Seperate DLC outcomes with locktime and add Taproot construction

MatthewLM · MatthewLM · commit 607dbcbcef12 · 2025-11-21T17:13:19.000Z
diff --git a/coinlib/lib/src/coinlib_base.dart b/coinlib/lib/src/coinlib_base.dart
@@ -17,6 +17,8 @@ export 'package:coinlib/src/crypto/random.dart';
 export 'package:coinlib/src/crypto/schnorr_adaptor_signature.dart';
 export 'package:coinlib/src/crypto/schnorr_signature.dart';
 
+export 'package:coinlib/src/dlc/errors.dart';
+export 'package:coinlib/src/dlc/outcome.dart';
 export 'package:coinlib/src/dlc/terms.dart';
 
 export 'package:coinlib/src/encode/base58.dart';
diff --git a/coinlib/lib/src/common/bigints.dart b/coinlib/lib/src/common/bigints.dart
@@ -0,0 +1,3 @@
+BigInt addBigInts(Iterable<BigInt> ints) => ints.fold(
+  BigInt.zero, (a, b) => a+b,
+);
diff --git a/coinlib/lib/src/dlc/errors.dart b/coinlib/lib/src/dlc/errors.dart
@@ -0,0 +1,20 @@
+class InvalidDLCTerms implements Exception {
+
+  final String message;
+
+  InvalidDLCTerms(this.message);
+  InvalidDLCTerms.badOutcomeMatch()
+    : this("Contains outcome output amounts not matching the funded amount");
+  InvalidDLCTerms.badVersion(int v)
+    : this("Version $v isn't allowed. Only v1 is supported.");
+  InvalidDLCTerms.noOutputs() : this("CETOutcome have no outputs");
+  InvalidDLCTerms.smallOutput(BigInt min)
+    : this("Contains output value less than min of $min");
+  InvalidDLCTerms.smallFunding(BigInt min)
+    : this("Contains funding value less than min of $min");
+  InvalidDLCTerms.notOrdered()
+    : this("The input bytes contain out-of-order keys");
+  InvalidDLCTerms.cetLocktimeAfterRf()
+    : this("A CET locktime is not before the RF locktime");
+
+}
diff --git a/coinlib/lib/src/dlc/outcome.dart b/coinlib/lib/src/dlc/outcome.dart
@@ -0,0 +1,62 @@
+import 'package:coinlib/src/common/bigints.dart';
+import 'package:coinlib/src/common/serial.dart';
+import 'package:coinlib/src/network.dart';
+import 'package:coinlib/src/tx/locktime.dart';
+import 'package:coinlib/src/tx/output.dart';
+import 'terms.dart';
+import 'errors.dart';
+
+/// A CET will pay to the [outputs] with the value of each output evenly reduced
+/// to cover the transaction fee.
+class CETOutcome with Writable {
+
+  /// The outputs to be included in the CET of this outcome. The values must
+  /// add up to the amounts being funded by the participants in
+  /// [DLCTerms.fundAmounts].
+  ///
+  /// The [Output.value] for each output will have an equal share of the
+  /// transaction fee removed when the transaction is constructed. When doing
+  /// this, if any of the outputs fall below the dust amount, they will be
+  /// removed first.
+  final List<Output> outputs;
+
+  /// The locktime to use for this CET. It should be no later than when the
+  /// oracle is expected to reveal the discrete log and must be the same type as
+  /// (block height or median timestamp) and before the Refund Transaction
+  /// locktime.
+  ///
+  /// How long before the RF is not decided by this library but it should be
+  /// sufficient time to broadcast and include the CET in a block before the RF
+  /// becomes available.
+  final Locktime locktime;
+
+  /// Requires that the output values are at least [Network.minOutput] or
+  /// [InvalidDLCTerms] may be thrown.
+  CETOutcome({
+    required this.outputs,
+    required this.locktime,
+    required Network network,
+  }) {
+    if (outputs.isEmpty) {
+      throw InvalidDLCTerms.noOutputs();
+    }
+    if (outputs.any((out) => out.value.compareTo(network.minOutput) < 0)) {
+      throw InvalidDLCTerms.smallOutput(network.minOutput);
+    }
+  }
+
+  CETOutcome.fromReader(BytesReader reader, Network network) : this(
+    outputs: reader.readListWithFunc(() => Output.fromReader(reader)),
+    locktime: reader.readLocktime(),
+    network: network,
+  );
+
+  BigInt get totalValue => addBigInts(outputs.map((out) => out.value));
+
+  @override
+  void write(Writer writer) {
+    writer.writeWritableVector(outputs);
+    writer.writeLocktime(locktime);
+  }
+
+}
diff --git a/coinlib/lib/src/dlc/terms.dart b/coinlib/lib/src/dlc/terms.dart
@@ -1,38 +1,19 @@
 import 'dart:typed_data';
+import 'package:coinlib/src/common/bigints.dart';
 import 'package:coinlib/src/common/bytes.dart';
 import 'package:coinlib/src/common/hex.dart';
 import 'package:coinlib/src/common/serial.dart';
 import 'package:coinlib/src/crypto/ec_public_key.dart';
 import 'package:coinlib/src/crypto/hash.dart';
 import 'package:coinlib/src/musig/library.dart';
 import 'package:coinlib/src/network.dart';
+import 'package:coinlib/src/taproot/leaves.dart';
+import 'package:coinlib/src/taproot/taproot.dart';
 import 'package:coinlib/src/tx/locktime.dart';
-import 'package:coinlib/src/tx/output.dart';
 import 'package:coinlib/src/tx/transaction.dart';
 import 'package:collection/collection.dart';
-
-class InvalidDLCTerms implements Exception {
-
-  final String message;
-
-  InvalidDLCTerms(this.message);
-  InvalidDLCTerms.badOutcomeMatch()
-    : this("Contains outcome output amounts not matching the funded amount");
-  InvalidDLCTerms.badVersion(int v)
-    : this("Version $v isn't allowed. Only v1 is supported.");
-  InvalidDLCTerms.noOutputs() : this("CETOutputs have no outputs");
-  InvalidDLCTerms.smallOutput(BigInt min)
-    : this("Contains output value less than min of $min");
-  InvalidDLCTerms.smallFunding(BigInt min)
-    : this("Contains funding value less than min of $min");
-  InvalidDLCTerms.notOrdered()
-    : this("The input bytes contain out-of-order keys");
-
-}
-
-BigInt _addBigInts(Iterable<BigInt> ints) => ints.fold(
-  BigInt.zero, (a, b) => a+b,
-);
+import 'outcome.dart';
+import 'errors.dart';
 
