bitcoinrb 0.5.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5da63d0663778eba1816d008ebf369348bc75d214965b68c2ff7ce564e95ac3
-  data.tar.gz: 2a7e31c9f5b29b72b14e93103f1b69111a2283e390fb61fdad517a5aa764f9f4
+  metadata.gz: e8103017ba6b480dc45caea8b9544720003c486167c3e867be738ccdc40faef7
+  data.tar.gz: 3807ee81a2ed26a526c19903c616ebb7af5b2a9c8434a76398e538a02c34e126
 SHA512:
-  metadata.gz: b062f7c6e944cac7787fdca7be284224961b9a675467bd6f55fa0d49ed502157507e098aee9b28998f600826d677ddc3f8b26947134591240b5d8ada5e004686
-  data.tar.gz: b32d9705400ac5bfb1cc252e4a79c66ff9fb2d8dcba1f530060b5c130e14726e412a5434d5769dd6824588374cbae99c797ae65a2478a92d53cc5fa664ab5a4e
+  metadata.gz: 97a9df2fee4c9d2fb7c84555d82e0f1ef692e0889c964fc7615f328467925a5b099be19801b19321a9b12fc55493663f1813be4074e5fc95add8948cd52ca2e4
+  data.tar.gz: '0370268e40a85bf6face9592b8dc3cf260b6357e796f62c7e6abddaeeef2d3ec561e4336ba859c5f8426dcedd80eba6d9ec632941e284791df9571ff613182e5'

data/.github/workflows/ruby.yml

@@ -0,0 +1,37 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.6', '2.7', '3.0']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install leveldb
+      run: sudo apt-get install libleveldb-dev
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+    # uses: ruby/setup-ruby@v1
+      uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+    - name: Run tests
+      run: bundle exec rake spec

data/.rspec_parallel

@@ -0,0 +1,2 @@
+--format ParallelTests::RSpec::RuntimeLogger --out tmp/parallel_runtime_rspec.log
+--format ParallelTests::RSpec::SummaryLogger --out tmp/spec_summary.log

data/.ruby-version

@@ -1 +1 @@
-2.7.0
+ruby-3.0.2

data/README.md

@@ -1,4 +1,4 @@
-# Bitcoinrb [![Build Status](https://travis-ci.org/chaintope/bitcoinrb.svg?branch=master)](https://travis-ci.org/chaintope/bitcoinrb) [![Gem Version](https://badge.fury.io/rb/bitcoinrb.svg)](https://badge.fury.io/rb/bitcoinrb) [![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE) <img src="http://segwit.co/static/public/images/logo.png" width="100">
+# Bitcoinrb [![Build Status](https://github.com/chaintope/bitcoinrb/actions/workflows/ruby.yml/badge.svg?branch=master)](https://github.com/chaintope/bitcoinrb/actions/workflows/ruby.yml) [![Gem Version](https://badge.fury.io/rb/bitcoinrb.svg)](https://badge.fury.io/rb/bitcoinrb) [![MIT License](http://img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE) <img src="http://segwit.co/static/public/images/logo.png" width="100">
 
 
 Bitcoinrb is a Ruby implementation of Bitcoin Protocol.
@@ -18,6 +18,8 @@ Bitcoinrb supports following feature:
 * [BIP-173](https://github.com/bitcoin/bips/blob/master/bip-0173.mediawiki) Bech32 address support
 * [BIP-174](https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki) PSBT(Partially Signed Bitcoin Transaction) support
 * [BIP-85](https://github.com/bitcoin/bips/blob/master/bip-0085.mediawiki) Deterministic Entropy From BIP32 Keychains support by `Bitcoin::BIP85Entropy` class.
+* Schnorr signature([BIP-340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki))  
+* Taproot consensus([BIP-341](https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki) and [BIP-342](https://github.com/bitcoin/bips/blob/master/bip-0342.mediawiki))  
 * [WIP] SPV node
 * [WIP] 0ff-chain protocol
 
@@ -93,6 +95,14 @@ Bitcoin.chain_params = :regtest
 
 This parameter is described in https://github.com/chaintope/bitcoinrb/blob/master/lib/bitcoin/chainparams/regtest.yml.
 
