Commit graph

23 commits

Author SHA1 Message Date
Pieter Wuille
8d9670ccb7 Add rawtr() descriptor for P2TR with unknown tweak 2022-07-19 17:36:08 -04:00
Andrew Chow
bada9636d7
Merge bitcoin/bitcoin#24043: Add (sorted)multi_a descriptor for k-of-n multisig inside tr
4828d53ecc Add (sorted)multi_a descriptors to doc/descriptors.md (Pieter Wuille)
b5f33ac1f8 Simplify wallet_taproot.py functional test (Pieter Wuille)
eb0667ea96 Add tests for (sorted)multi_a derivation/signing (Pieter Wuille)
c17c6aa08d Add signing support for (sorted)multi_a scripts (Pieter Wuille)
3eed6fca57 Add multi_a descriptor inference (Pieter Wuille)
79728c4a3d Add (sorted)multi_a descriptor and script derivation (Pieter Wuille)
25e95f9ff8 Merge/generalize IsValidMultisigKeyCount/GetMultisigKeyCount (Pieter Wuille)

Pull request description:

  This adds a new `multi_a(k,key_1,key_2,...,key_n)` (and corresponding `sortedmulti_a`) descriptor for k-of-n policies inside `tr()`. Semantically it is very similar to the existing `multi()` descriptor, but with the following changes:
  * The corresponding script is `<key1> OP_CHECKSIG <key2> OP_CHECKSIGADD <key3> OP_CHECKSIGADD ... <key_n> OP_CHECKSIGADD <k> OP_NUMEQUAL`, rather than the traditional `OP_CHECKMULTISIG`-based script, making it usable inside the `tr()` descriptor.
  * The keys can optionally be specified in x-only notation.
  * Both the number of keys and the threshold can be as high as 999; this is the limit due to the consensus stacksize=1000 limit

  I expect that this functionality will later be replaced with a miniscript-based implementation, but I don't think it's necessary to wait for that.

  Limitations:
  * The wallet code will for not estimate witness size incorrectly for script path spends, which may result in a (dramatic) fee underpayment with large multi_a scripts.
  * The multi_a script construction is (slightly) suboptimal for n-of-n (where a `<key1> OP_CHECKSIGVERIFY ... <key_n-1> OP_CHECKSIGVERIFY <key_n> OP_CHECKSIG` would be better). Such a construction is not included here.

ACKs for top commit:
  achow101:
    ACK 4828d53ecc
  gruve-p:
    ACK 4828d53ecc
  sanket1729:
    code review ACK 4828d53ecc
  darosior:
    Code review ACK 4828d53ecc

Tree-SHA512: 5dcd434b79585f0ff830f7d501d27df5e346f5749f47a3109ec309ebf2cbbad0e1da541eec654026d911ab67fd7cf7793fab0f765628d68d81b96ef2a4d234ce
2022-03-04 07:28:23 -05:00
Bitcoin Hodler
bac30e85f3
docs: Move explanation of hardened key syntax closer to KEY section
Before 7cedafc541 added the TREE
section, this line appeared right after the KEY section.

It doesn't really fit in its former location since it's the KEY
section that discusses derivation path syntax, not the TREE section.
2022-02-07 06:24:42 +00:00
Pieter Wuille
4828d53ecc Add (sorted)multi_a descriptors to doc/descriptors.md 2022-01-12 11:09:41 -05:00
W. J. van der Laan
ff65b696f3
Merge bitcoin/bitcoin#22067: Test and document a basic M-of-N multisig using descriptor wallets and PSBTs
9de0d94508 doc: add disclaimer highlighting shortcomings of the basic multisig example (Michael Dietz)
f9479e4626 test, doc: basic M-of-N multisig minor cleanup and clarifications (Michael Dietz)
e05cd0546a doc: add another signing flow for multisig with descriptor wallets and PSBTs (Michael Dietz)
17dd657300 doc: M-of-N multisig using descriptor wallets and PSBTs, as well as a signing flow (Michael Dietz)
1f20501efc test: add functional test for multisig flow with descriptor wallets and PSBTs (Michael Dietz)

Pull request description:

  Aims to resolve issue https://github.com/bitcoin/bitcoin/issues/21278. I try to follow the steps laanwj outlined there exactly, with the exception of using `combinepsbt` instead of `joinpsbts`. I wrote a functional test to make sure it works as expected before doing the docs, and figured it would also be a good source of documentation. So I kept the test as simple as possible and didn't go crazy with edge-cases and various checks. I do have a lot more test-cases I've written that I will follow up with (either in a separate PR or another commit - lmk if you have a preference), but I want to do it in a way that doesn't bloat this test so it remains useful as a quickstart (unless that's a bad idea)?

