Merge pull request #1453 from lightninglabs/proof-system-v2

Proof-system-v1

Author: Roasbeef

asset/asset.go

@@ -2164,3 +2164,52 @@ func FromAltLeaves(leaves []AltLeaf[Asset]) []*Asset {
 		return l.(*Asset)
 	})
 }
+
+// CollectSTXO returns the assets spent by the given output asset in the form of
+// a minimal assets that can be used to create an STXO commitment.
+func CollectSTXO(outAsset *Asset) ([]AltLeaf[Asset], error) {
+	// Genesis assets have no input asset, so they should have an empty
+	// STXO tree. Split leaves will also have a zero PrevID; we will use
+	// an empty STXO tree for them as well.
+	if !outAsset.IsTransferRoot() {
+		return nil, nil
+	}
+
+	// At this point, the asset must have at least one witness.
+	if len(outAsset.PrevWitnesses) == 0 {
+		return nil, fmt.Errorf("asset has no witnesses")
+	}
+
+	// We'll convert the PrevID of each witness into a minimal Asset, where
+	// the PrevID is the tweak for an un-spendable script key.
+	altLeaves := make([]*Asset, len(outAsset.PrevWitnesses))
+	for idx, wit := range outAsset.PrevWitnesses {
+		altLeaf, err := MakeSpentAsset(wit)
+		if err != nil {
+			return nil, fmt.Errorf("error collecting stxo for "+
+				"witness %d: %w", idx, err)
+		}
+
+		altLeaves[idx] = altLeaf
+	}
+
+	return ToAltLeaves(altLeaves), nil
+}
+
+// MakeSpentAsset creates an Alt Leaf with the minimal asset based on the PrevId
+// of the witness.
+func MakeSpentAsset(witness Witness) (*Asset, error) {
+	if witness.PrevID == nil {
+		return nil, fmt.Errorf("witness has no prevID")
+	}
+
+	prevIdKey := DeriveBurnKey(*witness.PrevID)
+	scriptKey := NewScriptKey(prevIdKey)
+
+	spentAsset, err := NewAltLeaf(scriptKey, ScriptV0)
+	if err != nil {
+		return nil, fmt.Errorf("error creating altLeaf: %w", err)
+	}
+
+	return spentAsset, nil
+}

itest/assertions.go

@@ -566,10 +566,12 @@ func AssertProofAltLeaves(t *testing.T, tapClient taprpc.TaprootAssetsClient,
 	// not. E.x. a passive asset created inside the freighter will not be
 	// anchored with any alt leaves.
 	altLeavesBytes := decodeResp.DecodedProof.AltLeaves
-	expectedAltLeaves, ok := leafMap[string(scriptKey)]
-	emptyAltLeaves := len(altLeavesBytes) == 0
+	expectedAltLeaves := leafMap[string(scriptKey)]
+	emptyAltLeaves := len(expectedAltLeaves) == 0
 
-	require.Equal(t, ok, !emptyAltLeaves)
+	// If we expect no alt leaves, there might be alt leaves in the proof,
+	// but that is from an asset that wasn't transferred just now. We don't
+	// need to check those alt leaves.
 	if emptyAltLeaves {
 		return
 	}

itest/psbt_test.go

@@ -656,6 +656,31 @@ func runPsbtInteractiveFullValueSendTest(ctxt context.Context, t *harnessTest,
 		)
 		require.NoError(t.t, err)
 
+		activeAsset, err := tappsbt.Decode(fundResp.FundedPsbt)
+		require.NoError(t.t, err)
+
+		// We expect stxo alt leaves as well, so we'll create those to
+		// use in an assertion comparison later.
+		var stxoAltLeaves []*asset.Asset
+		for _, output := range activeAsset.Outputs {
+			if !output.Asset.IsTransferRoot() {
+				continue
+			}
+
+			witnesses, err := output.PrevWitnesses()
+			require.NoError(t.t, err)
+			for _, wit := range witnesses {
+				altLeaf, err := asset.MakeSpentAsset(wit)
+				require.NoError(t.t, err)
+
+				stxoAltLeaves = append(stxoAltLeaves, altLeaf)
+			}
+		}
+		leafMap[string(receiverScriptKeyBytes)] = append(
+			leafMap[string(receiverScriptKeyBytes)],
+			stxoAltLeaves...,
+		)
+
 		numOutputs := 1
 		amounts := []uint64{fullAmt}
 		ConfirmAndAssertOutboundTransferWithOutputs(
@@ -2489,6 +2514,175 @@ func testPsbtTrustlessSwap(t *harnessTest) {
 	require.Equal(t.t, bobScriptKeyBytes, bobAssets.Assets[0].ScriptKey)
 }
 
