I wrote a program that verifies signatures for Taproot transactions utilizing the secp256k1 library. My program works completely for SIGHASH_ALL, SIGHASH_NONE and SIGHASH_SINGLE. However in February, we noticed the start of an enormous wave of Taproot transactions utilizing 0x83 because the SIGHASH byte. I additionally know of 1 Taproot transaction that makes use of SIGHASH byte 0x81. My program fails on transactions that embrace the SIGHASH_ANYONECANPAY bit and I am unable to determine why. These are all keypath spent transactions, which needs to be comparatively easy to confirm.
The issue should be that I’m not producing the identical message that was signed for these SIGHASH varieties, however I am unable to discover the place the error is. I’m utilizing the Signature validation guidelines part of BIP341 to find out which elements of the transaction to incorporate.
The transaction that makes use of SIGHASH byte 0x81 is c0b767665e68916510126d704c1e96903275ed9e8c97e6782568cd23a4e8ef09, enter 0. My program produces a message of 126 bytes as follows:
Zero byte: 00
Sighash: 81
Tx Model: 02000000
Tx Locktime: 00000000
Outputs Hash: d32241d6cf9637a786922b700fc5c34385dc2a738d84734cae914b39ef595cfe
Spend Kind: 00
Outpoint: 7eac3298e596858e44bdf23a06409133bf5eb5b886dda2891de452b991a7489400000000
Quantity: 3954000000000000
Output Script: 225120fd784aba5e91d18306ba722f3af50ecdaf056caf19a3632a39b1b64a2109ecf6
Sequence: ffffffff
The outputs hash is a single SHA256 of the next bytes:
Output 0 Quantity: e803000000000000
Output 0 Script: 225120fd784aba5e91d18306ba722f3af50ecdaf056caf19a3632a39b1b64a2109ecf6
Output 1 Quantity: 3d46000000000000
Output 1 Script: 225120fd784aba5e91d18306ba722f3af50ecdaf056caf19a3632a39b1b64a2109ecf6
A transaction that makes use of SIGHASH byte 0x83 is 2e46f5b63deb421dee85cfea240a74b99d14b3286c195189f223f6260ea13943, enter 1. My program produces a message of 126 bytes as follows:
Zero byte: 00
Sighash: 83
Tx Model: 02000000
Tx Locktime: 00000000
Spend Kind: 00
Outpoint: 19ad63e54efbd351f94496789035483cd4c6962c9d63fe83dc9babcead677f4b00000000
Quantity: 1027000000000000
Output Script: 2251208102001190c6aad9a015dff1540dc9a7bda31613b8ab05a58268c4bff53fae82
Sequence: ffffffff
Output Hash: a29ce7981f103591964c176f85cb171e098c4d86d31ec711b2a91c0d59134adf
The output hash is a single SHA256 of the next bytes:
Output 1 Quantity: 1027000000000000
Output 1 Script: 2251208102001190c6aad9a015dff1540dc9a7bda31613b8ab05a58268c4bff53fae82
The whole lot else is working fantastic. I am utilizing the TapSighash tag and the whole lot else accurately, in any other case not one of the different transactions would confirm both. The issue is simply taking place for SIGHASH_ANYONECANPAY varieties. What am I lacking?