[feature]: optionally generate asset group key without internal key tweak during minting #1226
Comments
|
Some risks here:
I'm sure there are other risks wrt. what aspect this loosening would affect. It looks like there is a proposed BIP that exactly addresses this need: https://github.com/bitcoin/bips/blob/master/bip-0372.mediawiki But I'm not sure how widely it has been adopted. As an alternative, we could consider a new means of committing to the group anchor asset ID. We could borrow the unspendable leaf pattern we use for the Tap commitment root to commit to the anchor asset ID, alongside the Group Key Tapscript Root. If there is no Group Key Tapscript Root, we can re-use the BIP-86 behavior of committing to the pubkey of the internal key as an unspendable script. Concretely:
With this pattern (or similar), we can remove the problematic single tweak without removing the commitment to the group anchor asset ID. This should improve the compatibility with hardware signers without meaningfully changing the assumptions around group keys. |
|
Not sure if we can pass all of the correct tweaks with the existing PSBT Taproot fields: https://github.com/bitcoin/bips/blob/master/bip-0371.mediawiki |
The asset group key is derived by applying two distinct tweaks to a raw public key: the Internal Key Tweak (known as the "single tweak" in code) and the Tapscript Root Tweak. The Internal Key Tweak ensures the asset group key is unique to the genesis asset ID, while the Tapscript Root Tweak binds the key to the conditions encoded in the Taproot script tree. The resulting key allows for securely identifying and reissuing assets within a group.
Problem: Asset Group PSBT External Signing
Applying the Internal Key Tweak to the raw signing public key prevents an external PSBT hardware wallet signer from signing the PSBT, which is necessary for generating the asset group witness and for validation within the tap VM. This limitation arises because the PSBT signer cannot recover the raw signing public key from the tweaked internal key, as the Internal Key Tweak obscures the original public key.
In addition, the PSBT format, along with most hardware wallets, currently lacks support for specifying the Internal Key Tweak. Such support would be necessary to identify the underlying raw signing key and correctly derive the tweaked Taproot internal key.
Solution Part 1: Adjust Asset Group Key Generation Process
The proposed solution introduces a flag to allow skipping the Internal Key Tweak step when generating an asset group key. The implementation will proceed as follows:
MintAssetRPC endpoint to specify whether the Internal Key Tweak step should be skipped. This flag defaults tofalse.tapgarden.Seedlingstruct to carry the configuration through the minting process.GroupKeyRequesttype struct to ensure the choice persists through the relevant logic.asset.GroupPubKeyfunction to respect the flag, bypassing the Internal Key Tweak step if the flag is set.Proposed flag name:
SkipInternalKeyTweak.Solution Part 2: Adjust GroupKeyReveal Verification Process
To ensure backward compatibility while supporting asset group keys generated without the Internal Key Tweak, the
GroupKeyRevealverification process needs to be adjusted as follows:This modification ensures compatibility with both tweaked and untweaked asset group keys while maintaining existing functionality.
The text was updated successfully, but these errors were encountered: