Taproot tagged hash impl (unoptimized) with authoritative test vector.

evoskuil · evoskuil · commit e33b2c6f1c08 · 2025-04-17T23:41:08.000-04:00
diff --git a/include/bitcoin/system/hash/functions.hpp b/include/bitcoin/system/hash/functions.hpp
@@ -133,6 +133,10 @@ INLINE hash_digest bitcoin_hash2(const data_slice& left,
 template <typename Type>
 INLINE data_chunk bitcoin_chunk(const Type& data) NOEXCEPT;
 
+/// Taproot tagged hashing.
+INLINE hash_digest tagged_hash(const std::string& tag,
+    const data_slice& message) NOEXCEPT;
+
 /// Merkle root from a bitcoin_hash set [chain].
 INLINE hash_digest merkle_root(hashes&& set) NOEXCEPT;
 
diff --git a/include/bitcoin/system/impl/hash/functions.ipp b/include/bitcoin/system/impl/hash/functions.ipp
@@ -183,7 +183,21 @@ INLINE data_chunk bitcoin_chunk(const Type& data) NOEXCEPT
     return accumulator<sha256>::double_hash_chunk(data);
 }
 
-/// Merkle root from a bitcoin_hash set [chain].
+// Taproot tagged hash.
+// TODO: this is not optimized, use precomputed state state for known tags.
+// TODO: set the consteval mid-state computation for each into a constexpr.
+INLINE hash_digest tagged_hash(const std::string& tag,
+    const data_slice& message) NOEXCEPT
+{
+    const auto hash = sha256_hash(tag);
+    accumulator<sha256> context{};
+    context.write(hash);
+    context.write(hash);
+    context.write(message.size(), message.data());
+    return context.flush();
+}
+
+// Merkle root from a bitcoin_hash set [chain].
 INLINE hash_digest merkle_root(hashes&& set) NOEXCEPT
 {
     return sha256::merkle_root(std::move(set));
diff --git a/test/hash/functions.cpp b/test/hash/functions.cpp
@@ -317,6 +317,16 @@ BOOST_AUTO_TEST_CASE(functions__bitcoin__null_one__expected)
     BOOST_CHECK_EQUAL(bitcoin_chunk(to_chunk(null_hash)), to_chunk(expected));
 }
 
+// taproot tags
+// ----------------------------------------------------------------------------
+
+BOOST_AUTO_TEST_CASE(tagged_hash_test)
+{
+    // Test vector from secp256k1.
+    constexpr auto expected = base16_array("047a5e17b58647c13cc6ebc0aa583b62fb1643326877406ce276559a3bde55b3");
+    BOOST_REQUIRE_EQUAL(tagged_hash("tag", "msg"), expected);
+}
+
 // merkle_root
 // ----------------------------------------------------------------------------
 
