Segwitness 中btcd 代码实现详解
从btc源代码看segwitness的实现,以btcd代码为例:函数ExtractWitnessCommitment从块的coinbase交易中提取commitment。
func ExtractWitnessCommitment(tx *btcutil.Tx) ([]byte, bool) {
// The witness commitment *must* be located within one of the coinbase
// transaction's outputs.
if !IsCoinBase(tx) {
return nil, false
}
msgTx := tx.MsgTx()
for i := len(msgTx.TxOut) - 1; i >= 0; i-- {
// The public key script that contains the witness commitment
// must shared a prefix with the WitnessMagicBytes, and be at
// least 38 bytes.
pkScript := msgTx.TxOut[i].PkScript
if len(pkScript) >= CoinbaseWitnessPkScriptLength &&
bytes.HasPrefix(pkScript, WitnessMagicBytes) {
// The witness commitment itself is a 32-byte hash
// directly after the WitnessMagicBytes. The remaining
// bytes beyond the 38th byte currently have no consensus
// meaning.
start := len(WitnessMagicBytes)
end := CoinbaseWitnessPkScriptLength
return msgTx.TxOut[i].PkScript[start:end], true
}
}
return nil, false
}
Commitment是 BIP:141中规定的一个结构,该结构包含一个WitnessMagicBytes :0x6a24aa21a9ed。如果coinbase交易的输出中包含这个头,即表示有采用segwitness协议。
1-byte - OP_RETURN (0x6a)
1-byte - Push the following 36 bytes (0x24)
4-byte - Commitment header (0xaa21a9ed)
32-byte - Commitment hash: Double-SHA256(witness root hash|witness reserved value)
Witness的结构定义如上所示,其中前六个字节是固定值,commitment hash是对witness root hash|witness reserved value求SHA256S双哈希得到。而witness root hash 是以wtxid为叶子节点的merke tree的根节点。witness reserved value是coinbase交易中交易输入中的一个值具体,计算merke root节点的代码如下:
func BuildMerkleTreeStore(transactions []*btcutil.Tx, witness bool) []*chainhash.Hash {
// Calculate how many entries are required to hold the binary merkle
// tree as a linear array and create an array of that size.
nextPoT := nextPowerOfTwo(len(transactions))
arraySize := nextPoT*2 - 1
merkles := make([]*chainhash.Hash, arraySize)
// Create the base transaction hashes and populate the array with them.
for i, tx := range transactions {
// If we're computing a witness merkle root, instead of the
// regular txid, we use the modified wtxid which includes a
// transaction's witness data within the digest. Additionally,
// the coinbase's wtxid is all zeroes.
switch {
case witness && i == 0:
var zeroHash chainhash.Hash
merkles[i] = &zeroHash
case witness:
wSha := tx.MsgTx().WitnessHash()
merkles[i] = &wSha
default:
merkles[i] = tx.Hash()
}
}
// Start the array offset after the last transaction and adjusted to the
// next power of two.
offset := nextPoT
for i := 0; i < arraySize-1; i += 2 {
switch {
// When there is no left child node, the parent is nil too.
case merkles[i] == nil:
merkles[offset] = nil
// When there is no right child, the parent is generated by
// hashing the concatenation of the left child with itself.
case merkles[i+1] == nil:
newHash := HashMerkleBranches(merkles[i], merkles[i])
merkles[offset] = newHash
// The normal case sets the parent node to the double sha256
// of the concatentation of the left and right children.
default:
newHash := HashMerkleBranches(merkles[i], merkles[i+1])
merkles[offset] = newHash
}
offset++
}
return merkles
}
Segwitness定义了新的transactionid,每一笔交易都有两个交易id,一个是原来的txid,一个是新定义的Wtxid,对这个[nVersion][txins][txouts][nLockTime]序列化输出做SHA256双哈希,可以得到txid。而对[nVersion][marker][flag][txins][txouts][witness][nLockTime]的序列化输出做SHA256双哈希得到wtxid。函数ValidateWitnessCommitment是对winess的验证,即根据各个transaction计算的merkroot和上文提到的commitment hash做比较,如果相同则认为是合法的区块