+* default signet
+
+```ruby
+Bitcoin.chain_params = :signet
+```
+
+This parameter is described in https://github.com/chaintope/bitcoinrb/blob/master/lib/bitcoin/chainparams/signet.yml.
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/bitcoinrb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/bitcoinrb.gemspec

@@ -10,8 +10,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["azuchi"]
   spec.email         = ["azuchi@chaintope.com"]
 
-  spec.summary       = %q{[WIP]The implementation of Bitcoin Protocol for Ruby.}
-  spec.description   = %q{[WIP]The implementation of Bitcoin Protocol for Ruby.}
+  spec.summary       = %q{The implementation of Bitcoin Protocol for Ruby.}
+  spec.description   = %q{The implementation of Bitcoin Protocol for Ruby.}
   spec.homepage      = 'https://github.com/chaintope/bitcoinrb'
   spec.license       = "MIT"
 
@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'ecdsa'
   spec.add_runtime_dependency 'eventmachine'
   spec.add_runtime_dependency 'murmurhash3'
-  spec.add_runtime_dependency 'bech32', '~> 1.0.3'
+  spec.add_runtime_dependency 'bech32', '~> 1.1.0'
   spec.add_runtime_dependency 'daemon-spawn'
   spec.add_runtime_dependency 'thor'
   spec.add_runtime_dependency 'ffi'
@@ -32,8 +32,9 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'iniparse'
   spec.add_runtime_dependency 'siphash'
   spec.add_runtime_dependency 'protobuf', '3.8.5'
-  spec.add_runtime_dependency 'scrypt'
   spec.add_runtime_dependency 'json_pure', '>= 2.3.1'
+  spec.add_runtime_dependency 'bip-schnorr', '>= 0.4.0'
+  spec.add_runtime_dependency 'base32', '>= 0.3.4'
 
   # for options
   spec.add_development_dependency 'leveldb-native'
@@ -42,6 +43,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rake', '>= 12.3.3'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'timecop'
-  spec.add_development_dependency 'webmock', '~> 3.0'
-
+  spec.add_development_dependency 'webmock', '>= 3.11.1'
+  spec.add_development_dependency 'parallel', '>= 1.20.1'
 end

data/lib/bitcoin/block_filter.rb

@@ -43,6 +43,20 @@ module Bitcoin
       BlockFilter.new(filter_type, filter, block.block_hash)
     end
 
+    # Decode Block Filter from encoded filter
+    # @param [Integer] filter_type filter type.
+    # @param [String] block_hash block hash with hex format. not little endian.
+    # @param [String] encoded encoded_filter with hex format.
+    # @return [Bitcoin::BlockFilter] block filter object.
+    def self.decode(filter_type, block_hash, encoded)
+      filter = case filter_type
+               when TYPE[:basic]
+                GCSFilter.new(block_hash.htb[0...16], BASIC_FILTER_P, BASIC_FILTER_M, encoded_filter: encoded)
+              else
+                raise "unknown filter type: #{filter_type}."
+               end
+      BlockFilter.new(filter_type, filter, block_hash)
+    end
 
     # calculate filter hash.
     # @return [String] this filter hash with hex format.

data/lib/bitcoin/chain_params.rb

@@ -51,6 +51,11 @@ module Bitcoin
       init('regtest')
     end
 
+    # signet genesis
+    def self.signet
+      init('signet')
+    end
+
     def mainnet?
       network == 'mainnet'
     end
@@ -63,6 +68,10 @@ module Bitcoin
       network == 'regtest'
     end
 
+    def signet?
+      network == 'signet'
+    end
+
     def genesis_block
       header = Bitcoin::BlockHeader.new(
           genesis['version'], genesis['prev_hash'].rhex, genesis['merkle_root'].rhex,

