tapyrus 0.1.0

data/lib/tapyrus/script/tx_checker.rb

@@ -0,0 +1,81 @@
+module Tapyrus
+  class TxChecker
+
+    attr_reader :tx
+    attr_reader :input_index
+    attr_reader :amount
+
+    def initialize(tx: nil, amount: 0, input_index: nil)
+      @tx = tx
+      @amount = amount
+      @input_index = input_index
+    end
+
+    # check signature
+    # @param [String] script_sig
+    # @param [String] pubkey
+    # @param [Tapyrus::Script] script_code
+    # @param [Integer] sig_version
+    def check_sig(script_sig, pubkey, script_code, sig_version)
+      return false if script_sig.empty?
+      script_sig = script_sig.htb
+      hash_type = script_sig[-1].unpack('C').first
+      sig = script_sig[0..-2]
+      sighash = tx.sighash_for_input(input_index, script_code, hash_type: hash_type,
+                                     amount: amount, sig_version: sig_version)
+      key_type = pubkey.start_with?('02') || pubkey.start_with?('03') ? Key::TYPES[:compressed] : Key::TYPES[:uncompressed]
+      key = Key.new(pubkey: pubkey, key_type: key_type)
+      key.verify(sig, sighash)
+    end
+
+    def check_locktime(locktime)
+      # There are two kinds of nLockTime: lock-by-blockheight and lock-by-blocktime,
+      # distinguished by whether nLockTime < LOCKTIME_THRESHOLD.
+
+      # We want to compare apples to apples, so fail the script unless the type of nLockTime being tested is the same as the nLockTime in the transaction.
+      unless ((tx.lock_time < LOCKTIME_THRESHOLD && locktime < LOCKTIME_THRESHOLD) ||
+          (tx.lock_time >= LOCKTIME_THRESHOLD && locktime >= LOCKTIME_THRESHOLD))
+        return false
+      end
+
+      # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
+      return false if locktime > tx.lock_time
+
+      # Finally the nLockTime feature can be disabled and thus CHECKLOCKTIMEVERIFY bypassed if every txin has been finalized by setting nSequence to maxint.
+      # The transaction would be allowed into the blockchain, making the opcode ineffective.
+      # Testing if this vin is not final is sufficient to prevent this condition.
+      # Alternatively we could test all inputs, but testing just this input minimizes the data required to prove correct CHECKLOCKTIMEVERIFY execution.
+      return false if TxIn::SEQUENCE_FINAL == tx.inputs[input_index].sequence
+
+      true
+    end
+
+    def check_sequence(sequence)
+      tx_sequence = tx.inputs[input_index].sequence
+      # Fail if the transaction's version number is not set high enough to trigger BIP 68 rules.
+      return false if tx.version < 2
+
+      # Sequence numbers with their most significant bit set are not consensus constrained.
+      # Testing that the transaction's sequence number do not have this bit set prevents using this property to get around a CHECKSEQUENCEVERIFY check.
+      return false unless tx_sequence & TxIn::SEQUENCE_LOCKTIME_DISABLE_FLAG == 0
+
+      # Mask off any bits that do not have consensus-enforced meaning before doing the integer comparisons
+      locktime_mask = TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG | TxIn::SEQUENCE_LOCKTIME_MASK
+      tx_sequence_masked = tx_sequence & locktime_mask
+      sequence_masked = sequence & locktime_mask
+
+      # There are two kinds of nSequence: lock-by-blockheight and lock-by-blocktime,
+      # distinguished by whether sequence_masked < TxIn#SEQUENCE_LOCKTIME_TYPE_FLAG.
+      # We want to compare apples to apples, so fail the script
+      # unless the type of nSequenceMasked being tested is the same as the nSequenceMasked in the transaction.
+      unless ((tx_sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked < TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG) ||
+          (tx_sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG && sequence_masked >= TxIn::SEQUENCE_LOCKTIME_TYPE_FLAG))
+        return false
+      end
+
+      # Now that we know we're comparing apples-to-apples, the comparison is a simple numeric one.
+      sequence_masked <= tx_sequence_masked
+    end
+
+  end
+end

data/lib/tapyrus/script_witness.rb

@@ -0,0 +1,38 @@
+module Tapyrus
+
+  # witness
+  class ScriptWitness
+
+    attr_reader :stack
+
+    def initialize(stack = [])
+      @stack = stack
+    end
+
+    def self.parse_from_payload(payload)
+      buf = payload.is_a?(StringIO) ? payload : StringIO.new(payload)
+      size = Tapyrus.unpack_var_int_from_io(buf)
+      stack = size.times.map do
+        buf.read(Tapyrus.unpack_var_int_from_io(buf))
+      end
+      self.new(stack)
+    end
+
+    def empty?
+      stack.empty?
+    end
+
+    def to_payload
+      p = Tapyrus.pack_var_int(stack.size)
+      p << stack.map { |s|
+        Tapyrus.pack_var_int(s.bytesize) << s
+      }.join
+    end
+
+    def to_s
+      stack.map{|s|s.bth}.join(' ')
+    end
+
+  end
+
+end

data/lib/tapyrus/secp256k1/native.rb

@@ -0,0 +1,174 @@
+# Porting part of the code from bitcoin-ruby. see the license.
+# https://github.com/lian/bitcoin-ruby/blob/master/COPYING
+
+module Tapyrus
+  module Secp256k1
+
+    # binding for secp256k1 (https://github.com/bitcoin/bitcoin/tree/v0.14.2/src/secp256k1)
+    # tag: v0.14.2
+    # this is not included by default, to enable set shared object path to ENV['SECP256K1_LIB_PATH']
+    # for linux, ENV['SECP256K1_LIB_PATH'] = '/usr/local/lib/libsecp256k1.so'
+    # for mac,
+    module Native
+      include ::FFI::Library
+      extend self
+
+      SECP256K1_FLAGS_TYPE_MASK = ((1 << 8) - 1)
+      SECP256K1_FLAGS_TYPE_CONTEXT = (1 << 0)
+      SECP256K1_FLAGS_TYPE_COMPRESSION = (1 << 1)
+
+      SECP256K1_FLAGS_BIT_CONTEXT_VERIFY = (1 << 8)
+      SECP256K1_FLAGS_BIT_CONTEXT_SIGN = (1 << 9)
+      SECP256K1_FLAGS_BIT_COMPRESSION = (1 << 8)
+
+      # Flags to pass to secp256k1_context_create.
+      SECP256K1_CONTEXT_VERIFY = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_VERIFY)
+      SECP256K1_CONTEXT_SIGN = (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_SIGN)
+
+      # Flag to pass to secp256k1_ec_pubkey_serialize and secp256k1_ec_privkey_export.
+      SECP256K1_EC_COMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION)
+      SECP256K1_EC_UNCOMPRESSED = (SECP256K1_FLAGS_TYPE_COMPRESSION)
+
+      module_function
+
+      def init
+        raise 'secp256k1 library dose not found.' unless File.exist?(ENV['SECP256K1_LIB_PATH'])
+        ffi_lib(ENV['SECP256K1_LIB_PATH'])
+        load_functions
+      end
+
+      def load_functions
+        attach_function(:secp256k1_context_create, [:uint], :pointer)
+        attach_function(:secp256k1_context_destroy, [:pointer], :void)
+        attach_function(:secp256k1_context_randomize, [:pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_create, [:pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_seckey_verify, [:pointer, :pointer], :int)
+        attach_function(:secp256k1_ecdsa_sign, [:pointer, :pointer, :pointer, :pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_serialize, [:pointer, :pointer, :pointer, :pointer, :uint], :int)
+        attach_function(:secp256k1_ecdsa_signature_serialize_der, [:pointer, :pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ec_pubkey_parse, [:pointer, :pointer, :pointer, :size_t], :int)
+        attach_function(:secp256k1_ecdsa_signature_parse_der, [:pointer, :pointer, :pointer, :size_t], :int)
+        attach_function(:secp256k1_ecdsa_signature_normalize, [:pointer, :pointer, :pointer], :int)
+        attach_function(:secp256k1_ecdsa_verify, [:pointer, :pointer, :pointer, :pointer], :int)
+      end
+
+      def with_context(flags: (SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN))
+        init
+        begin
+          context = secp256k1_context_create(flags)
+          ret, tries, max = 0, 0, 20
+          while ret != 1
+            raise 'secp256k1_context_randomize failed.' if tries >= max
+            tries += 1
+            ret = secp256k1_context_randomize(context, FFI::MemoryPointer.from_string(SecureRandom.random_bytes(32)))
+          end
+          yield(context) if block_given?
+        ensure
+          secp256k1_context_destroy(context)
+        end
+      end
+
+      # generate ec private key and public key
+      def generate_key_pair(compressed: true)
+        with_context do |context|
+          ret, tries, max = 0, 0, 20
+          while ret != 1
+            raise 'secp256k1_ec_seckey_verify in generate_key_pair failed.' if tries >= max
+            tries += 1
