Add support for taproot outputs to our "input info" class #2895
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sstone
force-pushed
the
input-info-taproot
branch
2 times, most recently
from
cf583ea to
8e147fb
Compare
remyers
reviewed
Sep 17, 2024
eclair-core/src/main/scala/fr/acinq/eclair/wire/internal/channel/version0/ChannelCodecs0.scala
Outdated
Show resolved
Hide resolved
sstone
force-pushed
the
input-info-taproot
branch
2 times, most recently
from
4163f0e to
e15cb29
Compare
sstone
force-pushed
the
input-info-taproot
branch
2 times, most recently
from
f83f006 to
bde8e07
Compare
sstone
force-pushed
the
input-info-taproot
branch
from
bde8e07 to
a35921c
Compare
|
This PR is now based on #2747 |
sstone
force-pushed
the
input-info-taproot
branch
from
a35921c to
d560a8c
Compare
This feature adds two new messages: - `closing_complete` sent after exchanging `shutdown` - `closing_sig` sent in response to `closing_complete`
The spec allows the closer to use an OP_RETURN output if their amount is too low when using `option_simple_close`.
We introduce a new `NEGOTIATING_SIMPLE` state where we exchange the `closing_complete` and `closing_sig` messages, and allow RBF-ing previous transactions and updating our closing script. We stay in that state until one of the transactions confirms, or a force close is detected. This is important to ensure we're able to correctly reconnect and negotiate RBF candidates. We keep this separate from the previous NEGOTIATING state to make it easier to remove support for the older mutual close protocols once we're confident the network has been upgraded.
Whenever one side sends `shutdown`, we restart a signing round from scratch. To be compatible with future taproot channels, we require the receiver to also send `shutdown` before moving on to exchanging `closing_complete` and `closing_sig`. This will give nodes a message to exchange fresh musig2 nonces before producing signatures. On reconnection, we also restart a signing session from scratch and discard pending partial signatures.
Whenever we exchange `shutdown`, we now require that new closing txs are signed before allowing another `shutdown` message to be sent to start a new signing round. This creates more risk of deadlock when one side fails to send their sigs, where we'll need to disconnect to start a new signing round. But that shouldn't happen if nodes are honest and not buggy, so it probably doesn't matter. If nodes are buggy or malicious, we will need to force-close anyway.
Our InputInfo class contains a tx output and the matching redeem script, which is enough to spend segwit v0 transactions. For taproot transactions, instead of a redeem script, we need a script tree instead, and the appropriate internal pubkey.
Co-authored-by: Pierre-Marie Padiou <[email protected]>
sstone
force-pushed
the
input-info-taproot
branch
from
d560a8c to
154235d
Compare
t-bast
reviewed
Jan 3, 2025
|
|
||
| def checkSig(sig: ByteVector64, pubKey: PublicKey, txOwner: TxOwner, commitmentFormat: CommitmentFormat): Boolean = { | ||
| val sighash = this.sighash(txOwner, commitmentFormat) | ||
| val data = Transaction.hashForSigning(tx, inputIndex = 0, input.redeemScript, sighash, input.txOut.amount, SIGVERSION_WITNESS_V0) |
There was a problem hiding this comment.
I'm wondering why we hardcode inputIndex = 0 here: we have access to the InputInfo so it would be more future-proof to do:
tx.txIn.zipWithIndex.find(_._1.outPoint == input.outPoint) match {
case Some((_, inputIndex)) =>
val data = Transaction.hashForSigning(tx, inputIndex, input.redeemScript, sighash(txOwner, commitmentFormat), input.txOut.amount, SIGVERSION_WITNESS_V0)
Crypto.verifySignature(data, sig, pubKey)
case None => false
}| @@ -944,15 +960,13 @@ object Transactions { | |||
| sig64 | |||
| } | |||
|
|
|||
| def sign(txinfo: TransactionWithInputInfo, key: PrivateKey, sighashType: Int): ByteVector64 = { | |||
| private def sign(txinfo: TransactionWithInputInfo, key: PrivateKey, sighashType: Int): ByteVector64 = { | |||
There was a problem hiding this comment.
Shouldn't we completely remove this function in favor of the method in TransactionWithInputInfo?
| val publicKeyScript: ByteVector = Script.write(Script.pay2tr(internalKey, Some(scriptTree))) | ||
| } | ||
|
|
||
| case class InputInfo(outPoint: OutPoint, txOut: TxOut, redeemScriptOrScriptTree: Either[ByteVector, ScriptTreeAndInternalKey]) { |
There was a problem hiding this comment.
Having a redeemScriptOrScriptTree is a code smell: we should instead change InputInfo to be a sealed trait, with two types of concrete children: SegwitInput (the current one that contains a redeem script) and TaprootInput (which contains the internal key and the script tree).
This will require more work on the codecs side, but I think the strategy should be to introduce channel codecs v5 for taproot: it is a good opportunity to clean-up codecs (especially after all the iterations required for dual funding and splicing) and start with clean taproot-ready codecs (since we can assume that all versions before v5 use non-taproot channels).
In this current PR, you would simply change the v4 codecs to cast InputInfo to its concrete SegwitInput and let it fail on TaprootInput instances (which can't happen since taproot channels aren't yet implemented). And the later PRs will introduce codecs v5 with support for encoding/decoding a TaprootInput. WDYT?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a preparation PR for simple taproot channels, which extends
InputInfoto support spending taproot outputs (to spend v0 outputs we need a redeem script, but to spend v1 taproot output we need a script tree and an internal public key).Changes are generic (i.e. not tied to specific details of the simple taproot channels extension proposal).