data/lib/bitcoin/chainparams/signet.yml

@@ -0,0 +1,39 @@
+--- !ruby/object:Bitcoin::ChainParams
+network: "signet"
+magic_head: "0a03cf40"
+message_magic: "Bitcoin Signed Message:\n"
+address_version: "6f"
+p2sh_version: "c4"
+bech32_hrp: 'tb'
+privkey_version: "ef"
+extended_privkey_version: "04358394"
+extended_pubkey_version: "043587cf"
+bip49_pubkey_p2wpkh_p2sh_version: "044a5262"
+bip49_pubkey_p2wsh_p2sh_version: "024289ef"
+bip49_privkey_p2wpkh_p2sh_version: "044a4e28"
+bip49_privkey_p2wsh_p2sh_version: "024285b5"
+bip84_pubkey_p2wpkh_version: "045f1cf6"
+bip84_pubkey_p2wsh_version: "02575483"
+bip84_privkey_p2wpkh_version: "045f18bc"
+bip84_privkey_p2wsh_version: "02575048"
+default_port: 38333
+protocol_version: 70013
+retarget_interval: 2016
+retarget_time: 1209600 # 2 weeks
+target_spacing: 600 # block interval
+max_money: 21000000
+bip34_height: 227931
+genesis_hash: "00000008819873e925422c1ff0f99f7cc9bbb232af63a077a480a3633bee1ef6"
+proof_of_work_limit: 0x1d00ffff
+dns_seeds:
+  - "178.128.221.177"
+  - "2a01:7c8:d005:390::5"
+genesis:
+  hash: "00000008819873e925422c1ff0f99f7cc9bbb232af63a077a480a3633bee1ef6"
+  merkle_root: "4a5e1e4baab89f3a32518a88c31bc87f618f76673e2cc77ab2127b7afdeda33b"
+  time: 1598918400
+  nonce: 52613770
+  bits: 0x1e0377ae
+  version: 1
+  prev_hash: "0000000000000000000000000000000000000000000000000000000000000000"
+bip44_coin_type: 1

data/lib/bitcoin/constants.rb

@@ -44,6 +44,11 @@ module Bitcoin
   SCRIPT_VERIFY_NULLFAIL = (1 << 14) # Signature(s) must be empty vector if an CHECK(MULTI)SIG operation failed
   SCRIPT_VERIFY_WITNESS_PUBKEYTYPE = (1 << 15) # Public keys in segregated witness scripts must be compressed
   SCRIPT_VERIFY_CONST_SCRIPTCODE = (1 << 16) # Making OP_CODESEPARATOR and FindAndDelete fail any non-segwit scripts
+  SCRIPT_VERIFY_TAPROOT = (1 << 17) # Taproot/Tapscript validation (BIPs 341 & 342)
+  SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION = (1 << 18) # Making unknown Taproot leaf versions non-standard
+  SCRIPT_VERIFY_DISCOURAGE_UNKNOWN_ANNEX = (1 << 19) # Making the use of (unknown) annexes non-standard (currently no annexes are known)
+  SCRIPT_VERIFY_DISCOURAGE_OP_SUCCESS = (1 << 20) # Making unknown OP_SUCCESS non-standard
+  SCRIPT_VERIFY_DISCOURAGE_UPGRADABLE_PUBKEYTYPE = (1 << 21) # Making unknown public key versions (in BIP 342 scripts) non-standard
 
   MANDATORY_SCRIPT_VERIFY_FLAGS = SCRIPT_VERIFY_P2SH
 
@@ -68,7 +73,8 @@ module Bitcoin
   # for script
 
   # witness version
-  WITNESS_VERSION = 0x00
+  WITNESS_VERSION_V0 = 0x00
+  WITNESS_VERSION_V1 = Bitcoin::Opcodes::OP_1
 
   # Maximum script length in bytes
   MAX_SCRIPT_SIZE = 10000
@@ -88,8 +94,19 @@ module Bitcoin
   # Threshold for nLockTime: below this value it is interpreted as block number, otherwise as UNIX timestamp.
   LOCKTIME_THRESHOLD = 500000000
 
+  # Tag for input annex. If there are at least two witness elements for a transaction input,
+  # and the first byte of the last element is 0x50, this last element is called annex, and
+  # has meanings independent of the script
+  ANNEX_TAG = 0x50
+
+  # Validation weight per passing signature (Tapscript only, see BIP 342).
+  VALIDATION_WEIGHT_PER_SIGOP_PASSED = 50
+
+  # How much weight budget is added to the witness size (Tapscript only, see BIP 342).
+  VALIDATION_WEIGHT_OFFSET = 50
+
   # Signature hash types/flags
-  SIGHASH_TYPE = { all: 1, none: 2, single: 3, anyonecanpay: 128 }
+  SIGHASH_TYPE = { all: 0x01, none: 0x02, single: 0x3, anyonecanpay: 0x80 , default: 0}
 
