bitcoinrb 0.3.1 → 0.7.0

data/lib/bitcoin/chainparams/regtest.yml

@@ -9,7 +9,7 @@ privkey_version: "ef"
 extended_privkey_version: "04358394"
 extended_pubkey_version: "043587cf"
 bip49_pubkey_p2wpkh_p2sh_version: "044a5262"
-bip49_pubkey_p2wsh_p2sh_version: "024285ef"
+bip49_pubkey_p2wsh_p2sh_version: "024289ef"
 bip49_privkey_p2wpkh_p2sh_version: "044a4e28"
 bip49_privkey_p2wsh_p2sh_version: "024285b5"
 bip84_pubkey_p2wpkh_version: "045f1cf6"

data/lib/bitcoin/chainparams/signet.yml

@@ -0,0 +1,39 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "signet"
+magic_head: "0a03cf40"
+message_magic: "Bitcoin Signed Message:\n"
+address_version: "6f"
+p2sh_version: "c4"
+bech32_hrp: 'tb'
+privkey_version: "ef"
+extended_privkey_version: "04358394"
+extended_pubkey_version: "043587cf"
+bip49_pubkey_p2wpkh_p2sh_version: "044a5262"
+bip49_pubkey_p2wsh_p2sh_version: "024289ef"
+bip49_privkey_p2wpkh_p2sh_version: "044a4e28"
+bip49_privkey_p2wsh_p2sh_version: "024285b5"
+bip84_pubkey_p2wpkh_version: "045f1cf6"
+bip84_pubkey_p2wsh_version: "02575483"
+bip84_privkey_p2wpkh_version: "045f18bc"
+bip84_privkey_p2wsh_version: "02575048"
+default_port: 38333
+protocol_version: 70013
+retarget_interval: 2016
+retarget_time: 1209600 # 2 weeks
+target_spacing: 600 # block interval
+max_money: 21000000
+bip34_height: 227931
+genesis_hash: "00000008819873e925422c1ff0f99f7cc9bbb232af63a077a480a3633bee1ef6"
+proof_of_work_limit: 0x1d00ffff
+dns_seeds:
+  - "178.128.221.177"
+  - "2a01:7c8:d005:390::5"
+genesis:
+  hash: "00000008819873e925422c1ff0f99f7cc9bbb232af63a077a480a3633bee1ef6"
+  merkle_root: "4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b"
+  time: 1598918400
+  nonce: 52613770
+  bits: 0x1e0377ae
+  version: 1
+  prev_hash: "0000000000000000000000000000000000000000000000000000000000000000"
+bip44_coin_type: 1

data/lib/bitcoin/chainparams/testnet.yml

@@ -9,7 +9,7 @@ privkey_version: "ef"
 extended_privkey_version: "04358394"
 extended_pubkey_version: "043587cf"
 bip49_pubkey_p2wpkh_p2sh_version: "044a5262"
-bip49_pubkey_p2wsh_p2sh_version: "024285ef"
+bip49_pubkey_p2wsh_p2sh_version: "024289ef"
 bip49_privkey_p2wpkh_p2sh_version: "044a4e28"
 bip49_privkey_p2wsh_p2sh_version: "024285b5"
 bip84_pubkey_p2wpkh_version: "045f1cf6"

data/lib/bitcoin/constants.rb

@@ -44,6 +44,11 @@ module Bitcoin
   SCRIPT_VERIFY_NULLFAIL = (1 << 14) # Signature(s) must be empty vector if an CHECK(MULTI)SIG operation failed
   SCRIPT_VERIFY_WITNESS_PUBKEYTYPE = (1 << 15) # Public keys in segregated witness scripts must be compressed
   SCRIPT_VERIFY_CONST_SCRIPTCODE = (1 << 16) # Making OP_CODESEPARATOR and FindAndDelete fail any non-segwit scripts
+  SCRIPT_VERIFY_TAPROOT = (1 << 17) # Taproot/Tapscript validation (BIPs 341 & 342)
+  SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION = (1 << 18) # Making unknown Taproot leaf versions non-standard
+  SCRIPT_VERIFY_DISCOURAGE_UNKNOWN_ANNEX = (1 << 19) # Making the use of (unknown) annexes non-standard (currently no annexes are known)
+  SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS = (1 << 20) # Making unknown OP_SUCCESS non-standard
+  SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE = (1 << 21) # Making unknown public key versions (in BIP 342 scripts) non-standard
 
   MANDATORY_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH
 
@@ -88,15 +93,19 @@ module Bitcoin
   # Threshold for nLockTime: below this value it is interpreted as block number, otherwise as UNIX timestamp.
   LOCKTIME_THRESHOLD = 500000000
 
-  # Signature hash types/flags
-  SIGHASH_TYPE = { all: 1, none: 2, single: 3, anyonecanpay: 128 }
+  # Tag for input annex. If there are at least two witness elements for a transaction input,
+  # and the first byte of the last element is 0x50, this last element is called annex, and
+  # has meanings independent of the script
+  ANNEX_TAG = 0x50
+
+  # Validation weight per passing signature (Tapscript only, see BIP 342).
+  VALIDATION_WEIGHT_PER_SIGOP_PASSED = 50
 
-  # SIGHASH_FORK_ID for replay protection of the fork coin
-  SIGHASH_FORK_ID = 0x40
+  # How much weight budget is added to the witness size (Tapscript only, see BIP 342).
+  VALIDATION_WEIGHT_OFFSET = 50
 
-  # fork coin id.
-  FORK_ID_CASH = 0
-  FORK_ID_GOLD = 79
+  # Signature hash types/flags
+  SIGHASH_TYPE = { all: 0x01, none: 0x02, single: 0x3, anyonecanpay: 0x80 , default: 0}
 
   # Maximum number length in bytes
   DEFAULT_MAX_NUM_SIZE = 4
@@ -104,8 +113,6 @@ module Bitcoin
   # 80 bytes of data, +1 for OP_RETURN, +2 for the pushdata opcodes.
   MAX_OP_RETURN_RELAY = 83
 
-  SIG_VERSION = [:base, :witness_v0]
-
   # for script error
   SCRIPT_ERR_OK = 0
   SCRIPT_ERR_UNKNOWN_ERROR = 1
@@ -146,13 +153,17 @@ module Bitcoin
   SCRIPT_ERR_SIG_HIGH_S = 54
   SCRIPT_ERR_SIG_NULLDUMMY = 55
   SCRIPT_ERR_PUBKEYTYPE = 56
-  SCRIPT_ERR_CLEANSTACK = 56
-  SCRIPT_ERR_MINIMALIF = 57
-  SCRIPT_ERR_SIG_NULLFAIL = 58
+  SCRIPT_ERR_CLEANSTACK = 57
+  SCRIPT_ERR_MINIMALIF = 58
+  SCRIPT_ERR_SIG_NULLFAIL = 59
 
   # softfork safeness
   SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS = 60
   SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM = 61
+  SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION = 62
+  SCRIPT_ERR_DISCOURAGE_UNKNOWN_ANNEX = 63
+  SCRIPT_ERR_DISCOURAGE_OP_SUCCESS = 64
+  SCRIPT_ERR_DISCOURAGE_UPGRADABLE_PUBKEYTYPE = 65
 
   # segregated witness
   SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH = 70
@@ -169,6 +180,15 @@ module Bitcoin
 
   SCRIPT_ERR_ERROR_COUNT = 80
 
+  # Taproot
+  SCRIPT_ERR_SCHNORR_SIG_SIZE = 90
+  SCRIPT_ERR_SCHNORR_SIG_HASHTYPE = 91
+  SCRIPT_ERR_SCHNORR_SIG = 92
+  SCRIPT_ERR_TAPROOT_WRONG_CONTROL_SIZE = 93
+  SCRIPT_ERR_TAPSCRIPT_VALIDATION_WEIGHT = 94
+  SCRIPT_ERR_TAPSCRIPT_CHECKMULTISIG = 95
+  SCRIPT_ERR_TAPSCRIPT_MINIMALIF = 96
+
   ERRCODES_MAP = Hash[*constants.grep(/^SCRIPT_ERR_/).map { |c| [const_get(c), c.to_s] }.flatten]
   NAME_MAP = Hash[*constants.grep(/^SCRIPT_ERR_/).map { |c| [c.to_s, const_get(c)] }.flatten]
 
