multi: produce TransitionV1 proofs in unit tests

This commit adds v1 inclusion proof verification.

Author: gijswijs

proof/append_test.go

@@ -71,7 +71,7 @@ func TestAppendTransition(t *testing.T) {
 			withBip86Change: true,
 		},
 		{
-			name:      "normal with change",
+			name:      "normal with change (with split)",
 			assetType: asset.Normal,
 			amt:       100,
 			withSplit: true,
@@ -135,6 +135,14 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 
 	// Add some alt leaves to the commitment anchoring the asset transfer.
 	altLeaves := asset.ToAltLeaves(asset.RandAltLeaves(t, true))
+
+	// Commit to the stxo of the previous asset. Otherwise, the inclusion
+	// proofs will fail.
+	stxoAsset, err := asset.MakeSpentAsset(newAsset.PrevWitnesses[0])
+	require.NoError(t, err)
+
+	stxoLeaf := asset.ToAltLeaves([]*asset.Asset{stxoAsset})
+	altLeaves = append(altLeaves, stxoLeaf...)
 	err = tapCommitment.MergeAltLeaves(altLeaves)
 	require.NoError(t, err)
 
@@ -213,6 +221,7 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 	// Append the new transition to the genesis blob.
 	transitionBlob, transitionProof, err := AppendTransition(
 		genesisBlob, transitionParams, MockVerifierCtx,
+		WithVersion(TransitionV1),
 	)
 	require.NoError(t, err)
 	require.Greater(t, len(transitionBlob), len(genesisBlob))
@@ -293,8 +302,17 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 		nil, split1Commitment,
 	)
 	require.NoError(t, err)
+
+	// Commit to the stxo of the previous asset. Otherwise, the inclusion
+	// proofs will fail. With splits this is only needed for the root asset.
+	stxoAsset1, err := asset.MakeSpentAsset(split1Asset.PrevWitnesses[0])
+	require.NoError(t, err)
+
+	stxoLeaf1 := asset.ToAltLeaves([]*asset.Asset{stxoAsset1})
+	split1AltLeaves = append(split1AltLeaves, stxoLeaf1...)
 	err = tap1Commitment.MergeAltLeaves(split1AltLeaves)
 	require.NoError(t, err)
+
 	tap2Commitment, err := commitment.NewTapCommitment(
 		nil, split2Commitment,
 	)
@@ -361,12 +379,34 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 		split1Asset.AssetCommitmentKey(),
 	)
 	require.NoError(t, err)
+
+	// For the transfer root we also need to the stxo exclusion proofs.
+	_, stxo1In2exclusionProof, err := tap2Commitment.Proof(
+		stxoAsset1.TapCommitmentKey(),
+		stxoAsset1.AssetCommitmentKey(),
+	)
+	require.NoError(t, err)
+
+	stxoID := asset.ToSerialized(stxoAsset1.ScriptKey.PubKey)
+	stxo1In2Proofs := make(map[asset.SerializedKey]commitment.Proof, 1)
+	stxo1In2Proofs[stxoID] = *stxo1In2exclusionProof
+
 	_, split1In3ExclusionProof, err := tap3Commitment.Proof(
 		split1Asset.TapCommitmentKey(),
 		split1Asset.AssetCommitmentKey(),
 	)
 	require.NoError(t, err)
 
+	// For the transfer root we also need to the stxo exclusion proofs.
+	_, stxo1In3exclusionProof, err := tap3Commitment.Proof(
+		stxoAsset1.TapCommitmentKey(),
+		stxoAsset1.AssetCommitmentKey(),
+	)
+	require.NoError(t, err)
+
+	stxo1In3Proofs := make(map[asset.SerializedKey]commitment.Proof, 1)
+	stxo1In3Proofs[stxoID] = *stxo1In3exclusionProof
+
 	_, split2In1ExclusionProof, err := tap1Commitment.Proof(
 		split2Asset.TapCommitmentKey(),
 		split2Asset.AssetCommitmentKey(),
@@ -406,13 +446,15 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 				OutputIndex: 1,
 				InternalKey: internalKey2,
 				CommitmentProof: &CommitmentProof{
-					Proof: *split1In2ExclusionProof,
+					Proof:      *split1In2ExclusionProof,
+					STXOProofs: stxo1In2Proofs,
 				},
 			}, {
 				OutputIndex: 2,
 				InternalKey: internalKey3,
 				CommitmentProof: &CommitmentProof{
-					Proof: *split1In3ExclusionProof,
+					Proof:      *split1In3ExclusionProof,
+					STXOProofs: stxo1In3Proofs,
 				},
 			}},
 		},
@@ -421,6 +463,7 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 
 	split1Blob, split1Proof, err := AppendTransition(
 		transitionBlob, split1Params, MockVerifierCtx,
+		WithVersion(TransitionV1),
 	)
 	require.NoError(t, err)
 	require.Greater(t, len(split1Blob), len(transitionBlob))
@@ -463,6 +506,7 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 
 	split2Blob, split2Proof, err := AppendTransition(
 		transitionBlob, split2Params, MockVerifierCtx,
+		WithVersion(TransitionV1),
 	)
 	require.NoError(t, err)
 	require.Greater(t, len(split2Blob), len(transitionBlob))
@@ -506,6 +550,7 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 
 	split3Blob, split3Proof, err := AppendTransition(
 		transitionBlob, split3Params, MockVerifierCtx,
+		WithVersion(TransitionV1),
 	)
 	require.NoError(t, err)
 	require.Greater(t, len(split3Blob), len(transitionBlob))

tapsend/proof_test.go

@@ -27,6 +27,30 @@ var (
 // TestCreateProofSuffix tests the creation of suffix proofs for a given anchor
 // transaction.
 func TestCreateProofSuffix(t *testing.T) {
+	testCases := []struct {
+		name        string
+		stxoProof   bool
+		expectedErr string
+	}{
+		{
+			name:      "Correct inclusion and exclusion proofs",
+			stxoProof: true,
+		},
+		{
+			name:      "No stxo proof",
+			stxoProof: false,
+			expectedErr: "error verifying STXO proof: missing " +
+				"asset proof",
+		},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(tt *testing.T) {
+			createProofSuffix(t, tc.stxoProof, tc.expectedErr)
+		})
+	}
+}
+
+func createProofSuffix(t *testing.T, stxoProof bool, expectedErr string) {
 	testAssets := []*asset.Asset{
 		asset.RandAsset(t, asset.RandAssetType(t)),
 		asset.RandAsset(t, asset.RandAssetType(t)),
@@ -83,7 +107,10 @@ func TestCreateProofSuffix(t *testing.T) {
 	}
 	outputCommitments := make(map[uint32]*commitment.TapCommitment)
 
-	addOutputCommitment(t, anchorTx, outputCommitments, testPackets...)
+	addOutputCommitment(
+		t, anchorTx, outputCommitments, stxoProof,
+		testPackets...,
+	)
 	addBip86Output(t, anchorTx.FundedPsbt.Pkt)
 
 	// Create a proof suffix for all 4 packets now and validate it.
@@ -92,6 +119,7 @@ func TestCreateProofSuffix(t *testing.T) {
 			proofSuffix, err := CreateProofSuffix(
 				pkt.UnsignedTx, pkt.Outputs, vPkt,
 				outputCommitments, outIdx, testPackets,
+				proof.WithVersion(proof.TransitionV1),
 			)
 			require.NoError(t, err)
 
@@ -106,18 +134,34 @@ func TestCreateProofSuffix(t *testing.T) {
 			)
 
 			// Checking the transfer witness is the very last step
-			// of the proof verification. Since we didn't properly
+			// of the proof verification. Since we don't properly
 			// sign the transfer, we expect the witness to be
 			// invalid. But if we get to that point, we know that
-			// all inclusion and exclusion proofs are correct (which
-			// is what this test is testing).
+			// all inclusion and exclusion proofs are correct. So
+			// for successful cases we still expect an error, namely
+			// the invalid witness error.
+			errCode := txscript.ErrTaprootSigInvalid
 			invalidWitnessErr := vm.Error{
 				Kind: vm.ErrInvalidTransferWitness,
 				Inner: txscript.Error{
-					ErrorCode: txscript.ErrTaprootSigInvalid,
+					ErrorCode: errCode,
 				},
 			}
-			require.ErrorIs(t, err, invalidWitnessErr)
+			if expectedErr == "" {
+				require.ErrorIs(t, err, invalidWitnessErr)
+
+				continue
+			}
+
+			if vPkt.Outputs[outIdx].Asset.IsTransferRoot() {
+				require.ErrorContains(
+					t, err, expectedErr,
+				)
+			} else {
+				require.ErrorIs(
+					t, err, invalidWitnessErr,
+				)
+			}
 		}
 	}
 }
@@ -206,7 +250,7 @@ func createPacket(t *testing.T, a *asset.Asset, split bool,
 
 func addOutputCommitment(t *testing.T, anchorTx *AnchorTransaction,
 	outputCommitments map[uint32]*commitment.TapCommitment,
-	vPackets ...*tappsbt.VPacket) {
+	stxoProof bool, vPackets ...*tappsbt.VPacket) {
 
 	packet := anchorTx.FundedPsbt.Pkt
 
@@ -222,27 +266,42 @@ func addOutputCommitment(t *testing.T, anchorTx *AnchorTransaction,
 		}
 	}
 