   # Maximum number length in bytes
   DEFAULT_MAX_NUM_SIZE = 4
@@ -97,8 +114,6 @@ module Bitcoin
   # 80 bytes of data, +1 for OP_RETURN, +2 for the pushdata opcodes.
   MAX_OP_RETURN_RELAY = 83
 
-  SIG_VERSION = [:base, :witness_v0]
-
   # for script error
   SCRIPT_ERR_OK = 0
   SCRIPT_ERR_UNKNOWN_ERROR = 1
@@ -146,6 +161,10 @@ module Bitcoin
   # softfork safeness
   SCRIPT_ERR_DISCOURAGE_UPGRADABLE_NOPS = 60
   SCRIPT_ERR_DISCOURAGE_UPGRADABLE_WITNESS_PROGRAM = 61
+  SCRIPT_ERR_DISCOURAGE_UPGRADABLE_TAPROOT_VERSION = 62
+  SCRIPT_ERR_DISCOURAGE_UNKNOWN_ANNEX = 63
+  SCRIPT_ERR_DISCOURAGE_OP_SUCCESS = 64
+  SCRIPT_ERR_DISCOURAGE_UPGRADABLE_PUBKEYTYPE = 65
 
   # segregated witness
   SCRIPT_ERR_WITNESS_PROGRAM_WRONG_LENGTH = 70
@@ -162,6 +181,15 @@ module Bitcoin
 
   SCRIPT_ERR_ERROR_COUNT = 80
 
+  # Taproot
+  SCRIPT_ERR_SCHNORR_SIG_SIZE = 90
+  SCRIPT_ERR_SCHNORR_SIG_HASHTYPE = 91
+  SCRIPT_ERR_SCHNORR_SIG = 92
+  SCRIPT_ERR_TAPROOT_WRONG_CONTROL_SIZE = 93
+  SCRIPT_ERR_TAPSCRIPT_VALIDATION_WEIGHT = 94
+  SCRIPT_ERR_TAPSCRIPT_CHECKMULTISIG = 95
+  SCRIPT_ERR_TAPSCRIPT_MINIMALIF = 96
+
   ERRCODES_MAP = Hash[*constants.grep(/^SCRIPT_ERR_/).map { |c| [const_get(c), c.to_s] }.flatten]
   NAME_MAP = Hash[*constants.grep(/^SCRIPT_ERR_/).map { |c| [c.to_s, const_get(c)] }.flatten]
 
@@ -185,4 +213,17 @@ module Bitcoin
   BIP32_EXTKEY_WITH_VERSION_SIZE = 78
 
   HARDENED_THRESHOLD = 2147483648 # 2**31
+
+  # Signature hash sizes
+  WITNESS_V0_SCRIPTHASH_SIZE = 32
+  WITNESS_V0_KEYHASH_SIZE = 20
+  WITNESS_V1_TAPROOT_SIZE = 32
+
+  TAPROOT_LEAF_MASK = 0xfe
+  TAPROOT_LEAF_TAPSCRIPT = 0xc0
+  TAPROOT_CONTROL_BASE_SIZE = 33
+  TAPROOT_CONTROL_NODE_SIZE = 32
+  TAPROOT_CONTROL_MAX_NODE_COUNT = 128
+  TAPROOT_CONTROL_MAX_SIZE = TAPROOT_CONTROL_BASE_SIZE + TAPROOT_CONTROL_NODE_SIZE * TAPROOT_CONTROL_MAX_NODE_COUNT
+
 end

data/lib/bitcoin/descriptor.rb

@@ -116,7 +116,7 @@ module Bitcoin
         end
       end
       key = key.is_a?(Bitcoin::Key) ? key : key.key
-      raise ArgumentError, 'Invalid pubkey.' unless key.fully_valid_pubkey?
+      raise ArgumentError, Errors::Messages::INVALID_PUBLIC_KEY unless key.fully_valid_pubkey?
       key.pubkey
     end
 

