Crate confidential_script_lib

Expand description

§Confidential Script Library

Emulate Bitcoin script by converting valid script-path spends to key-path spends. Intended for use within a Trusted Execution Environment (TEE), the library validates unlocking conditions and then authorizes the transaction using a deterministically derived private key.

This approach enables confidential execution of complex script, including opcodes not yet supported by the Bitcoin protocol. The actual on-chain footprint is a minimal key-path spend, preserving privacy and efficiency.

§Overview

The library operates on a two-step process: emulation and signing.

Emulation: A transaction is constructed using an input spending a real previous_outpoint with a witness that is a script-path spend from an emulated P2TR script_pubkey. The library validates this emulated witness using a Verifier, which matches the API of rust-bitcoinkernel. If compiled with the bitcoinkernel feature, users can use the actual kernel as the default verifier, or they can provide an alternative verifier that enforces a different set of rules (ex: a fork of bitcoinkernel that supports Simplicity).
Signing: If the transaction is valid, the library uses the provided parent private key and the merkle root of the emulated script path spend to derive a child private key, which corresponds to the internal public key of the actual UTXO being spent. The library then updates the transaction with a key-path spend signed with this child key.

To facilitate offline generation of the real script_pubkey, the child key is derived from the parent key using a non-hardened HMAC-SHA512 derivation scheme. This lets users generate addresses using the parent public key, while the parent private key is secured elsewhere.

This library is intended to be run within a TEE, which is securely provisioned with the parent private key. This decouples script execution from on-chain settlement, keeping execution private and enabling new functionality with minimal trust assumptions.

§Failsafe Mechanism: Backup Script Path

To prevent funds from being irrecoverably locked if the TEE becomes unavailable, the library allows for the inclusion of an optional backup_merkle_root when creating the actual on-chain address. This backup merkle root defines the alternative spending paths that are available independently of the TEE.

A common use case for this feature is to include a timelocked recovery script (e.g., using OP_CHECKSEQUENCEVERIFY). If the primary TEE-based execution path becomes unavailable for any reason, the owner can wait for the timelock to expire and then recover the funds using a pre-defined backup script. This provides a crucial failsafe, ensuring that users retain ultimate control over their assets.

§Extensibility for Proposed Soft Forks

This library can be used to emulate proposed upgrades, such as new opcodes like OP_CAT or OP_CTV or new scripting languages like Simplicity. It accepts any verifier that adheres to the rust-bitcoinkernel API, allowing developers to experiment with new functionality by forking the kernel, without waiting for a soft fork to gain adoption on mainnet.

Enums§

Error: Comprehensive error type for verify_and_sign operations

Constants§

TAPROOT_ANNEX_DATA_CARRYING_TAG: The initial byte in a data-carrying taproot annex

Traits§

Verifier: Trait to abstract the behavior of the bitcoin script verifier, allowing users to provide their own verifier.

Functions§

generate_address: Generates P2TR address from a parent public key and the emulated merkle root, with an optional backup merkle root.
verify_and_sign: Verifies emulated Bitcoin script and signs the corresponding transaction.