Merge pull request #42 from BitGo/p2tr_psbt

Make p2tr payments and taproot.ts more PSBT friendly

Author: brandonblack

src/payments/index.d.ts

@@ -1,5 +1,6 @@
 /// <reference types="node" />
 import { Network } from '../networks';
+import { TapTree } from 'bip174/src/lib/interfaces';
 import { TinySecp256k1Interface } from '../types';
 import { p2data as embed } from './embed';
 import { p2ms } from './p2ms';
@@ -21,6 +22,7 @@ export interface Payment {
     input?: Buffer;
     signatures?: Buffer[];
     pubkey?: Buffer;
+    internalPubkey?: Buffer;
     signature?: Buffer;
     address?: string;
     hash?: Buffer;
@@ -29,7 +31,9 @@ export interface Payment {
     redeemIndex?: number;
     witness?: Buffer[];
     weight?: number;
+    depth?: number;
     controlBlock?: Buffer;
+    tapTree?: TapTree;
     annex?: Buffer;
 }
 export declare type PaymentCreator = (a: Payment, opts?: PaymentOpts) => Payment;

src/payments/p2tr.js

@@ -51,6 +51,7 @@ function p2tr(a, opts) {
           network: typef.maybe(typef.Object),
           output: typef.maybe(typef.Buffer),
           weight: typef.maybe(typef.Number),
+          depth: typef.maybe(typef.Number),
           witness: typef.maybe(typef.arrayOf(typef.Buffer)),
         }),
       ),
@@ -77,8 +78,13 @@ function p2tr(a, opts) {
     // extract the 32 byte taproot pubkey (aka witness program)
     return a.output && a.output.slice(2);
   });
-  const _taptree = lazy.value(() => {
+  const network = a.network || networks_1.bitcoin;
+  const o = { network };
+  const _taprootPaths = lazy.value(() => {
     if (!a.redeems) return;
+    if (o.tapTree) {
+      return taproot.getDepthFirstTaptree(o.tapTree);
+    }
     const outputs = a.redeems.map(({ output }) => output);
     if (!outputs.every(output => output)) return;
     return taproot.getHuffmanTaptree(
@@ -97,15 +103,15 @@ function p2tr(a, opts) {
     if (parsedWitness && parsedWitness.spendType === 'Script')
       return taproot.parseControlBlock(ecc, parsedWitness.controlBlock);
   });
-  const _internalPubkey = lazy.value(() => {
+  lazy.prop(o, 'internalPubkey', () => {
     if (a.pubkey) {
       // single pubkey
       return a.pubkey;
     } else if (a.pubkeys && a.pubkeys.length === 1) {
       return a.pubkeys[0];
     } else if (a.pubkeys && a.pubkeys.length > 1) {
       // multiple pubkeys
-      return taproot.aggregateMuSigPubkeys(ecc, a.pubkeys);
+      return Buffer.from(taproot.aggregateMuSigPubkeys(ecc, a.pubkeys));
     } else if (_parsedControlBlock()) {
       return _parsedControlBlock().internalPubkey;
     } else {
@@ -146,11 +152,29 @@ function p2tr(a, opts) {
           tapscript,
         );
     }
-    if (!taptreeRoot && _taptree()) taptreeRoot = _taptree().root;
-    return taproot.tapTweakPubkey(ecc, _internalPubkey(), taptreeRoot);
+    if (!taptreeRoot && _taprootPaths()) taptreeRoot = _taprootPaths().root;
+    return taproot.tapTweakPubkey(ecc, o.internalPubkey, taptreeRoot);
+  });
+  lazy.prop(o, 'tapTree', () => {
+    if (!a.redeems) return;
+    if (a.redeems.find(({ depth }) => depth === undefined)) {
+      console.warn(
+        'Deprecation Warning: Weight-based tap tree construction will be removed in the future. ' +
+          'Please use depth-first coding as specified in BIP-0371.',
+      );
+      return;
+    }
+    if (!a.redeems.every(({ output }) => output)) return;
+    return {
+      leaves: a.redeems.map(({ output, depth }) => {
+        return {
+          script: output,
+          leafVersion: taproot.INITIAL_TAPSCRIPT_VERSION,
+          depth,
+        };
+      }),
+    };
   });
-  const network = a.network || networks_1.bitcoin;
-  const o = { network };
   lazy.prop(o, 'address', () => {
     const pubkey =
       _outputPubkey() || (_taprootPubkey() && _taprootPubkey().xOnlyPubkey);
@@ -164,12 +188,12 @@ function p2tr(a, opts) {
     if (parsedWitness && parsedWitness.spendType === 'Script')
       return parsedWitness.controlBlock;
     const taprootPubkey = _taprootPubkey();
-    const taptree = _taptree();
-    if (!taptree || !taprootPubkey || a.redeemIndex === undefined) return;
+    const taprootPaths = _taprootPaths();
+    if (!taprootPaths || !taprootPubkey || a.redeemIndex === undefined) return;
     return taproot.getControlBlock(
       taprootPubkey.parity,
-      _internalPubkey(),
-      taptree.paths[a.redeemIndex],
+      o.internalPubkey,
+      taprootPaths.paths[a.redeemIndex],
     );
   });
   lazy.prop(o, 'signature', () => {
@@ -265,7 +289,7 @@ function p2tr(a, opts) {
         throw new TypeError('mismatch between address and taproot pubkey');
     const parsedControlBlock = _parsedControlBlock();
     if (parsedControlBlock) {
-      if (!parsedControlBlock.internalPubkey.equals(_internalPubkey()))
+      if (!parsedControlBlock.internalPubkey.equals(o.internalPubkey))
         throw new TypeError('Internal pubkey mismatch');
       if (taprootPubkey && parsedControlBlock.parity !== taprootPubkey.parity)
         throw new TypeError('Parity mismatch');