@@ -192,4 +212,17 @@ module Bitcoin
   BIP32_EXTKEY_WITH_VERSION_SIZE = 78
 
   HARDENED_THRESHOLD = 2147483648 # 2**31
+
+  # Signature hash sizes
+  WITNESS_V0_SCRIPTHASH_SIZE = 32
+  WITNESS_V0_KEYHASH_SIZE = 20
+  WITNESS_V1_TAPROOT_SIZE = 32
+
+  TAPROOT_LEAF_MASK = 0xfe
+  TAPROOT_LEAF_TAPSCRIPT = 0xc0
+  TAPROOT_CONTROL_BASE_SIZE = 33
+  TAPROOT_CONTROL_NODE_SIZE = 32
+  TAPROOT_CONTROL_MAX_NODE_COUNT = 128
+  TAPROOT_CONTROL_MAX_SIZE = TAPROOT_CONTROL_BASE_SIZE + TAPROOT_CONTROL_NODE_SIZE * TAPROOT_CONTROL_MAX_NODE_COUNT
+
 end

data/lib/bitcoin/descriptor.rb

@@ -116,7 +116,7 @@ module Bitcoin
         end
       end
       key = key.is_a?(Bitcoin::Key) ? key : key.key
-      raise ArgumentError, 'Invalid pubkey.' unless key.fully_valid_pubkey?
+      raise ArgumentError, Errors::Messages::INVALID_PUBLIC_KEY unless key.fully_valid_pubkey?
       key.pubkey
     end
 

data/lib/bitcoin/errors.rb

@@ -0,0 +1,19 @@
+module Bitcoin
+  module Errors
+
+    module Messages
+
+      INVALID_PUBLIC_KEY = 'Invalid public key.'
+      INVALID_BIP32_PRIV_PREFIX = 'Invalid BIP32 private key prefix. prefix must be 0x00.'
+      INVALID_BIP32_FINGERPRINT = 'Invalid parent fingerprint.'
+      INVALID_BIP32_ZERO_INDEX = 'Invalid index. Depth 0 must have 0 index.'
+      INVALID_BIP32_ZERO_DEPTH = 'Invalid depth. Master key must have 0 depth.'
+      INVALID_BIP32_VERSION = 'An unsupported version byte was specified.'
+
+      INVALID_PRIV_KEY = 'Private key is not in range [1..n-1].'
+      INVALID_CHECKSUM = 'Invalid checksum.'
+
+    end
+
+  end
+end

data/lib/bitcoin/ext.rb

@@ -0,0 +1,5 @@
+module Bitcoin
+  module Ext
+    autoload :JsonParser, 'bitcoin/ext/json_parser'
+  end
+end

data/lib/bitcoin/ext/ecdsa.rb

@@ -0,0 +1,31 @@
+class ::ECDSA::Signature
+  # convert signature to der string.
+  def to_der
+    ECDSA::Format::SignatureDerString.encode(self)
+  end
+end
+
+class ::ECDSA::Point
+  def to_hex(compression = true)
+    ECDSA::Format::PointOctetString.encode(self, compression: compression).bth
+  end
+end
+
+module ::ECDSA::Format::PointOctetString
+
+  class << self
+    alias_method :base_decode, :decode
+  end
+
+  def self.decode(string, group, allow_hybrid: false)
+    string = string.dup.force_encoding('BINARY')
+    raise ECDSA::Format::DecodeError, 'Point octet string is empty.' if string.empty?
+    if [6, 7].include?(string[0].ord)
+      raise ECDSA::Format::DecodeError, 'Unrecognized start byte for point octet string: 0x%x' % string[0].ord unless allow_hybrid
+      decode_uncompressed string, group if allow_hybrid
+    else
+      base_decode(string, group)
+    end
+  end
+
+end

