bitcoinrb 1.8.1 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6e5ff6fa694353e122cd0028354edff2aa877debdc36d368503c25f6277c77f
-  data.tar.gz: a6ef9fb214582173d6681dcad6547208b6c606f9d4b82f1c2b3423f388866db1
+  metadata.gz: 9e9112a5bf75bc7840748693cf849b887cfafd82bbb40dafb8d6eb47e4e0c1e2
+  data.tar.gz: b712757ad33c4283ac0b048d527ae0d0d4c597b2b089a94baf4655b70f3441a3
 SHA512:
-  metadata.gz: b4b858790060163880d19b8d771383b406facaa755386e7919e8c6d1caa6b7f362eeb611846f13f40b406114cae7d3e100cf4f5cb46adef01e37d40a43c35de6
-  data.tar.gz: a4712b529713ad39bebd6f32d9124d2f07d3c77c22482297df550f384b6f3ebf0ee6000958494684a95cc70354f95a22d8361dd686241c2d67c645fcee20ea5c
+  metadata.gz: 0adb44f570489b3e577fe5f7e42c922f315976ed90e0ba286a727e941b70f6ca5d16fb090f6f014bb4b0f36907ba87c65e3881f31b40c706bf8d79958890536d
+  data.tar.gz: 90d803c95d478211ec5054012f96eac13d5ce44872df43e2ce483ed3460343e6051c33d8a7a4e6679d824f922cc99a547855aacd8a857cd3d3ece7c496107171

data/README.md

@@ -83,6 +83,8 @@ This parameter is described in https://github.com/chaintope/bitcoinrb/blob/maste
 
 ```ruby
 Bitcoin.chain_params = :testnet
+# or
+Bitcoin.chain_params = :testnet4
 ```
 
 This parameter is described in https://github.com/chaintope/bitcoinrb/blob/master/lib/bitcoin/chainparams/testnet.yml.

data/bitcoinrb.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'ecdsa_ext', '~> 0.5.1'
   spec.add_runtime_dependency 'eventmachine'
   spec.add_runtime_dependency 'murmurhash3', '~> 0.1.7'
-  spec.add_runtime_dependency 'bech32', '>= 1.3.0'
+  spec.add_runtime_dependency 'bech32', '>= 1.5.0'
   spec.add_runtime_dependency 'daemon-spawn'
   spec.add_runtime_dependency 'thor'
   spec.add_runtime_dependency 'leb128', '~> 1.0.0'
@@ -36,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'observer', '~> 0.1.2'
   spec.add_runtime_dependency 'secp256k1rb', '0.1.1'
   spec.add_runtime_dependency 'logger'
+  spec.add_runtime_dependency 'merkle', '0.3.0'
 end

data/lib/bitcoin/block.rb

@@ -28,7 +28,7 @@ module Bitcoin
       header = BlockHeader.new(
         version,
         '00' * 32,
-        MerkleTree.build_from_leaf([coinbase.txid]).merkle_root.rhex,
+        Merkle::BinaryTree.new(config: Merkle::Config.bitcoin, leaves: [coinbase.txid]).compute_root.rhex,
         time,
         bits,
         nonce
@@ -72,7 +72,8 @@ module Bitcoin
 
     # calculate merkle root from tx list.
     def calculate_merkle_root
-      Bitcoin::MerkleTree.build_from_leaf(transactions.map(&:tx_hash)).merkle_root
+      tree = Merkle::BinaryTree.new(config: Merkle::Config.bitcoin, leaves: transactions.map(&:tx_hash))
+      tree.compute_root
     end
 
     # check the witness commitment in coinbase tx matches witness commitment calculated from tx list.
@@ -85,7 +86,8 @@ module Bitcoin
       witness_hashes = [COINBASE_WTXID]
       witness_hashes += (transactions[1..-1].map(&:witness_hash))
       reserved_value = transactions[0].inputs[0].script_witness.stack.map(&:bth).join
-      root_hash = Bitcoin::MerkleTree.build_from_leaf(witness_hashes).merkle_root
+      tree = Merkle::BinaryTree.new(config: Merkle::Config.bitcoin, leaves: witness_hashes)
+      root_hash = tree.compute_root
       Bitcoin.double_sha256([root_hash + reserved_value].pack('H*')).bth
     end
 

data/lib/bitcoin/descriptor/combo.rb

@@ -7,6 +7,10 @@ module Bitcoin
         :combo
       end
 
+      def to_hex
+        raise ArgumentError, 'musig() is not allowed in top-level combo().' if musig?
+      end
+
       def to_scripts
         candidates = [Pk.new(key), Pkh.new(key)]
         pubkey = extracted_key

data/lib/bitcoin/descriptor/expression.rb

@@ -98,6 +98,8 @@ module Bitcoin
         is_private = key.is_a?(Bitcoin::ExtKey)
         paths.each do |path|
           raise ArgumentError, 'xpub can not derive hardened key.' if !is_private && path.end_with?("'")
+          raise ArgumentError, 'Key ranges are not supported.' if path.include?("*")
+          raise ArgumentError, 'Key multipath are not supported.' if path.include?("<")
           if is_private
             hardened = path.end_with?("'")
             path = hardened ? path[0..-2] : path