src/taproot.d.ts

@@ -1,10 +1,12 @@
 /// <reference types="node" />
+import { TapTree as PsbtTapTree } from 'bip174/src/lib/interfaces';
 import { TinySecp256k1Interface, XOnlyPointAddTweakResult } from './types';
 /**
  * The 0x02 prefix indicating an even Y coordinate which is implicitly assumed
  * on all 32 byte x-only pub keys as defined in BIP340.
  */
 export declare const EVEN_Y_COORD_PREFIX: Buffer;
+export declare const INITIAL_TAPSCRIPT_VERSION = 192;
 /**
  * Aggregates a list of public keys into a single MuSig2* public key
  * according to the MuSig2 paper.
@@ -24,7 +26,7 @@ export declare function serializeScriptSize(script: Buffer): Buffer;
  * @param script
  * @returns
  */
-export declare function hashTapLeaf(script: Buffer): Buffer;
+export declare function hashTapLeaf(script: Buffer, leafVersion?: number): Buffer;
 /**
  * Creates a lexicographically sorted tapbranch from two child taptree nodes
  * and returns its tagged hash.
@@ -54,6 +56,14 @@ export interface Taptree {
     root: Buffer;
     paths: Buffer[][];
 }
+/**
+ * Gets the root hash and hash-paths of a taptree from the depth-first
+ * construction used in BIP-0371 PSBTs
+ * @param tree
+ * @returns {Taptree} the tree, represented by its root hash, and the paths to
+ * that root from each of the input scripts
+ */
+export declare function getDepthFirstTaptree(tree: PsbtTapTree): Taptree;
 /**
  * Gets the root hash of a taptree using a weighted Huffman construction from a
  * list of scripts and corresponding weights.
@@ -62,7 +72,7 @@ export interface Taptree {
  * @returns {Taptree} the tree, represented by its root hash, and the paths to that root from each of the input scripts
  */
 export declare function getHuffmanTaptree(scripts: Buffer[], weights: Array<number | undefined>): Taptree;
-export declare function getControlBlock(parity: 0 | 1, pubkey: Uint8Array, path: Buffer[]): Buffer;
+export declare function getControlBlock(parity: 0 | 1, pubkey: Uint8Array, path: Buffer[], leafVersion?: number): Buffer;
 export interface KeyPathWitness {
     spendType: 'Key';
     signature: Buffer;

