Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Generate unspendable taproot addresses #130

Closed
2 tasks done
djordon opened this issue May 7, 2024 · 1 comment · Fixed by #201
Closed
2 tasks done

[Feature]: Generate unspendable taproot addresses #130

djordon opened this issue May 7, 2024 · 1 comment · Fixed by #201
Assignees
@djordon
Labels
transaction library Common library for handling transaction manipulation. utxo consolidation Tickets related to how we consolidate deposit and withdrawal BTC transactions

Comments

@djordon
Copy link
Contributor

djordon commented May 7, 2024
edited
Loading

Feature - Generate unspendable taproot addresses

1. Description

The deposit taproot script will use an unspendable address as the public key so that no one can key-spend path deposits spent to the signers. The code introduced in #128 assumes these addresses are given, but we should hard-code one for users to use (or implement a function that generates them).

2. Technical Details:

The details for how to construct such an address are hinted to in BIP 341, where they also link to what may be an unspendable address.

2.1 Acceptance Criteria:

  • We have at least one unspendable address.
  • We have acceptance criteria for an address to be deemed unspendable. I think we just need to decide that something is unspendable and be able to defend it.

3. Related Issues and Pull Requests (optional):

This came up during PR comments of #128.
@djordon djordon added transaction library Common library for handling transaction manipulation. utxo consolidation Tickets related to how we consolidate deposit and withdrawal BTC transactions labels May 7, 2024
@djordon djordon mentioned this issue May 7, 2024
Merged
3 tasks
@github-project-automation github-project-automation bot moved this to Needs Triage in sBTC May 22, 2024
@AshtonStephens AshtonStephens moved this from Needs Triage to Todo in sBTC May 22, 2024
@djordon djordon self-assigned this May 28, 2024
@djordon djordon mentioned this issue May 28, 2024
Merged
@github-project-automation github-project-automation bot moved this from Todo to Done in sBTC May 28, 2024
@djordon
Copy link
Contributor Author

djordon commented May 29, 2024

Notes about the "impossible" taproot key-spend paths

For a taproot key-spend path to be impossible, the public key in the taproot address must not have a corresponding private key. This is equivalent to saying that the point on the secp256k1 curve that corresponds to the public key is not generated by the generator that bitcoin uses. But the secp256k1 curve1 does not have any points on it that aren't generated by the generator. This is a general well known fact. The secp256k1 curve has prime order2, which implies that all non-trivial3 points generate the entire curve4. Thus, all public keys have a corresponding private key.

Footnotes

  1. See page 9 of the Standards for Efficient Cryptography for the parameters on secp256k1 curves.

  2. The order of the curve is the number of points on the curve.

  3. Here, the trivial point is the point at infinity, or the identity point. There is only one such point, all other points are non-trivial.

  4. The fact that any non-trivial point on the curve generates the entire curve follows from the following facts: (1) the set of points generated from the point G forms a non-trivial subgroup of the curve; (2) the size of every subgroup of a group divides the size of the curve; (3) there are a prime number of points of the secp256k1 curve. Thus the size of the subgroup equals the size of the group, so the generator generates the group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@djordon djordon

Labels
transaction library Common library for handling transaction manipulation. utxo consolidation Tickets related to how we consolidate deposit and withdrawal BTC transactions
Projects
sBTC
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use unspendable taproot public keys for deposits stacks-network/sbtc
1 participant
@djordon