dbc: refactor validation workflow

consensus/src/script.rs

@@ -148,7 +148,7 @@ impl ScriptPubkey {
     }
 
     #[inline]
-    pub fn is_op_return(&self) -> bool { self[0] == OpCode::Return as u8 }
+    pub fn is_op_return(&self) -> bool { !self.is_empty() && self[0] == OpCode::Return as u8 }
 
     /// Adds a single opcode to the script.
     #[inline]

dbc/src/anchor.rs

@@ -119,16 +119,16 @@ impl<D: dbc::Proof> PartialOrd for Anchor<mpc::MerkleBlock, D> {
 #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug, Display, Error, From)]
 #[display(doc_comments)]
 pub enum MergeError {
-    /// Error merging two LNPBP-4 proofs, which are unrelated.
+    /// Error merging two MPC proofs, which are unrelated.
     #[display(inner)]
     #[from]
-    Lnpbp4Mismatch(mpc::MergeError),
+    MpcMismatch(mpc::MergeError),
 
     /// anchors can't be merged since they have different witness transactions
     TxidMismatch,
 
-    /// anchors can't be merged since they have different proofs
-    ProofMismatch,
+    /// anchors can't be merged since they have different DBC proofs
+    DbcMismatch,
 }
 
 impl<D: dbc::Proof> Anchor<mpc::MerkleBlock, D> {
@@ -178,10 +178,12 @@ impl<D: dbc::Proof> Anchor<mpc::MerkleProof, D> {
         protocol_id: impl Into<ProtocolId>,
         message: Message,
         tx: &Tx,
-    ) -> Result<(), VerifyError<D::Error>> {
+    ) -> Result<mpc::Commitment, VerifyError<D::Error>> {
+        let mpc_commitment = self.convolve(protocol_id, message)?;
         self.dbc_proof
-            .verify(&self.mpc_proof.convolve(protocol_id.into(), message)?, tx)
-            .map_err(VerifyError::Dbc)
+            .verify(&mpc_commitment, tx)
+            .map_err(VerifyError::Dbc)?;
+        Ok(mpc_commitment)
     }
 
     /// Verifies that the anchor commits to the given message under the given
@@ -233,7 +235,7 @@ impl<D: dbc::Proof> Anchor<mpc::MerkleBlock, D> {
             return Err(MergeError::TxidMismatch);
         }
         if self.dbc_proof != other.dbc_proof {
-            return Err(MergeError::ProofMismatch);
+            return Err(MergeError::DbcMismatch);
         }
         self.mpc_proof.merge_reveal(other.mpc_proof)?;
         Ok(self)

dbc/src/opret/mod.rs

@@ -21,34 +21,37 @@
 
 //! ScriptPubkey-based OP_RETURN commitments.
 
-use bc::{ScriptPubkey, Tx, Txid};
+mod tx;
+mod txout;
+mod spk;
+
+use bc::Tx;
 use commit_verify::mpc::Commitment;
+use commit_verify::{CommitmentProtocol, EmbedCommitVerify, EmbedVerifyError};
 
 use crate::{Proof, LIB_NAME_BPCORE};
 
-/// Errors covering failed anchor validation.
+/// Marker non-instantiable enum defining LNPBP-12 taproot OP_RETURN (`tapret`)
+/// protocol.
+pub enum Opret {}
+
+impl CommitmentProtocol for Opret {}
+
+/// Errors during tapret commitment.
 #[derive(Clone, Eq, PartialEq, Debug, Display, Error, From)]
 #[cfg_attr(
     feature = "serde",
     derive(Serialize, Deserialize),
     serde(crate = "serde_crate", rename_all = "camelCase")
 )]
 #[display(doc_comments)]
-pub enum OpretVerifyError {
-    /// witness transaction {txid} contains invalid OP_RETURN commitment
-    /// {present:x} instead of {expected:x}.
-    OpretMismatch {
-        /// Transaction id
-        txid: Txid,
-        /// Commitment from the first OP_RETURN transaction output
-        present: ScriptPubkey,
-        /// Expected commitment absent in the first OP_RETURN transaction output
-        expected: ScriptPubkey,
-    },
+pub enum OpretError {
+    /// transaction doesn't contain OP_RETURN output.
+    NoOpretOutput,
 