data/lib/bitcoin/ext/json_parser.rb

@@ -0,0 +1,46 @@
+require 'json/pure'
+
+module Bitcoin
+  module Ext
+    # Extension of JSON::Pure::Parser.
+    # This class convert Float value to String value.
+    class JsonParser < JSON::Pure::Parser
+
+      def parse_value
+        case
+        when scan(FLOAT)
+          self[1].to_s
+        when scan(INTEGER)
+          Integer(self[1])
+        when scan(TRUE)
+          true
+        when scan(FALSE)
+          false
+        when scan(NULL)
+          nil
+        when !UNPARSED.equal?(string = parse_string)
+          string
+        when scan(ARRAY_OPEN)
+          @current_nesting += 1
+          ary = parse_array
+          @current_nesting -= 1
+          ary
+        when scan(OBJECT_OPEN)
+          @current_nesting += 1
+          obj = parse_object
+          @current_nesting -= 1
+          obj
+        when @allow_nan && scan(NAN)
+          NaN
+        when @allow_nan && scan(INFINITY)
+          Infinity
+        when @allow_nan && scan(MINUS_INFINITY)
+          MinusInfinity
+        else
+          UNPARSED
+        end
+      end
+
+    end
+  end
+end

data/lib/bitcoin/ext_key.rb

@@ -6,6 +6,11 @@ module Bitcoin
   # BIP32 Extended private key
   class ExtKey
 
+    include Bitcoin::HexConverter
+
+    MAX_DEPTH = 255
+    MASTER_FINGERPRINT = '00000000'
+
     attr_accessor :ver
     attr_accessor :depth
     attr_accessor :number
@@ -18,7 +23,7 @@ module Bitcoin
     def self.generate_master(seed)
       ext_key = ExtKey.new
       ext_key.depth = ext_key.number = 0
-      ext_key.parent_fingerprint = '00000000'
+      ext_key.parent_fingerprint = MASTER_FINGERPRINT
       l = Bitcoin.hmac_sha512('Bitcoin seed', seed.htb)
       left = l[0..31].bth.to_i(16)
       raise 'invalid key' if left >= CURVE_ORDER || left == 0
@@ -47,9 +52,7 @@ module Bitcoin
 
     # Base58 encoded extended private key
     def to_base58
-      h = to_payload.bth
-      hex = h + Bitcoin.calc_checksum(h)
-      Base58.encode(hex)
+      ExtPubkey.encode_base58(to_hex)
     end
 
     # get private key(hex)
@@ -94,6 +97,7 @@ module Bitcoin
       number += Bitcoin::HARDENED_THRESHOLD if harden
       new_key = ExtKey.new
       new_key.depth = depth + 1
+      raise IndexError, 'Depth over 255.' if new_key.depth > MAX_DEPTH
       new_key.number = number
       new_key.parent_fingerprint = fingerprint
       if number > (Bitcoin::HARDENED_THRESHOLD - 1)
@@ -140,19 +144,24 @@ module Bitcoin
       buf = StringIO.new(payload)
       ext_key = ExtKey.new
       ext_key.ver = buf.read(4).bth # version
-      raise 'An unsupported version byte was specified.' unless ExtKey.support_version?(ext_key.ver)
-      ext_key.depth = buf.read(1).unpack('C').first
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_VERSION unless ExtKey.support_version?(ext_key.ver)
+      ext_key.depth = buf.read(1).unpack1('C')
       ext_key.parent_fingerprint = buf.read(4).bth
-      ext_key.number = buf.read(4).unpack('N').first
+      ext_key.number = buf.read(4).unpack1('N')
+      if ext_key.depth == 0
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_FINGERPRINT unless ext_key.parent_fingerprint == ExtKey::MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_INDEX if ext_key.number > 0
+      end
+      raise ArgumentError, Errors::Messages:: INVALID_BIP32_ZERO_DEPTH if ext_key.parent_fingerprint == ExtKey::MASTER_FINGERPRINT && ext_key.depth > 0
       ext_key.chain_code = buf.read(32)
-      buf.read(1) # 0x00
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_PRIV_PREFIX unless buf.read(1).bth == '00' # 0x00
       ext_key.key = Bitcoin::Key.new(priv_key: buf.read(32).bth, key_type: Bitcoin::Key::TYPES[:compressed])
       ext_key
     end
 
     # import private key from Base58 private key address
-    def self.from_base58(address)
-      ExtKey.parse_from_payload(Base58.decode(address).htb)
+    def self.from_base58(base58)
+      ExtKey.parse_from_payload(ExtPubkey.validate_base58(base58))
     end
 
     # get version bytes from purpose' value.
@@ -191,6 +200,8 @@ module Bitcoin
   # BIP-32 Extended public key
   class ExtPubkey
 
+    include Bitcoin::HexConverter
+
     attr_accessor :ver
     attr_accessor :depth
     attr_accessor :number
@@ -242,9 +253,14 @@ module Bitcoin
 
     # Base58 encoded extended pubkey
     def to_base58
-      h = to_payload.bth
-      hex = h + Bitcoin.calc_checksum(h)
-      Base58.encode(hex)
+      ExtPubkey.encode_base58(to_hex)
+    end
+
+    # Generate Base58 encoded key from BIP32 payload with hex format.
+    # @param [String] hex BIP32 payload with hex format.
+    # @return [String] Base58 encoded extended key.
+    def self.encode_base58(hex)
+      Base58.encode(hex + Bitcoin.calc_checksum(hex))
     end
 
     # whether hardened key.
@@ -256,6 +272,7 @@ module Bitcoin
     def derive(number)
       new_key = ExtPubkey.new
       new_key.depth = depth + 1
+      raise IndexError, 'Depth over 255.' if new_key.depth > Bitcoin::ExtKey::MAX_DEPTH
       new_key.number = number
       new_key.parent_fingerprint = fingerprint
       raise 'hardened key is not support' if number > (Bitcoin::HARDENED_THRESHOLD - 1)
@@ -265,7 +282,7 @@ module Bitcoin
       raise 'invalid key' if left >= CURVE_ORDER
       p1 = Bitcoin::Secp256k1::GROUP.generator.multiply_by_scalar(left)
       p2 = Bitcoin::Key.new(pubkey: pubkey, key_type: key_type).to_point
-      new_key.pubkey = ECDSA::Format::PointOctetString.encode(p1 + p2, compression: true).bth
+      new_key.pubkey = (p1 + p2).to_hex
       new_key.chain_code = l[32..-1]
       new_key.ver = version
       new_key
@@ -298,19 +315,33 @@ module Bitcoin
       buf = StringIO.new(payload)
       ext_pubkey = ExtPubkey.new
       ext_pubkey.ver = buf.read(4).bth # version
-      raise 'An unsupported version byte was specified.' unless ExtPubkey.support_version?(ext_pubkey.ver)
-      ext_pubkey.depth = buf.read(1).unpack('C').first
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_VERSION unless ExtPubkey.support_version?(ext_pubkey.ver)
+      ext_pubkey.depth = buf.read(1).unpack1('C')
       ext_pubkey.parent_fingerprint = buf.read(4).bth
-      ext_pubkey.number = buf.read(4).unpack('N').first
+      ext_pubkey.number = buf.read(4).unpack1('N')
+      if ext_pubkey.depth == 0
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_FINGERPRINT unless ext_pubkey.parent_fingerprint == ExtKey::MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_INDEX if ext_pubkey.number > 0
+      end
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_DEPTH if ext_pubkey.parent_fingerprint == ExtKey::MASTER_FINGERPRINT && ext_pubkey.depth > 0
       ext_pubkey.chain_code = buf.read(32)
-      ext_pubkey.pubkey = buf.read(33).bth
+      ext_pubkey.pubkey = Bitcoin::Key.new(pubkey: buf.read(33).bth).pubkey
       ext_pubkey
     end
 
 
     # import pub key from Base58 private key address
     def self.from_base58(address)
-      ExtPubkey.parse_from_payload(Base58.decode(address).htb)
+      ExtPubkey.parse_from_payload(ExtPubkey.validate_base58(address))
+    end
+
+    # Validate address checksum and return payload.
+    # @param [String] BIP32 Base58 address
+    # @return [String] BIP32 payload with binary format
+    def self.validate_base58(address)
+      raw = Base58.decode(address)
+      raise ArgumentError, Errors::Messages::INVALID_CHECKSUM unless Bitcoin.calc_checksum(raw[0...-8]) == raw[-8..-1]
+      raw[0...-8].htb
     end
 
     # get version bytes from purpose' value.

data/lib/bitcoin/key.rb

@@ -28,7 +28,7 @@ module Bitcoin
     # @param [Integer] key_type a key type which determine address type.
     # @param [Boolean] compressed [Deprecated] whether public key is compressed.
     # @return [Bitcoin::Key] a key object.
-    def initialize(priv_key: nil, pubkey: nil, key_type: nil, compressed: true)
+    def initialize(priv_key: nil, pubkey: nil, key_type: nil, compressed: true, allow_hybrid: false)
       puts "[Warning] Use key_type parameter instead of compressed. compressed parameter removed in the future." if key_type.nil? && !compressed.nil? && pubkey.nil?
       if key_type
         @key_type = key_type
@@ -39,13 +39,14 @@ module Bitcoin
       @secp256k1_module =  Bitcoin.secp_impl
       @priv_key = priv_key
       if @priv_key
-        raise ArgumentError, 'private key is not on curve' unless validate_private_key_range(@priv_key)
+        raise ArgumentError, Errors::Messages::INVALID_PRIV_KEY unless validate_private_key_range(@priv_key)
       end
       if pubkey
         @pubkey = pubkey
       else
         @pubkey = generate_pubkey(priv_key, compressed: compressed) if priv_key
       end
+      raise ArgumentError, Errors::Messages::INVALID_PUBLIC_KEY unless fully_valid_pubkey?(allow_hybrid)
     end
 
     # generate key pair
@@ -63,9 +64,9 @@ module Bitcoin
       data = hex[2...-8].htb
       checksum = hex[-8..-1]
       raise ArgumentError, 'invalid version' unless version == Bitcoin.chain_params.privkey_version
-      raise ArgumentError, 'invalid checksum' unless Bitcoin.calc_checksum(version + data.bth) == checksum
+      raise ArgumentError, Errors::Messages::INVALID_CHECKSUM unless Bitcoin.calc_checksum(version + data.bth) == checksum
       key_len = data.bytesize
-      if key_len == COMPRESSED_PUBLIC_KEY_SIZE && data[-1].unpack('C').first == 1
+      if key_len == COMPRESSED_PUBLIC_KEY_SIZE && data[-1].unpack1('C') == 1
         key_type = TYPES[:compressed]
         data = data[0..-2]
       elsif key_len == 32
@@ -88,30 +89,46 @@ module Bitcoin
     # sign +data+ with private key
     # @param [String] data a data to be signed with binary format
     # @param [Boolean] low_r flag to apply low-R.
-    # @param [String] extra_entropy the extra entropy for rfc6979.
+    # @param [String] extra_entropy the extra entropy with binary format for rfc6979.
+    # @param [Symbol] algo signature algorithm. ecdsa(default) or schnorr.
     # @return [String] signature data with binary format
-    def sign(data, low_r = true, extra_entropy = nil)
-      sig = secp256k1_module.sign_data(data, priv_key, extra_entropy)
-      if low_r && !sig_has_low_r?(sig)
-        counter = 1
-        until sig_has_low_r?(sig)
-          extra_entropy = [counter].pack('I*').bth.ljust(64, '0').htb
-          sig = secp256k1_module.sign_data(data, priv_key, extra_entropy)
-          counter += 1
+    def sign(data, low_r = true, extra_entropy = nil, algo: :ecdsa)
+      case algo
+      when :ecdsa
+        sig = secp256k1_module.sign_data(data, priv_key, extra_entropy)
+        if low_r && !sig_has_low_r?(sig)
+          counter = 1
+          until sig_has_low_r?(sig)
+            extra_entropy = [counter].pack('I*').bth.ljust(64, '0').htb
+            sig = secp256k1_module.sign_data(data, priv_key, extra_entropy)
+            counter += 1
+          end
         end
+        sig
+      when :schnorr
+        secp256k1_module.sign_data(data, priv_key, extra_entropy, algo: :schnorr)
+      else
+        raise ArgumentError "Unsupported algo specified: #{algo}"
       end
-      sig
     end
 
