Hacking on taproot again, work in progress

Author: bbrtj

lib/Bitcoin/Crypto.pm

@@ -11,6 +11,7 @@ our @EXPORT_OK = qw(
 	btc_extpub
 	btc_pub
 	btc_script
+	btc_script_tree
 	btc_transaction
 	btc_block
 	btc_utxo
@@ -49,6 +50,12 @@ sub btc_script
 	return 'Bitcoin::Crypto::Script';
 }
 
+sub btc_script_tree
+{
+	require Bitcoin::Crypto::Script::Tree;
+	return 'Bitcoin::Crypto::Script::Tree';
+}
+
 sub btc_transaction
 {
 	require Bitcoin::Crypto::Transaction;
@@ -143,6 +150,10 @@ Loads L<Bitcoin::Crypto::Key::Public>
 
 Loads L<Bitcoin::Crypto::Script>
 
+=head2 btc_script_tree
+
+Loads L<Bitcoin::Crypto::Script::Tree>
+
 =head2 btc_transaction
 
 Loads L<Bitcoin::Crypto::Transaction>

lib/Bitcoin/Crypto/Constants.pm

@@ -45,9 +45,6 @@ use constant {
 	psbt_global_map => 'global',
 	psbt_input_map => 'in',
 	psbt_output_map => 'out',
-
-	signing_algorithm_ecdsa => 'ecdsa',
-	signing_algorithm_schnorr => 'schnorr',
 };
 
 # These constants are environment-specific and internal only

lib/Bitcoin/Crypto/Exception.pm

@@ -241,6 +241,13 @@ sub as_string
 	use parent -norequire, 'Bitcoin::Crypto::Exception';
 }
 
+{
+
+	package Bitcoin::Crypto::Exception::ScriptTree;
+
+	use parent -norequire, 'Bitcoin::Crypto::Exception';
+}
+
 {
 
 	package Bitcoin::Crypto::Exception::ScriptSyntax;

lib/Bitcoin/Crypto/Key/Public.pm

@@ -13,18 +13,13 @@ use Bitcoin::Crypto::Base58 qw(encode_base58check);
 use Bitcoin::Crypto::Bech32 qw(encode_segwit);
 use Bitcoin::Crypto::Types -types;
 use Bitcoin::Crypto::Constants;
-use Bitcoin::Crypto::Util qw(hash160 get_public_key_compressed taproot_merkle_root);
+use Bitcoin::Crypto::Util qw(hash160 get_public_key_compressed);
 use Bitcoin::Crypto::Helpers qw(ecc);
 
 use namespace::clean;
 
 extends qw(Bitcoin::Crypto::Key::Base);
 
-has extended 'key_instance' => (
-	required => 0,
-	predicate => 1,
-);
-
 sub _is_private { 0 }
 
 signature_for get_hash => (
@@ -39,6 +34,18 @@ sub get_hash
 	return hash160($self->to_serialized);
 }
 
+signature_for get_xonly_key => (
+	method => Object,
+	positional => [],
+);
+
+sub get_xonly_key
+{
+	my ($self) = @_;
+
+	return $self->raw_key('public_xonly');
+}
+
 sub key_hash
 {
 	my $self = shift;
@@ -76,7 +83,11 @@ sub witness_program
 		},
 		(Bitcoin::Crypto::Constants::taproot_witness_version) => sub {
 			my ($self, $params) = @_;
-			return shift->taproot_tweaked_key(%$params);
+
+			$self = $self->get_taproot_tweaked_key(%$params)
+				unless $self->taproot;
+
+			return $self->get_xonly_key;
 		},
 	};
 
@@ -155,7 +166,7 @@ sub get_segwit_address
 
 signature_for get_taproot_address => (
 	method => Object,
-	positional => [Maybe [ArrayRef], {default => undef}],
+	positional => [Maybe [BitcoinScriptTree], {default => undef}],
 );
 
 sub get_taproot_address
@@ -173,7 +184,7 @@ sub get_taproot_address
 
 	my $taproot_program = $self->witness_program(
 		Bitcoin::Crypto::Constants::taproot_witness_version,
-		defined $script_tree ? {tweak_suffix => taproot_merkle_root($script_tree)} : {}
+		defined $script_tree ? {tweak_suffix => $script_tree->get_merkle_root} : {}
 	);
 
 	return encode_segwit($self->network->segwit_hrp, $taproot_program->run->stack_serialized);

lib/Bitcoin/Crypto/PSBT/FieldType.pm

@@ -192,12 +192,7 @@ my %public_key_serializers = (
 		return $value->to_serialized;
 	},
 	key_deserializer => sub {
-		my $key = btc_pub->from_serialized(shift);
-		if (!$key->has_key_instance) {
-			die 'not a plain EC public key';
-		}
-
-		return $key;
+		return btc_pub->from_serialized(shift);
 	},
 );
 

lib/Bitcoin/Crypto/Role/Key.pm

@@ -25,6 +25,12 @@ has param 'purpose' => (
 	required => 0,
 );
 
+has param 'taproot' => (
+	isa => Bool,
+	writer => 1,
+	default => !!0,
+);
+
 with qw(Bitcoin::Crypto::Role::Network);
 
 requires qw(
@@ -51,6 +57,11 @@ sub _validate_key
 			'private key is not valid'
 		) unless ecc->verify_private_key(ensure_length $entropy, Bitcoin::Crypto::Constants::key_max_length);
 	}
+	else {
+		Bitcoin::Crypto::Exception::KeyCreate->raise(
+			'public key is not valid'
+		) unless ecc->verify_public_key($entropy);
+	}
 }
 
 sub BUILD
@@ -127,7 +138,7 @@ sub raw_key
 	}
 }
 
-signature_for taproot_tweaked_key => (
+signature_for get_taproot_tweaked_key => (
 	method => Object,
 	named => [
 		tweak_suffix => Maybe [ByteStr],
@@ -136,25 +147,33 @@ signature_for taproot_tweaked_key => (
 	bless => !!0,
 );
 
-sub taproot_tweaked_key
+sub get_taproot_tweaked_key
 {
 	my ($self, $args) = @_;
 
+	my $new_key;
 	if ($self->_is_private) {
 		my $internal = $self->raw_key('private');
 		my $internal_public = ecc->create_public_key($internal);
 		$internal = ecc->negate_private_key($internal)
 			unless has_even_y($internal_public);
 
 		my $tweak = tagged_hash('TapTweak', ecc->xonly_public_key($internal_public) . ($args->{tweak_suffix} // ''));
-		return ecc->add_private_key($internal, $tweak);
+		$new_key = ecc->add_private_key($internal, $tweak);
 	}
 	else {
 		my $internal = $self->raw_key('public_xonly');
 		my $tweak = tagged_hash('TapTweak', $internal . ($args->{tweak_suffix} // ''));
-		my $combined = ecc->combine_public_keys(ecc->create_public_key($tweak), lift_x $internal);
-		return ecc->xonly_public_key($combined);
+		$new_key = ecc->combine_public_keys(ecc->create_public_key($tweak), lift_x $internal);
 	}
+
+	my $pkg = ref $self;
+	return $pkg->new(
+		key_instance => $new_key,
+		purpose => $self->purpose,
+		network => $self->network,
+		taproot => !!1,
+	);
 }
 
 1;

lib/Bitcoin/Crypto/Role/SignVerify.pm

@@ -16,52 +16,60 @@ use Moo::Role;
 
 requires qw(
 	raw_key
+	taproot
 	_is_private
 );
 
+my %algorithms = (
+	default => {
+		digest => \&hash256,
+		signing_method => sub {
+			my ($key, $digest) = @_;
+
+			return ecc->sign_digest($key->raw_key, $digest);
+		},
+		verification_method => sub {
+			my ($key, $signature, $digest) = @_;
+
+			my $normalized = ecc->normalize_signature($signature);
+			return !!0 if $normalized ne $signature;
+			return ecc->verify_digest($key->raw_key('public'), $signature, $digest);
+		},
+	},
+	schnorr => {
+		digest => sub { tagged_hash('TapSighash', shift) },
+		signing_method => sub {
+			my ($key, $digest) = @_;
+
+			return ecc->sign_digest_schnorr($key->raw_key, $digest);
+		},
+		verification_method => sub {
+			my ($key, $signature, $digest) = @_;
+
+			return ecc->verify_digest_schnorr($key->raw_key('public_xonly'), $signature, $digest);
+		},
+	},
+);
+
 signature_for sign_message => (
 	method => Object,
-	head => [ByteStr],
-	named => [
-		algorithm => SignatureAlgorithm,
-		{default => Bitcoin::Crypto::Constants::signing_algorithm_ecdsa},
-		taproot_tweak_suffix => Maybe [ByteStr],
-		{default => undef},
-	],
-	bless => !!0,
+	positional => [ByteStr],
 );
 
 sub sign_message
 {
-	my ($self, $preimage, $args) = @_;
+	my ($self, $preimage) = @_;
+	my $algorithm = $self->taproot ? 'schnorr' : 'default';
 
 	Bitcoin::Crypto::Exception::Sign->raise(
 		'cannot sign a message with a public key'
 	) unless $self->_is_private;
 
