BIP 341 (BIP-Taproot) discusses this instance the place you do not require the script path.
If the spending situations don’t require a script path, the output key ought to decide to an unspendable script path as an alternative of getting no script path.
The BIP additionally explains right here the rationale for this.
If the taproot output secret is an combination of keys, there’s the chance for a malicious social gathering so as to add a script path with out being observed by the opposite events. This permits to bypass the multiparty coverage and to steal the cash.
Committing to an unspendable script path offers the power to show to a 3rd social gathering observer that there isn’t a hidden script path. If there was no tweak in any respect any key aggregation scheme would should be revealed to that observer together with particular person pubkeys to get the identical impact (and even this might not be sufficient for sure key aggregation schemes).
The Bitcoin Optech workshop on Taproot explains that you simply calculate the tweaked public key utilizing:
Q = P + H(P|c)G
the place
Q is the tweaked public key
P is the preliminary public key (P = xG the place x is the personal key)
H is the hash perform
| is concatenation
c is the dedication to the script path spend
G is the generator level
For those who do not want the script path spend you may calculate the tweaked public key utilizing:
Q = P + H(bytes(P))G
the place bytes(P) is the serialization of P as outlined in BIP 340 (BIP-Schnorr).
This tweaked public key Q will likely be your Taproot (P2TR) handle. Keep in mind we do not hash (tweaked) public keys with Taproot (SegWit v1) like we do with P2PKH, P2SH, P2WSH (SegWit v0).
