Struct XOnlyPublicKey 

pub struct XOnlyPublicKey(/* private fields */);

An x-only public key, used for verification of Taproot signatures and serialized according to BIP-340.

Serde support

Implements de/serialization with the serde feature enabled. We treat the byte value as a tuple of 32 u8s for non-human-readable formats. This representation is optimal for for some formats (e.g. bincode) however other formats may be less optimal (e.g. cbor).

Examples

Basic usage:

use secp256k1::{rand, Secp256k1, Keypair, XOnlyPublicKey};

let secp = Secp256k1::new();
let keypair = Keypair::new(&secp, &mut rand::thread_rng());
let xonly = XOnlyPublicKey::from_keypair(&keypair);

Implementations

impl XOnlyPublicKey

pub fn cmp_fast_unstable(&self, other: &XOnlyPublicKey) -> Ordering

Like cmp::Cmp but faster and with no guarantees across library versions.

The Cmp implementation for FFI types is stable but slow because it first serializes self and other before comparing them. This function provides a faster comparison if you know that your types come from the same library version.

pub fn eq_fast_unstable(&self, other: &XOnlyPublicKey) -> bool

Like cmp::Eq but faster and with no guarantees across library versions.

The Eq implementation for FFI types is stable but slow because it first serializes self and other before comparing them. This function provides a faster equality check if you know that your types come from the same library version.

impl XOnlyPublicKey

pub fn as_ptr(&self) -> *const XOnlyPublicKey

👎Deprecated since 0.25.0: Use Self::as_c_ptr if you need to access the FFI layer

Obtains a raw const pointer suitable for use with FFI functions.

pub fn as_mut_ptr(&mut self) -> *mut XOnlyPublicKey

👎Deprecated since 0.25.0: Use Self::as_mut_c_ptr if you need to access the FFI layer

Obtains a raw mutable pointer suitable for use with FFI functions.

pub fn from_keypair(keypair: &Keypair) -> (XOnlyPublicKey, Parity)

Returns the XOnlyPublicKey (and it’s Parity) for keypair.

pub fn from_slice(data: &[u8]) -> Result<XOnlyPublicKey, Error>

Creates a schnorr public key directly from a slice.

Errors

Returns Error::InvalidPublicKey if the length of the data slice is not 32 bytes or the slice does not represent a valid Secp256k1 point x coordinate.

pub fn serialize(&self) -> [u8; 32]

Serializes the key as a byte-encoded x coordinate value (32 bytes).

pub fn add_tweak<V>( self, secp: &Secp256k1<V>, tweak: &Scalar, ) -> Result<(XOnlyPublicKey, Parity), Error>

where V: Verification,

Tweaks an XOnlyPublicKey by adding the generator multiplied with the given tweak to it.

Returns

The newly tweaked key plus an opaque type representing the parity of the tweaked key, this should be provided to tweak_add_check which can be used to verify a tweak more efficiently than regenerating it and checking equality.

Errors

If the resulting key would be invalid.

Examples

use secp256k1::{Secp256k1, Keypair, Scalar, XOnlyPublicKey};

let secp = Secp256k1::new();
let tweak = Scalar::random();

let mut keypair = Keypair::new(&secp, &mut rand::thread_rng());
let (xonly, _parity) = keypair.x_only_public_key();
let tweaked = xonly.add_tweak(&secp, &tweak).expect("Improbable to fail with a randomly generated tweak");

pub fn tweak_add_check<V>( &self, secp: &Secp256k1<V>, tweaked_key: &XOnlyPublicKey, tweaked_parity: Parity, tweak: Scalar, ) -> bool

where V: Verification,

Verifies that a tweak produced by XOnlyPublicKey::add_tweak was computed correctly.

Should be called on the original untweaked key. Takes the tweaked key and output parity from XOnlyPublicKey::add_tweak as input.

Currently this is not much more efficient than just recomputing the tweak and checking equality. However, in future this API will support batch verification, which is significantly faster, so it is wise to design protocols with this in mind.

Returns

True if tweak and check is successful, false otherwise.

Examples

use secp256k1::{Secp256k1, Keypair, Scalar};

let secp = Secp256k1::new();
let tweak = Scalar::random();

let mut keypair = Keypair::new(&secp, &mut rand::thread_rng());
let (mut public_key, _) = keypair.x_only_public_key();
let original = public_key;
let (tweaked, parity) = public_key.add_tweak(&secp, &tweak).expect("Improbable to fail with a randomly generated tweak");
assert!(original.tweak_add_check(&secp, &tweaked, parity, tweak));

pub fn public_key(&self, parity: Parity) -> PublicKey

Returns the PublicKey for this XOnlyPublicKey.

