Tapscript new opcodes #1020
Tapscript new opcodes #1020
Conversation
sanket1729
force-pushed
the
opcodes
branch
2 times, most recently
from
fc24a94 to
3e389b8
Compare
| stack.push_back(vchAssetBlindingNonce); | ||
| } else { // No issuance | ||
| stack.push_back(vchFalse); | ||
| } |
There was a problem hiding this comment.
It occurs to me that there is no way to get the actual asset ID (though maybe you can gin it up using the streaming hash opcodes..). Worth thinking about in a future softfork, I don't want to extend the scope of this one too much.
There was a problem hiding this comment.
I think we can compute the asset ID with our CAT and SHA256. If not, we can add new opcodes at a later date.
src/script/interpreter.cpp
Outdated
| case 0: // Version | ||
| { | ||
| // This does an inplicit conversion from version(int32_t) to (uint32_t) | ||
| push4_le(stack, (uint32_t) checker.GetTxVersion()); |
There was a problem hiding this comment.
spelling: implicit.
Also it's not implicit, because you have an explicit cast :)
There was a problem hiding this comment.
I believe static_casts are preferred in C++.
sanket1729
left a comment
sanket1729
left a comment
There was a problem hiding this comment.
Removed the WIP from title. Ready for another review round.
sanket1729
force-pushed
the
opcodes
branch
2 times, most recently
from
c52f710 to
a1ab6b3
Compare
sanket1729
force-pushed
the
opcodes
branch
2 times, most recently
from
c0a6c34 to
8483744
Compare
src/script/interpreter.cpp
Outdated
| } | ||
|
|
||
| // Check the script has sufficient sigops budget for checksig(crypto) operation | ||
| inline bool udpate_validation_weight(ScriptExecutionData& execdata, ScriptError* serror) |
There was a problem hiding this comment.
s/udpate/update/
src/script/interpreter.cpp
Outdated
| if (!pk.IsCompressed() || !res.IsCompressed()) | ||
| return set_error(serror, SCRIPT_ERR_PUBKEYTYPE); | ||
|
|
||
| if(!udpate_validation_weight(execdata, serror)) return false; // serror is set |
There was a problem hiding this comment.
And elsewhere.
src/pubkey.cpp
Outdated
| std::pair<XOnlyPubKey, bool> ret; | ||
| secp256k1_xonly_pubkey out_xonly; | ||
| if (!secp256k1_xonly_pubkey_from_pubkey(secp256k1_context_verify, &out_xonly, &parity, &out)) return nullopt; | ||
| secp256k1_xonly_pubkey_serialize(secp256k1_context_verify, ret.first.begin(), &out_xonly); |
There was a problem hiding this comment.
Prefer ret.first.data() over ret.first.begin() for grabbing a value that is morally a pointer rather than morally an iterator.
There was a problem hiding this comment.
Unfortunately, upstream only has
const unsigned char* data() const { return m_keydata.begin(); }
and not
unsigned char* data() { return m_keydata.begin(); }
There was a problem hiding this comment.
Adding the function in this commit
src/pubkey.h
Outdated
| #include <uint256.h> | ||
|
|
||
| #include <stdexcept> | ||
| #include <cstring> |
There was a problem hiding this comment.
What is cstring used for?
That results in a much safer interface (making the tweak commit to the key implicitly using a fixed tag means it can't be used for unrelated tweaking). bitcoin/bitcoin#22051 (5/9) We actually preserve the "unrelated tweaking" method so we can use it in OP_TWEAKVERIFY
bitcoin/bitcoin#22051 (6/9) Modified to use the old-style Optional rather than std::optional
| { | ||
| secp256k1_xonly_pubkey base_point; | ||
| if (!secp256k1_xonly_pubkey_parse(secp256k1_context_verify, &base_point, base.data())) return false; | ||
| return secp256k1_xonly_pubkey_tweak_add_check(secp256k1_context_verify, m_keydata.begin(), parity, &base_point, hash.begin()); |
There was a problem hiding this comment.
shakes my fist at upstream
|
I can no longer find anything worth complaining about. |
|
ACK 1577ed4 |
Messy merge conflicts because this PR backported some ad-hoc stuff from upstream while keeping a few things that upstream deleted. Hopefully reviewing is easier than doing this in the first place, since ultimately all I did was delete code from one side or another of the conflicts. (Ok, I also changed some boost optional stuff to std::optional, and had to patch up a test file for test framework changes.) When reviewing the detailed crypto, bear in mind that taptweaks, like all hashes are the kind of crypto that cannot be subtly wrong -- it will either fail very hard or be correct. And we have independent implementations in C++ and Python that cross-check each other, si it's unlikely to be the former.
4 participants
Please refer to the new spec here. #1019