PageRenderTime 1217ms CodeModel.GetById 22ms RepoModel.GetById 0ms app.codeStats 0ms

/test/integration/taproot.md

https://github.com/bitcoinjs/bitcoinjs-lib
Markdown | 156 lines | 138 code | 18 blank | 0 comment | 0 complexity | 19835a8e3dcbfd5961d7ccdf67366269 MD5 | raw file
    

  1. # Taproot
    2. 

  2. 

  3. A simple keyspend example that is possible with the current API is below.
    4. 

  4. 

  5. ## Current state of taproot support
    6. 

  6. 

  7. - [x] segwit v1 address support via bech32m
    8. 

  8. - [x] segwit v1 sighash calculation on Transaction class
    9. 

  9. 

  10. ## TODO
    11. 

  11. 

  12. - [ ] p2tr payment API to make script spends easier
    13. 

  13. - [ ] Support within the Psbt class
    14. 

  14. 

  15. ## Example
    16. 

  16. 

  17. ### Requirements
    18. 

  18. - npm dependencies
    19. 

  19.   - bitcoinjs-lib v6.x.x
    20. 

  20.   - bip32 v3.x.x
    21. 

  21.   - tiny-secp256k1 v2.x.x
    22. 

  22.   - regtest-client vx.x.x
    23. 

  23. - local regtest-server docker container running
    24. 

  24.   - `docker run -d -p 8080:8080 junderw/bitcoinjs-regtest-server`
    25. 

  25. - node >= v14
    26. 

  26. 

  27. ```js
    28. 

  28. // Run this whole file as async
    29. 

  29. // Catch any errors at the bottom of the file
    30. 

  30. // and exit the process with 1 error code
    31. 

  31. (async () => {
    32. 

    33. 

  33. // Order of the curve (N) - 1
    34. 

  34. const N_LESS_1 = Buffer.from(
    35. 

  35.   'fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140',
    36. 

  36.   'hex'
    37. 

  37. );
    38. 

  38. // 1 represented as 32 bytes BE
    39. 

  39. const ONE = Buffer.from(
    40. 

  40.   '0000000000000000000000000000000000000000000000000000000000000001',
    41. 

  41.   'hex'
    42. 

  42. );
    43. 

    44. 

  44. const crypto = require('crypto');
    45. 

  45. // bitcoinjs-lib v6
    46. 

  46. const bitcoin = require('bitcoinjs-lib');
    47. 

  47. // bip32 v3 wraps tiny-secp256k1
    48. 

  48. const BIP32Wrapper = require('bip32').default;
    49. 

  49. const RegtestUtils = require('regtest-client').RegtestUtils;
    50. 

  50. // tiny-secp256k1 v2 is an ESM module, so we can't "require", and must import async
    51. 

  51. const ecc = await import('tiny-secp256k1');
    52. 

  52. // wrap the bip32 library
    53. 

  53. const bip32 = BIP32Wrapper(ecc);
    54. 

  54. // set up dependencies
    55. 

  55. const APIPASS = process.env.APIPASS || 'satoshi';
    56. 

  56. // docker run -d -p 8080:8080 junderw/bitcoinjs-regtest-server
    57. 

  57. const APIURL = process.env.APIURL || 'http://127.0.0.1:8080/1';
    58. 

  58. const regtestUtils = new RegtestUtils({ APIPASS, APIURL });
    59. 

  59. // End imports
    60. 

    61. 

  61. const myKey = bip32.fromSeed(crypto.randomBytes(64), regtestUtils.network);
    62. 

    63. 

  63. const output = createKeySpendOutput(myKey.publicKey);
    64. 

  64. const address = bitcoin.address.fromOutputScript(
    65. 

  65.   output,
    66. 

  66.   regtestUtils.network
    67. 

  67. );
    68. 

  68. // amount from faucet
    69. 

  69. const amount = 42e4;
    70. 

  70. // amount to send
    71. 

  71. const sendAmount = amount - 1e4;
    72. 

  72. // get faucet
    73. 

  73. const unspent = await regtestUtils.faucetComplex(output, amount);
    74. 

    75. 

  75. const tx = createSigned(
    76. 

  76.   myKey,
    77. 

  77.   unspent.txId,
    78. 

  78.   unspent.vout,
    79. 

  79.   sendAmount,
    80. 

  80.   [output],
    81. 

  81.   [amount]
    82. 

  82. );
    83. 

    84. 

  84. const hex = tx.toHex();
    85. 

  85. console.log('Valid tx sent from:');
    86. 

  86. console.log(address);
    87. 

  87. console.log('tx hex:');
    88. 

  88. console.log(hex);
    89. 

  89. await regtestUtils.broadcast(hex);
    90. 

  90. await regtestUtils.verify({
    91. 

  91.   txId: tx.getId(),
    92. 

  92.   address,
    93. 

  93.   vout: 0,
    94. 

  94.   value: sendAmount,
    95. 

  95. });
    96. 

    97. 

  97. // Function for creating a tweaked p2tr key-spend only address
    98. 

  98. // (This is recommended by BIP341)
    99. 

  99. function createKeySpendOutput(publicKey) {
    100. 

  100.   // x-only pubkey (remove 1 byte y parity)
    101. 

  101.   const myXOnlyPubkey = publicKey.slice(1, 33);
    102. 

  102.   const commitHash = bitcoin.crypto.taggedHash('TapTweak', myXOnlyPubkey);
    103. 

  103.   const tweakResult = ecc.xOnlyPointAddTweak(myXOnlyPubkey, commitHash);
    104. 

  104.   if (tweakResult === null) throw new Error('Invalid Tweak');
    105. 

  105.   const { xOnlyPubkey: tweaked } = tweakResult;
    106. 

  106.   // scriptPubkey
    107. 

  107.   return Buffer.concat([
    108. 

  108.     // witness v1, PUSH_DATA 32 bytes
    109. 

  109.     Buffer.from([0x51, 0x20]),
    110. 

  110.     // x-only tweaked pubkey
    111. 

  111.     tweaked,
    112. 

  112.   ]);
    113. 

  113. }
    114. 

    115. 

  115. // Function for signing for a tweaked p2tr key-spend only address
    116. 

  116. // (Required for the above address)
    117. 

  117. function signTweaked(messageHash, key) {
    118. 

  118.   const privateKey =
    119. 

  119.     key.publicKey[0] === 2
    120. 

  120.       ? key.privateKey
    121. 

  121.       : ecc.privateAdd(ecc.privateSub(N_LESS_1, key.privateKey), ONE);
    122. 

  122.   const tweakHash = bitcoin.crypto.taggedHash(
    123. 

  123.     'TapTweak',
    124. 

  124.     key.publicKey.slice(1, 33)
    125. 

  125.   );
    126. 

  126.   const newPrivateKey = ecc.privateAdd(privateKey, tweakHash);
    127. 

  127.   if (newPrivateKey === null) throw new Error('Invalid Tweak');
    128. 

  128.   return ecc.signSchnorr(messageHash, newPrivateKey, Buffer.alloc(32));
    129. 

  129. }
    130. 

    131. 

  131. // Function for creating signed tx
    132. 

  132. function createSigned(key, txid, vout, amountToSend, scriptPubkeys, values) {
    133. 

  133.   const tx = new bitcoin.Transaction();
    134. 

  134.   tx.version = 2;
    135. 

  135.   // Add input
    136. 

  136.   tx.addInput(Buffer.from(txid, 'hex').reverse(), vout);
    137. 

  137.   // Add output
    138. 

  138.   tx.addOutput(scriptPubkeys[0], amountToSend);
    139. 

  139.   const sighash = tx.hashForWitnessV1(
    140. 

  140.     0, // which input
    141. 

  141.     scriptPubkeys, // All previous outputs of all inputs
    142. 

  142.     values, // All previous values of all inputs
    143. 

  143.     bitcoin.Transaction.SIGHASH_DEFAULT // sighash flag, DEFAULT is schnorr-only (DEFAULT == ALL)
    144. 

  144.   );
    145. 

  145.   const signature = Buffer.from(signTweaked(sighash, key));
    146. 

  146.   // witness stack for keypath spend is just the signature.
    147. 

  147.   // If sighash is not SIGHASH_DEFAULT (ALL) then you must add 1 byte with sighash value
    148. 

  148.   tx.ins[0].witness = [signature];
    149. 

  149.   return tx;
    150. 

  150. }
    151. 

    152. 

  152. })().catch((err) => {
    153. 

  153.   console.error(err);
    154. 

  154.   process.exit(1);
    155. 

  155. });
    156. 

  156. ```
    157.