Merge pull request #1166 from psgreco/elements-22-rc6

Backport fixes from master to elements-22.x for rc6

Author: jamesdorfman

.cirrus.yml

@@ -123,10 +123,10 @@ task:
     FILE_ENV: "./ci/test/00_setup_env_native_qt5.sh"
 
 task:
-  name: '[depends, sanitizers: thread (TSan), no gui] [hirsute]'
+  name: '[depends, sanitizers: thread (TSan), no gui] [jammy]'
   << : *GLOBAL_TASK_TEMPLATE
   container:
-    image: ubuntu:hirsute
+    image: ubuntu:jammy
     cpu: 6  # Increase CPU and Memory to avoid timeout
     memory: 24G
   env:
@@ -144,10 +144,10 @@ task:
     FILE_ENV: "./ci/test/00_setup_env_native_msan.sh"
 
 task:
-  name: '[no depends, sanitizers: address/leak (ASan + LSan) + undefined (UBSan) + integer] [hirsute]'
+  name: '[no depends, sanitizers: address/leak (ASan + LSan) + undefined (UBSan) + integer] [jammy]'
   << : *GLOBAL_TASK_TEMPLATE
   container:
-    image: ubuntu:hirsute
+    image: ubuntu:jammy
     memory: 16G # ELEMENTS: need more memory
     cpu: 4  # ELEMENTS: cirrus wants more CPUs if you want more memory
   env:
@@ -160,7 +160,7 @@ task:
   << : *GLOBAL_TASK_TEMPLATE
   container:
     image: ubuntu:focal
-    cpu: 4  # Increase CPU and memory to avoid timeout
+    cpu: 8  # Increase CPU and memory to avoid timeout
     memory: 16G
   env:
     << : *CIRRUS_EPHEMERAL_WORKER_TEMPLATE_ENV

ci/test/00_setup_env_native_asan.sh

@@ -8,7 +8,7 @@ export LC_ALL=C.UTF-8
 
 export CONTAINER_NAME=ci_native_asan
 export PACKAGES="clang llvm python3-zmq qtbase5-dev qttools5-dev-tools libevent-dev bsdmainutils libboost-dev libboost-system-dev libboost-filesystem-dev libboost-test-dev libdb5.3++-dev libminiupnpc-dev libnatpmp-dev libzmq3-dev libqrencode-dev libsqlite3-dev"
-export DOCKER_NAME_TAG=ubuntu:hirsute
+export DOCKER_NAME_TAG=ubuntu:22.04
 export NO_DEPENDS=1
 export GOAL="install"
 export BITCOIN_CONFIG="--enable-zmq --with-incompatible-bdb --with-gui=qt5 CPPFLAGS='-DARENA_DEBUG -DDEBUG_LOCKORDER' --with-sanitizers=address,integer,undefined CC=clang CXX=clang++"

ci/test/00_setup_env_native_tsan.sh

@@ -7,7 +7,7 @@
 export LC_ALL=C.UTF-8
 
 export CONTAINER_NAME=ci_native_tsan
-export DOCKER_NAME_TAG=ubuntu:hirsute
+export DOCKER_NAME_TAG=ubuntu:22.04
 export PACKAGES="clang llvm libc++abi-dev libc++-dev python3-zmq"
 export DEP_OPTS="CC=clang CXX='clang++ -stdlib=libc++'"
 export GOAL="install"

configure.ac

@@ -2,7 +2,7 @@ AC_PREREQ([2.69])
 define(_CLIENT_VERSION_MAJOR, 22)
 define(_CLIENT_VERSION_MINOR, 0)
 define(_CLIENT_VERSION_BUILD, 0)
-define(_CLIENT_VERSION_RC, 5)
+define(_CLIENT_VERSION_RC, 6)
 define(_CLIENT_VERSION_IS_RELEASE, true)
 define(_COPYRIGHT_YEAR, 2022)
 define(_COPYRIGHT_HOLDERS,[The %s developers])

