RCasatta · October 27, 2021 12:52
diff --git a/taproot_playground.rs b/taproot_playground.rs
 #[cfg(test)]
 mod tests {
    use bitcoin::hashes::hex::{FromHex, ToHex};
    use bitcoin::schnorr::{KeyPair, PublicKey};
    use bitcoin::{Script, Address, Network, Transaction, TxIn, OutPoint, TxOut};
    use bitcoin::blockdata::{script, opcodes};
    use bitcoin::util::taproot::{TaprootSpendInfo, LeafVersion};
    use bitcoin::util::address::WitnessVersion;
    use bitcoin::util::sighash::{SigHashCache, ScriptPath, SigHashType};
    use bitcoin::util::sighash::Prevouts;
    use bitcoin::secp256k1::{Secp256k1, Message, All};
    use bitcoin::hashes::{Hash, HashEngine};
    use bitcoin::consensus::{encode, deserialize, serialize};
    use bitcoin::secp256k1::rand::thread_rng;
    use bitcoin::util::taproot::TapTweakHash;
    use bitcoin::util::psbt::serialize::Serialize;
    use bitcoin::util::taproot::TapLeafHash;

    struct Init {
        secp: Secp256k1<All>,
        alice: KeyPair,
        alice_public: PublicKey,
        bob: KeyPair,
        bob_public: PublicKey,
        charlie: KeyPair,
        charlie_public: PublicKey,
    }
    impl Default for Init {
        fn default() -> Self {
            let secp = Secp256k1::new();

            let alice_secret = Vec::from_hex("6c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19").unwrap();
            let alice = KeyPair::from_seckey_slice(&secp, &alice_secret).unwrap();
            let alice_public = PublicKey::from_keypair(&secp, &alice);
            assert_eq!(format!("{:x}", alice_public), "72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6");

            let bob_secret = Vec::from_hex("5c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19").unwrap();
            let bob = KeyPair::from_seckey_slice(&secp, &bob_secret).unwrap();
            let bob_public = PublicKey::from_keypair(&secp, &bob);
            assert_eq!(format!("{:x}", bob_public), "97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c");

            let charlie_secret = Vec::from_hex("e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7").unwrap();
            let charlie = KeyPair::from_seckey_slice(&secp, &charlie_secret).unwrap();
            let charlie_public = PublicKey::from_keypair(&secp, &charlie);
            assert_eq!(format!("{:x}", charlie_public), "2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e");

            Init {
                secp,
                alice,
                alice_public,
                bob,
                bob_public,
                charlie,
                charlie_public,
            }
        }
    }

    fn taproot_construct_mine() -> TaprootConstructTest<'static> {
        TaprootConstructTest {
            secret_hex: "6c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19",
            public_hex: "72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6",
            secret_hex_for_script: "5c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19",
            public_hex_for_script: "97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c",
            script_hex_with_version: Some("c0222097142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53cac"),
            script_hash: "c703e70a9fb4115e3eb385d0ac80eeb8bee4ac2f711fa962655d91cf8e3ecfed",
            tweak: "31bff2db66cc90df93b40e44b288a21909e4f27baf00e6f785e61dc8a1ee94b8",
            public_tweaked: "6899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2",
            script_pubkey: "51206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2"
        }
    }

    #[test]
    fn taproot_address_keypath_only() {
        // If the spending conditions do not require a script path, the output key should commit to
        // an unspendable script path instead of having no script path. This can be achieved by
        // computing the output key point as Q = P + int(hashTapTweak(bytes(P)))G.

        // $ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6)#xn9s745x"
        // [
        //   "tb1paykwrvp768pjj8nrcrkxcgh7y6cvm5xhse53yd6v6zumv2f6gkkqft0lpc"
        // ]

        let init = Init::default();
        let hash = TapTweakHash::hash(&init.alice_public.serialize());
        let mut output_key = init.alice_public.clone();
        let _ = output_key.tweak_add_assign(&init.secp, &hash.into_inner()).unwrap();

        let script = Script::new_witness_program(WitnessVersion::V1, &output_key.serialize());
        let address = Address::from_script(&script, Network::Signet).unwrap();

        assert_eq!(address.to_string(), "tb1paykwrvp768pjj8nrcrkxcgh7y6cvm5xhse53yd6v6zumv2f6gkkqft0lpc");
    }

