Importing taproot keys

[coinlatte]

I tried the latest official 22.0 version. Now I know that importing taproot keys by WIF is possible, but I am getting strange results, it seems the keys are completely different than I am trying to import.

Code:

importdescriptors "[{\"desc\":\"tr(cMahea7zqjxrtgAbB7LSGbcQUr1uX1ojuat9jZodMN87JcbXMTcA)#tnrke5yz\",\"timestamp\":\"now\",\"label\":\"taproot\"}]"
importdescriptors "[{\"desc\":\"tr(cMahea7zqjxrtgAbB7LSGbcQUr1uX1ojuat9jZodMN87K7XCyj5v)#xpd75frm\",\"timestamp\":\"now\",\"label\":\"taproot2\"}]"

What was imported:

Code:

bcrt1pmfr3p9j00pfxjh0zmgp99y8zftmd3s5pmedqhyptwy6lm87hf5ssm803es
bcrt1pet7ep3czdu9k4wvdlz2fp5p8x2yp7t6ttyqg2c6cmh0lgeuu9laspse7la

What I expected:

Code:

bcrt1p0xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqc8gma6
bcrt1pccz8l9zpa47k6vz9gphftsrumpw80rjt3nhnefat4symjhrsnmjsgkm3r6

Why my public keys from taproot addresses are not the same as in my WIF's? Also I wonder why if I want to sign my transactions offline with Bitcoin Core I have to import my keys to regtest/testnet/signet instead of mainnet if my client does not have the chain?

[pooya87]

We don't use the public key of the private key directly in the P2TR output/address. Instead a "tweaked" version of it is going to be used which is why your expected addresses (derived from your public keys) are different from the actual addresses that the software gave you.
You can read the details of it in this section: https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#constructing-and-spending-taproot-outputs

[gmaxwell]

I saw there was a PR for using raw (untweaked) keys: https://github.com/bitcoin/bitcoin/pull/23480

It's probably a pretty bad idea to use it unless you must and you really know what you're doing... however.

[vjudeu]

What I expected:

Code:

bcrt1p0xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqc8gma6
bcrt1pccz8l9zpa47k6vz9gphftsrumpw80rjt3nhnefat4symjhrsnmjsgkm3r6

I saw there was a PR for using raw (untweaked) keys: https://github.com/bitcoin/bitcoin/pull/23480

Nice hint, there were some pre-activation coins in bc1p0xlxvlhemja6c4dqv22uapctqupfhlxm9h8z3k2e72q4k9hcz7vqzk5jj0 that were non-standard when created, but now I moved them in d345d25cbf488e705dd26bec204e7d0dcf9fb04c12a56705c4a5c2baf256c8b5, this new rawtr() in sipa's version works fine for those keys.

Also I wonder why if I want to sign my transactions offline with Bitcoin Core I have to import my keys to regtest/testnet/signet instead of mainnet if my client does not have the chain?

In signet and regtest, you can sign taproot transactions without downloading blockchain, because it is always active. In testnet and mainnet, you have to reach activation block to spend them. But as transactions can be signed in the same way, you can do that in regtest or signet and just copy-paste raw transaction to mainnet or testnet. The format is exactly the same, if you use createrawtransaction and signrawtransactionwithwallet correctly, you can just copy your signed transaction between different networks.

[coinlatte]

You can read the details of it in this section: https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#constructing-and-spending-taproot-outputs

How exactly keys are tweaked? Because every time I am getting wrong results, one correct example could be helpful. For example I have something like this:

Code:

internal_key=0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
tweak*G=0379A78517D39A73C6268BA907022D2B1144412988BD6BD059C0FB032FBBCC66C8
tweaked_key=02DA4710964F7852695DE2DA025290E24AF6D8C281DE5A0B902B7135FD9FD74D21
tweaked_key=internal_key+tweak*G
SHA-256("TapTweak")=e80fe1639c9ca050e3af1b39c143c63e429cbceb15d940fbb5c5a1f4af57c5e9
bytes(internal_key)=79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798
SHA-256(SHA-256("TapTweak")||SHA-256("TapTweak")||bytes(internal_key))=SHA-256(e80fe1639c9ca050e3af1b39c143c63e429cbceb15d940fbb5c5a1f4af57c5e9e80fe1639c9ca050e3af1b39c143c63e429cbceb15d940fbb5c5a1f4af57c5e979BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798)=3cf5216d476a5e637bf0da674e50ddf55c403270dd36494dfcca438132fa30e7
3cf5216d476a5e637bf0da674e50ddf55c403270dd36494dfcca438132fa30e7*G=02CC2A7558AE6D55AA13FDD0A7F1E77A5C212970EC5A571652E35D7B6A3F7A415D
02CC2A7558AE6D55AA13FDD0A7F1E77A5C212970EC5A571652E35D7B6A3F7A415D!=02DA4710964F7852695DE2DA025290E24AF6D8C281DE5A0B902B7135FD9FD74D21 (failed)

[garlonicon]

Code:

3cf5216d476a5e637bf0da674e50ddf55c403270dd36494dfcca438132fa30e7*G=02CC2A7558AE6D55AA13FDD0A7F1E77A5C212970EC5A571652E35D7B6A3F7A415D
02CC2A7558AE6D55AA13FDD0A7F1E77A5C212970EC5A571652E35D7B6A3F7A415D!=02DA4710964F7852695DE2DA025290E24AF6D8C281DE5A0B902B7135FD9FD74D21 (failed)

You were almost there! Just add 0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 to 02CC2A7558AE6D55AA13FDD0A7F1E77A5C212970EC5A571652E35D7B6A3F7A415D and you will get 03DA4710964F7852695DE2DA025290E24AF6D8C281DE5A0B902B7135FD9FD74D21, then replace "03" with "02" and you will get your key.