Add low-level taproot helpers #3086
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
t-bast
reviewed
May 16, 2025
There was a problem hiding this comment.
I think there's a bit more work to do around taproot scripts and witnesses to make it cleaner by introducing better types and encapsulation of script trees and their corresponding witnesses. My main comment that requires more work is #3086 (comment), the rest is mostly nits for now.
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/channel/fsm/ErrorHandlers.scala
Outdated
Show resolved
Hide resolved
t-bast
reviewed
May 19, 2025
eclair-core/src/main/scala/fr/acinq/eclair/channel/Commitments.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/test/scala/fr/acinq/eclair/transactions/TransactionsSpec.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/test/scala/fr/acinq/eclair/transactions/TransactionsSpec.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/test/scala/fr/acinq/eclair/transactions/TransactionsSpec.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Scripts.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
eclair-core/src/main/scala/fr/acinq/eclair/transactions/Transactions.scala
Outdated
Show resolved
Hide resolved
|
Needs rebase! |
There are no functional changes, we just define a new format that is not used anywhere yet, with dummy "not implemented" blocks when needed.
We can create, sign, spend commit and htlc transactions for the new simple taproot channels commitment format. Wire messages and channel creation/update workflow have not been modified.
We only either single leaves or branches with 2 single leaves (a timeout and a success branch for example), having specific types for them makes to code easier to read.
sstone
force-pushed
the
add-taproot-helpers
branch
from
668da46 to
8fcc0f9
Compare
t-bast
reviewed
May 22, 2025
Comment on lines
243
to
246
| def assertWeightMatches(actualWeight: Int, expectedWeight: Int, commitmentFormat: CommitmentFormat): Unit = commitmentFormat match { | ||
| case DefaultCommitmentFormat | _: AnchorOutputsCommitmentFormat => assert(Math.abs(actualWeight - expectedWeight) < 20) | ||
| case SimpleTaprootChannelCommitmentFormat => assert(actualWeight == expectedWeight) | ||
| } |
There was a problem hiding this comment.
This unused function still hasn't been removed?
| val walletPriv = randomKey() | ||
| val walletPub = walletPriv.publicKey | ||
| val finalPubKeyScript = Script.write(Script.pay2wpkh(walletPub)) | ||
| val commitInput = Funding.makeFundingInputInfo(randomTxId(), 0, Btc(1), localFundingPriv.publicKey, remoteFundingPriv.publicKey, UnsafeLegacyAnchorOutputsCommitmentFormat) | ||
| // funding tx sends to musig2 aggregate of local and remote funding keys |
There was a problem hiding this comment.
This comment is wrong for non-taproot cases, we should probably just remove it?
| localPartialSig <- txInfo.partialSign(localFundingPriv, remoteFundingPriv.publicKey, Map.empty, LocalNonce(secretLocalNonce, publicLocalNonce), publicNonces) | ||
| remotePartialSig <- txInfo.partialSign(remoteFundingPriv, localFundingPriv.publicKey, Map.empty, LocalNonce(secretRemoteNonce, publicRemoteNonce), publicNonces) | ||
| _ = assert(txInfo.checkRemotePartialSignature(localFundingPriv.publicKey, remoteFundingPriv.publicKey, remotePartialSig, publicLocalNonce)) | ||
| invalidRemotePartialSig = remotePartialSig.copy(remotePartialSig.partialSig.reverse, remotePartialSig.nonce) |
There was a problem hiding this comment.
nit: this call to copy is a bit weird, you're not specifying what you're copying?
Suggested change
| invalidRemotePartialSig = remotePartialSig.copy(remotePartialSig.partialSig.reverse, remotePartialSig.nonce) | |
| invalidRemotePartialSig = remotePartialSig.copy(partialSig = remotePartialSig.partialSig.reverse) |
Or maybe:
Suggested change
| invalidRemotePartialSig = remotePartialSig.copy(remotePartialSig.partialSig.reverse, remotePartialSig.nonce) | |
| invalidRemotePartialSig = ChannelSpendSignature.PartialSignatureWithNonce(randomBytes32(), remotePartialSig.nonce) |
| @@ -148,6 +149,29 @@ object Transactions { | |||
| */ | |||
| case object ZeroFeeHtlcTxAnchorOutputsCommitmentFormat extends AnchorOutputsCommitmentFormat | |||
|
|
|||
| sealed trait TaprootCommitmentFormat extends CommitmentFormat | |||
|
|
|||
| case object SimpleTaprootChannelCommitmentFormat extends TaprootCommitmentFormat { | |||
There was a problem hiding this comment.
This should probably become a trait since we want two support a variation of the official commitment format where HTLC txs pay the same feerate as the commit tx, like what we do for anchor outputs (for mobile wallets until we're able to move to v3).
| @@ -183,8 +210,10 @@ object Transactions { | |||
| * @param leafHash hash of the leaf script we're spending (must belong to the tree). | |||
| */ | |||
| case class TaprootScriptPath(internalKey: XonlyPublicKey, scriptTree: ScriptTree, leafHash: ByteVector32) extends Taproot { | |||
| require(Option(scriptTree.findScript(KotlinUtils.scala2kmp(leafHash))).nonEmpty, "script tree must contain the provided leaf") | |||
| val redeemScript: ByteVector = KotlinUtils.kmp2scala(scriptTree.findScript(KotlinUtils.scala2kmp(leafHash)).getScript) | |||
| import KotlinUtils._ | |||
There was a problem hiding this comment.
We import KotlinUtils 11 times in this file, why not do it a single time for the whole file in the main imports?
| RedeemInfo.P2wsh(redeemScript) | ||
| case SimpleTaprootChannelCommitmentFormat => | ||
| val receivedHtlcTree = Taproot.receivedHtlcScriptTree(commitKeys, paymentHash, htlcExpiry) | ||
| RedeemInfo.TaprootScriptPath(commitKeys.revocationPublicKey.xOnly, receivedHtlcTree.scriptTree, KotlinUtils.kmp2scala(receivedHtlcTree.success.hash())) |
There was a problem hiding this comment.
nit: can remove the explicit KotlinUtils.kmp2scala if we import KotlinUtils at the file root. Same for other similar calls in this file.
Comment on lines
1368
to
1376
| case SimpleTaprootChannelCommitmentFormat => | ||
| if (toLocalAmount >= dustLimit || hasHtlcs) { | ||
| val redeemInfo = RedeemInfo.TaprootKeyPath(commitmentKeys.localDelayedPaymentPublicKey.xOnly, Some(Taproot.anchorScriptTree)) | ||
| outputs.append(ToLocalAnchor(TxOut(AnchorOutputsCommitmentFormat.anchorAmount, redeemInfo.pubkeyScript))) | ||
| } | ||
| if (toRemoteAmount >= dustLimit || hasHtlcs) { | ||
| val redeemInfo = RedeemInfo.TaprootKeyPath(commitmentKeys.remotePaymentPublicKey.xOnly, Some(Taproot.anchorScriptTree)) | ||
|
|
||
| outputs.append(ToRemoteAnchor(TxOut(AnchorOutputsCommitmentFormat.anchorAmount, redeemInfo.pubkeyScript))) |
There was a problem hiding this comment.
Can't we group AnchorOutputsCommitmentFormat and SimpleTaprootChannelCommitmentFormat? Most of the logic is the same, it's only the redeemInfo construction that changes, but we already have redeemInfo helpers exposed on the ClaimAnchorOutputTx?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We add a new commitment format for simple taproot channels, and implement creating and verifying musig2 and taproot signatures for these channels.
Wire format and channel creation/update workflows have not been modified, this will be done in another PR.