feat(abstract-utxo): add support for taproot in descriptors testutils

OttoAllmendinger · OttoAllmendinger · commit 2717de05470f · 2025-01-22T17:07:47.000+01:00
TICKET: BTC-1786
diff --git a/modules/abstract-utxo/test/core/descriptor/descriptor.utils.ts b/modules/abstract-utxo/test/core/descriptor/descriptor.utils.ts
@@ -9,12 +9,37 @@ export function getDefaultXPubs(seed?: string): Triple<string> {
   return getKeyTriple(seed).map((k) => k.neutered().toBase58()) as Triple<string>;
 }
 
+export function getUnspendableKey(): string {
+  /*
+  https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#constructing-and-spending-taproot-outputs
+
+  ```
+  If one or more of the spending conditions consist of just a single key (after aggregation), the most likely one should
+  be made the internal key. If no such condition exists, it may be worthwhile adding one that consists of an aggregation
+  of all keys participating in all scripts combined; effectively adding an "everyone agrees" branch. If that is
+  inacceptable, pick as internal key a "Nothing Up My Sleeve" (NUMS) point, i.e., a point with unknown discrete
+  logarithm.
+
+  One example of such a point is H = lift_x(0x50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0) which is
+  constructed by taking the hash of the standard uncompressed encoding of the secp256k1 base point G as X coordinate.
+  In order to avoid leaking the information that key path spending is not possible it is recommended to pick a fresh
+  integer r in the range 0...n-1 uniformly at random and use H + rG as internal key. It is possible to prove that this
+  internal key does not have a known discrete logarithm with respect to G by revealing r to a verifier who can then
+  reconstruct how the internal key was created.
+  ```
+
+  We could do the random integer trick here, but for internal testing it is sufficient to use the fixed point.
+  */
+  return '50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0';
+}
+
 function toDescriptorMap(v: Record<string, string>): DescriptorMap {
   return new Map(Object.entries(v).map(([k, v]) => [k, Descriptor.fromString(v, 'derivable')]));
 }
 
 export type DescriptorTemplate =
   | 'Wsh2Of3'
+  | 'Tr2Of3-NoKeyPath'
   | 'Wsh2Of2'
   /*
    * This is a wrapped segwit 2of3 multisig that also uses a relative locktime with
@@ -30,21 +55,36 @@ function toXPub(k: BIP32Interface | string): string {
   return k.neutered().toBase58();
 }
 
-function multi(m: number, n: number, keys: BIP32Interface[] | string[], path: string): string {
+function multi(
+  prefix: 'multi' | 'multi_a',
+  m: number,
+  n: number,
+  keys: BIP32Interface[] | string[],
+  path: string
+): string {
   if (n < m) {
     throw new Error(`Cannot create ${m} of ${n} multisig`);
   }
   if (keys.length < n) {
     throw new Error(`Not enough keys for ${m} of ${n} multisig: keys.length=${keys.length}`);
   }
   keys = keys.slice(0, n);
-  return `multi(${m},${keys.map((k) => `${toXPub(k)}/${path}`).join(',')})`;
+  return prefix + `(${m},${keys.map((k) => `${toXPub(k)}/${path}`).join(',')})`;
+}
+
+function multiWsh(m: number, n: number, keys: BIP32Interface[] | string[], path: string): string {
+  return multi('multi', m, n, keys, path);
+}
+
+function multiTap(m: number, n: number, keys: BIP32Interface[] | string[], path: string): string {
+  return multi('multi_a', m, n, keys, path);
 }
 
 export function getPsbtParams(t: DescriptorTemplate): Partial<PsbtParams> {
   switch (t) {
     case 'Wsh2Of3':
     case 'Wsh2Of2':
+    case 'Tr2Of3-NoKeyPath':
       return {};
     case 'ShWsh2Of3CltvDrop':
       return { locktime: 1 };
@@ -58,13 +98,14 @@ export function getDescriptorString(
 ): string {
   switch (template) {
     case 'Wsh2Of3':
-      return `wsh(${multi(2, 3, keys, path)})`;
+      return `wsh(${multiWsh(2, 3, keys, path)})`;
     case 'ShWsh2Of3CltvDrop':
       const { locktime } = getPsbtParams(template);
-      return `sh(wsh(and_v(r:after(${locktime}),${multi(2, 3, keys, path)})))`;
-    case 'Wsh2Of2': {
-      return `wsh(${multi(2, 2, keys, path)})`;
-    }
+      return `sh(wsh(and_v(r:after(${locktime}),${multiWsh(2, 3, keys, path)})))`;
+    case 'Wsh2Of2':
+      return `wsh(${multiWsh(2, 2, keys, path)})`;
+    case 'Tr2Of3-NoKeyPath':
+      return `tr(${getUnspendableKey()},${multiTap(2, 3, keys, path)})`;
   }
   throw new Error(`Unknown descriptor template: ${template}`);
 }
