What can be the contents of an P2TR output script? Is it always OP_1 0x20 <32-bit public key>? Can multisig script be there, and if yes - in what format, and more importantly - how do I convert that script to an address?
Asked
Active
Viewed 468 times
2
Michael Folkson
- 15,313
- 3
- 17
- 53
DimaA6_ABC
- 123
- 2
1 Answers
2
What can be the contents of an P2TR output script? Is it always OP_1 0x20 <32-bit public key>?
A Taproot output contains a 32 byte witness program (a tweaked internal key or an untweaked public key if eschewing the tweak) after OP_1. The OP_1 (01) makes it clear that it is a SegWit v1 output rather than say a SegWit v0 output (00). Any scripts are included in the leaves of the Taproot tree and hashed up to a Merkle root (which tweaks the internal public key) so the witness program can commit to various leaf scripts.
Can multisig script be there, and if yes - in what format?
A multisig script can be in a leaf or multiple leaves of the Taproot tree. Note that a Taproot multisig script uses the opcode OP_CHECKSIGADD rather than OP_CHECKMULTISIG (outlined in BIP 342).
How do I convert that script to an address?
The leaf scripts are hashed within the Taproot (Merkle) tree. The Merkle root then tweaks the internal public key. A breakdown of bech32m (SegWit v1) addresses is here. This tweaked internal public key (or witness program) is directly included within the address.
Michael Folkson
- 15,313
- 3
- 17
- 53
-
1Thanks! Just to confirm - in any case, Taproot (Segwit v1) output is always 32-byte public key, which hides complexity of whatever script might be behind it. This public key is translated into address using bech32m, and that address represents the output. – DimaA6_ABC Nov 09 '21 at 12:38
-
Yes, a transaction output is a taproot output if and only if it consists of OP_1 followed by a 32-byte push. – Pieter Wuille Nov 09 '21 at 16:29