Make consensus checking of tweaks in pubkey.* Taproot-specific

That results in a much safer interface (making the tweak commit to the key implicitly using a fixed tag means it can't be used for unrelated tweaking).
2025-12-13 14:14:00 +01:00 · 2021-02-01 16:21:59 -08:00
parent a4bf84039c
commit 2fbfb1becb
3 changed files with 33 additions and 9 deletions
--- a/src/pubkey.h
+++ b/src/pubkey.h
@@ -236,7 +236,20 @@ public:
     * sigbytes must be exactly 64 bytes.
     */
    bool VerifySchnorr(const uint256& msg, Span<const unsigned char> sigbytes) const;
-    bool CheckPayToContract(const XOnlyPubKey& base, const uint256& hash, bool parity) const;
+
+    /** Compute the Taproot tweak as specified in BIP341, with *this as internal
+     * key:
+     *  - if merkle_root == nullptr: H_TapTweak(xonly_pubkey)
+     *  - otherwise:                 H_TapTweak(xonly_pubkey || *merkle_root)
+     *
+     * Note that the behavior of this function with merkle_root != nullptr is
+     * consensus critical.
+     */
+    uint256 ComputeTapTweakHash(const uint256* merkle_root) const;
+
+    /** Verify that this is a Taproot tweaked output point, against a specified internal key,
+     *  Merkle root, and parity. */
+    bool CheckTapTweak(const XOnlyPubKey& internal, const uint256& merkle_root, bool parity) const;

    const unsigned char& operator[](int pos) const { return *(m_keydata.begin() + pos); }
    const unsigned char* data() const { return m_keydata.begin(); }