data/lib/bitcoin/descriptor/key_expression.rb

@@ -6,9 +6,9 @@ module Bitcoin
       # Constructor
       # @raise [ArgumentError] If +key+ is invalid.
       def initialize(key)
-        raise ArgumentError, "Key must be string." unless key.is_a? String
-        extract_pubkey(key)
+        raise ArgumentError, "Key must be string or MuSig." unless key.is_a?(String) || key.is_a?(MuSig)
         @key = key
+        extracted_key
       end
 
       def args
@@ -22,9 +22,14 @@ module Bitcoin
       # Get extracted key.
       # @return [Bitcoin::Key] Extracted key.
       def extracted_key
-        extract_pubkey(key)
+        extract_pubkey(musig? ? key.to_hex : key)
       end
 
+      # Key is musig or not?
+      # @return [Boolean]
+      def musig?
+        key.is_a?(MuSig)
+      end
     end
   end
 end

data/lib/bitcoin/descriptor/musig.rb

@@ -0,0 +1,75 @@
+module Bitcoin
+  module Descriptor
+
+    # musig() descriptor class.
+    # @see https://github.com/bitcoin/bips/blob/master/bip-0390.mediawiki
+    class MuSig < Expression
+
+      # SHA256 of `MuSig2MuSig2MuSig2`
+      # https://github.com/bitcoin/bips/blob/master/bip-0328.mediawiki
+      CHAINCODE = '868087ca02a6f974c4598924c36b57762d32cb45717167e300622c7167e38965'.htb
+
+      attr_reader :keys
+      attr_reader :path
+
+      # Constructor.
+      # @param [Array] keys An array of key strings.
+      # @param [String] path (Optional) derivation path.
+      # @return [Bitcoin::Descriptor::MuSig]
+      def initialize(keys, path = nil)
+        raise ArgumentError, "keys must be an array." unless keys.is_a?(Array)
+        unless path.nil?
+          raise ArgumentError, "path must be String." unless path.is_a?(String)
+          raise ArgumentError, "path must be start with /." unless path.start_with?("/")
+        end
+        validate_keys!(keys, path)
+        @keys = keys
+        @path = path
+      end
+
+      def type
+        :musig
+      end
+
+      def top_level?
+        false
+      end
+
+      # Convert to single key with hex format.
+      # @return [String]
+      def to_hex
+        sorted_key = Schnorr::MuSig2.sort_pubkeys(keys.map{|k| extract_pubkey(k).pubkey})
+        agg_key = Schnorr::MuSig2.aggregate(sorted_key)
+        if path.nil?
+          agg_key.x_only_pubkey
+        else
+          ext_key = Bitcoin::ExtPubkey.new
+          ext_key.pubkey = agg_key.q.to_hex
+          ext_key.depth = 0
+          ext_key.chain_code = CHAINCODE
+          _, *paths = path.split('/')
+          derived_key = derive_path(ext_key, paths)
+          derived_key.key.xonly_pubkey
+        end
+      end
+
+      def to_s(checksum: nil)
+        desc = "#{type.to_s}(#{keys.join(',')})"
+        desc << path if path
+        checksum ? Checksum.descsum_create(desc) : desc
+      end
+
+      private
+
+      def validate_keys!(keys, path)
+        raise ArgumentError, 'musig() cannot have hardened child derivation.' if path && path.include?('h')
+        keys.each do |k|
+          if path
+            raise ArgumentError, 'Ranged musig() requires all participants to be xpubs.' unless k.start_with?('xpub')
+          end
+          extract_pubkey(k)
+        end
+      end
+    end
+  end
+end

data/lib/bitcoin/descriptor/pk.rb

@@ -15,6 +15,11 @@ module Bitcoin
         :pk
       end
 
+      def to_hex
+        raise ArgumentError, 'musig() is not allowed in top-level pk().' if musig?
+        super
+      end
+
       # Convert to bitcoin script.
       # @return [Bitcoin::Script]
       def to_script

data/lib/bitcoin/descriptor/pkh.rb

@@ -7,6 +7,11 @@ module Bitcoin
         :pkh
       end
 
+      def to_hex
+        raise ArgumentError, 'musig() is not allowed in top-level pkh().' if musig?
+        super
+      end
+
       def to_script
         Script.to_p2pkh(extracted_key.hash160)
       end

data/lib/bitcoin/descriptor/raw_tr.rb

@@ -1,9 +1,17 @@
 module Bitcoin
   module Descriptor
-    # rawtr() expression
+    # rawtr() descriptor
+    # @see
     class RawTr < KeyExpression
       include Bitcoin::Opcodes
 
