From ff5703c7559237a224b9fe760544058bca766de7 Mon Sep 17 00:00:00 2001
From: Salvatore Ingala <6681844+bigspider@users.noreply.github.com>
Date: Sun, 22 Jun 2025 19:36:57 +0200
Subject: [PATCH] 443: fix some errors in the python pseudocode and a wrong
 reference.

---
 bip-0443.mediawiki | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/bip-0443.mediawiki b/bip-0443.mediawiki
index 86a6cf97..5acffdf8 100644
--- a/bip-0443.mediawiki
+++ b/bip-0443.mediawiki
@@ -100,7 +100,7 @@ exhaustive, as there are many more possible combinations.
 in the same transaction, or multiple times with the ''deduct'' logic. This prevents duplicate or inconsistent counting
 of the same amounts.
 
-'''Remark:''' it is allowed to check for multiple inputs to check the same output with the ''default'' logic. This
+'''Remark:''' it is allowed for multiple inputs to check the same output with the ''default'' logic. This
 allows multiple inputs to aggregate (in full or in part) their amounts to the same output.
 
 -----
@@ -176,7 +176,7 @@ would always be hard-coded via a push in the script, the risk of mistakes seems
 
 The following values of the other parameters have special meanings:
 * If the <code><taptree></code> is -1, it is replaced with the Merkle root of the current input's tapscript tree. If the taptree is the empty buffer, then the taptweak is skipped.
-* If the <code><pk></code> is 0, it is replaced with the NUMS x-only pubkey <code>0x50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0</code> defined in [[bip-0340.mediawiki|BIP-340]]. If the <code><pk></code> is -1, it is replaced with the taproot internal key of the current input.
+* If the <code><pk></code> is 0, it is replaced with the NUMS x-only pubkey <code>0x50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0</code> defined in [[bip-0341.mediawiki|BIP-341]]. If the <code><pk></code> is -1, it is replaced with the taproot internal key of the current input.
 * If the <code><index></code> is -1, it is replaced with the index of the current input.
 * If the <code><data></code> is the empty buffer, then there is no data tweak for the input/output being checked.
 
@@ -190,13 +190,17 @@ The specification is divided into three parts:
 * the input initialization;
 * the opcode evaluation.
 
-The following helper function is a version of <code>taproot_tweak_pubkey</code>, except that a raw 32-byte data is used
-as the tweak.
+The following helper function is a variant of <code>taproot_tweak_pubkey</code> from [[bip-0341.mediawiki|BIP341]],
+except that a regular SHA256-hash is used instead of a tagged hash, and the pubkey is returned unchanged if the length
+of <code>data</code> is 0.
 
 <source lang="python">
 def tweak_embed_data(pubkey, data):
     assert len(pubkey) == 32
 
+    if len(data) == 0:
+      return None, pubkey
+
     data_tweak = sha256(pubkey + data)
 
     t = int_from_bytes(data_tweak)
@@ -209,7 +213,7 @@ def tweak_embed_data(pubkey, data):
     return 0 if has_even_y(Q) else 1, bytes_from_int(x(Q))
 </source>
 
-The <code>taproot_tweak_pubkey</code> from [[bip-0341.mediawiki|BIP-341]] is also used as a helper function.
+The <code>taproot_tweak_pubkey</code> function is also used as a helper in the pseudocode below.
 
 The following notations are used in the pseudocode below:
 * <code>n_inputs</code> and <code>n_outputs</code> are the number of inputs and outputs of the transaction, respectively;