-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Confidential peg-in transaction #1325
Comments
Hey @alexqrid! Nice find, normally pegins have explicit (unblinded) outputs.
The output on the liquid side can be blinded, but obviously not on the bitcoin side.
Only the wallet that created the output has the blinding keys (unless they get exported and shared), and the output asset/amount can't be unblinded without the blinding keys. |
The transaction has two confidential outputs, so in principle, the pegin amount could be split in any way between the two, and there's no way to tell :). In practice because one output is OP_RETURN, I think we can assume that its value is 0 and the entire pegin went to the other output. I think that the Elements wallet will do this if you do a peg-in to a confidential address. |
I would like to know how to construct such a blinded pegin transaction using the RPC calls. Please help me. UPDATE: Just want to sum up all the ways that did not work: using just a long CT address in a pegin and then calling blindrawtransaction did not help. Neither did rawblindraw transaction with dest addr blindingkey, value, default Bitcoin asset and all-zero asset blinding key. Neither flipping the last and first of previous. No more ideas at the moment. The transaction skeleton I use for experimenting looks the same as above'linket tx, i.e. data ("deadbeef") followed by hmm. Createrawtransaction reorders vout to destination address and fee. I will try to form a raw hex instead. |
@apoelstra My finding is that Elements wallet does not do such transaction by itself. So far, at least. Maybe GUI? But I doubt since |
As a general rule, you should use the PSET API rather than the rawtransaction API ... though for a single-party transaction both should be fine. The "automatically add OP_RETURN" behavior happens in So I think the RPC you need to call is (This is an obscure corner of the blinding logic and it may be helpful to look at the |
Success! For record I will write one possibility here done with Elements Core v23.2.2rc2
Let's say we have following input for [{"txid":"7007f1091b6a3e973316416a67c249993f2799a34219dbed49129bbb70d80345","vout":0,"pegin_bitcoin_tx":"02000000000101b4c4c57794d37d086ab47cdf7004e91ca2a45ae9428dba541259516682e6f1ca0200000000fdffffff0240420f00000000002200204ec0a83d897cfa7637a7e2096983f34e711e94477ee9421463d872ba8da789236d3a7f0000000000160014014e8cbae2c9038a1b917d5a05ff9435a7702fd002473044022006a79295b35f41f39b1daddf570d201025146c34e7f0ad073244f8288a0dbc52022056d0532ad82c6b369360f22dadd725084d12374fdaa8b47a936bc3770c6b26a50121026cb93a5de74af745b87226cae67728de53be46f53e77a0f88b57bf4dcfdc684900000000","pegin_txout_proof":"004049259e57878af7850e5f4e9b6785070d3b291519a3e93cee000000000000000000006ada04f732c3aa582769f204cb14ba8ffbfd8cb1c4eb2be17c55cf0ac3ec5f0b04236e66b85c03178c16665eca0a00000dd10abab181486ee71f7bfb7d3764f2c994a5df7e49ff0e67fa553189fb400be86afc6e9bd9f9c874ce28ecce173dfddd7fe616180d6d941c872b1dcab95fd89934d035b5c0cdf795dfa10dbf677507536401272e24bbae022b825b548aa1a0899c738806994355104be7931644d94f2dd17bda1117cec20b4142dc7cce0c31694503d870bb9b1249eddb1942a399273f9949c2676a411633973e6a1b09f10770a8753ebf3cae831a182a92b1e27dc7fd004724f76803229a3d7f7ebe538b8a6328621291afc2738606af6db0e65425d8619c785afa37e51bffa4e8f08069bc6b73a6caf4d996262fede1810a19afa2355ad8f518fe21e293d47e7ffe530ef13d53561e6cba304957d495e29e51856bba4cade71cf89d0931585d0d8a5e34c916a002b6efb143c5677be5517cd76a2e15924a052612d16a4d2046d1749914fd69618508d11791b3b5ce6231c42e7ac2a84a3ee07ab816c372e6b2c4cfff15942ff93739d443f4feb52517fc37054998d976865bdb9cb1390991d4f76e15ad7a492428e0efdf75ae483e0201a8e3a7a1bc3b0c44c58283dc09499115392d122aae04ebbe0100","pegin_claim_script":"00144ec129dac74f72573aa560e89b3550db9b8965aa"}]