+            priv_key = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, SecureRandom.random_bytes(32))
+            ret = secp256k1_ec_seckey_verify(context, priv_key)
+          end
+          private_key =  priv_key.read_string(32).bth
+          [private_key , generate_pubkey_in_context(context,  private_key, compressed: compressed) ]
+        end
+      end
+
+      # generate tapyrus key object
+      def generate_key(compressed: true)
+        privkey, pubkey = generate_key_pair(compressed: compressed)
+        Tapyrus::Key.new(priv_key: privkey, pubkey: pubkey, compressed: compressed)
+      end
+
+      def generate_pubkey(priv_key, compressed: true)
+        with_context do |context|
+          generate_pubkey_in_context(context, priv_key, compressed: compressed)
+        end
+      end
+
+      # sign data.
+      # @param [String] data a data to be signed with binary format
+      # @param [String] privkey a private key using sign
+      # @param [String] extra_entropy a extra entropy for rfc6979
+      # @return [String] signature data with binary format
+      def sign_data(data, privkey, extra_entropy)
+        with_context do |context|
+          secret = FFI::MemoryPointer.new(:uchar, privkey.htb.bytesize).put_bytes(0, privkey.htb)
+          raise 'priv_key invalid' unless secp256k1_ec_seckey_verify(context, secret)
+
+          internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+          msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+          entropy = extra_entropy ? FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, extra_entropy) : nil
+
+          ret, tries, max = 0, 0, 20
+
+          while ret != 1
+            raise 'secp256k1_ecdsa_sign failed.' if tries >= max
+            tries += 1
+            ret = secp256k1_ecdsa_sign(context, internal_signature, msg32, secret, nil, entropy)
+          end
+
+          signature = FFI::MemoryPointer.new(:uchar, 72)
+          signature_len = FFI::MemoryPointer.new(:uint64).put_uint64(0, 72)
+          result = secp256k1_ecdsa_signature_serialize_der(context, signature, signature_len, internal_signature)
+          raise 'secp256k1_ecdsa_signature_serialize_der failed' unless result
+
+          signature.read_string(signature_len.read_uint64)
+        end
+      end
+
+      def verify_sig(data, sig, pub_key)
+        with_context do |context|
+          return false if data.bytesize == 0
+
+          pubkey = FFI::MemoryPointer.new(:uchar, pub_key.htb.bytesize).put_bytes(0, pub_key.htb)
+          internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+          result = secp256k1_ec_pubkey_parse(context, internal_pubkey, pubkey, pubkey.size)
+          return false unless result
+
+          signature = FFI::MemoryPointer.new(:uchar, sig.bytesize).put_bytes(0, sig)
+          internal_signature = FFI::MemoryPointer.new(:uchar, 64)
+          result = secp256k1_ecdsa_signature_parse_der(context, internal_signature, signature, signature.size)
+          return false unless result
+
+          # libsecp256k1's ECDSA verification requires lower-S signatures, which have not historically been enforced in Bitcoin, so normalize them first.
+          secp256k1_ecdsa_signature_normalize(context, internal_signature, internal_signature)
+
+          msg32 = FFI::MemoryPointer.new(:uchar, 32).put_bytes(0, data)
+          result = secp256k1_ecdsa_verify(context, internal_signature, msg32, internal_pubkey)
+
+          result == 1
+        end
+      end
+
+      private
+
+      def generate_pubkey_in_context(context, privkey, compressed: true)
+        internal_pubkey = FFI::MemoryPointer.new(:uchar, 64)
+        result = secp256k1_ec_pubkey_create(context, internal_pubkey, privkey.htb)
+        raise 'error creating pubkey' unless result
+
+        pubkey = FFI::MemoryPointer.new(:uchar, 65)
+        pubkey_len = FFI::MemoryPointer.new(:uint64)
+        result = if compressed
+                   pubkey_len.put_uint64(0, 33)
+                   secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_COMPRESSED)
+                 else
+                   pubkey_len.put_uint64(0, 65)
+                   secp256k1_ec_pubkey_serialize(context, pubkey, pubkey_len, internal_pubkey, SECP256K1_EC_UNCOMPRESSED)
+                 end
+        raise 'error serialize pubkey' unless result || pubkey_len.read_uint64 > 0
+        pubkey.read_string(pubkey_len.read_uint64).bth
+      end
+    end
+  end
+end

