I still believe it is possible. This post: https://bitcointalk.org/index.php?topic=5462088.msg62647223#msg62647223Says we could only use PSBT's what is not true, signrawtransactionwithwallet works well. I believe we can't use signrawtransactionwithkey to sign complex taproot script as the post says, but signing with privatekey path is not complex taproot script, so, maybe it is possible if we create the full command with the respective witness value. |
|
|
|
|
In my case, the trick is importing the address with "timestamp"= date of the block of the first UTXO and let it do it until the end, after that, when I want to move, just repeat the command with "now" and it works perfectly.
About signrawtransactionwithkey maybe it works, I heard many times we couldn't do taproot transactions without PSBT's, etc and I did it, so, maybe everything have solution and the problem is just doing the configuration of the command with all variables.
If someone have success please report it.
|
|
|
|
Here goes the answers for many posts you made. Before I was using version 23, but I managed to upgrade to 25, problem was that I was running a service in this website: https://console.shuken.io/account/And they were running only version 23. They said they would upgrade just next month, so I moved on to a VPS and I installed a pruned node. Now with my own version 25, I got solution for the problem: "error": "Witness program was passed an empty witness"What is the problem? If we add some address to our wallet and we use the option to rescan the wallet since some "timestamp" value it will never work, we will see always that error. So, if you use a "timestamp" to rescan wallet, at the end you need to always run this command: bitcoin-cli importdescriptors '[{"desc": "tr(your_private_key)#your-checksum", "timestamp": "now", "internal": false, "label": "your_label"}]'Sometimes even if you stop the core and restart again you need to do it again what is a pain in the ass. After that you just create the raw normally with this command: bitcoin-cli createrawtransaction '[{"txid":"your_txid","vout":your_vout}]' '[{"your_destination_address":your_amount}]'That will give some output like this: 0200000001...Then we sign that output RAW with this command: bitcoin-cli signrawtransactionwithwallet 0200000001...That will give us some output like this: 020000000001...And we use it to broadcast it with: bitcoin-cli sendrawtransaction 020000000001...That's it. But now... Here we go again, infatuation ! If we want to use signrawtransactionwithkey and we are using the simplest syntax: bitcoin-cli signrawtransactionwithkey 0200000001... '["your_private_key"]'I got the same old f* error: "error": "Witness program was passed an empty witness"Now we can't use the bitcoin-cli importdescriptors trick with "timestamp": "now", so, what is the solution? Try it yourself please and give here feedback about if you have the same results or not. |
|
|
|
Use PSBT instead of raw transaction: Firstly, import the necessary descriptor to the wallet if it's not available ( command already provided). Secondly, create a partially signed Bitcoin transaction: createpsbt "[{\"txid\":\"<TXID>\",\"vout\":<N>}]" "[{\"<address1>\":<amount1>},{\"<address2>\":<amount2>}]"Thirdly, process the psbt ( update, sign): walletprocesspsbt "<PSBT from above command>" Fourthly, finalize it: finalizepsbt "<processed PSBT from above command>" Lastly, send it to mempool: sendrawtransaction "<signed raw transaction from above command>" Hi, thanks for the answer, I have also tested without success, seems the wallet can't sign. I read that is only supported in last core version 25 and for moments I can't try it because I only have 23 and is a testing node that I don't control. Have you tested it with success on what core version? |
|
|
|
