Why has Taproot invented "tagged hashes"? Aren't HMACs already tagged hashes?
Discussion
The true mystery of bitcoin.
I think the graffiti gangs infiltrated and just wanted to tag from home.
HMAC is a specific use case of hashing with a prefix — in that case for authentication.
Using HMAC in taproot would just cause confusion as to what is being authenticated and why there’s no secret involved.
Calling it “tagged hash” and defining it in the specification eliminates any confusion.
The generic term for that use case is “domain separation”. There are other ways of doing it besides prefixing though, so just saying “domain separation” isn’t very helpful.
They also were extra cautious and used prefixes generated in an unusual way.
If the all of Bitcoin used domain separation that wouldn’t have been necessary.
This makes sense. Thank you.
? That kind of domain separation tagging is very widely used in modern cryptography, who said it was invented by taproot/bip340?
Thank you, I didn't know. The BIP doesn't make it clear it is widely used (not that this is a problem anyway).
Aren’t they more just like salted hashes? There’s no secret key