feat(p2tr): PSBT-style tree coding

Deprecates weight-based tap tree coding

Issue: BG-54756

Author: reardencode

src/payments/index.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import { Network } from '../networks';
+import { TapTree } from 'bip174/src/lib/interfaces';
 import { TinySecp256k1Interface } from '../types';
 import { p2data as embed } from './embed';
 import { p2ms } from './p2ms';
@@ -29,7 +30,9 @@ export interface Payment {
     redeemIndex?: number;
     witness?: Buffer[];
     weight?: number;
+    depth?: number;
     controlBlock?: Buffer;
+    tapTree?: TapTree;
     annex?: Buffer;
 }
 export declare type PaymentCreator = (a: Payment, opts?: PaymentOpts) => Payment;

src/payments/p2tr.js

@@ -51,6 +51,7 @@ function p2tr(a, opts) {
           network: typef.maybe(typef.Object),
           output: typef.maybe(typef.Buffer),
           weight: typef.maybe(typef.Number),
+          depth: typef.maybe(typef.Number),
           witness: typef.maybe(typef.arrayOf(typef.Buffer)),
         }),
       ),
@@ -77,8 +78,13 @@ function p2tr(a, opts) {
     // extract the 32 byte taproot pubkey (aka witness program)
     return a.output && a.output.slice(2);
   });
-  const _taptree = lazy.value(() => {
+  const network = a.network || networks_1.bitcoin;
+  const o = { network };
+  const _taprootPaths = lazy.value(() => {
     if (!a.redeems) return;
+    if (o.tapTree) {
+      return taproot.getDepthFirstTaptree(o.tapTree);
+    }
     const outputs = a.redeems.map(({ output }) => output);
     if (!outputs.every(output => output)) return;
     return taproot.getHuffmanTaptree(
@@ -146,11 +152,29 @@ function p2tr(a, opts) {
           tapscript,
         );
     }
-    if (!taptreeRoot && _taptree()) taptreeRoot = _taptree().root;
+    if (!taptreeRoot && _taprootPaths()) taptreeRoot = _taprootPaths().root;
     return taproot.tapTweakPubkey(ecc, _internalPubkey(), taptreeRoot);
   });
-  const network = a.network || networks_1.bitcoin;
-  const o = { network };
+  lazy.prop(o, 'tapTree', () => {
+    if (!a.redeems) return;
+    if (a.redeems.find(({ depth }) => depth === undefined)) {
+      console.warn(
+        'Deprecation Warning: Weight-based tap tree construction will be removed in the future. ' +
+          'Please use depth-first coding as specified in BIP-0371.',
+      );
+      return;
+    }
+    if (!a.redeems.every(({ output }) => output)) return;
+    return {
+      leaves: a.redeems.map(({ output, depth }) => {
+        return {
+          script: output,
+          leafVersion: taproot.INITIAL_TAPSCRIPT_VERSION,
+          depth,
+        };
+      }),
+    };
+  });
   lazy.prop(o, 'address', () => {
     const pubkey =
       _outputPubkey() || (_taprootPubkey() && _taprootPubkey().xOnlyPubkey);
@@ -164,12 +188,12 @@ function p2tr(a, opts) {
     if (parsedWitness && parsedWitness.spendType === 'Script')
       return parsedWitness.controlBlock;
     const taprootPubkey = _taprootPubkey();
-    const taptree = _taptree();
-    if (!taptree || !taprootPubkey || a.redeemIndex === undefined) return;
+    const taprootPaths = _taprootPaths();
+    if (!taprootPaths || !taprootPubkey || a.redeemIndex === undefined) return;
     return taproot.getControlBlock(
       taprootPubkey.parity,
       _internalPubkey(),
-      taptree.paths[a.redeemIndex],
+      taprootPaths.paths[a.redeemIndex],
     );
   });
   lazy.prop(o, 'signature', () => {

src/taproot.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+import { TapTree as PsbtTapTree } from 'bip174/src/lib/interfaces';
 import { TinySecp256k1Interface, XOnlyPointAddTweakResult } from './types';
 /**
  * The 0x02 prefix indicating an even Y coordinate which is implicitly assumed
@@ -55,6 +56,14 @@ export interface Taptree {
     root: Buffer;
     paths: Buffer[][];
 }
+/**
+ * Gets the root hash and hash-paths of a taptree from the depth-first
+ * construction used in BIP-0371 PSBTs
+ * @param tree
+ * @returns {Taptree} the tree, represented by its root hash, and the paths to
+ * that root from each of the input scripts
+ */
+export declare function getDepthFirstTaptree(tree: PsbtTapTree): Taptree;
 /**
  * Gets the root hash of a taptree using a weighted Huffman construction from a
  * list of scripts and corresponding weights.

src/taproot.js

@@ -3,7 +3,7 @@
 // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
 // https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki
 Object.defineProperty(exports, '__esModule', { value: true });
-exports.getTaptreeRoot = exports.getTapleafHash = exports.parseControlBlock = exports.parseTaprootWitness = exports.getControlBlock = exports.getHuffmanTaptree = exports.tapTweakPubkey = exports.tapTweakPrivkey = exports.hashTapBranch = exports.hashTapLeaf = exports.serializeScriptSize = exports.aggregateMuSigPubkeys = exports.INITIAL_TAPSCRIPT_VERSION = exports.EVEN_Y_COORD_PREFIX = void 0;
+exports.getTaptreeRoot = exports.getTapleafHash = exports.parseControlBlock = exports.parseTaprootWitness = exports.getControlBlock = exports.getHuffmanTaptree = exports.getDepthFirstTaptree = exports.tapTweakPubkey = exports.tapTweakPrivkey = exports.hashTapBranch = exports.hashTapLeaf = exports.serializeScriptSize = exports.aggregateMuSigPubkeys = exports.INITIAL_TAPSCRIPT_VERSION = exports.EVEN_Y_COORD_PREFIX = void 0;
 const assert = require('assert');
 const FastPriorityQueue = require('fastpriorityqueue');
 const bcrypto = require('./crypto');
@@ -144,6 +144,39 @@ function tapTweakPubkey(ecc, pubkey, taptreeRoot) {
   return result;
 }
 exports.tapTweakPubkey = tapTweakPubkey;
+function recurseTaptree(leaves, targetDepth = 0) {
+  const { value, done } = leaves.next();
+  assert(!done, 'insufficient leaves to reconstruct tap tree');
+  const [index, leaf] = value;
+  const tree = {
+    root: hashTapLeaf(leaf.script, leaf.leafVersion),
+    paths: [],
+  };
+  tree.paths[index] = [];
+  for (let depth = leaf.depth; depth > targetDepth; depth--) {
+    const sibling = recurseTaptree(leaves, depth);
+    tree.paths.forEach(path => path.push(sibling.root));
+    sibling.paths.forEach(path => path.push(tree.root));
+    tree.root = hashTapBranch(tree.root, sibling.root);
+    // Merge disjoint sparse arrays of paths into tree.paths
+    Object.assign(tree.paths, sibling.paths);
+  }
+  return tree;
+}
+/**
+ * Gets the root hash and hash-paths of a taptree from the depth-first
+ * construction used in BIP-0371 PSBTs
+ * @param tree
+ * @returns {Taptree} the tree, represented by its root hash, and the paths to
+ * that root from each of the input scripts
+ */
+function getDepthFirstTaptree(tree) {
+  const iter = tree.leaves.entries();
+  const ret = recurseTaptree(iter);
+  assert(iter.next().done, 'invalid tap tree, no path to some leaves');
+  return ret;
+}
+exports.getDepthFirstTaptree = getDepthFirstTaptree;
 /**
  * Gets the root hash of a taptree using a weighted Huffman construction from a
  * list of scripts and corresponding weights.