data/lib/tapyrus/secp256k1/ruby.rb

@@ -0,0 +1,123 @@
+module Tapyrus
+  module Secp256k1
+
+    # secp256 module using ecdsa gem
+    # https://github.com/DavidEGrayson/ruby_ecdsa
+    module Ruby
+
+      module_function
+
+      # generate ec private key and public key
+      def generate_key_pair(compressed: true)
+        private_key = 1 + SecureRandom.random_number(GROUP.order - 1)
+        public_key = GROUP.generator.multiply_by_scalar(private_key)
+        privkey = ECDSA::Format::IntegerOctetString.encode(private_key, 32)
+        pubkey = ECDSA::Format::PointOctetString.encode(public_key, compression: compressed)
+        [privkey.bth, pubkey.bth]
+      end
+
+      # generate tapyrus key object
+      def generate_key(compressed: true)
+        privkey, pubkey = generate_key_pair(compressed: compressed)
+        Tapyrus::Key.new(priv_key: privkey, pubkey: pubkey, compressed: compressed)
+      end
+
+      def generate_pubkey(privkey, compressed: true)
+        public_key = ECDSA::Group::Secp256k1.generator.multiply_by_scalar(privkey.to_i(16))
+        ECDSA::Format::PointOctetString.encode(public_key, compression: compressed).bth
+      end
+
+      # sign data.
+      # @param [String] data a data to be signed with binary format
+      # @param [String] privkey a private key using sign
+      # @return [String] signature data with binary format
+      def sign_data(data, privkey, extra_entropy)
+        privkey = privkey.htb
+        private_key = ECDSA::Format::IntegerOctetString.decode(privkey)
+        extra_entropy ||= ''
+        nonce = generate_rfc6979_nonce(data, privkey, extra_entropy)
+
+        # port form ecdsa gem.
+        r_point = GROUP.new_point(nonce)
+
+        point_field = ECDSA::PrimeField.new(GROUP.order)
+        r = point_field.mod(r_point.x)
+        return nil if r.zero?
+
+        e = ECDSA.normalize_digest(data, GROUP.bit_length)
+        s = point_field.mod(point_field.inverse(nonce) * (e + r * private_key))
+
+        if s > (GROUP.order / 2) # convert low-s
+          s = GROUP.order - s
+        end
+
+        return nil if s.zero?
+
+        signature = ECDSA::Signature.new(r, s).to_der
+        public_key = Tapyrus::Key.new(priv_key: privkey.bth).pubkey
+        raise 'Creation of signature failed.' unless Tapyrus::Secp256k1::Ruby.verify_sig(data, signature, public_key)
+        signature
+      end
+
+      # verify signature using public key
+      # @param [String] digest a SHA-256 message digest with binary format
+      # @param [String] sig a signature for +data+ with binary format
+      # @param [String] pubkey a public key corresponding to the private key used for sign
+      # @return [Boolean] verify result
+      def verify_sig(digest, sig, pubkey)
+        begin
+          k = ECDSA::Format::PointOctetString.decode(repack_pubkey(pubkey), GROUP)
+          signature = ECDSA::Format::SignatureDerString.decode(sig)
+          ECDSA.valid_signature?(k, digest, signature)
+        rescue Exception
+          false
+        end
+      end
+
+      # if +pubkey+ is hybrid public key format, it convert uncompressed format.
+      # https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2012-June/001578.html
+      def repack_pubkey(pubkey)
+        p = pubkey.htb
+        case p[0]
+          when "\x06", "\x07"
+            p[0] = "\x04"
+            p
+          else
+            pubkey.htb
+        end
+      end
+
+      INITIAL_V = '0101010101010101010101010101010101010101010101010101010101010101'.htb
+      INITIAL_K = '0000000000000000000000000000000000000000000000000000000000000000'.htb
+      ZERO_B = '00'.htb
+      ONE_B = '01'.htb
+
+      # generate temporary key k to be used when ECDSA sign.
+      # https://tools.ietf.org/html/rfc6979#section-3.2
+      def generate_rfc6979_nonce(data, privkey, extra_entropy)
+        v = INITIAL_V # 3.2.b
+        k = INITIAL_K # 3.2.c
+        # 3.2.d
+        k = Tapyrus.hmac_sha256(k, v + ZERO_B + privkey + data + extra_entropy)
+        # 3.2.e
+        v = Tapyrus.hmac_sha256(k, v)
+        # 3.2.f
+        k = Tapyrus.hmac_sha256(k, v + ONE_B + privkey + data + extra_entropy)
+        # 3.2.g
+        v = Tapyrus.hmac_sha256(k, v)
+        # 3.2.h
+        t = ''
+        10000.times do
+          v = Tapyrus.hmac_sha256(k, v)
+          t = (t + v)
+          t_num = t.bth.to_i(16)
+          return t_num if 1 <= t_num && t_num < GROUP.order
+          k = Tapyrus.hmac_sha256(k, v + '00'.htb)
+          v = Tapyrus.hmac_sha256(k, v)
+        end
+        raise 'A valid nonce was not found.'
+      end
+    end
+
+  end
+end

