Merge pull request #4 from lnhance/mutinynet-cat-ln-hance

benthecarman · web-flow · commit d4a86277ed8a · 2024-11-24T16:19:34.000-06:00
Add: PAIRCOMMIT
diff --git a/src/consensus/params.h b/src/consensus/params.h
@@ -34,7 +34,7 @@ enum DeploymentPos : uint16_t {
     DEPLOYMENT_TAPROOT, // Deployment of Schnorr/Taproot (BIPs 340-342)
     DEPLOYMENT_COVTOOLS, // Deployment of CHECKTEMPLATEVERIFY, ANYPREVOUT, OP_VAULT (BIP xxx)
     DEPLOYMENT_OP_CAT,
-    DEPLOYMENT_LN_HANCE,
+    DEPLOYMENT_LNHANCE,
     // NOTE: Also add new deployments to VersionBitsDeploymentInfo in deploymentinfo.cpp
     MAX_VERSION_BITS_DEPLOYMENTS
 };
diff --git a/src/kernel/chainparams.cpp b/src/kernel/chainparams.cpp
@@ -385,10 +385,10 @@ class SigNetParams : public CChainParams {
         consensus.vDeployments[Consensus::DEPLOYMENT_OP_CAT].min_activation_height = 0;
 
         // Deployment of OP_CAT (BIP xxx)
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].bit = 5;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].nStartTime = Consensus::BIP9Deployment::ALWAYS_ACTIVE;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].min_activation_height = 0;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].bit = 5;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].nStartTime = Consensus::BIP9Deployment::ALWAYS_ACTIVE;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].min_activation_height = 0;
 
         // message start is defined as the first 4 bytes of the sha256d of the block script
         HashWriter h{};
@@ -479,10 +479,10 @@ class CRegTestParams : public CChainParams
         consensus.vDeployments[Consensus::DEPLOYMENT_OP_CAT].min_activation_height = 0;
 
         // Deployment of OP_CAT (BIP xxx)
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].bit = 5;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].nStartTime = Consensus::BIP9Deployment::ALWAYS_ACTIVE;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
-        consensus.vDeployments[Consensus::DEPLOYMENT_LN_HANCE].min_activation_height = 0;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].bit = 5;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].nStartTime = Consensus::BIP9Deployment::ALWAYS_ACTIVE;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].nTimeout = Consensus::BIP9Deployment::NO_TIMEOUT;
+        consensus.vDeployments[Consensus::DEPLOYMENT_LNHANCE].min_activation_height = 0;
 
         consensus.nMinimumChainWork = uint256{};
         consensus.defaultAssumeValid = uint256{};
diff --git a/src/rpc/blockchain.cpp b/src/rpc/blockchain.cpp
@@ -1319,7 +1319,7 @@ UniValue DeploymentInfo(const CBlockIndex* blockindex, const ChainstateManager&
     SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_TESTDUMMY);
     SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_TAPROOT);
     SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_COVTOOLS);
-    SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_LN_HANCE);
+    SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_LNHANCE);
     return softforks;
 }
 } // anon namespace
diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
@@ -1500,6 +1500,25 @@ bool EvalScript(std::vector<std::vector<unsigned char> >& stack, const CScript&
                     break;
                 }
 
+                case OP_PAIRCOMMIT: {
+                    // OP_PAIRCOMMIT is only available in Tapscript
+                    if (sigversion == SigVersion::BASE || sigversion == SigVersion::WITNESS_V0) return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
+                    // DISCOURAGE for OP_PAIRCOMMIT is handled in OP_SUCCESS handling
+
+                    // x1 x2 -- hash
+                    if (stack.size() < 2) {
+                        return set_error(serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
+                    }
+                    const valtype& vch1 = stacktop(-2);
+                    const valtype& vch2 = stacktop(-1);
+
+                    uint256 hash = PairCommitHash(vch1, vch2);
+
+                    popstack(stack);
+                    popstack(stack);
+                    stack.emplace_back(hash.begin(), hash.end());
+                    break;
+                }
                 default:
                     return set_error(serror, SCRIPT_ERR_BAD_OPCODE);
             }
@@ -1822,6 +1841,12 @@ template PrecomputedTransactionData::PrecomputedTransactionData(const CMutableTr
 const HashWriter HASHER_TAPSIGHASH{TaggedHash("TapSighash")};
 const HashWriter HASHER_TAPLEAF{TaggedHash("TapLeaf")};
 const HashWriter HASHER_TAPBRANCH{TaggedHash("TapBranch")};
+const HashWriter HASHER_PAIRCOMMIT{TaggedHash("PairCommit")};
+
+uint256 PairCommitHash(const std::vector<unsigned char>& x1, const std::vector<unsigned char>& x2)
+{
+    return (HashWriter{HASHER_PAIRCOMMIT} << x1 << x2).GetSHA256();
+}
 
