Implement lift_x and has_even_y

Author: bbrtj

Changes

@@ -5,6 +5,8 @@ Revision history for Perl extension Bitcoin::Crypto.
 	- Bitcoin::Crypto::Util::merkle_root function
 	- Bitcoin::Crypto::Util::taproot_merkle_root function
 	- Bitcoin::Crypto::Util::tagged_hash function
+	- Bitcoin::Crypto::Util::lift_x function
+	- Bitcoin::Crypto::Util::has_even_y function
 
 3.001 Tue Sep 24, 2024
 	[Changes and fixes]

cpanfile

@@ -8,7 +8,7 @@ requires 'Mooish::AttributeBuilder' => '1.001';
 requires 'Type::Tiny' => '2';
 requires 'List::Util' => '1.33';
 requires 'CryptX' => '0.074';
-requires 'Bitcoin::Secp256k1' => '0.004';
+requires 'Bitcoin::Secp256k1' => '0.008';
 requires 'Bitcoin::BIP39' => '0.002';
 requires 'namespace::clean' => '0.27';
 requires 'Try::Tiny' => 0;

lib/Bitcoin/Crypto/Role/Key.pm

@@ -8,7 +8,7 @@ use Types::Common -sigs, -types;
 
 use Bitcoin::Crypto::Types -types;
 use Bitcoin::Crypto::Constants;
-use Bitcoin::Crypto::Util qw(get_key_type tagged_hash);
+use Bitcoin::Crypto::Util qw(get_key_type tagged_hash lift_x has_even_y);
 use Bitcoin::Crypto::Helpers qw(ensure_length ecc);
 use Bitcoin::Crypto::Exception;
 
@@ -144,15 +144,15 @@ sub taproot_tweaked_key
 		my $internal = $self->raw_key('private');
 		my $internal_public = ecc->create_public_key($internal);
 		$internal = ecc->negate_private_key($internal)
-			if substr($internal_public, 0, 1) eq "\x03";
+			unless has_even_y($internal_public);
 
 		my $tweak = tagged_hash('TapTweak', ecc->xonly_public_key($internal_public) . ($args->{tweak_suffix} // ''));
 		return ecc->add_private_key($internal, $tweak);
 	}
 	else {
 		my $internal = $self->raw_key('public_xonly');
 		my $tweak = tagged_hash('TapTweak', $internal . ($args->{tweak_suffix} // ''));
-		my $combined = ecc->combine_public_keys(ecc->create_public_key($tweak), "\x02" . $internal);
+		my $combined = ecc->combine_public_keys(ecc->create_public_key($tweak), lift_x $internal);
 		return ecc->xonly_public_key($combined);
 	}
 }

lib/Bitcoin/Crypto/Util.pm

@@ -14,7 +14,7 @@ use Try::Tiny;
 use Scalar::Util qw(blessed);
 use Types::Common -sigs, -types;
 
-use Bitcoin::Crypto::Helpers qw(parse_formatdesc);
+use Bitcoin::Crypto::Helpers qw(parse_formatdesc ecc);
 use Bitcoin::Crypto::Constants;
 use Bitcoin::Crypto::Types -types;
 use Bitcoin::Crypto::Exception;
@@ -38,6 +38,8 @@ our @EXPORT_OK = qw(
 	merkle_root
 	taproot_merkle_root
 	tagged_hash
+	lift_x
+	has_even_y
 );
 
 our %EXPORT_TAGS = (all => [@EXPORT_OK]);
@@ -490,6 +492,38 @@ sub tagged_hash
 	return sha256($partial . $partial . $message);
 }
 