data/lib/tapyrus/secp256k1.rb

@@ -0,0 +1,12 @@
+module Tapyrus
+
+  module Secp256k1
+
+    GROUP = ECDSA::Group::Secp256k1
+
+    autoload :Ruby, 'tapyrus/secp256k1/ruby'
+    autoload :Native, 'tapyrus/secp256k1/native'
+
+  end
+
+end

data/lib/tapyrus/slip39/share.rb

@@ -0,0 +1,122 @@
+module Tapyrus
+  module SLIP39
+
+    # Share of Shamir's Secret Sharing Scheme
+    class Share
+
+      attr_accessor :id               # 15 bits, Integer
+      attr_accessor :iteration_exp    # 5 bits, Integer
+      attr_accessor :group_index      # 4 bits, Integer
+      attr_accessor :group_threshold  # 4 bits, Integer
+      attr_accessor :group_count      # 4 bits, Integer
+      attr_accessor :member_index     # 4 bits, Integer
+      attr_accessor :member_threshold # 4 bits, Integer
+      attr_accessor :value            # 8n bits, hex string.
+      attr_accessor :checksum         # 30 bits, Integer
+
+      # Recover Share from the mnemonic words
+      # @param [Array{String}] words the mnemonic words
+      # @return [Tapyrus::SLIP39::Share] a share
+      def self.from_words(words)
+        raise ArgumentError, 'Mnemonics should be an array of strings' unless words.is_a?(Array)
+        indices = words.map do |word|
+          index = Tapyrus::SLIP39::WORDS.index(word.downcase)
+          raise IndexError, 'word not found in words list.' unless index
+          index
+        end
+
+        raise ArgumentError, 'Invalid mnemonic length.' if indices.size < MIN_MNEMONIC_LENGTH_WORDS
+        raise ArgumentError, 'Invalid mnemonic checksum.' unless verify_rs1024_checksum(indices)
+
+        padding_length = (RADIX_BITS * (indices.size - METADATA_LENGTH_WORDS)) % 16
+        raise ArgumentError, 'Invalid mnemonic length.' if padding_length > 8
+        data = indices.map{|i|i.to_s(2).rjust(10, '0')}.join
+
+        s = self.new
+        s.id = data[0...ID_LENGTH_BITS].to_i(2)
+        s.iteration_exp = data[ID_LENGTH_BITS...(ID_LENGTH_BITS + ITERATION_EXP_LENGTH_BITS)].to_i(2)
+        s.group_index = data[20...24].to_i(2)
+        s.group_threshold = data[24...28].to_i(2) + 1
+        s.group_count = data[28...32].to_i(2) + 1
+        raise ArgumentError, "Invalid mnemonic. Group threshold(#{s.group_threshold}) cannot be greater than group count(#{s.group_count})." if s.group_threshold > s.group_count
+        s.member_index = data[32...36].to_i(2)
+        s.member_threshold = data[36...40].to_i(2) + 1
+        value_length = data.length - 70
+        start_index = 40 + padding_length
+        end_index = start_index + value_length - padding_length
+        padding_value = data[40...(40 + padding_length)]
+        raise ArgumentError, "Invalid mnemonic. padding must only zero." unless padding_value.to_i(2) == 0
+        s.value = data[start_index...end_index].to_i(2).to_even_length_hex
