@bsv/sdk 1.1.22 → 1.1.24

package/src/primitives/Point.ts

@@ -17,6 +17,10 @@ import ReductionContext from './ReductionContext.js'
  * @property inf - Flag to record if the point is at infinity in the Elliptic Curve.
  */
 export default class Point extends BasePoint {
+  private static readonly red: any = new ReductionContext('k256')
+  private static readonly a: BigNumber = new BigNumber(0).toRed(Point.red)
+  private static readonly b: BigNumber = new BigNumber(7).toRed(Point.red)
+  private static readonly zero: BigNumber = new BigNumber(0).toRed(Point.red)
   x: BigNumber | null
   y: BigNumber | null
   inf: boolean
@@ -59,7 +63,7 @@ export default class Point extends BasePoint {
 
       return res
     } else if ((bytes[0] === 0x02 || bytes[0] === 0x03) &&
-              bytes.length - 1 === len) {
+      bytes.length - 1 === len) {
       return Point.fromX(bytes.slice(1, 1 + len), bytes[0] === 0x03)
     }
     throw new Error('Unknown point format')
@@ -87,6 +91,13 @@ export default class Point extends BasePoint {
     return Point.fromDER(bytes)
   }
 
+  static redSqrtOptimized (y2: BigNumber): BigNumber {
+    const red = Point.red
+    const p = red.m // The modulus
+    const exponent = p.addn(1).iushrn(2) // (p + 1) / 4
+    return y2.redPow(exponent)
+  }
+
   /**
    * Generates a point from an x coordinate and a boolean indicating whether the corresponding
    * y coordinate is odd.
@@ -102,34 +113,108 @@ export default class Point extends BasePoint {
    * const xCoordinate = new BigNumber('10');
    * const point = Point.fromX(xCoordinate, true);
    */
-
   static fromX (x: BigNumber | number | number[] | string, odd: boolean): Point {
-    const red = new ReductionContext('k256')
-    const a = new BigNumber(0).toRed(red)
-    const b = new BigNumber(7).toRed(red)
-    const zero = new BigNumber(0).toRed(red)
-    if (!BigNumber.isBN(x)) {
-      x = new BigNumber(x as number, 16)
-    }
-    x = x as BigNumber
-    if (x.red == null) {
-      x = x.toRed(red)
-    }
+    if (typeof BigInt === 'function') {
+      function mod (a: bigint, n: bigint): bigint {
+        return ((a % n) + n) % n
+      }
+      function modPow (base: bigint, exponent: bigint, modulus: bigint): bigint {
+        let result = BigInt(1)
+        base = mod(base, modulus)
+        while (exponent > BigInt(0)) {
+          if ((exponent & BigInt(1)) === BigInt(1)) {
+            result = mod(result * base, modulus)
+          }
+          exponent >>= BigInt(1)
+          base = mod(base * base, modulus)
+        }
+        return result
+      }
+      function sqrtMod (a: bigint, p: bigint): bigint | null {
+        const exponent = (p + BigInt(1)) >> BigInt(2) // Precomputed exponent
+        const sqrtCandidate = modPow(a, exponent, p)
+        if (mod(sqrtCandidate * sqrtCandidate, p) === mod(a, p)) {
+          return sqrtCandidate
+        } else {
+          // No square root exists
+          return null
+        }
+      }
 
-    const y2 = x.redSqr().redMul(x).redIAdd(x.redMul(a)).redIAdd(b)
-    let y = y2.redSqrt()
-    if (y.redSqr().redSub(y2).cmp(zero) !== 0) {
-      throw new Error('invalid point')
-    }
+      // Curve parameters for secp256k1
+      const p = BigInt(
+        '0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F'
+      )
+      const a = BigInt(0)
+      const b = BigInt(7)
+
+      // Convert x to BigInt
+      let xBigInt: bigint
+      if (x instanceof BigNumber) {
+        xBigInt = BigInt('0x' + x.toString(16))
+      } else if (typeof x === 'string') {
+        xBigInt = BigInt('0x' + x)
+      } else if (Array.isArray(x)) {
+        xBigInt = BigInt(
+          '0x' +
+          Buffer.from(x).toString('hex').padStart(64, '0')
+        )
+      } else if (typeof x === 'number') {
+        xBigInt = BigInt(x)
+      } else {
+        throw new Error('Invalid x-coordinate type')
+      }
 
