summaryrefslogtreecommitdiff
path: root/aa/18411fb876f03c9dee1279b02e206c0acbc968
blob: e475c57f48d9a078a0761407a88e13cbb13f7c88 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
Return-Path: <riccardo.casatta@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 80839C000D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 17 Sep 2021 07:08:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp4.osuosl.org (Postfix) with ESMTP id 7C1AD4071E
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 17 Sep 2021 07:08:04 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level: 
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp4.osuosl.org (amavisd-new);
 dkim=pass (2048-bit key) header.d=gmail.com
Received: from smtp4.osuosl.org ([127.0.0.1])
 by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9239g65dhG0j
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 17 Sep 2021 07:08:01 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
Received: from mail-qv1-xf32.google.com (mail-qv1-xf32.google.com
 [IPv6:2607:f8b0:4864:20::f32])
 by smtp4.osuosl.org (Postfix) with ESMTPS id E141640701
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 17 Sep 2021 07:08:00 +0000 (UTC)
Received: by mail-qv1-xf32.google.com with SMTP id jo30so5876822qvb.3
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Fri, 17 Sep 2021 00:08:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
 bh=m5dRs9ot+oLusXG17IMnU/Vc8ufth68vbK5AjqJA17Y=;
 b=L22qIPrbdf65awAJpMLeh4BOIs0D3sfWLbWESr63jywNchVTqyBZevhlzmMzV8AWmW
 bKd3WihRSarqxfTUjlxVSmR5fbdwjOoiv5nf96LBwmuAXuus7KUHDH+HWemNokuQIFq5
 1kWTocyiKsRvwSkZVI010bltzFJQpHz5BK/qtfCusBw22G+wxrnbKaP/Y7eS9weOF2Gl
 KUjHPwSzDTchLcCC0CA/Z8wALtazPqh6BOKNXjsVTyxf5hhC/GdTEjuxjJ2ZcSsND68C
 ggk0b4haoGTrTJUn7mg5hYkMy8EPvqYZCKm1Kmw9bpGnr0HxITKeBAqvXKcR4yzMiisn
 uaLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to;
 bh=m5dRs9ot+oLusXG17IMnU/Vc8ufth68vbK5AjqJA17Y=;
 b=3RlKmSJBcE3038KcWr8y9M+7SQfi52QHW9KmCNnsWDJwArWMByxx9cFSMpHVhuecaZ
 Y8cWOeWH/khCt7nTI+ihYzIuS05PI34eeYZxLn5dcBxJCQ1or3NumKgQYrcAeKQsW4I0
 DQ9aM2ZpmrnlPALO2K9hK64AZqJTXmsDW+Rs7MkbxWyI9y5DpY8dnt4tPBcFoIqeVYo5
 uNxQaHJf0ZZ+bcnXoKv/Fu4DjHnbYeag13XG26JgDdLsWnJZTCBbF2h8jQhqidygGuKI
 yh8QFfHNtYKWicHNySpSNLfNS8kp2oW0RzLFqfB43k8pPzxu/G130mh9gVOrAxT9zPjN
 4eZg==
X-Gm-Message-State: AOAM530xNmrPlXpkus/hH2Qw5UstQzUBzGlk4Duu+fJV/y074HO7mwFB
 mAKNYoQTcxMG9nQ2c4zMF4KyUCfGH565m2ACl49fHyloYhI=
X-Google-Smtp-Source: ABdhPJyYe47UeJPjQb0vhjgDT8i+bFJ1YpxpLKx+9RHdH3YTHZ3UZPVqogDftBwllW+1ydRpdVTJO9ncJM8XrwdYaGQ=
X-Received: by 2002:a0c:f010:: with SMTP id z16mr9480880qvk.8.1631862479623;
 Fri, 17 Sep 2021 00:07:59 -0700 (PDT)
MIME-Version: 1.0
References: <CACHAfwcJrf8kc9+=2+ekjuPTPjW8T6qJS538QQ2DJedAn-XxKA@mail.gmail.com>
In-Reply-To: <CACHAfwcJrf8kc9+=2+ekjuPTPjW8T6qJS538QQ2DJedAn-XxKA@mail.gmail.com>
From: Riccardo Casatta <riccardo.casatta@gmail.com>
Date: Fri, 17 Sep 2021 09:07:48 +0200
Message-ID: <CADabwBB4jmwqyJAqfghWTGLiCHFYXset5ZvKB36Q2FkMomJCtQ@mail.gmail.com>
To: Giacomo Caironi <giacomo.caironi@gmail.com>, 
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000006b9a7f05cc2b973f"
X-Mailman-Approved-At: Fri, 17 Sep 2021 08:17:21 +0000
Subject: Re: [bitcoin-dev] Test cases for Taproot signature message
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 07:08:04 -0000

--0000000000006b9a7f05cc2b973f
Content-Type: text/plain; charset="UTF-8"