 static bool HandleMissingData(MissingDataBehavior mdb)
 {
@@ -2401,6 +2426,12 @@ static bool ExecuteWitnessScript(const Span<const valtype>& stack_span, const CS
                 if (flags & SCRIPT_VERIFY_CHECKSIGFROMSTACK) continue;
                 return set_success(serror);
             }
+            if (opcode == OP_PAIRCOMMIT) {
+                if (flags & SCRIPT_VERIFY_DISCOURAGE_PAIRCOMMIT)
+                    return set_error(serror, SCRIPT_ERR_DISCOURAGE_OP_SUCCESS);
+                if (flags & SCRIPT_VERIFY_PAIRCOMMIT) continue;
+                return set_success(serror);
+            }
             // New opcodes will be listed here. May use a different sigversion to modify existing opcodes.
             if (is_vault_active && (opcode == OP_VAULT || opcode == OP_VAULT_RECOVER)) {
                 continue;
diff --git a/src/script/interpreter.h b/src/script/interpreter.h
@@ -188,6 +188,12 @@ enum : uint32_t {
     // Making OP_CHECKSIGFROMSTACK non-standard
     SCRIPT_VERIFY_DISCOURAGE_CHECKSIGFROMSTACK = (1U << 30),
 
+    // Validating OP_PAIRCOMMIT
+    SCRIPT_VERIFY_PAIRCOMMIT = (1U << 31),
+
+    // Making OP_PAIRCOMMIT non-standard
+    SCRIPT_VERIFY_DISCOURAGE_PAIRCOMMIT = (1U << 30),
+
     // Constants to point to the highest flag in use. Add new flags above this line.
     //
     SCRIPT_VERIFY_END_MARKER
@@ -250,6 +256,9 @@ template<typename TxType>
 uint256 GetDefaultCheckTemplateVerifyHash(const TxType& tx, const uint256& outputs_hash, const uint256& sequences_hash,
                                 const uint32_t input_index);
 
+/* PairCommit Declarations */
+uint256 PairCommitHash(const std::vector<unsigned char>& x1, const std::vector<unsigned char>& x2);
+
 enum class SigVersion
 {
     BASE = 0,        //!< Bare scripts and BIP16 P2SH-wrapped redeemscripts
diff --git a/src/script/script.cpp b/src/script/script.cpp
@@ -149,6 +149,7 @@ std::string GetOpName(opcodetype opcode)
     // Tapscript expansion
     case OP_INTERNALKEY            : return "OP_INTERNALKEY";
     case OP_CHECKSIGFROMSTACK      : return "OP_CHECKSIGFROMSTACK";
+    case OP_PAIRCOMMIT             : return "OP_PAIRCOMMIT";
 
     case OP_INVALIDOPCODE          : return "OP_INVALIDOPCODE";
 
diff --git a/src/script/script.h b/src/script/script.h
@@ -217,6 +217,7 @@ enum opcodetype
     // Tapscript expansion
     OP_INTERNALKEY = 0xcb,
     OP_CHECKSIGFROMSTACK = 0xcc,
+    OP_PAIRCOMMIT = 0xcd,
 
