refactor: extract taproot related logic to taproot.ts file

Author: motorina0

src/merkle.d.ts

@@ -1,3 +1,2 @@
 /// <reference types="node" />
 export declare function fastMerkleRoot(values: Buffer[], digestFn: (b: Buffer) => Buffer): Buffer;
-export declare function computeMastRoot(scripts: any): Buffer;

src/merkle.js

@@ -1,14 +1,6 @@
 'use strict';
 Object.defineProperty(exports, '__esModule', { value: true });
-exports.computeMastRoot = exports.fastMerkleRoot = void 0;
-const buffer_1 = require('buffer');
-const bcrypto = require('./crypto');
-// todo: use varuint-bitcoin??
-const varuint = require('bip174/src/lib/converter/varint');
-// todo: find better place for these consts
-const TAP_LEAF_TAG = buffer_1.Buffer.from('TapLeaf', 'utf8');
-const TAP_BRANCH_TAG = buffer_1.Buffer.from('TapBranch', 'utf8');
-const LEAF_VERSION_TAPSCRIPT = 0xc0;
+exports.fastMerkleRoot = void 0;
 function fastMerkleRoot(values, digestFn) {
   if (!Array.isArray(values)) throw TypeError('Expected values Array');
   if (typeof digestFn !== 'function')
@@ -28,40 +20,3 @@ function fastMerkleRoot(values, digestFn) {
   return results[0];
 }
 exports.fastMerkleRoot = fastMerkleRoot;
-// todo: solve any[]
-function computeMastRoot(scripts) {
-  if (scripts.length === 1) {
-    const script = scripts[0];
-    if (Array.isArray(script)) {
-      return computeMastRoot(script);
-    }
-    script.version = script.version || LEAF_VERSION_TAPSCRIPT;
-    if ((script.version & 1) !== 0) throw new Error('Invalid script version'); // todo typedef error
-    // todo: if (script.output)scheck is bytes
-    const scriptOutput = buffer_1.Buffer.from(script.output, 'hex');
-    return bcrypto.taggedHash(
-      TAP_LEAF_TAG,
-      buffer_1.Buffer.concat([
-        buffer_1.Buffer.from([script.version]),
-        serializeScript(scriptOutput),
-      ]),
-    );
-  }
-  // todo: this is a binary tree, use zero an one index
-  const half = Math.trunc(scripts.length / 2);
-  let leftHash = computeMastRoot(scripts.slice(0, half));
-  let rightHash = computeMastRoot(scripts.slice(half));
-  if (leftHash.compare(rightHash) === 1)
-    [leftHash, rightHash] = [rightHash, leftHash];
-  return bcrypto.taggedHash(
-    TAP_BRANCH_TAG,
-    buffer_1.Buffer.concat([leftHash, rightHash]),
-  );
-}
-exports.computeMastRoot = computeMastRoot;
-function serializeScript(s) {
-  const varintLen = varuint.encodingLength(s.length);
-  const buffer = buffer_1.Buffer.allocUnsafe(varintLen); // better
-  varuint.encode(s.length, buffer);
-  return buffer_1.Buffer.concat([buffer, s]);
-}

