Bitcoin Core 29.99.0
P2P Digital Currency
Public Member Functions | Static Public Member Functions | Static Public Attributes | Private Attributes | List of all members
XOnlyPubKey Class Reference

#include <pubkey.h>

Inheritance diagram for XOnlyPubKey:
[legend]
Collaboration diagram for XOnlyPubKey:
[legend]

Public Member Functions

 XOnlyPubKey ()=default
 Construct an empty x-only pubkey. More...
 
 XOnlyPubKey (const XOnlyPubKey &)=default
 
XOnlyPubKeyoperator= (const XOnlyPubKey &)=default
 
bool IsFullyValid () const
 Determine if this pubkey is fully valid. More...
 
bool IsNull () const
 Test whether this is the 0 key (the result of default construction). More...
 
constexpr XOnlyPubKey (std::span< const unsigned char > bytes)
 Construct an x-only pubkey from exactly 32 bytes. More...
 
 XOnlyPubKey (const CPubKey &pubkey)
 Construct an x-only pubkey from a normal pubkey. More...
 
bool VerifySchnorr (const uint256 &msg, std::span< const unsigned char > sigbytes) const
 Verify a Schnorr signature against this public key. More...
 
uint256 ComputeTapTweakHash (const uint256 *merkle_root) const
 Compute the Taproot tweak as specified in BIP341, with *this as internal key: More...
 
bool CheckTapTweak (const XOnlyPubKey &internal, const uint256 &merkle_root, bool parity) const
 Verify that this is a Taproot tweaked output point, against a specified internal key, Merkle root, and parity. More...
 
std::optional< std::pair< XOnlyPubKey, bool > > CreateTapTweak (const uint256 *merkle_root) const
 Construct a Taproot tweaked output point with this point as internal key. More...
 
std::vector< CKeyIDGetKeyIDs () const
 Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey. More...
 
CPubKey GetEvenCorrespondingCPubKey () const
 
const unsigned char & operator[] (int pos) const
 
const unsigned char * data () const
 
const unsigned char * begin () const
 
const unsigned char * end () const
 
unsigned char * data ()
 
unsigned char * begin ()
 
unsigned char * end ()
 
bool operator== (const XOnlyPubKey &other) const
 
bool operator!= (const XOnlyPubKey &other) const
 
bool operator< (const XOnlyPubKey &other) const
 
 SERIALIZE_METHODS (XOnlyPubKey, obj)
 Implement serialization without length prefixes since it is a fixed length. More...
 

Static Public Member Functions

static constexpr size_t size ()
 

Static Public Attributes

static const XOnlyPubKey NUMS_H
 Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BIP341 for more details. More...
 

Private Attributes

uint256 m_keydata
 

Detailed Description

Definition at line 230 of file pubkey.h.

Constructor & Destructor Documentation

◆ XOnlyPubKey() [1/4]

XOnlyPubKey::XOnlyPubKey ( )
default

Construct an empty x-only pubkey.

◆ XOnlyPubKey() [2/4]

XOnlyPubKey::XOnlyPubKey ( const XOnlyPubKey )
default

◆ XOnlyPubKey() [3/4]

constexpr XOnlyPubKey::XOnlyPubKey ( std::span< const unsigned char >  bytes)
inlineexplicitconstexpr

Construct an x-only pubkey from exactly 32 bytes.

Definition at line 257 of file pubkey.h.

◆ XOnlyPubKey() [4/4]

XOnlyPubKey::XOnlyPubKey ( const CPubKey pubkey)
inlineexplicit

Construct an x-only pubkey from a normal pubkey.

Definition at line 260 of file pubkey.h.

Member Function Documentation

◆ begin() [1/2]

unsigned char * XOnlyPubKey::begin ( )
inline

Definition at line 298 of file pubkey.h.

Here is the call graph for this function:

◆ begin() [2/2]

const unsigned char * XOnlyPubKey::begin ( ) const
inline

Definition at line 295 of file pubkey.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ CheckTapTweak()

bool XOnlyPubKey::CheckTapTweak ( const XOnlyPubKey internal,
const uint256 merkle_root,
bool  parity 
) const

Verify that this is a Taproot tweaked output point, against a specified internal key, Merkle root, and parity.

Definition at line 251 of file pubkey.cpp.

Here is the call graph for this function:

◆ ComputeTapTweakHash()

uint256 XOnlyPubKey::ComputeTapTweakHash ( const uint256 merkle_root) const

Compute the Taproot tweak as specified in BIP341, with *this as internal key:

  • if merkle_root == nullptr: H_TapTweak(xonly_pubkey)
  • otherwise: H_TapTweak(xonly_pubkey || *merkle_root)

Note that the behavior of this function with merkle_root != nullptr is consensus critical.

