kallewoof/1 script tapscript fund and spend

## 1 script tapscript fund and spend
internal_pubkey=efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
tapscript=a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac

➜  btcdeb git:(taproot) ✗ ./tap $internal_pubkey 1 $tapscript
tap 0.2.19 -- type `./tap -h` for help
WARNING: This is experimental software. Do not use this with real bitcoin, or you will most likely lose them all. You have been w a r n e d.
LOG: sign segwit taproot
Internal pubkey: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
1 scripts:
- #0: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
Script #0 leaf hash = TapLeaf<<0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac>>
 → 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb6acd
Tweak value = 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18f6c9
Tweaked pubkey = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5 (negated)
Resulting Bech32 address: sb1pulf2cnpr8rtsw9mplzpe9zntp7yjjhz5ge4zzytus4r29dp3eljsle92cv
➜  btcdeb git:(taproot) ✗ txin=020000000001015847fdd33335286eefb1cbd3ceff68226f72d69413c0093161d7c02348923cdf0000000000feffffff02a086010000000000225120e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5b13ac82801000000160014bbcfdba7564dfcf5c5c06cdbcf526baed8f1384a0247304402202bb9714a75e26585cdbed19d26f8fb307003cc2b31db2701ffb344607b15f18d02207a172f3551d8a34a53a2a16f9d61bbe057e4ceb407d974f539f74dcb64f935c101210287ff8bb2c262631ccb0474035ed38e25389002ee9cf154fa70fe96f866757b1818060000
➜  btcdeb git:(taproot) ✗ tx=020000000102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e8900000000
➜  btcdeb git:(taproot) ✗ ./tap --privkey=$alice_privkey --txin=$txin --tx=$tx $internal_pubkey 1 $tapscript 0 $preimage
tap 0.2.19 -- type `./tap -h` for help
WARNING: This is experimental software. Do not use this with real bitcoin, or you will most likely lose them all. You have been w a r n e d.
LOG: sign segwit taproot
targeting transaction vin at index #0
Internal pubkey: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
2 spending arguments present
- 1+ spend arguments; TAPSCRIPT mode
  #0: 107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f
1 scripts:
- #0: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
Script #0 leaf hash = TapLeaf<<0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac>>
 → 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb6acd
Control object = (leaf), (internal pubkey = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7), ...
... with proof -> efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
Tweak value = 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18f6c9
Tweaked pubkey = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5 (negated)
Pubkey matches the scriptPubKey of the input transaction's output #0
Resulting Bech32 address: sb1pulf2cnpr8rtsw9mplzpe9zntp7yjjhz5ge4zzytus4r29dp3eljsle92cv
Final control object = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
Adding selected script to taproot inputs: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
 → 20107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
appending control object to taproot input stack: c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
Tapscript spending witness: [
 "107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f",
 "a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac",
 "c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7",
]
input tx index = 0; tx input vout = 0; value = 100000
got witness stack of size 3
34 bytes (v0=P2WSH, v1=taproot/tapscript)
Taproot commitment:
- control  = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
- program  = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
- script   = a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
- path len = 0
- p        = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
- q        = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
- k        = cd6afbf5b48cf209d44a1ed714942c6fd760da84bc52acc35666f2e5effbfd38          (tap leaf hash)
  (TapLeaf(0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac))
valid script
- generating prevout hash from 1 ins
[+] COutPoint(e411d67940, 0)
SignatureHashSchnorr(in_pos=0, hash_type=00)
- tapscript sighash
sighash (little endian) = 9df606d39a6943377f75d34d56ac034bcdf1163b871b2828487dd6920edab013
sighash: 9df606d39a6943377f75d34d56ac034bcdf1163b871b2828487dd6920edab013
privkey: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae
pubkey: cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
signature: 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88
Resulting transaction: 0200000000010102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e89044011ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe8820107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac21c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be700000000
➜  btcdeb git:(taproot) ✗ ./btcdeb --txin=$txin --tx=0200000000010102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e89044011ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe8820107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac21c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be700000000
btcdeb 0.2.19 -- type `./btcdeb -h` for start up options
LOG: sign segwit taproot
got segwit transaction dfcd293b9d5569ada9ddb65ed59eabac69c540016f85bf6367876c32e5dbba79:
CTransaction(hash=dfcd293b9d, ver=2, vin.size=1, vout.size=1, nLockTime=0)
    CTxIn(COutPoint(e411d67940, 0), scriptSig=)
    CScriptWitness(11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88, 107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f, a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac, c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7)
