aboutsummaryrefslogtreecommitdiff
path: root/src/script/sign.cpp
diff options
context:
space:
mode:
authorAndrew Chow <achow101-github@achow101.com>2022-03-04 07:12:16 -0500
committerAndrew Chow <achow101-github@achow101.com>2022-03-04 07:28:23 -0500
commitbada9636d7f2efbc620fd89107baa2bf3e64a6b8 (patch)
tree89bb23c7472e0c52330c0ef809ddd138dbb0b802 /src/script/sign.cpp
parent4fae737f4b749b0e2e3cf3fd4dc28db7a1a93b19 (diff)
parent4828d53eccd52a67631c64cef0ba7df90dff138d (diff)
Merge bitcoin/bitcoin#24043: Add (sorted)multi_a descriptor for k-of-n multisig inside tr
4828d53eccd52a67631c64cef0ba7df90dff138d Add (sorted)multi_a descriptors to doc/descriptors.md (Pieter Wuille) b5f33ac1f82aea290b4653af36ac2ad1bf1cce7b Simplify wallet_taproot.py functional test (Pieter Wuille) eb0667ea96d52db9135514a5e95ab943f6abd8a6 Add tests for (sorted)multi_a derivation/signing (Pieter Wuille) c17c6aa08df81aa0086d80b50187c8cd60ecc222 Add signing support for (sorted)multi_a scripts (Pieter Wuille) 3eed6fca57d1fa7544f372e6e7de0a9ae1b5715a Add multi_a descriptor inference (Pieter Wuille) 79728c4a3d8a74f276daf1e72abbdecdab85a5d8 Add (sorted)multi_a descriptor and script derivation (Pieter Wuille) 25e95f9ff89a97b87ce218f28274c3c821b2d54d Merge/generalize IsValidMultisigKeyCount/GetMultisigKeyCount (Pieter Wuille) Pull request description: This adds a new `multi_a(k,key_1,key_2,...,key_n)` (and corresponding `sortedmulti_a`) descriptor for k-of-n policies inside `tr()`. Semantically it is very similar to the existing `multi()` descriptor, but with the following changes: * The corresponding script is `<key1> OP_CHECKSIG <key2> OP_CHECKSIGADD <key3> OP_CHECKSIGADD ... <key_n> OP_CHECKSIGADD <k> OP_NUMEQUAL`, rather than the traditional `OP_CHECKMULTISIG`-based script, making it usable inside the `tr()` descriptor. * The keys can optionally be specified in x-only notation. * Both the number of keys and the threshold can be as high as 999; this is the limit due to the consensus stacksize=1000 limit I expect that this functionality will later be replaced with a miniscript-based implementation, but I don't think it's necessary to wait for that. Limitations: * The wallet code will for not estimate witness size incorrectly for script path spends, which may result in a (dramatic) fee underpayment with large multi_a scripts. * The multi_a script construction is (slightly) suboptimal for n-of-n (where a `<key1> OP_CHECKSIGVERIFY ... <key_n-1> OP_CHECKSIGVERIFY <key_n> OP_CHECKSIG` would be better). Such a construction is not included here. ACKs for top commit: achow101: ACK 4828d53eccd52a67631c64cef0ba7df90dff138d gruve-p: ACK https://github.com/bitcoin/bitcoin/pull/24043/commits/4828d53eccd52a67631c64cef0ba7df90dff138d sanket1729: code review ACK 4828d53eccd52a67631c64cef0ba7df90dff138d darosior: Code review ACK 4828d53eccd52a67631c64cef0ba7df90dff138d Tree-SHA512: 5dcd434b79585f0ff830f7d501d27df5e346f5749f47a3109ec309ebf2cbbad0e1da541eec654026d911ab67fd7cf7793fab0f765628d68d81b96ef2a4d234ce
Diffstat (limited to 'src/script/sign.cpp')
-rw-r--r--src/script/sign.cpp23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/script/sign.cpp b/src/script/sign.cpp
index 371a937bc8..2e5c49e0b6 100644
--- a/src/script/sign.cpp
+++ b/src/script/sign.cpp
@@ -174,6 +174,29 @@ static bool SignTaprootScript(const SigningProvider& provider, const BaseSignatu
result = Vector(std::move(sig));
return true;
}
+ return false;
+ }
+
+ // multi_a scripts (<key> OP_CHECKSIG <key> OP_CHECKSIGADD <key> OP_CHECKSIGADD <k> OP_NUMEQUAL)
+ if (auto match = MatchMultiA(script)) {
+ std::vector<std::vector<unsigned char>> sigs;
+ int good_sigs = 0;
+ for (size_t i = 0; i < match->second.size(); ++i) {
+ XOnlyPubKey pubkey{*(match->second.rbegin() + i)};
+ std::vector<unsigned char> sig;
+ bool good_sig = CreateTaprootScriptSig(creator, sigdata, provider, sig, pubkey, leaf_hash, sigversion);
+ if (good_sig && good_sigs < match->first) {
+ ++good_sigs;
+ sigs.push_back(std::move(sig));
+ } else {
+ sigs.emplace_back();
+ }
+ }
+ if (good_sigs == match->first) {
+ result = std::move(sigs);
+ return true;
+ }
+ return false;
}
return false;