Module dbc::tapret

Taproot OP_RETURN-based deterministic bitcoin commitment scheme (“tapret”).

Embed-commit by constructor: a) TapTree, Msg -> TapTree', TapRightPartner, defined in taptree mod; b) (psbt::Output, TxOut), Msg -> (psbt::Output, TxOut)', TapretProof, defined in output mod; c) PSBT, Msg -> PSBT', TapretProof, defined in psbt mod; Convolve-commit by receiver: d) UntweakedPublicKey, TapRightPartner, Msg -> TweakedPublicKey' in xonlypk; e) PubkeyScript, TapretProof, Msg -> PubkeyScript' in scriptpk; f) TxOut, TapretProof, Msg -> TxOut' in txout; g) Tx, TapretProof, Msg -> Tx' in tx.

Verify by constructor: a) TapRightPartner, Msg, TapTree' -> bool; b) TapretProof, Msg, (psbt::Output, TxOut)' -> bool; c) TapretProof, Msg, PSBT' -> bool. Verify by receiver: d) TweakedPublicKey, TapretProof, Msg -> bool; e) PubkeyScript', TapretProof, Msg -> bool; f) TxOut', TapretProof, Msg -> bool; g) Tx', TapretProof, Msg -> bool.

Find: descriptor::Tr<PublicKey> + TapretTweak -> descriptor::Tapret

Spend: TapretTweak + ControlBlock -> ControlBlock'

Find & spend procedures are wallet-specific, embed-commit and verify - are not.

Possible data type conversions:

• TapTree', UntweakedPublicKey -> TweakedPublicKey'
• TapRightPartner, UntweakedPublicKey -> TweakedPublicKey
• TapRightPartner, Msg -> TapretTweak
• TapretProof, Msg -> TweakedPublicKey'

Embed-commitment containers and proofs (container/proof): a) TapTree / TapRightPartner b) TapretProof / TweakedPublicKey' b) XOnlyPublicKey / TapretProof

Structs

• TapretCommitment
  Information about tapret commitment.
• TapretPathProof
  Structure proving that a merkle path to the tapret commitment inside the taproot script tree does not have an alternative commitment.
• TapretProof
  Information proving tapret determinism for a given tapret commitment. Used both in the commitment procedure for PSBTs and in client-side-validation of the commitment.
• TapretRightBranch
  Rigt-side hashing partner in the taproot script tree, used by TapretNodePartner::RightBranch to ensure correct consensus ordering of the child elements.

Enums

• Lnpbp12
  Marker non-instantiable enum defining LNPBP-12 taproot OP_RETURN (tapret) protocol.
• TapretError
  Errors during tapret commitment.
• TapretKeyError
  Errors during tapret commitment embedding into x-only public key.
• TapretNodePartner
  Information proving step of a tapret path in determined way within a given tap tree.
• TapretPathError
  Errors in constructing tapret path proof TapretPathProof.

Constants

• TAPRET_SCRIPT_COMMITMENT_PREFIX
  Hardcoded tapret script prefix consisting of 29 OP_RESERVED pushes, followed by OP_RETURN and OP_PUSHBYTES_33.