    CTxOut(nValue=0.00099000, scriptPubKey=0014f3135d8ea607de940cc32fe912)

got input tx #0 e411d679401f726d9367ed9f33b9ce6015e4d72140342775af107f5edc5aed02:
CTransaction(hash=e411d67940, ver=2, vin.size=1, vout.size=2, nLockTime=1560)
    CTxIn(COutPoint(df3c924823, 0), scriptSig=, nSequence=4294967294)
    CScriptWitness(304402202bb9714a75e26585cdbed19d26f8fb307003cc2b31db2701ffb344607b15f18d02207a172f3551d8a34a53a2a16f9d61bbe057e4ceb407d974f539f74dcb64f935c101, 0287ff8bb2c262631ccb0474035ed38e25389002ee9cf154fa70fe96f866757b18)
    CTxOut(nValue=0.00100000, scriptPubKey=5120e7d2ac4c2338d7071761f88392)
    CTxOut(nValue=49.79178161, scriptPubKey=0014bbcfdba7564dfcf5c5c06cdbcf)

input tx index = 0; tx input vout = 0; value = 100000
got witness stack of size 4
34 bytes (v0=P2WSH, v1=taproot/tapscript)
Taproot commitment:
- control  = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
- program  = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
- script   = a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
- path len = 0
- p        = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
- q        = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
- k        = cd6afbf5b48cf209d44a1ed714942c6fd760da84bc52acc35666f2e5effbfd38          (tap leaf hash)
  (TapLeaf(0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac))
valid script
- generating prevout hash from 1 ins
[+] COutPoint(e411d67940, 0)
8 op script loaded. type `help` for usage information
script                                                             |                                        tapscript commitment state
-------------------------------------------------------------------+-------------------------------------------------------------------
<<< taproot commitment >>>                                         |                                                               i: 0
Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5b... | k: 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb...
CheckPayToContract                                                 |
OP_SHA256                                                          |
6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333   |
OP_EQUALVERIFY                                                     |
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   |
OP_CHECKSIG                                                        |
<<< tapscript commitment >>>
btcdeb> step
- looping over path (0..-1)
- final k  = c9f6182f7e7fe92e14aef50f95f2c9069f5c49aace9cfac990b3a9b14ffe2676
  (TapTweak(internal_pubkey=efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7 || TapLeaf(0xc0 || a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac)))
script                                                             |                                        tapscript commitment state
-------------------------------------------------------------------+-------------------------------------------------------------------
<<< taproot commitment >>>                                         |                                                               i: 0
Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5b... | k: 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18...
CheckPayToContract                                                 |
OP_SHA256                                                          |
6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333   |
OP_EQUALVERIFY                                                     |
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   |
OP_CHECKSIG                                                        |
#0001 Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
btcdeb>
- looping over path (0..-1)
- q.CheckPayToContract(p, k, 1) == success
script                                                             |                                                             stack
-------------------------------------------------------------------+-------------------------------------------------------------------
OP_SHA256                                                          |   107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f
6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333   | 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
OP_EQUALVERIFY                                                     |
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   |
OP_CHECKSIG                                                        |
#0002 CheckPayToContract
btcdeb>
		<> POP  stack
		<> PUSH stack 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
script                                                             |                                                             stack
-------------------------------------------------------------------+-------------------------------------------------------------------
6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333   |   6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
OP_EQUALVERIFY                                                     | 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   |
OP_CHECKSIG                                                        |
#0003 OP_SHA256
btcdeb>
		<> PUSH stack 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
script                                                             |                                                             stack
-------------------------------------------------------------------+-------------------------------------------------------------------
OP_EQUALVERIFY                                                     |   6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   |   6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