+// testPsbtSTXOExclusionProofs tests that we can properly send normal assets
+// back and forth, using partial amounts, between nodes with the use of PSBTs,
+// and that we see the expected STXO exclusion proofs.
+func testPsbtSTXOExclusionProofs(t *harnessTest) {
+	// First, we'll make a normal asset with a bunch of units that we are
+	// going to send backand forth. We're also minting a passive asset that
+	// should remain where it is.
+	rpcAssets := MintAssetsConfirmBatch(
+		t.t, t.lndHarness.Miner().Client, t.tapd,
+		[]*mintrpc.MintAssetRequest{
+			simpleAssets[0],
+			// Our "passive" asset.
+			{
+				Asset: &mintrpc.MintAsset{
+					AssetType: taprpc.AssetType_NORMAL,
+					Name:      "itestbuxx-passive",
+					AssetMeta: &taprpc.AssetMeta{
+						Data: []byte("some metadata"),
+					},
+					Amount: 123,
+				},
+			},
+		},
+	)
+
+	ctxb := context.Background()
+	ctxt, cancel := context.WithTimeout(ctxb, defaultWaitTimeout)
+	defer cancel()
+
+	mintedAsset := rpcAssets[0]
+	genInfo := rpcAssets[0].AssetGenesis
+	var assetId asset.ID
+	copy(assetId[:], genInfo.AssetId)
+
+	// Now that we have the asset created, we'll make a new node that'll
+	// serve as the node which'll receive the assets.
+	bobLnd := t.lndHarness.NewNodeWithCoins("Bob", nil)
+	bob := setupTapdHarness(t.t, t, bobLnd, t.universeServer)
+	defer func() {
+		require.NoError(t.t, bob.stop(!*noDelete))
+	}()
+
+	alice := t.tapd
+
+	// We need to derive two keys, one for the new script key and
+	// one for the internal key.
+	bobScriptKey, bobAnchorIntKeyDesc := DeriveKeys(t.t, bob)
+
+	var id [32]byte
+	copy(id[:], genInfo.AssetId)
+	sendAmt := uint64(2400)
+
+	vPkt := tappsbt.ForInteractiveSend(
+		id, sendAmt, bobScriptKey, 0, 0, 0,
+		bobAnchorIntKeyDesc, asset.V0, chainParams,
+	)
+
+	// Next, we'll attempt to complete a transfer with PSBTs from
+	// alice to bob, using the partial amount.
+	fundResp := fundPacket(t, alice, vPkt)
+	signResp, err := alice.SignVirtualPsbt(
+		ctxt, &wrpc.SignVirtualPsbtRequest{
+			FundedPsbt: fundResp.FundedPsbt,
+		},
+	)
+	require.NoError(t.t, err)
+
+	// Now we'll attempt to complete the transfer.
+	sendResp, err := alice.AnchorVirtualPsbts(
+		ctxt, &wrpc.AnchorVirtualPsbtsRequest{
+			VirtualPsbts: [][]byte{signResp.SignedPsbt},
+		},
+	)
+	require.NoError(t.t, err)
+
+	numOutputs := 2
+	changeAmt := mintedAsset.Amount - sendAmt
+	ConfirmAndAssertOutboundTransferWithOutputs(
+		t.t, t.lndHarness.Miner().Client, alice, sendResp,
+		genInfo.AssetId, []uint64{changeAmt, sendAmt}, 0, 1, numOutputs,
+	)
+
+	// We want the proof of the change asset since that is the root asset.
+	aliceScriptKeyBytes := sendResp.Transfer.Outputs[0].ScriptKey
+	proofResp := exportProof(
+		t, alice, sendResp, aliceScriptKeyBytes, genInfo,
+	)
+	proofFile, err := proof.DecodeFile(proofResp.RawProofFile)
+	require.NoError(t.t, err)
+	require.Equal(t.t, proofFile.NumProofs(), 2)
+	latestProof, err := proofFile.LastProof()
+	require.NoError(t.t, err)
+
+	// This proof should contain the STXO exclusion proofs