     OP_INVALIDOPCODE = 0xff,
 
diff --git a/src/test/pchash_tests.cpp b/src/test/pchash_tests.cpp
@@ -0,0 +1,203 @@
+// Copyright (c) 2013-2021 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <core_io.h>
+#include <consensus/tx_check.h>
+#include <consensus/validation.h>
+#include <hash.h>
+#include <script/script.h>
+#include <script/solver.h>
+#include <script/interpreter.h>
+#include <script/signingprovider.h>
+#include <serialize.h>
+#include <addresstype.h>
+#include <validation.h>
+#include <streams.h>
+#include <test/util/setup_common.h>
+#include <util/strencodings.h>
+#include <common/system.h>
+#include <random.h>
+
+#include <boost/test/unit_test.hpp>
+
+#include <univalue.h>
+
+namespace {
+    typedef std::vector<unsigned char> valtype;
+    typedef Span<const unsigned char> Raw;
+
+    static const unsigned char test1_expected_result[32] = {
+        0x7c, 0xf7, 0x81, 0x30, 0xd1, 0x3d, 0x08, 0xb2,
+        0xc6, 0xc6, 0xb2, 0xd9, 0x2e, 0xf1, 0xf2, 0xdd,
+        0x72, 0x1a, 0xd7, 0x09, 0xaa, 0x81, 0x37, 0x12,
+        0x53, 0xa6, 0xf1, 0xb6, 0x44, 0x96, 0x6f, 0x26
+    };
+
+    static const unsigned char test2_expected_result[32] = {
+        0x0f, 0xbe, 0x7f, 0xb7, 0xc3, 0xad, 0x59, 0x2c,
+        0x5e, 0x87, 0x95, 0x17, 0x75, 0x7f, 0xfc, 0x6a,
+        0x1e, 0xab, 0x8a, 0x94, 0xeb, 0x87, 0x94, 0xcd,
+        0x82, 0xeb, 0x0d, 0xfc, 0x74, 0xe4, 0xbf, 0xec 
+    };
+}
+
+BOOST_FIXTURE_TEST_SUITE(pchash_tests, BasicTestingSetup)
+
+// Goal: check that PC Hash Function generate correct hash
+BOOST_AUTO_TEST_CASE(pchash_from_data)
+{
+    uint256 hash1 = PairCommitHash(
+        // "Hello "
+        valtype{0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20},
+        // "World!"
+        valtype{0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21}
+    );
+    BOOST_CHECK_EQUAL(hash1, uint256(test1_expected_result));
+
+    uint256 hash2 = PairCommitHash(
+        // "Hello"
+        valtype{0x48, 0x65, 0x6c, 0x6c, 0x6f},
+        // " World!"
+        valtype{0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21}
+    );
+    BOOST_CHECK_EQUAL(hash2, uint256(test2_expected_result));
+}
+
+// Goal: check that PC Hash Function generate correct hash
+BOOST_AUTO_TEST_CASE(pchash_reproduce)
+{
+    // pc_tag_hash = SHA256("PairCommit")
+    uint256 pc_tag_hash;
+    std::string pc_tag = "PairCommit";
+    CSHA256().Write((const unsigned char*)pc_tag.data(), pc_tag.size()).Finalize(pc_tag_hash.begin());
+
+    // "Hello "
+    const valtype x1 = {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20};
+    // "World!"
+    const valtype x2 = {0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21};
+    // CompactSize(6)
+    const valtype x1_size = {0x06};
+    // CompactSize(6)
+    const valtype x2_size = {0x06};
+
+    uint256 hash1 = PairCommitHash(x1, x2);
+
+    HashWriter ss;
+    ss << Raw{pc_tag_hash}
+       << Raw{pc_tag_hash}
+       << Raw{x1_size}
+       << Raw{x1}
+       << Raw{x2_size}
+       << Raw{x2};
+
+    uint256 hash2 = ss.GetSHA256();
+
+    BOOST_CHECK_EQUAL(hash1, hash2);
+}
+
+// Goal: check that PC Hash Function generate correct hash
+BOOST_AUTO_TEST_CASE(pchash_reproduce_edge)
+{
+    // pc_tag_hash = SHA256("PairCommit")
+    uint256 pc_tag_hash;
+    std::string pc_tag = "PairCommit";
+    CSHA256().Write((const unsigned char*)pc_tag.data(), pc_tag.size()).Finalize(pc_tag_hash.begin());
+
+    FastRandomContext rng;
+    // empty
+    const valtype x1 = {};
+    // 520 random bytes
+    const valtype x2{rng.randbytes(520)};
+    // CompactSize(0)
+    const valtype x1_size = {0x00};
+    // CompactSize(520)
+    const valtype x2_size = {0xfd, 0x08, 0x02};
+
+    uint256 hash1 = PairCommitHash(x1, x2);
+
+    HashWriter ss;
+    ss << Raw{pc_tag_hash}
+       << Raw{pc_tag_hash}
+       << Raw{x1_size}
+       << Raw{x1}
+       << Raw{x2_size}
+       << Raw{x2};
+
+    uint256 hash2 = ss.GetSHA256();
+
+    BOOST_CHECK_EQUAL(hash1, hash2);
+}
+
+
+namespace {
+
+    bool TapscriptCheck(const valtype& witVerifyScript, const std::vector<valtype>& witData)
+    {
+        // Build a taproot address...
+        XOnlyPubKey key_inner{ParseHex("79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798")};
+        TaprootBuilder builder;
+        builder.Add(/*depth=*/0, witVerifyScript, TAPROOT_LEAF_TAPSCRIPT, /*track=*/true);
+        builder.Finalize(key_inner);
+
+        CScriptWitness witness;
+        witness.stack.insert(witness.stack.begin(), witData.begin(), witData.end());
+        witness.stack.push_back(witVerifyScript);
+        auto controlblock = *(builder.GetSpendData().scripts[{witVerifyScript, TAPROOT_LEAF_TAPSCRIPT}].begin());
+        witness.stack.push_back(controlblock);
+
+        uint32_t flags = SCRIPT_VERIFY_P2SH | SCRIPT_VERIFY_WITNESS | SCRIPT_VERIFY_TAPROOT | SCRIPT_VERIFY_PAIRCOMMIT;
+        CScript scriptPubKey = CScript() << OP_1 << ToByteVector(builder.GetOutput());
+
+        CMutableTransaction txFrom;
+        txFrom.vout.resize(1);
+        txFrom.vout[0].scriptPubKey = scriptPubKey;
+        txFrom.vout[0].nValue = 10000;
+
+        CMutableTransaction txTo;
+        txTo.vin.resize(1);
+        txTo.vin[0].prevout.n = 0;
+        txTo.vin[0].prevout.hash = txFrom.GetHash();
+        txTo.vin[0].scriptWitness = witness;
+
+        PrecomputedTransactionData txdata(txTo);
+
+        return CScriptCheck(txFrom.vout[0], CTransaction(txTo), 0, flags, false, &txdata)();
+    }
+}
+
+// Goal: check that OP_PAIRCOMMIT behaves as expected in script
+BOOST_AUTO_TEST_CASE(pchash_tapscript)
+{
+    CScript script;
+
+    // "Hello "
+    const valtype x1 = {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20};
+    // "World!"
+    const valtype x2 = {0x57, 0x6f, 0x72, 0x6c, 0x64, 0x21};
+
+    // <expected_result> | <x1> <x2> OP_PAIRCOMMIT OP_EQUAL
+    script
+        << ToByteVector(x1)
+        << ToByteVector(x2)
+        << OP_PAIRCOMMIT
+        << OP_EQUAL;
+
+    const valtype witVerifyScript = ToByteVector(script);
+
+    // Positive test: script must VERIFY with <test1_expected_result>
+    const std::vector<valtype> witData1{ ToByteVector(uint256{test1_expected_result}) };
+
+    bool verify = TapscriptCheck(witVerifyScript, witData1);
+
+    BOOST_CHECK(verify);
+
+    // Negative test: script must FAIL with <test2_expected_result>
+    const std::vector<valtype> witData2{ ToByteVector(uint256{test2_expected_result}) };
+
+    bool fail = !TapscriptCheck(witVerifyScript, witData2);
+
+    BOOST_CHECK(fail);
+}
+
+BOOST_AUTO_TEST_SUITE_END()
diff --git a/src/validation.cpp b/src/validation.cpp
@@ -2245,15 +2245,20 @@ static unsigned int GetBlockScriptFlags(const CBlockIndex& block_index, const Ch
     }
 