    #[test]
    fn taproot_address_with_script_path() {
        let init = Init::default();

        let merkle_script = script::Builder::new()
            .push_slice(&init.bob_public.serialize()[..])
            .push_opcode(opcodes::all::OP_CHECKSIG)
            .into_script();

        let script_odds = vec![
            (1, merkle_script),
        ];
        let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();

        let script = Script::new_witness_program(WitnessVersion::V1, &tree_info.output_key().serialize());
        assert_eq!(script.to_hex(), "51206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2");
        let address = Address::from_script(&script, Network::Signet).unwrap();
        assert_eq!(address.to_string(),"tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl");
        let address = Address::from_script(&script, Network::Bitcoin).unwrap();
        assert_eq!(address.to_string(),"bc1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqv6k55s");

        /*
        $ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6,pk(97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c))#hrl4mupj"
            [
              "tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl"
            ]
        */
    }

    #[test]
    fn taproot_script_spend() {
        let init = Init::default();

        /*
        inputs is received on tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl on txid fd92b607c0784394541c5946f8e91bac58eabd92a92f875d361e842faaed7621
        */
        let source_tx = "0200000000010160112538ec5f11907176ac8e94a4ec047fa8b21884d2c1814a9ea4458c60875e0000000000feffffff02683c0100000000002251206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2a4208f000000000016001413c53720b09463a7b06e4cbbb8a29073d71964a30247304402205e34ec1b91dd90f029b054569916c822d99d540c56483529c4f398ce7a1d7a760220023f1a5825c40063444bd7ce6b6969682815e6a7349cf3c18d219f6948bdd212012103b4a87562945b0153843e9aefe53ce3ab2ee50a705260be9d99d088f46f8525065cec0000";
        let source_tx : Transaction = deserialize(&Vec::from_hex(source_tx).unwrap()).unwrap();
        assert_eq!(source_tx.txid().to_hex(), "fd92b607c0784394541c5946f8e91bac58eabd92a92f875d361e842faaed7621");

        let mut spending_tx = Transaction {
            version: source_tx.version,
            lock_time: source_tx.lock_time,
            input: vec![TxIn {
                previous_output: OutPoint::new(source_tx.txid(), 0),
                script_sig: Default::default(),
                sequence: 0,
                witness: vec![]
            }],
            output: vec![TxOut {
                value: 1011,
                script_pubkey: Script::from_hex("0014e57e98a796cfd38c4a1a49ba37213a0aa77a69f0").unwrap(),
            }]
        };

        let merkle_script = script::Builder::new()
            .push_slice(&init.bob_public.serialize()[..])
            .push_opcode(opcodes::all::OP_CHECKSIG)
            .into_script();
        assert_eq!(34, merkle_script.serialize().len());

        let script_odds = vec![(1, merkle_script.clone()), ];
        let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();
        let cb = tree_info.control_block(&(merkle_script.clone(), LeafVersion::default())).unwrap();

        let prevouts = [source_tx.output[0].clone()];
        let prevouts = Prevouts::All(&prevouts);
        let mut cache = SigHashCache::new(&spending_tx);
        let script_path = ScriptPath::with_defaults(&merkle_script);

        let hash = cache.taproot_signature_hash(0, &prevouts, None, Some(script_path), SigHashType::Default).unwrap();

        let mut rng = thread_rng();

        let message = Message::from_slice(&hash.into_inner()[..]).unwrap();
        let signature = init.secp.schnorrsig_sign_with_rng(&message, &init.bob, &mut rng);

        assert!(init.secp.schnorrsig_verify(&signature, &message, &init.bob_public).is_ok());

        // signature, script, control_block
        let mut cb_serialized = cb.serialize();
        assert_eq!(cb_serialized.len(), 33);
        assert_eq!(cb_serialized.to_hex(), "c172ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6");
        let signature_serialized = signature.as_ref().to_vec();
        assert_eq!(signature_serialized.len(), 64);
        let witness = vec![signature_serialized, merkle_script.serialize(), cb_serialized];

        spending_tx.input[0].witness = witness;

        assert_eq!(spending_tx.txid().to_hex(), "ed4f734eddd53970bd4bb143e8be11ae30a9af8b85e23444ee852aece0f21f42");
    }


    #[test]
    fn taproot_script_spend_merkle_root() {
        let init = Init::default();

        /*
        $ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6,{pk(97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c),pk(2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e)})#n9d9305r"
        [
          "tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r"
        ]
        */

        let script1 = script::Builder::new()
            .push_slice(&init.bob_public.serialize()[..])
            .push_opcode(opcodes::all::OP_CHECKSIG)
            .into_script();
        let script2 = script::Builder::new()
            .push_slice(&init.charlie_public.serialize()[..])
            .push_opcode(opcodes::all::OP_CHECKSIG)
            .into_script();

        let script_odds = vec![
            (1, script1.clone()),
            (1, script2.clone()),
        ];
        let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();

        let script = Script::new_witness_program(WitnessVersion::V1, &tree_info.output_key().serialize());
        let address = Address::from_script(&script, Network::Signet).unwrap();
        assert_eq!(address.to_string(),"tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r");

