multi: stxo inclusion proof verification

gijswijs · gijswijs · commit f65456c397db · 2025-04-03T22:40:55.000+02:00
This commit adds v2 inclusion proof verification.
diff --git a/asset/asset.go b/asset/asset.go
@@ -2070,7 +2070,7 @@ func CollectSTXO(outAsset *Asset) ([]AltLeaf[Asset], error) {
 	// Genesis assets have no input asset, so they should have an empty
 	// STXO tree. Split leaves will also have a zero PrevID; we will use
 	// an empty STXO tree for them as well.
-	if outAsset.IsGenesisAsset() || outAsset.HasSplitCommitmentWitness() {
+	if !outAsset.IsTransferRoot() {
 		return nil, nil
 	}
 
diff --git a/proof/append.go b/proof/append.go
@@ -171,10 +171,14 @@ func CreateTransitionProof(prevOut wire.OutPoint,
 					"prevID", wit)
 			}
 
-			spentAsset := &asset.Asset{
-				ScriptKey: asset.NewScriptKey(
-					asset.DeriveBurnKey(*wit.PrevID),
-				),
+			prevIdKey := asset.DeriveBurnKey(*wit.PrevID)
+			scriptKey := asset.NewScriptKey(prevIdKey)
+			spentAsset, err := asset.NewAltLeaf(
+				scriptKey, asset.ScriptV0, nil,
+			)
+			if err != nil {
+				return nil, fmt.Errorf("error creating "+
+					"altLeaf: %w", err)
 			}
 
 			// Generate an STXO inclusion proof for each prev
diff --git a/proof/append_test.go b/proof/append_test.go
@@ -71,7 +71,7 @@ func TestAppendTransition(t *testing.T) {
 			withBip86Change: true,
 		},
 		{
-			name:      "normal with change",
+			name:      "normal with change (with split)",
 			assetType: asset.Normal,
 			amt:       100,
 			withSplit: true,
@@ -135,6 +135,17 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 
 	// Add some alt leaves to the commitment anchoring the asset transfer.
 	altLeaves := asset.ToAltLeaves(asset.RandAltLeaves(t, true))
+
+	// Commit to the stxo of the previous asset. Otherwise the inclusion
+	// proofs will fail.
+	prevIdKey := asset.DeriveBurnKey(*newAsset.PrevWitnesses[0].PrevID)
+	scriptKey := asset.NewScriptKey(prevIdKey)
+	stxoAsset, err := asset.NewAltLeaf(
+		scriptKey, asset.ScriptV0, nil,
+	)
+	require.NoError(t, err)
+	stxoLeaf := asset.ToAltLeaves([]*asset.Asset{stxoAsset})
+	altLeaves = append(altLeaves, stxoLeaf...)
 	err = tapCommitment.MergeAltLeaves(altLeaves)
 	require.NoError(t, err)
 
@@ -293,8 +304,20 @@ func runAppendTransitionTest(t *testing.T, assetType asset.Type, amt uint64,
 		nil, split1Commitment,
 	)
 	require.NoError(t, err)
+
+	// Commit to the stxo of the previous asset. Otherwise the inclusion
+	// proofs will fail. With splits this is only needed for the root asset.
+	prevIdKey1 := asset.DeriveBurnKey(*split1Asset.PrevWitnesses[0].PrevID)
+	scriptKey1 := asset.NewScriptKey(prevIdKey1)
+	stxoAsset1, err := asset.NewAltLeaf(
+		scriptKey1, asset.ScriptV0, nil,
+	)
+	require.NoError(t, err)
+	stxoLeaf1 := asset.ToAltLeaves([]*asset.Asset{stxoAsset1})
+	split1AltLeaves = append(split1AltLeaves, stxoLeaf1...)
 	err = tap1Commitment.MergeAltLeaves(split1AltLeaves)
 	require.NoError(t, err)
+
 	tap2Commitment, err := commitment.NewTapCommitment(
 		nil, split2Commitment,
 	)
diff --git a/tapsend/proof_test.go b/tapsend/proof_test.go
@@ -222,27 +222,38 @@ func addOutputCommitment(t *testing.T, anchorTx *AnchorTransaction,
 		}
 	}
 
-	for idx, assets := range assetsByOutput {
-		for idx := range assets {
-			if !assets[idx].HasSplitCommitmentWitness() {
+	stxoAssetsByOutput := make(map[uint32][]asset.AltLeaf[asset.Asset])
+	for idx1, assets := range assetsByOutput {
+		for idx2 := range assets {
+			if assets[idx2].IsTransferRoot() {
+				stxoAssets, err := asset.CollectSTXO(
+					assets[idx2],
+				)
+				stxoAssetsByOutput[idx1] = append(
+					stxoAssetsByOutput[idx1], stxoAssets...,
+				)
+				require.NoError(t, err)
+			}
+			if !assets[idx2].HasSplitCommitmentWitness() {
 				continue
 			}
-			assets[idx] = assets[idx].Copy()
-			assets[idx].PrevWitnesses[0].SplitCommitment = nil
+			assets[idx2] = assets[idx2].Copy()
+			assets[idx2].PrevWitnesses[0].SplitCommitment = nil
 		}
 
 		c, err := commitment.FromAssets(nil, assets...)
 		require.NoError(t, err)
+		err = c.MergeAltLeaves(stxoAssetsByOutput[idx1])
+		require.NoError(t, err)
 
-		internalKey := keyByOutput[idx]
+		internalKey := keyByOutput[idx1]
 		script, err := tapscript.PayToAddrScript(*internalKey, nil, *c)
 		require.NoError(t, err)
 
-		packet.UnsignedTx.TxOut[idx].PkScript = script
-		packet.Outputs[idx].TaprootInternalKey = schnorr.SerializePubKey(
-			internalKey,
-		)
-		outputCommitments[idx] = c
+		packet.UnsignedTx.TxOut[idx1].PkScript = script
+		packet.Outputs[idx1].TaprootInternalKey = schnorr.
+			SerializePubKey(internalKey)
+		outputCommitments[idx1] = c
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2070,7 +2070,7 @@ func CollectSTXO(outAsset *Asset) ([]AltLeaf[Asset], error) {`
`2070`	`2070`	`// Genesis assets have no input asset, so they should have an empty`
`2071`	`2071`	`// STXO tree. Split leaves will also have a zero PrevID; we will use`
`2072`	`2072`	`// an empty STXO tree for them as well.`
`2073`		`- if outAsset.IsGenesisAsset() \|\| outAsset.HasSplitCommitmentWitness() {`
	`2073`	`+ if !outAsset.IsTransferRoot() {`
`2074`	`2074`	`return nil, nil`
`2075`	`2075`	`}`
`2076`	`2076`