Merge branch 'master' into elements-22-fix-ci

Author: psgreco

.cirrus.yml

@@ -160,7 +160,7 @@ task:
   << : *GLOBAL_TASK_TEMPLATE
   container:
     image: ubuntu:focal
-    cpu: 4  # Increase CPU and memory to avoid timeout
+    cpu: 8  # Increase CPU and memory to avoid timeout
     memory: 16G
   env:
     << : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV

doc/elements-tx-format.md

@@ -21,7 +21,7 @@ This document assumes some familiarity with Bitcoin and Elements (UTXOs, [Script
 | Flags | Yes | 1 byte | `unsigned char` | | 1 if the transaction contains a witness, otherwise 0. All other values are invalid. |
 | Num Inputs | Yes | Varies | `VarInt` | | Number of inputs to the transaction. |
 | Inputs | Yes | Varies | `Vector<TxIn>` | | |
-| Num Inputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
+| Num Outputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
 | Outputs | Yes | Varies | `Vector<TxOut>` | | |
 | Locktime | Yes | 4 bytes | `uint32_t` | Little-endian | See [BIP 113](https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki). |
 | Witness | Only if flags is 1 | Varies | `Witness` | | See [BIP 141](https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki). Note that Elements witnesses contain more data than Bitcoin witnesses. This extra data is described further below. |
@@ -203,13 +203,13 @@ Deserialization:
 |                                      Input #2
 | 8d83eb1b0826f46d473003d041116927
 | 470e2ce0f7cc0c634a983d438d770ac8 ... Outpoint TXID: c80a778d433d984a630cccf7e02c0e4727691141d00330476df426081beb838d
-| 00000000 ........................... Outpoint index 
+| 00000000 ........................... Outpoint index
 |
 | 00 ................................. ScriptSig length
 | | .................................. ScriptSig (empty)
 |
 | ffffffff ........................... Sequence number: UINT32_MAX
- 
+
 02 ................................... Num Outputs
 |
 |                                      Output #1
@@ -239,7 +239,7 @@ Deserialization:
 | 03 ................................. Nonce header (0x03 → compressed point)
 | 72fdd5c6e805a50d73ab15ec41cfaadc
 | be408ecc7a5867621918f1070f84ec95 ... Nonce x-coordinate (big-endian)
-| 
+|
 | 16 ................................. ScriptPubKey length (0x16 = 22 bytes)
 | | 001424ae71d4804ca7dd1fa66486a8
 | | 7af9dff1663c84 ................... ScriptPubKey
@@ -317,18 +317,18 @@ Deserialization:
 | | .................................. ScriptSig (empty: segwit transaction)
 |
 | fdffffff ........................... Sequence number
-| 
+|
 | .................................... Asset issuance
 | | 000000000000000000000000000000
 | | 000000000000000000000000000000
 | | 0000 ............................. Asset blinding nonce (0 for new asset issuance)
-| | 
+| |
 | | 000000000000000000000000000000
 | | 000000000000000000000000000000
 | | 0000 ............................. Asset entropy
 | |
 | | 01 ............................... Amount header (0x01 → explicit, unblinded value)
-| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000) 
+| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000)
 | |
 | | 01 ............................... Num inflation keys header (0x01 → explicit, unblinded value)
 | | 0000000029b92700 ................. Value. 0x29b92700 = 700,000,000 inflation keys
@@ -343,7 +343,7 @@ Deserialization:
 | 08 ................................. Amount header (0x08 → blinded value)
 | 66abe471dfadfb650825abe6f757860b
 | 6760d30ff62bc7c9ebd438608f45368b ... Amount x-coordinate (big-endian)
-|                                      
+|
 | 02 ................................. Nonce header (0x02 → blinded value)
 | 115750003261bc64bb73d83401a91279
 | 6d0c0fb9d54c72751a7ca7a5149a9bdf ... Nonce x-coordinate (big-endian)
@@ -518,7 +518,7 @@ Deserialization:
 | 6d521c38ec1ea15734ae22b7c4606441
 | 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 |
-| 01 ................................. Amount header (0x01 → explicit, unblinded value) 
+| 01 ................................. Amount header (0x01 → explicit, unblinded value)
 | 00000000002b09c1 ................... Amount: 0.02820545 L-BTC
 |
 | 00 ................................. Nonce header (0x00 → null)
@@ -532,7 +532,7 @@ Deserialization:
 | 6d521c38ec1ea15734ae22b7c4606441
 | 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 |
-| 01 ................................. Amount header (0x01 → explicit, unblinded value) 
+| 01 ................................. Amount header (0x01 → explicit, unblinded value)
 | 0000000000000027 ................... Amount: 0.00000039 L-BTC
 |
 | 00 ................................. Nonce header (0x00 → null)
@@ -560,10 +560,10 @@ Deserialization:
 | | | f34227cbba1cf25eb0778aa45f8b
 | | | 7cb3495046 ..................... Stack item #2
 | 06 ................................. Peg-in witness stack length
-| | 08 ............................... Stack item #1 length  
+| | 08 ............................... Stack item #1 length
 | | | e8092b0000000000 ............... Peg-in value (little-endian): 0x2b09e8 = 0.02820545 BTC)
 | | 20 ............................... Stack item #2 length (0x20 = 32)
-| | | 6d521c38ec1ea15734ae22b7c46064 
+| | | 6d521c38ec1ea15734ae22b7c46064
 | | | 412829c0d0579f0a713d1c04ede979
 | | | 026f ........................... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 | | 20 ............................... Stack item #3 length (0x20 = 32)
@@ -592,4 +592,4 @@ Deserialization:
 |                                      Output #2 witness
 | 00 ................................. Surjection proof length
 | 00 ................................. Range proof length
-```
+```

doc/pset.mediawiki

@@ -255,6 +255,56 @@ The currently defined elements per-input proprietary types are as follows:
 |
 | 0
 | 2
+|-
+| Explicit Value
+| <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE = 0x11</tt>
+| None
+| No key data
+| <tt><64-bit little endian int value></tt>
+| The explicit value for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_VALUE_PROOF</tt> must be provided too. Must not be provided if the input's value in the UTXO is already explicit.
+|
+| 0
+| 2
+|-
+| Explicit Value Proof
+| <tt>PSBT_ELEMENTS_IN_VALUE_PROOF = 0x12</tt>
+| None
+| No key data
+| <tt><rangeproof></tt>
+| An explicit value rangeproof that proves that the value commitment in this input's UTXO matches the explicit value in <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt> must be provided too.
+|
+| 0
+| 2
+|-
+| Explicit Asset
+| <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET = 0x13</tt>
+| None
+| No key data
+| <tt><32 byte asset tag></tt>
+| The explicit asset for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_ASSET_PROOF</tt> must be provided too. Must not be provided if the input's asset in the UTXO is already explicit.
+|
+| 0
+| 2
+|-
+| Explicit Asset Proof
+| <tt>PSBT_ELEMENTS_IN_ASSET_PROOF = 0x14</tt>
+| None
+| No key data
+| <tt><proof></tt>
+| An asset surjection proof with this input's asset as the only asset in the input set in order to prove that the asset commitment in the UTXO matches the explicit asset in <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt> must be provided too.
+|
+| 0
+| 2
+|-
+| Blinded Issuance Flag
+| <tt>PSBT_ELEMENTS_IN_BLINDED_ISSUANCE = 0x15</tt>
+| None
+| No key data
+| <tt><1 byte boolean></tt>
+| A boolean flag. <tt>0x00</tt> indicates the issuance should not be blinded, <tt>0x01</tt> indicates it should be. If not specified, assumed to be <tt>0x01</tt>. Note that this does not indicate actual blinding status, but rather the expected blinding status prior to signing.
+|
+| 0
+| 2
 |}
 
 The currently defined elements per-output proprietary types are as follows:

share/setup.nsi.in

@@ -52,7 +52,7 @@ Var StartMenuGroup
 !insertmacro MUI_LANGUAGE English
 
 # Installer attributes
-InstallDir $PROGRAMFILES64\Bitcoin
+InstallDir $PROGRAMFILES64\Elements
 CRCCheck on
 XPStyle on
 BrandingText " "
@@ -105,7 +105,7 @@ Section -post SEC0001
     WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoModify 1
     WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoRepair 1
     WriteRegStr HKCR "@PACKAGE_TARNAME@" "URL Protocol" ""
-    WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Bitcoin"
+    WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Elements"
     WriteRegStr HKCR "@PACKAGE_TARNAME@\DefaultIcon" "" $INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@
     WriteRegStr HKCR "@PACKAGE_TARNAME@\shell\open\command" "" '"$INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@" "%1"'
 SectionEnd
@@ -138,7 +138,7 @@ Section -un.post UNSEC0001
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\Uninstall $(^Name).lnk"
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\$(^Name).lnk"
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\@PACKAGE_NAME@ (testnet, 64-bit).lnk"
-    Delete /REBOOTOK "$SMSTARTUP\Bitcoin.lnk"
+    Delete /REBOOTOK "$SMSTARTUP\Elements.lnk"
     Delete /REBOOTOK $INSTDIR\uninstall.exe
     Delete /REBOOTOK $INSTDIR\debug.log
     Delete /REBOOTOK $INSTDIR\db.log

src/blindpsbt.cpp

@@ -220,6 +220,35 @@ BlindProofResult VerifyBlindProofs(const PSBTOutput& o) {
     return BlindProofResult::OK;
 }
 
