Merge pull request #1787 from Roasbeef/taproot-impl

multi: implement BIP 341 and 342 a.k.a complete taproot and tapscript consensus verification logic

blockchain/indexers/addrindex.go

@@ -10,12 +10,12 @@ import (
 	"sync"
 
 	"github.com/btcsuite/btcd/blockchain"
+	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/database"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/btcsuite/btcd/btcutil"
 )
 
 const (
@@ -63,6 +63,11 @@ const (
 	// script template, as well as a 32-byte data push.
 	addrKeyTypeWitnessScriptHash = 3
 
+	// addrKeyTypeTaprootPubKey is the address type in an address key that
+	// represnts a pay-to-taproot adress. We use this to denote addresses
+	// related to the segwit v1 that are encoded in the bech32m format.
+	addrKeyTypeTaprootPubKey = 4
+
 	// Size of a transaction entry.  It consists of 4 bytes block id + 4
 	// bytes offset + 4 bytes length.
 	txEntrySize = 4 + 4 + 4
@@ -573,6 +578,16 @@ func addrToKey(addr btcutil.Address) ([addrKeySize]byte, error) {
 		result[0] = addrKeyTypeWitnessPubKeyHash
 		copy(result[1:], addr.Hash160()[:])
 		return result, nil
+
+	case *btcutil.AddressTaproot:
+		var result [addrKeySize]byte
+		result[0] = addrKeyTypeTaprootPubKey
+
+		// Taproot outputs are actually just the 32-byte public key.
+		// Similar to the P2WSH outputs, we'll map these to 20-bytes
+		// via the hash160.
+		copy(result[1:], btcutil.Hash160(addr.ScriptAddress()))
+		return result, nil
 	}
 
 	return [addrKeySize]byte{}, errUnsupportedAddressType

blockchain/scriptval.go

@@ -10,9 +10,9 @@ import (
 	"runtime"
 	"time"
 
+	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/btcsuite/btcd/btcutil"
 )
 
 // txValidateItem holds a transaction along with which input to validate.
@@ -74,9 +74,11 @@ out:
 			witness := txIn.Witness
 			pkScript := utxo.PkScript()
 			inputAmount := utxo.Amount()
-			vm, err := txscript.NewEngine(pkScript, txVI.tx.MsgTx(),
-				txVI.txInIndex, v.flags, v.sigCache, txVI.sigHashes,
-				inputAmount)
+			vm, err := txscript.NewEngine(
+				pkScript, txVI.tx.MsgTx(), txVI.txInIndex,
+				v.flags, v.sigCache, txVI.sigHashes,
+				inputAmount, v.utxoView,
+			)
 			if err != nil {
 				str := fmt.Sprintf("failed to parse input "+
 					"%s:%d which references output %v - "+
@@ -201,7 +203,7 @@ func ValidateTransactionScripts(tx *btcutil.Tx, utxoView *UtxoViewpoint,
 	// amongst all worker validation goroutines.
 	if segwitActive && tx.MsgTx().HasWitness() &&
 		!hashCache.ContainsHashes(tx.Hash()) {
-		hashCache.AddSigHashes(tx.MsgTx())
+		hashCache.AddSigHashes(tx.MsgTx(), utxoView)
 	}
 
 	var cachedHashes *txscript.TxSigHashes
@@ -266,15 +268,17 @@ func checkBlockScripts(block *btcutil.Block, utxoView *UtxoViewpoint,
 		if segwitActive && tx.HasWitness() && hashCache != nil &&
 			!hashCache.ContainsHashes(hash) {
 
