Published on: 2021-10-06T20:35:51+00:00
A pull request has been opened for the Bitcoin Improvement Proposals (BIPs) repository on GitHub. The pull request is related to a discussion between Giacomo Caironi and Pieter Wuille on the bitcoin-dev mailing list.Caironi had created three test cases for the SigMsg function in a python implementation of bitcoin signature messages, but he was unsure if they were correct. He had also noted that the documentation and test vectors for Taproot signature message were not as clear as those for Segwit signature message.Wuille agreed with Caironi's observations and explained that BIP 341 defines a common message function for Taproot and Segwit, which is then built up for key path spending and tapscript spending respectively. While this could have been a separate BIP, it would not have been a very clean separation. Wuille did not support changing this at the moment given the state of deployment of the BIPs, but he acknowledged that the documentation/vectors could be improved in the existing documents.Caironi had also pointed out that the test vectors for Taproot were not atomic and did not target a specific part of the code, making debugging difficult. Wuille agreed and suggested that test vectors for certain P2TR scriptPubKeys, derived from certain internal keys and script trees, could be useful for developers of signing code. Wuille welcomed Caironi's offer to write test cases for Taproot and offered to help integrate them in Bitcoin Core and the BIPs.The sender created three test cases for the SigMsg function, which can be found at a provided link. The tests cover most of the function but do not include the ext_flag, so they are only applicable to taproot key paths. If one wants to test script paths, they would need to implement more than this function and use the official test vector. The sender requests that someone review the test cases.In a separate email, Giacomo Caironi complains about the lack of documentation for Taproot signature messages compared to Segwit signature messages in BIPs. The signature message function is defined in BIP 341, while the test vectors are in a different BIP 341, making it confusing.Pieter Wuille responds by clarifying that there is no separate BIP for the signature message function because it is different for BIP341 and BIP342. The common part could have been a separate BIP, but given the state of deployment, he does not support changing it at this point. He suggests improving existing documentation/vectors instead.Giacomo Caironi also notes that the test vectors for Taproot have no documentation and are not atomic, making it difficult to debug when something goes wrong. Pieter Wuille agrees and notes that the existing tests are intended for verifying an implementation against and ensuring future code changes don't break anything. While the existing tests have higher coverage than the Segwit tests, they are not useful as documentation. Pieter Wuille suggests writing test vectors aimed at helping debugging issues, such as the sighash code or P2TR scriptPubKeys derived from internal keys and script trees.A developer named Riccardo Casatta has written the Rust implementation of Bitcoin signature messages and created some test vectors to double-check. These test vectors can be found on GitHub.Meanwhile, Giacomo Caironi has worked on a Python implementation of Bitcoin signature messages and noticed that there is better documentation for Segwit signature message than Taproot. He suggests creating a different BIP only for Taproot signature message instead of defining it in BIP 341 and keeping the test vectors in a different BIP. The test vectors for Taproot have no documentation and are not atomic, which makes debugging difficult. In contrast, BIP 143 provides hash preimages for debugging the function in Segwit signature hash. Caironi is willing to write the test cases for Taproot if his idea is accepted. This is his first time contributing to Bitcoin and he apologizes if he wrote something wrong due to English being his second language.On September 16th, 2021, Giacomo Caironi posted on bitcoin-dev forum regarding the documentation of Taproot signature message. He found that Segwit signature messaging had better documentation than Taproot. According to Caironi, Segwit signature message has its own BIP with test cases while Taproot's signature message function is defined in BIP 341 and the test vectors are in a different BIP (also 341). Caironi suggested creating a separate BIP for Taproot signature message like Segwit.Pieter Wuille responded by mentioning that there is no separate BIP for the signature message function as the message function is different for BIP341 and BIP342.
Updated on: 2023-08-02T04:50:14.059947+00:00