satisfy: change lookup_tap_key_spend_sig to take the public key

apoelstra · apoelstra · commit 1c2800e2c5ee · 2025-06-11T22:11:16.000Z
There is only one public key possible, but this makes the API more consistent between keyspends and script-spends, and makes it much easier for users who have a key->sig lookup table to implement satisfiers. Fixes #825
diff --git a/fuzz/fuzz_targets/miniscript_satisfy.rs b/fuzz/fuzz_targets/miniscript_satisfy.rs
@@ -23,7 +23,7 @@ impl FuzzSatisfier<'_> {
 }
 
 impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
-    fn lookup_tap_key_spend_sig(&self) -> Option<Signature> {
+    fn lookup_tap_key_spend_sig(&self, _: &FuzzPk) -> Option<Signature> {
         let b = self.read_byte()?;
         if b & 1 == 1 {
             // FIXME in later version of rust-secp we can use from_byte_array
@@ -34,8 +34,8 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
         }
     }
 
-    fn lookup_tap_leaf_script_sig(&self, _: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {
-        self.lookup_tap_key_spend_sig()
+    fn lookup_tap_leaf_script_sig(&self, pk: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {
+        self.lookup_tap_key_spend_sig(pk)
     }
 
     // todo
@@ -85,7 +85,7 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {
         (h, _): &(hash160::Hash, TapLeafHash),
     ) -> Option<(XOnlyPublicKey, Signature)> {
         self.lookup_raw_pkh_x_only_pk(h)
-            .zip(self.lookup_tap_key_spend_sig())
+            .zip(self.lookup_tap_key_spend_sig(&FuzzPk::new_from_control_byte(0)))
     }
 
     fn lookup_sha256(&self, b: &u8) -> Option<[u8; 32]> {
diff --git a/src/miniscript/satisfy.rs b/src/miniscript/satisfy.rs
@@ -35,7 +35,7 @@ pub trait Satisfier<Pk: MiniscriptKey + ToPublicKey> {
     fn lookup_ecdsa_sig(&self, _: &Pk) -> Option<bitcoin::ecdsa::Signature> { None }
 
     /// Lookup the tap key spend sig
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> { None }
+    fn lookup_tap_key_spend_sig(&self, _: &Pk) -> Option<bitcoin::taproot::Signature> { None }
 
     /// Given a public key and a associated leaf hash, look up an schnorr signature with that key
     fn lookup_tap_leaf_script_sig(
@@ -290,8 +290,8 @@ impl<Pk: MiniscriptKey + ToPublicKey, S: Satisfier<Pk>> Satisfier<Pk> for &S {
         (**self).lookup_raw_pkh_ecdsa_sig(pkh)
     }
 
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        (**self).lookup_tap_key_spend_sig()
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        (**self).lookup_tap_key_spend_sig(pk)
     }
 
     fn lookup_raw_pkh_tap_leaf_script_sig(
@@ -335,8 +335,8 @@ impl<Pk: MiniscriptKey + ToPublicKey, S: Satisfier<Pk>> Satisfier<Pk> for &mut S
         (**self).lookup_tap_leaf_script_sig(p, h)
     }
 
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        (**self).lookup_tap_key_spend_sig()
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        (**self).lookup_tap_key_spend_sig(pk)
     }
 
     fn lookup_raw_pkh_pk(&self, pkh: &hash160::Hash) -> Option<bitcoin::PublicKey> {
@@ -400,10 +400,10 @@ macro_rules! impl_tuple_satisfier {
                 None
             }
 
-            fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
+            fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
                 let &($(ref $ty,)*) = self;
                 $(
-                    if let Some(result) = $ty.lookup_tap_key_spend_sig() {
+                    if let Some(result) = $ty.lookup_tap_key_spend_sig(pk) {
                         return Some(result);
                     }
                 )*
@@ -678,12 +678,13 @@ impl<Pk: MiniscriptKey + ToPublicKey> Placeholder<Pk> {
                     debug_assert!(s.len() == *size);
                     s
                 }),
-            Placeholder::SchnorrSigPk(_, _, size) => {
-                sat.lookup_tap_key_spend_sig().map(|s| s.to_vec()).map(|s| {
+            Placeholder::SchnorrSigPk(pk, _, size) => sat
+                .lookup_tap_key_spend_sig(pk)
+                .map(|s| s.to_vec())
+                .map(|s| {
                     debug_assert!(s.len() == *size);
                     s
-                })
-            }
+                }),
             Placeholder::SchnorrSigPkHash(pkh, tap_leaf_hash, size) => sat
                 .lookup_raw_pkh_tap_leaf_script_sig(&(*pkh, *tap_leaf_hash))
                 .map(|(_, s)| {
diff --git a/src/plan.rs b/src/plan.rs
@@ -147,8 +147,8 @@ where
         Satisfier::lookup_ecdsa_sig(self, pk).is_some()
     }
 
-    fn provider_lookup_tap_key_spend_sig(&self, _: &Pk) -> Option<usize> {
-        Satisfier::lookup_tap_key_spend_sig(self).map(|s| s.to_vec().len())
+    fn provider_lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<usize> {
+        Satisfier::lookup_tap_key_spend_sig(self, pk).map(|s| s.to_vec().len())
     }
 
     fn provider_lookup_tap_leaf_script_sig(
diff --git a/src/psbt/finalizer.rs b/src/psbt/finalizer.rs
@@ -53,11 +53,13 @@ fn construct_tap_witness(
     }
     assert!(spk.is_p2tr());
 
