Skip to content

Commit

Permalink
Fix multisig taproot example's provable nonce calculation
Browse files Browse the repository at this point in the history
  • Loading branch information
junderw committed Jul 16, 2024
1 parent 5909559 commit c184a96
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions test/integration/taproot.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -777,15 +777,16 @@ function makeUnspendableInternalKey(provableNonce?: Buffer): Buffer {
);

if (provableNonce) {
// Using a shared random value, we create an unspendable internalKey
// P = H + int(hash_taptweak(provableNonce))*G
// Since we don't know H's private key (see explanation above), we can't know P's private key
if (provableNonce.length !== 32) {
throw new Error(
'provableNonce must be a 32 byte random value shared between script holders',
);
}
const ret = ecc.xOnlyPointAddTweak(Hx, provableNonce);
// Using a shared random value, we create an unspendable internalKey
// P = H + int(hash_taptweak(provableNonce))*G
// Since we don't know H's private key (see explanation above), we can't know P's private key
const tapHash = bitcoin.crypto.taggedHash('TapTweak', provableNonce);
const ret = ecc.xOnlyPointAddTweak(Hx, tapHash);
if (!ret) {
throw new Error(
'provableNonce produced an invalid key when tweaking the G hash',
Expand Down

0 comments on commit c184a96

Please sign in to comment.