+      # Constructor
+      # @raise [ArgumentError] If +key+ is invalid.
+      def initialize(key)
+        key = key.to_hex if key.is_a?(MuSig)
+        super(key)
+      end
+
       def type
         :rawtr
       end

data/lib/bitcoin/descriptor/script_expression.rb

@@ -16,6 +16,7 @@ module Bitcoin
       private
 
       def validate!(script)
+        raise ArgumentError, "musig() is not allowed in #{type.to_s}()." if script.is_a?(MuSig) || (script.is_a?(KeyExpression) && script.musig?)
         raise ArgumentError, "Can only have #{script.type.to_s}() at top level." if script.is_a?(Expression) && script.top_level?
         raise ArgumentError, 'Can only have multi_a/sortedmulti_a inside tr().' if script.is_a?(MultiA) || script.is_a?(SortedMultiA)
       end

data/lib/bitcoin/descriptor/tr.rb

@@ -9,6 +9,7 @@ module Bitcoin
 
       # Constructor.
       def initialize(key, tree = nil)
+        key = key.to_hex if key.is_a?(MuSig)
         raise ArgumentError, "Key must be string." unless key.is_a?(String)
         k = extract_pubkey(key)
         raise ArgumentError, "Uncompressed key are not allowed." unless k.compressed?

data/lib/bitcoin/descriptor/wpkh.rb

@@ -3,6 +3,7 @@ module Bitcoin
     # wpkh() expression
     class Wpkh < KeyExpression
       def initialize(key)
+        raise ArgumentError, 'musig() is not allowed in wpkh().' if key.is_a?(MuSig)
         super(key)
         raise ArgumentError, "Uncompressed key are not allowed." unless extract_pubkey(key).compressed?
       end

data/lib/bitcoin/descriptor.rb

@@ -21,45 +21,46 @@ module Bitcoin
     autoload :SortedMultiA, 'bitcoin/descriptor/sorted_multi_a'
     autoload :RawTr,  'bitcoin/descriptor/raw_tr'
     autoload :Checksum, 'bitcoin/descriptor/checksum'
+    autoload :MuSig, 'bitcoin/descriptor/musig'
 
     module_function
 
-    # Generate P2PK output for the given public key.
+    # Generate pk() descriptor.
     # @param [String] key private key or public key with hex format
     # @return [Bitcoin::Descriptor::Pk]
     def pk(key)
       Pk.new(key)
     end
 
-    # Generate P2PKH output for the given public key.
+    # Generate pkh() descriptor.
     # @param [String] key private key or public key with hex format.
     # @return [Bitcoin::Descriptor::Pkh]
     def pkh(key)
       Pkh.new(key)
     end
 
-    # Generate P2PKH output for the given public key.
+    # Generate wpkh() descriptor.
     # @param [String] key private key or public key with hex format.
     # @return [Bitcoin::Descriptor::Wpkh]
     def wpkh(key)
       Wpkh.new(key)
     end
 
-    # Generate P2SH embed the argument.
+    # Generate sh() descriptor.
     # @param [Bitcoin::Descriptor::Base] exp script expression to be embed.
     # @return [Bitcoin::Descriptor::Sh]
     def sh(exp)
       Sh.new(exp)
     end
 
-    # Generate P2WSH embed the argument.
+    # Generate wsh() descriptor.
     # @param [Bitcoin::Descriptor::Expression] exp script expression to be embed.
     # @return [Bitcoin::Descriptor::Wsh]
     def wsh(exp)
       Wsh.new(exp)
     end
 
-    # An alias for the collection of `pk(KEY)` and `pkh(KEY)`.
+    # Generate combo() descriptor.
     # If the key is compressed, it also includes `wpkh(KEY)` and `sh(wpkh(KEY))`.
     # @param [String] key private key or public key with hex format.
     # @return [Bitcoin::Descriptor::Combo]
@@ -67,7 +68,7 @@ module Bitcoin
       Combo.new(key)
     end
 
-    # Generate multisig output for given keys.
+    # Generate multi() descriptor.
     # @param [Integer] threshold the threshold of multisig.
     # @param [Array[String]] keys an array of keys.
     # @return [Bitcoin::Descriptor::Multi] multisig script.
@@ -75,7 +76,7 @@ module Bitcoin
       Multi.new(threshold, keys)
     end
 
-    # Generate sorted multisig output for given keys.
+    # Generate sortedmulti() descriptor.
     # @param [Integer] threshold the threshold of multisig.
     # @param [Array[String]] keys an array of keys.
     # @return [Bitcoin::Descriptor::SortedMulti]
@@ -83,21 +84,21 @@ module Bitcoin
       SortedMulti.new(threshold, keys)
     end
 
-    # Generate raw output script about +hex+.
+    # Generate raw() descriptor.
     # @param [String] hex Hex string of bitcoin script.
     # @return [Bitcoin::Descriptor::Raw]
     def raw(hex)
       Raw.new(hex)
     end
 
-    # Generate raw output script about +hex+.
+    # Generate addr() descriptor.
     # @param [String] addr Bitcoin address.
     # @return [Bitcoin::Descriptor::Addr]
     def addr(addr)
       Addr.new(addr)
     end
 