-    // XXX Is there any way to tell if the number is odd without converting it
-    // to non-red form?
-    const isOdd = y.fromRed().isOdd()
-    if ((odd && !isOdd) || (!odd && isOdd)) {
-      y = y.redNeg()
-    }
+      // Ensure x is within field range
+      xBigInt = mod(xBigInt, p)
 
-    return new Point(x, y)
+      // Compute y^2 = x^3 + a x + b mod p
+      const y2 = mod(modPow(xBigInt, BigInt(3), p) + b, p)
+
+      // Compute modular square root y = sqrt(y2) mod p
+      let y = sqrtMod(y2, p)
+
+      if (y === null) {
+        throw new Error('Invalid point')
+      }
+
+      // Adjust y to match the oddness
+      const isYOdd = (y % BigInt(2)) === BigInt(1)
+      if ((odd && !isYOdd) || (!odd && isYOdd)) {
+        y = p - y
+      }
+
+      // Convert x and y to BigNumber
+      const xBN = new BigNumber(xBigInt.toString(16), 16)
+      const yBN = new BigNumber(y.toString(16), 16)
+      return new Point(xBN, yBN)
+    } else {
+      const red = new ReductionContext('k256')
+      const a = new BigNumber(0).toRed(red)
+      const b = new BigNumber(7).toRed(red)
+      const zero = new BigNumber(0).toRed(red)
+      if (!BigNumber.isBN(x)) {
+        x = new BigNumber(x as number, 16)
+      }
+      x = x as BigNumber
+      if (x.red == null) {
+        x = x.toRed(red)
+      }
+
+      const y2 = x.redSqr().redMul(x).redIAdd(x.redMul(a)).redIAdd(b)
+      let y = y2.redSqrt()
+      if (y.redSqr().redSub(y2).cmp(zero) !== 0) {
+        throw new Error('invalid point')
+      }
+
+      // XXX Is there any way to tell if the number is odd without converting it
+      // to non-red form?
+      const isOdd = y.fromRed().isOdd()
+      if ((odd && !isOdd) || (!odd && isOdd)) {
+        y = y.redNeg()
+      }
+      return new Point(x, y)
+    }
   }
 
   /**

package/src/primitives/TransactionSignature.ts

@@ -40,7 +40,7 @@ export default class TransactionSignature extends Signature {
       const writer = new Writer()
       for (const input of inputs) {
         if (typeof input.sourceTXID === 'undefined') {
-          writer.writeReverse(input.sourceTransaction.id())
+          writer.write(input.sourceTransaction.hash() as number[])
         } else {
           writer.writeReverse(toArray(input.sourceTXID, 'hex'))
         }
@@ -122,8 +122,9 @@ export default class TransactionSignature extends Signature {
     writer.writeUInt32LE(params.sourceOutputIndex)
 
     // scriptCode of the input (serialized as scripts inside CTxOuts)
-    writer.writeVarIntNum(params.subscript.toBinary().length)
-    writer.write(params.subscript.toBinary())
+    const subscriptBin = params.subscript.toBinary()
+    writer.writeVarIntNum(subscriptBin.length)
+    writer.write(subscriptBin)
 
     // value of the output spent by this input (8-byte little endian)
     writer.writeUInt64LE(params.sourceSatoshis)

package/src/primitives/utils.ts

@@ -320,9 +320,13 @@ export class Writer {
   }
 
   toArray (): number[] {
-    let ret = []
-    for (const x of this.bufs) {
-      if (x.length < 65536) { ret.push(...x) } else { ret = ret.concat(x) }
+    const totalLength = this.getLength()
+    const ret = new Array(totalLength)
+    let offset = 0
+    for (const buf of this.bufs) {
+      for (let i = 0; i < buf.length; i++) {
+        ret[offset++] = buf[i]
+      }
     }
     return ret
   }
@@ -515,18 +519,18 @@ export class Reader {
   }
 
   public read (len = this.bin.length): number[] {
-    const bin = this.bin.slice(this.pos, this.pos + len)
-    this.pos = this.pos + len
-    return bin
+    const start = this.pos
+    const end = this.pos + len
+    this.pos = end
+    return this.bin.slice(start, end)
   }
 
   public readReverse (len = this.bin.length): number[] {
-    const bin = this.bin.slice(this.pos, this.pos + len)
-    this.pos = this.pos + len
-    const buf2 = new Array(bin.length)
-    for (let i = 0; i < buf2.length; i++) {
-      buf2[i] = bin[bin.length - 1 - i]
+    const buf2 = new Array(len)
+    for (let i = 0; i < len; i++) {
+      buf2[i] = this.bin[this.pos + len - 1 - i]
     }
+    this.pos += len
     return buf2
   }
 
