Merge ElementsProject#33: Update rust-miniscript to 8fcbeb1 (right before bitcoin 0.29 update)

5093ba4 fix some CI things (Andrew Poelstra)
a45342f remove crate pinning for dev-dependencies (Andrew Poelstra)
c6d89cd Pin dependencies when using MSRV (Tobin C. Harding)
15b57cd Remove TOOLCHAIN (Tobin C. Harding)
3bfb938 Disable honggfuzz features (Tobin C. Harding)
cd8da9e Pin serde to 1.0.142 (sanket1729)
88b1f53 Add feature "seder" (Tobin C. Harding)
2ad6555 Rename "derive" things that are not doing derivation (LLFourn)
6dc6aca Make DerivedDescriptorKey first-class citizen (LLFourn)
d02c313 Explicitly do not support 16 bit architectures (Tobin C. Harding)
edf7587 Remove ToPublicKey bound for max_satisfaction_weight (eunoia_1729)
4ccd4f7 Add support for string images in ripemd160 and hash160 (kanishk779)
905c5dc Rename Pk::Hash to Pk::RawPkHash (sanket1729)
5d36f9b Add Hash256 associated type (sanket1729)
e22b081 Add Hash256 type (sanket1729)
169d849 Add policy to descriptor target compilation method (Aman Rojjha)
ab79593 Use DescError instead of miniscript::Error (kanishk779)
b446ced Add support for writing integration tests that fail (kanishk779)
ef4249d Add taproot compiler example usage (Aman Rojjha)
cef2a5b Add Tr-compiler write-up and doc-comment (Aman Rojjha)
5233c66 Add Taproot compiler API (Aman Rojjha)
8d0cf06 Remove `ForEach` Trait (Aman Rojjha)
5cb2bcf Refactor PkH to include key. (Aman Rojjha)
09299b0 Refactor ForEach to contain only Pk. (Aman Rojjha)
701c9cc Remove un-necessary lifetimes (Aman Rojjha)
ca16bd8 Fix formatter configuration errors with latest nightly (sanket1729)

Pull request description:

  This is already a nontrivial amount of work which needs to be done prior to updating rust-bitcoin and rust-elements.

  I think, before doing the next step, we should port the new `Locktime` and `Sequence` data structures from rust-bitcoin to rust-elements, and do a rust-elements 0.21 release. That way we can keep all the elements-miniscript code consistent with the rust-miniscript code (which very heavily makes use of locktimes).

ACKs for top commit:
  sanket1729:
    ACK 5093ba4. Seemed simpler to review the entire diff at once. Carefully looked at changes touching elements specific things, skimmed through other changes.

Tree-SHA512: fe4bfb824961f3ce5387d2df4057a3bc7e71acf1f22301409a813448f9c3b16db63acf5b3a6420ae9156f21e8ce59cda1cc9adc433860fbfa7381a028852d4ed

Author: sanket1729

Cargo.toml

@@ -11,24 +11,23 @@ edition = "2018"
 compiler = []
 trace = []
 unstable = []
-default = []
-use-serde = ["bitcoin/use-serde", "serde"]
+serde = ["actual-serde", "bitcoin/use-serde"]
 rand = ["bitcoin/rand"]
 
 [dependencies]
 bitcoin = "0.28.1"
 elements = "0.19.0"
-bitcoin-miniscript = {package = "miniscript", git = "https://github.com/rust-bitcoin/rust-miniscript", rev = "44c0e4b8df30439bb22b13a0ee642a3330360613"}
+bitcoin-miniscript = {package = "miniscript", git = "https://github.com/rust-bitcoin/rust-miniscript", rev = "c7c39f1e9d1b8da9e2c9318a61fb508553619e6c"}
+
+# Do NOT use this as a feature! Use the `serde` feature instead.
+actual-serde = { package = "serde", version = "1.0", optional = true }
+
 
 [dev-dependencies]
-serde_json = "<=1.0.44"
-ryu = "<1.0.5"
+serde_json = "1.0"
 elementsd = {version = "0.5.0", features=["0_21_0","bitcoind_22_0"]}
 actual-rand = { package = "rand", version = "0.8.4"}
-
-[dependencies.serde]
-version = "1.0"
-optional = true
+secp256k1 = {version = "0.22.1", features = ["rand-std"]}
 
 [[example]]
 name = "htlc"
@@ -45,3 +44,7 @@ name = "verify_tx"
 
 [[example]]
 name = "xpub_descriptors"
+
+[[example]]
+name = "taproot"
+required-features = ["compiler"]

README.md

@@ -34,6 +34,14 @@ or in [the `examples/` directory](https://github.com/ElementsProject/elements-mi
 This library should always compile with any combination of features on **Rust 1.41.1**.
 
