Silent Payments: Implement BIP352 #28122
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code Coverage & BenchmarksFor details see: https://corecheck.dev/bitcoin/bitcoin/pulls/28122. ReviewsSee the guideline for information on the review process. ConflictsReviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first. |
db0ab56 to
be049d2
Compare
be049d2 to
13529c9
Compare
13529c9 to
1d75df2
Compare
1d75df2 to
dc18efa
Compare
dc18efa to
fa00edf
Compare
thanks, fixed! |
fa00edf to
8ee791e
Compare
|
🚧 At least one of the CI tasks failed. HintsTry to run the tests locally, according to the documentation. However, a CI failure may still
Leave a comment here, if you need help tracking down a confusing failure. |
|
CI failure is due to the "test each commit" job not being able to handle a subtree merge commit. Ignoring for now; will look into fixing the CI job. |
Just add a dummy commit so the subtree merge is more than 6 deep :-) Anyway, if you have to rebase again in the future, can you go past #32948? That makes it easier for me to rebase my index PR. |
a4c84b9 to
d820cf6
Compare
d820cf6 to
fa06a4e
Compare
|
🚧 At least one of the CI tasks failed. HintsTry to run the tests locally, according to the documentation. However, a CI failure may still
Leave a comment here, if you need help tracking down a confusing failure. |
fa06a4e to
ea90948
Compare
1580e3b fuzz: add ConstructPubKeyBytes function (josibake) Pull request description: In bitcoin#28246 and bitcoin#28122 , we add a `PubKeyDestination` and a `V0SilentPaymentsDestination`. Both of these PRs update `fuzz/util.cpp` and need a way to create well-formed pubkeys. Currently in `fuzz/util.cpp`, we have some logic for creating pubkeys in the multisig data provider. This logic is duplicated in bitcoin#28246 and duplicated again in bitcoin#28122. Seems much better to have a `ConstructPubKeyBytes` function that both PRs (and any future work) can reuse. This PR introduces a function to do this and has the existing code use it. While the purpose is to introduce a utility function, the previous multisig code used `ConsumeIntegralInRange(4, 7)` which would have created some uncompressed pubkeys with the prefix 0x05, which is incorrect (see https://bitcoin.stackexchange.com/questions/57855/c-secp256k1-what-do-prefixes-0x06-and-0x07-in-an-uncompressed-public-key-signif) tldr; using `PickValueFromArray` is more correct as it limits to the set of defined prefixes for compressed and uncompressed pubkeys. ACKs for top commit: Sjors: ACK 1580e3b Tree-SHA512: c87c8bcd1f6b3a97ef772be93102efb912811c59f32211cfd531a116f1da8a57c8c6ff106b34f2a2b88d8b34fb5bc30d9f9ed6d2720113ffcaaa2f8d5dc9eb27
ea90948 to
61db69f
Compare
2b57d2ad89 docs: update README 5d2d4adabd ci: enable silentpayments module d6788a888c tests: add constant time tests 4c32ba9613 tests: add BIP-352 test vectors 183e5414f7 silentpayments: add benchmarks for scanning 288390446a silentpayments: add examples/silentpayments.c 250beff5d2 silentpayments: receiving f90d7a76b0 silentpayments: recipient label support 1a5f53f2cf silentpayments: sending ca2538a878 build: add skeleton for new silentpayments (BIP352) module git-subtree-dir: src/secp256k1 git-subtree-split: 2b57d2ad8964e536508fae0b6ab1331396fe0308
61db69f to
0220aad
Compare
Add a method for passing a KeyPair object to secp256k1 functions expecting a secp256k1_keypair. This allows for passing a KeyPair directly to a secp256k1 function without needing to create a temporary secp256k1_keypair object.
0220aad to
fc30f20
Compare
Wrap the silentpayments module from libsecp256k1. This is placed in common as it is intended to be used by: * RPCs: for parsing addresses * Wallet: for sending, receiving, spending silent payment outputs * Node: for creating silent payment indexes for light clients
Have `IsValidDestination` return false for silent payment destinations and set an error string when decoding a silent payment address. This prevents anyone from sending to a silent payment address before sending is implemented in the wallet, but also allows the functions to be used in the unit testing famework.
Use the test vectors to test sending and receiving. A few cases are not covered here, namely anything that requires testing specific to the wallet. For example: * Taproot script path spending is not tested, as that is better tested in a wallets coin selection / signing logic * Re-computing outputs during RBF is not tested, as that is better tested in a wallets RBF logic The unit tests are written in such a way that adding new test cases is as easy as updating the JSON file
fc30f20 to
832d767
Compare
This PR is part of integrating silent payments into Bitcoin Core. The project is tracked in #28536
Based on bitcoin-core/secp256k1#1698
BIP352
This PR focuses strictly on the BIP logic and attempts to separate it from the wallet and transaction implementation details. This is accomplished by working directly with public and private keys, instead of needing a wallet backend and transactions for testing. Labels for the receiver are optional and thus deferred for a later PR.
Test vectors from the BIP are included as unit tests.