Hi Giacomo,

I wrote the rust implementation of bitcoin signature messages and to
double-check I created some test vectors you can see at
https://github.com/rust-bitcoin/rust-bitcoin/blob/b7f984972ad6cb4942827c2b7c401f590588cdcf/src/util/sighash.rs#L689-L799.
These vectors have been created printing intermediate results from
https://github.com/bitcoin/bitcoin/blob/6401de0133e32a641ed9e78a85b3aa337c75d190/test/functional/feature_taproot.py

Il giorno gio 16 set 2021 alle ore 23:40 Giacomo Caironi via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> ha scritto:

> Hi,
> recently I have worked on a python implementation of bitcoin signature
> messages, and I have found that there was way better documentation about
> Segwit signature message than Taproot.
>
> 1) Segwit signature message got its own BIP, completed with test cases
> regarding only that specific function; Taproot on the other hand has the
> signature message function defined in BIP 341 and the test vectors in a
> different BIP (341). This is confusing. Shouldn't we create a different BIP
> only for Taproot signature message exactly like Segwit?
>
> 2) The test vectors for Taproot have no documentation and, most
> importantly, they are not atomic, in the sense that they do not target a
> specific part of the taproot code but all of it. This may not be a very big
> problem, but for signature verification it is. Because there are hashes
> involved, we can't really debug why a signature message doesn't pass
> validation, either it is valid or it is not. BIP 143 in this case is really
> good, because it provides hash preimages, so it is possible to debug the
> function and see where something went wrong. Because of this, writing the
> Segwit signature hash function took a fraction of the time compared to
> Taproot.
>
> If this idea is accepted I will be more than happy to write the test cases
> for Taproot.
>
> BTW this is the first time I contribute to Bitcoin, let me know if I was
> rude or did something wrong. Moreover english is not my first language, so
> I apologize if I wrote something awful above
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>


-- 
Riccardo Casatta - @RCasatta <https://twitter.com/RCasatta>

--0000000000006b9a7f05cc2b973f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-size:small">Hi =
Giacomo,</div><div class=3D"gmail_default" style=3D"font-size:small"><br></=
div><div class=3D"gmail_default" style=3D"font-size:small">I wrote the rust=
 implementation of bitcoin signature messages and to double-check I created=
 some test vectors you can see at=C2=A0<a href=3D"https://github.com/rust-b=
itcoin/rust-bitcoin/blob/b7f984972ad6cb4942827c2b7c401f590588cdcf/src/util/=
sighash.rs#L689-L799">https://github.com/rust-bitcoin/rust-bitcoin/blob/b7f=
984972ad6cb4942827c2b7c401f590588cdcf/src/util/sighash.rs#L689-L799</a>. Th=
ese vectors have been created printing intermediate results from <a href=3D=
"https://github.com/bitcoin/bitcoin/blob/6401de0133e32a641ed9e78a85b3aa337c=
75d190/test/functional/feature_taproot.py">https://github.com/bitcoin/bitco=
in/blob/6401de0133e32a641ed9e78a85b3aa337c75d190/test/functional/feature_ta=
proot.py</a></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cla=
ss=3D"gmail_attr">Il giorno gio 16 set 2021 alle ore 23:40 Giacomo Caironi =
via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org=
">bitcoin-dev@lists.linuxfoundation.org</a>&gt; ha scritto:<br></div><block=
quote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1=
px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Hi,=C2=A0<div>=
recently I have worked on a python implementation of bitcoin signature mess=
ages, and I have found that there was way better documentation about Segwit=
 signature message than Taproot.</div><div><br></div><div>1) Segwit signatu=
re message got its own BIP, completed with test cases regarding only that s=
pecific function; Taproot on the other hand has the signature message funct=
ion defined in BIP 341 and the test vectors in a different BIP (341). This =
is confusing. Shouldn&#39;t we create a different BIP only for Taproot sign=
ature message exactly like Segwit?</div><div><br></div><div>2) The test vec=
tors for Taproot have no documentation and, most importantly, they are not =
atomic, in the sense that they do not target a specific part of the taproot=
 code but all of it. This may not be a very big problem, but for signature =
verification it is. Because there are hashes involved, we can&#39;t really =
debug why a signature message doesn&#39;t pass validation, either it is val=
id or it is not. BIP 143 in this case is really good, because it provides h=
ash preimages, so it is possible to debug the function and see where someth=
ing went wrong. Because of this, writing the Segwit signature hash function=
 took a fraction of the time compared to Taproot.</div><div><br></div><div>=
If this idea is accepted I will be more than happy to write the test cases =
for Taproot.</div><div><br></div><div>BTW this is the first time I contribu=
te to Bitcoin, let me know if I was rude or did something wrong. Moreover e=
nglish is not my first language, so I apologize if I wrote something awful =
above</div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div><br clear=3D"all"><div><br></div>-- <br><div dir=3D"ltr"=
 class=3D"gmail_signature"><div dir=3D"ltr">Riccardo Casatta - <a href=3D"h=
ttps://twitter.com/RCasatta" target=3D"_blank">@RCasatta</a></div></div>

--0000000000006b9a7f05cc2b973f--