 
+Some dependencies do not play nicely with our MSRV, if you are running the tests
+you may need to pin as follows:
+
+```
+cargo update --package url --precise 2.2.2
+cargo update --package form_urlencoded --precise 1.0.1
+```
+
 ## Contributing
 Contributions are generally welcome. If you intend to make larger changes please
 discuss them in an issue before PRing them to avoid duplicate work and

contrib/test.sh

@@ -2,16 +2,21 @@
 
 set -e
 
-FEATURES="compiler use-serde rand"
+FEATURES="compiler serde rand"
+
+cargo update -p serde --precise 1.0.142
+cargo update -p serde_derive --precise 1.0.142
 
 cargo --version
 rustc --version
 
+# Work out if we are using a nightly toolchain.
 MSRV=false
 if cargo --version | grep "1\.41\.0"; then
     MSRV=true
 fi
 
+# form_urlencoded 1.1.0 breaks MSRV.
 if [ "$MSRV" = true ]; then
     cargo update -p url --precise 2.2.2
     cargo update -p form_urlencoded --precise 1.0.1
@@ -57,6 +62,7 @@ then
     cargo run --example sign_multisig
     cargo run --example verify_tx > /dev/null
     cargo run --example xpub_descriptors
+    cargo run --example taproot --features=compiler
 fi
 