This is equivalent to using [PublicKey::from_xonly_and_parity(self, parity)].

pub fn verify<C>( &self, secp: &Secp256k1<C>, msg: &Message, sig: &Signature, ) -> Result<(), Error>

where C: Verification,

Checks that sig is a valid schnorr signature for msg using this public key.

Trait Implementations

impl CPtr for XOnlyPublicKey

type Target = XOnlyPublicKey

fn as_c_ptr(&self) -> *const <XOnlyPublicKey as CPtr>::Target

fn as_mut_c_ptr(&mut self) -> *mut <XOnlyPublicKey as CPtr>::Target

impl Clone for XOnlyPublicKey

fn clone(&self) -> XOnlyPublicKey

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl ConvolveCommit<Commitment, TapretProof, TapretFirst> for XOnlyPublicKey

type Commitment = TweakedPublicKey

Commitment type produced as a result of Self::convolve_commit procedure.

type CommitError = TapretKeyError

Error type that may be reported during Self::convolve_commit procedure. It may also be returned from ConvolveCommitProof::verify in case the proof data are invalid and the commitment can’t be re-created.

fn convolve_commit( &self, supplement: &TapretPathProof, msg: &Commitment, ) -> Result<(TweakedPublicKey, TapretProof), <XOnlyPublicKey as ConvolveCommit<Commitment, TapretProof, TapretFirst>>::CommitError>

Takes the supplement to unparse the content of this container (self) (“convolves” these two data together) and uses them to produce a final Self::Commitment to the message msg.

impl ConvolveCommitProof<Commitment, XOnlyPublicKey, TapretFirst> for TapretProof

type Suppl = TapretPathProof

Supplement is a part of the proof data provided during commitment procedure.

fn restore_original(&self, _: &TweakedPublicKey) -> XOnlyPublicKey

Restores the original source before the commitment from the supplement (the self) and commitment.

fn extract_supplement( &self, ) -> &<TapretProof as ConvolveCommitProof<Commitment, XOnlyPublicKey, TapretFirst>>::Suppl

Extract supplement from the proof.

fn verify( &self, msg: &Msg, commitment: &<Source as ConvolveCommit<Msg, Self, Protocol>>::Commitment, ) -> Result<(), ConvolveVerifyError>

where Self: VerifyEq,

Verifies commitment using proof (the self) against the message.

impl Debug for XOnlyPublicKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for XOnlyPublicKey

Available on crate feature serde only.

fn deserialize<D>( d: D, ) -> Result<XOnlyPublicKey, <D as Deserializer<'de>>::Error>

where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for XOnlyPublicKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl From<CompressedPublicKey> for XOnlyPublicKey

fn from(pk: CompressedPublicKey) -> XOnlyPublicKey

Converts to this type from the input type.

impl From<PublicKey> for XOnlyPublicKey

fn from(pk: PublicKey) -> XOnlyPublicKey

Converts to this type from the input type.

impl From<PublicKey> for XOnlyPublicKey

fn from(src: PublicKey) -> XOnlyPublicKey

Converts to this type from the input type.

impl From<TweakedPublicKey> for XOnlyPublicKey

fn from(pair: TweakedPublicKey) -> XOnlyPublicKey

Converts to this type from the input type.

impl From<XOnlyPublicKey> for DescriptorPublicKey

fn from(key: XOnlyPublicKey) -> DescriptorPublicKey

Converts to this type from the input type.

impl From<XOnlyPublicKey> for XOnlyPublicKey

Creates a new schnorr public key from a FFI x-only public key.

fn from(pk: XOnlyPublicKey) -> XOnlyPublicKey

Converts to this type from the input type.

impl FromStr for XOnlyPublicKey

type Err = Error

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<XOnlyPublicKey, Error>

Parses a string s to return a value of this type.

impl Hash for XOnlyPublicKey

fn hash<__H>(&self, state: &mut __H)

where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl<Ctx> IntoDescriptorKey<Ctx> for XOnlyPublicKey

where Ctx: ScriptContext,

fn into_descriptor_key(self) -> Result<DescriptorKey<Ctx>, KeyError>

Turn the key into a DescriptorKey within the requested ScriptContext

impl LowerHex for XOnlyPublicKey

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl MiniscriptKey for XOnlyPublicKey

type Sha256 = Hash

The associated bitcoin::hashes::sha256::Hash for this MiniscriptKey, used in the sha256 fragment.

type Hash256 = Hash

The associated miniscript::hash256::Hash for this MiniscriptKey, used in the hash256 fragment.

type Ripemd160 = Hash

The associated bitcoin::hashes::ripemd160::Hash for this MiniscriptKey type, used in the ripemd160 fragment.

type Hash160 = Hash

The associated bitcoin::hashes::hash160::Hash for this MiniscriptKey type, used in the hash160 fragment.

fn is_x_only_key(&self) -> bool

Returns true if the pubkey is an x-only pubkey. Defaults to false.