-    # Generate taproot output script descriptor.
+    # Generate tr() descriptor.
     # @param [String] key
     # @param [String] tree
     # @return [Bitcoin::Descriptor::Tr]
@@ -105,14 +106,14 @@ module Bitcoin
       Tr.new(key, tree)
     end
 
-    # Generate taproot output script descriptor.
+    # Generate rawtr() descriptor.
     # @param [String] key
     # @return [Bitcoin::Descriptor::RawTr]
     def rawtr(key)
       RawTr.new(key)
     end
 
-    # Generate tapscript multisig output for given keys.
+    # Generate multi_a() descriptor.
     # @param [Integer] threshold the threshold of multisig.
     # @param [Array[String]] keys an array of keys.
     # @return [Bitcoin::Descriptor::MultiA] multisig script.
@@ -120,7 +121,7 @@ module Bitcoin
       MultiA.new(threshold, keys)
     end
 
-    # Generate tapscript sorted multisig output for given keys.
+    # Generate sortedmulti_a() descriptor.
     # @param [Integer] threshold the threshold of multisig.
     # @param [Array[String]] keys an array of keys.
     # @return [Bitcoin::Descriptor::SortedMulti]
@@ -128,16 +129,30 @@ module Bitcoin
       SortedMultiA.new(threshold, keys)
     end
 
+    # Generate musig() descriptor.
+    # @param [Array] keys An array fo keys.
+    # @param [String] path
+    # @return [Bitcoin::Descriptor::MuSig]
+    def musig(*keys, path: nil)
+      MuSig.new(keys, path)
+    end
+
     # Parse descriptor string.
     # @param [String] string Descriptor string.
     # @return [Bitcoin::Descriptor::Expression]
     def parse(string, top_level = true)
       validate_checksum!(string)
       content, _ = string.split('#')
-      exp, args_str = content.match(/(\w+)\((.+)\)/).captures
+      exp, args_str, path = content.match(/(\w+)\((.+)\)(.*)/).captures # split "tag(10, 20)/0/1"
+      raise ArgumentError, 'Invalid format.' if exp != 'musig' && !path.empty?
+
       case exp
       when 'pk'
-        pk(args_str)
+        if args_str.include?('(')
+          pk(parse(args_str))
+        else
+          pk(args_str)
+        end
       when 'pkh'
         pkh(args_str)
       when 'wpkh'
@@ -169,16 +184,24 @@ module Bitcoin
       when 'addr'
         addr(args_str)
       when 'tr'
-        key, rest = args_str.split(',', 2)
-        if rest.nil?
+        key, tree = split_two(args_str)
+        key = parse(key) if key.include?('(')
+        if tree.nil?
           tr(key)
-        elsif rest.start_with?('{')
-          tr(key, parse_nested_string(rest))
+        elsif tree.start_with?('{')
+          tr(key, parse_nested_string(tree))
         else
-          tr(key, parse(rest, false))
+          tr(key, parse(tree, false))
         end
       when 'rawtr'
-        rawtr(args_str)
+        if args_str.include?('(')
+          rawtr(parse(args_str, false))
+        else
+          rawtr(args_str)
+        end
+      when 'musig'
+        keys = args_str.split(',')
+        path.empty? ? musig(*keys) : musig(*keys, path: path)
       else
         raise ArgumentError, "Parse failed: #{string}"
       end
@@ -229,5 +252,23 @@ module Bitcoin
       current << parse(buffer, false) unless buffer.empty?
       current.first
     end
+
+    def split_two(content)
+      paren_depth = 0
+      split_pos = content.chars.find_index do |char|
+        case char
+        when '(' then paren_depth += 1; false
+        when ')' then paren_depth -= 1; false
+        when ',' then paren_depth == 0
+        else false
+        end
+      end
+
+      if split_pos
+        [content[0...split_pos], content[split_pos+1..-1]]
+      else
+        [content, nil]
+      end
+    end
   end
 end

data/lib/bitcoin/key.rb

@@ -34,6 +34,9 @@ module Bitcoin
         @key_type = key_type
         compressed = @key_type != TYPES[:uncompressed]
       else
+        if pubkey && compressed && pubkey.length != COMPRESSED_PUBLIC_KEY_SIZE * 2
+          raise ArgumentError, "Invalid compressed pubkey length."
+        end
         @key_type = compressed ? TYPES[:compressed] : TYPES[:uncompressed]
       end
       @secp256k1_module =  Bitcoin.secp_impl

data/lib/bitcoin/message/merkle_block.rb

@@ -2,7 +2,7 @@ module Bitcoin
   module Message
 
     # merckleblock message
-    # https://bitcoin.org/en/developer-reference#merkleblock
+    # https://developer.bitcoin.org/reference/p2p_networking.html#merkleblock
     class MerkleBlock < Base
 
       COMMAND = 'merkleblock'
@@ -36,6 +36,12 @@ module Bitcoin
             hashes.map(&:htb).join << Bitcoin.pack_var_int(flags.htb.bytesize) << flags.htb
       end
 
+      # Generate partial tree.
+      # @return [Bitcoin::PartialTree]
+      def partial_tree
+        Bitcoin::PartialTree.build(tx_count, hashes, Bitcoin.byte_to_bit(flags.htb))
+      end
+
     end
 
   end

data/lib/bitcoin/{merkle_tree.rb → partial_tree.rb}

@@ -1,7 +1,8 @@
 module Bitcoin
 
-  # merkle tree
-  class MerkleTree
+  # A class for recovering partial from merkleblock message.
+  # For a complete Merkle tree implementation, migrate to the merkle gem.
+  class PartialTree
 
     attr_accessor :root
 
@@ -13,21 +14,8 @@ module Bitcoin
       root.value
     end
 
-    def self.build_from_leaf(txids)
-      if txids.size == 1
-        nodes = [Node.new(txids.first)]
-      else
-        nodes = txids.each_slice(2).map{ |m|
-          left = Node.new(m[0])
-          right = Node.new(m[1] ? m[1] : m[0])
-          [left, right]
-        }.flatten
-      end
-      new(build_initial_tree(nodes))
-    end
-
     # https://bitcoin.org/en/developer-reference#creating-a-merkleblock-message
-    def self.build_partial(tx_count, hashes, flags)
+    def self.build(tx_count, hashes, flags)
       flags = flags.each_char.map(&:to_i)
       root = build_initial_tree( Array.new(tx_count) { Node.new })
       current_node = root

data/lib/bitcoin/silent_payment.rb

@@ -1,5 +1,92 @@
 module Bitcoin
   module SilentPayment
-    autoload :Addr, 'bitcoin/sp/addr'
+
+
+    # Derive payment
+    # @param [Array] prevouts An array of previous output script(Bitcoin::Script).
+    # @param [Array] private_keys An array of private key corresponding to each public key in prevouts.
+    # @param [Array] recipients
+    # @return [Array]
+    # @raise [ArgumentError]
+    def derive_payment_points(prevouts, private_keys, recipients)
+      raise ArgumentError, "prevouts must be Array." unless prevouts.is_a? Array
+      raise ArgumentError, "private_keys must be Array." unless private_keys.is_a? Array
+      raise ArgumentError, "prevouts and private_keys must be the same length." unless prevouts.length == private_keys.length
+      raise ArgumentError, "recipients must be Array." unless recipients.is_a? Array
+
+      outpoint_l = inputs.map{|i|i.out_point.to_hex}.sort.first
+
+      input_pub_keys = []
+      field = ECDSA::PrimeField.new(Bitcoin::Secp256k1::GROUP.order)
+      sum_priv_keys = 0
+      prevouts.each_with_index do |prevout, index|
+        k = Bitcoin::Key.new(priv_key: private_keys[index].to_s(16))
+        public_key = extract_public_key(prevout, inputs[index])
+        next if public_key.nil?
+        private_key = if public_key.p2tr? && k.to_point.y.odd?
+                        field.mod(-private_keys[index])
+                      else
+                        private_keys[index]
+                      end
+        input_pub_keys << public_key
+        sum_priv_keys = field.mod(sum_priv_keys + private_key)
+      end
+      agg_pubkey = (Bitcoin::Secp256k1::GROUP.generator.to_jacobian * sum_priv_keys).to_affine
+      return [] if agg_pubkey.infinity?
+
+      input_hash = Bitcoin.tagged_hash("BIP0352/Inputs", outpoint_l.htb + agg_pubkey.to_hex.htb).bth
+
+      destinations = {}
+      recipients.each do |sp_addr|
+        raise ArgumentError, "recipients element must be Bech32::SilentPaymentAddr." unless sp_addr.is_a? Bech32::SilentPaymentAddr
+        destinations[sp_addr.scan_key] = [] unless destinations.has_key?(sp_addr.scan_key)
+        destinations[sp_addr.scan_key] << sp_addr.spend_key
+      end
+      outputs = []
+      destinations.each do |scan_key, spends|
+        scan_key = Bitcoin::Key.new(pubkey: scan_key).to_point.to_jacobian
+        ecdh_shared_secret = (scan_key * field.mod(input_hash.to_i(16) * sum_priv_keys)).to_affine.to_hex.htb
+        spends.each.with_index do |spend, i|
+          t_k = Bitcoin.tagged_hash('BIP0352/SharedSecret', ecdh_shared_secret + [i].pack('N'))
+          spend_key = Bitcoin::Key.new(pubkey: spend).to_point.to_jacobian
+          outputs << (spend_key + Bitcoin::Secp256k1::GROUP.generator.to_jacobian * t_k.bth.to_i(16)).to_affine
+        end
+      end
+      outputs
+    end
+
+    # Extract public keys from +prevout+ and input.
+    def extract_public_key(prevout, input)
+      if prevout.p2pkh?
+        spk_hash = prevout.chunks[2].pushed_data.bth
+        input.script_sig.chunks.reverse.each do |chunk|
+          next unless chunk.pushdata?
+          pubkey = chunk.pushed_data.bth
+          if Bitcoin.hash160(pubkey) == spk_hash
+            return Bitcoin::Key.new(pubkey: pubkey) if pubkey.htb.bytesize == Bitcoin::Key::COMPRESSED_PUBLIC_KEY_SIZE
+          end
+        end
+      elsif prevout.p2sh?
+        redeem_script = Bitcoin::Script.parse_from_payload(input.script_sig.chunks.last.pushed_data)
+        if redeem_script.p2wpkh?
+          pk = input.script_witness.stack.last
+          return Bitcoin::Key.new(pubkey: pk.bth) if pk.bytesize == Bitcoin::Key::COMPRESSED_PUBLIC_KEY_SIZE
+        end
+      elsif prevout.p2wpkh?
+        pk = input.script_witness.stack.last
+        return Bitcoin::Key.new(pubkey: pk.bth) if pk.bytesize == Bitcoin::Key::COMPRESSED_PUBLIC_KEY_SIZE
+      elsif prevout.p2tr?
+        witness_stack = input.script_witness.stack.dup
+        witness_stack.pop if witness_stack.last.bth.start_with?("50")
+        if witness_stack.length > 1
+          # script-path
+          cb = Bitcoin::Taproot::ControlBlock.parse_from_payload(witness_stack.last)
+          return nil if cb.internal_key == Bitcoin::Taproot::NUMS_H
+        end
+        pubkey = Bitcoin::Key.from_xonly_pubkey(prevout.chunks[1].pushed_data.bth)
+        return pubkey if pubkey.compressed?
+      end
+      nil
+    end
   end
 end