[{"lq1qqv86249zsxdtvg35r5qy5lew6q5t05l05ucxq8lpx7zeagx58qk0eadtqjvjp0dl8gz6le4pe7mrsgt55rsgknsz9shdq249x":0.00599900}] The output hex from
For comprehension here is the decoded raw transaction JSON: {
"txid": "3f54840b91145bbec0b905c167cb6cb3ab394422e381ce7770405ab05e7b876a",
"hash": "b4793502ed5097eff5b9c2923c11405b8fa817ad639d8dd92a55b087ecaf4135",
"wtxid": "b4793502ed5097eff5b9c2923c11405b8fa817ad639d8dd92a55b087ecaf4135",
"withash": "14f8528f927b76bc40a5ddc0c456bc0c86c5c24cbef8ff91e92c9f5e30273372",
"version": 2,
"size": 1035,
"vsize": 478,
"weight": 1911,
"locktime": 0,
"vin": [
{
"txid": "7007f1091b6a3e973316416a67c249993f2799a34219dbed49129bbb70d80345",
"vout": 0,
"scriptSig": {
"asm": "",
"hex": ""
},
"is_pegin": true,
"sequence": 4294967295,
"pegin_witness": [
"40420f0000000000",
"6d521c38ec1ea15734ae22b7c46064412829c0d0579f0a713d1c04ede979026f",
"6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000",
"00144ec129dac74f72573aa560e89b3550db9b8965aa",
"0200000001b4c4c57794d37d086ab47cdf7004e91ca2a45ae9428dba541259516682e6f1ca0200000000fdffffff0240420f00000000002200204ec0a83d897cfa7637a7e2096983f34e711e94477ee9421463d872ba8da789236d3a7f0000000000160014014e8cbae2c9038a1b917d5a05ff9435a7702fd000000000",
"004049259e57878af7850e5f4e9b6785070d3b291519a3e93cee000000000000000000006ada04f732c3aa582769f204cb14ba8ffbfd8cb1c4eb2be17c55cf0ac3ec5f0b04236e66b85c03178c16665eca0a00000dd10abab181486ee71f7bfb7d3764f2c994a5df7e49ff0e67fa553189fb400be86afc6e9bd9f9c874ce28ecce173dfddd7fe616180d6d941c872b1dcab95fd89934d035b5c0cdf795dfa10dbf677507536401272e24bbae022b825b548aa1a0899c738806994355104be7931644d94f2dd17bda1117cec20b4142dc7cce0c31694503d870bb9b1249eddb1942a399273f9949c2676a411633973e6a1b09f10770a8753ebf3cae831a182a92b1e27dc7fd004724f76803229a3d7f7ebe538b8a6328621291afc2738606af6db0e65425d8619c785afa37e51bffa4e8f08069bc6b73a6caf4d996262fede1810a19afa2355ad8f518fe21e293d47e7ffe530ef13d53561e6cba304957d495e29e51856bba4cade71cf89d0931585d0d8a5e34c916a002b6efb143c5677be5517cd76a2e15924a052612d16a4d2046d1749914fd69618508d11791b3b5ce6231c42e7ac2a84a3ee07ab816c372e6b2c4cfff15942ff93739d443f4feb52517fc37054998d976865bdb9cb1390991d4f76e15ad7a492428e0efdf75ae483e0201a8e3a7a1bc3b0c44c58283dc09499115392d122aae04ebbe0100"
]
}
],
"vout": [
{
"value": 0.00599900,
"asset": "6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d",
"commitmentnonce": "030fa554a2819ab622341d004a7f2ed028b7d3efa730601fe137859ea0d4382cfc",
"commitmentnonce_fully_valid": true,
"n": 0,
"scriptPubKey": {
"asm": "0 f5ab049920bdbf3a05afe6a1cfb6382174a0e08b",
"desc": "addr(ex1q7k4sfxfqhkln5pd0u6suld3cy962pcytrtl3vc)#g67hzxel",
"hex": "0014f5ab049920bdbf3a05afe6a1cfb6382174a0e08b",
"address": "ex1q7k4sfxfqhkln5pd0u6suld3cy962pcytrtl3vc",
"type": "witness_v0_keyhash"
}
},
{
"value": 0.00400065,
"asset": "6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d",
"commitmentnonce": "02245d65f2a57de9cdf9f2d4c21389f5119bc67435b274cec956b4013a7c883e1b",
"commitmentnonce_fully_valid": true,
"n": 1,
"scriptPubKey": {
"asm": "0 6076ff79c5d0dd18fd5e2517fc74b804ced5c178",
"desc": "addr(ex1qvpm077w96rw33l27y5tlca9cqn8dtstccc5x4h)#wayhhgha",
"hex": "00146076ff79c5d0dd18fd5e2517fc74b804ced5c178",
"address": "ex1qvpm077w96rw33l27y5tlca9cqn8dtstccc5x4h",
"type": "witness_v0_keyhash"
}
},
{
"value": 0.00000035,