doc/elements-tx-format.md

@@ -21,7 +21,7 @@ This document assumes some familiarity with Bitcoin and Elements (UTXOs, [Script
 | Flags | Yes | 1 byte | `unsigned char` | | 1 if the transaction contains a witness, otherwise 0. All other values are invalid. |
 | Num Inputs | Yes | Varies | `VarInt` | | Number of inputs to the transaction. |
 | Inputs | Yes | Varies | `Vector<TxIn>` | | |
-| Num Inputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
+| Num Outputs | Yes | Varies | `VarInt` | | Number of outputs from the transaction. |
 | Outputs | Yes | Varies | `Vector<TxOut>` | | |
 | Locktime | Yes | 4 bytes | `uint32_t` | Little-endian | See [BIP 113](https://github.com/bitcoin/bips/blob/master/bip-0113.mediawiki). |
 | Witness | Only if flags is 1 | Varies | `Witness` | | See [BIP 141](https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki). Note that Elements witnesses contain more data than Bitcoin witnesses. This extra data is described further below. |
@@ -104,7 +104,7 @@ SegWit transactions have one such witness for each input.
 | Script Witness | Yes | Varies | `Vector<hex>` | | The vector represents the witness stack.<br>Can be empty (length of 0). |
 | Peg-in Witness | Yes | Varies | `Vector<hex>` | | The vector represents the witness stack.<br>Can be empty (length of 0). |
 
-The range proofs must be empty if their asociated amounts (issuance / inflation keys) are explicit.
+The range proofs must be empty if their associated amounts (issuance / inflation keys) are explicit.
 Refer [here](https://elementsproject.org/features/confidential-transactions/investigation) for more details on range proofs.
 