fn is_uncompressed(&self) -> bool

Returns true if the pubkey is uncompressed. Defaults to false.

fn num_der_paths(&self) -> usize

Returns the number of different derivation paths in this key. Only >1 for keys in BIP389 multipath descriptors.

impl Ord for XOnlyPublicKey

fn cmp(&self, other: &XOnlyPublicKey) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Self

where Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Self

where Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Self

where Self: Sized,

Restrict a value to a certain interval.

impl ParseableKey for XOnlyPublicKey

fn from_slice(sl: &[u8]) -> Result<XOnlyPublicKey, KeyParseError>

Parse a key from slice

impl PartialEq for XOnlyPublicKey

fn eq(&self, other: &XOnlyPublicKey) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for XOnlyPublicKey

fn partial_cmp(&self, other: &XOnlyPublicKey) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator.

impl Serialize for XOnlyPublicKey

Available on crate feature serde only.

fn serialize<S>( &self, s: S, ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>

where S: Serializer,

Serialize this value into the given Serde serializer.

impl StrictDecode for XOnlyPublicKey

fn strict_decode( reader: &mut impl TypedRead, ) -> Result<XOnlyPublicKey, DecodeError>

fn strict_read(reader: impl ReadRaw) -> Result<Self, DecodeError>

impl StrictDeserialize for XOnlyPublicKey

fn from_strict_serialized<const MAX: usize>( ast_data: Confined<Vec<u8>, 0, MAX>, ) -> Result<Self, DeserializeError>

fn strict_deserialize_from_file<const MAX: usize>( path: impl AsRef<Path>, ) -> Result<Self, DeserializeError>

impl StrictDumb for XOnlyPublicKey

fn strict_dumb() -> XOnlyPublicKey

impl StrictEncode for XOnlyPublicKey

fn strict_encode<W>(&self, writer: W) -> Result<W, Error>

where W: TypedWrite,

fn strict_write(&self, writer: impl WriteRaw) -> Result<(), Error>

impl StrictSerialize for XOnlyPublicKey

fn strict_serialized_len<const MAX: usize>(&self) -> Result<usize, Error>

fn to_strict_serialized<const MAX: usize>( &self, ) -> Result<Confined<Vec<u8>, 0, MAX>, SerializeError>

fn strict_serialize_to_file<const MAX: usize>( &self, path: impl AsRef<Path>, ) -> Result<(), SerializeError>

impl StrictTuple for XOnlyPublicKey

const FIELD_COUNT: u8 = 1u8

fn strict_check_fields()

fn strict_type_info() -> TypeInfo<Self>

impl StrictType for XOnlyPublicKey

const STRICT_LIB_NAME: &'static str = LIB_NAME_BITCOIN

fn strict_name() -> Option<TypeName>

impl TapTweak for XOnlyPublicKey

fn tap_tweak<C>( self, secp: &Secp256k1<C>, merkle_root: Option<TapNodeHash>, ) -> (TweakedPublicKey, Parity)

where C: Verification,

Tweaks an untweaked public key with corresponding public key value and optional script tree merkle root.

This is done by using the equation Q = P + H(P|c)G, where

• Q is the tweaked public key
• P is the internal public key
• H is the hash function
• c is the commitment data
• G is the generator point

Returns

The tweaked key and its parity.

type TweakedAux = (TweakedPublicKey, Parity)

Tweaked key type with optional auxiliary information

type TweakedKey = TweakedPublicKey

Tweaked key type

fn dangerous_assume_tweaked(self) -> TweakedPublicKey

Directly converts an UntweakedPublicKey to a TweakedPublicKey

impl ToPublicKey for XOnlyPublicKey

fn to_public_key(&self) -> PublicKey

Converts an object to a public key

fn to_x_only_pubkey(&self) -> XOnlyPublicKey

Convert an object to x-only pubkey

fn to_sha256(hash: &Hash) -> Hash

Converts the generic associated MiniscriptKey::Sha256 to sha256::Hash

fn to_hash256(hash: &Hash) -> Hash

Converts the generic associated MiniscriptKey::Hash256 to hash256::Hash

fn to_ripemd160(hash: &Hash) -> Hash

Converts the generic associated MiniscriptKey::Ripemd160 to ripemd160::Hash

fn to_hash160(hash: &Hash) -> Hash

Converts the generic associated MiniscriptKey::Hash160 to hash160::Hash

fn to_pubkeyhash(&self, sig_type: SigType) -> Hash

Obtain the public key hash for this MiniscriptKey Expects an argument to specify the signature type. This would determine whether to serialize the key as 32 byte x-only pubkey or regular public key when computing the hash160

impl Copy for XOnlyPublicKey

impl Eq for XOnlyPublicKey

impl StrictProduct for XOnlyPublicKey

impl StructuralPartialEq for XOnlyPublicKey