+signature_for lift_x => (
+	positional => [ByteStr],
+);
+
+sub lift_x
+{
+	my ($x) = @_;
+
+	my $key = "\x02" . $x;
+	Bitcoin::Crypto::Exception::KeyCreate->raise(
+		'invalid xonly public key'
+	) unless ecc->verify_public_key($key);
+
+	return $key;
+}
+
+signature_for has_even_y => (
+	positional => [ByteStr],
+);
+
+sub has_even_y
+{
+	my ($key) = @_;
+
+	return Bitcoin::Crypto::Exception->trap_into(
+		sub {
+			$key = ecc->compress_public_key($key);
+			return substr($key, 0, 1) eq "\x02";
+		}
+	);
+}
+
 1;
 
 __END__
@@ -518,6 +552,8 @@ Bitcoin::Crypto::Util - General Bitcoin utilities
 		merkle_root
 		taproot_merkle_root
 		tagged_hash
+		lift_x
+		has_even_y
 	);
 
 =head1 DESCRIPTION
@@ -779,6 +815,23 @@ strings for C<$tag>, but can't detect whether it got it or not. This will only
 become a problem if you use non-ascii tag. If there's a possibility of
 non-ascii, always use utf8 and set binmodes to get decoded (wide) characters.
 
+=head2 lift_x
+
+	$public_key = lift_x $xonly_public_key;
+
+This implements C<lift_x> function defined in BIP340. Returns a compressed ECC
+public key with even Y coordinate as a bytestring for a given 32-byte bytestring
+C<$xonly_public_key>. Throws an exception if the result is not a valid public
+key.
+
+=head2 has_even_y
+
+	$even_y = has_even_y $public_key;
+
+This implements C<has_even_y> function defined in BIP340. Returns a boolean for
+a given serialized C<$public_key> - a bytestring. Throws an exception if the
+argument is not a valid public key.
+
 =head1 SEE ALSO
 
 L<https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki>

t/Taproot/BIP341-script-pub-key.t

@@ -1,6 +1,6 @@
 use Test2::V0;
 use Bitcoin::Crypto qw(btc_pub);
-use Bitcoin::Crypto::Util qw(to_format);
+use Bitcoin::Crypto::Util qw(to_format lift_x);
 
 # Data from:
 # https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki#test-vectors
@@ -164,8 +164,7 @@ foreach my $case_ind (0 .. $#cases) {
 	subtest "should pass case index $case_ind" => sub {
 		my $case = $cases[$case_ind];
 
-		# TODO: not possible to import xonly pubkey at the moment
-		my $key = btc_pub->from_serialized([hex => "02" . $case->{given}{internal_pubkey}]);
+		my $key = btc_pub->from_serialized(lift_x [hex => $case->{given}{internal_pubkey}]);
 		is $key->get_taproot_address($case->{given}{script_tree}), $case->{expected}{bip350_address}, 'address ok';
 
 		# TODO: control blocks

t/Util.t

@@ -4,7 +4,7 @@ use Crypt::Digest::SHA256 qw(sha256);
 use Encode qw(encode);
 
 use Bitcoin::Crypto::Util qw(:all);
-use Bitcoin::Crypto::Helpers;    # loads Math::BigInt
+use Bitcoin::Crypto::Helpers qw(ecc);    # loads Math::BigInt
 use Bitcoin::Crypto::Key::ExtPrivate;
 
 subtest 'testing mnemonic_to_seed' => sub {
@@ -323,5 +323,19 @@ subtest 'testing tagged_hash' => sub {
 	);
 };
 
+subtest 'testing lift_x' => sub {
+	my $key = '151bb80b24b79955e9e7b50614f354b52bb5362f1147e68870a0e992cdb9eaa4';
+	my $negated = ecc->negate_public_key(from_format [hex => '03' . $key]);
+
+	is lift_x([hex => $key]), $negated, 'result ok';
+};
+
+subtest 'has_even_y' => sub {
+	my $key = '151bb80b24b79955e9e7b50614f354b52bb5362f1147e68870a0e992cdb9eaa4';
+
+	ok has_even_y([hex => '02' . $key]), 'even key ok';
+	ok !has_even_y([hex => '03' . $key]), 'odd key ok';
+};
+
 done_testing;