+BlindProofResult VerifyBlindProofs(const PSBTInput& i) {
+    CTxOut utxo;
+    if (!i.GetUTXO(utxo)) {
+        return BlindProofResult::OK;
+    }
+
+    if (i.m_explicit_value != std::nullopt) {
+        if (i.m_value_proof.empty()) {
+            return BlindProofResult::MISSING_VALUE_PROOF;
+        } else if (!utxo.nValue.IsCommitment()) {
+            return BlindProofResult::NOT_FULLY_BLINDED;
+        } else if (!VerifyBlindValueProof(*i.m_explicit_value, utxo.nValue, i.m_value_proof, utxo.nAsset)) {
+            return BlindProofResult::INVALID_VALUE_PROOF;
+        }
+    }
+
+    if (!i.m_explicit_asset.IsNull()) {
+        if (i.m_asset_proof.empty()) {
+            return BlindProofResult::MISSING_ASSET_PROOF;
+        } else if (!utxo.nAsset.IsCommitment()) {
+            return BlindProofResult::NOT_FULLY_BLINDED;
+        } else if (!VerifyBlindAssetProof(i.m_explicit_asset, i.m_asset_proof, utxo.nAsset)) {
+            return BlindProofResult::INVALID_ASSET_PROOF;
+        }
+    }
+
+    return BlindProofResult::OK;
+}
+
 void CreateAssetCommitment(CConfidentialAsset& conf_asset, secp256k1_generator& asset_gen, const CAsset& asset, const uint256& asset_blinder)
 {
     conf_asset.vchCommitment.resize(CConfidentialAsset::nCommittedSize);
@@ -386,7 +415,8 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
         }
 
         // Handle issuances
-        if (input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment()) {
+        if ((!input.m_blinded_issuance.has_value() || input.m_blinded_issuance.value()) &&
+            (input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment())) {
             CAsset issuance_asset;
             CAsset reissuance_asset;
 

src/blindpsbt.h

@@ -17,6 +17,7 @@
 
 struct PartiallySignedTransaction;
 struct PSBTOutput;
+struct PSBTInput;
 
 enum class BlindingStatus
 {
@@ -52,5 +53,6 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
 bool VerifyBlindValueProof(CAmount value, const CConfidentialValue& conf_value, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
 bool VerifyBlindAssetProof(const uint256& asset, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
 BlindProofResult VerifyBlindProofs(const PSBTOutput& o);
+BlindProofResult VerifyBlindProofs(const PSBTInput& i);
 
 #endif //BITCOIN_BLINDPSBT_H

src/psbt.h

@@ -73,6 +73,11 @@ static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_ASSET_ENTROPY = 0x0d;
 static constexpr uint8_t PSBT_ELEMENTS_IN_UTXO_RANGEPROOF = 0x0e;
 static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_BLIND_VALUE_PROOF = 0x0f;
 static constexpr uint8_t PSBT_ELEMENTS_IN_ISSUANCE_BLIND_INFLATION_KEYS_PROOF = 0x10;
+static constexpr uint8_t PSBT_ELEMENTS_IN_EXPLICIT_VALUE = 0x11;
+static constexpr uint8_t PSBT_ELEMENTS_IN_VALUE_PROOF = 0x12;
+static constexpr uint8_t PSBT_ELEMENTS_IN_EXPLICIT_ASSET = 0x13;
+static constexpr uint8_t PSBT_ELEMENTS_IN_ASSET_PROOF = 0x14;
+static constexpr uint8_t PSBT_ELEMENTS_IN_BLINDED_ISSUANCE = 0x15;
 
 // Output types
 static constexpr uint8_t PSBT_OUT_REDEEMSCRIPT = 0x00;
@@ -248,6 +253,7 @@ struct PSBTInput
     uint256 m_issuance_asset_entropy;
     std::vector<unsigned char> m_blind_issuance_value_proof;
     std::vector<unsigned char> m_blind_issuance_inflation_keys_proof;
+    std::optional<bool> m_blinded_issuance;
 
     // Peg-in
     std::variant<std::monostate, Sidechain::Bitcoin::CTransactionRef, CTransactionRef> m_peg_in_tx;
@@ -259,6 +265,10 @@ struct PSBTInput
 