test/fixtures/p2tr.json

@@ -7,16 +7,16 @@
         "redeems": [
           {
             "output": "8f5173bc367914e1574aceb3c7232a178a764fb6f14730b6b20bd36394c6c717 OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "07c7c32d159a27ba1824798b3b1d11e1b85f4dbc9e9fe63d95440a30737496de OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "4d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4 OP_CHECKSIG",
             "inputHex": "20deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
-            "weight": 2
+            "depth": 1
           }
         ],
         "network": "regtest",
@@ -41,16 +41,16 @@
         "redeems": [
           {
             "output": "8f5173bc367914e1574aceb3c7232a178a764fb6f14730b6b20bd36394c6c717 OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "07c7c32d159a27ba1824798b3b1d11e1b85f4dbc9e9fe63d95440a30737496de OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "4d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4 OP_CHECKSIG",
             "inputHex": "20deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef",
-            "weight": 2
+            "depth": 1
           }
         ],
         "network": "regtest"
@@ -69,16 +69,16 @@
         "redeems": [
           {
             "output": "8f5173bc367914e1574aceb3c7232a178a764fb6f14730b6b20bd36394c6c717 OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "07c7c32d159a27ba1824798b3b1d11e1b85f4dbc9e9fe63d95440a30737496de OP_CHECKSIG",
-            "weight": 1
+            "depth": 2
           },
           {
             "output": "4d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4 OP_CHECKSIG",
             "witness": [ "deadbeef" ],
-            "weight": 2
+            "depth": 1
           }
         ],
         "network": "regtest",
@@ -106,16 +106,16 @@
         "redeems": [
           {
             "outputHex": "2020040c8338b34cb9c06c6b1bd38095eafa8f9b72398a1084fdb67473d82dfda3ad20d806a63b6e2d83f11f22f9a11ba7a49ac451e8acf57591ec058e422eb997d55ead",
-            "weight": 1
+            "depth": 2
           },
           {
             "outputHex": "20d806a63b6e2d83f11f22f9a11ba7a49ac451e8acf57591ec058e422eb997d55ead200dcd7e6035f7ff5c860b78cfdd2bd80b4b160ca99a71654796afde11457e11e7ad",
-            "weight": 1
+            "depth": 2
           },
           {
             "outputHex": "200dcd7e6035f7ff5c860b78cfdd2bd80b4b160ca99a71654796afde11457e11e7ad2020040c8338b34cb9c06c6b1bd38095eafa8f9b72398a1084fdb67473d82dfda3ad",
             "witness": [ "deadbeef", "deadbeef" ],
-            "weight": 2
+            "depth": 1
           }
         ],
         "network": "regtest",
@@ -211,7 +211,8 @@
       "arguments": {
         "redeems": [{
           "witness": ["e6e81bea57db6bed922afbc5fab65c61f546b6f467b8c3570b5478ba21851e57b00bef791cd06d58afebb883770d956afaf2a9a796fb594a85d124b6837a4c7101"],
-          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac"
+          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
+          "depth": 0
         }],
         "controlBlock": "c150929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0",
         "annex": "50abcd",
@@ -343,7 +344,8 @@
       "arguments": {
         "redeemIndex": -1,
         "redeems": [{
-          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac"
+          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
+          "depth": 0
         }],
         "network": "testnet"
       },
@@ -355,7 +357,8 @@
       "arguments": {
         "redeemIndex": 2,
         "redeems": [{
-          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac"
+          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
+          "depth": 0
         }],
         "network": "testnet"
       },
@@ -367,7 +370,8 @@
       "arguments": {
         "redeems": [{
           "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
-          "network": "bitcoin"
+          "network": "bitcoin",
+          "depth": 0
         }],
         "network": "testnet"
       },
@@ -378,7 +382,8 @@
       "description": "p2tr from witness/redeem, mismatch",
       "arguments": {
         "redeems": [{
-          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac"
+          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
+          "depth": 0
         }],
         "witness": [
           "e6e81bea57db6bed922afbc5fab65c61f546b6f467b8c3570b5478ba21851e57b00bef791cd06d58afebb883770d956afaf2a9a796fb594a85d124b6837a4c7101",
@@ -438,7 +443,8 @@
       "description": "p2tr from redeem/control block/output, script missing from tap tree",
       "arguments": {
         "redeems": [{
-          "outputHex": "204d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4ac"
+          "outputHex": "204d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4ac",
+          "depth": 0
         }],
         "controlBlockHex": "c150929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0",
         "output": "OP_1 3d3e6d002d642acf8653bcf26b81dbe656df5bf88b6d54221b2606bc78f3d4e6",
@@ -451,7 +457,8 @@
       "description": "p2tr from redeem/control block/address, script missing from tap tree",
       "arguments": {
         "redeems": [{
-          "outputHex": "204d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4ac"
+          "outputHex": "204d4b27ab455a6e2b03af29a141ef47fc579c8435f563c065bf0dd12e6180ccd4ac",
+          "depth": 0
         }],
         "controlBlockHex": "c150929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0",
         "address": "tb1p85lx6qpdvs4vlpjnhnexhqwmuetd7klc3dk4ggsmycrtc78n6nnqakvcc9",
@@ -474,7 +481,8 @@
       "description": "parity mismatch",
       "arguments": {
         "redeems": [{
-          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac"
+          "outputHex": "20dcd9a3fdad900e39ff367823f5d683135238d04425ac8dce19d0220e5791c700ac",
+          "depth": 0
         }],
         "controlBlock": "c050929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0",
         "network": "testnet"

ts_src/payments/index.ts

@@ -1,4 +1,5 @@
 import { Network } from '../networks';
+import { TapTree } from 'bip174/src/lib/interfaces';
 import { TinySecp256k1Interface } from '../types';
 import { p2data as embed } from './embed';
 import { p2ms } from './p2ms';
@@ -29,7 +30,9 @@ export interface Payment {
   redeemIndex?: number;
   witness?: Buffer[];
   weight?: number;
+  depth?: number;
   controlBlock?: Buffer;
+  tapTree?: TapTree;
   annex?: Buffer;
 }