@bsv/sdk 1.6.20 → 1.6.23

package/docs/reference/script.md

@@ -87,6 +87,7 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 | [PushDrop](#class-pushdrop) |
 | [RPuzzle](#class-rpuzzle) |
 | [Script](#class-script) |
+| [ScriptEvaluationError](#class-scriptevaluationerror) |
 | [Spend](#class-spend) |
 | [UnlockingScript](#class-unlockingscript) |
 
@@ -730,6 +731,37 @@ Argument Details
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 
+---
+### Class: ScriptEvaluationError
+
+```ts
+export default class ScriptEvaluationError extends Error {
+    txid: string;
+    outputIndex: number;
+    context: "UnlockingScript" | "LockingScript";
+    programCounter: number;
+    stackState: number[][];
+    altStackState: number[][];
+    ifStackState: boolean[];
+    stackMem: number;
+    altStackMem: number;
+    constructor(params: {
+        message: string;
+        txid: string;
+        outputIndex: number;
+        context: "UnlockingScript" | "LockingScript";
+        programCounter: number;
+        stackState: number[][];
+        altStackState: number[][];
+        ifStackState: boolean[];
+        stackMem: number;
+        altStackMem: number;
+    }) 
+}
+```
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
+
 ---
 ### Class: Spend
 

package/docs/reference/wallet.md

@@ -668,12 +668,12 @@ export interface ListOutputsArgs {
     includeTags?: BooleanDefaultFalse;
     includeLabels?: BooleanDefaultFalse;
     limit?: PositiveIntegerDefault10Max10000;
-    offset?: PositiveIntegerOrZero;
+    offset?: number;
     seekPermission?: BooleanDefaultTrue;
 }
 ```
 
-See also: [BasketStringUnder300Bytes](./wallet.md#type-basketstringunder300bytes), [BooleanDefaultFalse](./wallet.md#type-booleandefaultfalse), [BooleanDefaultTrue](./wallet.md#type-booleandefaulttrue), [OutputTagStringUnder300Bytes](./wallet.md#type-outputtagstringunder300bytes), [PositiveIntegerDefault10Max10000](./wallet.md#type-positiveintegerdefault10max10000), [PositiveIntegerOrZero](./wallet.md#type-positiveintegerorzero)
+See also: [BasketStringUnder300Bytes](./wallet.md#type-basketstringunder300bytes), [BooleanDefaultFalse](./wallet.md#type-booleandefaultfalse), [BooleanDefaultTrue](./wallet.md#type-booleandefaulttrue), [OutputTagStringUnder300Bytes](./wallet.md#type-outputtagstringunder300bytes), [PositiveIntegerDefault10Max10000](./wallet.md#type-positiveintegerdefault10max10000)
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Enums](#enums), [Variables](#variables)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.6.20",
+  "version": "1.6.23",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/primitives/PrivateKey.ts

@@ -4,7 +4,7 @@ import PublicKey from './PublicKey.js'
 import Point from './Point.js'
 import Curve from './Curve.js'
 import { sign, verify } from './ECDSA.js'
-import { sha256, sha256hmac } from './Hash.js'
+import { sha256, sha256hmac, sha512hmac } from './Hash.js'
 import Random from './Random.js'
 import { fromBase58Check, toArray, toBase58Check } from './utils.js'
 import Polynomial, { PointInFiniteField } from './Polynomial.js'
@@ -410,8 +410,40 @@ export default class PrivateKey extends BigNumber {
     const poly = Polynomial.fromPrivateKey(this, threshold)
 
     const points: PointInFiniteField[] = []
+    const usedXCoordinates = new Set<string>()
+    const curve = new Curve()
+
+    /**
+     * Cryptographically secure x-coordinate generation for Shamir's Secret Sharing (toKeyShares)
+     *
+     * - Each x-coordinate is derived using a master seed (Random(64)) as the HMAC key and a per-attempt counter array as the message.
+     * - The counter array includes the share index, the attempt number (to handle rare collisions), and 32 bytes of fresh randomness for each attempt.
+     * - This ensures:
+     *   1. **Non-determinism**: Each split is unique, even for the same key and parameters, due to the per-attempt randomness.
+     *   2. **Uniqueness**: x-coordinates are checked for zero and duplication; retry logic ensures no repeats or invalid values.
+     *   3. **Cryptographic strength**: HMAC-SHA-512 is robust, and combining deterministic and random values protects against RNG compromise or bias.
+     *   4. **Defensive programming**: Attempts are capped (5 per share) to prevent infinite loops in pathological cases.
+     *
+     * This approach is robust against all practical attacks and is suitable for high-security environments where deterministic splits are not desired.
+     */
+    const seed = Random(64)
     for (let i = 0; i < totalShares; i++) {
-      const x = new BigNumber(PrivateKey.fromRandom().toArray())
+      let x: BigNumber
+      let attempts = 0
+      do {
+        // To ensure no two points are ever the same, even if the system RNG is compromised,
+        // we'll use a different counter value for each point and use SHA-512 HMAC.
+        const counter = [i, attempts, ...Random(32)]
+        const h = sha512hmac(seed, counter)
+        x = new BigNumber(h).umod(curve.p)
+        // repeat generation if x is zero or has already been used (insanely unlikely)
+        attempts++
+        if (attempts > 5) {
+          throw new Error('Failed to generate unique x coordinate after 5 attempts')
+        }
+      } while (x.isZero() || usedXCoordinates.has(x.toString()))
+
+      usedXCoordinates.add(x.toString())
       const y = poly.valueAt(x)
       points.push(new PointInFiniteField(x, y))
     }

package/src/wallet/Wallet.interfaces.ts

@@ -563,7 +563,10 @@ export interface InternalizeActionResult {
  * @param {BooleanDefaultFalse} [includeTags] - Whether the tags associated with the output should be returned.
  * @param {BooleanDefaultFalse} [includeLabels] - Whether the labels associated with the transaction containing the output should be returned.
  * @param {PositiveIntegerDefault10Max10000} [limit] - Optional limit on the number of outputs to return.
- * @param {PositiveIntegerOrZero} [offset] - Number of outputs to skip before starting to return results.
+ * @param {number} [offset] - If positive or zero: Number of outputs to skip before starting to return results, oldest first.
+ * If negative: Outputs are returned newest first and offset of -1 is the newest output.
+ * When using negative offsets, caution is required as new outputs may be added between calls,
+ * potentially causing outputs to be duplicated across calls.
  * @param {BooleanDefaultTrue} [seekPermission] — Whether to seek permission from the user for this operation if required. Default true, will return an error rather than proceed if set to false.
  */
 export interface ListOutputsArgs {
@@ -575,7 +578,7 @@ export interface ListOutputsArgs {
   includeTags?: BooleanDefaultFalse
   includeLabels?: BooleanDefaultFalse
   limit?: PositiveIntegerDefault10Max10000
-  offset?: PositiveIntegerOrZero
+  offset?: number
   seekPermission?: BooleanDefaultTrue
 }