refactor: split computeTweakFromScriptPath() into rootHash() and leafHash()`

Author: motorina0

src/payments/p2tr.js

@@ -85,7 +85,7 @@ function p2tr(a, opts) {
     if (a.output) return a.output.slice(2);
     if (a.address) return _address().data;
     if (o.internalPubkey) {
-      const tweakedKey = (0, types_1.tweakPublicKey)(o.internalPubkey, o.hash);
+      const tweakedKey = (0, types_1.tweakKey)(o.internalPubkey, o.hash);
       if (tweakedKey) return tweakedKey.x;
     }
   });
@@ -136,7 +136,7 @@ function p2tr(a, opts) {
       else pubkey = a.output.slice(2);
     }
     if (a.internalPubkey) {
-      const tweakedKey = (0, types_1.tweakPublicKey)(a.internalPubkey, o.hash);
+      const tweakedKey = (0, types_1.tweakKey)(a.internalPubkey, o.hash);
       if (tweakedKey === null)
         throw new TypeError('Invalid internalPubkey for p2tr');
       if (pubkey.length > 0 && !pubkey.equals(tweakedKey.x))
@@ -187,14 +187,9 @@ function p2tr(a, opts) {
           throw new TypeError('Invalid internalPubkey for p2tr witness');
         const leafVersion = controlBlock[0] & 0b11111110;
         const script = witness[witness.length - 2];
-        const tweak = (0, types_1.computeTweakFromScriptPath)(
-          controlBlock,
-          script,
-          internalPubkey,
-          m,
-          leafVersion,
-        );
-        const outputKey = (0, types_1.tweakPublicKey)(internalPubkey, tweak);
+        const tapLeafHash = (0, types_1.leafHash)(script, leafVersion);
+        const hash = (0, types_1.rootHash)(controlBlock, tapLeafHash);
+        const outputKey = (0, types_1.tweakKey)(internalPubkey, hash);
         if (!outputKey)
           // todo: needs test data
           throw new TypeError('Invalid outputKey for p2tr witness');

src/types.d.ts

@@ -1,10 +1,10 @@
 /// <reference types="node" />
-import { Buffer as NBuffer } from 'buffer';
 export declare const typeforce: any;
 export declare function isPoint(p: Buffer | number | undefined | null): boolean;
 export declare function liftX(buffer: Buffer): Buffer | null;
-export declare function tweakPublicKey(pubKey: Buffer, h: Buffer | undefined): TweakedPublicKey | null;
-export declare function computeTweakFromScriptPath(controlBlock: Buffer, script: Buffer, internalPubkey: Buffer, m: number, v: number): NBuffer;
+export declare function tweakKey(pubKey: Buffer, h: Buffer | undefined): TweakedPublicKey | null;
+export declare function leafHash(script: Buffer, version: number): Buffer;
+export declare function rootHash(controlBlock: Buffer, tapLeafMsg: Buffer): Buffer;
 export declare function UInt31(value: number): boolean;
 export declare function BIP32Path(value: string): boolean;
 export declare namespace BIP32Path {

src/types.js

@@ -1,6 +1,6 @@
 'use strict';
 Object.defineProperty(exports, '__esModule', { value: true });
-exports.oneOf = exports.Null = exports.BufferN = exports.Function = exports.UInt32 = exports.UInt8 = exports.tuple = exports.maybe = exports.Hex = exports.Buffer = exports.String = exports.Boolean = exports.Array = exports.Number = exports.Hash256bit = exports.Hash160bit = exports.Buffer256bit = exports.TaprootNode = exports.TaprootLeaf = exports.Network = exports.ECPoint = exports.Satoshi = exports.Signer = exports.BIP32Path = exports.UInt31 = exports.computeTweakFromScriptPath = exports.tweakPublicKey = exports.liftX = exports.isPoint = exports.typeforce = void 0;
+exports.oneOf = exports.Null = exports.BufferN = exports.Function = exports.UInt32 = exports.UInt8 = exports.tuple = exports.maybe = exports.Hex = exports.Buffer = exports.String = exports.Boolean = exports.Array = exports.Number = exports.Hash256bit = exports.Hash160bit = exports.Buffer256bit = exports.TaprootNode = exports.TaprootLeaf = exports.Network = exports.ECPoint = exports.Satoshi = exports.Signer = exports.BIP32Path = exports.UInt31 = exports.rootHash = exports.leafHash = exports.tweakKey = exports.liftX = exports.isPoint = exports.typeforce = void 0;
 const buffer_1 = require('buffer');
 const bcrypto = require('./crypto');
 const varuint = require('bip174/src/lib/converter/varint');
@@ -69,7 +69,7 @@ const GROUP_ORDER = buffer_1.Buffer.from(
 );
 // todo: compare buffers dirrectly
 const GROUP_ORDER_BN = new BN(GROUP_ORDER);
-function tweakPublicKey(pubKey, h) {
+function tweakKey(pubKey, h) {
   if (!buffer_1.Buffer.isBuffer(pubKey)) return null;
   if (pubKey.length !== 32) return null;
   if (h && h.length !== 32) return null;
@@ -90,22 +90,20 @@ function tweakPublicKey(pubKey, h) {
     x: Q.slice(1, 33),
   };
 }
-exports.tweakPublicKey = tweakPublicKey;
+exports.tweakKey = tweakKey;
 const TAP_LEAF_TAG = buffer_1.Buffer.from('TapLeaf', 'utf8');
 const TAP_BRANCH_TAG = buffer_1.Buffer.from('TapBranch', 'utf8');
-function computeTweakFromScriptPath(
-  controlBlock,
-  script,
-  internalPubkey,
-  m,
-  v,
-) {
-  const k = [];
-  const e = [];
-  const tapLeafMsg = buffer_1.Buffer.concat([
-    buffer_1.Buffer.from([v]),
+function leafHash(script, version) {
+  return buffer_1.Buffer.concat([
+    buffer_1.Buffer.from([version]),
     serializeScript(script),
   ]);
+}
+exports.leafHash = leafHash;
+function rootHash(controlBlock, tapLeafMsg) {
+  const k = [];
+  const e = [];
+  const m = (controlBlock.length - 33) / 32;
   k[0] = bcrypto.taggedHash(TAP_LEAF_TAG, tapLeafMsg);
   for (let j = 0; j < m; j++) {
     e[j] = controlBlock.slice(33 + 32 * j, 65 + 32 * j);
@@ -121,16 +119,9 @@ function computeTweakFromScriptPath(
       );
     }
   }
-  const t = bcrypto.taggedHash(
-    TAP_TWEAK_TAG,
-    buffer_1.Buffer.concat([internalPubkey, k[m]]),
-  );
-  if (t.compare(GROUP_ORDER) >= 0) {
-    throw new Error('Over the order of secp256k1');
-  }
-  return t;
+  return k[m];
 }
-exports.computeTweakFromScriptPath = computeTweakFromScriptPath;
+exports.rootHash = rootHash;
 // todo: move out
 function serializeScript(s) {
   const varintLen = varuint.encodingLength(s.length);

ts_src/payments/p2tr.ts

@@ -1,6 +1,6 @@
 import { bitcoin as BITCOIN_NETWORK } from '../networks';
 import * as bscript from '../script';
-import { liftX, tweakPublicKey, computeTweakFromScriptPath, typeforce as typef } from '../types';
+import { liftX, leafHash, rootHash, tweakKey, typeforce as typef } from '../types';
 import { computeMastRoot } from '../merkle';
 import { Payment, PaymentOpts } from './index';
 import * as lazy from './lazy';
@@ -81,7 +81,7 @@ export function p2tr(a: Payment, opts?: PaymentOpts): Payment {
     if (a.output) return a.output.slice(2)
     if (a.address) return _address().data;
     if (o.internalPubkey) {
-      const tweakedKey = tweakPublicKey(o.internalPubkey, o.hash)
+      const tweakedKey = tweakKey(o.internalPubkey, o.hash)
       if (tweakedKey) return tweakedKey.x
     }
   });
@@ -136,7 +136,7 @@ export function p2tr(a: Payment, opts?: PaymentOpts): Payment {
     }
 
     if (a.internalPubkey) {
-      const tweakedKey = tweakPublicKey(a.internalPubkey, o.hash)
+      const tweakedKey = tweakKey(a.internalPubkey, o.hash)
       if (tweakedKey === null) throw new TypeError('Invalid internalPubkey for p2tr');
       if (pubkey.length > 0 && !pubkey.equals(tweakedKey.x))
         throw new TypeError('Pubkey mismatch');
@@ -189,9 +189,11 @@ export function p2tr(a: Payment, opts?: PaymentOpts): Payment {
 
         const leafVersion = controlBlock[0] & 0b11111110;
         const script = witness[witness.length - 2];
-        const tweak = computeTweakFromScriptPath(controlBlock, script, internalPubkey, m, leafVersion)
+        
+        const tapLeafHash = leafHash(script, leafVersion)
+        const hash = rootHash(controlBlock, tapLeafHash)
 
-        const outputKey = tweakPublicKey(internalPubkey, tweak)
+        const outputKey = tweakKey(internalPubkey, hash)
         if (!outputKey)
           // todo: needs test data
           throw new TypeError('Invalid outputKey for p2tr witness');

ts_src/types.ts

@@ -78,7 +78,7 @@ const GROUP_ORDER = NBuffer.from('fffffffffffffffffffffffffffffffebaaedce6af48a0
 // todo: compare buffers dirrectly
 const GROUP_ORDER_BN = new BN(GROUP_ORDER);
 
-export function tweakPublicKey(
+export function tweakKey(
   pubKey: Buffer,
   h: Buffer | undefined,
 ): TweakedPublicKey | null {
@@ -109,14 +109,18 @@ export function tweakPublicKey(
 const TAP_LEAF_TAG = NBuffer.from('TapLeaf', 'utf8');
 const TAP_BRANCH_TAG = NBuffer.from('TapBranch', 'utf8');
 
-export function computeTweakFromScriptPath(controlBlock: Buffer, script: Buffer, internalPubkey: Buffer, m: number, v: number) {
+
+export function leafHash(script: Buffer, version: number): Buffer {
+  return NBuffer.concat([NBuffer.from([version]), serializeScript(script)]);
+}
+
+export function rootHash(controlBlock: Buffer, tapLeafMsg: Buffer): Buffer {
   const k = [];
   const e = [];
 
-  const tapLeafMsg = NBuffer.concat([NBuffer.from([v]), serializeScript(script)]);
+  const m = (controlBlock.length - 33) / 32;
   k[0] = bcrypto.taggedHash(TAP_LEAF_TAG, tapLeafMsg);
 
-
   for (let j = 0; j < m; j++) {
     e[j] = controlBlock.slice(33 + 32 * j, 65 + 32 * j);
     if (k[j].compare(e[j]) < 0) {
@@ -126,12 +130,7 @@ export function computeTweakFromScriptPath(controlBlock: Buffer, script: Buffer,
     }
   }
 
-  const t = bcrypto.taggedHash(TAP_TWEAK_TAG, NBuffer.concat([internalPubkey, k[m]]));
-  if (t.compare(GROUP_ORDER) >= 0) {
-    throw new Error('Over the order of secp256k1')
-  }
-
-  return t
+  return k[m]
 }
 
 // todo: move out