data/lib/bitcoin/taproot/custom_depth_builder.rb

@@ -31,33 +31,22 @@ module Bitcoin
         raise NotImplementedError
       end
 
-      def control_block(leaf)
-        raise NotImplementedError # TODO
-      end
-
-      def inclusion_proof(leaf)
-        raise NotImplementedError # TODO
-      end
-
       private
 
       def merkle_root
-        build_tree(tree).bth
+        return '' if tree.empty?
+        script_tree = Merkle::CustomTree.new(config: Merkle::Config.taptree, leaves: extract_leaves(tree))
+        script_tree.compute_root
       end
 
-      def build_tree(tree)
-        left, right = tree
-        left_hash = if left.is_a?(Array)
-                      build_tree(left)
-                    else
-                      left
-                    end
-        right_hash = if right.is_a?(Array)
-                       build_tree(right)
-                     else
-                       right
-                     end
-        combine_hash([left_hash, right_hash])
+      def extract_leaves(leaves)
+        leaves.map do |leaf|
+          if leaf.is_a?(Bitcoin::Taproot::LeafNode)
+            leaf.leaf_hash
+          elsif leaf.is_a?(Array)
+            extract_leaves(leaf)
+          end
+        end
       end
     end
   end

data/lib/bitcoin/taproot/simple_builder.rb

@@ -20,7 +20,6 @@ module Bitcoin
         raise Error, "Internal public key must be #{X_ONLY_PUBKEY_SIZE} bytes" unless internal_key.htb.bytesize == X_ONLY_PUBKEY_SIZE
         raise Error, 'leaf must be Bitcoin::Taproot::LeafNode object' if leaves.find{ |leaf| !leaf.is_a?(Bitcoin::Taproot::LeafNode)}
 
-        @leaves = leaves
         @branches = leaves.each_slice(2).map.to_a
         @internal_key = internal_key
       end
@@ -75,74 +74,46 @@ module Bitcoin
       # @param [Bitcoin::Taproot::LeafNode] leaf Leaf to use for unlocking.
       # @return [Bitcoin::Taproot::ControlBlock] control block.
       def control_block(leaf)
-        path = inclusion_proof(leaf)
+        path = inclusion_proof(leaf).siblings
         parity = tweak_public_key.to_point.has_even_y? ? 0 : 1
-        ControlBlock.new(parity, leaf.leaf_ver, internal_key, path.map(&:bth))
+        ControlBlock.new(parity, leaf.leaf_ver, internal_key, path)
       end
 
       # Generate inclusion proof for +leaf+.
       # @param [Bitcoin::Taproot::LeafNode] leaf The leaf node in script tree.
-      # @return [Array[String]] Inclusion proof.
+      # @return [Merkle::Proof] Inclusion proof.
       # @raise [Bitcoin::Taproot::Error] If the specified +leaf+ does not exist
       def inclusion_proof(leaf)
-        proofs = []
-        target_branch = branches.find{|b| b.include?(leaf)}
-        raise Error 'Specified leaf does not exist' unless target_branch
-
-        # flatten each branch
-        proofs << hash_value(target_branch.find{|b| b != leaf}) if target_branch.size == 2
-        parent_hash = combine_hash(target_branch)
-        parents = branches.map {|pair| combine_hash(pair)}
-
-        until parents.size == 1
-          parents = parents.each_slice(2).map do |pair|
-            combined = combine_hash(pair)
-            unless pair.size == 1
-              if hash_value(pair[0]) == parent_hash
-                proofs << hash_value(pair[1])
-                parent_hash = combined
-              elsif hash_value(pair[1]) == parent_hash
-                proofs << hash_value(pair[0])
-                parent_hash = combined
-              end
-            end
-            combined
+        tree = script_tree
+        leaf_index = 0
+        branches.each.with_index do |branch, i|
+          if branch.include?(leaf)
+            leaf_index += (branch[0] == leaf ? 0 : 1)
+            break
+          else
+            leaf_index += branch.length
           end
         end
-        proofs
+        tree.generate_proof(leaf_index)
       end
 