-			hashCache.AddSigHashes(tx.MsgTx())
+			hashCache.AddSigHashes(tx.MsgTx(), utxoView)
 		}
 
 		var cachedHashes *txscript.TxSigHashes
 		if segwitActive && tx.HasWitness() {
 			if hashCache != nil {
 				cachedHashes, _ = hashCache.GetSigHashes(hash)
 			} else {
-				cachedHashes = txscript.NewTxSigHashes(tx.MsgTx())
+				cachedHashes = txscript.NewTxSigHashes(
+					tx.MsgTx(), utxoView,
+				)
 			}
 		}
 

blockchain/thresholdstate.go

@@ -171,6 +171,9 @@ func thresholdStateTransition(state ThresholdState, prevNode *blockNode,
 		// speed deployments can only transition to failed
 		// after a confirmation window.
 		if !checker.IsSpeedy() && checker.HasEnded(prevNode) {
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdFailed)
+
 			state = ThresholdFailed
 			break
 		}
@@ -179,6 +182,9 @@ func thresholdStateTransition(state ThresholdState, prevNode *blockNode,
 		// once its start time has been reached (and it hasn't
 		// already expired per the above).
 		if checker.HasStarted(prevNode) {
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdStarted)
+
 			state = ThresholdStarted
 		}
 
@@ -187,6 +193,9 @@ func thresholdStateTransition(state ThresholdState, prevNode *blockNode,
 		// expires before it is accepted and locked in, but
 		// only if this deployment isn't speedy.
 		if !checker.IsSpeedy() && checker.HasEnded(prevNode) {
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdFailed)
+
 			state = ThresholdFailed
 			break
 		}
@@ -214,13 +223,23 @@ func thresholdStateTransition(state ThresholdState, prevNode *blockNode,
 		// period that voted for the rule change meets the
 		// activation threshold.
 		case count >= checker.RuleChangeActivationThreshold():
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdLockedIn)
+
 			state = ThresholdLockedIn
 
 		// If this is a speedy deployment, we didn't meet the
 		// threshold above, and the deployment has expired, then
 		// we transition to failed.
 		case checker.IsSpeedy() && checker.HasEnded(prevNode):
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdFailed)
+
 			state = ThresholdFailed
+
+		default:
+			log.Infof("Still at state=%v, threshold=%v", state,
+				float64(count)/float64(checker.RuleChangeActivationThreshold()))
 		}
 
 	case ThresholdLockedIn:
@@ -232,8 +251,14 @@ func thresholdStateTransition(state ThresholdState, prevNode *blockNode,
 		// If we aren't eligible to active yet, then we'll just
 		// stay in the locked in position.
 		if !checker.EligibleToActivate(prevNode) {
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdLockedIn)
+
 			state = ThresholdLockedIn
 		} else {
+			log.Infof("Moving from state=%v, to state=%v", state,
+				ThresholdActive)
+
 			// The new rule becomes active when its
 			// previous state was locked in assuming it's
 			// now eligible to activate.

blockchain/utxoviewpoint.go

@@ -7,11 +7,11 @@ package blockchain
 import (
 	"fmt"
 
+	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/database"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/btcsuite/btcd/btcutil"
 )
 
 // txoFlags is a bitmask defining additional information and state for a
@@ -159,6 +159,23 @@ func (view *UtxoViewpoint) LookupEntry(outpoint wire.OutPoint) *UtxoEntry {
 	return view.entries[outpoint]
 }
 
+// FetchPrevOutput fetches the previous output referenced by the passed
+// outpoint. This is identical to the LookupEntry method, but it returns a
+// wire.TxOut instead.
+//
+// NOTE: This is an implementation of the txscript.PrevOutputFetcher interface.
+func (view *UtxoViewpoint) FetchPrevOutput(op wire.OutPoint) *wire.TxOut {
+	prevOut := view.entries[op]
+	if prevOut == nil {
+		return nil
+	}
+
+	return &wire.TxOut{
+		Value:    prevOut.amount,
+		PkScript: prevOut.PkScript(),
+	}
+}
+
 // addTxOut adds the specified output to the view if it is not provably
 // unspendable.  When the view already has an entry for the output, it will be
 // marked unspent.  All fields will be updated for existing entries since it's

blockchain/validate.go

@@ -11,11 +11,11 @@ import (
 	"math/big"
 	"time"
 
