taproot: use new field for taproot tweak in SignDescriptor rather than overloading the WitnessScript field
#6446
Milestone
Comments
This requirement means the user needs to know how to do this tagged hash computation. To make things a bit easier to use, we could instead have that be a new bool. If we've gone that far, then IMO we should just add that signing enum instead. |
Roasbeef
added a commit
to Roasbeef/lnd
that referenced
this issue
Apr 22, 2022
Rather than use the WitnessScript field to pass the tweak, we use this new field in place where necessary. In order to allow users to not have to set this field for BIP 86 derived outputs, if the field is blank, and the TaprootKeySpend field is specified, we'll set this to a empty byte array. This'll cause the internal logic to just use the internalKey as the tweak. Fixes lightningnetwork#6446.
guggero
pushed a commit
to guggero/lnd
that referenced
this issue
May 11, 2022
In this commit, we add a new field `TapTweak` to be used for key path spends. Before this commit, we'd overload the existing `WitnessScript` field to pass this information to the signing context. This was confusing as for tapscript spends, this was the leaf script, which mirrors the other script based spending types. With this new filed, users need to set this to the script root for keypath spends where the output key commits to a real merkle root, and nothing when bip 86 spending is being used. To make the signing even more explicit, we also add a new field called sign_method with an enum type that differentiates between the different segwit v0 and v1 signing methods. Fixes lightningnetwork#6446.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A user experimenting with the new taproot keyspend signing features were confused when they realized they actually needed to set the witness script field. Today we use that field to have the user pass in the internal taproot tweak which is used to derive the output key from an internal key. For BIP 86 this tweak is "empty" with the internal key being used. For tapscript spends, this should be the script root itself.
Rather than overload an existing field (the
WitnessScript), we should add a new field (TapTweak?) and update the documentation accordingly. If taproot spends are being attempted, then this field should always be set.While we're at it, we may want to reconsider the existing implicit context when it comes to signing tapscript (the default) vs taproot key spends. The alternative here would be a new enum that needs to be set to determine which of the signature+sighash variants should be used.
The text was updated successfully, but these errors were encountered: