0c109cd7c30b245b51da22039932 (patch) | |
| tree | 46b4a54e0e774bb0f811bbc1268d080757932bdc /src/pubkey.h | |
| parent | a4bf84039c00b196b87f969acf6369d72c56ab46 (diff) | |
| download | bitcoin-2fbfb1becb3c0c109cd7c30b245b51da22039932.tar.xz | |
Make consensus checking of tweaks in pubkey.* Taproot-specific
That results in a much safer interface (making the tweak commit
to the key implicitly using a fixed tag means it can't be used for
unrelated tweaking).
Diffstat (limited to 'src/pubkey.h')
| -rw-r--r-- | src/pubkey.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/pubkey.h b/src/pubkey.h index 7d09faa9c1..e5d9d08b52 100644 --- a/src/pubkey.h +++ b/src/pubkey.h @@ -236,7 +236,20 @@ public: * sigbytes must be exactly 64 bytes. */ bool VerifySchnorr(const uint256& msg, Span<const unsigned char> sigbytes) const; - bool CheckPayToContract(const XOnlyPubKey& base, const uint256& hash, bool parity) const; + + /** Compute the Taproot tweak as specified in BIP341, with *this as internal + * key: + * - if merkle_root == nullptr: H_TapTweak(xonly_pubkey) + * - otherwise: H_TapTweak(xonly_pubkey || *merkle_root) + * + * Note that the behavior of this function with merkle_root != nullptr is + * consensus critical. + */ + uint256 ComputeTapTweakHash(const uint256* merkle_root) const; + + /** Verify that this is a Taproot tweaked output point, against a specified internal key, + * Merkle root, and parity. */ + bool CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const; const unsigned char& operator[](int pos) const { return *(m_keydata.begin() + pos); } const unsigned char* data() const { return m_keydata.begin(); } |