       private
 
-      # Calculate merkle root from branches.
-      # @return [String] merkle root with hex format.
-      def merkle_root
-        parents = branches.map {|pair| combine_hash(pair)}
-        if parents.empty?
-          parents = ['']
-        elsif parents.size == 1
-          parents = [combine_hash(parents)]
-        else
-          parents = parents.each_slice(2).map { |pair| combine_hash(pair) } until parents.size == 1
-        end
-        parents.first.bth
-      end
-
-      def combine_hash(pair)
-        if pair.size == 1
-          hash_value(pair[0])
-        else
-          hash1 = hash_value(pair[0])
-          hash2 = hash_value(pair[1])
-
-          # Lexicographically sort a and b's hash, and compute parent hash.
-          payload = hash1.bth < hash2.bth ? hash1 + hash2 : hash2 + hash1
-          Bitcoin.tagged_hash('TapBranch', payload)
+      def script_tree
+        leaves = []
+        branches.each do |pair|
+          if leaves.empty? || leaves.length == 1
+            leaves << pair.map(&:leaf_hash)
+          elsif leaves.length == 2
+            leaves = [leaves, pair.map(&:leaf_hash)]
+          end
         end
+        Merkle::CustomTree.new(config: Merkle::Config.taptree, leaves: leaves)
       end
 
-      def hash_value(leaf_or_branch)
-        leaf_or_branch.is_a?(LeafNode) ? leaf_or_branch.leaf_hash : leaf_or_branch
+      def merkle_root
+        return '' if branches.empty?
+        script_tree.compute_root
       end
     end
   end

data/lib/bitcoin/taproot.rb

@@ -8,6 +8,8 @@ module Bitcoin
     autoload :SimpleBuilder, 'bitcoin/taproot/simple_builder'
     autoload :CustomDepthBuilder,  'bitcoin/taproot/custom_depth_builder'
 
+    NUMS_H = "50929b74c1a04954b78b4b6035e97a5e078a5a0f28ec96d547bfee9ace803ac0"
+
     module_function
 
     # Calculate tweak value from +internal_pubkey+ and +merkle_root+.

data/lib/bitcoin/tx.rb

@@ -7,6 +7,7 @@ module Bitcoin
   class Tx
 
     include Bitcoin::HexConverter
+    include SilentPayment
 
     MAX_STANDARD_VERSION = 2
 

data/lib/bitcoin/version.rb

@@ -1,3 +1,3 @@
 module Bitcoin
-  VERSION = "1.8.1"
+  VERSION = "1.9.0"
 end

data/lib/bitcoin.rb

@@ -10,6 +10,7 @@ require 'bech32'
 require 'base64'
 require 'observer'
 require 'tmpdir'
+require 'merkle'
 require_relative 'openassets'
 
 module Bitcoin
@@ -31,7 +32,7 @@ module Bitcoin
   autoload :TxOut, 'bitcoin/tx_out'
   autoload :OutPoint, 'bitcoin/out_point'
   autoload :ScriptWitness, 'bitcoin/script_witness'
-  autoload :MerkleTree, 'bitcoin/merkle_tree'
+  autoload :PartialTree, 'bitcoin/partial_tree'
   autoload :Key, 'bitcoin/key'
   autoload :ExtKey, 'bitcoin/ext_key'
   autoload :ExtPubkey, 'bitcoin/ext_key'
@@ -71,9 +72,11 @@ module Bitcoin
 
