taproot-assets-core 0.0.2

Core no-std logic and verification primitives for Taproot Assets
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

//! Group key reveal verification logic.

use bitcoin::hashes::Hash;
use taproot_assets_types::asset::{
    Asset, AssetID, GroupKeyReveal, NonSpendLeafVersion, SerializedKey,
};
use taproot_assets_types::proof::Proof;

use crate::{OpsError, TaprootOps};

/// Errors returned by group key reveal verification.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Error {
    /// Group key reveal is present but the asset has no group key.
    MissingGroupKey,
    /// Group key reveal requires genesis information.
    MissingGenesis,
    /// Asset group key length is invalid.
    InvalidGroupKeyLength {
        /// Expected length in bytes.
        expected: usize,
        /// Actual length in bytes.
        actual: usize,
    },
    /// Derived group key does not match the asset group key.
    GroupKeyMismatch,
    /// Missing tapscript root for a V1 group key reveal.
    MissingTapscriptRoot {
        /// Reveal version that requires a tapscript root.
        version: NonSpendLeafVersion,
    },
    /// Taproot operation failed.
    Ops(OpsError),
}

impl From<OpsError> for Error {
    /// Converts an ops error into a group key reveal error.
    fn from(err: OpsError) -> Self {
        Self::Ops(err)
    }
}

impl core::fmt::Display for Error {
    /// Formats the error for display.
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        match self {
            Error::MissingGroupKey => {
                write!(f, "group key reveal present but asset has no group key")
            }
            Error::MissingGenesis => write!(f, "group key reveal requires genesis information"),
            Error::InvalidGroupKeyLength { expected, actual } => write!(
                f,
                "asset group key length must be {}, got {}",
                expected, actual
            ),
            Error::GroupKeyMismatch => write!(f, "group key reveal mismatch"),
            Error::MissingTapscriptRoot { version } => write!(
                f,
                "missing tapscript root for group key reveal version {:?}",
                version
            ),
            Error::Ops(err) => core::fmt::Display::fmt(err, f),
        }
    }
}

/// Derives the compressed group key bytes for a group key reveal.
pub fn group_pubkey_from_reveal<O: TaprootOps>(
    ops: &O,
    reveal: &GroupKeyReveal,
    asset_id: &AssetID,
) -> Result<SerializedKey, Error> {
    let tapscript_root = reveal.tapscript_root.map(|root| root.to_byte_array());
    let custom_subtree_root = reveal.custom_subtree_root.map(|root| root.to_byte_array());

    match reveal.version {
        None => derive_group_pubkey_v0(ops, &reveal.raw_group_key, asset_id, tapscript_root),
        Some(version) => derive_group_pubkey_v1(
            ops,
            version,
            &reveal.raw_group_key,
            asset_id,
            tapscript_root,
            custom_subtree_root,
        ),
    }
}

/// Verifies that the group key reveal derives the asset's group key.
pub fn verify_group_key_reveal<O: TaprootOps>(ops: &O, proof: &Proof) -> Result<(), Error> {
    verify_group_key_reveal_with_asset(ops, &proof.asset, proof.group_key_reveal.as_ref())
        .map(|_| ())
}

/// Verifies that the group key reveal derives the asset's group key.
pub fn verify_group_key_reveal_with_asset<O: TaprootOps>(
    ops: &O,
    asset: &Asset,
    reveal: Option<&GroupKeyReveal>,
) -> Result<Option<SerializedKey>, Error> {
    let reveal = match reveal {
        Some(reveal) => reveal,
        None => return Ok(None),
    };
    let asset_group = asset.asset_group.as_ref().ok_or(Error::MissingGroupKey)?;
    let asset_id = asset
        .asset_genesis
        .as_ref()
        .ok_or(Error::MissingGenesis)?
        .asset_id;
    let expected_key = if !asset_group.tweaked_group_key.is_empty() {
        &asset_group.tweaked_group_key
    } else {
        &asset_group.raw_group_key
    };
    if expected_key.len() != 33 {
        return Err(Error::InvalidGroupKeyLength {
            expected: 33,
            actual: expected_key.len(),
        });
    }

    let derived_key = group_pubkey_from_reveal(ops, reveal, &asset_id)?;
    if expected_key.as_slice() != &derived_key.bytes[..] {
        return Err(Error::GroupKeyMismatch);
    }

    Ok(Some(derived_key))
}

/// Derives the tweaked group public key for a V0 group key reveal.
fn derive_group_pubkey_v0<O: TaprootOps>(
    ops: &O,
    raw_key: &SerializedKey,
    asset_id: &AssetID,
    tapscript_root: Option<[u8; 32]>,
) -> Result<SerializedKey, Error> {
    let raw_pubkey = ops.parse_group_key(raw_key)?;
    let tweak = asset_id.to_byte_array();
    let internal_key = ops.add_tweak(&raw_pubkey, tweak)?;

    let output_key = ops.taproot_output_key(&internal_key, tapscript_root)?;
    Ok(output_key)
}

/// Derives the tweaked group public key for a V1 group key reveal.
fn derive_group_pubkey_v1<O: TaprootOps>(
    ops: &O,
    version: NonSpendLeafVersion,
    internal_key: &SerializedKey,
    _asset_id: &AssetID,
    tapscript_root: Option<[u8; 32]>,
    _custom_subtree_root: Option<[u8; 32]>,
) -> Result<SerializedKey, Error> {
    let root = tapscript_root.ok_or(Error::MissingTapscriptRoot { version })?;
    let internal_pubkey = ops.parse_internal_key(internal_key)?;

    let output_key = ops.taproot_output_key(&internal_pubkey, Some(root))?;
    Ok(output_key)
}