-	for idx, assets := range assetsByOutput {
-		for idx := range assets {
-			if !assets[idx].HasSplitCommitmentWitness() {
+	stxoAssetsByOutput := make(map[uint32][]asset.AltLeaf[asset.Asset])
+	for idx1, assets := range assetsByOutput {
+		for idx2 := range assets {
+			if assets[idx2].IsTransferRoot() {
+				stxoAssets, err := asset.CollectSTXO(
+					assets[idx2],
+				)
+				stxoAssetsByOutput[idx1] = append(
+					stxoAssetsByOutput[idx1], stxoAssets...,
+				)
+				require.NoError(t, err)
+			}
+
+			if !assets[idx2].HasSplitCommitmentWitness() {
 				continue
 			}
-			assets[idx] = assets[idx].Copy()
-			assets[idx].PrevWitnesses[0].SplitCommitment = nil
+
+			assets[idx2] = assets[idx2].Copy()
+			assets[idx2].PrevWitnesses[0].SplitCommitment = nil
 		}
 
 		c, err := commitment.FromAssets(nil, assets...)
 		require.NoError(t, err)
+		if stxoProof {
+			err = c.MergeAltLeaves(stxoAssetsByOutput[idx1])
+			require.NoError(t, err)
+		}
 
-		internalKey := keyByOutput[idx]
+		internalKey := keyByOutput[idx1]
 		script, err := tapscript.PayToAddrScript(*internalKey, nil, *c)
 		require.NoError(t, err)
 
-		packet.UnsignedTx.TxOut[idx].PkScript = script
-		packet.Outputs[idx].TaprootInternalKey = schnorr.SerializePubKey(
-			internalKey,
-		)
-		outputCommitments[idx] = c
+		packet.UnsignedTx.TxOut[idx1].PkScript = script
+		packet.Outputs[idx1].TaprootInternalKey =
+			schnorr.SerializePubKey(internalKey)
+		outputCommitments[idx1] = c
 	}
 }
 

tapsend/send_test.go

@@ -1697,6 +1697,23 @@ func createProofParams(t *testing.T, genesisTxIn wire.TxIn, state spendData,
 		senderAsset.AssetCommitmentKey(),
 	)
 	require.NoError(t, err)
+
+	// The sender gets the transfer root, so we also need to the stxo
+	// exclusion proofs.
+	senderSTXOAsset, err := asset.MakeSpentAsset(
+		senderAsset.PrevWitnesses[0],
+	)
+	require.NoError(t, err)
+	_, senderSTXOExclusionProof, err := receiverTapTree.Proof(
+		senderSTXOAsset.TapCommitmentKey(),
+		senderSTXOAsset.AssetCommitmentKey(),
+	)
+	require.NoError(t, err)
+
+	senderSTXOID := asset.ToSerialized(senderSTXOAsset.ScriptKey.PubKey)
+	senderSTXOProofs := make(map[asset.SerializedKey]commitment.Proof, 1)
+	senderSTXOProofs[senderSTXOID] = *senderSTXOExclusionProof
+
 	_, receiverExclusionProof, err := senderTapTree.Proof(
 		receiverAsset.TapCommitmentKey(),
 		receiverAsset.AssetCommitmentKey(),
@@ -1719,7 +1736,8 @@ func createProofParams(t *testing.T, genesisTxIn wire.TxIn, state spendData,
 				OutputIndex: 1,
 				InternalKey: &state.receiverPubKey,
 				CommitmentProof: &proof.CommitmentProof{
-					Proof: *senderExclusionProof,
+					Proof:      *senderExclusionProof,
+					STXOProofs: senderSTXOProofs,
 				},
 			}},
 		},
@@ -1803,6 +1821,7 @@ func TestProofVerify(t *testing.T) {
 	// Create a proof for each receiver and verify it.
 	senderBlob, _, err := proof.AppendTransition(
 		genesisProofBlob, &proofParams[0], proof.MockVerifierCtx,
+		proof.WithVersion(proof.TransitionV1),
 	)
 	require.NoError(t, err)
 	senderFile := proof.NewEmptyFile(proof.V0)
@@ -1814,6 +1833,7 @@ func TestProofVerify(t *testing.T) {
 
 	receiverBlob, _, err := proof.AppendTransition(
 		genesisProofBlob, &proofParams[1], proof.MockVerifierCtx,
+		proof.WithVersion(proof.TransitionV1),
 	)
 	require.NoError(t, err)
 	receiverFile, err := proof.NewFile(proof.V0)
@@ -1870,6 +1890,7 @@ func TestProofVerifyFullValueSplit(t *testing.T) {
 	// Create a proof for each receiver and verify it.
 	senderBlob, _, err := proof.AppendTransition(
 		genesisProofBlob, &proofParams[0], proof.MockVerifierCtx,
+		proof.WithVersion(proof.TransitionV1),
 	)
 	require.NoError(t, err)
 	senderFile, err := proof.NewFile(proof.V0)
@@ -1880,6 +1901,7 @@ func TestProofVerifyFullValueSplit(t *testing.T) {
 
 	receiverBlob, _, err := proof.AppendTransition(
 		genesisProofBlob, &proofParams[1], proof.MockVerifierCtx,
+		proof.WithVersion(proof.TransitionV1),
 	)
 	require.NoError(t, err)
 	receiverFile := proof.NewEmptyFile(proof.V0)