 Map<ECPublicKey, T> _xOnlyUnmodifiableMap<T>(Map<ECPublicKey, T> map)
   => Map.unmodifiable(map.map((key, v) => MapEntry(key.xonly, v)));
@@ -69,35 +50,6 @@ void _writeOrderedPubkeyMap<T>(
 
 }
 
-/// A CET will pay to the [outputs] with the value of each output evenly reduced
-/// to cover the transaction fee.
-class CETOutputs {
-
-  /// The outputs to be included in the CET of this outcome. The values must
-  /// add up to the amounts being funded by the participants in
-  /// [DLCTerms.fundAmounts].
-  ///
-  /// The [Output.value] for each output will have an equal share of the
-  /// transaction fee removed when the transaction is constructed. When doing
-  /// this, if any of the outputs fall below the dust amount, they will be
-  /// removed first.
-  final List<Output> outputs;
-
-  /// Requires that the output values are at least [Network.minOutput] or
-  /// [InvalidDLCTerms] may be thrown.
-  CETOutputs(this.outputs, Network network) {
-    if (outputs.isEmpty) {
-      throw InvalidDLCTerms.noOutputs();
-    }
-    if (outputs.any((out) => out.value.compareTo(network.minOutput) < 0)) {
-      throw InvalidDLCTerms.smallOutput(network.minOutput);
-    }
-  }
-
-  BigInt get totalValue => _addBigInts(outputs.map((out) => out.value));
-
-}
-
 /// Specifies the terms of a DLC contract to be agreed upon by all
 /// [participants].
 ///
@@ -124,7 +76,7 @@ class DLCTerms with Writable {
   /// contribution to the Funding Transaction fee in excess of these amounts.
   final Map<ECPublicKey, BigInt> fundAmounts;
 
-  /// Maps oracle adaptor points to [CETOutputs] that contain the output
+  /// Maps oracle adaptor points to [CETOutcome] that contain the output
   /// information to include in Contract Execution Transactions.
   ///
   /// The points can be arbitrarily announced by the oracle in association with
@@ -137,7 +89,7 @@ class DLCTerms with Writable {
   /// computation of multiple adaptor points for multiple outcome messages given
   /// the R and P points. coinlib doesn't provide an abstraction for
   /// constructing adaptor points via signatures this way.
-  final Map<ECPublicKey, CETOutputs> outcomes;
+  final Map<ECPublicKey, CETOutcome> outcomes;
 
   /// The [Transaction.locktime] to be used in the Refund Transaction where
   /// participants may regain access to funds.
@@ -151,7 +103,7 @@ class DLCTerms with Writable {
   DLCTerms({
     required Set<ECPublicKey> participants,
     required Map<ECPublicKey, BigInt> fundAmounts,
-    required Map<ECPublicKey, CETOutputs> outcomes,
+    required Map<ECPublicKey, CETOutcome> outcomes,
     required this.refundLocktime,
     required Network network,
   }) :
@@ -166,7 +118,7 @@ class DLCTerms with Writable {
     }
 
     // The outcome output amounts must add up to the total funded amount
-    final totalToFund = _addBigInts(fundAmounts.values);
+    final totalToFund = addBigInts(fundAmounts.values);
     if (
       outcomes.values.any(
         (outcome) => outcome.totalValue.compareTo(totalToFund) != 0,
@@ -175,6 +127,14 @@ class DLCTerms with Writable {
       throw InvalidDLCTerms.badOutcomeMatch();
     }
 
