You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before taproot, there're two main signatures types for Bitcoin: pre-segwit, and segwit. They primarily differ in the way the sighash is computed.
Post-taproot we add two additional types: taproot key spend and tapscript leaf spend. Unlike the prior two signatures types, these are both schnorr only. The key spend sig type is used when we're spending from a regular top-level taproot output, and uses a new sighash type. The tapscript type is used when we're spending a leaf in the taproot tree. For the tapscript spend type, a valid witness also needs to include a merkle proof that the script being signed is actually a part of the tree. Note that the proof itself isn't signed, so if there're duplicate scripts in the tree, then it may be possible to use the sigs in a somewhat floating manner.
Aside from the new sighash types, we'll need to update internal data structures and RPC requersts to reflect the fact that taproot signatures can be 64 or 65 byte (64 byte sigs use an implicit sighash type of 0), and also that the schnorr public keys are always 32 bytes.
Steps to Completion
Update the SignDescriptor used as a part of ComputeInputScript and SignOutputRaw abstract away from the existing single sighash field in favor of a multi-level (?) structure where the sig type is specified, then the sighash. The two sig types here are taproot vs tapscript.
Alternatively, we can minimize breaking changes here and just add another field for the sig type.
Update the SignDescriptor to specify a field for complete set of input values associated with the transaction. Unlike segwitv0, the taproot sighash also includes the input value information for all the inputs when sighash_all is used.
Update ComputeInputScript to support basic taproot key spend paths. It'll use all the additional fields created above, but create the new witness which is just the raw signature. Signing for this case should assume usage of BIP 86
In cases where BIP 86 may not be used, we should also optionally accept the taproot script root as well.
The text was updated successfully, but these errors were encountered:
Alternatively, we can minimize breaking changes here and just add another field for the sig type.
Not sure if I'm missing something here. But can't we just look at the pkScript of the output we're signing to determine the type of the signature? If it's a p2tr script, we're only supposed to be using Schnorr signatures. If it's a p2wpkh or p2wsh script, we use a legacy ECDSA signature.
Before taproot, there're two main signatures types for Bitcoin: pre-segwit, and segwit. They primarily differ in the way the sighash is computed.
Post-taproot we add two additional types: taproot key spend and tapscript leaf spend. Unlike the prior two signatures types, these are both schnorr only. The key spend sig type is used when we're spending from a regular top-level taproot output, and uses a new sighash type. The tapscript type is used when we're spending a leaf in the taproot tree. For the tapscript spend type, a valid witness also needs to include a merkle proof that the script being signed is actually a part of the tree. Note that the proof itself isn't signed, so if there're duplicate scripts in the tree, then it may be possible to use the sigs in a somewhat floating manner.
Aside from the new sighash types, we'll need to update internal data structures and RPC requersts to reflect the fact that taproot signatures can be 64 or 65 byte (64 byte sigs use an implicit sighash type of 0), and also that the schnorr public keys are always 32 bytes.
Steps to Completion
SignDescriptor
used as a part ofComputeInputScript
andSignOutputRaw
abstract away from the existing singlesighash
field in favor of a multi-level (?) structure where the sig type is specified, then the sighash. The two sig types here are taproot vs tapscript.SignDescriptor
to specify a field for complete set of input values associated with the transaction. Unlike segwitv0, the taproot sighash also includes the input value information for all the inputs when sighash_all is used.ComputeInputScript
to support basic taproot key spend paths. It'll use all the additional fields created above, but create the new witness which is just the raw signature. Signing for this case should assume usage of BIP 86The text was updated successfully, but these errors were encountered: