Merge bitcoin#28193: test: add script compression coverage for not-on-curve P2PK outputs

achow101 · Claude Code · commit 71f772f65fa9 · 2025-08-09T05:19:53.000-05:00
28287cf test: add script compression coverage for not-on-curve P2PK outputs (Sebastian Falbesoner) Pull request description: This PR adds unit test coverage for the script compression functions `{Compress,Decompress}Script` in the special case of uncompressed P2PK outputs (scriptPubKey: OP_PUSH65 <0x04 ....> OP_CHECKSIG) with [pubkeys that are not fully valid](https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/pubkey.cpp#L297-L302), i.e. where the encoded point is not on the secp256k1 curve. For those outputs, script compression is not possible, as the y coordinate of the pubkey can't be recovered (see also call-site of `IsToPubKey`): https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/compressor.cpp#L49-L50 Likewise, for a compressed script of an uncompressed P2PK script (i.e. compression ids 4 and 5) where the x coordinate is not on the curve, decompression fails: https://github.com/bitcoin/bitcoin/blob/44b05bf3fef2468783dcebf651654fdd30717e7e/src/compressor.cpp#L122-L129 Note that the term "compression" is used here in two different meanings (though they are related), which might be a little confusing. The encoding of a pubkey can either be compressed (33-bytes with 0x02/0x03 prefixes) or uncompressed (65-bytes with 0x04 prefix). On the other hand there is also compression for whole output scripts, which is used for storing scriptPubKeys in the UTXO set in a compact way (and also for the `dumptxoutset` result, accordingly). P2PK output scripts with uncompressed pubkeys get compressed by storing only the x-coordinate and the sign as a prefix (0x04 = even, 0x05 = odd). Was diving deeper into the subject while working on bitcoin#27432, where the script decompression of uncompressed P2PK needed special handling (see also bitcoin#24628 (comment)). Trivia: as of now (block 801066), there are 13 uncompressed P2PK outputs in the UTXO set with a pubkey not on the curve (which obviously means they are unspendable). ACKs for top commit: achow101: ACK 28287cf tdb3: ACK for 28287cf. cbergqvist: ACK 28287cf! marcofleon: Nicely done, ACK 28287cf. Built the PR branch, ran the unit and functional tests, everything passed. Tree-SHA512: 777b6c3065654fbfa1ce94926f4cadb91a9ca9dc4dd4af6008ad77bd1da5416f156ad0dfa880d26faab2e168bf9b27e0a068abc9a2be2534d82bee61ee055c65
diff --git a/src/test/compress_tests.cpp b/src/test/compress_tests.cpp
@@ -3,7 +3,9 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <compressor.h>
+#include <script/script.h>
 #include <script/standard.h>
+#include <test/util/random.h>
 #include <test/util/setup_common.h>
 
 #include <stdint.h>
@@ -134,4 +136,36 @@ BOOST_AUTO_TEST_CASE(compress_script_to_uncompressed_pubkey_id)
     BOOST_CHECK_EQUAL(out[0], 0x04 | (script[65] & 0x01)); // least significant bit (lsb) of last char of pubkey is mapped into out[0]
 }
 
+BOOST_AUTO_TEST_CASE(compress_p2pk_scripts_not_on_curve)
+{
+    XOnlyPubKey x_not_on_curve;
+    do {
+        x_not_on_curve = XOnlyPubKey(g_insecure_rand_ctx.randbytes(32));
+    } while (x_not_on_curve.IsFullyValid());
+
+    // Check that P2PK script with uncompressed pubkey [=> OP_PUSH65 <0x04 .....> OP_CHECKSIG]
+    // which is not fully valid (i.e. point is not on curve) can't be compressed
+    std::vector<unsigned char> pubkey_raw(65, 0);
+    pubkey_raw[0] = 4;
+    std::copy(x_not_on_curve.begin(), x_not_on_curve.end(), &pubkey_raw[1]);
+    CPubKey pubkey_not_on_curve(pubkey_raw);
+    assert(pubkey_not_on_curve.IsValid());
+    assert(!pubkey_not_on_curve.IsFullyValid());
+    CScript script = CScript() << ToByteVector(pubkey_not_on_curve) << OP_CHECKSIG;
+    BOOST_CHECK_EQUAL(script.size(), 67U);
+
+    CompressedScript out;
+    bool done = CompressScript(script, out);
+    BOOST_CHECK_EQUAL(done, false);
+
+    // Check that compressed P2PK script with uncompressed pubkey that is not fully
+    // valid (i.e. x coordinate of the pubkey is not on curve) can't be decompressed
+    CompressedScript compressed_script(x_not_on_curve.begin(), x_not_on_curve.end());
+    for (unsigned int compression_id : {4, 5}) {
+        CScript uncompressed_script;
+        bool success = DecompressScript(uncompressed_script, compression_id, compressed_script);
+        BOOST_CHECK_EQUAL(success, false);
+    }
+}
+
 BOOST_AUTO_TEST_SUITE_END()
