I have been finding out all of the methods Taproot transactions will be spent and I can get all of them to work apart from when script path spending is used and the script is executed. Transaction 0c045625… is an efficient instance. I will give attention to enter 0 right here.
I’ve efficiently recreated the merkle tree of tagged hashes to match the witness program from the earlier output, which I believed can be the laborious half but it surely turned out to be fairly simple.
However when the script lastly executes, it nonetheless has to succeed, which implies typically the signatures can even should be verified. I can efficiently confirm signatures in key path spending inputs, however not one of the script path spending ones.
Right here is the segwit knowledge for enter 0 (the primary two fields are the signatures):
107cc602f65b07acc72c1e71f9e443059256a844d3340deea90ca29d656c63e49eb0216be7e31a5e8ab02aa9e719ba43f05af84e86cf1912fbdf57ebbcf4cd5801 7a0c65d587f0859d7cf50009162b16c79fec22ecc485d0f8faf555f3718cda9a4891186a4a26ce7365516a0017806a6c3475d341866cd8b20c7891d02e2bc523 20c041f567623260a7b7caba5158cc0b864d735d36329db41fa41ffbb09ac86f71ad204cb206cf18865fd546b018324a8e94212dad909b3cd778bce22a219b9ac391ebac c110551a18489887bdb3242f46719e7d375b0cc5c3062ff8430b8d20e904783e8cc913b7fd44a48042cfda824efc872816549871226770204d0884c60ba693a315
Right here is the parsed witness script for enter 0:
c041f567623260a7b7caba5158cc0b864d735d36329db41fa41ffbb09ac86f71 OP_CHECKSIGVERIFY 4cb206cf18865fd546b018324a8e94212dad909b3cd778bce22a219b9ac391eb OP_CHECKSIG
Utilizing Schnorr signatures, I cannot get these public keys to confirm the signatures. The signatures use sighash byte 01, or the default 00.
As for the information to be signed, I’ve tried verifying these signatures utilizing
TapSighash tagged hashes of the information (like I do for key path spending), or simply utilizing a single or double SHA256 of the information, however nothing works.
As for the general public key to confirm the signatures, I’ve tried utilizing the general public keys within the script instantly, or utilized as tweaks to an xonly public key parsed from the witness program, and vice versa, however nothing I’ve used to tweak any of those 32-byte pubkeys works both.
Because the public keys are 32 bytes and the signatures are 64 (and it is a Taproot transaction), I assume these have to be verifiable utilizing Schnorr signatures.
What am I lacking? All the opposite stuff I’ve executed with Schnorr signatures works, and it’s fairly easy. So there needs to be a step I’m lacking.
For enter 0 within the transaction linked to above, right here is the information that my program is utilizing to try to confirm these signatures:
Hash of Information to Signal (utilizing solely a single SHA256 of the serialized items of information, which appears to be the Taproot conference):
When a script path is used to redeem a Taproot output, and the script is executed, how are these items of information used to confirm the signatures when OP_CHECKSIG known as?