Taproot support

[louisinger]

This PR adds Taproot/Tapscript support for elements, greatly inspired by the work already done on btcd: btcsuite/btcd#1787

1. bump btcd to latest, drop btcutils

• In order to use the latest changes of btcsuite/btcd (including taproot PRs + schnorr support), go mod is pointing the latest commit hash. It seems to me that taproot changes has not been released yet (Am I wrong ?).
• btcutils packages are now included in btcd, that's why some imports have been modified

2. Elements taproot

• taproot package extends the btcd/txscript/taproot file and reuses the same unit test file taproot_test.go. Lot of copy-paste there, the logic is the same on Elements. The major change is about BIP-341 hash tags (suffixed by "/elements" on Liquid).
• payment pkg implements several new functions in order to support P2TR payments (unconfidential/confidential).
• blech32 supports segwit v1 encoding (bech32m) + BONUS: add unit tests from liquidjs-lib
• transaction pkg implements HashForWitnessV1.
• some changes in address pkg (getScriptType, toOutputScript etc...).
• e2e nigiri testing for taproot (keypath & tapscript).
• add the new elements tapscript opcodes constants.

About new opcodes: It is quite possible to use the new opcodes now. However, for better introspection support, I think we should extend the scriptBuilder from txscript with some elements-specific functions like AddAssetHash or AddIndex etc.

it closes #172

@altafan @tiero please review

[altafan]

Missing test vectors for changes in address.go?

[altafan]

Do we really need these post checks? In general, this lib's methods make sure that everything's ok before doing any operation "by design", instead of performing post checks.

Is there a way to make these checks over the taproot data before doing the magic in order to make sure that at this point payload.Program is exactly a 32-bytes buffer?

[louisinger]

I think we need the first one if for any reasons the Program has not been computed from data, better to return a error instead of nil isn't it ?

about the length, it's almost the same reason, it's a kind of sanity check before returning the program (it ensures that if len is not 32, it won't fail during address computation)
But I agree, theorically the parse functions on taproot data should "validate" before taproot magic so maybe not useful

[altafan]

Good job so far!
Let's increase the number of (failing) tests to discover and fix "easy" bugs before merging.

[altafan]

About new opcodes: It is quite possible to use the new opcodes now. However, for better introspection support, I think we should extend the scriptBuilder from txscript with some elements-specific functions like AddAssetHash or AddIndex etc.

Don't think this is in the scope of the PR. We should open a dedicated ticket and discuss it there.

[sekulicd]

It would be nice if we can add test cases examples with more complex scripts(multipath) for learning/doc purpose.

[sekulicd]

Should we verify signature? Is VerifyTaprootKeySpend/VerifyTaprootLeafCommitment? same in other test

[louisinger]

Not necessery in my opinion. VerifyTaprootLeafCommitment is tested in taproot pkg and broadcast is already a "sig check"