Skip to content

Commit 88b7148

Browse files
kanishk779kanishk779
committed
Add example for spending via internal key for taproot
1 parent 297c954 commit 88b7148

File tree

3 files changed

+185
-15
lines changed

3 files changed

+185
-15
lines changed

examples/keyexpr.rs

+144
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,144 @@
1+
use core::str::FromStr;
2+
use std::collections::HashMap;
3+
4+
use actual_rand;
5+
use actual_rand::RngCore;
6+
use bitcoin::hashes::{hash160, ripemd160, sha256};
7+
use bitcoin::secp256k1::XOnlyPublicKey;
8+
use bitcoin::{self, secp256k1, Network};
9+
use miniscript::{hash256, Descriptor, TranslatePk, Translator};
10+
use secp256k1::{KeyPair, Secp256k1, SecretKey};
11+
use secp256k1_zkp::{Message, MusigAggNonce, MusigKeyAggCache, MusigSession};
12+
13+
// xonly_keys generates a pair of vector containing public keys and secret keys
14+
fn xonly_keys(n: usize) -> (Vec<bitcoin::XOnlyPublicKey>, Vec<SecretKey>) {
15+
let mut pubkeys = Vec::with_capacity(n);
16+
let mut seckeys = Vec::with_capacity(n);
17+
let secp = secp256k1::Secp256k1::new();
18+
for _ in 0..n {
19+
let key_pair = KeyPair::new(&secp, &mut secp256k1::rand::thread_rng());
20+
let pk = XOnlyPublicKey::from_keypair(&key_pair);
21+
let sk = SecretKey::from_keypair(&key_pair);
22+
pubkeys.push(pk);
23+
seckeys.push(sk);
24+
}
25+
(pubkeys, seckeys)
26+
}
27+
28+
// StrPkTranslator helps replacing string with actual keys in descriptor/miniscript
29+
struct StrPkTranslator {
30+
pk_map: HashMap<String, bitcoin::XOnlyPublicKey>,
31+
}
32+
33+
impl Translator<String, bitcoin::XOnlyPublicKey, ()> for StrPkTranslator {
34+
fn pk(&mut self, pk: &String) -> Result<bitcoin::XOnlyPublicKey, ()> {
35+
self.pk_map.get(pk).copied().ok_or(())
36+
}
37+
38+
fn pkh(&mut self, _pkh: &String) -> Result<hash160::Hash, ()> {
39+
unreachable!("Policy doesn't contain any pkh fragment");
40+
}
41+
42+
fn sha256(&mut self, _sha256: &String) -> Result<sha256::Hash, ()> {
43+
unreachable!("Policy does not contain any sha256 fragment");
44+
}
45+
46+
fn hash256(&mut self, _sha256: &String) -> Result<hash256::Hash, ()> {
47+
unreachable!("Policy does not contain any hash256 fragment");
48+
}
49+
50+
fn ripemd160(&mut self, _ripemd160: &String) -> Result<ripemd160::Hash, ()> {
51+
unreachable!("Policy does not contain any ripemd160 fragment");
52+
}
53+
54+
fn hash160(&mut self, _hash160: &String) -> Result<hash160::Hash, ()> {
55+
unreachable!("Policy does not contain any hash160 fragment");
56+
}
57+
}
58+
fn main() {
59+
let desc =
60+
Descriptor::<String>::from_str("tr(musig(E,F),{pk(A),multi_a(1,B,musig(C,D))})").unwrap();
61+
62+
// generate the public and secret keys
63+
let (pubkeys, seckeys) = xonly_keys(6);
64+
65+
// create the hashMap (from String to XonlyPublicKey)
66+
let mut pk_map = HashMap::new();
67+
pk_map.insert("A".to_string(), pubkeys[0]);
68+
pk_map.insert("B".to_string(), pubkeys[1]);
69+
pk_map.insert("C".to_string(), pubkeys[2]);
70+
pk_map.insert("D".to_string(), pubkeys[3]);
71+
pk_map.insert("E".to_string(), pubkeys[4]);
72+
pk_map.insert("F".to_string(), pubkeys[5]);
73+
74+
let mut t = StrPkTranslator { pk_map };
75+
// replace with actual keys
76+
let real_desc = desc.translate_pk(&mut t).unwrap();
77+
78+
// bitcoin script for the descriptor
79+
let script = real_desc.script_pubkey();
80+
println!("The script is {}", script);
81+
82+
// address for the descriptor (bc1...)
83+
let address = real_desc.address(Network::Bitcoin).unwrap();
84+
println!("The address is {}", address);
85+
86+
let secp = Secp256k1::new();
87+
// we are spending with the internal key (musig(E,F))
88+
let key_agg_cache = MusigKeyAggCache::new(&secp, &[pubkeys[4], pubkeys[5]]);
89+
// aggregated publickey
90+
let agg_pk = key_agg_cache.agg_pk();
91+
92+
let mut session_id = [0; 32];
93+
actual_rand::thread_rng().fill_bytes(&mut session_id);
94+
95+
// msg should actually be the hash of the transaction, but we use some random
96+
// 32 byte array.
97+
let msg = Message::from_slice(&[3; 32]).unwrap();
98+
let mut pub_nonces = Vec::with_capacity(2);
99+
let mut sec_nonces = Vec::with_capacity(2);
100+
match &real_desc {
101+
Descriptor::Tr(tr) => {
102+
let mut ind = 4;
103+
for _ in tr.internal_key().iter() {
104+
// generate public and secret nonces
105+
let (sec_nonce, pub_nonce) = key_agg_cache
106+
.nonce_gen(&secp, session_id, seckeys[ind], msg, None)
107+
.expect("Non zero session id");
108+
pub_nonces.push(pub_nonce);
109+
sec_nonces.push(sec_nonce);
110+
ind += 1;
111+
}
112+
}
113+
_ => (),
114+
}
115+
116+
// aggregate nonces
117+
let aggnonce = MusigAggNonce::new(&secp, pub_nonces.as_slice());
118+
let session = MusigSession::new(&secp, &key_agg_cache, aggnonce, msg, None);
119+
let mut partial_sigs = Vec::with_capacity(2);
120+
match &real_desc {
121+
Descriptor::Tr(tr) => {
122+
let mut ind = 0;
123+
for _ in tr.internal_key().iter() {
124+
// generate the partial signature for this key
125+
let partial_sig = session
126+
.partial_sign(
127+
&secp,
128+
&mut sec_nonces[ind],
129+
&KeyPair::from_secret_key(&secp, seckeys[4 + ind]),
130+
&key_agg_cache,
131+
)
132+
.unwrap();
133+
partial_sigs.push(partial_sig);
134+
ind += 1;
135+
}
136+
}
137+
_ => (),
138+
}
139+
140+
// aggregate the signature
141+
let signature = session.partial_sig_agg(partial_sigs.as_slice());
142+
// now verify the signature
143+
assert!(secp.verify_schnorr(&signature, &msg, &agg_pk).is_ok())
144+
}

src/descriptor/tr.rs

+26-15
Original file line numberDiff line numberDiff line change
@@ -502,7 +502,7 @@ fn parse_tr_tree(s: &str) -> Result<expression::Tree, Error> {
502502
});
503503
}
504504
// use str::split_once() method to refactor this when compiler version bumps up
505-
let (key, script) = split_once(rest, ',')
505+
let (key, script) = split_key_and_tree(rest)
506506
.ok_or_else(|| Error::BadDescriptor("invalid taproot descriptor".to_string()))?;
507507

508508
let internal_key = expression::Tree {
@@ -529,23 +529,34 @@ fn parse_tr_tree(s: &str) -> Result<expression::Tree, Error> {
529529
}
530530
}
531531

532-
fn split_once(inp: &str, delim: char) -> Option<(&str, &str)> {
532+
fn split_key_and_tree(inp: &str) -> Option<(&str, &str)> {
533533
if inp.is_empty() {
534534
None
535535
} else {
536-
let mut found = inp.len();
537-
for (idx, ch) in inp.chars().enumerate() {
538-
if ch == delim {
539-
found = idx;
540-
break;
541-
}
542-
}
543-
// No comma or trailing comma found
544-
if found >= inp.len() - 1 {
545-
Some((inp, ""))
546-
} else {
547-
Some((&inp[..found], &inp[found + 1..]))
548-
}
536+
// hit the first comma when the open_bracket == 0, we can split at that point
537+
let mut open_brackets = 0;
538+
let mut ind = 0;
539+
for c in inp.chars() {
540+
if c == '(' {
541+
open_brackets += 1;
542+
} else if c == ')' {
543+
open_brackets -= 1;
544+
} else if c == ',' {
545+
if open_brackets == 0 {
546+
break;
547+
}
548+
}
549+
ind += 1;
550+
}
551+
if ind == 0 {
552+
return Some(("", &inp[1..]))
553+
}
554+
if inp.len() == ind {
555+
return Some((inp, ""));
556+
}
557+
let key = &inp[..ind];
558+
let script = &inp[ind+1..];
559+
Some((key, script))
549560
}
550561
}
551562

src/miniscript/mod.rs

+15
Original file line numberDiff line numberDiff line change
@@ -524,6 +524,21 @@ mod tests {
524524

525525
let desc = Descriptor::<String>::from_str("tr(musig(D),pk(musig(A,B,musig(C))))");
526526
assert_eq!(desc.is_ok(), true);
527+
528+
let desc = Descriptor::<String>::from_str("tr(musig(E,F),{pk(A),multi_a(1,B,musig(C,D))})");
529+
assert_eq!(desc.is_ok(), true);
530+
531+
let desc = Descriptor::<String>::from_str("tr(musig(D),pk(musig(A,B,musig(C))))");
532+
assert_eq!(desc.is_ok(), true);
533+
534+
let desc = Descriptor::<String>::from_str("tr(musig(A,B))");
535+
assert_eq!(desc.is_ok(), true);
536+
537+
let desc = Descriptor::<String>::from_str("tr(A)");
538+
assert_eq!(desc.is_ok(), true);
539+
540+
let desc = Descriptor::<String>::from_str("tr(SomeKey)");
541+
assert_eq!(desc.is_ok(), true);
527542
}
528543

529544
#[test]

0 commit comments

Comments
 (0)