bitcoinjs#1552 playing around, can be ignored

Author: motorina0

CHANGELOG.md

@@ -149,6 +149,7 @@ __removed__
 - Removed `networks.litecoin`, BYO non-Bitcoin networks instead (#1095)
 - Removed `script.isCanonicalSignature`, use `script.isCanonicalScriptSignature` instead (#1094)
 - Removed `script.*.input/output/check` functions (`templates`), use `payments.*` instead (`templates` previously added in #681, #682) (#1119)
+//
 - Removed dependency `bigi`, uses `bn.js` internally now (via `tiny-secp256k1`) (#1070, #1112)
 - Removed public access to `ECPair` constructor, use exported functions `ECPair.fromPrivateKey`, `ECPair.fromWIF`, `ECPair.makeRandom`, or `ECPair.fromPublicKey` (#1070)
 

p2tr-witness.js

@@ -0,0 +1,88 @@
+const BN = require('bn.js'); // TODO: remove? see changelog bn.js
+
+const ANNEX_PREFIX = 0x50;
+const EC_P = Buffer.from('fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 'hex');
+const P = new BN(EC_P);
+const P_QUADRATIC_RESIDUE = P.addn(1).divn(4);
+const BN_3 = new BN(3);
+const BN_7 = new BN(7);
+
+const witnessHex = [
+    "9675a9982c6398ea9d441cb7a943bcd6ff033cc3a2e01a0178a7d3be4575be863871c6bf3eef5ecd34721c784259385ca9101c3a313e010ac942c99de05aaaa602",
+    "5799cf4b193b730fb99580b186f7477c2cca4d28957326f6f1a5d14116438530e7ec0ce1cd465ad96968ae8a6a09d4d37a060a115919f56fcfebe7b2277cc2df5cc08fb6cda9105ee2512b2e22635aba",
+    "7520c7b5db9562078049719228db2ac80cb9643ec96c8055aa3b29c2c03d4d99edb0ac",
+    "c1a7957acbaaf7b444c53d9e0c9436e8a8a3247fd515095d66ddf6201918b40a3668f9a4ccdffcf778da624dca2dda0b08e763ec52fd4ad403ec7563a3504d0cc168b9a77a410029e01dac89567c9b2e6cd726e840351df3f2f58fefe976200a19244150d04153909f660184d656ee95fa7bf8e1d4ec83da1fca34f64bc279b76d257ec623e08baba2cfa4ea9e99646e88f1eb1668c00c0f15b7443c8ab83481611cc3ae85eb89a7bfc40067eb1d2e6354a32426d0ce710e88bc4cc0718b99c325509c9d02a6a980d675a8969be10ee9bef82cafee2fc913475667ccda37b1bc7f13f64e56c449c532658ba8481631c02ead979754c809584a875951619cec8fb040c33f06468ae0266cd8693d6a64cea5912be32d8de95a6da6300b0c50fdcd6001ea41126e7b7e5280d455054a816560028f5ca53c9a50ee52f10e15c5337315bad1f5277acb109a1418649dc6ead2fe14699742fee7182f2f15e54279c7d932ed2799d01d73c97e68bbc94d6f7f56ee0a80efd7c76e3169e10d1a1ba3b5f1eb02369dc43af687461c7a2a3344d13eb5485dca29a67f16b4cb988923060fd3b65d0f0352bb634bcc44f2fe668836dcd0f604150049835135dc4b4fbf90fb334b3938a1f137eb32f047c65b85e6c1173b890b6d0162b48b186d1f1af8521945924ac8ac8efec321bf34f1d4b3d4a304a10313052c652d53f6ecb8a55586614e8950cde9ab6fe8e22802e93b3b9139112250b80ebc589aba231af535bb20f7eeec2e412f698c17f3fdc0a2e20924a5e38b21a628a9e3b2a61e35958e60c7f5087c"
+];
+
+const witness = witnessHex.map(w => Buffer.from(w, 'hex'));
+
+if (!witness || !witness.length) {
+    throw new Error('The witness stack has 0 elements');
+}
+
+// check for annex
+if (witness.length >= 2 && (witness[witness.length - 1][0] === ANNEX_PREFIX)) {
+    witness.pop(); // remove annex, ignored by taproot
+}
+
+// key path spending
+if (witness.length === 1) {
+    // the only element is the signature
+    // must be checked against the tweaked public key
+    // TODO
+    return
+}
+
+// script path spending
+const controlBlock = witness[witness.length - 1];
+if (controlBlock.length < 33) {
+    throw new Error(`The control-block length is too small. Got ${controlBlock.length}, expected 33.`);
+}
+if ((controlBlock.length - 33) % 32 !== 0) {
+    throw new Error('The control-block length is incorrect!');
+}
+if ((controlBlock.length - 33) / 32 > 128) {
+    throw new Error(`The control-block length is too large. Got ${controlBlock.length}.`);
+}
+const script = witness[witness.length - 2];
+
+const pxxx = controlBlock.slice(1, 33);
+
+
+const leafVersion = controlBlock[0] & 0xfe;
+
+
+
+function liftX(b) {
+    console.log('liftX IN');
+    // check if x instance of buffer and length 32
+    const x = new BN(b);
+    if (x.gte(P)) return null;
+    const yy = x.pow(BN_3).add(BN_7).mod(P);
+    // const y = yy.pow(P_QUADRATIC_RESIDUE).mod(P);
+
+    console.log('liftX OUT');
+    return yy;
+}
+
+
+// const p = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
+// const q = (p + 1n) / 4n;
+
+// function liftX(hex) {
+//     console.log('liftX IN');
+
+//     const x = BigInt(hex);
+
+//     if (x >= p) return null;
+//     const yy = (x ** 3n + 7n) % p;
+//     // const y = (yy ** q) % p;
+    
+
+//     console.log('liftX OUT');
+//     return yy;
+// }
+
+const x = '0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798';
+const y = liftX(x);
+console.log('y', y.toJSON());

package-lock.json

@@ -54,6 +54,7 @@
     "bip32": "^2.0.4",
     "bip66": "^1.1.0",
     "bitcoin-ops": "^1.4.0",
+    "bn": "^1.0.5",
     "bs58check": "^2.0.0",
     "create-hash": "^1.1.0",
     "create-hmac": "^1.1.3",

package.json

@@ -0,0 +1,11 @@
+const bscript = require('./src/script');
+const {
+    Transaction
+} = require('./src/transaction')
+
+const hex = '4da5fbaa000000002251206d1cb3f7811934f57a680ce8cabda34527cbcebf218a0fdc833b7a8e7df361ee';
+const prevout = Buffer.from(hex, 'hex');
+const prevsScriptOut = prevout.slice(9)
+
+const asm = bscript.toASM(prevsScriptOut)
+console.log('######## asm: ', asm)

play.js

@@ -60,6 +60,7 @@
         "comment": "tapscript/input80limit"
     },
     {
+        
         "tx": "02000000010ab81a3da7f63b84ecc2f61f43ec9f28fceac00c4e4b5ed68dd6da20771c540e1400000000eea0cdf0010ce5b000000000001600145aef668a7ef2d6515eec21e83a80866bc0eea46e16000000",
         "prevouts": [
             "2b606c01000000002251206acd3cc9529163c83c8726287e171bc36722ca3aee50cf068ad424487797c506"

test/fixtures/p2tr.json

@@ -14,14 +14,15 @@ export interface Payment {
   data?: Buffer[];
   m?: number;
   n?: number;
-  pubkeys?: Buffer[];
+  pubkeys?: Buffer[]; // <-- can be used for taproot 
   input?: Buffer;
   signatures?: Buffer[];
   pubkey?: Buffer;
   signature?: Buffer;
   address?: string;
   hash?: Buffer;
   redeem?: Payment;
+  taprootRedeems?: Payment[];
   witness?: Buffer[];
 }
 

ts_src/payments/index.ts

@@ -7,7 +7,7 @@ const typef = require('typeforce');
 const OPS = bscript.OPS;
 const ecc = require('tiny-secp256k1');
 
-const { bech32 } = require('bech32');
+const { bech32, bech32m } = require('bech32');
 
 const EMPTY_BUFFER = Buffer.alloc(0);
 
@@ -34,8 +34,8 @@ function chunkHasUncompressedPubkey(chunk: StackElement): boolean {
 
 // input: <>
 // witness: [redeemScriptSig ...] {redeemScript}
-// output: OP_0 {sha256(redeemScript)}
-export function p2wsh(a: Payment, opts?: PaymentOpts): Payment {
+// output: OP_1 {publicKey}
+export function p2tr(a: Payment, opts?: PaymentOpts): Payment {
   if (!a.address && !a.hash && !a.output && !a.redeem && !a.witness)
     throw new TypeError('Not enough data');
   opts = Object.assign({ validate: true }, opts || {});
@@ -61,9 +61,9 @@ export function p2wsh(a: Payment, opts?: PaymentOpts): Payment {
   );
 
   const _address = lazy.value(() => {
-    const result = bech32.decode(a.address);
+    const result = bech32m.decode(a.address);
     const version = result.words.shift();
-    const data = bech32.fromWords(result.words);
+    const data = bech32m.fromWords(result.words);
     return {
       version,
       prefix: result.prefix,
@@ -94,12 +94,12 @@ export function p2wsh(a: Payment, opts?: PaymentOpts): Payment {
   });
   lazy.prop(o, 'output', () => {
     if (!o.hash) return;
-    return bscript.compile([OPS.OP_0, o.hash]);
+    return bscript.compile([OPS.OP_1, o.hash]);
   });
   lazy.prop(o, 'redeem', () => {
     if (!a.witness) return;
     return {
-      output: a.witness[a.witness.length - 1],
+      output: a.witness[a.witness.length - 1], // <-- last on the stack is the reedem lock script
       input: EMPTY_BUFFER,
       witness: a.witness.slice(0, -1),
     };