+	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/chaincfg"
 	"github.com/btcsuite/btcd/chaincfg/chainhash"
 	"github.com/btcsuite/btcd/txscript"
 	"github.com/btcsuite/btcd/wire"
-	"github.com/btcsuite/btcd/btcutil"
 )
 
 const (
@@ -1218,6 +1218,18 @@ func (b *BlockChain) checkConnectBlock(node *blockNode, block *btcutil.Block, vi
 		scriptFlags |= txscript.ScriptStrictMultiSig
 	}
 
+	// Before we execute the main scripts, we'll also check to see if
+	// taproot is active or not.
+	taprootState, err := b.deploymentState(
+		node.parent, chaincfg.DeploymentTaproot,
+	)
+	if err != nil {
+		return err
+	}
+	if taprootState == ThresholdActive {
+		scriptFlags |= txscript.ScriptVerifyTaproot
+	}
+
 	// Now that the inexpensive checks are done and have passed, verify the
 	// transactions are actually allowed to spend the coins by running the
 	// expensive ECDSA signature check scripts.  Doing this last helps

blockchain/versionbits.go

@@ -187,7 +187,7 @@ func (c deploymentChecker) HasEnded(blkNode *blockNode) bool {
 // This is part of the thresholdConditionChecker interface implementation.
 func (c deploymentChecker) RuleChangeActivationThreshold() uint32 {
 	// Some deployments like taproot used a custom activation threshold
-	// that ovverides the network level threshold.
+	// that overrides the network level threshold.
 	if c.deployment.CustomActivationThreshold != 0 {
 		return c.deployment.CustomActivationThreshold
 	}
@@ -234,7 +234,8 @@ func (c deploymentChecker) EligibleToActivate(blkNode *blockNode) bool {
 //
 // This is part of the thresholdConditionChecker interface implementation.
 func (c deploymentChecker) IsSpeedy() bool {
-	return c.deployment.MinActivationHeight != 0
+	return (c.deployment.MinActivationHeight != 0 ||
+		c.deployment.CustomActivationThreshold != 0)
 }
 
 // Condition returns true when the specific bit defined by the deployment

btcec/privkey.go

@@ -27,5 +27,11 @@ func NewPrivateKey() (*PrivateKey, error) {
 	return secp.GeneratePrivateKey()
 }
 
+// PrivKeyFromScalar instantiates a new private key from a scalar encoded as a
+// big integer.
+func PrivKeyFromScalar(key *ModNScalar) *PrivateKey {
+	return &PrivateKey{Key: *key}
+}
+
 // PrivKeyBytesLen defines the length in bytes of a serialized private key.
 const PrivKeyBytesLen = 32

btcutil/go.mod

@@ -14,3 +14,7 @@ require (
 )
 
 replace github.com/btcsuite/btcd => ../
+
+replace github.com/btcsuite/btcd/chaincfg/chainhash => ../chaincfg/chainhash
+
+replace github.com/btcsuite/btcd/btcec/v2 => ../btcec

btcutil/go.sum

@@ -1,16 +1,12 @@
 github.com/aead/siphash v1.0.1 h1:FwHfE/T45KPKYuuSAKyyvE+oPWcaQ+CUmFW0bPlM+kg=
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
-github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
-github.com/btcsuite/btcd/btcec/v2 v2.1.1 h1:xxivBG6pU3wwxx9qPNZP+2K0PXO9VmFLaSrwOFr24Hw=
-github.com/btcsuite/btcd/btcec/v2 v2.1.1/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
 github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
-github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0 h1:MSskdM4/xJYcFzy0altH/C/xHopifpWzHUi1JeVI34Q=
-github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
 github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
@@ -43,6 +39,11 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 h1:epCh84lMvA70Z7CTTCmYQn2CKbY8j86K7/FAIr141uY=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -79,3 +80,5 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

btcutil/psbt/go.mod

@@ -12,10 +12,15 @@ require (
 
 require (
 	github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f // indirect
+	github.com/decred/dcrd/crypto/blake256 v1.0.0 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
 	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
 )
 