 # Bench if told to (this only works with the nightly toolchain)

doc/Tr Compiler.pdf

@@ -0,0 +1,159 @@
+extern crate elements_miniscript as miniscript;
+
+use std::collections::HashMap;
+use std::str::FromStr;
+
+use bitcoin::hashes::{hash160, ripemd160, sha256};
+use bitcoin::util::address::WitnessVersion;
+use miniscript::descriptor::DescriptorType;
+use miniscript::policy::Concrete;
+use miniscript::{hash256, Descriptor, Miniscript, NoExt, Tap, TranslatePk, Translator};
+use secp256k1::{rand, KeyPair};
+
+// Refer to https://github.com/sanket1729/adv_btc_workshop/blob/master/workshop.md#creating-a-taproot-descriptor
+// for a detailed explanation of the policy and it's compilation
+
+struct StrPkTranslator {
+    pk_map: HashMap<String, bitcoin::XOnlyPublicKey>,
+}
+
+impl Translator<String, bitcoin::XOnlyPublicKey, ()> for StrPkTranslator {
+    fn pk(&mut self, pk: &String) -> Result<bitcoin::XOnlyPublicKey, ()> {
+        self.pk_map.get(pk).copied().ok_or(())
+    }
+
+    fn pkh(&mut self, _pkh: &String) -> Result<hash160::Hash, ()> {
+        unreachable!("Policy doesn't contain any pkh fragment");
+    }
+
+    fn sha256(&mut self, _sha256: &String) -> Result<sha256::Hash, ()> {
+        unreachable!("Policy does not contain any sha256 fragment");
+    }
+
+    fn hash256(&mut self, _sha256: &String) -> Result<hash256::Hash, ()> {
+        unreachable!("Policy does not contain any hash256 fragment");
+    }
+
+    fn ripemd160(&mut self, _ripemd160: &String) -> Result<ripemd160::Hash, ()> {
+        unreachable!("Policy does not contain any ripemd160 fragment");
+    }
+
+    fn hash160(&mut self, _hash160: &String) -> Result<hash160::Hash, ()> {
+        unreachable!("Policy does not contain any hash160 fragment");
+    }
+}
+
+fn main() {
+    let pol_str = "or(
+        99@thresh(2,
+            pk(hA), pk(S)
+        ),1@or(
+            99@pk(Ca),
+            1@and(pk(In), older(9))
+            )
+        )"
+    .replace(&[' ', '\n', '\t'][..], "");
+
+    let _ms = Miniscript::<String, Tap>::from_str("and_v(v:ripemd160(H),pk(A))").unwrap();
+    let pol: Concrete<String> = Concrete::from_str(&pol_str).unwrap();
+    // In case we can't find an internal key for the given policy, we set the internal key to
+    // a random pubkey as specified by BIP341 (which are *unspendable* by any party :p)
+    let desc = pol.compile_tr(Some("UNSPENDABLE_KEY".to_string())).unwrap();
+
+    let expected_desc =
+        Descriptor::<String, _>::from_str("eltr(Ca,{and_v(v:pk(In),older(9)),multi_a(2,hA,S)})")
+            .unwrap();
+    assert_eq!(desc, expected_desc);
+
+    // Check whether the descriptors are safe.
+    assert!(desc.sanity_check().is_ok());
+
+    // Descriptor Type and Version should match respectively for Taproot
+    let desc_type = desc.desc_type();
+    assert_eq!(desc_type, DescriptorType::Tr);
+    assert_eq!(desc_type.segwit_version().unwrap(), WitnessVersion::V1);
+
+    if let Descriptor::Tr(ref p) = desc {
+        // Check if internal key is correctly inferred as Ca
+        // assert_eq!(p.internal_key(), &pubkeys[2]);
+        assert_eq!(p.internal_key(), "Ca");
+
+        // Iterate through scripts
+        let mut iter = p.iter_scripts();
+        assert_eq!(
+            iter.next().unwrap(),
+            (
+                1,
+                &Miniscript::<String, Tap, NoExt>::from_str("and_v(vc:pk_k(In),older(9))").unwrap()
+            )
+        );
+        assert_eq!(
+            iter.next().unwrap(),
+            (
+                1,
+                &Miniscript::<String, Tap, NoExt>::from_str("multi_a(2,hA,S)").unwrap()
+            )
+        );
+        assert_eq!(iter.next(), None);
+    }
+
+    let mut pk_map = HashMap::new();
+
+    // We require secp for generating a random XOnlyPublicKey
+    let secp = secp256k1::Secp256k1::new();
+    let key_pair = KeyPair::new(&secp, &mut rand::thread_rng());
+    // Random unspendable XOnlyPublicKey provided for compilation to Taproot Descriptor
+    let unspendable_pubkey = bitcoin::XOnlyPublicKey::from_keypair(&key_pair);
+
+    pk_map.insert("UNSPENDABLE_KEY".to_string(), unspendable_pubkey);
+    let pubkeys = hardcoded_xonlypubkeys();
+    pk_map.insert("hA".to_string(), pubkeys[0]);
+    pk_map.insert("S".to_string(), pubkeys[1]);
+    pk_map.insert("Ca".to_string(), pubkeys[2]);
+    pk_map.insert("In".to_string(), pubkeys[3]);
+    let mut t = StrPkTranslator { pk_map };
+
+    let real_desc = desc.translate_pk(&mut t).unwrap();
+
+    // Max Satisfaction Weight for compilation, corresponding to the script-path spend
+    // `multi_a(2,PUBKEY_1,PUBKEY_2) at taptree depth 1, having
+    // Max Witness Size = scriptSig len + control_block size + varint(script_size) + script_size +
+    //                     varint(max satisfaction elements) + max satisfaction size
+    //                  = 4 + 65 + 1 + 70 + 1 + 132
+    let max_sat_wt = real_desc.max_satisfaction_weight().unwrap();
+    assert_eq!(max_sat_wt, 273);
+
+    // Compute the bitcoin address and check if it matches
+    let addr = real_desc.address(&elements::AddressParams::ELEMENTS).unwrap();
+    let expected_addr = elements::Address::from_str(
+        "ert1pxx6wkfdnnx97akwws8l8xdmx5n03qftvx2t269k4sn9adm2emz0sdnytn4",
+    )
+    .unwrap();
+    assert_eq!(addr, expected_addr);
+}
+
+fn hardcoded_xonlypubkeys() -> Vec<bitcoin::XOnlyPublicKey> {
+    let serialized_keys: [[u8; 32]; 4] = [
+        [
+            22, 37, 41, 4, 57, 254, 191, 38, 14, 184, 200, 133, 111, 226, 145, 183, 245, 112, 100,
+            42, 69, 210, 146, 60, 179, 170, 174, 247, 231, 224, 221, 52,
+        ],
+        [
+            194, 16, 47, 19, 231, 1, 0, 143, 203, 11, 35, 148, 101, 75, 200, 15, 14, 54, 222, 208,
+            31, 205, 191, 215, 80, 69, 214, 126, 10, 124, 107, 154,
+        ],
+        [
+            202, 56, 167, 245, 51, 10, 193, 145, 213, 151, 66, 122, 208, 43, 10, 17, 17, 153, 170,
+            29, 89, 133, 223, 134, 220, 212, 166, 138, 2, 152, 122, 16,
+        ],
+        [
+            50, 23, 194, 4, 213, 55, 42, 210, 67, 101, 23, 3, 195, 228, 31, 70, 127, 79, 21, 188,
+            168, 39, 134, 58, 19, 181, 3, 63, 235, 103, 155, 213,
+        ],
+    ];
+    let mut keys: Vec<bitcoin::XOnlyPublicKey> = vec![];
+    for idx in 0..4 {
+        keys.push(bitcoin::XOnlyPublicKey::from_slice(&serialized_keys[idx][..]).unwrap());
+    }
+    keys
+}