     # verify signature using public key
     # @param [String] sig signature data with binary format
-    # @param [String] origin original message
+    # @param [String] data original message
+    # @param [Symbol] algo signature algorithm. ecdsa(default) or schnorr.
     # @return [Boolean] verify result
-    def verify(sig, origin)
+    def verify(sig, data, algo: :ecdsa)
       return false unless valid_pubkey?
       begin
-        sig = ecdsa_signature_parse_der_lax(sig)
-        secp256k1_module.verify_sig(origin, sig, pubkey)
+        case algo
+        when :ecdsa
+          sig = ecdsa_signature_parse_der_lax(sig)
+          secp256k1_module.verify_sig(data, sig, pubkey)
+        when :schnorr
+          secp256k1_module.verify_sig(data, sig, xonly_pubkey, algo: :schnorr)
+        else
+          false
+        end
       rescue Exception
         false
       end
@@ -125,19 +142,19 @@ module Bitcoin
     # get pay to pubkey hash address
     # @deprecated
     def to_p2pkh
-      Bitcoin::Script.to_p2pkh(hash160).addresses.first
+      Bitcoin::Script.to_p2pkh(hash160).to_addr
     end
 
     # get pay to witness pubkey hash address
     # @deprecated
     def to_p2wpkh
-      Bitcoin::Script.to_p2wpkh(hash160).addresses.first
+      Bitcoin::Script.to_p2wpkh(hash160).to_addr
     end
 
     # get p2wpkh address nested in p2sh.
     # @deprecated
     def to_nested_p2wpkh
-      Bitcoin::Script.to_p2wpkh(hash160).to_p2sh.addresses.first
+      Bitcoin::Script.to_p2wpkh(hash160).to_p2sh.to_addr
     end
 
     def compressed?
@@ -152,6 +169,12 @@ module Bitcoin
       ECDSA::Format::PointOctetString.decode(p.htb, Bitcoin::Secp256k1::GROUP)
     end
 
+    # get xonly public key (32 bytes).
+    # @return [String] xonly public key with hex format
+    def xonly_pubkey
+      pubkey[2..65]
+    end
+
     # check +pubkey+ (hex) is compress or uncompress pubkey.
     def self.compress_or_uncompress_pubkey?(pubkey)
       p = pubkey.htb
@@ -225,14 +248,8 @@ module Bitcoin
     end
 
     # fully validate whether this is a valid public key (more expensive than IsValid())
-    def fully_valid_pubkey?
-      return false unless valid_pubkey?
-      begin
-        point = ECDSA::Format::PointOctetString.decode(pubkey.htb, ECDSA::Group::Secp256k1)
-        ECDSA::Group::Secp256k1.valid_public_key?(point)
-      rescue ECDSA::Format::DecodeError
-        false
-      end
+    def fully_valid_pubkey?(allow_hybrid = false)
+      valid_pubkey? && secp256k1_module.parse_ec_pubkey?(pubkey, allow_hybrid)
     end
 
     private