@@ -662,3 +666,46 @@ export class Reader {
     }
   }
 }
+
+export const minimallyEncode = (buf: number[]): number[] => {
+  if (buf.length === 0) {
+    return buf
+  }
+
+  // If the last byte is not 0x00 or 0x80, we are minimally encoded.
+  const last = buf[buf.length - 1]
+  if ((last & 0x7f) !== 0) {
+    return buf
+  }
+
+  // If the script is one byte long, then we have a zero, which encodes as an
+  // empty array.
+  if (buf.length === 1) {
+    return []
+  }
+
+  // If the next byte has it sign bit set, then we are minimaly encoded.
+  if ((buf[buf.length - 2] & 0x80) !== 0) {
+    return buf
+  }
+
+  // We are not minimally encoded, we need to figure out how much to trim.
+  for (let i = buf.length - 1; i > 0; i--) {
+    // We found a non zero byte, time to encode.
+    if (buf[i - 1] !== 0) {
+      if ((buf[i - 1] & 0x80) !== 0) {
+        // We found a byte with it sign bit set so we need one more
+        // byte.
+        buf[i++] = last
+      } else {
+        // the sign bit is clear, we can use it.
+        buf[i - 1] |= last
+      }
+
+      return buf.slice(0, i)
+    }
+  }
+
+  // If we found the whole thing is zeros, then we have a zero.
+  return []
+}

package/src/script/Spend.ts

@@ -4,7 +4,7 @@ import Script from './Script.js'
 import BigNumber from '../primitives/BigNumber.js'
 import OP from './OP.js'
 import ScriptChunk from './ScriptChunk.js'
-import { toHex } from '../primitives/utils.js'
+import { toHex, minimallyEncode } from '../primitives/utils.js'
 import * as Hash from '../primitives/Hash.js'
 import TransactionSignature from '../primitives/TransactionSignature.js'
 import PublicKey from '../primitives/PublicKey.js'
@@ -206,53 +206,10 @@ export default class Spend {
       return true
     }
 
-    const minimallyEncode = (buf: number[]): number[] => {
-      if (buf.length === 0) {
-        return buf
-      }
-
-      // If the last byte is not 0x00 or 0x80, we are minimally encoded.
-      const last = buf[buf.length - 1]
-      if ((last & 0x7f) !== 0) {
-        return buf
-      }
-
-      // If the script is one byte long, then we have a zero, which encodes as an
-      // empty array.
-      if (buf.length === 1) {
-        return []
-      }
-
-      // If the next byte has it sign bit set, then we are minimaly encoded.
-      if ((buf[buf.length - 2] & 0x80) !== 0) {
-        return buf
-      }
-
-      // We are not minimally encoded, we need to figure out how much to trim.
-      for (let i = buf.length - 1; i > 0; i--) {
-        // We found a non zero byte, time to encode.
-        if (buf[i - 1] !== 0) {
-          if ((buf[i - 1] & 0x80) !== 0) {
-            // We found a byte with it sign bit set so we need one more
-            // byte.
-            buf[i++] = last
-          } else {
-            // the sign bit is clear, we can use it.
-            buf[i - 1] |= last
-          }
-
-          return buf.slice(0, i)
-        }
-      }
-
-      // If we found the whole thing is zeros, then we have a zero.
-      return []
-    }
-
     const padDataToSize = (buf: number[], len: number): number[] => {
-      let b = buf
+      const b = buf
       while (b.length < len) {
-        b = [0x00, ...b]
+        b.unshift(0)
       }
       return b
     }
@@ -828,7 +785,7 @@ export default class Spend {
               shifted = bn1.ushrn(n)
             }
             const bufShifted = padDataToSize(
-              [...shifted.toArray().slice(buf1.length * -1)],
+              shifted.toArray().slice(buf1.length * -1),
               buf1.length
             )
             this.stack.push(bufShifted)
@@ -1059,7 +1016,7 @@ export default class Spend {
 
           try {
             sig = TransactionSignature.fromChecksigFormat(bufSig)
-            pubkey = PublicKey.fromString(toHex(bufPubkey))
+            pubkey = PublicKey.fromDER(bufPubkey)
             fSuccess = verifySignature(sig, pubkey, subscript)
           } catch (e) {
             // invalid sig or pubkey

package/src/script/templates/P2PKH.ts

@@ -21,7 +21,7 @@ export default class P2PKH implements ScriptTemplate {
    * @param {number[] | string} pubkeyhash or address - An array or address representing the public key hash.
    * @returns {LockingScript} - A P2PKH locking script.
    */
-  lock (pubkeyhash: string | number[]): LockingScript {
+  lock(pubkeyhash: string | number[]): LockingScript {
     let data: number[]
     if (typeof pubkeyhash === 'string') {
       const hash = fromBase58Check(pubkeyhash)
@@ -54,16 +54,16 @@ export default class P2PKH implements ScriptTemplate {
    * @param {Script} lockingScript - Optional. The lockinScript. Otherwise the input.sourceTransaction is required.
    * @returns {Object} - An object containing the `sign` and `estimateLength` functions.
    */
-  unlock (
+  unlock(
     privateKey: PrivateKey,
     signOutputs: 'all' | 'none' | 'single' = 'all',
     anyoneCanPay: boolean = false,
     sourceSatoshis?: number,
     lockingScript?: Script
   ): {
-      sign: (tx: Transaction, inputIndex: number) => Promise<UnlockingScript>
-      estimateLength: () => Promise<106>
-    } {
+    sign: (tx: Transaction, inputIndex: number) => Promise<UnlockingScript>
+    estimateLength: () => Promise<108>
+  } {
     return {
       sign: async (tx: Transaction, inputIndex: number) => {
         let signatureScope = TransactionSignature.SIGHASH_FORKID
@@ -130,9 +130,9 @@ export default class P2PKH implements ScriptTemplate {
         ])
       },
       estimateLength: async () => {
-        // public key (1+33) + signature (1+71)
+        // public key (1+33) + signature (1+73)
         // Note: We add 1 to each element's length because of the associated OP_PUSH
-        return 106
+        return 108
       }
     }
   }

package/src/script/templates/RPuzzle.ts

@@ -23,7 +23,7 @@ export default class RPuzzle implements ScriptTemplate {
    *
    * @param {'raw'|'SHA1'|'SHA256'|'HASH256'|'RIPEMD160'|'HASH160'} type Denotes the type of puzzle to create
    */
-  constructor (type: 'raw' | 'SHA1' | 'SHA256' | 'HASH256' | 'RIPEMD160' | 'HASH160' = 'raw') {
+  constructor(type: 'raw' | 'SHA1' | 'SHA256' | 'HASH256' | 'RIPEMD160' | 'HASH160' = 'raw') {
     this.type = type
   }
 
@@ -33,7 +33,7 @@ export default class RPuzzle implements ScriptTemplate {
    * @param {number[]} value - An array representing the R value or its hash.
    * @returns {LockingScript} - An R puzzle locking script.
    */
-  lock (value: number[]): LockingScript {
+  lock(value: number[]): LockingScript {
     const chunks: ScriptChunk[] = [
       { op: OP.OP_OVER },
       { op: OP.OP_3 },
@@ -70,15 +70,15 @@ export default class RPuzzle implements ScriptTemplate {
    * @param {boolean} anyoneCanPay - Flag indicating if the signature allows for other inputs to be added later.
    * @returns {Object} - An object containing the `sign` and `estimateLength` functions.
    */
-  unlock (
+  unlock(
     k: BigNumber,
     privateKey: PrivateKey,
     signOutputs: 'all' | 'none' | 'single' = 'all',
     anyoneCanPay: boolean = false
   ): {
-      sign: (tx: Transaction, inputIndex: number) => Promise<UnlockingScript>
-      estimateLength: () => Promise<106>
-    } {
+    sign: (tx: Transaction, inputIndex: number) => Promise<UnlockingScript>
+    estimateLength: () => Promise<108>
+  } {
     return {
       sign: async (tx: Transaction, inputIndex: number) => {
         if (typeof privateKey === 'undefined') {
@@ -131,9 +131,9 @@ export default class RPuzzle implements ScriptTemplate {
         ])
       },
       estimateLength: async () => {
-        // public key (1+33) + signature (1+71)
+        // public key (1+33) + signature (1+73)
         // Note: We add 1 to each element's length because of the associated OP_PUSH
-        return 106
+        return 108
       }
     }
   }