OP_CHECKSIG                                                        | 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
#0004 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
btcdeb>
		<> POP  stack
		<> POP  stack
		<> PUSH stack 01
		<> POP  stack
script                                                             |                                                             stack
-------------------------------------------------------------------+-------------------------------------------------------------------
cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01   | 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
OP_CHECKSIG                                                        |
#0005 OP_EQUALVERIFY
btcdeb>
		<> PUSH stack cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
diff --git a/tap.cpp b/tap.cpp
index cd96250..b11ae7e 100644
--- a/tap.cpp
+++ b/tap.cpp
@@ -288,12 +288,16 @@ int main(int argc, char* const* argv)
         }
     }
     if (pending) {
-        // we have [a,b] [c,d] and pending e
-        // we extend [c,d] to be [[c,d], e]
-        TapNode* rightmost = branches.back();
-        branches.pop_back();
-        branches.push_back(new TapBranch(rightmost, pending));
script                                                             |                                                             stack
diff --git a/tap.cpp b/tap.cpp
index cd96250..63a764c 100644
--- a/tap.cpp
+++ b/tap.cpp
@@ -288,12 +288,16 @@ int main(int argc, char* const* argv)
         }
     }
     if (pending) {
-        // we have [a,b] [c,d] and pending e
-        // we extend [c,d] to be [[c,d], e]
-------------------------------------------------------------------+-------------------------------------------------------------------
OP_CHECKSIG                                                        |   cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
                                                                   | 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
#0006 cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
btcdeb>
Eval Checksig Tapscript
- sig must not be empty: ok
- validation weight - 50 -> 203
- 32 byte pubkey (new type); schnorr sig check
GenericTransactionSignatureChecker::CheckSigSchnorr(64 len sig, 32 len pubkey, sigversion=3)
  sig         = 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88
  pub key     = cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
SignatureHashSchnorr(in_pos=0, hash_type=00)
- tapscript sighash
- schnorr sighash = 13b0da0e92d67d4828281b873b16f1cd4b03ac564dd3757f3743699ad306f69d
  pubkey.VerifySchnorrSignature(sig=11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88, sighash=13b0da0e92d67d4828281b873b16f1cd4b03ac564dd3757f3743699ad306f69d):
  result: success
		<> POP  stack
		<> POP  stack
		<> PUSH stack 01
script                                                             |                                                             stack
-------------------------------------------------------------------+-------------------------------------------------------------------
                                                                   |                                                                 01
#0007 OP_CHECKSIG
	internal_pubkey=efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	tapscript=a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac

	➜ btcdeb git:(taproot) ✗ ./tap $internal_pubkey 1 $tapscript
	tap 0.2.19 -- type `./tap -h` for help
	WARNING: This is experimental software. Do not use this with real bitcoin, or you will most likely lose them all. You have been w a r n e d.
	LOG: sign segwit taproot
	Internal pubkey: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	1 scripts:
	- #0: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	Script #0 leaf hash = TapLeaf<<0xc0 \|\| a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac>>
	→ 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb6acd
	Tweak value = 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18f6c9
	Tweaked pubkey = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5 (negated)
	Resulting Bech32 address: sb1pulf2cnpr8rtsw9mplzpe9zntp7yjjhz5ge4zzytus4r29dp3eljsle92cv
	➜ btcdeb git:(taproot) ✗ txin=020000000001015847fdd33335286eefb1cbd3ceff68226f72d69413c0093161d7c02348923cdf0000000000feffffff02a086010000000000225120e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5b13ac82801000000160014bbcfdba7564dfcf5c5c06cdbcf526baed8f1384a0247304402202bb9714a75e26585cdbed19d26f8fb307003cc2b31db2701ffb344607b15f18d02207a172f3551d8a34a53a2a16f9d61bbe057e4ceb407d974f539f74dcb64f935c101210287ff8bb2c262631ccb0474035ed38e25389002ee9cf154fa70fe96f866757b1818060000
	➜ btcdeb git:(taproot) ✗ tx=020000000102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e8900000000
	➜ btcdeb git:(taproot) ✗ ./tap --privkey=$alice_privkey --txin=$txin --tx=$tx $internal_pubkey 1 $tapscript 0 $preimage
	tap 0.2.19 -- type `./tap -h` for help
	WARNING: This is experimental software. Do not use this with real bitcoin, or you will most likely lose them all. You have been w a r n e d.
	LOG: sign segwit taproot
	targeting transaction vin at index #0
	Internal pubkey: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	2 spending arguments present
	- 1+ spend arguments; TAPSCRIPT mode
	#0: 107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f
	1 scripts:
	- #0: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	Script #0 leaf hash = TapLeaf<<0xc0 \|\| a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac>>
	→ 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb6acd
	Control object = (leaf), (internal pubkey = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7), ...