 A non-empty peg-in witness stack should always have a length of 6, and the items should be interpreted as follows:
@@ -203,13 +203,13 @@ Deserialization:
 |                                      Input #2
 | 8d83eb1b0826f46d473003d041116927
 | 470e2ce0f7cc0c634a983d438d770ac8 ... Outpoint TXID: c80a778d433d984a630cccf7e02c0e4727691141d00330476df426081beb838d
-| 00000000 ........................... Outpoint index 
+| 00000000 ........................... Outpoint index
 |
 | 00 ................................. ScriptSig length
 | | .................................. ScriptSig (empty)
 |
 | ffffffff ........................... Sequence number: UINT32_MAX
- 
+
 02 ................................... Num Outputs
 |
 |                                      Output #1
@@ -239,7 +239,7 @@ Deserialization:
 | 03 ................................. Nonce header (0x03 → compressed point)
 | 72fdd5c6e805a50d73ab15ec41cfaadc
 | be408ecc7a5867621918f1070f84ec95 ... Nonce x-coordinate (big-endian)
-| 
+|
 | 16 ................................. ScriptPubKey length (0x16 = 22 bytes)
 | | 001424ae71d4804ca7dd1fa66486a8
 | | 7af9dff1663c84 ................... ScriptPubKey
@@ -317,18 +317,18 @@ Deserialization:
 | | .................................. ScriptSig (empty: segwit transaction)
 |
 | fdffffff ........................... Sequence number
-| 
+|
 | .................................... Asset issuance
 | | 000000000000000000000000000000
 | | 000000000000000000000000000000
 | | 0000 ............................. Asset blinding nonce (0 for new asset issuance)
-| | 
+| |
 | | 000000000000000000000000000000
 | | 000000000000000000000000000000
 | | 0000 ............................. Asset entropy
 | |
 | | 01 ............................... Amount header (0x01 → explicit, unblinded value)
-| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000) 
+| | 00000000c4b20100 ................. Amount: 0xc4b20100 = 3,300,000,000 → 33 units (each divisible by 100,000,000)
 | |
 | | 01 ............................... Num inflation keys header (0x01 → explicit, unblinded value)
 | | 0000000029b92700 ................. Value. 0x29b92700 = 700,000,000 inflation keys
@@ -343,7 +343,7 @@ Deserialization:
 | 08 ................................. Amount header (0x08 → blinded value)
 | 66abe471dfadfb650825abe6f757860b
 | 6760d30ff62bc7c9ebd438608f45368b ... Amount x-coordinate (big-endian)
-|                                      
+|
 | 02 ................................. Nonce header (0x02 → blinded value)
 | 115750003261bc64bb73d83401a91279
 | 6d0c0fb9d54c72751a7ca7a5149a9bdf ... Nonce x-coordinate (big-endian)
@@ -518,7 +518,7 @@ Deserialization:
 | 6d521c38ec1ea15734ae22b7c4606441
 | 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 |
-| 01 ................................. Amount header (0x01 → explicit, unblinded value) 
+| 01 ................................. Amount header (0x01 → explicit, unblinded value)
 | 00000000002b09c1 ................... Amount: 0.02820545 L-BTC
 |
 | 00 ................................. Nonce header (0x00 → null)
@@ -532,7 +532,7 @@ Deserialization:
 | 6d521c38ec1ea15734ae22b7c4606441
 | 2829c0d0579f0a713d1c04ede979026f ... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 |
-| 01 ................................. Amount header (0x01 → explicit, unblinded value) 
+| 01 ................................. Amount header (0x01 → explicit, unblinded value)
 | 0000000000000027 ................... Amount: 0.00000039 L-BTC
 |
 | 00 ................................. Nonce header (0x00 → null)
@@ -560,10 +560,10 @@ Deserialization:
 | | | f34227cbba1cf25eb0778aa45f8b
 | | | 7cb3495046 ..................... Stack item #2
 | 06 ................................. Peg-in witness stack length
-| | 08 ............................... Stack item #1 length  
+| | 08 ............................... Stack item #1 length
 | | | e8092b0000000000 ............... Peg-in value (little-endian): 0x2b09e8 = 0.02820545 BTC)
 | | 20 ............................... Stack item #2 length (0x20 = 32)
-| | | 6d521c38ec1ea15734ae22b7c46064 
+| | | 6d521c38ec1ea15734ae22b7c46064
 | | | 412829c0d0579f0a713d1c04ede979
 | | | 026f ........................... Asset ID: 6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d
 | | 20 ............................... Stack item #3 length (0x20 = 32)
@@ -592,4 +592,4 @@ Deserialization:
 |                                      Output #2 witness
 | 00 ................................. Surjection proof length
 | 00 ................................. Range proof length
-```
+```

doc/pset.mediawiki

@@ -255,6 +255,56 @@ The currently defined elements per-input proprietary types are as follows:
 |
 | 0
 | 2
+|-
+| Explicit Value
+| <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE = 0x11</tt>
+| None
+| No key data
+| <tt><64-bit little endian int value></tt>
+| The explicit value for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_VALUE_PROOF</tt> must be provided too. Must not be provided if the input's value in the UTXO is already explicit.
+|
+| 0
+| 2
+|-
+| Explicit Value Proof
+| <tt>PSBT_ELEMENTS_IN_VALUE_PROOF = 0x12</tt>
+| None
+| No key data
+| <tt><rangeproof></tt>
+| An explicit value rangeproof that proves that the value commitment in this input's UTXO matches the explicit value in <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_VALUE</tt> must be provided too.
+|
+| 0
+| 2
+|-
+| Explicit Asset
+| <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET = 0x13</tt>
+| None
+| No key data
+| <tt><32 byte asset tag></tt>
+| The explicit asset for the input being spent. If provided, <tt>PSBT_ELEMENTS_IN_ASSET_PROOF</tt> must be provided too. Must not be provided if the input's asset in the UTXO is already explicit.
+|
+| 0
+| 2
+|-
+| Explicit Asset Proof
+| <tt>PSBT_ELEMENTS_IN_ASSET_PROOF = 0x14</tt>
+| None
+| No key data
+| <tt><proof></tt>
+| An asset surjection proof with this input's asset as the only asset in the input set in order to prove that the asset commitment in the UTXO matches the explicit asset in <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt>. If provided, <tt>PSBT_ELEMENTS_IN_EXPLICIT_ASSET</tt> must be provided too.
+|
+| 0
+| 2
+|-
+| Blinded Issuance Flag
+| <tt>PSBT_ELEMENTS_IN_BLINDED_ISSUANCE = 0x15</tt>
+| None
+| No key data
+| <tt><1 byte boolean></tt>
+| A boolean flag. <tt>0x00</tt> indicates the issuance should not be blinded, <tt>0x01</tt> indicates it should be. If not specified, assumed to be <tt>0x01</tt>. Note that this does not indicate actual blinding status, but rather the expected blinding status prior to signing.
+|
+| 0
+| 2
 |}
 