+    if (
+      outcomes.values.any(
+        (outcome) => !outcome.locktime.isDefinitelyBefore(refundLocktime),
+      )
+    ) {
+      throw InvalidDLCTerms.cetLocktimeAfterRf();
+    }
+
   }
 
   /// There are no size limits, so the caller may wish to enforce a reasonable
@@ -196,10 +156,7 @@ class DLCTerms with Writable {
       fundAmounts: _readPubKeyMap(reader, () => reader.readVarInt()),
       outcomes: _readPubKeyMap(
         reader,
-        () => CETOutputs(
-          reader.readListWithFunc(() => Output.fromReader(reader)),
-          network,
-        ),
+        () => CETOutcome.fromReader(reader, network),
       ),
       refundLocktime: reader.readLocktime(),
       network: network,
@@ -242,7 +199,7 @@ class DLCTerms with Writable {
     _writeOrderedPubkeyMap(
       writer,
       outcomes,
-      (outputs) => writer.writeWritableVector(outputs.outputs),
+      (outcome) => outcome.write(writer),
     );
 
     writer.writeLocktime(refundLocktime);
@@ -252,14 +209,23 @@ class DLCTerms with Writable {
   // Use a tagged hasher to avoid potential conflicts that could lead to key
   // reuse
   static final _dlcKeyTweakHash = getTaggedHasher("CoinlibDLCKeyTweak");
-  Uint8List? _tweakHashCache;
+
+  MuSigPublicKeys? _muSigCache;
 
   /// Obtains the tweaked MuSig2 aggregate key for this DLC. The key is
   /// aggregated from the [participants] and then tweaked from the [DLCTerms]
   /// data to prevent key-reuse across multiple DLCs in the event that
   /// participants re-use their individual keys.
-  MuSigPublicKeys get musig => MuSigPublicKeys(participants).tweak(
-    _tweakHashCache ??= _dlcKeyTweakHash(toBytes()),
+  MuSigPublicKeys get musig
+    => _muSigCache ??= MuSigPublicKeys(participants).tweak(
+      _dlcKeyTweakHash(toBytes()),
+    );
+
+  /// Obtains [Taproot] allowing key-path spend using the [musig] key or an APO
+  /// CHECKSIG script-path using the same key used by the CETs and RF.
+  Taproot get taproot => Taproot(
+    internalKey: musig.aggregate,
+    mast: TapLeafChecksig.apoInternal,
   );
 
 }
diff --git a/coinlib/lib/src/tx/locktime.dart b/coinlib/lib/src/tx/locktime.dart
@@ -40,6 +40,11 @@ sealed class Locktime {
     ? value <= blockHeight
     : (this as MedianTimeLocktime).time.compareTo(medianTime) <= 0;
 
+  /// True if this [Locktime] is the same type as the [other] locktime and comes
+  /// before it.
+  bool isDefinitelyBefore(Locktime other)
+    => value < other.value && runtimeType == other.runtimeType;
+
 }
 
 class BlockHeightLocktime extends Locktime {
diff --git a/coinlib/test/dlc/helpers.dart b/coinlib/test/dlc/helpers.dart
@@ -0,0 +1,21 @@
+import 'package:coinlib/coinlib.dart';
+import 'package:test/test.dart';
+import '../vectors/tx.dart';
+
+final exampleLocktime = MedianTimeLocktime(DateTime(2026));
+final exampleOutcomeLocktime = MedianTimeLocktime(DateTime(2025, 12));
+
+CETOutcome getOutcome(List<String> coins, [ Locktime? locktime ]) => CETOutcome(
+  outputs: [
+    for (final coinAmt in coins) Output.fromScriptBytes(
+      CoinUnit.coin.toSats(coinAmt),
+      exampleOutput.scriptPubKey,
+    ),
+  ],
+  locktime: locktime ?? exampleOutcomeLocktime,
+  network: Network.mainnet,
+);
+
+void expectInvalidTerms(void Function() f) => expect(
+  f, throwsA(isA<InvalidDLCTerms>()),
+);
diff --git a/coinlib/test/dlc/outcome.dart b/coinlib/test/dlc/outcome.dart
@@ -0,0 +1,28 @@
+import 'package:coinlib/coinlib.dart';
+import 'package:test/test.dart';
+import 'helpers.dart';
+
+void main() {
+
+  setUpAll(loadCoinlib);
+
+  group("CETOutputs", () {
+
+    test(
+      "gives totalValue",
+      () => expect(getOutcome(["1", "5"]).totalValue, CoinUnit.coin.toSats("6")),
+    );
+
+    test(
+      "outputs cannot be empty",
+      () => expectInvalidTerms(() => getOutcome([])),
+    );
+
+    test(
+      "outputs must reach minOutput",
+      () => expectInvalidTerms(() => getOutcome(["0.009999"])),
+    );
+
+  });
+
+}
diff --git a/coinlib/test/dlc/terms.dart b/coinlib/test/dlc/terms.dart
diff --git a/coinlib/test/tx/locktime.dart b/coinlib/test/tx/locktime.dart

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+BigInt addBigInts(Iterable<BigInt> ints) => ints.fold(`
	`2`	`+ BigInt.zero, (a, b) => a+b,`
	`3`	`+);`