        /*
        inputs is received on tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r on txid ea5d1b146a4d25c2063e54a9a190fb7f9d905692ca0481e71f3939a024980144
        */
        let source_tx = "020000000001012176edaa2f841e365d872fa992bdea58ac1be9f846591c54944378c007b692fd0100000000feffffff0238440100000000002251203bb846decdff8a18aa234dbc9572ed48ced1ad3a22f3f9ea00c27c45ea0c1251a5db8d00000000001600144069a2d6e858c86c23f065e4bdc1d9b849ebf603024730440220792ed741a46654264e395484de4e87dadd5706faf45d7aa233798c31373c514b02207ee518fb1b72d1d5d8d2b522f26f78d0d83232639099c0bf53c2d063dc5334a5012103ad3c33f17fc2e66096a7bca75db70af78cd89991ba4b353c46a9c3464370c90fe9ed0000";
        let source_tx : Transaction = deserialize(&Vec::from_hex(source_tx).unwrap()).unwrap();
        assert_eq!(source_tx.txid().to_hex(), "ea5d1b146a4d25c2063e54a9a190fb7f9d905692ca0481e71f3939a024980144");

        let mut spending_tx = Transaction {
            version: source_tx.version,
            lock_time: source_tx.lock_time,
            input: vec![TxIn {
                previous_output: OutPoint::new(source_tx.txid(), 0),
                script_sig: Default::default(),
                sequence: 0,
                witness: vec![]
            }],
            output: vec![TxOut {
                value: 1011,
                script_pubkey: Script::from_hex("0014e57e98a796cfd38c4a1a49ba37213a0aa77a69f0").unwrap(),
            }]
        };

        let cb = tree_info.control_block(&(script2.clone(), LeafVersion::default())).unwrap(); // control block for charlie

        let prevouts = [source_tx.output[0].clone()];
        let prevouts = Prevouts::All(&prevouts);
        let mut cache = SigHashCache::new(&spending_tx);
        let script_path = ScriptPath::with_defaults(&script2);

        let hash = cache.taproot_signature_hash(0, &prevouts, None, Some(script_path), SigHashType::Default).unwrap();

        let mut rng = thread_rng();

        let message = Message::from_slice(&hash.into_inner()[..]).unwrap();
        let signature = init.secp.schnorrsig_sign_with_rng(&message, &init.charlie, &mut rng);

        assert!(init.secp.schnorrsig_verify(&signature, &message, &init.charlie_public).is_ok());

        // signature, script, control_block
        let mut cb_serialized = cb.serialize();
        assert_eq!(cb_serialized.len(), 65);
        assert_eq!(cb_serialized.to_hex(), "c072ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6edcf3e8ecf915d6562a91f712face4beb8ee80acd085b33e5e11b49f0ae703c7");
        let signature_serialized = signature.as_ref().to_vec();
        assert_eq!(signature_serialized.len(), 64);
        let witness = vec![signature_serialized, script2.serialize(), cb_serialized];

        spending_tx.input[0].witness = witness;
        assert_eq!(spending_tx.txid().to_hex(), "618803696055ce03d15602ca611e2b8089f8d1824bb310bf13aa2945a492cbef");
    }

    struct TaprootConstructTest<'s> {
        secret_hex: &'s str,
        public_hex: &'s str,
        secret_hex_for_script: &'s str,
        public_hex_for_script: &'s str,
        script_hex_with_version: Option<&'s str>,
        script_hash: &'s str,
        tweak: &'s str,
        public_tweaked: &'s str,
        script_pubkey: &'s str,
    }

    fn taproot_construct_example() -> TaprootConstructTest<'static> {
        // # hacked core taproot_construct() test to print out values
        //
        // secs[0]: e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7
        // pubs[0]: 2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e
        // secs[1]: d4ab553b4bc4975af7cfdd5c9b0871387d72ff9961b0f26cbf4ef859c66a7eb2
        // pubs[1]: 47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932
        // code_with_version: c0222047cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932ac
        // h: 1a7c356074ec60691eccf65dc0a5837a83be5223a04cef449b4d81cb99f39e19
        // tweak: b0b31c347918ab541b4d6748081abdc1ac87dcbfb1dfce03fcf35bfa04c23b3a
        // tweaked: 9c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03
        // scripts: [('s0', CScript([x('47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932'), OP_CHECKSIG]))]
        // scriptPubKey: 51209c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03
        // negflag: 0
        // leaves: {'s0': TaprootLeafInfo(script=CScript([x('47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932'), OP_CHECKSIG]), version=192, merklebranch=b'')}

