-
Notifications
You must be signed in to change notification settings - Fork 131
/
sign_multisig.rs
143 lines (125 loc) · 5.29 KB
/
sign_multisig.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// Miniscript
// Written in 2019 by
// Andrew Poelstra <apoelstra@wpsoftware.net>
//
// To the extent possible under law, the author(s) have dedicated all
// copyright and related and neighboring rights to this software to
// the public domain worldwide. This software is distributed without
// any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication
// along with this software.
// If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
//
//! Example: Signing a 2-of-3 multisignature.
use std::collections::HashMap;
use std::str::FromStr;
use bitcoin::blockdata::witness::Witness;
use bitcoin::{secp256k1, LockTime};
fn main() {
let mut tx = spending_transaction();
let pks = list_of_three_arbitrary_public_keys();
let sig = random_signature_from_the_blockchain();
// Descriptor for the output being spent.
let s = format!("wsh(multi(2,{},{},{}))", pks[0], pks[1], pks[2],);
let descriptor = miniscript::Descriptor::<bitcoin::PublicKey>::from_str(&s).unwrap();
// Check weight for witness satisfaction cost ahead of time.
// 4 (scriptSig length of 0) + 1 (witness stack size) + 106 (serialized witnessScript)
// + 73*2 (signature length + signatures + sighash bytes) + 1 (dummy byte) = 258
assert_eq!(descriptor.max_satisfaction_weight().unwrap(), 258);
// Sometimes it is necessary to have additional information to get the
// `bitcoin::PublicKey` from the `MiniscriptKey` which can be supplied by
// the `to_pk_ctx` parameter. For example, when calculating the script
// pubkey of a descriptor with xpubs, the secp context and child information
// maybe required.
// Observe the script properties, just for fun.
assert_eq!(
format!("{:x}", descriptor.script_pubkey()),
"00200ed49b334a12c37f3df8a2974ad91ff95029215a2b53f78155be737907f06163"
);
assert_eq!(
format!(
"{:x}",
descriptor
.explicit_script()
.expect("wsh descriptors have unique inner script")
),
"52\
21020202020202020202020202020202020202020202020202020202020202020202\
21020102030405060708010203040506070801020304050607080000000000000000\
21030102030405060708010203040506070801020304050607080000000000000000\
53ae"
);
// Attempt to satisfy at age 0, height 0.
let original_txin = tx.input[0].clone();
let mut sigs = HashMap::<bitcoin::PublicKey, miniscript::bitcoin::EcdsaSig>::new();
// Doesn't work with no signatures.
assert!(descriptor.satisfy(&mut tx.input[0], &sigs).is_err());
assert_eq!(tx.input[0], original_txin);
// ...or one signature...
sigs.insert(pks[1], sig);
assert!(descriptor.satisfy(&mut tx.input[0], &sigs).is_err());
assert_eq!(tx.input[0], original_txin);
// ...but two signatures is ok.
sigs.insert(pks[2], sig);
assert!(descriptor.satisfy(&mut tx.input[0], &sigs).is_ok());
assert_ne!(tx.input[0], original_txin);
assert_eq!(tx.input[0].witness.len(), 4); // 0, sig, sig, witness script
// ...and even if we give it a third signature, only two are used.
sigs.insert(pks[0], sig);
assert!(descriptor.satisfy(&mut tx.input[0], &sigs).is_ok());
assert_ne!(tx.input[0], original_txin);
assert_eq!(tx.input[0].witness.len(), 4); // 0, sig, sig, witness script
}
// Transaction which spends some output.
fn spending_transaction() -> bitcoin::Transaction {
bitcoin::Transaction {
version: 2,
lock_time: LockTime::from(0),
input: vec![bitcoin::TxIn {
previous_output: Default::default(),
script_sig: bitcoin::Script::new(),
sequence: 0xffffffff,
witness: Witness::default(),
}],
output: vec![bitcoin::TxOut {
script_pubkey: bitcoin::Script::new(),
value: 100_000_000,
}],
}
}
fn list_of_three_arbitrary_public_keys() -> Vec<bitcoin::PublicKey> {
#[cfg_attr(feature="cargo-fmt", rustfmt_skip)]
vec![
bitcoin::PublicKey::from_slice(&[2; 33]).expect("key 1"),
bitcoin::PublicKey::from_slice(&[
0x02,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
]).expect("key 2"),
bitcoin::PublicKey::from_slice(&[
0x03,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
]).expect("key 3"),
]
}
// Returns a signature copied at random off the blockchain; this is not actually
// a valid signature for this transaction; Miniscript does not verify the validity.
fn random_signature_from_the_blockchain() -> bitcoin::EcdsaSig {
bitcoin::EcdsaSig {
sig: secp256k1::ecdsa::Signature::from_str(
"3045\
0221\
00f7c3648c390d87578cd79c8016940aa8e3511c4104cb78daa8fb8e429375efc1\
0220\
531d75c136272f127a5dc14acc0722301cbddc222262934151f140da345af177",
)
.unwrap(),
hash_ty: bitcoin::EcdsaSighashType::All,
}
}