I did both testnet and mainnet. There are the instructions (the step-by-step example of spending from the tb1p8wpt9v4frpf3tkn0srd97pksgsxc5hs52lafxwru9kgeephvs7rqlqt9zj Taproot address to the other Taproot one: tb1p90h6z3p36n9hrzy7580h5l429uwchyg8uc9sz4jwzhdtuhqdl5eqmpwq6n; you can add the change and the corresponding address by modifying the createrawtransaction RPC in the example; remove "-testnet" option if you want mainnet): $ ./bitcoin-cli.exe -testnet createrawtransaction '[{"txid":"8cdf19ed3ade4af038314ef58b116a523f99aa1c585ca3c157ce5386f9df6421","vout":0}]' '[{"tb1p90h6z3p36n9hrzy7580h5l429uwchyg8uc9sz4jwzhdtuhqdl5eqmpwq6n":0.00001000}]'
$ ./bitcoin-cli.exe -testnet importdescriptors '[ { "desc" : "tr(cV628xvqToz45dwdPmTcJ9RgEVnWMwP8dpZBGzb9LfTk3sBHFNwc)#8skcj28y", "timestamp" : "now" } ]'
$ ./bitcoin-cli.exe -testnet signrawtransactionwithwallet "02000000012164dff98653ce57c1a35c581caa993f526a118bf54e3138f04ade3aed19df8c0000000000fdffffff01e8030000000000002251202befa14431d4cb71889ea1df7a7eaa2f1d8b9107e60b01564e15dabe5c0dfd3200000000" '[{"txid": "8cdf19ed3ade4af038314ef58b116a523f99aa1c585ca3c157ce5386f9df6421", "vout": 0, "scriptPubKey": "5120c38859777bc9c3294d3587035fc3823a146dabaab1fa250bc04e92f16887a065", "amount": 0.00000000}]' "DEFAULT"
$ ./bitcoin-cli.exe -testnet sendrawtransaction 020000000001012164dff98653ce57c1a35c581caa993f526a118bf54e3138f04ade3aed19df8c0000000000fdffffff01e8030000000000002251202befa14431d4cb71889ea1df7a7eaa2f1d8b9107e60b01564e15dabe5c0dfd320140f10fc6bb1d414d4c888838fb6b1699c3e538331d32b64b5baf85c1cc34e2c43eb7bdd7a14fd4a4a07341d1b0390ad977be711bc49df786982243c6564a33f6b400000000Source: " https://bitcoin.stackexchange.com/a/117013/135945". Is that what you are looking for? This command: ./bitcoin-cli.exe -testnet signrawtransactionwithwallet "02000000012164dff98653ce57c1a35c581caa993f526a118bf54e3138f04ade3aed19df8c00000 00000fdffffff01e8030000000000002251202befa14431d4cb71889ea1df7a7eaa2f1d8b9107e6 0b01564e15dabe5c0dfd3200000000" '[{"txid": "8cdf19ed3ade4af038314ef58b116a523f99aa1c585ca3c157ce5386f9df6421", "vout": 0, "scriptPubKey": "5120c38859777bc9c3294d3587035fc3823a146dabaab1fa250bc04e92f16887a065", "amount": 0.00000000}]' "DEFAULT" At least in mainnet will output something like this: "complete": false, "error": "Witness program was passed an empty witness" Can you test it on mainnet and see? Even the syntax of the command is not well done, the last parameter "DEFAULT" don't exist, here is the right syntax of it: Argument #3 - sighashtype
Type: string, optional, default=ALL
The signature hash type. Must be one of
“ALL” “NONE” “SINGLE” “ALL|ANYONECANPAY” “NONE|ANYONECANPAY” “SINGLE|ANYONECANPAY”
If you want to use the default value you need to put ALL and not DEFAULT, some beginner made that. |
|
|
|
Maybe in testnet, have you tried yourself in mainnet to see if it works? I think you will be surprised. |
|
|
|
|
Hi guys,
I'm starting this topic after googling a lot about this and don't find nothing.
So, I'm offering a prize of €50 in Lightning Satoshis to the first guy that presents the solution, a step by step guide to move some part of the sats from one taproot address to another taproot address with the change coming back for the first one on mainnet.
This need to be done with node bitcoin-cli commands and explained step-by-step for any newbie in the world that uses a bitcoin node could do it.
Until now I just met guys with nodes that can't do it, I think is time for everyone knows how to use it.
More questions you can send me PM.
PS: "Let's lead the way and show the light of day."
|
|
|
|
I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?
If we use the second method of creating the Taproot address ( explained here) then no we can't know the public key that was used, we only see the "tweaked" public key. For many guys it seem it is not important to hide the public key, but for Satoshi it was important, so, I keep on Satoshi line, Taproot addresses YES, but need to be possible to hide the public key, if not, no thanks.
In asymmetric cryptography the public key needs to be public! otherwise the algorithm is useless. What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?
ChatGPT is not suitable to answer anything technical. A simple Google search would give you better results in most cases. In this case you are correct, by having the Tweaked pubkey alone we can not reverse it to get the original pubkey because the last step is adding two pubkeys which is not reversible (pub_tweak = pub + (t * G)). Thank you very much for your time on this, you really help me to go in the right direction, |
|
|
|
|
Some words of ChatGPT about the subject:
According to the web search results, it is possible to revert a tweaked Taproot address to the x-only public key, but it requires some knowledge of elliptic curve cryptography and the Taproot protocol. Here is a brief explanation of how to do it:
• A Taproot address is derived from a tweaked public key Q, which is the result of adding an internal public key P and a tweak value T. The tweak value T is the hash of the x-only public key P and an optional script path c. The formula is: Q = P + T, where T = H (P|c)G and G is the generator point of the secp256k1 curve.
• To revert a tweaked Taproot address to the x-only public key, you need to subtract the tweak value T from the tweaked public key Q. The formula is: P = Q - T, where T = H (P|c)G.
• However, you cannot directly compute T from Q, because you do not know P or c. You need to guess or obtain these values from some other source, such as the owner of the address or a transaction that spends from it.
• If you know or guess c, you can compute T by hashing P and c and multiplying by G. Then you can subtract T from Q and get P. The formula is: P = Q - H (P|c)G.
What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?
For my first interpretation I think tweaked taproot addresses really keep our public key private, but there is a lot of info on internet and even ChatGPT says the opposite, so, this post can help to clear the doubts for newbies like me.
Can the "legendary" guys comment it?
|
|
|
|
All Taproot addresses are always encoding a 32 byte data called the "witness program" that is always an x-only public key whether it is a single pubkey address like I explained above or if it is using the script spending route with a TapScript.
To put simply there no longer is hashing involved like P2PKH, P2WPKH, etc addresses.
I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak? For many guys it seem it is not important to hide the public key, but for Satoshi it was important, so, I keep on Satoshi line, Taproot addresses YES, but need to be possible to hide the public key, if not, no thanks. Ok, they can be used for hot wallets and many applications but never for cold wallets, it's the first protection against a possible future attack. |
|
|
|
|
Testnet or mainnet, 1st we need the code and we can look to a script that somebody have and learn step by step.
Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?
|
|
|
|
.... because when tested some of them with some satoshis I just lost the access to them.
There is something called Testnet where you can learn and practice, if there are some error you will not lose anything because Testnet coins are worthless. I know, but testnet for itself dont teach us how to generate Taproot addresses with our own code. |
|
|
|
when you send bitcoins from legacy Address
Bitcoins are not sent FROM addresses. This is a fundamental misunderstanding of how bitcoin works. Continuing down this path while trying to understand Bitcoin at a technical level is only going to cause you more confusion. How can i hide my public key while still Re-using the same address
Do not re-use addresses. If you want to re-use an address, then either make sure that you use software that will allow you to simultaneously spend ALL unspent outputs that were created from that address in a single transaction, OR accept that you will be giving up a bit of privacy because you chose to re-use an address. Addresses are NOT account numbers. Bitcoin is not a bank account. Think of an address like an invoice number. It's something that you give to someone else so that you can keep track of the payment that they make to you. You wouldn't typically re-use an invoice number, so don't re-use an address. What is the main reason to dont reuse addresses, the exposition of public key? |
|
|
|
List is updated with few more wallets thanks to your suggestions.
Nunchuk wallet has full Taproot support for some time and it is getting more popular solution for multisig setup and non-KYC inheritance plans.
Bitmask is new wallet that can work as browser extension or web wallet, and it supports Bitcoin Network with Taproot, Lightning Network, RGB, and other features.
I am considering all custodial wallets similar like centralized exchanges so I won't be adding them in this list any time soon.
Do your own research before using any wallet even if they are open source.
Only that I tried with success to sweep a taproot address was Samourai Wallet. Is there some taproot address expert here that could answer to some questions? I'm trying to confirm if there is any type of taproot address with or without tweak that protects our public key identity until 1st move, somebody can answer that? |
|
|
|
|
Interesting subject here, so I decided to post.
I have been studying Bitcoin Taproot addresses and it seems or not because I have read YES and NO that is not possible to hide public key until first transaction because all Taproot addresses expose it naturally (if someone can explain/clarify it, I would appreciate).
I read some comments, about that is not important and pubkeys should be public, bla bla bla...
Satoshi Nakamoto use to say to use the address only one time for max security and there is a reason for that for sure.
Many ppl is speaking that with a quantic attack many bitcoin would be taken and bitcoin would go to zero if someone have enough powerful quantic computer.