data/lib/bitcoin/errors.rb

@@ -0,0 +1,19 @@
+module Bitcoin
+  module Errors
+
+    module Messages
+
+      INVALID_PUBLIC_KEY = 'Invalid public key.'
+      INVALID_BIP32_PRIV_PREFIX = 'Invalid BIP32 private key prefix. prefix must be 0x00.'
+      INVALID_BIP32_FINGERPRINT = 'Invalid parent fingerprint.'
+      INVALID_BIP32_ZERO_INDEX = 'Invalid index. Depth 0 must have 0 index.'
+      INVALID_BIP32_ZERO_DEPTH = 'Invalid depth. Master key must have 0 depth.'
+      INVALID_BIP32_VERSION = 'An unsupported version byte was specified.'
+
+      INVALID_PRIV_KEY = 'Private key is not in range [1..n-1].'
+      INVALID_CHECKSUM = 'Invalid checksum.'
+
+    end
+
+  end
+end

data/lib/bitcoin/ext/array_ext.rb

@@ -0,0 +1,22 @@
+module Bitcoin
+  module Ext
+    module ArrayExt
+
+      refine Array do
+
+        # resize array content with +initial_value+.
+        # expect to behave like vec#resize in c++.
+        def resize!(new_size, initial_value = 0)
+          if size < new_size
+            (new_size - size).times{self.<< initial_value}
+          elsif size > new_size
+            (size - new_size).times{delete_at(-1)}
+          end
+          self
+        end
+
+      end
+
+    end
+  end
+end

data/lib/bitcoin/ext/ecdsa.rb

@@ -0,0 +1,36 @@
+class ::ECDSA::Signature
+  # convert signature to der string.
+  def to_der
+    ECDSA::Format::SignatureDerString.encode(self)
+  end
+
+  def ==(other)
+    return false unless other.is_a?(ECDSA::Signature)
+    r == other.r && s == other.s
+  end
+end
+
+class ::ECDSA::Point
+  def to_hex(compression = true)
+    ECDSA::Format::PointOctetString.encode(self, compression: compression).bth
+  end
+end
+
+module ::ECDSA::Format::PointOctetString
+
+  class << self
+    alias_method :base_decode, :decode
+  end
+
+  def self.decode(string, group, allow_hybrid: false)
+    string = string.dup.force_encoding('BINARY')
+    raise ECDSA::Format::DecodeError, 'Point octet string is empty.' if string.empty?
+    if [6, 7].include?(string[0].ord)
+      raise ECDSA::Format::DecodeError, 'Unrecognized start byte for point octet string: 0x%x' % string[0].ord unless allow_hybrid
+      decode_uncompressed string, group if allow_hybrid
+    else
+      base_decode(string, group)
+    end
+  end
+
+end

data/lib/bitcoin/ext.rb

@@ -1,5 +1,6 @@
 module Bitcoin
   module Ext
     autoload :JsonParser, 'bitcoin/ext/json_parser'
+    autoload :ArrayExt, 'bitcoin/ext/array_ext'
   end
 end

data/lib/bitcoin/ext_key.rb

@@ -52,9 +52,7 @@ module Bitcoin
 
     # Base58 encoded extended private key
     def to_base58
-      h = to_hex
-      hex = h + Bitcoin.calc_checksum(h)
-      Base58.encode(hex)
+      ExtPubkey.encode_base58(to_hex)
     end
 
     # get private key(hex)
@@ -146,22 +144,24 @@ module Bitcoin
       buf = StringIO.new(payload)
       ext_key = ExtKey.new
       ext_key.ver = buf.read(4).bth # version
-      raise 'An unsupported version byte was specified.' unless ExtKey.support_version?(ext_key.ver)
-      ext_key.depth = buf.read(1).unpack('C').first
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_VERSION unless ExtKey.support_version?(ext_key.ver)
+      ext_key.depth = buf.read(1).unpack1('C')
       ext_key.parent_fingerprint = buf.read(4).bth
+      ext_key.number = buf.read(4).unpack1('N')
       if ext_key.depth == 0
-        raise ArgumentError, 'Invalid parent fingerprint.' unless ext_key.parent_fingerprint == MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_FINGERPRINT unless ext_key.parent_fingerprint == ExtKey::MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_INDEX if ext_key.number > 0
       end
-      ext_key.number = buf.read(4).unpack('N').first
+      raise ArgumentError, Errors::Messages:: INVALID_BIP32_ZERO_DEPTH if ext_key.parent_fingerprint == ExtKey::MASTER_FINGERPRINT && ext_key.depth > 0
       ext_key.chain_code = buf.read(32)
-      buf.read(1) # 0x00
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_PRIV_PREFIX unless buf.read(1).bth == '00' # 0x00
       ext_key.key = Bitcoin::Key.new(priv_key: buf.read(32).bth, key_type: Bitcoin::Key::TYPES[:compressed])
       ext_key
     end
 