        TaprootConstructTest {
            secret_hex: "e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7",
            public_hex: "2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e",
            secret_hex_for_script: "d4ab553b4bc4975af7cfdd5c9b0871387d72ff9961b0f26cbf4ef859c66a7eb2",
            public_hex_for_script: "47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932",
            script_hex_with_version: Some("c0222047cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932ac"),
            script_hash: "1a7c356074ec60691eccf65dc0a5837a83be5223a04cef449b4d81cb99f39e19",
            tweak: "b0b31c347918ab541b4d6748081abdc1ac87dcbfb1dfce03fcf35bfa04c23b3a",
            public_tweaked: "9c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03",
            script_pubkey: "51209c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03"
        }
    }

    #[test]
    fn test_taproot_construct_address() {


        let test = taproot_construct_example();

        let tap = test_taproot_construct(&test);

        let address = Address::from_script(&tap.script_pubkey, Network::Signet).unwrap();

        assert_eq!(address.to_string(), "tb1pn3vxnwpyacdta5jwj3m7yxnacc7pz2m9yk564wpt7yqfg8s7egps6zs3jg");

        // $ bitcoin-cli -signet sendtoaddress tb1pn3vxnwpyacdta5jwj3m7yxnacc7pz2m9yk564wpt7yqfg8s7egps6zs3jg 0.00001352
        // 74145e40130c911956d3d6952d4cd224a21a9d7428355abdc4ab01728de4c584

        let test = taproot_construct_mine();
        let _tap = test_taproot_construct(&test);
    }

    struct TaprootConstruct {
        pair: KeyPair,
        pair_script: KeyPair,
        inner_script: Script,
        pubkey_in_script: PublicKey,
        script_pubkey: Script,
        public: PublicKey,
    }

    fn test_taproot_construct(test: &TaprootConstructTest) -> TaprootConstruct {
        let secp = Secp256k1::new();

        let secret = Vec::from_hex(&test.secret_hex).unwrap();
        let pair = KeyPair::from_seckey_slice(&secp, &secret).unwrap();
        let public = PublicKey::from_keypair(&secp, &pair);
        assert_eq!(format!("{:x}", public), test.public_hex);

        let secret_script = Vec::from_hex(&test.secret_hex_for_script).unwrap();
        let pair_script = KeyPair::from_seckey_slice(&secp, &secret_script).unwrap();
        let pubkey_in_script = PublicKey::from_keypair(&secp, &pair_script);
        assert_eq!(format!("{:x}", pubkey_in_script), test.public_hex_for_script);

        let inner_script_hex = format!("20{}ac", pubkey_in_script); // ac = OP_CHECKSIG
        let inner_script = Script::from_hex(&inner_script_hex).unwrap();
        let inner_script_hex_with_version = format!("{:x}22{}", 0xc0, inner_script_hex);
        if let Some(script_hex_with_version_expected) = test.script_hex_with_version.as_ref() {
            assert_eq!(inner_script_hex_with_version, *script_hex_with_version_expected);
        }
        let hash = TapLeafHash::hash(&Vec::from_hex(&inner_script_hex_with_version).unwrap());
        // h = TaggedHash("TapLeaf", bytes([version]) + ser_string(code))
        assert_eq!(format!("{:x}", hash), test.script_hash);

        // TaggedHash("TapTweak", pubkey + h)
        let mut engine = TapTweakHash::engine();
        engine.input(&public.serialize());
        engine.input(&hash);
        let tweak = TapTweakHash::from_engine(engine);
        assert_eq!(format!("{:x}", tweak), test.tweak);

        let mut public_tweaked = public.clone();
        let _parity = public_tweaked.tweak_add_assign(&secp, &tweak).unwrap();

        assert_eq!(format!("{:x}", public_tweaked), test.public_tweaked);

        let script_pubkey = Script::new_witness_program(WitnessVersion::V1, &public_tweaked.serialize());
        assert_eq!(format!("{:x}", script_pubkey), test.script_pubkey);
        TaprootConstruct {
            inner_script, script_pubkey, public, pair, pair_script, pubkey_in_script
        }
    }
 }
	#[cfg(test)]
	mod tests {
	use bitcoin::hashes::hex::{FromHex, ToHex};
	use bitcoin::schnorr::{KeyPair, PublicKey};
	use bitcoin::{Script, Address, Network, Transaction, TxIn, OutPoint, TxOut};
	use bitcoin::blockdata::{script, opcodes};
	use bitcoin::util::taproot::{TaprootSpendInfo, LeafVersion};
	use bitcoin::util::address::WitnessVersion;
	use bitcoin::util::sighash::{SigHashCache, ScriptPath, SigHashType};
	use bitcoin::util::sighash::Prevouts;
	use bitcoin::secp256k1::{Secp256k1, Message, All};
	use bitcoin::hashes::{Hash, HashEngine};
	use bitcoin::consensus::{encode, deserialize, serialize};
	use bitcoin::secp256k1::rand::thread_rng;
	use bitcoin::util::taproot::TapTweakHash;
	use bitcoin::util::psbt::serialize::Serialize;
	use bitcoin::util::taproot::TapLeafHash;

	struct Init {
	secp: Secp256k1<All>,
	alice: KeyPair,
	alice_public: PublicKey,
	bob: KeyPair,
	bob_public: PublicKey,
	charlie: KeyPair,
	charlie_public: PublicKey,
	}
	impl Default for Init {
	fn default() -> Self {
	let secp = Secp256k1::new();

	let alice_secret = Vec::from_hex("6c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19").unwrap();
	let alice = KeyPair::from_seckey_slice(&secp, &alice_secret).unwrap();
	let alice_public = PublicKey::from_keypair(&secp, &alice);
	assert_eq!(format!("{:x}", alice_public), "72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6");

	let bob_secret = Vec::from_hex("5c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19").unwrap();
	let bob = KeyPair::from_seckey_slice(&secp, &bob_secret).unwrap();
	let bob_public = PublicKey::from_keypair(&secp, &bob);
	assert_eq!(format!("{:x}", bob_public), "97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c");

	let charlie_secret = Vec::from_hex("e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7").unwrap();
	let charlie = KeyPair::from_seckey_slice(&secp, &charlie_secret).unwrap();
	let charlie_public = PublicKey::from_keypair(&secp, &charlie);
	assert_eq!(format!("{:x}", charlie_public), "2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e");

	Init {
	secp,
	alice,
	alice_public,
	bob,
	bob_public,
	charlie,
	charlie_public,
	}
	}
	}

	fn taproot_construct_mine() -> TaprootConstructTest<'static> {
	TaprootConstructTest {
	secret_hex: "6c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19",
	public_hex: "72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6",
	secret_hex_for_script: "5c068c2094c3f0986741cddbaff96399e338b4120671c6640216d3e474487a19",
	public_hex_for_script: "97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c",
	script_hex_with_version: Some("c0222097142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53cac"),
	script_hash: "c703e70a9fb4115e3eb385d0ac80eeb8bee4ac2f711fa962655d91cf8e3ecfed",
	tweak: "31bff2db66cc90df93b40e44b288a21909e4f27baf00e6f785e61dc8a1ee94b8",
	public_tweaked: "6899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2",
	script_pubkey: "51206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2"
	}
	}

	#[test]
	fn taproot_address_keypath_only() {
	// If the spending conditions do not require a script path, the output key should commit to
	// an unspendable script path instead of having no script path. This can be achieved by
	// computing the output key point as Q = P + int(hashTapTweak(bytes(P)))G.

	// $ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6)#xn9s745x"
	// [
	// "tb1paykwrvp768pjj8nrcrkxcgh7y6cvm5xhse53yd6v6zumv2f6gkkqft0lpc"
	// ]

	let init = Init::default();
	let hash = TapTweakHash::hash(&init.alice_public.serialize());
	let mut output_key = init.alice_public.clone();
	let _ = output_key.tweak_add_assign(&init.secp, &hash.into_inner()).unwrap();

	let script = Script::new_witness_program(WitnessVersion::V1, &output_key.serialize());
	let address = Address::from_script(&script, Network::Signet).unwrap();

	assert_eq!(address.to_string(), "tb1paykwrvp768pjj8nrcrkxcgh7y6cvm5xhse53yd6v6zumv2f6gkkqft0lpc");
	}

	#[test]
	fn taproot_address_with_script_path() {
	let init = Init::default();

	let merkle_script = script::Builder::new()
	.push_slice(&init.bob_public.serialize()[..])
	.push_opcode(opcodes::all::OP_CHECKSIG)
	.into_script();

	let script_odds = vec![
	(1, merkle_script),
	];
	let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();

	let script = Script::new_witness_program(WitnessVersion::V1, &tree_info.output_key().serialize());
	assert_eq!(script.to_hex(), "51206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2");
	let address = Address::from_script(&script, Network::Signet).unwrap();
	assert_eq!(address.to_string(),"tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl");
	let address = Address::from_script(&script, Network::Bitcoin).unwrap();
	assert_eq!(address.to_string(),"bc1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqv6k55s");

	/*
	$ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6,pk(97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c))#hrl4mupj"
	[
	"tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl"
	]
	*/
	}

	#[test]
	fn taproot_script_spend() {
	let init = Init::default();

	/*
	inputs is received on tb1pdzv59r5l5v8lyyzjvwar7kwxr3qd9q8pa95er93j3qcvy8flsrfqmjqmwl on txid fd92b607c0784394541c5946f8e91bac58eabd92a92f875d361e842faaed7621
	*/
	let source_tx = "0200000000010160112538ec5f11907176ac8e94a4ec047fa8b21884d2c1814a9ea4458c60875e0000000000feffffff02683c0100000000002251206899428e9fa30ff2105263ba3f59c61c40d280e1e9699196328830c21d3f80d2a4208f000000000016001413c53720b09463a7b06e4cbbb8a29073d71964a30247304402205e34ec1b91dd90f029b054569916c822d99d540c56483529c4f398ce7a1d7a760220023f1a5825c40063444bd7ce6b6969682815e6a7349cf3c18d219f6948bdd212012103b4a87562945b0153843e9aefe53ce3ab2ee50a705260be9d99d088f46f8525065cec0000";
	let source_tx : Transaction = deserialize(&Vec::from_hex(source_tx).unwrap()).unwrap();
	assert_eq!(source_tx.txid().to_hex(), "fd92b607c0784394541c5946f8e91bac58eabd92a92f875d361e842faaed7621");

	let mut spending_tx = Transaction {
	version: source_tx.version,
	lock_time: source_tx.lock_time,
	input: vec![TxIn {
	previous_output: OutPoint::new(source_tx.txid(), 0),
	script_sig: Default::default(),
	sequence: 0,
	witness: vec![]
	}],
	output: vec![TxOut {
	value: 1011,
	script_pubkey: Script::from_hex("0014e57e98a796cfd38c4a1a49ba37213a0aa77a69f0").unwrap(),
	}]
	};

	let merkle_script = script::Builder::new()
	.push_slice(&init.bob_public.serialize()[..])
	.push_opcode(opcodes::all::OP_CHECKSIG)
	.into_script();
	assert_eq!(34, merkle_script.serialize().len());

	let script_odds = vec![(1, merkle_script.clone()), ];
	let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();
	let cb = tree_info.control_block(&(merkle_script.clone(), LeafVersion::default())).unwrap();

	let prevouts = [source_tx.output[0].clone()];
	let prevouts = Prevouts::All(&prevouts);
	let mut cache = SigHashCache::new(&spending_tx);
	let script_path = ScriptPath::with_defaults(&merkle_script);

	let hash = cache.taproot_signature_hash(0, &prevouts, None, Some(script_path), SigHashType::Default).unwrap();

	let mut rng = thread_rng();

	let message = Message::from_slice(&hash.into_inner()[..]).unwrap();
	let signature = init.secp.schnorrsig_sign_with_rng(&message, &init.bob, &mut rng);

	assert!(init.secp.schnorrsig_verify(&signature, &message, &init.bob_public).is_ok());

	// signature, script, control_block
	let mut cb_serialized = cb.serialize();
	assert_eq!(cb_serialized.len(), 33);
	assert_eq!(cb_serialized.to_hex(), "c172ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6");
	let signature_serialized = signature.as_ref().to_vec();
	assert_eq!(signature_serialized.len(), 64);
	let witness = vec![signature_serialized, merkle_script.serialize(), cb_serialized];

	spending_tx.input[0].witness = witness;

	assert_eq!(spending_tx.txid().to_hex(), "ed4f734eddd53970bd4bb143e8be11ae30a9af8b85e23444ee852aece0f21f42");
	}


	#[test]
	fn taproot_script_spend_merkle_root() {
	let init = Init::default();

	/*
	$ bitcoin-cli -signet deriveaddresses "tr(72ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6,{pk(97142dd0eca06bdb03a65dfc7f4681fd07efb8a2becf9bfb1c930aaef0d6c53c),pk(2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e)})#n9d9305r"
	[
	"tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r"
	]
	*/

	let script1 = script::Builder::new()
	.push_slice(&init.bob_public.serialize()[..])
	.push_opcode(opcodes::all::OP_CHECKSIG)
	.into_script();
	let script2 = script::Builder::new()
	.push_slice(&init.charlie_public.serialize()[..])
	.push_opcode(opcodes::all::OP_CHECKSIG)
	.into_script();

	let script_odds = vec![
	(1, script1.clone()),
	(1, script2.clone()),
	];
	let tree_info = TaprootSpendInfo::new_huffman_tree(&init.secp, init.alice_public, script_odds.clone()).unwrap();

	let script = Script::new_witness_program(WitnessVersion::V1, &tree_info.output_key().serialize());
	let address = Address::from_script(&script, Network::Signet).unwrap();
	assert_eq!(address.to_string(),"tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r");