-    /// witness transaction {0} does not contain any OP_RETURN commitment
-    /// required by the seal definition.
-    OpretAbsent(Txid),
+    /// first OP_RETURN output inside the transaction already contains some
+    /// data.
+    InvalidOpretScript,
 }
 
 /// Empty type for use inside [`crate::Anchor`] for opret commitment scheme.
@@ -65,24 +68,9 @@ pub enum OpretVerifyError {
 pub struct OpretProof(());
 
 impl Proof for OpretProof {
-    type Error = OpretVerifyError;
+    type Error = EmbedVerifyError<OpretError>;
 
-    fn verify(&self, msg: &Commitment, tx: &Tx) -> Result<(), OpretVerifyError> {
-        // TODO: Use embed-commit-verify
-        for txout in &tx.outputs {
-            if txout.script_pubkey.is_op_return() {
-                let expected = ScriptPubkey::op_return(msg.as_slice());
-                if txout.script_pubkey == expected {
-                    return Ok(());
-                } else {
-                    return Err(OpretVerifyError::OpretMismatch {
-                        txid: tx.txid(),
-                        present: txout.script_pubkey.clone(),
-                        expected,
-                    });
-                }
-            }
-        }
-        Err(OpretVerifyError::OpretAbsent(tx.txid()))
+    fn verify(&self, msg: &Commitment, tx: &Tx) -> Result<(), EmbedVerifyError<OpretError>> {
+        tx.verify(msg, self)
     }
 }

dbc/src/opret/spk.rs

@@ -0,0 +1,58 @@
+// Deterministic bitcoin commitments library.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Written in 2019-2023 by
+//     Dr Maxim Orlovsky <[email protected]>
+//
+// Copyright (C) 2019-2023 LNP/BP Standards Association. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use bc::opcodes::OP_RETURN;
+use bc::ScriptPubkey;
+use commit_verify::mpc::Commitment;
+use commit_verify::{EmbedCommitProof, EmbedCommitVerify, EmbedVerifyError};
+
+use crate::opret::{Opret, OpretError, OpretProof};
+
+impl EmbedCommitProof<Commitment, ScriptPubkey, Opret> for OpretProof {
+    fn restore_original_container(
+        &self,
+        commit_container: &ScriptPubkey,
+    ) -> Result<ScriptPubkey, EmbedVerifyError<OpretError>> {
+        if !commit_container.is_op_return() {
+            return Err(OpretError::NoOpretOutput.into());
+        }
+        if commit_container.len() != 34 {
+            return Err(OpretError::InvalidOpretScript.into());
+        }
+        Ok(ScriptPubkey::from_unsafe(vec![OP_RETURN]))
+    }
+}
+
+impl EmbedCommitVerify<Commitment, Opret> for ScriptPubkey {
+    type Proof = OpretProof;
+    type CommitError = OpretError;
+
+    fn embed_commit(&mut self, msg: &Commitment) -> Result<Self::Proof, Self::CommitError> {
+        if !self.is_op_return() {
+            return Err(OpretError::NoOpretOutput);
+        }
+        if self.len() != 1 {
+            return Err(OpretError::InvalidOpretScript);
+        }
+        *self = ScriptPubkey::op_return(msg.as_slice());
+        Ok(OpretProof::default())
+    }
+}