     // Auxiliary elements stuff
     std::vector<unsigned char> m_utxo_rangeproof;
+    std::optional<CAmount> m_explicit_value;
+    std::vector<unsigned char> m_value_proof;
+    uint256 m_explicit_asset;
+    std::vector<unsigned char> m_asset_proof;
 
     bool IsNull() const;
     void FillSignatureData(SignatureData& sigdata) const;
@@ -473,6 +483,31 @@ struct PSBTInput
                 SerializeToVector(s, CompactSizeWriter(PSBT_OUT_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_ISSUANCE_BLIND_INFLATION_KEYS_PROOF));
                 s << m_blind_issuance_inflation_keys_proof;
             }
+
+            // Explicit value and its proof
+            if (m_explicit_value.has_value()) {
+                SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_EXPLICIT_VALUE));
+                SerializeToVector(s, m_explicit_value.value());
+            }
+            if (!m_value_proof.empty()) {
+                SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_VALUE_PROOF));
+                s << m_value_proof;
+            }
+
+            // Explicit asset and its proof
+            if (!m_explicit_asset.IsNull()) {
+                SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_EXPLICIT_ASSET));
+                SerializeToVector(s, m_explicit_asset);
+            }
+            if (!m_asset_proof.empty()) {
+                SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_ASSET_PROOF));
+                s << m_asset_proof;
+            }
+
+            if (m_blinded_issuance.has_value()) {
+                SerializeToVector(s, CompactSizeWriter(PSBT_IN_PROPRIETARY), PSBT_ELEMENTS_ID, CompactSizeWriter(PSBT_ELEMENTS_IN_BLINDED_ISSUANCE));
+                SerializeToVector(s, *m_blinded_issuance);
+            }
         }
 
         // Write proprietary things
@@ -886,6 +921,60 @@ struct PSBTInput
                                 s >> m_blind_issuance_inflation_keys_proof;
                                 break;
                             }
+                            case PSBT_ELEMENTS_IN_EXPLICIT_VALUE:
+                            {
+                                if (!key_lookup.emplace(key).second) {
+                                    throw std::ios_base::failure("Duplicate Key, explicit value is already provided");
+                                } else if (subkey_len != 1) {
+                                    throw std::ios_base::failure("Input explicit value is more than one byte type");
+                                }
+                                CAmount v;
+                                UnserializeFromVector(s, v);
+                                m_explicit_value = v;
+                                break;
+                            }
+                            case PSBT_ELEMENTS_IN_VALUE_PROOF:
+                            {
+                                if (!key_lookup.emplace(key).second) {
+                                    throw std::ios_base::failure("Duplicate Key, explicit value proof is already provided");
+                                } else if (subkey_len != 1) {
+                                    throw std::ios_base::failure("Input explicit value proof is more than one byte type");
+                                }
+                                s >> m_value_proof;
+                                break;
+                            }
+                            case PSBT_ELEMENTS_IN_EXPLICIT_ASSET:
+                            {
+                                if (!key_lookup.emplace(key).second) {
+                                    throw std::ios_base::failure("Duplicate Key, explicit asset is already provided");
+                                } else if (subkey_len != 1) {
+                                    throw std::ios_base::failure("Input explicit asset is more than one byte type");
+                                }
+                                UnserializeFromVector(s, m_explicit_asset);
+                                break;
+                            }
+                            case PSBT_ELEMENTS_IN_ASSET_PROOF:
+                            {
+                                if (!key_lookup.emplace(key).second) {
+                                    throw std::ios_base::failure("Duplicate Key, explicit asset proof is already provided");
+                                } else if (subkey_len != 1) {
+                                    throw std::ios_base::failure("Input explicit asset proof is more than one byte type");
+                                }
+                                s >> m_asset_proof;
+                                break;
+                            }
+                            case PSBT_ELEMENTS_IN_BLINDED_ISSUANCE:
+                            {
+                                if (!key_lookup.emplace(key).second) {
+                                    throw std::ios_base::failure("Duplicate Key, issuance needs blinded flag is already provided");
+                                } else if (subkey_len != 1) {
+                                    throw std::ios_base::failure("Input issuance needs blinded flag is more than one byte type");
+                                }
+                                bool b;
+                                UnserializeFromVector(s, b);
+                                m_blinded_issuance = b;
+                                break;
+                            }
                             default:
                             {
                                 known = false;
@@ -936,6 +1025,12 @@ struct PSBTInput
             if (!m_issuance_inflation_keys_commitment.IsNull() && m_issuance_inflation_keys_rangeproof.empty()) {
                 throw std::ios_base::failure("Issuance inflation keys commitment provided without inflation keys rangeproof");
             }
+            if ((m_explicit_value.has_value() || !m_value_proof.empty()) && (!m_explicit_value.has_value() || m_value_proof.empty())) {
+                throw std::ios_base::failure("Input explicit value and value proof must be provided together");
+            }
+            if ((!m_explicit_asset.IsNull() || !m_asset_proof.empty()) && (m_explicit_asset.IsNull() || m_asset_proof.empty())) {
+                throw std::ios_base::failure("Input explicit asset and asset proof must be provided together");
+            }
         }
     }