Add taproot merkle root util function, include in address generation

Author: bbrtj

Changes

@@ -3,6 +3,7 @@ Revision history for Perl extension Bitcoin::Crypto.
 {{$NEXT}}
 	[Added interface]
 	- Bitcoin::Crypto::Util::merkle_root function
+	- Bitcoin::Crypto::Util::taproot_merkle_root function
 	- Bitcoin::Crypto::Util::tagged_hash function
 
 3.001 Tue Sep 24, 2024

lib/Bitcoin/Crypto/Key/Public.pm

@@ -13,7 +13,7 @@ use Bitcoin::Crypto::Base58 qw(encode_base58check);
 use Bitcoin::Crypto::Bech32 qw(encode_segwit);
 use Bitcoin::Crypto::Types -types;
 use Bitcoin::Crypto::Constants;
-use Bitcoin::Crypto::Util qw(hash160 get_public_key_compressed);
+use Bitcoin::Crypto::Util qw(hash160 get_public_key_compressed taproot_merkle_root);
 use Bitcoin::Crypto::Helpers qw(ecc);
 
 use namespace::clean;
@@ -65,7 +65,7 @@ sub from_serialized
 
 signature_for witness_program => (
 	method => Object,
-	positional => [PositiveOrZeroInt, {default => 0}],
+	positional => [PositiveOrZeroInt, {default => 0}, HashRef, {default => sub { {} }}],
 );
 
 sub witness_program
@@ -75,11 +75,12 @@ sub witness_program
 			return shift->get_hash;
 		},
 		(Bitcoin::Crypto::Constants::taproot_witness_version) => sub {
-			return shift->taproot_tweaked_key;
+			my ($self, $params) = @_;
+			return shift->taproot_tweaked_key(%$params);
 		},
 	};
 
-	my ($self, $version) = @_;
+	my ($self, $version, $source_data) = @_;
 
 	Bitcoin::Crypto::Exception::SegwitProgram->raise(
 		"can't get witness program data for version $version"
@@ -88,7 +89,7 @@ sub witness_program
 	my $program = Bitcoin::Crypto::Script->new(network => $self->network);
 	$program
 		->add_operation("OP_$version")
-		->push_bytes($data_sources->{$version}->($self));
+		->push_bytes($data_sources->{$version}->($self, $source_data));
 
 	return $program;
 }
@@ -154,12 +155,12 @@ sub get_segwit_address
 
 signature_for get_taproot_address => (
 	method => Object,
-	positional => [],
+	positional => [Maybe [ArrayRef], {default => undef}],
 );
 
 sub get_taproot_address
 {
-	my ($self) = @_;
+	my ($self, $script_tree) = @_;
 
 	# network field is not required, lazy check for completeness
 	Bitcoin::Crypto::Exception::NetworkConfig->raise(
@@ -170,7 +171,11 @@ sub get_taproot_address
 		'taproot addresses can only be created with BIP44 in taproot (BIP86) mode'
 	) unless $self->has_purpose(Bitcoin::Crypto::Constants::bip44_taproot_purpose);
 
-	my $taproot_program = $self->witness_program(Bitcoin::Crypto::Constants::taproot_witness_version);
+	my $taproot_program = $self->witness_program(
+		Bitcoin::Crypto::Constants::taproot_witness_version,
+		defined $script_tree ? {tweak_suffix => taproot_merkle_root($script_tree)} : {}
+	);
+
 	return encode_segwit($self->network->segwit_hrp, $taproot_program->run->stack_serialized);
 }
 

lib/Bitcoin/Crypto/Util.pm

@@ -36,6 +36,7 @@ our @EXPORT_OK = qw(
 	hash160
 	hash256
 	merkle_root
+	taproot_merkle_root
 	tagged_hash
 );
 
@@ -425,6 +426,58 @@ sub merkle_root
 	return $parts[0];
 }
 
+# nested ArrayRef will be validated during recursive calls
+signature_for taproot_merkle_root => (
+	positional => [ArrayRef [ArrayRef | HashRef]],
+);
+
+sub taproot_merkle_root
+{
+	my ($script_tree) = @_;
+
+	my @result;
+	foreach my $item (@$script_tree) {
+		if (ref $item eq 'ARRAY') {
+
+			# this value is the next level of the tree
+			push @result, taproot_merkle_root($item);
+		}
+		else {
+			state $precomputed_type = Dict [hash => ByteStr];
+			state $leaf_type = Dict [leaf_version => IntMaxBits [8], script => BitcoinScript];
+
+			# this value is a leaf which may need calculating
+			my $value = $precomputed_type->coerce($item);
+			if (!$precomputed_type->check($value)) {
+				$value = $leaf_type->assert_coerce($item);
+				my $script = $value->{script}->to_serialized;
+				my $script_len = pack_compactsize(length $script);
+
+				$value->{hash} =
+					tagged_hash('TapLeaf', join '', pack('C', $value->{leaf_version}), $script_len, $script);
+			}
+
+			push @result, $value->{hash};
+		}
+	}
+
+	if (@result == 2) {
+
+		# sort result so that smaller hash values come first
+		@result = reverse @result
+			if $result[0] gt $result[1];
+
+		return tagged_hash('TapBranch', join '', @result);
+	}
+	elsif (@result == 1) {
+		return $result[0];
+	}
+
+	Bitcoin::Crypto::Exception->raise(
+		'invalid taproot script tree, not a binary tree'
+	);
+}
+
 signature_for tagged_hash => (
 	positional => [Str, ByteStr],
 );
@@ -463,6 +516,7 @@ Bitcoin::Crypto::Util - General Bitcoin utilities
 		hash160
 		hash256
 		merkle_root
+		taproot_merkle_root
 		tagged_hash
 	);
 