	... with proof -> efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	Tweak value = 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18f6c9
	Tweaked pubkey = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5 (negated)
	Pubkey matches the scriptPubKey of the input transaction's output #0
	Resulting Bech32 address: sb1pulf2cnpr8rtsw9mplzpe9zntp7yjjhz5ge4zzytus4r29dp3eljsle92cv
	Final control object = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	Adding selected script to taproot inputs: a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	→ 20107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	appending control object to taproot input stack: c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	Tapscript spending witness: [
	"107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f",
	"a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac",
	"c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7",
	]
	input tx index = 0; tx input vout = 0; value = 100000
	got witness stack of size 3
	34 bytes (v0=P2WSH, v1=taproot/tapscript)
	Taproot commitment:
	- control = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	- program = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
	- script = a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	- path len = 0
	- p = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	- q = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
	- k = cd6afbf5b48cf209d44a1ed714942c6fd760da84bc52acc35666f2e5effbfd38 (tap leaf hash)
	(TapLeaf(0xc0 \|\| a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac))
	valid script
	- generating prevout hash from 1 ins
	[+] COutPoint(e411d67940, 0)
	SignatureHashSchnorr(in_pos=0, hash_type=00)
	- tapscript sighash
	sighash (little endian) = 9df606d39a6943377f75d34d56ac034bcdf1163b871b2828487dd6920edab013
	sighash: 9df606d39a6943377f75d34d56ac034bcdf1163b871b2828487dd6920edab013
	privkey: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae
	pubkey: cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
	signature: 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88
	Resulting transaction: 0200000000010102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e89044011ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe8820107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac21c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be700000000
	➜ btcdeb git:(taproot) ✗ ./btcdeb --txin=$txin --tx=0200000000010102ed5adc5e7f10af7527344021d7e41560ceb9339fed67936d721f4079d611e40000000000ffffffff01b882010000000000160014f3135d8ea607de940cc32fe9120cf01526883e89044011ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe8820107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f45a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac21c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be700000000
	btcdeb 0.2.19 -- type `./btcdeb -h` for start up options
	LOG: sign segwit taproot
	got segwit transaction dfcd293b9d5569ada9ddb65ed59eabac69c540016f85bf6367876c32e5dbba79:
	CTransaction(hash=dfcd293b9d, ver=2, vin.size=1, vout.size=1, nLockTime=0)
	CTxIn(COutPoint(e411d67940, 0), scriptSig=)
	CScriptWitness(11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88, 107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f, a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac, c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7)
	CTxOut(nValue=0.00099000, scriptPubKey=0014f3135d8ea607de940cc32fe912)

	got input tx #0 e411d679401f726d9367ed9f33b9ce6015e4d72140342775af107f5edc5aed02:
	CTransaction(hash=e411d67940, ver=2, vin.size=1, vout.size=2, nLockTime=1560)
	CTxIn(COutPoint(df3c924823, 0), scriptSig=, nSequence=4294967294)
	CScriptWitness(304402202bb9714a75e26585cdbed19d26f8fb307003cc2b31db2701ffb344607b15f18d02207a172f3551d8a34a53a2a16f9d61bbe057e4ceb407d974f539f74dcb64f935c101, 0287ff8bb2c262631ccb0474035ed38e25389002ee9cf154fa70fe96f866757b18)
	CTxOut(nValue=0.00100000, scriptPubKey=5120e7d2ac4c2338d7071761f88392)
	CTxOut(nValue=49.79178161, scriptPubKey=0014bbcfdba7564dfcf5c5c06cdbcf)

	input tx index = 0; tx input vout = 0; value = 100000
	got witness stack of size 4
	34 bytes (v0=P2WSH, v1=taproot/tapscript)
	Taproot commitment:
	- control = c1efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	- program = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
	- script = a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac
	- path len = 0
	- p = efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	- q = e7d2ac4c2338d7071761f883928a6b0f89295c54466a21117c8546a2b431cfe5
	- k = cd6afbf5b48cf209d44a1ed714942c6fd760da84bc52acc35666f2e5effbfd38 (tap leaf hash)
	(TapLeaf(0xc0 \|\| a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac))
	valid script
	- generating prevout hash from 1 ins
	[+] COutPoint(e411d67940, 0)
	8 op script loaded. type `help` for usage information
	script \| tapscript commitment state
	-------------------------------------------------------------------+-------------------------------------------------------------------
	<<< taproot commitment >>> \| i: 0
	Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5b... \| k: 38fdfbefe5f26656c3ac52bc84da60d76f2c9414d71e4ad409f28cb4f5fb...
	CheckPayToContract \|
	OP_SHA256 \|
	6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333 \|
	OP_EQUALVERIFY \|
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \|
	OP_CHECKSIG \|
	<<< tapscript commitment >>>
	btcdeb> step
	- looping over path (0..-1)
	- final k = c9f6182f7e7fe92e14aef50f95f2c9069f5c49aace9cfac990b3a9b14ffe2676
	(TapTweak(internal_pubkey=efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7 \|\| TapLeaf(0xc0 \|\| a8206c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd53338820cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01ac)))
	script \| tapscript commitment state
	-------------------------------------------------------------------+-------------------------------------------------------------------
	<<< taproot commitment >>> \| i: 0
	Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5b... \| k: 7626fe4fb1a9b390c9fa9cceaa495c9f06c9f2950ff5ae142ee97f7e2f18...
