Use un/tweaked public key types #728
Conversation
src/util/taproot.rs
Outdated
| @@ -268,7 +268,7 @@ impl TaprootSpendInfo { | |||
| internal_key: internal_key, | |||
| merkle_root: merkle_root, | |||
| output_key_parity: parity, | |||
| output_key: output_key, | |||
| output_key: TweakedPublicKey::new(output_key), | |||
There was a problem hiding this comment.
This constructor should've been called dangerous_assume_tweaked :(
There was a problem hiding this comment.
Yup agreed. I was going to bring this in this review. Don't know how it skipped my review :( during the original one.
Along with changing the new API to dangerous_assume_tweaked, we can also the logic here to that output_key is computed using the taptweak method instead of manually tweaking as implemented here. That way output_key would be of the required type directly.
There was a problem hiding this comment.
To implement these suggestions I added 4 additional patches to this PR. The first two of which are cleanup
- Remove comments: d84e359
- Use
debug_assert!instead ofunreachable!: 8424aa1 - Implement @Kixunil suggestion, rename constructor: 1f71b75
- Implement @sanket1729 suggestion, use
tap_tweak6f25d0c but to do so I return the parity fromtap_tweakalso. This changes the taproot API, please review accordingly.
tcharding
force-pushed
the
use-TweakedPublicKey
branch
2 times, most recently
from
6f25d0c
to
ec24418
Compare
src/util/schnorr.rs
Outdated
| /// | ||
| /// # Returns | ||
| /// The tweaked key and its parity. | ||
| fn tap_tweak<C: Verification>(&self, secp: &Secp256k1<C>, merkle_root: Option<&TapBranchHash>) -> (TweakedPublicKey, bool); |
There was a problem hiding this comment.
bool is not very clear value for parity. Which is which? I believe it'd be much better to have:
enum KeyParity {
Even,
Odd,
}However, I think this can go to a separate PR given that parity: bool was used already.
There was a problem hiding this comment.
I'll do the PR, thanks.
There was a problem hiding this comment.
lol, I started doing this over in rust-secp256k1 and I do not know which is which. Is true == Even or Odd?
There was a problem hiding this comment.
|
Needs rebase :( |
Kixunil
added
the
waiting for author
tcharding
force-pushed
the
use-TweakedPublicKey
branch
from
ec24418
to
57ae7da
Compare
There was a problem hiding this comment.
Can you pls squash the commits into one? This is usual requirement for trivial commits by @apoelstra and I do not think that we should diverge from it. Why this is an important? Since we need to test each of the commits to compile and pass all tests, and having commits changing just one line of code makes this really computationally expansive. Another thing is that these all commits introduce the same change, so it probably best in terms of history and blame to have these change done in just a one commit.
|
I disagree over here. I like the structure of commits because they are different and do things in an atomic way. Maybe Having atomic commits really does aid in my review, and I think it would have been (slightly) more difficult to review if all were in one commit.
We do want this, but IMO this should never come at the cost of atomic commits. Lines of code have nothing to do with commits, and bitcoin core is full of commits with 10 line descriptions and a few line diffs. Infact, I think we should include the text from https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#committing-patches in #587. |
|
Actually an additional commit increases the complexity of bisect using formula |
I'm happy to argue this one over a beer with @apoelstra but I feel pretty strongly that trivial changes should not be done as part of other work, its jarring for reviewers to have to stop and think 'why is that whitespace added there'.
I rekon we should optimize for reviewers not for machine running time on CI, reviewers are expensive machines are cheap.
I guess this is subjective to a certain extent, all PRs can be described, at some level, as 'improve xyz'. But like I say above I think it makes review easier if there are many small commits, when folks can trust that my commits don't do strange things its easier for them to catch my strange and silly mistakes. |
Idiomatic UNIX file handling leaves files with a newline at the end. Add newline to end of `schnorr` module.
All new types in `rust-bitcoin` should use our standard set of derives. Add said standard derives to `TweakedPublickKey`.
We have two types for tweaked/untweaked schnorr public keys to help users of the taproot API not mix these two keys up. Currently the `taproot` module uses 'raw' `schnoor::PublicKey`s. Use the `schnoor` module's tweak/untweaked public key types for the `taproot` API.
When used, code comments should say _why_ we do something not _what_ we do, the code already says what we do. Remove 'what we do' style comments.
We currently run `tweak_add_check` and use the result as a conditional branch, the error path of which uses `unreachable`. This usage of `unreachable` is non-typical. An 'unreachable' statement is by definition supposed to be unreachable, it is not clear why we would need to have a conditional branch to check an unreachable statement. Use `debug_assert!` so programmer errors get caught in un-optimised builds but in optimised builds the call to `tweak_add_check` is not even done.
Keeping inline with the method on `UntweakedPublicKey` that outputs a `TweakedPublicKey` we can use the same name, for the same reasons. Use `dangerous_assume_tweaked` as the constructor name to highlight the fact that this constructor should probably not be being used.
Currently we calculate the parity during `tap_tweak` but do not return it, this means others must re-do work done inside `tap_tweak` in order to calculate the parity. We can just return the parity along with the tweaked key.
Improve the docs by doing: - Use [`Foo`] for types - Use third person tense - Add trailing periods
tcharding
force-pushed
the
use-TweakedPublicKey
branch
from
57ae7da
to
b5bf6d7
Compare
|
utACK b5bf6d7 I just told about my experience in working with this repo for several years: my multi-commit PRs were frequently required to be squashed. I also prefer to have atomic/simple commits. |
|
I would be really surprised if Andrew is against this. What specifically Andrew mentioned (quite a few times on different PRs from different authors) is one should squash changes in a PR that you have already changed in the same PR. I think most people(including me) who review commit by commit and find it extra work when something is implemented that is only changed again. I don't mean any of this as any critique of your work, but am just trying to arrive at a consensus on atomic commits. The first three commits are only what is required for the PR. The other commits make changes to the code introduced in the same PR and belong to the previous commits. I understand that sometimes it might be annoying to fix something in a specific commit. On a similar rationale, I had requested to squash only the fixups in the contributing.md PR (that were correctly addressed in the same PR). This is not a hard rule, but based on the complexity of the PR, already existing ACKs from reviewers, subjective decisions can be made to merge fixup commits. I am sorry for pointing to specific examples, but if you were asked to squash commits it should have been for this reason. If not, it is likely an incorrect recommendation that we should not follow in the future. |
|
@sanket1729 ok, I see, thank you for the explanation. I do not know why github does not show my ACK above as a review approval. Trying once again... |
We have two types for tweaked/untweaked schnorr public keys to help users of the taproot API not mix these two keys up. Currently the
taprootmodule uses 'raw'schnoor::PublicKeys.Use the
schnoormodule's tweak/untweaked public key types for thetaprootAPI.Fixes: #725
Please note, I saw this was labeled 'good-first-issue' but I ignored that and greedily implemented a solution because of two reasons