diff options
author | Pieter Wuille <pieter@wuille.net> | 2021-02-01 16:21:59 -0800 |
---|---|---|
committer | Pieter Wuille <pieter@wuille.net> | 2021-05-24 12:14:16 -0700 |
commit | 2fbfb1becb3c0c109cd7c30b245b51da22039932 (patch) | |
tree | 46b4a54e0e774bb0f811bbc1268d080757932bdc /src/script | |
parent | a4bf84039c00b196b87f969acf6369d72c56ab46 (diff) |
Make consensus checking of tweaks in pubkey.* Taproot-specific
That results in a much safer interface (making the tweak commit
to the key implicitly using a fixed tag means it can't be used for
unrelated tweaking).
Diffstat (limited to 'src/script')
-rw-r--r-- | src/script/interpreter.cpp | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp index dc0f165be0..5f04d486b1 100644 --- a/src/script/interpreter.cpp +++ b/src/script/interpreter.cpp @@ -1486,7 +1486,6 @@ template PrecomputedTransactionData::PrecomputedTransactionData(const CMutableTr static const CHashWriter HASHER_TAPSIGHASH = TaggedHash("TapSighash"); static const CHashWriter HASHER_TAPLEAF = TaggedHash("TapLeaf"); static const CHashWriter HASHER_TAPBRANCH = TaggedHash("TapBranch"); -static const CHashWriter HASHER_TAPTWEAK = TaggedHash("TapTweak"); static bool HandleMissingData(MissingDataBehavior mdb) { @@ -1869,10 +1868,8 @@ static bool VerifyTaprootCommitment(const std::vector<unsigned char>& control, c } k = ss_branch.GetSHA256(); } - // Compute the tweak from the Merkle root and the internal pubkey. - k = (CHashWriter(HASHER_TAPTWEAK) << MakeSpan(p) << k).GetSHA256(); // Verify that the output pubkey matches the tweaked internal pubkey, after correcting for parity. - return q.CheckPayToContract(p, k, control[0] & 1); + return q.CheckTapTweak(p, k, control[0] & 1); } static bool VerifyWitnessProgram(const CScriptWitness& witness, int witversion, const std::vector<unsigned char>& program, unsigned int flags, const BaseSignatureChecker& checker, ScriptError* serror, bool is_p2sh) |