     // Enforce CHECKSIGFROMSTACK(VERIFY) (BIN-2024-0003)
-    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_LN_HANCE)) {
+    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_LNHANCE)) {
         flags |= SCRIPT_VERIFY_CHECKSIGFROMSTACK;
     }
 
     // Process INTERNALKEY (BIN-2024-0004)
-    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_LN_HANCE)) {
+    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_LNHANCE)) {
         flags |= SCRIPT_VERIFY_INTERNALKEY;
     }
 
+    // Process PAIRCOMMIT (BIN-2024-0006)
+    if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_LNHANCE)) {
+        flags |= SCRIPT_VERIFY_PAIRCOMMIT;
+    }
+
     // Enforce BIP147 NULLDUMMY (activated simultaneously with segwit)
     if (DeploymentActiveAt(block_index, chainman, Consensus::DEPLOYMENT_SEGWIT)) {
         flags |= SCRIPT_VERIFY_NULLDUMMY;

Original file line number	Diff line number	Diff line change
`@@ -1319,7 +1319,7 @@ UniValue DeploymentInfo(const CBlockIndex* blockindex, const ChainstateManager&`
`1319`	`1319`	`SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_TESTDUMMY);`
`1320`	`1320`	`SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_TAPROOT);`
`1321`	`1321`	`SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_COVTOOLS);`
`1322`		`- SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_LN_HANCE);`
	`1322`	`+ SoftForkDescPushBack(blockindex, softforks, chainman, Consensus::DEPLOYMENT_LNHANCE);`
`1323`	`1323`	`return softforks;`
`1324`	`1324`	`}`
`1325`	`1325`	`} // anon namespace`