src/payments/p2tr.js

@@ -4,7 +4,7 @@ exports.p2tr = void 0;
 const networks_1 = require('../networks');
 const bscript = require('../script');
 const types_1 = require('../types');
-const merkle_1 = require('../merkle');
+const taproot_1 = require('../taproot');
 const lazy = require('./lazy');
 const bech32_1 = require('bech32');
 const OPS = bscript.OPS;
@@ -72,14 +72,14 @@ function p2tr(a, opts) {
   });
   lazy.prop(o, 'hash', () => {
     if (a.hash) return a.hash;
-    if (a.scriptsTree) return (0, merkle_1.computeMastRoot)(a.scriptsTree);
+    if (a.scriptsTree) return (0, taproot_1.computeMastRoot)(a.scriptsTree);
     const w = _witness();
     if (w && w.length > 1) {
       const controlBlock = w[w.length - 1];
       const leafVersion = controlBlock[0] & 0b11111110;
       const script = w[w.length - 2];
-      const tapLeafHash = (0, types_1.leafHash)(script, leafVersion);
-      return (0, types_1.rootHash)(controlBlock, tapLeafHash);
+      const tapLeafHash = (0, taproot_1.leafHash)(script, leafVersion);
+      return (0, taproot_1.rootHash)(controlBlock, tapLeafHash);
     }
     return null;
   });
@@ -92,7 +92,7 @@ function p2tr(a, opts) {
     if (a.output) return a.output.slice(2);
     if (a.address) return _address().data;
     if (o.internalPubkey) {
-      const tweakedKey = (0, types_1.tweakKey)(o.internalPubkey, o.hash);
+      const tweakedKey = (0, taproot_1.tweakKey)(o.internalPubkey, o.hash);
       if (tweakedKey) return tweakedKey.x;
     }
   });
@@ -143,19 +143,19 @@ function p2tr(a, opts) {
       else pubkey = a.output.slice(2);
     }
     if (a.internalPubkey) {
-      const tweakedKey = (0, types_1.tweakKey)(a.internalPubkey, o.hash);
+      const tweakedKey = (0, taproot_1.tweakKey)(a.internalPubkey, o.hash);
       if (tweakedKey === null)
         throw new TypeError('Invalid internalPubkey for p2tr');
       if (pubkey.length > 0 && !pubkey.equals(tweakedKey.x))
         throw new TypeError('Pubkey mismatch');
       else pubkey = tweakedKey.x;
     }
     if (pubkey?.length) {
-      if ((0, types_1.liftX)(pubkey) === null)
+      if ((0, taproot_1.liftX)(pubkey) === null)
         throw new TypeError('Invalid pubkey for p2tr');
     }
     if (a.hash && a.scriptsTree) {
-      const hash = (0, merkle_1.computeMastRoot)(a.scriptsTree);
+      const hash = (0, taproot_1.computeMastRoot)(a.scriptsTree);
       if (!a.hash.equals(hash)) throw new TypeError('Hash mismatch');
     }
     // todo: review cache
@@ -189,14 +189,14 @@ function p2tr(a, opts) {
         const internalPubkey = controlBlock.slice(1, 33);
         if (a.internalPubkey && !a.internalPubkey.equals(internalPubkey))
           throw new TypeError('Internal pubkey mismatch');
-        const internalPubkeyPoint = (0, types_1.liftX)(internalPubkey);
+        const internalPubkeyPoint = (0, taproot_1.liftX)(internalPubkey);
         if (!internalPubkeyPoint)
           throw new TypeError('Invalid internalPubkey for p2tr witness');
         const leafVersion = controlBlock[0] & 0b11111110;
         const script = witness[witness.length - 2];
-        const tapLeafHash = (0, types_1.leafHash)(script, leafVersion);
-        const hash = (0, types_1.rootHash)(controlBlock, tapLeafHash);
-        const outputKey = (0, types_1.tweakKey)(internalPubkey, hash);
+        const tapLeafHash = (0, taproot_1.leafHash)(script, leafVersion);
+        const hash = (0, taproot_1.rootHash)(controlBlock, tapLeafHash);
+        const outputKey = (0, taproot_1.tweakKey)(internalPubkey, hash);
         if (!outputKey)
           // todo: needs test data
           throw new TypeError('Invalid outputKey for p2tr witness');

src/taproot.d.ts

@@ -0,0 +1,7 @@
+/// <reference types="node" />
+import { TweakedPublicKey } from './types';
+export declare function liftX(buffer: Buffer): Buffer | null;
+export declare function tweakKey(pubKey: Buffer, h: Buffer | undefined): TweakedPublicKey | null;
+export declare function leafHash(script: Buffer, version: number): Buffer;
+export declare function rootHash(controlBlock: Buffer, tapLeafMsg: Buffer): Buffer;
+export declare function computeMastRoot(scripts: any): Buffer;