examples/taproot.rs

@@ -21,7 +21,7 @@ use std::str::FromStr;
 use elements::Address;
 
 use crate::miniscript::elements::secp256k1_zkp::{Secp256k1, Verification};
-use crate::miniscript::{Descriptor, DescriptorPublicKey};
+use crate::miniscript::{DefiniteDescriptorKey, Descriptor, DescriptorPublicKey};
 
 const XPUB_1: &str = "xpub661MyMwAqRbcFW31YEwpkMuc5THy2PSt5bDMsktWQcFF8syAmRUapSCGu8ED9W6oDMSgv6Zz8idoc4a6mr8BDzTJY47LJhkJ8UB7WEGuduB";
 const XPUB_2: &str = "xpub69H7F5d8KSRgmmdJg2KhpAK8SR3DjMwAdkxj3ZuxV27CprR9LgpeyGmXUbC6wb7ERfvrnKZjXoUmmDznezpbZb7ap6r1D3tgFxHmwMkQTPH";
@@ -43,9 +43,9 @@ fn p2wsh<C: Verification>(secp: &Secp256k1<C>) -> Address {
     let s = format!("elwsh(sortedmulti(1,{},{}))", XPUB_1, XPUB_2);
     // let s = format!("wsh(sortedmulti(1,{},{}))", XPUB_2, XPUB_1);
 
-    let address = Descriptor::<DescriptorPublicKey>::from_str(&s)
+    let address = Descriptor::<DefiniteDescriptorKey>::from_str(&s)
         .unwrap()
-        .derived_descriptor(&secp, 0) // dummy index value if it not a wildcard
+        .derived_descriptor(&secp)
         .unwrap()
         .address(&elements::AddressParams::ELEMENTS)
         .unwrap();
@@ -68,7 +68,8 @@ fn p2sh_p2wsh<C: Verification>(secp: &Secp256k1<C>) -> Address {
 
     let address = Descriptor::<DescriptorPublicKey>::from_str(&s)
         .unwrap()
-        .derived_descriptor(secp, 5)
+        .at_derivation_index(5)
+        .derived_descriptor(secp)
         .unwrap()
         .address(&elements::AddressParams::ELEMENTS)
         .unwrap();

examples/xpub_descriptors.rs

@@ -12,7 +12,7 @@ afl_fuzz = ["afl"]
 honggfuzz_fuzz = ["honggfuzz"]
 
