MIME-Version: 1.0
From: Giacomo Caironi <giacomo.caironi@gmail.com>
Date: Thu, 16 Sep 2021 23:36:48 +0200
Message-ID: <CACHAfwcJrf8kc9+=2+ekjuPTPjW8T6qJS538QQ2DJedAn-XxKA@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="0000000000005d9a8905cc239d24"
Subject: [bitcoin-dev] Test cases for Taproot signature message
Precedence: list

--0000000000005d9a8905cc239d24
Content-Type: text/plain; charset="UTF-8"

Hi,
recently I have worked on a python implementation of bitcoin signature
messages, and I have found that there was way better documentation about
Segwit signature message than Taproot.

1) Segwit signature message got its own BIP, completed with test cases
regarding only that specific function; Taproot on the other hand has the
signature message function defined in BIP 341 and the test vectors in a
different BIP (341). This is confusing. Shouldn't we create a different BIP
only for Taproot signature message exactly like Segwit?

2) The test vectors for Taproot have no documentation and, most
importantly, they are not atomic, in the sense that they do not target a
specific part of the taproot code but all of it. This may not be a very big
problem, but for signature verification it is. Because there are hashes
involved, we can't really debug why a signature message doesn't pass
validation, either it is valid or it is not. BIP 143 in this case is really
good, because it provides hash preimages, so it is possible to debug the
function and see where something went wrong. Because of this, writing the
Segwit signature hash function took a fraction of the time compared to
Taproot.

If this idea is accepted I will be more than happy to write the test cases
for Taproot.

BTW this is the first time I contribute to Bitcoin, let me know if I was
rude or did something wrong. Moreover english is not my first language, so
I apologize if I wrote something awful above

--0000000000005d9a8905cc239d24
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi,=C2=A0<div>recently I have worked on a python implement=
ation of bitcoin signature messages, and I have found that there was way be=
tter documentation about Segwit signature message than Taproot.</div><div><=
br></div><div>1) Segwit signature message got its own BIP, completed with t=
est cases regarding only that specific function; Taproot on the other hand =
has the signature message function defined in BIP 341 and the test vectors =
in a different BIP (341). This is confusing. Shouldn&#39;t we create a diff=
erent BIP only for Taproot signature message exactly like Segwit?</div><div=
><br></div><div>2) The test vectors for Taproot have no documentation and, =
most importantly, they are not atomic, in the sense that they do not target=
 a specific part of the taproot code but all of it. This may not be a very =
big problem, but for signature verification it is. Because there are hashes=
 involved, we can&#39;t really debug why a signature message doesn&#39;t pa=
ss validation, either it is valid or it is not. BIP 143 in this case is rea=
lly good, because it provides hash preimages, so it is possible to debug th=
e function and see where something went wrong. Because of this, writing the=
 Segwit signature hash function took a fraction of the time compared to Tap=
root.</div><div><br></div><div>If this idea is accepted I will be more than=
 happy to write the test cases for Taproot.</div><div><br></div><div>BTW th=
is is the first time I contribute to Bitcoin, let me know if I was rude or =
did something wrong. Moreover english is not my first language, so I apolog=
ize if I wrote something awful above</div></div>

--0000000000005d9a8905cc239d24--