-	my %algorithms = (
-		(Bitcoin::Crypto::Constants::signing_algorithm_ecdsa) => {
-			digest => \&hash256,
-			signing_method => sub { ecc->sign_digest(@_) },
-			raw_key => sub { $self->raw_key },
-		},
-		(Bitcoin::Crypto::Constants::signing_algorithm_schnorr) => {
-			digest => sub { tagged_hash('TapSighash', shift) },
-			signing_method => sub { ecc->sign_digest_schnorr(@_) },
-			raw_key => sub {
-				$self->taproot_tweaked_key(
-					tweak_suffix => $args->{taproot_tweak_suffix}
-				);
-			},
-		},
-	);
-
-	my $key = $algorithms{$args->{algorithm}}{raw_key}->();
-	my $digest = $algorithms{$args->{algorithm}}{digest}->($preimage);
+	my $digest = $algorithms{$algorithm}{digest}->($preimage);
 
 	return Bitcoin::Crypto::Exception::Sign->trap_into(
 		sub {
-			return $algorithms{$args->{algorithm}}{signing_method}->($key, $digest);
+			return $algorithms{$algorithm}{signing_method}->($self, $digest);
 		}
 	);
 }
@@ -94,13 +102,13 @@ signature_for verify_message => (
 sub verify_message
 {
 	my ($self, $preimage, $signature) = @_;
-	my $digest = hash256($preimage);
+	my $algorithm = $self->taproot ? 'schnorr' : 'default';
+
+	my $digest = $algorithms{$algorithm}{digest}->($preimage);
 
 	return Bitcoin::Crypto::Exception::Verify->trap_into(
 		sub {
-			my $normalized = ecc->normalize_signature($signature);
-			return !!0 if $normalized ne $signature;
-			return ecc->verify_digest($self->raw_key('public'), $signature, $digest);
+			return $algorithms{$algorithm}{verification_method}->($self, $signature, $digest);
 		}
 	);
 }

lib/Bitcoin/Crypto/Script/Common.pm

@@ -42,14 +42,14 @@ sub _make_WSH
 		->add('OP_EQUAL');
 }
 
-#sub _make_P2TR
-#{
-#	my ($class, $script, $pubkey) = @_;
-#
-#	return $script
-#		->push($pubkey)
-#		->add('OP_CHECKSIG');
-#}
+sub _make_TR
+{
+	my ($class, $script, $pubkey) = @_;
+
+	return $script
+		->push($pubkey)
+		->add('OP_CHECKSIG');
+}
 
 sub _get_method
 {

lib/Bitcoin/Crypto/Script/Opcode.pm

@@ -17,7 +17,8 @@ use Bitcoin::Crypto qw(btc_pub);
 use Bitcoin::Crypto::Constants;
 use Bitcoin::Crypto::Exception;
 use Bitcoin::Crypto::Types -types;
-use Bitcoin::Crypto::Util qw(hash160 hash256 get_public_key_compressed);
+use Bitcoin::Crypto::Helpers qw(ecc);
+use Bitcoin::Crypto::Util qw(hash160 hash256 get_public_key_compressed lift_x);
 use Bitcoin::Crypto::Transaction::Input;
 
 # some private helpers for opcodes
@@ -740,15 +741,25 @@ my %opcodes = (
 
 			my $raw_pubkey = pop @$stack;
 			my $sig = pop @$stack;
-			my $hashtype = substr $sig, -1, 1, '';
 
-			my $digest = $runner->transaction->get_digest($runner->subscript, unpack 'C', $hashtype);
-			my $pubkey = btc_pub->from_serialized($raw_pubkey);
+			my $pubkey;
+			my $hashtype;
 
-			script_error('SegWit validation requires compressed public key')
-				if !$pubkey->compressed && $runner->transaction->is_native_segwit;
+			if ($runner->transaction->is_taproot) {
+				$hashtype = length $sig == 65 ? unpack('C', substr $sig, -1, 1, '') : undef;
+				$pubkey = btc_pub->from_serialized(lift_x $raw_pubkey);
+				$pubkey->set_taproot(!!1);
+			}
+			else {
+				$hashtype = unpack 'C', substr $sig, -1, 1, '';
+				$pubkey = btc_pub->from_serialized($raw_pubkey);
+
+				script_error('SegWit validation requires compressed public key')
+					if !$pubkey->compressed && $runner->transaction->is_native_segwit;
+			}
 
-			my $result = $pubkey->verify_message($digest, $sig);
+			my $preimage = $runner->transaction->get_digest($runner->subscript, $hashtype);
+			my $result = $pubkey->verify_message($preimage, $sig);
 			push @$stack, $runner->from_bool($result);
 		},
 	},