+        s.checksum = data[(40 + value_length)..-1].to_i(2)
+        s
+      end
+
+      # Generate mnemonic words
+      # @return [Array[String]] array of mnemonic word.
+      def to_words
+        indices = build_word_indices
+        indices.map{|index| Tapyrus::SLIP39::WORDS[index]}
+      end
+
+      # Calculate checksum using current fields
+      # @return [Integer] checksum
+      def calculate_checksum
+        indices = build_word_indices(false)
+        create_rs1024_checksum(indices).map{|i|i.to_bits(10)}.join.to_i(2)
+      end
+
+      def self.rs1024_polymod(values)
+        gen = [0xe0e040, 0x1c1c080, 0x3838100, 0x7070200, 0xe0e0009, 0x1c0c2412, 0x38086c24, 0x3090fc48, 0x21b1f890, 0x3f3f120]
+        chk = 1
+        values.each do |v|
+          b = (chk >> 20)
+          chk = (chk & 0xfffff) << 10 ^ v
+          10.times do |i|
+            chk ^= (((b >> i) & 1 == 1) ? gen[i] : 0)
+          end
+        end
+        chk
+      end
+
+      private
+
+      # Create word indices from this share.
+      # @param [Boolean] include_checksum whether include checksum when creating indices.
+      # @param [Array[Integer]] the array of index
+      def build_word_indices(include_checksum = true)
+        s = id.to_bits(ID_LENGTH_BITS)
+        s << iteration_exp.to_bits(ITERATION_EXP_LENGTH_BITS)
+        s << group_index.to_bits(4)
+        s << (group_threshold - 1).to_bits(4)
+        s << (group_count - 1).to_bits(4)
+        raise StandardError, "Group threshold(#{group_threshold}) cannot be greater than group count(#{group_count})." if group_threshold > group_count
+        s << member_index.to_bits(4)
+        s << (member_threshold - 1).to_bits(4)
+        value_length = value.to_i(16).bit_length
+        padding_length = RADIX_BITS - (value_length % RADIX_BITS)
+        s << value.to_i(16).to_bits(value_length + padding_length)
+        s << checksum.to_bits(30) if include_checksum
+        s.chars.each_slice(10).map{|index| index.join.to_i(2)}
+      end
+
+      # Verify RS1024 checksum
+      # @param [Array[Integer] data the array of mnemonic word index
+      # @return [Boolean] verify result
+      def self.verify_rs1024_checksum(data)
+        rs1024_polymod(CUSTOMIZATION_STRING + data) == 1
+      end
+
+      # Create RS1024 checksum
+      # @param [Array[Integer] data the array of mnemonic word index without checksum
+      # @return [Array[Integer]] the array of checksum integer
+      def create_rs1024_checksum(data)
+        values = CUSTOMIZATION_STRING + data + Array.new(CHECKSUM_LENGTH_WORDS, 0)
+        polymod = Tapyrus::SLIP39::Share.rs1024_polymod(values) ^ 1
+        CHECKSUM_LENGTH_WORDS.times.to_a.reverse.map {|i|(polymod >> (10 * i)) & 1023 }
+      end
+
+      private_class_method :verify_rs1024_checksum
+
+    end
+  end
+end