As per BIP341 [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#]:
-
“First, we outline taproot_tweak_pubkey for 32-byte BIP340 public key arrays. The operate returns a bit indicating the tweaked public key’s Y coordinate in addition to the general public key byte array. The parity bit can be required for spending the output with a script path.“
-
That is proven within the “Script validation guidelines” part:
If q ≠ x(Q) or c[0] & 1 ≠ y(Q) mod 2, fail [10]
- Following the reference [10]:
“Why is it essential to reveal a bit in a script path spend and examine that it matches the parity of the Y coordinate of Q? The parity of the Y coordinate is important to raise the X coordinate q to a singular level. Whereas this isn’t strictly vital for verifying the taproot dedication as described above, it’s vital to permit batch verification. Alternatively, Q may very well be compelled to have a good Y coordinate, however that may require retrying with completely different inside public keys (or completely different messages) till Q has that property. There is no such thing as a draw back to including the parity bit as a result of in any other case the management block bit can be unused.”
I perceive (I believe) why storing the parity of the taproot_tweak_pubkey within the Witness’ Management Block “will not be strictly vital” for verifying the validity of a P2TR-Script-Path spend.
- The spender, who constructed the Witness capable of spend the UTXO;
- And the verifier (e.g. node), who’s working validation guidelines on that
transaction; - They each assemble the taproot_tweak_pubkey the identical method: Identical
Merkle Root, similar Inside PubKey, similar Tweak = similar
taproot_tweak_pubkey.
Nonetheless, I assume there are nonetheless good safety the reason why checking the parity was added as a validation rule within the P2TR-Script-Path, perhaps clarifying this may very well be useful?
My principal query is why “it’s vital to permit batch verification”?
Thanks so very a lot, all of you on the market who take the time to coach us on Bitcoin!
As per BIP341 [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#]:
-
“First, we outline taproot_tweak_pubkey for 32-byte BIP340 public key arrays. The operate returns a bit indicating the tweaked public key’s Y coordinate in addition to the general public key byte array. The parity bit can be required for spending the output with a script path.“
-
That is proven within the “Script validation guidelines” part:
If q ≠ x(Q) or c[0] & 1 ≠ y(Q) mod 2, fail [10]
- Following the reference [10]:
“Why is it essential to reveal a bit in a script path spend and examine that it matches the parity of the Y coordinate of Q? The parity of the Y coordinate is important to raise the X coordinate q to a singular level. Whereas this isn’t strictly vital for verifying the taproot dedication as described above, it’s vital to permit batch verification. Alternatively, Q may very well be compelled to have a good Y coordinate, however that may require retrying with completely different inside public keys (or completely different messages) till Q has that property. There is no such thing as a draw back to including the parity bit as a result of in any other case the management block bit can be unused.”
I perceive (I believe) why storing the parity of the taproot_tweak_pubkey within the Witness’ Management Block “will not be strictly vital” for verifying the validity of a P2TR-Script-Path spend.
- The spender, who constructed the Witness capable of spend the UTXO;
- And the verifier (e.g. node), who’s working validation guidelines on that
transaction; - They each assemble the taproot_tweak_pubkey the identical method: Identical
Merkle Root, similar Inside PubKey, similar Tweak = similar
taproot_tweak_pubkey.
Nonetheless, I assume there are nonetheless good safety the reason why checking the parity was added as a validation rule within the P2TR-Script-Path, perhaps clarifying this may very well be useful?
My principal query is why “it’s vital to permit batch verification”?
Thanks so very a lot, all of you on the market who take the time to coach us on Bitcoin!
