BIP-352: sending: add step to fail if input privkeys sum a is zero

The test vector data was generated with a Python script (see bc15ea8d0f/contrib/silentpayments/submit_input_pubkeys_infinity_tx.py), leading to the following output: --------------------------------------------------------------------------------------------------------- Privkey 1: a6df6a0bb448992a301df4258e06a89fe7cf7146f59ac3bd5ff26083acb22ceb Privkey 2: 592095f44bb766d5cfe20bda71f9575ed2df6b9fb9addc7e5fdffe0923841456 Pubkey 1: 02557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975 Pubkey 2: 03557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975 scriptPubKey 1: 00149d9e24f9fab4e35bf1a6df4b46cb533296ac0792 scriptPubKey 2: 00149860538b5575962776ed0814ae222c7d60c72d7b Address 1: tb1qnk0zf706kn34hudxma95dj6nx2t2cpujz7j5t5 Address 2: tb1qnps98z64wktzwahdpq22ug3v04svwttm7gs8wn -> Funding tx submitted: 3a286147b25e16ae80aff406f2673c6e565418c40f45c071245cdebc8a94174e Taproot output address for spending tx: tb1pqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqkgkkf5 -> Spending tx submitted: fe788cf6578d547819def43d79e6c8f0153d4885f5a343d12bd03f34507aabd6 ---------------------------------------------------------------------------------------------------------
2025-10-27 14:09:10 +00:00 · 2024-06-22 01:18:37 +02:00 · 2024-06-22 01:18:37 +02:00 · 47033c62dc
commit 47033c62dc
parent 70a714372f
3 changed files with 50 additions and 1 deletions
--- a/bip-0352.mediawiki
+++ b/bip-0352.mediawiki
@ -302,6 +302,7 @@ After the inputs have been selected, the sender can create one or more outputs f
 * Collect the private keys for each input from the ''[[#inputs-for-shared-secret-derivation|Inputs For Shared Secret Derivation]]'' list
 * For each private key ''a<sub>i</sub>'' corresponding to a [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP341] taproot output, check that the private key produces a point with an even Y coordinate and negate the private key if not<ref name="why_negate_taproot_private_keys">'''Why do taproot private keys need to be checked?''' Recall from [https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki BIP340] that each X-only public key has two corresponding private keys, ''d'' and ''n - d''. To maintain parity between sender and receiver, it is necessary to use the private key corresponding to the even Y coordinate when performing the ECDH step since the receiver will assume the even Y coordinate when summing the taproot X-only public keys.</ref>
 * Let ''a = a<sub>1</sub> + a<sub>2</sub> + ... + a<sub>n</sub>'', where each ''a<sub>i</sub>'' has been negated if necessary
 ** If ''a = 0'', fail
 * Generate the ''input_hash'' with the smallest outpoint lexicographically and ''A = a·G'', using the method described above
 * Group receiver silent payment addresses by ''B<sub>scan</sub>'' (e.g. each group consists of one ''B<sub>scan</sub>'' and one or more ''B<sub>m</sub>'')
 * For each group:
--- a/bip-0352/reference.py
+++ b/bip-0352/reference.py
@ -127,6 +127,9 @@ def create_outputs(input_priv_keys: List[Tuple[ECKey, bool]], outpoints: List[CO
        negated_keys.append(k)
    a_sum = sum(negated_keys)
    if not a_sum.valid:
        # Input privkeys sum is zero -> fail
        return []
    input_hash = get_input_hash(outpoints, a_sum * G)
    silent_payment_groups: Dict[ECPubKey, List[ECPubKey]] = {}
    for recipient in recipients:
--- a/bip-0352/send_and_receive_test_vectors.json
+++ b/bip-0352/send_and_receive_test_vectors.json
@ -2669,5 +2669,50 @@
                }
            }
        ]
    },
    {
        "comment": "Input keys sum up to zero / point at infinity: sending fails, receiver skips tx",
        "sending": [
            {
                "given": {
                    "vin": [
                        {
                            "txid": "3a286147b25e16ae80aff406f2673c6e565418c40f45c071245cdebc8a94174e",
                            "vout": 0,
                            "scriptSig": "",
                            "txinwitness": "024730440220085003179ce1a3a88ce0069aa6ea045e140761ab88c22a26ae2a8cfe983a6e4602204a8a39940f0735c8a4424270ac8da65240c261ab3fda9272f6d6efbf9cfea366012102557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975",
                            "prevout": {
                                "scriptPubKey": {
                                    "hex": "00149d9e24f9fab4e35bf1a6df4b46cb533296ac0792"
                                }
                            },
                            "private_key": "a6df6a0bb448992a301df4258e06a89fe7cf7146f59ac3bd5ff26083acb22ceb"
                        },
                        {
                            "txid": "3a286147b25e16ae80aff406f2673c6e565418c40f45c071245cdebc8a94174e",
                            "vout": 1,
                            "scriptSig": "",
                            "txinwitness": "0247304402204586a68e1d97dd3c6928e3622799859f8c3b20c3c670cf654cc905c9be29fdb7022043fbcde1689f3f4045e8816caf6163624bd19e62e4565bc99f95c533e599782c012103557ef3e55b0a52489b4454c1169e06bdea43687a69c1f190eb50781644ab6975",
                            "prevout": {
                                "scriptPubKey": {
                                    "hex": "00149860538b5575962776ed0814ae222c7d60c72d7b"
                                }
                            },
                            "private_key": "592095f44bb766d5cfe20bda71f9575ed2df6b9fb9addc7e5fdffe0923841456"
                        }
                    ],
                    "recipients": [
                        "sp1qqtrqglu5g8kh6mfsg4qxa9wq0nv9cauwfwxw70984wkqnw2uwz0w2qnehen8a7wuhwk9tgrzjh8gwzc8q2dlekedec5djk0js9d3d7qhnq6lqj3s"
                    ]
                },
                "expected": {
                    "outputs": [
                        []
                    ]
                }
            }
        ],
        "receiving": [
        ]
    }
-]
+]