taproot

Documentation

Index

• Variables
• func BuildDeadKey(proof []byte) []byte
• func NewDeadKey(random io.Reader) (key, proof []byte, err error)
• func TweakPrivateKey(privateKey, h []byte) ([]byte, error)
• func TweakPublicKey(publicKey, h []byte) (qPub []byte, hasOddY bool, err error)
• func VerifyDeadKey(key, proof []byte) error

Variables

var ErrDeadProofInvalid = errors.New("failed to validate proof of dead internal key")

Functions

func BuildDeadKey

func BuildDeadKey(proof []byte) []byte

BuildDeadKey generates a dead public key whose private key is provably unknown based on a given proof.

func NewDeadKey

func NewDeadKey(random io.Reader) (key, proof []byte, err error)

NewDeadKey generates a random dead key whose private key is provably unknown. Returns the schnorr-serialized public key and a proof that can be used to verify the public key indeed has no private key, using VerifyDeadKey.

func TweakPrivateKey

func TweakPrivateKey(privateKey, h []byte) ([]byte, error)

TweakPrivateKey derives a private key that commits to the given private key and the taproot commitment h.

For a given private/public key pair, and any commitment value h, it holds that the private key tweaked with h controls the public key tweaked with h.

func TweakPublicKey

func TweakPublicKey(publicKey, h []byte) (qPub []byte, hasOddY bool, err error)

TweakPublicKey derives a public key that commits to the given public key and the taproot commitment h.

func VerifyDeadKey

func VerifyDeadKey(key, proof []byte) error

VerifyDeadKey verifies the given dead public key was generated using proof. Runs in constant time.

If VerifyDeadKey returns nil, the given key is successfully proven to have been generated with H + rG, where G is the secp256k1 base point, r is the integer form of the proof, and H is a publicly known generator point whose coordinates were derived from SHA256(G).

If the proof fails to verify, VerifyDeadKey returns ErrDeadProofInvalid.