"asset": "6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d",
"commitmentnonce": "",
"commitmentnonce_fully_valid": false,
"n": 2,
"scriptPubKey": {
"asm": "",
"desc": "raw()#58lrscpx",
"hex": "",
"type": "fee"
}
}
],
"fee": {
"6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d": 0.00000035
}
} Note the first Now let's sign the transaction:
Now blind it:
The Thanks to @apoelstra for ideas! UPDATE: Fallacy with not using UPDATE2: Blinding shall be done before signing. |
Thanks for pushing through on this! Glad you solved it. These "blinding logic does unexpected/confusing things" issues always make me wince a little :). As for getting the wallet to use the reduced fees, I am not sure what the status of that is. It looks like we just cut a release with the reduced fees in it a couple days ago #1337 but I don't recall if it needs any config flags to be set or what. |
And yes, also UPDATE: New canary link. The old one was not paying enough fees because it used |
not exactly correct: once the new release is rolled out on liquidv1 with it's not necessary (nor planned afaik) to reduce the minrelayfee default for liquidv1 |
One more example here for the record. It is a confidential transaction containing two pegins and one previously blinded UTXO on the inputs side and two blinded halves on the output side. Pays a minimum fee at fee-rate 0.1 sat/vB. Already blinded and signed, just that the pegins are both claimed so there is no point in trying to broadcast it (but feel free to try).
Decode yourself using {
"txid": "b0a80e552dcbf310f60457e22a2ede0e5ed6442a9c0e95359cec567072b65789",
"hash": "8d9c58808cb04bd8523bd9e7ee252b9480f1d4732ae5b25285548502c86ad917",
"wtxid": "8d9c58808cb04bd8523bd9e7ee252b9480f1d4732ae5b25285548502c86ad917",
"withash": "88eb8d0e74b448d836c3b27a939e375411e6fe2ecb235236828e7faf18591805",
"version": 2,
"size": 10982,
"vsize": 3062,
"weight": 12248,
"locktime": 0,
"vin": [
{
"txid": "7007f1091b6a3e973316416a67c249993f2799a34219dbed49129bbb70d80345",
"vout": 0,
"is_pegin": true 8< SNIP ... shortened here >8
},
{
"txid": "d5b502053e0780a1f12517a2533ae5a106b330c8bd34b6d9664cbb43d86ec326",
"vout": 0,
"is_pegin": true 8< SNIP ... shortened here >8
},
{
"txid": "91985d5b5d6c6bdbd5a1ed23b6c2120eea7654bea1ed07b3f5c0c9f64bd51d99",
"vout": 0,
"is_pegin": false 8< SNIP ... shortened here >8
},
],
"vout": [
{
"value-minimum": 0.00000001,
"value-maximum": 45035996.27370496,
"ct-exponent": 0,
"ct-bits": 52,
"commitmentnonce_fully_valid": true 8< SNIP ... shortened here >8
},
{
"value-minimum": 0.00000001,
"value-maximum": 45035996.27370496,
"ct-exponent": 0,
"ct-bits": 52,
"commitmentnonce_fully_valid": true 8< SNIP ... shortened here >8
},
{
"value": 0.00000307,
"asset": "6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d",
"commitmentnonce": "",
"commitmentnonce_fully_valid": false 8< SNIP ... shortened here >8
}
],
"fee": {
"6f0279e9ed041c3d710a9f57d0c02928416460c4b722ae3457a11eec381c526d": 0.00000307
}
} |
Thank you @delta1 ! I finally see my fallacy! I was using the |
Hi!
I've found a confidential
peg-in
transactionfd36f216be666d43ec861feb756b1c5f48fb54f98bfeed25e5367b05cccc96e8
and I'm wondering why its amount is confidential, if the output of BTC transaction is not confidential?Input of this
peg-in
transaction directs to the certain output of the corresponding BTC transaction and the data is revealed, so why the node is not returning amount of thispeg-in
input, if we can get it from theBTC
output?The text was updated successfully, but these errors were encountered: