Say I have a taproot address with a valid scriptpath (along with the mandatory keypath).
Is it possible to derive the witness program (schnorr signature of the taproot key) from the address?
Asked
Active
Viewed 170 times
2
-
1You certainly can't derive a signature from the address. The witness program is just the scriptPubKey corresponding to the address, so that's trivial. I feel like you're conflating some terminology which makes me not understand the question. – Pieter Wuille Mar 24 '22 at 12:48
-
2I am not sure whether I understand your question the way you meant it. Here's what I think you are asking: *Given a witness program that can be spent either via keypath or via scriptpath, is knowing the address and the private key corresponding to the internal public key sufficient to spend?* – Is that what you were interested in? – Murch Mar 24 '22 at 15:08
1 Answers
2
The addresses used for P2TR outputs encode a version-1 witness program featuring the tweaked public key. This witness program can be derived from the address and thus is sufficient for a sender to pay the recipient.
In order to later make a keypath spend, the receiver will need to sign with the internal public key and apply the script tree's root as a tweak to the signature. If the receiver only knows the internal private key and the address, they will not be able to spend, since they cannot recalculate the tweak from that information if there is a meaningful script tree.
So, either the receiver must know at the least the root of the script tree, or the witness program must have been previously resolved by a scriptpath spend which would have revealed the script tree root.
Murch
- 71,155
- 33
- 180
- 600