I disagree with that, imagine there is a quantic computer that can brake it in 1 year, all addresses already transacted at least 1 year would be exposed, but all the other would be safe and if someone someday have access to a quantic with power to brake bitcoin for sure he will not start to stole every bitcoins he can and make market go down, of course they would be subtil and just make surgical stoles, the type of attacks the owner will complaint and everybody will think he just was hacked by some APP or he is dumb, nobody will believe that it was a quantic attack (same as when in 2nd WW allies made with german Enigma machine, they didn't refute all german steps to don't put on check the important advantage they already have.)
In a time that many ppl is talking about possibility of future quantic attacks for bitcoin, Satoshi already have made the 1st step against quantic attack hiding the public key until first and possible only move if we just move the exchange to a new address.
So, if Taproot addresses always expose the public key, I don't know about you, but I would not use them to save my bitcoins in a cold wallet, maybe for another applications could be good enough, but not for cold wallets.
What you think about it?
|
|
|
|
~
Hi,
I found this on internet:
To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:
1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.
What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!
Can you help ? !
That does not matter for address generation because your x value does not change when negating a public key meaning P(x,y) = -P(x,y) = P(x,-y) and we only use the x coordinate in the address. Even y coordinate is something you should check and take some extra steps when signing and verifying ECSDSA signatures. I have another doubt in the hands, after google and ChatGPt the doubt subsist, is there any hashed Taproot address that protects the public key identity until 1st transaction be done as in Legacy and Segwit addresses or every Taproot address simple or with tweak never protect the public key identity ? |
|
|
|
Hi,
I'd like to know if there is ppl that would like to help to develop a Javascript Taproot Address Generator for Browser.
I have been working on that since some time and the idea is to make the simplest address generator possible in a standalone file, without using complicated libraries full of code that makes any guy just want to trust and not verify.
The lines of code contained in popular libraries are complex and very extensive. But there is a reason for that. They aren't complex to make you confused when verifying. They are complex because they are tested, secure, efficient and accurate. You shouldn't spend your time reinventing the wheel. This is not how new techs evolve. By doing what those professional libraries do in your own way, you will probably create an insecure and inefficient software. For learning purposes you are making a nice initiative. But only for that. Look how they are tested, secure, efficient and accurate: https://cointelegraph.com/news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-funds-slow-mistThat is what I have being trying to explain, we can always do it better if we study it enough, we need one simple, auditable official core APP just to generate addresses, not a core with gigas and gigas and using CSPNG's. |
|
|
|
|
Understood !
Thanks again for the help, I'll keep my job.
Sorry, I have 0 merit points to give you, we need to ask admins to change merit points for LN Satoshis and anyone could send it as much as he wants.
Forum could win a fee too, it would be awesome.
|
|
|
|
If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea. Case in point: From this x-only form coordinate point:
X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)
What is the next step to get this final taproot address:
BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9
Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address. One is the simple and quick way of "pay to key" where the address encodes the pubkey you have: bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug
The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)
and tweak key pub_tweak = pub + (t * G).
and computing the address using the tweaked pubkey bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9
This means depending on how you created the address, the way you spend the coins sent to the address is going to be different. Hi, I found this on internet: To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:
1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.What is the meaning of this? In this example I gave you, Y was odd and it worked perfectly! Can you help ? ! |
|
|
|
Even the wheel continues to evolve in practice.
But you should evolve from where people left, not from zero. When I started to learn how to code I was also resistant to use libraries. Later on I understood that a programmer who ignores them is making a worse software. Libraries are code written by specialists. You cannot be a specialist in everything, so you use code other people wrote.your softwares will be better when you understand the importance of libraries Sometime you can ignore libraries because you are in a hurry or because you have a limited environment... but when you can you should use them. Maybe in your project you may not use them. But you should be aware of the limitations you are imposing to your project (specially in security and efficiency) Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.
This not happening. And probably will never be done from scratch by ai. Thks is not how ai works. even AI look at current libraries before trying to write a better code. AI might improve code. Sometimes the best way of evolve something is start from scratch, one example is quantic computing. If you go to the bases you can read that almost all ppl is using CSPRNG's to generate the "random" numbers for bitcoin addresses, every CSPRNG is like a casino roulette, there is none perfect and maybe can be exploited someday, nobody need to use a CSPRNG to generate his own addresses. |
|
|
|
|
Show Posts