Definition at line 240 of file pubkey.cpp.

Here is the caller graph for this function:

◆ CreateTapTweak()

std::optional< std::pair< XOnlyPubKey, bool > > XOnlyPubKey::CreateTapTweak ( const uint256 merkle_root) const

Construct a Taproot tweaked output point with this point as internal key.

Definition at line 259 of file pubkey.cpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ data() [1/2]

unsigned char * XOnlyPubKey::data ( )
inline

Definition at line 297 of file pubkey.h.

Here is the call graph for this function:

◆ data() [2/2]

const unsigned char * XOnlyPubKey::data ( ) const
inline

Definition at line 294 of file pubkey.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ end() [1/2]

unsigned char * XOnlyPubKey::end ( )
inline

Definition at line 299 of file pubkey.h.

Here is the call graph for this function:

◆ end() [2/2]

const unsigned char * XOnlyPubKey::end ( ) const
inline

Definition at line 296 of file pubkey.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GetEvenCorrespondingCPubKey()

CPubKey XOnlyPubKey::GetEvenCorrespondingCPubKey ( ) const

Definition at line 217 of file pubkey.cpp.

Here is the call graph for this function:

◆ GetKeyIDs()

std::vector< CKeyID > XOnlyPubKey::GetKeyIDs ( ) const

Returns a list of CKeyIDs for the CPubKeys that could have been used to create this XOnlyPubKey.

This is needed for key lookups since keys are indexed by CKeyID.

Definition at line 200 of file pubkey.cpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ IsFullyValid()

bool XOnlyPubKey::IsFullyValid ( ) const

Determine if this pubkey is fully valid.

This is true for approximately 50% of all possible 32-byte arrays. If false, VerifySchnorr, CheckTapTweak and CreateTapTweak will always fail.

Definition at line 224 of file pubkey.cpp.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ IsNull()

bool XOnlyPubKey::IsNull ( ) const
inline

Test whether this is the 0 key (the result of default construction).

This implies !IsFullyValid().

Definition at line 254 of file pubkey.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ operator!=()

bool XOnlyPubKey::operator!= ( const XOnlyPubKey other) const
inline

Definition at line 301 of file pubkey.h.

◆ operator<()

bool XOnlyPubKey::operator< ( const XOnlyPubKey other) const
inline

Definition at line 302 of file pubkey.h.

◆ operator=()

XOnlyPubKey & XOnlyPubKey::operator= ( const XOnlyPubKey )
default

◆ operator==()

bool XOnlyPubKey::operator== ( const XOnlyPubKey other) const
inline

Definition at line 300 of file pubkey.h.

◆ operator[]()

const unsigned char & XOnlyPubKey::operator[] ( int  pos) const
inline

Definition at line 292 of file pubkey.h.

Here is the call graph for this function:

◆ SERIALIZE_METHODS()

XOnlyPubKey::SERIALIZE_METHODS ( XOnlyPubKey  ,
obj   
)
inline

Implement serialization without length prefixes since it is a fixed length.

Definition at line 305 of file pubkey.h.

◆ size()

static constexpr size_t XOnlyPubKey::size ( )
inlinestaticconstexpr

Definition at line 293 of file pubkey.h.

Here is the call graph for this function:
Here is the caller graph for this function:

◆ VerifySchnorr()

bool XOnlyPubKey::VerifySchnorr ( const uint256 msg,
std::span< const unsigned char >  sigbytes 
) const

Verify a Schnorr signature against this public key.

sigbytes must be exactly 64 bytes.

Definition at line 230 of file pubkey.cpp.

Here is the call graph for this function:
Here is the caller graph for this function:

Member Data Documentation

◆ m_keydata

uint256 XOnlyPubKey::m_keydata
private

Definition at line 233 of file pubkey.h.

◆ NUMS_H

constexpr XOnlyPubKey XOnlyPubKey::NUMS_H
staticconstexpr
Initial value:
{
[]() consteval { return XOnlyPubKey{"50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0"_hex_u8}; }(),
}

Nothing Up My Sleeve point H Used as an internal key for provably disabling the key path spend see BIP341 for more details.

Nothing Up My Sleeve (NUMS) point.

NUMS_H is a point with an unknown discrete logarithm, constructed by taking the sha256 of 'g' (uncompressed encoding), which happens to be a point on the curve.

For an example script for calculating H, refer to the unit tests in ./test/functional/test_framework/crypto/secp256k1.py

Definition at line 239 of file pubkey.h.

The documentation for this class was generated from the following files:
Generated on Thu Jun 26 2025 20:00:36 for Bitcoin Core by doxygen 1.9.4