dbc/src/opret/tx.rs

@@ -0,0 +1,56 @@
+// Deterministic bitcoin commitments library.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Written in 2019-2023 by
+//     Dr Maxim Orlovsky <[email protected]>
+//
+// Copyright (C) 2019-2023 LNP/BP Standards Association. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use bc::Tx;
+use commit_verify::mpc::Commitment;
+use commit_verify::{EmbedCommitProof, EmbedCommitVerify, EmbedVerifyError};
+
+use super::{Opret, OpretError, OpretProof};
+
+impl EmbedCommitProof<Commitment, Tx, Opret> for OpretProof {
+    fn restore_original_container(
+        &self,
+        commit_container: &Tx,
+    ) -> Result<Tx, EmbedVerifyError<OpretError>> {
+        let mut tx = commit_container.clone();
+        for txout in &mut tx.outputs {
+            if txout.script_pubkey.is_op_return() {
+                *txout = self.restore_original_container(txout)?;
+                return Ok(tx);
+            }
+        }
+        Err(OpretError::NoOpretOutput.into())
+    }
+}
+
+impl EmbedCommitVerify<Commitment, Opret> for Tx {
+    type Proof = OpretProof;
+    type CommitError = OpretError;
+
+    fn embed_commit(&mut self, msg: &Commitment) -> Result<Self::Proof, Self::CommitError> {
+        for txout in &mut self.outputs {
+            if txout.script_pubkey.is_op_return() {
+                return txout.script_pubkey.embed_commit(msg);
+            }
+        }
+        Err(OpretError::NoOpretOutput)
+    }
+}

dbc/src/opret/txout.rs

@@ -0,0 +1,46 @@
+// Deterministic bitcoin commitments library.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Written in 2019-2023 by
+//     Dr Maxim Orlovsky <[email protected]>
+//
+// Copyright (C) 2019-2023 LNP/BP Standards Association. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use bc::TxOut;
+use commit_verify::mpc::Commitment;
+use commit_verify::{EmbedCommitProof, EmbedCommitVerify, EmbedVerifyError};
+
+use crate::opret::{Opret, OpretError, OpretProof};
+
+impl EmbedCommitProof<Commitment, TxOut, Opret> for OpretProof {
+    fn restore_original_container(
+        &self,
+        commit_container: &TxOut,
+    ) -> Result<TxOut, EmbedVerifyError<OpretError>> {
+        let mut txout = commit_container.clone();
+        txout.script_pubkey = self.restore_original_container(&txout.script_pubkey)?;
+        Ok(txout)
+    }
+}
+
+impl EmbedCommitVerify<Commitment, Opret> for TxOut {
+    type Proof = OpretProof;
+    type CommitError = OpretError;
+
+    fn embed_commit(&mut self, msg: &Commitment) -> Result<Self::Proof, Self::CommitError> {
+        self.script_pubkey.embed_commit(msg)
+    }
+}

dbc/src/tapret/mod.rs

@@ -67,22 +67,21 @@ mod txout;
 mod spk;
 mod xonlypk;
 
-pub use tapscript::{TapretCommitment, TAPRET_SCRIPT_COMMITMENT_PREFIX};
-pub use tx::TapretError;
-pub use xonlypk::TapretKeyError;
-
-/// Marker non-instantiable enum defining LNPBP-12 taproot OP_RETURN (`tapret`)
-/// protocol.
-pub enum Lnpbp12 {}
-
 use bc::{InternalPk, IntoTapHash, LeafScript, ScriptPubkey, TapBranchHash, TapNodeHash, Tx};
 use commit_verify::mpc::Commitment;
 use commit_verify::{CommitmentProtocol, ConvolveCommitProof, ConvolveVerifyError};
 use strict_encoding::{StrictDeserialize, StrictSerialize};
+pub use tapscript::{TapretCommitment, TAPRET_SCRIPT_COMMITMENT_PREFIX};
+pub use tx::TapretError;
+pub use xonlypk::TapretKeyError;
 
 use crate::{Proof, LIB_NAME_BPCORE};
 
-impl CommitmentProtocol for Lnpbp12 {}
+/// Marker non-instantiable enum defining LNPBP-12 taproot OP_RETURN (`tapret`)
+/// protocol.
+pub enum Tapret {}
+
+impl CommitmentProtocol for Tapret {}
 
 /// Errors in constructing tapret path proof [`TapretPathProof`].
 #[derive(Clone, Eq, PartialEq, Hash, Debug, Display, Error)]

dbc/src/tapret/spk.rs

@@ -22,17 +22,17 @@
 use bc::ScriptPubkey;
 use commit_verify::{mpc, ConvolveCommit, ConvolveCommitProof};
 
-use super::{Lnpbp12, TapretKeyError, TapretProof};
+use super::{Tapret, TapretKeyError, TapretProof};
 
-impl ConvolveCommitProof<mpc::Commitment, ScriptPubkey, Lnpbp12> for TapretProof {
+impl ConvolveCommitProof<mpc::Commitment, ScriptPubkey, Tapret> for TapretProof {
     type Suppl = Self;
 
     fn restore_original(&self, _: &ScriptPubkey) -> ScriptPubkey { self.original_pubkey_script() }
 
     fn extract_supplement(&self) -> &Self::Suppl { self }
 }
 
-impl ConvolveCommit<mpc::Commitment, TapretProof, Lnpbp12> for ScriptPubkey {
+impl ConvolveCommit<mpc::Commitment, TapretProof, Tapret> for ScriptPubkey {
     type Commitment = ScriptPubkey;
     type CommitError = TapretKeyError;
 

dbc/src/tapret/tapscript.rs

@@ -28,7 +28,7 @@ use bc::{TapCode, TapScript};
 use commit_verify::{mpc, CommitEncode, CommitVerify};
 use strict_encoding::{DecodeError, DeserializeError, StrictDeserialize, StrictSerialize};
 
-use super::Lnpbp12;
+use super::Tapret;
 use crate::LIB_NAME_BPCORE;
 
 /// Hardcoded tapret script prefix consisting of 29 `OP_RESERVED` pushes,
@@ -99,7 +99,7 @@ impl TapretCommitment {
     pub fn with(mpc: mpc::Commitment, nonce: u8) -> Self { Self { mpc, nonce } }
 }
 
-impl CommitVerify<TapretCommitment, Lnpbp12> for TapScript {
+impl CommitVerify<TapretCommitment, Tapret> for TapScript {
     /// Tapret script consists of 29 `OP_RESERVED` pushes, followed by
     /// `OP_RETURN`, `OP_PUSHBYTES_33` and serialized commitment data (MPC
     /// commitment + nonce as a single slice).

dbc/src/tapret/tx.rs

@@ -22,7 +22,7 @@
 use bc::Tx;
 use commit_verify::{mpc, ConvolveCommit, ConvolveCommitProof};
 
-use super::{Lnpbp12, TapretKeyError, TapretProof};
+use super::{Tapret, TapretKeyError, TapretProof};
 
 /// Errors during tapret commitment.
 #[derive(Clone, Eq, PartialEq, Debug, Display, Error, From)]
@@ -42,7 +42,7 @@ pub enum TapretError {
     NoTaprootOutput,
 }
 
-impl ConvolveCommitProof<mpc::Commitment, Tx, Lnpbp12> for TapretProof {
+impl ConvolveCommitProof<mpc::Commitment, Tx, Tapret> for TapretProof {
     type Suppl = Self;
 
     fn restore_original(&self, commitment: &Tx) -> Tx {
@@ -59,7 +59,7 @@ impl ConvolveCommitProof<mpc::Commitment, Tx, Lnpbp12> for TapretProof {
     fn extract_supplement(&self) -> &Self::Suppl { self }
 }
 
-impl ConvolveCommit<mpc::Commitment, TapretProof, Lnpbp12> for Tx {
+impl ConvolveCommit<mpc::Commitment, TapretProof, Tapret> for Tx {
     type Commitment = Tx;
     type CommitError = TapretError;