-    // try the key spend path first
-    if let Some(sig) =
-        <PsbtInputSatisfier as Satisfier<XOnlyPublicKey>>::lookup_tap_key_spend_sig(sat)
-    {
-        return Ok(vec![sig.to_vec()]);
+    // try the key spend path firsti
+    if let Some(ref key) = sat.psbt_input().tap_internal_key {
+        if let Some(sig) =
+            <PsbtInputSatisfier as Satisfier<XOnlyPublicKey>>::lookup_tap_key_spend_sig(sat, key)
+        {
+            return Ok(vec![sig.to_vec()]);
+        }
     }
     // Next script spends
     let (mut min_wit, mut min_wit_len) = (None, None);
diff --git a/src/psbt/mod.rs b/src/psbt/mod.rs
@@ -261,8 +261,13 @@ impl<'psbt> PsbtInputSatisfier<'psbt> {
 }
 
 impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {
-    fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {
-        self.psbt_input().tap_key_sig
+    fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {
+        if let Some(key) = self.psbt_input().tap_internal_key {
+            if pk.to_x_only_pubkey() == key {
+                return self.psbt_input().tap_key_sig;
+            }
+        }
+        None
     }
 
     fn lookup_tap_leaf_script_sig(

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ impl FuzzSatisfier<'_> {`
`23`	`23`	`}`
`24`	`24`
`25`	`25`	`impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {`
`26`		`- fn lookup_tap_key_spend_sig(&self) -> Option<Signature> {`
	`26`	`+ fn lookup_tap_key_spend_sig(&self, _: &FuzzPk) -> Option<Signature> {`
`27`	`27`	`let b = self.read_byte()?;`
`28`	`28`	`if b & 1 == 1 {`
`29`	`29`	`// FIXME in later version of rust-secp we can use from_byte_array`
`@@ -34,8 +34,8 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {`
`34`	`34`	`}`
`35`	`35`	`}`
`36`	`36`
`37`		`- fn lookup_tap_leaf_script_sig(&self, _: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {`
`38`		`- self.lookup_tap_key_spend_sig()`
	`37`	`+ fn lookup_tap_leaf_script_sig(&self, pk: &FuzzPk, _: &TapLeafHash) -> Option<Signature> {`
	`38`	`+ self.lookup_tap_key_spend_sig(pk)`
`39`	`39`	`}`
`40`	`40`
`41`	`41`	`// todo`
`@@ -85,7 +85,7 @@ impl Satisfier<FuzzPk> for FuzzSatisfier<'_> {`
`85`	`85`	`(h, _): &(hash160::Hash, TapLeafHash),`
`86`	`86`	`) -> Option<(XOnlyPublicKey, Signature)> {`
`87`	`87`	`self.lookup_raw_pkh_x_only_pk(h)`
`88`		`- .zip(self.lookup_tap_key_spend_sig())`
	`88`	`+ .zip(self.lookup_tap_key_spend_sig(&FuzzPk::new_from_control_byte(0)))`
`89`	`89`	`}`
`90`	`90`
`91`	`91`	`fn lookup_sha256(&self, b: &u8) -> Option<[u8; 32]> {`
Original file line number	Diff line number	Diff line change
`@@ -147,8 +147,8 @@ where`
`147`	`147`	`Satisfier::lookup_ecdsa_sig(self, pk).is_some()`
`148`	`148`	`}`
`149`	`149`
`150`		`- fn provider_lookup_tap_key_spend_sig(&self, _: &Pk) -> Option<usize> {`
`151`		`- Satisfier::lookup_tap_key_spend_sig(self).map(\|s\| s.to_vec().len())`
	`150`	`+ fn provider_lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<usize> {`
	`151`	`+ Satisfier::lookup_tap_key_spend_sig(self, pk).map(\|s\| s.to_vec().len())`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`fn provider_lookup_tap_leaf_script_sig(`
Original file line number	Diff line number	Diff line change
`@@ -261,8 +261,13 @@ impl<'psbt> PsbtInputSatisfier<'psbt> {`
`261`	`261`	`}`
`262`	`262`
`263`	`263`	`impl<Pk: MiniscriptKey + ToPublicKey> Satisfier<Pk> for PsbtInputSatisfier<'_> {`
`264`		`- fn lookup_tap_key_spend_sig(&self) -> Option<bitcoin::taproot::Signature> {`
`265`		`- self.psbt_input().tap_key_sig`
	`264`	`+ fn lookup_tap_key_spend_sig(&self, pk: &Pk) -> Option<bitcoin::taproot::Signature> {`
	`265`	`+ if let Some(key) = self.psbt_input().tap_internal_key {`
	`266`	`+ if pk.to_x_only_pubkey() == key {`
	`267`	`+ return self.psbt_input().tap_key_sig;`
	`268`	`+ }`
	`269`	`+ }`
	`270`	`+ None`
`266`	`271`	`}`
`267`	`272`
`268`	`273`	`fn lookup_tap_leaf_script_sig(`