	/*
	inputs is received on tb1p8wuydhkdl79p323rfk7f2uhdfr8drtf6yteln6sqcf7yt6svzfgss7z60r on txid ea5d1b146a4d25c2063e54a9a190fb7f9d905692ca0481e71f3939a024980144
	*/
	let source_tx = "020000000001012176edaa2f841e365d872fa992bdea58ac1be9f846591c54944378c007b692fd0100000000feffffff0238440100000000002251203bb846decdff8a18aa234dbc9572ed48ced1ad3a22f3f9ea00c27c45ea0c1251a5db8d00000000001600144069a2d6e858c86c23f065e4bdc1d9b849ebf603024730440220792ed741a46654264e395484de4e87dadd5706faf45d7aa233798c31373c514b02207ee518fb1b72d1d5d8d2b522f26f78d0d83232639099c0bf53c2d063dc5334a5012103ad3c33f17fc2e66096a7bca75db70af78cd89991ba4b353c46a9c3464370c90fe9ed0000";
	let source_tx : Transaction = deserialize(&Vec::from_hex(source_tx).unwrap()).unwrap();
	assert_eq!(source_tx.txid().to_hex(), "ea5d1b146a4d25c2063e54a9a190fb7f9d905692ca0481e71f3939a024980144");

	let mut spending_tx = Transaction {
	version: source_tx.version,
	lock_time: source_tx.lock_time,
	input: vec![TxIn {
	previous_output: OutPoint::new(source_tx.txid(), 0),
	script_sig: Default::default(),
	sequence: 0,
	witness: vec![]
	}],
	output: vec![TxOut {
	value: 1011,
	script_pubkey: Script::from_hex("0014e57e98a796cfd38c4a1a49ba37213a0aa77a69f0").unwrap(),
	}]
	};

	let cb = tree_info.control_block(&(script2.clone(), LeafVersion::default())).unwrap(); // control block for charlie

	let prevouts = [source_tx.output[0].clone()];
	let prevouts = Prevouts::All(&prevouts);
	let mut cache = SigHashCache::new(&spending_tx);
	let script_path = ScriptPath::with_defaults(&script2);

	let hash = cache.taproot_signature_hash(0, &prevouts, None, Some(script_path), SigHashType::Default).unwrap();

	let mut rng = thread_rng();

	let message = Message::from_slice(&hash.into_inner()[..]).unwrap();
	let signature = init.secp.schnorrsig_sign_with_rng(&message, &init.charlie, &mut rng);

	assert!(init.secp.schnorrsig_verify(&signature, &message, &init.charlie_public).is_ok());

	// signature, script, control_block
	let mut cb_serialized = cb.serialize();
	assert_eq!(cb_serialized.len(), 65);
	assert_eq!(cb_serialized.to_hex(), "c072ad3fb702bf1a2111b09c2bf1e72f4f52d4ceb2acdcfcd0c63abf70a59c36d6edcf3e8ecf915d6562a91f712face4beb8ee80acd085b33e5e11b49f0ae703c7");
	let signature_serialized = signature.as_ref().to_vec();
	assert_eq!(signature_serialized.len(), 64);
	let witness = vec![signature_serialized, script2.serialize(), cb_serialized];

	spending_tx.input[0].witness = witness;
	assert_eq!(spending_tx.txid().to_hex(), "618803696055ce03d15602ca611e2b8089f8d1824bb310bf13aa2945a492cbef");
	}

	struct TaprootConstructTest<'s> {
	secret_hex: &'s str,
	public_hex: &'s str,
	secret_hex_for_script: &'s str,
	public_hex_for_script: &'s str,
	script_hex_with_version: Option<&'s str>,
	script_hash: &'s str,
	tweak: &'s str,
	public_tweaked: &'s str,
	script_pubkey: &'s str,
	}

	fn taproot_construct_example() -> TaprootConstructTest<'static> {
	// # hacked core taproot_construct() test to print out values
	//
	// secs[0]: e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7
	// pubs[0]: 2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e
	// secs[1]: d4ab553b4bc4975af7cfdd5c9b0871387d72ff9961b0f26cbf4ef859c66a7eb2
	// pubs[1]: 47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932
	// code_with_version: c0222047cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932ac
	// h: 1a7c356074ec60691eccf65dc0a5837a83be5223a04cef449b4d81cb99f39e19
	// tweak: b0b31c347918ab541b4d6748081abdc1ac87dcbfb1dfce03fcf35bfa04c23b3a
	// tweaked: 9c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03
	// scripts: [('s0', CScript([x('47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932'), OP_CHECKSIG]))]
	// scriptPubKey: 51209c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03
	// negflag: 0
	// leaves: {'s0': TaprootLeafInfo(script=CScript([x('47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932'), OP_CHECKSIG]), version=192, merklebranch=b'')}