	CheckPayToContract \|
	OP_SHA256 \|
	6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333 \|
	OP_EQUALVERIFY \|
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \|
	OP_CHECKSIG \|
	#0001 Tweak: efe24af16da45a3e3ce3503b7b7172d64b16b28922011f8df970dd5bf6cc6be7
	btcdeb>
	- looping over path (0..-1)
	- q.CheckPayToContract(p, k, 1) == success
	script \| stack
	-------------------------------------------------------------------+-------------------------------------------------------------------
	OP_SHA256 \| 107661134f21fc7c02223d50ab9eb3600bc3ffc3712423a1e47bb1f9a9dbf55f
	6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333 \| 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
	OP_EQUALVERIFY \|
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \|
	OP_CHECKSIG \|
	#0002 CheckPayToContract
	btcdeb>
	<> POP stack
	<> PUSH stack 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	script \| stack
	-------------------------------------------------------------------+-------------------------------------------------------------------
	6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333 \| 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	OP_EQUALVERIFY \| 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \|
	OP_CHECKSIG \|
	#0003 OP_SHA256
	btcdeb>
	<> PUSH stack 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	script \| stack
	-------------------------------------------------------------------+-------------------------------------------------------------------
	OP_EQUALVERIFY \| 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \| 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	OP_CHECKSIG \| 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
	#0004 6c60f404f8167a38fc70eaf8aa17ac351023bef86bcb9d1086a19afe95bd5333
	btcdeb>
	<> POP stack
	<> POP stack
	<> PUSH stack 01
	<> POP stack
	script \| stack
	-------------------------------------------------------------------+-------------------------------------------------------------------
	cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01 \| 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
	OP_CHECKSIG \|
	#0005 OP_EQUALVERIFY
	btcdeb>
	<> PUSH stack cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
	diff --git a/tap.cpp b/tap.cpp
	index cd96250..b11ae7e 100644
	--- a/tap.cpp
	+++ b/tap.cpp
	@@ -288,12 +288,16 @@ int main(int argc, char* const* argv)
	}
	}
	if (pending) {
	- // we have [a,b] [c,d] and pending e
	- // we extend [c,d] to be [[c,d], e]
	- TapNode* rightmost = branches.back();
	- branches.pop_back();
	- branches.push_back(new TapBranch(rightmost, pending));
	script \| stack
	diff --git a/tap.cpp b/tap.cpp
	index cd96250..63a764c 100644
	--- a/tap.cpp
	+++ b/tap.cpp
	@@ -288,12 +288,16 @@ int main(int argc, char* const* argv)
	}
	}
	if (pending) {
	- // we have [a,b] [c,d] and pending e
	- // we extend [c,d] to be [[c,d], e]
	-------------------------------------------------------------------+-------------------------------------------------------------------
	OP_CHECKSIG \| cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
	\| 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc6...
	#0006 cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
	btcdeb>
	Eval Checksig Tapscript
	- sig must not be empty: ok
	- validation weight - 50 -> 203
	- 32 byte pubkey (new type); schnorr sig check
	GenericTransactionSignatureChecker::CheckSigSchnorr(64 len sig, 32 len pubkey, sigversion=3)
	sig = 11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88
	pub key = cc9519ba6fb1cb0cca53743dc90c2418440cf637f8b891ce2f0e2dc5c5b3cf01
	SignatureHashSchnorr(in_pos=0, hash_type=00)
	- tapscript sighash
	- schnorr sighash = 13b0da0e92d67d4828281b873b16f1cd4b03ac564dd3757f3743699ad306f69d
	pubkey.VerifySchnorrSignature(sig=11ad4740770eab9e50e84ad2ad7f8ad47ab1e35d1a895fca33a941a11521bc69bbfeb6de3b4fa3955621130f72fc8554a046b93d69fd6e82d87dd74a929efe88, sighash=13b0da0e92d67d4828281b873b16f1cd4b03ac564dd3757f3743699ad306f69d):
	result: success
	<> POP stack
	<> POP stack
	<> PUSH stack 01
	script \| stack
	-------------------------------------------------------------------+-------------------------------------------------------------------
	\| 01
	#0007 OP_CHECKSIG