ACKs for top commit:
  S3RK:
    Code review ACK 9de0d94. Rspigler's argument convinced me that we should leave the workflow with two wallets. I assume using multisig with external signers is a popular use-case and it's important to keep compatibility.
  laanwj:
    Code and documentation review ACK 9de0d94508

Tree-SHA512: 6c76e787c21f09d8be5eaa11f3ca3eaa4868497824050562bdfb2095c73b90f5e8987a8775119891d6bfde586e3f31ad1b13e4b67b0802e1d23ef050227a1211
2021-10-18 16:17:45 +02:00
Michael Dietz
9de0d94508
doc: add disclaimer highlighting shortcomings of the basic multisig example 2021-09-03 13:49:03 -05:00
Michael Dietz
f9479e4626
test, doc: basic M-of-N multisig minor cleanup and clarifications
wallet_multisig_descriptor_psbt.py is refactored in this commit. While
behavior doesn't change we do cleanup the way wallets are accessed
throughout the test as this is done a lot for the various signers
and their multisigs. We also get rid of some shallow methods and
instead inline them for improved readability.

descriptors.md is improved to be more explicit about which wallet
(ie the signer or multisig) is required for each step.
2021-09-03 13:49:03 -05:00
Pieter Wuille
d2a09c8355 doc: mention bech32m/BIP350 in doc/descriptors.md 2021-08-30 13:45:22 -04:00
Michael Dietz
e05cd0546a
doc: add another signing flow for multisig with descriptor wallets and PSBTs 2021-08-16 10:43:07 +05:00
Michael Dietz
17dd657300
doc: M-of-N multisig using descriptor wallets and PSBTs, as well as a signing flow 2021-08-16 10:43:07 +05:00
Pieter Wuille
7cedafc541 Add tr() descriptor (derivation only, no signing)
This adds a new descriptor with syntax e.g. tr(KEY,{S1,{{S2,S3},S4})
where KEY is a key expression for the internal key and S_i are
script expression for the leaves. They have to be organized in
nested {A,B} groups, with exactly two elements.

tr() only exists at the top level, and inside the script expressions
only pk() scripts are allowed for now.
2021-05-24 12:14:16 -07:00
lisa neigut
4ed064dbd9
docs: correctly identify script type
fixes a typo
2021-02-07 12:20:01 -06:00
Dmitry Petukhov
dc80a7d0b0
docs/descriptors.md: Remove hardened marker in the path after xpub
As described in "Key origin identification" section, a descriptor
that has hardened derivation after xpub does not let you compute scripts
without access to the corresponding private keys. Such a descriptor is
practically useless.

The text after the descriptor said "with child key *1'/2* of the
specified xpub", and clearly an xpub cannot have "child key" with
hardened derivation. Therefore it makes sense to fix this inconsistency
to not confuse the reader of the doc
2020-11-06 14:27:47 +05:00
Andrew Chow
19a354b11f Output a descriptor in createmultisig and addmultisigaddress 2020-01-30 23:55:36 -05:00
Andrew Toth
c7ec9a1888 Add missing supported rpcs to doc/descriptors.md 2020-01-30 18:34:25 -05:00
Andrew Chow
ed96b295d7 Update descriptors.md to include sortedmulti 2019-10-08 13:56:56 -04:00
Pieter Wuille
9b085f4863 Mention new descriptor RPCs in descriptors.md 2019-04-06 08:17:51 -07:00
Pieter Wuille
fd637be8d2 Add checksums to descriptors.md 2019-02-15 22:36:05 -08:00
John Newbery
8284756705 A few minor formatting fixes and clarifications to descriptors.md 2018-11-22 00:21:29 -05:00
Pieter Wuille
8afb166875 Update documentation to incude origin information 2018-10-20 20:31:19 -07:00
Russell Yanofsky
eeeaa29214 descriptors.md: Refer to descriptors as describing instead of matching 2018-10-17 11:41:22 -04:00
Russell Yanofsky
eb49412562 doc/descriptors.md tweaks
Add some implementation details, and tweak phrasing in examples section to be
more explicit about how script expressions are used for matching.
2018-09-06 09:59:42 -04:00
Pieter Wuille
9254ffcf2d Add descriptor reference documentation 2018-09-05 11:26:16 -07:00