joshdoman
diff --git a/‎README.md‎
Lines changed: 19 additions & 18 deletions b/‎README.md‎
Lines changed: 19 additions & 18 deletions
@@ -42,23 +42,19 @@ Finally, the enclave should be able to expose the master public key, so that use
 /// Trait to abstract the behavior of the bitcoin script verifier, allowing
 /// users to provide their own verifier.
 pub trait Verifier {
-    /// Verify a bitcoin script, mirroring the API of `bitcoinkernel::verify`.
+    /// Verify one or more scripts in a bitcoin transaction.
     ///
     /// # Arguments
-    /// * `script_pubkey` - The script public key to verify.
-    /// * `amount` - The amount of the input being spent.
-    /// * `tx_to` - The transaction containing the script.
-    /// * `input_index` - The index of the input to verify.
+    /// * `script_pubkeys` - The scriptPubKeys to verify (by index).
+    /// * `tx_to` - The transaction with emulated witness data.
     /// * `spent_outputs` - The outputs being spent by the transaction.
     ///
     /// # Errors
     /// Returns `Error` if verification fails.
     fn verify(
         &self,
-        script_pubkey: &[u8],
-        amount: Option<i64>,
+        script_pubkeys: &HashMap<usize, ScriptBuf>,
         tx_to: &[u8],
-        input_index: usize,
         spent_outputs: &[TxOut],
     ) -> Result<(), Error>;
 }
@@ -70,37 +66,42 @@ pub struct DefaultVerifier;
 ### Convert emulated transaction
 
 ```rust
-/// Verifies an emulated Bitcoin script and signs the corresponding transaction.
+/// Verifies emulated Bitcoin script and signs the corresponding transaction.
 ///
-/// This function performs script verification using bitcoinkernel, verifying an
-/// emulated P2TR input. If successful, it derives an XOnlyPublicKey from the
-/// parent key and the emulated merkle root, which is then tweaked with an optional
-/// backup merkle root to derive the actual spent UTXO, which is then key-path signed
-/// with `SIGHASH_DEFAULT`.
+/// This function performs script verification using a Verifier, which verifies one or
+/// more emulated P2TR inputs. If successful, it derives for each emulated input an
+/// XOnlyPublicKey from the parent key and the emulated merkle root, which is then tweaked
+/// with an optional backup merkle root to derive the input's actual spent UTXO. This is
+/// then key-path signed with `SIGHASH_DEFAULT`.
 ///
 /// If the emulated script-path spend includes a data-carrying annex (begins with 0x50
 /// followed by 0x00), the annex is included in the key-path spend. Otherwise, the annex
 /// is dropped.
 ///
+/// Non-emulated inputs are identified by the input type. An emulated input must be a
+/// P2TR script-path spend, with a derived scriptPubKey that does not match that of the
+/// actual spent output.
+///
+/// Each signature uses a unique `aux_rand` by hashing the provided `aux_rand` with the
+/// index of the input, using SHA256.
+///
 /// # Arguments
 /// * `verifier` - The verifier to use for script validation
-/// * `input_index` - Index of the input to verify and sign (0-based)
 /// * `emulated_tx_to` - Serialized transaction to verify and sign
 /// * `actual_spent_outputs` - Actual outputs being spent
 /// * `aux_rand` - Auxiliary random data for signing
 /// * `parent_key` - Parent secret key used to derive child key for signing
-/// * `backup_merkle_root` - Optional merkle root for backup script path spending
+/// * `backup_merkle_roots` - Optional merkle roots for backup script path spending
 ///
 /// # Errors
 /// Returns error if verification fails, key derivation fails, or signing fails
 pub fn verify_and_sign<V: Verifier>(
     verifier: &V,
-    input_index: usize,
     emulated_tx_to: &[u8],
     actual_spent_outputs: &[TxOut],
     aux_rand: &[u8; 32],
     parent_key: SecretKey,
-    backup_merkle_root: Option<TapNodeHash>,
+    backup_merkle_roots: HashMap<usize, TapNodeHash>,
 ) -> Result<Transaction, Error>;
 ```