 [dependencies]
-honggfuzz = { version = "0.5", optional = true, default-features = false }
+honggfuzz = { version = "0.5", default-features = false, optional = true }
 afl = { version = "0.8", optional = true }
 regex = { version = "1.4"}
 elements-miniscript = { path = "..", features = ["compiler"] }

fuzz/Cargo.toml

@@ -16,7 +16,6 @@ format_code_in_doc_comments = false
 comment_width = 80
 normalize_comments = false
 normalize_doc_attributes = false
-license_template_path = ""
 format_strings = false
 format_macro_matchers = false
 format_macro_bodies = true
@@ -53,7 +52,7 @@ trailing_comma = "Vertical"
 match_block_trailing_comma = false
 blank_lines_upper_bound = 1
 blank_lines_lower_bound = 0
-edition = "2015"
+edition = "2018"
 version = "One"
 inline_attribute_width = 0
 format_generated_files = true
@@ -63,15 +62,12 @@ use_field_init_shorthand = false
 force_explicit_abi = true
 condense_wildcard_suffixes = false
 color = "Auto"
-required_version = "1.4.38"
 unstable_features = false
 disable_all_formatting = false
 skip_children = false
 hide_parse_errors = false
 error_on_line_overflow = false
 error_on_unformatted = false
-report_todo = "Never"
-report_fixme = "Never"
 ignore = []
 emit_mode = "Files"
 make_backup = false

rustfmt.toml

@@ -29,7 +29,7 @@ use crate::miniscript::context::ScriptContext;
 use crate::policy::{semantic, Liftable};
 use crate::util::{varint_len, witness_to_scriptsig};
 use crate::{
-    elementssig_to_rawsig, BareCtx, Error, ForEach, ForEachKey, Miniscript, MiniscriptKey,
+    elementssig_to_rawsig, BareCtx, Error, ForEachKey, Miniscript, MiniscriptKey,
     Satisfier, ToPublicKey, TranslatePk, Translator,
 };
 
@@ -172,10 +172,10 @@ impl_from_str!(
 );
 
 impl<Pk: MiniscriptKey> ForEachKey<Pk> for Bare<Pk> {
-    fn for_each_key<'a, F: FnMut(ForEach<'a, Pk>) -> bool>(&'a self, pred: F) -> bool
+    fn for_each_key<'a, F: FnMut(&'a Pk) -> bool>(&'a self, pred: F) -> bool
     where
         Pk: 'a,
-        Pk::Hash: 'a,
+        Pk::RawPkHash: 'a,
     {
         self.ms.for_each_key(pred)
     }
@@ -338,12 +338,12 @@ impl_from_str!(
 );
 
 impl<Pk: MiniscriptKey> ForEachKey<Pk> for Pkh<Pk> {
-    fn for_each_key<'a, F: FnMut(ForEach<'a, Pk>) -> bool>(&'a self, mut pred: F) -> bool
+    fn for_each_key<'a, F: FnMut(&'a Pk) -> bool>(&'a self, mut pred: F) -> bool
     where
         Pk: 'a,
-        Pk::Hash: 'a,
+        Pk::RawPkHash: 'a,
     {
-        pred(ForEach::Key(&self.pk))
+        pred(&self.pk)
     }
 }
 

src/descriptor/bare.rs

@@ -59,7 +59,7 @@ use crate::miniscript::limits::{
 use crate::miniscript::{decode, types};
 use crate::util::varint_len;
 use crate::{
-    Error, ExtTranslator, Extension, ForEach, ForEachKey, Miniscript, MiniscriptKey, Satisfier,
+    Error, ExtTranslator, Extension, ForEachKey, Miniscript, MiniscriptKey, Satisfier,
     ScriptContext, Segwitv0, ToPublicKey, TranslateExt, TranslatePk, Translator,
 };
 
@@ -457,12 +457,12 @@ where
 }
 
 impl<Pk: MiniscriptKey, Ext: Extension> ForEachKey<Pk> for LegacyCSFSCov<Pk, Ext> {
-    fn for_each_key<'a, F: FnMut(ForEach<'a, Pk>) -> bool>(&'a self, mut pred: F) -> bool
+    fn for_each_key<'a, F: FnMut(&'a Pk) -> bool>(&'a self, mut pred: F) -> bool
     where
         Pk: 'a,
-        Pk::Hash: 'a,
+        Pk::RawPkHash: 'a,
     {
-        pred(ForEach::Key(&self.pk)) && self.ms.for_any_key(pred)
+        pred(&self.pk) && self.ms.for_any_key(pred)
     }
 }