	TaprootConstructTest {
	secret_hex: "e108a1eab0a9966a0740cda37684bd67f8ca746e0a8e8ac5c52f4989b24926a7",
	public_hex: "2dff7bbd4757a0511f4f8a30bf8b86717d0e45cd56b951b542bf0bf993ce302e",
	secret_hex_for_script: "d4ab553b4bc4975af7cfdd5c9b0871387d72ff9961b0f26cbf4ef859c66a7eb2",
	public_hex_for_script: "47cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932",
	script_hex_with_version: Some("c0222047cfb867b57faca6dd8ea005d25f59917810e0813a8a0c8a53e2b4cda3ffe932ac"),
	script_hash: "1a7c356074ec60691eccf65dc0a5837a83be5223a04cef449b4d81cb99f39e19",
	tweak: "b0b31c347918ab541b4d6748081abdc1ac87dcbfb1dfce03fcf35bfa04c23b3a",
	public_tweaked: "9c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03",
	script_pubkey: "51209c5869b824ee1abed24e9477e21a7dc63c112b6525a9aab82bf100941e1eca03"
	}
	}

	#[test]
	fn test_taproot_construct_address() {


	let test = taproot_construct_example();

	let tap = test_taproot_construct(&test);

	let address = Address::from_script(&tap.script_pubkey, Network::Signet).unwrap();

	assert_eq!(address.to_string(), "tb1pn3vxnwpyacdta5jwj3m7yxnacc7pz2m9yk564wpt7yqfg8s7egps6zs3jg");

	// $ bitcoin-cli -signet sendtoaddress tb1pn3vxnwpyacdta5jwj3m7yxnacc7pz2m9yk564wpt7yqfg8s7egps6zs3jg 0.00001352
	// 74145e40130c911956d3d6952d4cd224a21a9d7428355abdc4ab01728de4c584

	let test = taproot_construct_mine();
	let _tap = test_taproot_construct(&test);
	}

	struct TaprootConstruct {
	pair: KeyPair,
	pair_script: KeyPair,
	inner_script: Script,
	pubkey_in_script: PublicKey,
	script_pubkey: Script,
	public: PublicKey,
	}

	fn test_taproot_construct(test: &TaprootConstructTest) -> TaprootConstruct {
	let secp = Secp256k1::new();

	let secret = Vec::from_hex(&test.secret_hex).unwrap();
	let pair = KeyPair::from_seckey_slice(&secp, &secret).unwrap();
	let public = PublicKey::from_keypair(&secp, &pair);
	assert_eq!(format!("{:x}", public), test.public_hex);

	let secret_script = Vec::from_hex(&test.secret_hex_for_script).unwrap();
	let pair_script = KeyPair::from_seckey_slice(&secp, &secret_script).unwrap();
	let pubkey_in_script = PublicKey::from_keypair(&secp, &pair_script);
	assert_eq!(format!("{:x}", pubkey_in_script), test.public_hex_for_script);

	let inner_script_hex = format!("20{}ac", pubkey_in_script); // ac = OP_CHECKSIG
	let inner_script = Script::from_hex(&inner_script_hex).unwrap();
	let inner_script_hex_with_version = format!("{:x}22{}", 0xc0, inner_script_hex);
	if let Some(script_hex_with_version_expected) = test.script_hex_with_version.as_ref() {
	assert_eq!(inner_script_hex_with_version, *script_hex_with_version_expected);
	}
	let hash = TapLeafHash::hash(&Vec::from_hex(&inner_script_hex_with_version).unwrap());
	// h = TaggedHash("TapLeaf", bytes([version]) + ser_string(code))
	assert_eq!(format!("{:x}", hash), test.script_hash);

	// TaggedHash("TapTweak", pubkey + h)
	let mut engine = TapTweakHash::engine();
	engine.input(&public.serialize());
	engine.input(&hash);
	let tweak = TapTweakHash::from_engine(engine);
	assert_eq!(format!("{:x}", tweak), test.tweak);

	let mut public_tweaked = public.clone();
	let _parity = public_tweaked.tweak_add_assign(&secp, &tweak).unwrap();

	assert_eq!(format!("{:x}", public_tweaked), test.public_tweaked);

	let script_pubkey = Script::new_witness_program(WitnessVersion::V1, &public_tweaked.serialize());
	assert_eq!(format!("{:x}", script_pubkey), test.script_pubkey);
	TaprootConstruct {
	inner_script, script_pubkey, public, pair, pair_script, pubkey_in_script
	}
	}
	}