 replace github.com/btcsuite/btcd/btcutil => ../
 
 replace github.com/btcsuite/btcd => ../..
+
+replace github.com/btcsuite/btcd/chaincfg/chainhash => ../../chaincfg/chainhash
+
+replace github.com/btcsuite/btcd/btcec/v2 => ../../btcec

btcutil/psbt/go.sum

@@ -1,13 +1,10 @@
 github.com/aead/siphash v1.0.1/go.mod h1:Nywa3cDsYNNK3gaciGTWPwHt0wlpNV15vwmswBAUSII=
-github.com/btcsuite/btcd/btcec/v2 v2.1.1 h1:xxivBG6pU3wwxx9qPNZP+2K0PXO9VmFLaSrwOFr24Hw=
-github.com/btcsuite/btcd/btcec/v2 v2.1.1/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
-github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0 h1:MSskdM4/xJYcFzy0altH/C/xHopifpWzHUi1JeVI34Q=
-github.com/btcsuite/btcd/chaincfg/chainhash v1.0.0/go.mod h1:7SFka0XMvUgj3hfZtydOrQY2mwhPclbT2snogU7SQQc=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f h1:bAs4lUbRJpnnkd9VhRV3jjAVU7DJVjMaK+IsvSeZvFo=
 github.com/btcsuite/btclog v0.0.0-20170628155309-84c8d2346e9f/go.mod h1:TdznJufoqS23FtqVCzL0ZqgP5MqXbb4fg/WgDys70nA=
 github.com/btcsuite/go-socks v0.0.0-20170105172521-4720035b7bfd/go.mod h1:HHNXQzUsZCxOoE+CPiyCTO6x34Zs86zZUiwtpXoGdtg=
 github.com/btcsuite/websocket v0.0.0-20150119174127-31079b680792/go.mod h1:ghJtEyQwv5/p4Mg4C0fgbePVuGr935/5ddU9Z3TmDRY=
 github.com/btcsuite/winsvc v1.0.0/go.mod h1:jsenWakMcC0zFBFurPLEAyrnc/teJEM1O46fmI40EZs=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/crypto/blake256 v1.0.0 h1:/8DMNYp9SGi5f0w7uCm6d6M4OU2rGFK09Y2A4Xv7EE0=
@@ -38,6 +35,11 @@ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7/go.mod h1:q4W45IWZaF22tdD+VEXcAWRA037jwmWEB5VWYORlTpc=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
@@ -73,3 +75,5 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

chaincfg/chainhash/hash.go

@@ -27,12 +27,33 @@ var (
 	// TagBIP0340Nonce is the BIP-0340 tag for nonces.
 	TagBIP0340Nonce = []byte("BIP0340/nonce")
 
+	// TagTapSighash is the tag used by BIP 341 to generate the sighash
+	// flags.
+	TagTapSighash = []byte("TapSighash")
+
+	// TagTagTapLeaf is the message tag prefix used to compute the hash
+	// digest of a tapscript leaf.
+	TagTapLeaf = []byte("TapLeaf")
+
+	// TagTapBranch is the message tag prefix used to compute the
+	// hash digest of two tap leaves into a taproot branch node.
+	TagTapBranch = []byte("TapBranch")
+
+	// TagTapTweak is the message tag prefix used to compute the hash tweak
+	// used to enable a public key to commit to the taproot branch root
+	// for the witness program.
+	TagTapTweak = []byte("TapTweak")
+
 	// precomputedTags is a map containing the SHA-256 hash of the BIP-0340
 	// tags.
 	precomputedTags = map[string]Hash{
 		string(TagBIP0340Challenge): sha256.Sum256(TagBIP0340Challenge),
 		string(TagBIP0340Aux):       sha256.Sum256(TagBIP0340Aux),
 		string(TagBIP0340Nonce):     sha256.Sum256(TagBIP0340Nonce),
+		string(TagTapSighash):       sha256.Sum256(TagTapSighash),
+		string(TagTapLeaf):          sha256.Sum256(TagTapLeaf),
+		string(TagTapBranch):        sha256.Sum256(TagTapBranch),
+		string(TagTapTweak):         sha256.Sum256(TagTapTweak),
 	}
 )