search

bitcoin-core / btcdeb

Bitcoin Script Debugger
MIT License
530 stars 135 forks source link

got witness stack of size 0 #51

Closed syakunin closed 4 years ago

syakunin commented 4 years ago

Just tried to go step-by-step through your Tapscript example using Tap. Installed/compiled and started with the following command:

tap \
--privkey=1229101a0fcf2104e8808dab35661134aa5903867d44deb73ce1c7e4eb925be8 \
--tx=02000000015ef2502ea8ec2314b97034cdef696a662ab2b70ef1ee4b61dd1665171dacdcd40000000000ffffffff01905f01000000000016001484db588517f65341b0f129b0a1fc38cafb20151000000000 \
--txin=0200000000010162ba7ef7f4ed7e7e1f2fbca227459e1246b565f6c262fdc3f720415d7d1a46d40100000000feffffff02a086010000000000225120a5ba0871796eb49fb4caa6bf78e675b9455e2d66e751676420f8381d5dda8951c785ff2901000000160014068d953d034da27b8affddb1e66240c2c0ccb30c0247304402202f11adb63ae0563d6cbb1955421c7081ac559319b924f1519b3e35b334c8721b02207436ed5d3b9490c7796ee4d4fe2a90f8697c49fb4b4a8531e9446a658cef2c7d0121023f9b34f7749620702e1ade7d8f29f6d1d86122bc0dcf2aac6af1cc7cbb11d91046020000 \
f30544d6009c8d8d94f5d030b2e844b1a3ca036255161c479db1cca5b374dd1c \
2 \
'[144 OP_CHECKSEQUENCEVERIFY OP_DROP 9997a497d964fc1a62885b05a51166a65a90df00492c8d7cf61d6accf54803be OP_CHECKSIG]' \
'[OP_SHA256 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333 OP_EQUALVERIFY 4edfcf9dfe6c0b5c83d1ab3f78d1b39a46ebac6798e08e19761f5ed89ec83c10 OP_CHECKSIG]'

Then received strange output, part of it corresponds to what to be expected: 

tap 0.2.19 -- type `tap -h` for help
WARNING: This is experimental software. Do not use this with real bitcoin, or you will most likely lose them all. You have been w a r n e d.
LOG: sign segwit taproot
targeting transaction vin at index #0
Internal pubkey: f30544d6009c8d8d94f5d030b2e844b1a3ca036255161c479db1cca5b374dd1c
- no spend arguments; TAPROOT mode
2 scripts:
- #0: 029000b275209997a497d964fc1a62885b05a51166a65a90df00492c8d7cf61d6accf54803beac
- #1: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd533388204edfcf9dfe6c0b5c83d1ab3f78d1b39a46ebac6798e08e19761f5ed89ec83c10ac
Script #0 leaf hash = TapLeaf<<0xc0 || 029000b275209997a497d964fc1a62885b05a51166a65a90df00492c8d7cf61d6accf54803beac>>
 → c81451874bd9ebd4b6fd4bba1f84cdfb533c532365d22a0a702205ff658b17c9
Script #1 leaf hash = TapLeaf<<0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd533388204edfcf9dfe6c0b5c83d1ab3f78d1b39a46ebac6798e08e19761f5ed89ec83c10ac>>
 → 632c8632b4f29c6291416e23135cf78ecb82e525788ea5ed6483e3c6ce943b42
Branch (#0, #1)
 → 41646f8c1fe2a96ddad7f5471bc4fee7da98794ef8c45a4f4fc6a559d60c9f6b
Tweak value = TapTweak(f30544d6009c8d8d94f5d030b2e844b1a3ca036255161c479db1cca5b374dd1c || 41646f8c1fe2a96ddad7f5471bc4fee7da98794ef8c45a4f4fc6a559d60c9f6b) = 620fc4000ba539753ffa0e5893b4243cb1cf0a258cf8a09a9038f5f1352607a9
Tweaked pubkey = a5ba0871796eb49fb4caa6bf78e675b9455e2d66e751676420f8381d5dda8951 (not negated)
Pubkey matches the scriptPubKey of the input transaction's output #0
Resulting Bech32 address: sb1p5kaqsuted66fldx256lh3en4h9z4uttxuagkwepqlqup6hw639gsy7hxn9
tweaked privkey -> 4fe6b3e5fbd61870577980ad5e4e13080776069f0fb3c1e353572e0c4993abc1
The given private key matches the tweaked public key
input tx index = 0; tx input vout = 0; value = 100000

Then the result differs from expected output:

got witness stack of size 0
ERROR: exhausted variants with no match (single) <-- added std::cerr << exc.what();
miniscript failed to parse script; miniscript support disabled
SignatureHashSchnorr(in_pos=0, hash_type=00)
- UNKNOWN sighash
tap: script/interpreter.cpp:1476: bool SignatureHashSchnorr(uint256&, const ScriptExecutionData&, const T&, unsigned int, uint8_t, SigVersion, const PrecomputedTransactionData&) [with T = CTransaction; uint8_t = unsigned char]: Assertion `false' failed.
Aborted (core dumped)

Trying to follow low level (btcdeb) utility guide produced some output, yet this output was rejected by BTC node (compiled from taproot/Schnorr enabled branch). Here I believe that I could miss something when dealing with btcdeb, however I believe tap should work as expected and produce got witness stack of size 1 as in example. I added exception logging into instance.cpp that produced line 

ERROR: exhausted variants with no match (single)
kallewoof commented 4 years ago

Thanks for the detailed report. Will look into this soon, sorry for the delay!

kallewoof commented 4 years ago

Sorry for the time taken on this. I have just now upgraded the base btcdeb to the latest taproot code base, but tap is still on the list. Will get back to you once tap has been upgraded as well.

kallewoof commented 4 years ago

Firstly, the doc was moved as I had to remake the branch; now at https://github.com/kallewoof/btcdeb/blob/taproot-new/doc/tapscript-example-with-tap.md

Secondly, I am now able to go through this on my side without problems. Please try with the latest btcdeb version and taproot branch and see if it works now.