fix and make scripts smaller

Author: antonilol

bolt-simple-taproot.md

@@ -150,7 +150,7 @@ A `tap_branch` can commit to either a `tap_leaf` or `tap_branch`. Before
 hashing, a `tap_branch` sorts the two `tap_node` arguments based on
 lexicographical ordering:
 ```
-tagged_hash("TapBranch, sort(node_1, node_2)
+tagged_hash("TapBranch", sort(node_1, node_2))
 ```
 
 A tapscript tree is constructed by hashing each pair of leaves into a
@@ -219,7 +219,7 @@ will be absent.
 
 The final witness to spend a script path output is:
 ```
-control_block || leaf_script || witness
+<witness1> ... <witnessN> <leaf_script> <control_block>
 ```
 
 ### MuSig2
@@ -717,11 +717,10 @@ The new output has the following form:
     * `to_delay_script_root = tapscript_root([to_delay_script])`
     * `to_delay_script` is the delay script:
         ```
-        to_self_delay
-        OP_CHECKSEQUENCEVERIFY
-        OP_DROP
         <local_delayedpubkey>
         OP_CHECKSIGVERIFY
+        to_self_delay
+        OP_CHECKSEQUENCEVERIFY
         ```
 
 The parity (even or odd) of the y-coordinate of the derived
@@ -731,7 +730,7 @@ The `tapscript_root` routine constructs a valid taproot commitment according to
 BIP 341+342. Namely, a leaf version of `0xc0` MUST be used. As there's only a
 single script, one can derive the tapscript root as:
 ```
-tapscript_root = tagged_hash("TapLeaf, 0xc0 || compact_size_of(to_delay_script) || to_delay_script)
+tapscript_root = tagged_hash("TapLeaf", 0xc0 || compact_size_of(to_delay_script) || to_delay_script)
 ```
 
 In the case of a commitment breach, the `to_delay_script_root` can be used
@@ -746,12 +745,12 @@ broadcaster can sweep their funds after a delay.  The control block to spend is
 only `33` bytes, as it just includes the internal key (along with the y-parity
 bit and leaf version):
 ```
-delay_control_block = (parity_of_y | 0x0c) || <revocationpubkey>
+delay_control_block = (parity_of_y | 0xc0) || <revocationpubkey>
 ```
 
 A valid witness is then:
 ```
-<delay_control_block> <to_delay_script> <local_delayedsig>
+<local_delayedsig> <to_delay_script> <delay_control_block>
 ```
 
 A with base channels, the `nSequence` field must be set to `to_self_delay`.
@@ -769,21 +768,21 @@ The to remote output has the following form:
   * `OP_1 to_remote_output_key`
   * where:
     * `taproot_nums_point = 0245b18183a06ee58228f07d9716f0f121cd194e4d924b037522503a7160432f15`
-    * `to_remote_output_key = taproot_nums_point + tagged_hash("TapTweak", taproot_nums_point|| to_remote_script_root`
+    * `to_remote_output_key = taproot_nums_point + tagged_hash("TapTweak", taproot_nums_point || to_remote_script_root`
     * `to_remote_script_root = tapscript_root([to_remote_script])`
     * `to_remote_script` is the remote script:
         ```
-        <remotepubkey> OP_CHECKSIGVERIFY 1 OP_CHECKSEQUENCEVERIFY
+        <remotepubkey> OP_CHECKSIG OP_CHECKSEQUENCEVERIFY
         ```
 
 This output can be swept by the remote party with the following witness:
 ```
-<to_remote_control_block> <to_remote_script> <remote_sig>
+<remote_sig> <to_remote_script> <to_remote_control_block>
 ```
 
 where `to_remote_control_block` is:
 ```
-(parity_of_y(remotepubkey) | 0x0c) || <remotepubkey>
+(parity_of_y(remotepubkey) | 0xc0) || <remotepubkey>
 ```
 
 #### Anchor Outputs
@@ -821,15 +820,15 @@ An offered HTLC has the following form:
     * `htlc_script_root = tapscript_root([htlc_timeout, htlc_success])`
     * `htlc_timeout`:
         ```
-        <local_htlcpubkey> OP_CHECKSIGADD <remote_htlcpubkey> OP_CHECKSIGADD 2 OP_EQUALVERIFY
-        1 OP_CHECKSEQUENCEVERIFY
+        <local_htlcpubkey> OP_CHECKSIGVERIFY <remote_htlcpubkey> OP_CHECKSIG
+        OP_CHECKSEQUENCEVERIFY
         ```
     * `htlc_success`:
         ```
         OP_SIZE 32 OP_EQUALVERIFY OP_HASH160 <RIPEMD160(payment_hash)> OP_EQUALVERIFY
         <remote_htlcpubkey>
-        OP_CHECKSIGVERIFY
-        1 OP_CHECKSEQUENCEVERIFY
+        OP_CHECKSIG
+        OP_CHECKSEQUENCEVERIFY
         ```
 
 In order to spend a offered HTLC, via either script path, an `inclusion_proof`
@@ -847,16 +846,16 @@ Accepted HTLCs inherit a similar format:
     * `htlc_timeout`:
         ```
         <remote_htlcpubkey>
-        OP_CHECKSIGVERIFY
-        1 OP_CHECKSEQUENCEVERIFY OP_DROP
+        OP_CHECKSIG
+        OP_CHECKSEQUENCEVERIFY
         <cltv_expiry>
-        OP_CHECKLOCKTIMEVERIFY
+        OP_CHECKLOCKTIMEVERIFY OP_DROP
         ```
     * `htlc_success`:
         ```
         OP_SIZE 32 OP_EQUALVERIFY OP_HASH160 <RIPEMD160(payment_hash)> OP_EQUALVERIFY
-        <local_htlcpubkey> OP_CHECKSIGADD <remote_htlcpubkey> OP_CHECKSIGADD 2 OP_EQUALVERIFY
-        1 OP_CHECKSEQUENCEVERIFY
+        <local_htlcpubkey> OP_CHECKSIGVERIFY <remote_htlcpubkey> OP_CHECKSIG
+        OP_CHECKSEQUENCEVERIFY
         ```
 
 In order to spend an accepted HTLC, via either script path, an
@@ -886,7 +885,7 @@ A HTLC-Success transaction has the following structure:
   * input:
     * txid: commitment_tx
     * vout: htlc_index
-    * witness: `control_block || htlc_success_script || <localsig> <remotesig> <preimage>`
+    * witness: `<remotehtlcsig> <localhtlcsig> <preimage> <htlc_success_script> <control_block>`
   * output:
     * value: htlc_value
     * script:
@@ -911,7 +910,7 @@ A HTLC-Timeout transaction has the following structure:
   * input:
     * txid: commitment_tx
     * vout: htlc_index
-    * witness: `control_block || htlc_timeout_script || <localsig> <remotesig>`
+    * witness: `<remotehtlcsig> <localhtlcsig> <htlc_timeout_script> <control_block>`
   * output:
     * value: htlc_value
     * script: