It is no longer expected that SegWitV0 inputs have no witness-utxo field.
Reverting the order of checks avoids this assumption (while still relying on the mandatory lack of witness-utxo for legacy inputs).
Instead of implicitly detecting whether or not an OP_VAULT/OP_UNVAULT
spend is a recovery spend by scanning outputs for matching
scriptPubKeys, explicitly indicate recoveries by requiring a witness
stack element that is either -1 in the case of no recovery OR
corresponds to an output index that is the recovery output.
* initial commit
* fix formatting
* add importing section
* clarify csv preference
* tabs to spaces
* add rationale and references, require that rfc4180 is followed
* fix reference links
* show reference links as list
* use self describing json lines format instead of csv
* add bip number and accommodate 65 byte pubkeys
* fix comments uri
Includes:
* Simpler (but equivalent) ElligatorSwift encoding function & spec
* Improved test vectors
* Test vector generation code
* Code for converting test vectors for libsecp256k1 code.
* Code for running test vectors against SwiftEC paper authors' code.
* Miscellaneous reference code improvements (style, comments).
In contrast to taproot_output_script, taproot_sign_key was not able to deal with
a script_tree that is None. This commit fixes taproot_sign_key such that it can
sign for such outputs.
This commit avoids changing the behavior of the functions except
taproot_sign_key at the cost of having some code duplication. Alternatively, one
could let taproot_tree_helper deal with a None script_tree directly.
`lift_x` returns `None` if the input integer is not an X coordinate on the curve
to indicate failure. `point_add`, on the other hand, interprets `None` as the
point at infinity. Therefore, without this commit, if the internal `pubkey` is
not a valid X coordinate, the function will not fail, which contradicts the
specification in the "Script validation rules section". Instead, it sets `Q` to
`t*G`.