@@ -676,6 +730,43 @@ This is hash256 used by Bitcoin (C<SHA256> of C<SHA256>)
 Calculates a merkle root of input array reference. Leaves will be run through a
 double SHA256 before calculating the root.
 
+=head2 taproot_merkle_root
+
+	$hash = taproot_merkle_root($tree_data)
+
+Calculates a merkle root of taproot script tree (array ref). Unlike
+L</merkle_root>, this must be an actual binary tree structure:
+
+	my $leaf1 = {
+		hash => [hex => $block_hash1]
+	};
+
+	my $leaf2 = {
+		hash => [hex => $block_hash2]
+	};
+
+	my $leaf3 = {
+		leaf_version => 192,
+		script => [hex => '20c440b462ad48c7a77f94cd4532d8f2119dcebbd7c9764557e62726419b08ad4cac'],
+	};
+
+	[
+		$leaf1,
+		[
+			$leaf2,
+			$leaf3,
+		]
+	]
+
+Each level of a tree must be an array reference with up to two values in it.
+Each leaf must be a hash with either a prehashed value under C<hash> key
+(bytestring or something which can be coerced into a bytestring) or a script to
+be hashed represented by keys C<leaf_version> (integer up to 255) and C<script>
+(an instance of L<Bitcoin::Crypto::Script> or something which can be coerced
+into it).
+
+Returns a bytestring which is the root hash of the tree.
+
 =head2 tagged_hash
 
 	$hash = tagged_hash($tag, $message)
@@ -688,7 +779,6 @@ strings for C<$tag>, but can't detect whether it got it or not. This will only
 become a problem if you use non-ascii tag. If there's a possibility of
 non-ascii, always use utf8 and set binmodes to get decoded (wide) characters.
 
-
 =head1 SEE ALSO
 
 L<https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki>

t/Taproot/BIP341-script-pub-key.t

@@ -26,11 +26,12 @@ my @cases = (
 		},
 		given => {
 			internal_pubkey => '187791b6f712a8ea41c8ecdd0ee77fab3e85263b37e1ec18a3651926b3a6cf27',
-			script_tree => {
-				id => 0,
-				leaf_version => 192,
-				script => '20d85a959b0290bf19bb89ed43c916be835475d013da4b362117393e25a48229b8ac'
-			}
+			script_tree => [
+				{
+					leaf_version => 192,
+					script => [hex => '20d85a959b0290bf19bb89ed43c916be835475d013da4b362117393e25a48229b8ac']
+				}
+			]
 		},
 	},
 	{
@@ -43,11 +44,12 @@ my @cases = (
 		},
 		given => {
 			internal_pubkey => '93478e9488f956df2396be2ce6c5cced75f900dfa18e7dabd2428aae78451820',
-			script_tree => {
-				id => 0,
-				leaf_version => 192,
-				script => '20b617298552a72ade070667e86ca63b8f5789a9fe8731ef91202a91c9f3459007ac'
-			}
+			script_tree => [
+				{
+					leaf_version => 192,
+					script => [hex => '20b617298552a72ade070667e86ca63b8f5789a9fe8731ef91202a91c9f3459007ac']
+				}
+			]
 		},
 	},
 	{
@@ -63,14 +65,12 @@ my @cases = (
 			internal_pubkey => 'ee4fe085983462a184015d1f782d6a5f8b9c2b60130aff050ce221ecf3786592',
 			script_tree => [
 				{
-					id => 0,
 					leaf_version => 192,
-					script => '20387671353e273264c495656e27e39ba899ea8fee3bb69fb2a680e22093447d48ac'
+					script => [hex => '20387671353e273264c495656e27e39ba899ea8fee3bb69fb2a680e22093447d48ac']
 				},
 				{
-					id => 1,
 					leaf_version => 250,
-					script => '06424950333431'
+					script => [hex => '06424950333431']
 				}
 			]
 		},
@@ -88,14 +88,12 @@ my @cases = (
 			internal_pubkey => 'f9f400803e683727b14f463836e1e78e1c64417638aa066919291a225f0e8dd8',
 			script_tree => [
 				{
-					id => 0,
 					leaf_version => 192,
-					script => '2044b178d64c32c4a05cc4f4d1407268f764c940d20ce97abfd44db5c3592b72fdac'
+					script => [hex => '2044b178d64c32c4a05cc4f4d1407268f764c940d20ce97abfd44db5c3592b72fdac']
 				},
 				{
-					id => 1,
 					leaf_version => 192,
-					script => '07546170726f6f74'
+					script => [hex => '07546170726f6f74']
 				}
 			]
 		},
@@ -114,20 +112,17 @@ my @cases = (
 			internal_pubkey => 'e0dfe2300b0dd746a3f8674dfd4525623639042569d829c7f0eed9602d263e6f',
 			script_tree => [
 				{
-					id => 0,
 					leaf_version => 192,
-					script => '2072ea6adcf1d371dea8fba1035a09f3d24ed5a059799bae114084130ee5898e69ac'
+					script => [hex => '2072ea6adcf1d371dea8fba1035a09f3d24ed5a059799bae114084130ee5898e69ac']
 				},
 				[
 					{
-						id => 1,
 						leaf_version => 192,
-						script => '202352d137f2f3ab38d1eaa976758873377fa5ebb817372c71e2c542313d4abda8ac'
+						script => [hex => '202352d137f2f3ab38d1eaa976758873377fa5ebb817372c71e2c542313d4abda8ac']
 					},
 					{
-						id => 2,
 						leaf_version => 192,
-						script => '207337c0dd4253cb86f2c43a2351aadd82cccb12a172cd120452b9bb8324f2186aac'
+						script => [hex => '207337c0dd4253cb86f2c43a2351aadd82cccb12a172cd120452b9bb8324f2186aac']
 					}
 				]
 			]
@@ -147,20 +142,17 @@ my @cases = (
 			internal_pubkey => '55adf4e8967fbd2e29f20ac896e60c3b0f1d5b0efa9d34941b5958c7b0a0312d',
 			script_tree => [
 				{
-					id => 0,
 					leaf_version => 192,
-					script => '2071981521ad9fc9036687364118fb6ccd2035b96a423c59c5430e98310a11abe2ac'
+					script => [hex => '2071981521ad9fc9036687364118fb6ccd2035b96a423c59c5430e98310a11abe2ac']
 				},
 				[
 					{
-						id => 1,
 						leaf_version => 192,
-						script => '20d5094d2dbe9b76e2c245a2b89b6006888952e2faa6a149ae318d69e520617748ac'
+						script => [hex => '20d5094d2dbe9b76e2c245a2b89b6006888952e2faa6a149ae318d69e520617748ac']
 					},
 					{
-						id => 2,
 						leaf_version => 192,
-						script => '20c440b462ad48c7a77f94cd4532d8f2119dcebbd7c9764557e62726419b08ad4cac'
+						script => [hex => '20c440b462ad48c7a77f94cd4532d8f2119dcebbd7c9764557e62726419b08ad4cac']
 					}
 				]
 			]
@@ -172,12 +164,11 @@ foreach my $case_ind (0 .. $#cases) {
 	subtest "should pass case index $case_ind" => sub {
 		my $case = $cases[$case_ind];
 
-		skip_all 'TODO: this test requires implemented taproot scripts'
-			if $case->{given}{script_tree};
-
 		# TODO: not possible to import xonly pubkey at the moment
 		my $key = btc_pub->from_serialized([hex => "02" . $case->{given}{internal_pubkey}]);
-		is $key->get_taproot_address, $case->{expected}{bip350_address}, 'address ok';
+		is $key->get_taproot_address($case->{given}{script_tree}), $case->{expected}{bip350_address}, 'address ok';
+
+		# TODO: control blocks
 	};
 }
 

t/Util.t

@@ -291,13 +291,34 @@ subtest 'testing merkle_root' => sub {
 		'e05048a9b8e622bda048691a47fd9de332dc1d4b6b9d289d4e12c6722076c4e7', 'block 100022 root ok';
 };
 
+subtest 'testing taproot_merkle_root' => sub {
+	my $tree = [
+		{hash => [hex => 'f154e8e8e17c31d3462d7132589ed29353c6fafdb884c5a6e04ea938834f0d9d']},
+		[
+			{
+				leaf_version => 192,
+				script => [hex => '20d5094d2dbe9b76e2c245a2b89b6006888952e2faa6a149ae318d69e520617748ac']
+			},
+			{hash => [hex => 'd7485025fceb78b9ed667db36ed8b8dc7b1f0b307ac167fa516fe4352b9f4ef7']},
+		]
+	];
+
+	# this example is a modified test case from BIP341
+	is(
+		to_format [hex => taproot_merkle_root($tree)],
+		'2f6b2c5397b6d68ca18e09a3f05161668ffe93a988582d55c6f07bd5b3329def',
+		'merkle root ok'
+	);
+
+};
+
 subtest 'testing tagged_hash' => sub {
 	my $data = pack 'u', 'packed data...';
 	my $tag = 'ąść';
 
 	is(
-		tagged_hash($tag, $data),
-		sha256(sha256(encode 'UTF-8', $tag) . sha256(encode 'UTF-8', $tag) . $data),
+		to_format [hex => tagged_hash($tag, $data)],
+		to_format [hex => sha256(sha256(encode 'UTF-8', $tag) . sha256(encode 'UTF-8', $tag) . $data)],
 		'tagged_hash ok'
 	);
 };