     # import private key from Base58 private key address
-    def self.from_base58(address)
-      ExtKey.parse_from_payload(Base58.decode(address).htb)
+    def self.from_base58(base58)
+      ExtKey.parse_from_payload(ExtPubkey.validate_base58(base58))
     end
 
     # get version bytes from purpose' value.
@@ -253,9 +253,14 @@ module Bitcoin
 
     # Base58 encoded extended pubkey
     def to_base58
-      h = to_hex
-      hex = h + Bitcoin.calc_checksum(h)
-      Base58.encode(hex)
+      ExtPubkey.encode_base58(to_hex)
+    end
+
+    # Generate Base58 encoded key from BIP32 payload with hex format.
+    # @param [String] hex BIP32 payload with hex format.
+    # @return [String] Base58 encoded extended key.
+    def self.encode_base58(hex)
+      Base58.encode(hex + Bitcoin.calc_checksum(hex))
     end
 
     # whether hardened key.
@@ -275,7 +280,7 @@ module Bitcoin
       l = Bitcoin.hmac_sha512(chain_code, data)
       left = l[0..31].bth.to_i(16)
       raise 'invalid key' if left >= CURVE_ORDER
-      p1 = Bitcoin::Secp256k1::GROUP.generator.multiply_by_scalar(left)
+      p1 = Bitcoin::Key.new(priv_key: left.to_s(16), key_type: Bitcoin::Key::TYPES[:uncompressed]).to_point
       p2 = Bitcoin::Key.new(pubkey: pubkey, key_type: key_type).to_point
       new_key.pubkey = (p1 + p2).to_hex
       new_key.chain_code = l[32..-1]
@@ -310,22 +315,33 @@ module Bitcoin
       buf = StringIO.new(payload)
       ext_pubkey = ExtPubkey.new
       ext_pubkey.ver = buf.read(4).bth # version
-      raise 'An unsupported version byte was specified.' unless ExtPubkey.support_version?(ext_pubkey.ver)
-      ext_pubkey.depth = buf.read(1).unpack('C').first
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_VERSION unless ExtPubkey.support_version?(ext_pubkey.ver)
+      ext_pubkey.depth = buf.read(1).unpack1('C')
       ext_pubkey.parent_fingerprint = buf.read(4).bth
+      ext_pubkey.number = buf.read(4).unpack1('N')
       if ext_pubkey.depth == 0
-        raise ArgumentError, 'Invalid parent fingerprint.' unless ext_pubkey.parent_fingerprint == ExtKey::MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_FINGERPRINT unless ext_pubkey.parent_fingerprint == ExtKey::MASTER_FINGERPRINT
+        raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_INDEX if ext_pubkey.number > 0
       end
-      ext_pubkey.number = buf.read(4).unpack('N').first
+      raise ArgumentError, Errors::Messages::INVALID_BIP32_ZERO_DEPTH if ext_pubkey.parent_fingerprint == ExtKey::MASTER_FINGERPRINT && ext_pubkey.depth > 0
       ext_pubkey.chain_code = buf.read(32)
-      ext_pubkey.pubkey = buf.read(33).bth
+      ext_pubkey.pubkey = Bitcoin::Key.new(pubkey: buf.read(33).bth).pubkey
       ext_pubkey
     end
 
 
     # import pub key from Base58 private key address
     def self.from_base58(address)
-      ExtPubkey.parse_from_payload(Base58.decode(address).htb)
+      ExtPubkey.parse_from_payload(ExtPubkey.validate_base58(address))
+    end
+
+    # Validate address checksum and return payload.
+    # @param [String] BIP32 Base58 address
+    # @return [String] BIP32 payload with binary format
+    def self.validate_base58(address)
+      raw = Base58.decode(address)
+      raise ArgumentError, Errors::Messages::INVALID_CHECKSUM unless Bitcoin.calc_checksum(raw[0...-8]) == raw[-8..-1]
+      raw[0...-8].htb
     end
 
     # get version bytes from purpose' value.