package/src/transaction/Transaction.ts

@@ -593,9 +593,8 @@ export default class Transaction {
     }
     if (enc === 'hex') {
       return toHex(hash)
-    } else {
-      return hash
     }
+    return hash
   }
 
   /**
@@ -635,84 +634,110 @@ export default class Transaction {
    *
    * @example tx.verify(new WhatsOnChain(), new SatoshisPerKilobyte(1))
    */
-  async verify (chainTracker: ChainTracker | 'scripts only' = defaultChainTracker(), feeModel?: FeeModel): Promise<boolean> {
-    // If the transaction has a valid merkle path, verification is complete.
-    if (typeof this.merklePath === 'object') {
-      if (chainTracker === 'scripts only') {
-        return true
-      } else {
-        const proofValid = await this.merklePath.verify(
-          this.id('hex'),
-          chainTracker
-        )
-        // Note that if the proof is provided but not valid, the transaction could still be verified by proving all inputs (if they are available) and checking the associated spends.
-        if (proofValid) {
-          return true
-        }
+  async verify (
+    chainTracker: ChainTracker | 'scripts only' = defaultChainTracker(),
+    feeModel?: FeeModel
+  ): Promise<boolean> {
+    const verifiedTxids = new Set<string>()
+    const txQueue: Transaction[] = [this]
+
+    while (txQueue.length > 0) {
+      const tx = txQueue.shift()
+      const txid = tx.id('hex')
+      if (verifiedTxids.has(txid)) {
+        continue
       }
-    }
-
-    if (typeof feeModel !== 'undefined') {
-      const cpTx = Transaction.fromHexEF(this.toHexEF())
-      delete cpTx.outputs[0].satoshis
-      cpTx.outputs[0].change = true
-      await cpTx.fee(feeModel)
-      if (this.getFee() < cpTx.getFee()) throw new Error(`Verification failed because the transaction ${this.id('hex')} has an insufficient fee and has not been mined.`)
-    }
 