+	stxoProofs := latestProof.ExclusionProofs[0].CommitmentProof.STXOProofs
+	require.NotNil(t.t, stxoProofs)
+
+	// We expect a single exclusion proof for the change output, which is
+	// the input asset that we spent which should not be committed to in the
+	// other anchor output.
+	outpoint, err := wire.NewOutPointFromString(
+		mintedAsset.ChainAnchor.AnchorOutpoint,
+	)
+	require.NoError(t.t, err)
+
+	prevId := asset.PrevID{
+		OutPoint:  *outpoint,
+		ID:        id,
+		ScriptKey: asset.SerializedKey(mintedAsset.ScriptKey),
+	}
+
+	prevIdKey := asset.DeriveBurnKey(prevId)
+	expectedScriptKey := asset.NewScriptKey(prevIdKey)
+
+	pubKey := expectedScriptKey.PubKey
+	identifier := asset.ToSerialized(pubKey)
+
+	require.Len(t.t, stxoProofs, 1)
+
+	// If we derive the identifier from the script key we expect of the
+	// minimal asset, it should yield a proof when used as a key for the
+	// stxoProofs.
+	require.NotNil(t.t, stxoProofs[identifier])
+
+	// Create the minimal asset for which we expect to see the STXO
+	// exclusion.
+	minAsset, err := asset.NewAltLeaf(expectedScriptKey, asset.ScriptV0)
+	require.NoError(t.t, err)
+
+	// We need to copy the base exclusion proof for each STXO because we'll
+	// modify it with the specific asset and taproot proofs.
+	stxoProof := stxoProofs[identifier]
+	stxoExclProof := proof.MakeSTXOProof(
+		latestProof.ExclusionProofs[0], &stxoProof,
+	)
+
+	// Derive the possible taproot keys assuming the exclusion proof is
+	// correct.
+	derivedKeys, err := stxoExclProof.DeriveByAssetExclusion(
+		minAsset.AssetCommitmentKey(),
+		minAsset.TapCommitmentKey(),
+	)
+	require.NoError(t.t, err)
+
+	// Extract the actual taproot key from the anchor tx.
+	expectedTaprootKey, err := proof.ExtractTaprootKey(
+		&latestProof.AnchorTx, stxoExclProof.OutputIndex,
+	)
+	require.NoError(t.t, err)
+	expectedKey := schnorr.SerializePubKey(expectedTaprootKey)
+
+	// Convert the derived (possible) keys into their schnorr serialized
+	// counterparts.
+	serializedKeys := make([][]byte, 0, len(derivedKeys))
+	for derivedKey := range derivedKeys {
+		serializedKeys = append(
+			serializedKeys, derivedKey.SchnorrSerialized(),
+		)
+	}
+
+	// The derived keys should contain the expected key.
+	require.Contains(t.t, serializedKeys, expectedKey)
+
+	// This is an interactive transfer, so we do need to manually
+	// send the proof from the sender to the receiver.
+	bobScriptKeyBytes := bobScriptKey.PubKey.SerializeCompressed()
+	sendProof(t, alice, bob, sendResp, bobScriptKeyBytes, genInfo)
+}
+
 // testPsbtExternalCommit tests the ability to fully customize the BTC level of
 // an asset transfer using a PSBT. This exercises the CommitVirtualPsbts and
 // PublishAndLogTransfer RPCs. The test case moves some assets into an output

itest/test_list_on_test.go

@@ -5,6 +5,10 @@ package itest
 import "github.com/lightninglabs/taproot-assets/proof"
 
 var testCases = []*testCase{
+	{
+		name: "psbt stxo exclusion proofs",
+		test: testPsbtSTXOExclusionProofs,
+	},
 	{
 		name: "mint assets",
 		test: testMintAssets,