Before this commit it was not clear that non-native SegWit outputs
(e.g. P2PKH or P2SH-P2WPKH) only work if the correct scriptSig is
provided.
This then also makes it more clear why P2SH-P2WPKH outputs are NOT
supported by the "simple" variant.
This commit adds a table that clarifies what script types are compatible
with what signing variant and also makes more clear what the exact
format for the signatures of the different variants are.
Adds a warning to the "if no matches are found, stop" scanning
step. Without it, wallet developers may be tempted to apply policy
filtering (e.g. dust) before deciding to continue,
causing subsequent outputs for the same sender to be missed.
* Varops: Two BIPs for Script Restoration: varops calculations and tapleaf version (0xc2).
Special thanks to Murch for teaching me mediawiki, and so much great
formatting and clarity advice.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* script restoration: fix MUL cost to account to round up B to word boundary.
Julian points out that the implementation does this, which improves accuracy
for the case of small B (since the term is multiplied: for normal OP_ADD etc
we don't bother, since the difference is very bounded).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* BIP 440, 441: official numbers, into README.mediawiki and renamed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---------
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Julian points out that the implementation does this, which improves accuracy
for the case of small B (since the term is multiplied: for normal OP_ADD etc
we don't bother, since the difference is very bounded).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Special thanks to Murch for teaching me mediawiki, and so much great
formatting and clarity advice.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Ariard mentioned he would like to see a test case for a 64-byte transaction spending a Taproot
output with an annex. I took the opportunity to also make the output be an OP_RETURN with a 2-byte
push, as another semi-realistic transaction.
The test vectors were initially designed to maximally simple, which led to much redundancy. That was
probably too close to one extreme on the spectrum between simplicity and efficiency.
Here we shave off 20k lines by simply representing the header chains as a tree instead of list of
lists by duplicating all common headers.
This is a batch update to the tests vectors for the limit on legacy signature-checking operations
introduced in BIP 54, following feedack received on the Bitcoin Inquisition PR and from Chris
Stewart's implementation in Bitcoin-S.
The paragraph in its entirety is already unambiguous that all signature-checking operations
*present* in the Script (as opposed to *executed*) are counted. However i received feedback that the
"potentially executed" language in the first sentence of this paragraph may be confusing. This is
because it is in theory possible to have a more accurate upper bound by analyzing the possible
spending paths and use the maximum number of signature-checking operations in either to check
against the limit.
This commit rewords the first sentence to use the word "present" to be extra-clear before even
describing how the accounting is performed in later sentences.
* Add sp() output descriptor format for BIP352 Silent Payments
* Update headers and remove space after comma in descriptors
* Add label ranges with examples
* Update with assigned number and adjust preamble for BIP3
* BIP392: Add table entry to README
* Add two argument key expression form and remove birthday and label arguments
* Add BIP392 sp() descriptor to BIP380 script expressions table
* Add sp() descriptor to BIP390 allowed expressions and add musig() example to BIP392
* Add changelog and version header to BIP390