src/taproot.js

@@ -3,7 +3,7 @@
 // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
 // https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki
 Object.defineProperty(exports, '__esModule', { value: true });
-exports.getTaptreeRoot = exports.getTapleafHash = exports.parseControlBlock = exports.parseTaprootWitness = exports.getControlBlock = exports.getHuffmanTaptree = exports.tapTweakPubkey = exports.tapTweakPrivkey = exports.hashTapBranch = exports.hashTapLeaf = exports.serializeScriptSize = exports.aggregateMuSigPubkeys = exports.EVEN_Y_COORD_PREFIX = void 0;
+exports.getTaptreeRoot = exports.getTapleafHash = exports.parseControlBlock = exports.parseTaprootWitness = exports.getControlBlock = exports.getHuffmanTaptree = exports.getDepthFirstTaptree = exports.tapTweakPubkey = exports.tapTweakPrivkey = exports.hashTapBranch = exports.hashTapLeaf = exports.serializeScriptSize = exports.aggregateMuSigPubkeys = exports.INITIAL_TAPSCRIPT_VERSION = exports.EVEN_Y_COORD_PREFIX = void 0;
 const assert = require('assert');
 const FastPriorityQueue = require('fastpriorityqueue');
 const bcrypto = require('./crypto');
@@ -14,7 +14,7 @@ const varuint = require('varuint-bitcoin');
  * on all 32 byte x-only pub keys as defined in BIP340.
  */
 exports.EVEN_Y_COORD_PREFIX = Buffer.of(0x02);
-const INITIAL_TAPSCRIPT_VERSION = Buffer.of(0xc0);
+exports.INITIAL_TAPSCRIPT_VERSION = 0xc0;
 /**
  * Aggregates a list of public keys into a single MuSig2* public key
  * according to the MuSig2 paper.
@@ -82,11 +82,11 @@ exports.serializeScriptSize = serializeScriptSize;
  * @param script
  * @returns
  */
-function hashTapLeaf(script) {
+function hashTapLeaf(script, leafVersion = exports.INITIAL_TAPSCRIPT_VERSION) {
   const size = serializeScriptSize(script);
   return bcrypto.taggedHash(
     'TapLeaf',
-    Buffer.concat([INITIAL_TAPSCRIPT_VERSION, size, script]),
+    Buffer.concat([Buffer.of(leafVersion), size, script]),
   );
 }
 exports.hashTapLeaf = hashTapLeaf;
@@ -144,6 +144,39 @@ function tapTweakPubkey(ecc, pubkey, taptreeRoot) {
   return result;
 }
 exports.tapTweakPubkey = tapTweakPubkey;
+function recurseTaptree(leaves, targetDepth = 0) {
+  const { value, done } = leaves.next();
+  assert(!done, 'insufficient leaves to reconstruct tap tree');
+  const [index, leaf] = value;
+  const tree = {
+    root: hashTapLeaf(leaf.script, leaf.leafVersion),
+    paths: [],
+  };
+  tree.paths[index] = [];
+  for (let depth = leaf.depth; depth > targetDepth; depth--) {
+    const sibling = recurseTaptree(leaves, depth);
+    tree.paths.forEach(path => path.push(sibling.root));
+    sibling.paths.forEach(path => path.push(tree.root));
+    tree.root = hashTapBranch(tree.root, sibling.root);
+    // Merge disjoint sparse arrays of paths into tree.paths
+    Object.assign(tree.paths, sibling.paths);
+  }
+  return tree;
+}
+/**
+ * Gets the root hash and hash-paths of a taptree from the depth-first
+ * construction used in BIP-0371 PSBTs
+ * @param tree
+ * @returns {Taptree} the tree, represented by its root hash, and the paths to
+ * that root from each of the input scripts
+ */
+function getDepthFirstTaptree(tree) {
+  const iter = tree.leaves.entries();
+  const ret = recurseTaptree(iter);
+  assert(iter.next().done, 'invalid tap tree, no path to some leaves');
+  return ret;
+}
+exports.getDepthFirstTaptree = getDepthFirstTaptree;
 /**
  * Gets the root hash of a taptree using a weighted Huffman construction from a
  * list of scripts and corresponding weights.
@@ -217,8 +250,13 @@ function getHuffmanTaptree(scripts, weights) {
   return { root: rootNode.taggedHash, paths };
 }
 exports.getHuffmanTaptree = getHuffmanTaptree;
-function getControlBlock(parity, pubkey, path) {
-  const parityVersion = INITIAL_TAPSCRIPT_VERSION[0] + parity;
+function getControlBlock(
+  parity,
+  pubkey,
+  path,
+  leafVersion = exports.INITIAL_TAPSCRIPT_VERSION,
+) {
+  const parityVersion = leafVersion + parity;
   return Buffer.concat([Buffer.of(parityVersion), pubkey, ...path]);
 }
 exports.getControlBlock = getControlBlock;