-    // Verify each input transaction and evaluate the spend events.
-    // Also, keep a total of the input amounts for later.
-    let inputTotal = 0
-    for (let i = 0; i < this.inputs.length; i++) {
-      const input = this.inputs[i]
-      if (typeof input.sourceTransaction !== 'object') {
-        throw new Error(`Verification failed because the input at index ${i} of transaction ${this.id('hex')} is missing an associated source transaction. This source transaction is required for transaction verification because there is no merkle proof for the transaction spending a UTXO it contains.`)
-      }
-      if (typeof input.unlockingScript !== 'object') {
-        throw new Error(`Verification failed because the input at index ${i} of transaction ${this.id('hex')} is missing an associated unlocking script. This script is required for transaction verification because there is no merkle proof for the transaction spending the UTXO.`)
+      // If the transaction has a valid merkle path, verification is complete.
+      if (typeof tx.merklePath === 'object') {
+        if (chainTracker === 'scripts only') {
+          verifiedTxids.add(txid)
+          continue
+        } else {
+          const proofValid = await tx.merklePath.verify(
+            txid,
+            chainTracker
+          )
+          // If the proof is valid, no need to verify inputs.
+          if (proofValid) {
+            verifiedTxids.add(txid)
+            continue
+          }
+        }
       }
-      const sourceOutput = input.sourceTransaction.outputs[input.sourceOutputIndex]
-      inputTotal += sourceOutput.satoshis
-      const inputVerified = await input.sourceTransaction.verify(chainTracker, feeModel)
-      if (!inputVerified) {
-        return false
+
+      // Verify fee if feeModel is provided
+      if (typeof feeModel !== 'undefined') {
+        const cpTx = Transaction.fromEF(tx.toEF())
+        delete cpTx.outputs[0].satoshis
+        cpTx.outputs[0].change = true
+        await cpTx.fee(feeModel)
+        if (tx.getFee() < cpTx.getFee()) {
+          throw new Error(`Verification failed because the transaction ${txid} has an insufficient fee and has not been mined.`)
+        }
       }
-      const otherInputs = [...this.inputs]
-      otherInputs.splice(i, 1)
-      if (typeof input.sourceTXID === 'undefined') {
-        input.sourceTXID = input.sourceTransaction.id('hex')
+
+      // Verify each input transaction and evaluate the spend events.
+      // Also, keep a total of the input amounts for later.
+      let inputTotal = 0
+      for (let i = 0; i < tx.inputs.length; i++) {
+        const input = tx.inputs[i]
+        if (typeof input.sourceTransaction !== 'object') {
+          throw new Error(`Verification failed because the input at index ${i} of transaction ${txid} is missing an associated source transaction. This source transaction is required for transaction verification because there is no merkle proof for the transaction spending a UTXO it contains.`)
+        }
+        if (typeof input.unlockingScript !== 'object') {
+          throw new Error(`Verification failed because the input at index ${i} of transaction ${txid} is missing an associated unlocking script. This script is required for transaction verification because there is no merkle proof for the transaction spending the UTXO.`)
+        }
+        const sourceOutput = input.sourceTransaction.outputs[input.sourceOutputIndex]
+        inputTotal += sourceOutput.satoshis
+
+        const sourceTxid = input.sourceTransaction.id('hex')
+        if (!verifiedTxids.has(sourceTxid)) {
+          txQueue.push(input.sourceTransaction)
+        }
+
+        const otherInputs = tx.inputs.filter((_, idx) => idx !== i)
+        if (typeof input.sourceTXID === 'undefined') {
+          input.sourceTXID = sourceTxid
+        }
+
+        const spend = new Spend({
+          sourceTXID: input.sourceTXID,
+          sourceOutputIndex: input.sourceOutputIndex,
+          lockingScript: sourceOutput.lockingScript,
+          sourceSatoshis: sourceOutput.satoshis,
+          transactionVersion: tx.version,
+          otherInputs,
+          unlockingScript: input.unlockingScript,
+          inputSequence: input.sequence,
+          inputIndex: i,
+          outputs: tx.outputs,
+          lockTime: tx.lockTime
+        })
+        const spendValid = spend.validate()
+
+        if (!spendValid) {
+          return false
+        }
       }
 
-      const spend = new Spend({
-        sourceTXID: input.sourceTXID,
-        sourceOutputIndex: input.sourceOutputIndex,
-        lockingScript: sourceOutput.lockingScript,
-        sourceSatoshis: sourceOutput.satoshis,
-        transactionVersion: this.version,
-        otherInputs,
-        unlockingScript: input.unlockingScript,
-        inputSequence: input.sequence,
-        inputIndex: i,
-        outputs: this.outputs,
-        lockTime: this.lockTime
-      })
-      const spendValid = spend.validate()
+      // Total the outputs to ensure they don't amount to more than the inputs
+      let outputTotal = 0
+      for (const out of tx.outputs) {
+        if (typeof out.satoshis !== 'number') {
+          throw new Error('Every output must have a defined amount during transaction verification.')
+        }
+        outputTotal += out.satoshis
+      }
 
-      if (!spendValid) {
+      if (outputTotal > inputTotal) {
         return false
       }
-    }
 
-    // Total the outputs to ensure they don't amount to more than the inputs
-    let outputTotal = 0
-    for (const out of this.outputs) {
-      if (typeof out.satoshis !== 'number') {
-        throw new Error('Every output must have a defined amount during transaction verification.')
-      }
-      outputTotal += out.satoshis
+      verifiedTxids.add(txid)
     }
 
-    return outputTotal <= inputTotal
+    return true
   }
 
   /**

package/src/transaction/TransactionInput.ts

@@ -59,5 +59,5 @@ export default interface TransactionInput {
     sign: (tx: Transaction, inputIndex: number) => Promise<UnlockingScript>
     estimateLength: (tx: Transaction, inputIndex: number) => Promise<number>
   }
-  sequence: number
+  sequence?: number
 }