src/taproot.js

@@ -0,0 +1,142 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.computeMastRoot = exports.rootHash = exports.leafHash = exports.tweakKey = exports.liftX = void 0;
+const buffer_1 = require('buffer');
+const BN = require('bn.js');
+const bcrypto = require('./crypto');
+// todo: use varuint-bitcoin??
+const varuint = require('bip174/src/lib/converter/varint');
+const types_1 = require('./types');
+// todo: !!!Temp, to be replaced. Only works because bip32 has it as dependecy. Linting will fail.
+const ecc = require('tiny-secp256k1');
+const LEAF_VERSION_TAPSCRIPT = 0xc0;
+const TAP_LEAF_TAG = buffer_1.Buffer.from('TapLeaf', 'utf8');
+const TAP_BRANCH_TAG = buffer_1.Buffer.from('TapBranch', 'utf8');
+const TAP_TWEAK_TAG = buffer_1.Buffer.from('TapTweak', 'utf8');
+// todo: compare buffers dirrectly
+const GROUP_ORDER = buffer_1.Buffer.from(
+  'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141',
+  'hex',
+);
+const GROUP_ORDER_BN = new BN(GROUP_ORDER);
+const EC_P_BN = new BN(types_1.EC_P);
+const EC_P_REDUCTION = BN.red(EC_P_BN);
+const EC_P_QUADRATIC_RESIDUE = EC_P_BN.addn(1).divn(4);
+const BN_2 = new BN(2);
+const BN_3 = new BN(3);
+const BN_7 = new BN(7);
+function liftX(buffer) {
+  if (!buffer_1.Buffer.isBuffer(buffer)) return null;
+  if (buffer.length !== 32) return null;
+  if (buffer.compare(types_1.ZERO32) === 0) return null;
+  if (buffer.compare(types_1.EC_P) >= 0) return null;
+  const x = new BN(buffer);
+  const x1 = x.toRed(EC_P_REDUCTION);
+  const ySq = x1
+    .redPow(BN_3)
+    .add(BN_7)
+    .mod(EC_P_BN);
+  const y = ySq.redPow(EC_P_QUADRATIC_RESIDUE);
+  if (!ySq.eq(y.redPow(BN_2))) {
+    return null;
+  }
+  const y1 = y.isEven() ? y : EC_P_BN.sub(y);
+  return buffer_1.Buffer.concat([
+    buffer_1.Buffer.from([0x04]),
+    buffer_1.Buffer.from(x1.toBuffer('be', 32)),
+    buffer_1.Buffer.from(y1.toBuffer('be', 32)),
+  ]);
+}
+exports.liftX = liftX;
+function tweakKey(pubKey, h) {
+  if (!buffer_1.Buffer.isBuffer(pubKey)) return null;
+  if (pubKey.length !== 32) return null;
+  if (h && h.length !== 32) return null;
+  const tweakHash = bcrypto.taggedHash(
+    TAP_TWEAK_TAG,
+    buffer_1.Buffer.concat(h ? [pubKey, h] : [pubKey]),
+  );
+  const t = new BN(tweakHash);
+  if (t.gte(GROUP_ORDER_BN)) {
+    // todo: add test for this case
+    throw new Error('Tweak value over the SECP256K1 Order');
+  }
+  const P = liftX(pubKey);
+  if (P === null) return null;
+  const Q = pointAddScalar(P, tweakHash);
+  return {
+    isOdd: Q[64] % 2 === 1,
+    x: Q.slice(1, 33),
+  };
+}
+exports.tweakKey = tweakKey;
+function leafHash(script, version) {
+  return buffer_1.Buffer.concat([
+    buffer_1.Buffer.from([version]),
+    serializeScript(script),
+  ]);
+}
+exports.leafHash = leafHash;
+function rootHash(controlBlock, tapLeafMsg) {
+  const k = [];
+  const e = [];
+  const m = (controlBlock.length - 33) / 32;
+  k[0] = bcrypto.taggedHash(TAP_LEAF_TAG, tapLeafMsg);
+  for (let j = 0; j < m; j++) {
+    e[j] = controlBlock.slice(33 + 32 * j, 65 + 32 * j);
+    if (k[j].compare(e[j]) < 0) {
+      k[j + 1] = bcrypto.taggedHash(
+        TAP_BRANCH_TAG,
+        buffer_1.Buffer.concat([k[j], e[j]]),
+      );
+    } else {
+      k[j + 1] = bcrypto.taggedHash(
+        TAP_BRANCH_TAG,
+        buffer_1.Buffer.concat([e[j], k[j]]),
+      );
+    }
+  }
+  return k[m];
+}
+exports.rootHash = rootHash;
+// todo: solve any[]
+function computeMastRoot(scripts) {
+  if (scripts.length === 1) {
+    const script = scripts[0];
+    if (Array.isArray(script)) {
+      return computeMastRoot(script);
+    }
+    script.version = script.version || LEAF_VERSION_TAPSCRIPT;
+    if ((script.version & 1) !== 0) throw new Error('Invalid script version'); // todo typedef error
+    // todo: if (script.output)scheck is bytes
+    const scriptOutput = buffer_1.Buffer.from(script.output, 'hex');
+    return bcrypto.taggedHash(
+      TAP_LEAF_TAG,
+      buffer_1.Buffer.concat([
+        buffer_1.Buffer.from([script.version]),
+        serializeScript(scriptOutput),
+      ]),
+    );
+  }
+  // todo: this is a binary tree, use zero an one index
+  const half = Math.trunc(scripts.length / 2);
+  let leftHash = computeMastRoot(scripts.slice(0, half));
+  let rightHash = computeMastRoot(scripts.slice(half));
+  if (leftHash.compare(rightHash) === 1)
+    [leftHash, rightHash] = [rightHash, leftHash];
+  return bcrypto.taggedHash(
+    TAP_BRANCH_TAG,
+    buffer_1.Buffer.concat([leftHash, rightHash]),
+  );
+}
+exports.computeMastRoot = computeMastRoot;
+function serializeScript(s) {
+  const varintLen = varuint.encodingLength(s.length);
+  const buffer = buffer_1.Buffer.allocUnsafe(varintLen); // better
+  varuint.encode(s.length, buffer);
+  return buffer_1.Buffer.concat([buffer, s]);
+}
+// todo: do not use ecc
+function pointAddScalar(P, h) {
+  return ecc.pointAddScalar(P, h);
+}

src/types.d.ts

@@ -1,10 +1,9 @@
 /// <reference types="node" />
+import { Buffer as NBuffer } from 'buffer';
 export declare const typeforce: any;
+export declare const ZERO32: NBuffer;
+export declare const EC_P: NBuffer;
 export declare function isPoint(p: Buffer | number | undefined | null): boolean;
-export declare function liftX(buffer: Buffer): Buffer | null;
-export declare function tweakKey(pubKey: Buffer, h: Buffer | undefined): TweakedPublicKey | null;
-export declare function leafHash(script: Buffer, version: number): Buffer;
-export declare function rootHash(controlBlock: Buffer, tapLeafMsg: Buffer): Buffer;
 export declare function UInt31(value: number): boolean;
 export declare function BIP32Path(value: string): boolean;
 export declare namespace BIP32Path {