 The currently defined elements per-output proprietary types are as follows:

share/setup.nsi.in

@@ -52,7 +52,7 @@ Var StartMenuGroup
 !insertmacro MUI_LANGUAGE English
 
 # Installer attributes
-InstallDir $PROGRAMFILES64\Bitcoin
+InstallDir $PROGRAMFILES64\Elements
 CRCCheck on
 XPStyle on
 BrandingText " "
@@ -105,7 +105,7 @@ Section -post SEC0001
     WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoModify 1
     WriteRegDWORD HKCU "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$(^Name)" NoRepair 1
     WriteRegStr HKCR "@PACKAGE_TARNAME@" "URL Protocol" ""
-    WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Bitcoin"
+    WriteRegStr HKCR "@PACKAGE_TARNAME@" "" "URL:Elements"
     WriteRegStr HKCR "@PACKAGE_TARNAME@\DefaultIcon" "" $INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@
     WriteRegStr HKCR "@PACKAGE_TARNAME@\shell\open\command" "" '"$INSTDIR\@BITCOIN_GUI_NAME@@EXEEXT@" "%1"'
 SectionEnd
@@ -138,7 +138,7 @@ Section -un.post UNSEC0001
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\Uninstall $(^Name).lnk"
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\$(^Name).lnk"
     Delete /REBOOTOK "$SMPROGRAMS\$StartMenuGroup\@PACKAGE_NAME@ (testnet, 64-bit).lnk"
-    Delete /REBOOTOK "$SMSTARTUP\Bitcoin.lnk"
+    Delete /REBOOTOK "$SMSTARTUP\Elements.lnk"
     Delete /REBOOTOK $INSTDIR\uninstall.exe
     Delete /REBOOTOK $INSTDIR\debug.log
     Delete /REBOOTOK $INSTDIR\db.log

src/blindpsbt.cpp

@@ -220,6 +220,35 @@ BlindProofResult VerifyBlindProofs(const PSBTOutput& o) {
     return BlindProofResult::OK;
 }
 
+BlindProofResult VerifyBlindProofs(const PSBTInput& i) {
+    CTxOut utxo;
+    if (!i.GetUTXO(utxo)) {
+        return BlindProofResult::OK;
+    }
+
+    if (i.m_explicit_value != std::nullopt) {
+        if (i.m_value_proof.empty()) {
+            return BlindProofResult::MISSING_VALUE_PROOF;
+        } else if (!utxo.nValue.IsCommitment()) {
+            return BlindProofResult::NOT_FULLY_BLINDED;
+        } else if (!VerifyBlindValueProof(*i.m_explicit_value, utxo.nValue, i.m_value_proof, utxo.nAsset)) {
+            return BlindProofResult::INVALID_VALUE_PROOF;
+        }
+    }
+
+    if (!i.m_explicit_asset.IsNull()) {
+        if (i.m_asset_proof.empty()) {
+            return BlindProofResult::MISSING_ASSET_PROOF;
+        } else if (!utxo.nAsset.IsCommitment()) {
+            return BlindProofResult::NOT_FULLY_BLINDED;
+        } else if (!VerifyBlindAssetProof(i.m_explicit_asset, i.m_asset_proof, utxo.nAsset)) {
+            return BlindProofResult::INVALID_ASSET_PROOF;
+        }
+    }
+
+    return BlindProofResult::OK;
+}
+
 void CreateAssetCommitment(CConfidentialAsset& conf_asset, secp256k1_generator& asset_gen, const CAsset& asset, const uint256& asset_blinder)
 {
     conf_asset.vchCommitment.resize(CConfidentialAsset::nCommittedSize);
@@ -386,7 +415,8 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
         }
 
         // Handle issuances
-        if (input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment()) {
+        if ((!input.m_blinded_issuance.has_value() || input.m_blinded_issuance.value()) &&
+            (input.m_issuance_value != std::nullopt || input.m_issuance_value_commitment.IsCommitment() || input.m_issuance_inflation_keys_amount != std::nullopt || input.m_issuance_inflation_keys_commitment.IsCommitment())) {
             CAsset issuance_asset;
             CAsset reissuance_asset;
 

src/blindpsbt.h

@@ -17,6 +17,7 @@
 
 struct PartiallySignedTransaction;
 struct PSBTOutput;
+struct PSBTInput;
 
 enum class BlindingStatus
 {
@@ -52,5 +53,6 @@ BlindingStatus BlindPSBT(PartiallySignedTransaction& psbt, std::map<uint32_t, st
 bool VerifyBlindValueProof(CAmount value, const CConfidentialValue& conf_value, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
 bool VerifyBlindAssetProof(const uint256& asset, const std::vector<unsigned char>& proof, const CConfidentialAsset& conf_asset);
 BlindProofResult VerifyBlindProofs(const PSBTOutput& o);
+BlindProofResult VerifyBlindProofs(const PSBTInput& i);
 
 #endif //BITCOIN_BLINDPSBT_H

src/miner.cpp

@@ -112,7 +112,7 @@ void BlockAssembler::resetBlock()
     nFees = 0;
 }
 
-std::unique_ptr<CBlockTemplate> BlockAssembler::CreateNewBlock(const CScript& scriptPubKeyIn, std::chrono::seconds min_tx_age, DynaFedParamEntry* proposed_entry, CScript const* commit_script)
+std::unique_ptr<CBlockTemplate> BlockAssembler::CreateNewBlock(const CScript& scriptPubKeyIn, std::chrono::seconds min_tx_age, DynaFedParamEntry* proposed_entry, const std::vector<CScript>* commit_scripts)
 {
     assert(min_tx_age >= std::chrono::seconds(0));
     int64_t nTimeStart = GetTimeMicros();
@@ -206,8 +206,10 @@ std::unique_ptr<CBlockTemplate> BlockAssembler::CreateNewBlock(const CScript& sc
     }
     coinbaseTx.vin[0].scriptSig = CScript() << nHeight << OP_0;
     // Non-consensus commitment output before finishing coinbase transaction
-    if (commit_script) {
-        coinbaseTx.vout.insert(coinbaseTx.vout.begin(), CTxOut(policyAsset, 0, *commit_script));
+    if (commit_scripts && !commit_scripts->empty()) {
+        for (auto commit_script: *commit_scripts) {
+            coinbaseTx.vout.insert(std::prev(coinbaseTx.vout.end()), CTxOut(policyAsset, 0, commit_script));
+        }
     }
     pblock->vtx[0] = MakeTransactionRef(std::move(coinbaseTx));
     pblocktemplate->vchCoinbaseCommitment = GenerateCoinbaseCommitment(*pblock, pindexPrev, chainparams.GetConsensus());