   @chain_param = :mainnet
 
+  AVAILABLE_NETWORKS = %i(mainnet testnet regtest signet testnet4)
+
   # set bitcoin network chain params
   def self.chain_params=(name)
-    raise "chain params for #{name} is not defined." unless %i(mainnet testnet regtest signet).include?(name.to_sym)
+    raise "chain params for #{name} is not defined." unless AVAILABLE_NETWORKS.include?(name.to_sym)
     @current_chain = nil
     @chain_param = name.to_sym
   end
@@ -90,6 +93,8 @@ module Bitcoin
       @current_chain = Bitcoin::ChainParams.regtest
     when :signet
       @current_chain = Bitcoin::ChainParams.signet
+    when :testnet4
+      @current_chain = Bitcoin::ChainParams.testnet4
     end
     @current_chain
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: bitcoinrb
 version: !ruby/object:Gem::Version
-  version: 1.8.1
+  version: 1.9.0
 platform: ruby
 authors:
 - azuchi
 bindir: exe
 cert_chain: []
-date: 2025-03-18 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ecdsa_ext
@@ -57,14 +57,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.0
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: daemon-spawn
   requirement: !ruby/object:Gem::Requirement
@@ -233,6 +233,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: merkle
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.3.0
 description: The implementation of Bitcoin Protocol for Ruby.
 email:
 - azuchi@chaintope.com
@@ -287,6 +301,7 @@ files:
 - lib/bitcoin/descriptor/key_expression.rb
 - lib/bitcoin/descriptor/multi.rb
 - lib/bitcoin/descriptor/multi_a.rb
+- lib/bitcoin/descriptor/musig.rb
 - lib/bitcoin/descriptor/pk.rb
 - lib/bitcoin/descriptor/pkh.rb
 - lib/bitcoin/descriptor/raw.rb
@@ -308,7 +323,6 @@ files:
 - lib/bitcoin/key.rb
 - lib/bitcoin/key_path.rb
 - lib/bitcoin/logger.rb
-- lib/bitcoin/merkle_tree.rb
 - lib/bitcoin/message.rb
 - lib/bitcoin/message/addr.rb
 - lib/bitcoin/message/addr_v2.rb
@@ -376,6 +390,7 @@ files:
 - lib/bitcoin/node/spv.rb
 - lib/bitcoin/opcodes.rb
 - lib/bitcoin/out_point.rb
+- lib/bitcoin/partial_tree.rb
 - lib/bitcoin/payment_code.rb
 - lib/bitcoin/psbt.rb
 - lib/bitcoin/psbt/hd_key_path.rb
@@ -404,7 +419,6 @@ files:
 - lib/bitcoin/slip39/share.rb
 - lib/bitcoin/slip39/sss.rb
 - lib/bitcoin/slip39/wordlist/english.txt
-- lib/bitcoin/sp/addr.rb
 - lib/bitcoin/store.rb
 - lib/bitcoin/store/chain_entry.rb
 - lib/bitcoin/store/db.rb
@@ -450,7 +464,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.3
+rubygems_version: 3.6.9
 specification_version: 4
 summary: The implementation of Bitcoin Protocol for Ruby.
 test_files: []

data/lib/bitcoin/sp/addr.rb

@@ -1,55 +0,0 @@
-module Bitcoin
-  module SilentPayment
-    class Addr
-
-      HRP_MAINNET = 'sp'
-      HRP_TESTNET = 'tsp'
-      MAX_CHARACTERS = 1023
-
-      attr_reader :version
-      attr_reader :scan_key
-      attr_reader :spend_key
-
-      # Constructor.
-      # @param [Bitcoin::Key] scan_key
-      # @param [Bitcoin::Key] spend_key
-      def initialize(version, scan_key:, spend_key:)
-        raise ArgumentError, "version must be integer." unless version.is_a?(Integer)
-        raise ArgumentError, "scan_key must be Bitcoin::Key." unless scan_key.is_a?(Bitcoin::Key)
-        raise ArgumentError, "spend_key must be Bitcoin::Key." unless spend_key.is_a?(Bitcoin::Key)
-        raise ArgumentError, "version '#{version}' is unsupported." unless version.zero?
-
-        @version = version
-        @scan_key = scan_key
-        @spend_key = spend_key
-      end
-
-      # Parse silent payment address.
-      # @param [String] A silent payment address.
-      # @return [Bitcoin::SilentPayment::Addr]
-      def self.from_string(addr)
-        raise ArgumentError, "addr must be string." unless addr.is_a?(String)
-        hrp, data, spec = Bech32.decode(addr, MAX_CHARACTERS)
-        unless hrp == Bitcoin.chain_params.mainnet? ? HRP_MAINNET : HRP_TESTNET
-          raise ArgumentError, "The specified hrp is different from the current network HRP."
-        end
-        raise ArgumentError, "spec must be bech32m." unless spec == Bech32::Encoding::BECH32M
-
-        ver = data[0]
-        payload = Bech32.convert_bits(data[1..-1], 5, 8, false).pack("C*")
-        scan_key = Bitcoin::Key.new(pubkey: payload[0...33].bth, key_type: Bitcoin::Key::TYPES[:compressed])
-        spend_key = Bitcoin::Key.new(pubkey: payload[33..-1].bth, key_type: Bitcoin::Key::TYPES[:compressed])
-        Addr.new(ver, scan_key: scan_key, spend_key: spend_key)
-      end
-
-      # Get silent payment address.
-      # @return [String]
-      def to_s
-        hrp = Bitcoin.chain_params.mainnet? ? HRP_MAINNET : HRP_TESTNET
-        payload = [scan_key.pubkey + spend_key.pubkey].pack("H*").unpack('C*')
-        Bech32.encode(hrp, [version] + Bech32.convert_bits(payload, 8, 5), Bech32::Encoding::BECH32M)
-      end
-
-    end
-  end
-end