@btc-vision/bitcoin 6.5.6 → 7.0.0-alpha.1

package/build/psbt.js

@@ -1,94 +1,156 @@
-import { Psbt as PsbtBase } from 'bip174';
-import * as varuint from 'bip174/src/lib/converter/varint.js';
-const varuintDecode = varuint.decode;
-import { checkForInput, checkForOutput } from 'bip174/src/lib/utils.js';
+import { checkForInput, checkForOutput, Psbt as PsbtBase } from 'bip174';
+import { clone, equals, fromBase64, fromHex, reverse, toHex } from './io/index.js';
 import { fromOutputScript, isUnknownSegwitVersion, toOutputScript } from './address.js';
-import { cloneBuffer, reverseBuffer } from './bufferutils.js';
 import { bitcoin as btcNetwork } from './networks.js';
 import * as payments from './payments/index.js';
 import { tapleafHash } from './payments/bip341.js';
-import { checkTaprootInputFields, checkTaprootInputForSigs, checkTaprootOutputFields, isTaprootInput, serializeTaprootSignature, tapScriptFinalizer, } from './psbt/bip371.js';
+import { checkTaprootInputFields, checkTaprootOutputFields, isTaprootInput, serializeTaprootSignature, tapScriptFinalizer, } from './psbt/bip371.js';
 import { toXOnly } from './pubkey.js';
-import { checkInputForSig, isP2MS, isP2PK, isP2PKH, isP2SHScript, isP2TR, isP2WPKH, isP2WSHScript, pubkeyInScript, witnessStackToScriptWitness, } from './psbt/psbtutils.js';
+import { isP2TR, isP2WPKH, pubkeyInScript, witnessStackToScriptWitness } from './psbt/psbtutils.js';
+import { check32Bit, checkCache, checkInputsForPartialSig, checkPartialSigSighashes, checkScriptForPubkey, checkTxEmpty, checkTxForDupeIns, checkTxInputCache, isFinalized, } from './psbt/validation.js';
+import { checkInvalidP2WSH, classifyScript, compressPubkey, getMeaningfulScript, isPubkeyLike, isSigLike, range, scriptWitnessToWitnessStack, sighashTypeToString, } from './psbt/utils.js';
 import * as bscript from './script.js';
 import { Transaction } from './transaction.js';
+/**
+ * These are the default arguments for a Psbt instance.
+ */
 const DEFAULT_OPTS = {
+    /**
+     * A bitcoinjs Network object. This is only used if you pass an `address`
+     * parameter to addOutput. Otherwise it is not needed and can be left default.
+     */
     network: btcNetwork,
-    maximumFeeRate: 5000,
+    /**
+     * When extractTransaction is called, the fee rate is checked.
+     * THIS IS NOT TO BE RELIED ON.
+     * It is only here as a last ditch effort to prevent sending a 500 BTC fee etc.
+     */
+    maximumFeeRate: 5000, // satoshi per byte
 };
+/**
+ * Psbt class can parse and generate a PSBT binary based off of the BIP174.
+ * There are 6 roles that this class fulfills. (Explained in BIP174)
+ *
+ * Creator: This can be done with `new Psbt()`
+ *
+ * Updater: This can be done with `psbt.addInput(input)`, `psbt.addInputs(inputs)`,
+ *   `psbt.addOutput(output)`, `psbt.addOutputs(outputs)` when you are looking to
+ *   add new inputs and outputs to the PSBT, and `psbt.updateGlobal(itemObject)`,
+ *   `psbt.updateInput(itemObject)`, `psbt.updateOutput(itemObject)`
+ *   addInput requires hash: Uint8Array | string; and index: number; as attributes
+ *   and can also include any attributes that are used in updateInput method.
+ *   addOutput requires script: Uint8Array; and value: bigint; and likewise can include
+ *   data for updateOutput.
+ *   For a list of what attributes should be what types. Check the bip174 library.
+ *   Also, check the integration tests for some examples of usage.
+ *
+ * Signer: There are a few methods. signAllInputs and signAllInputsAsync, which will search all input
+ *   information for your pubkey or pubkeyhash, and only sign inputs where it finds
+ *   your info. Or you can explicitly sign a specific input with signInput and
+ *   signInputAsync. For the async methods you can create a SignerAsync object
+ *   and use something like a hardware wallet to sign with. (You must implement this)
+ *
+ * Combiner: psbts can be combined easily with `psbt.combine(psbt2, psbt3, psbt4 ...)`
+ *   the psbt calling combine will always have precedence when a conflict occurs.
+ *   Combine checks if the internal bitcoin transaction is the same, so be sure that
+ *   all sequences, version, locktime, etc. are the same before combining.
+ *
+ * Input Finalizer: This role is fairly important. Not only does it need to construct
+ *   the input scriptSigs and witnesses, but it SHOULD verify the signatures etc.
+ *   Before running `psbt.finalizeAllInputs()` please run `psbt.validateSignaturesOfAllInputs()`
+ *   Running any finalize method will delete any data in the input(s) that are no longer
+ *   needed due to the finalized scripts containing the information.
+ *
+ * Transaction Extractor: This role will perform some checks before returning a
+ *   Transaction object. Such as fee rate not being larger than maximumFeeRate etc.
+ */
+/**
+ * Psbt class can parse and generate a PSBT binary based off of the BIP174.
+ */
 export class Psbt {
+    data;
+    #cache;
+    #opts;
     constructor(opts = {}, data = new PsbtBase(new PsbtTransaction())) {
         this.data = data;
-        this.opts = Object.assign({}, DEFAULT_OPTS, opts);
-        this.__CACHE = {
-            __NON_WITNESS_UTXO_TX_CACHE: [],
-            __NON_WITNESS_UTXO_BUF_CACHE: [],
-            __TX_IN_CACHE: {},
-            __TX: this.data.globalMap.unsignedTx.tx,
-            __UNSAFE_SIGN_NONSEGWIT: false,
+        this.#opts = Object.assign({}, DEFAULT_OPTS, opts);
+        this.#cache = {
+            nonWitnessUtxoTxCache: [],
+            nonWitnessUtxoBufCache: [],
+            txInCache: {},
+            // unsignedTx.tx property is dynamically added by PsbtBase
+            tx: this.data.globalMap.unsignedTx.tx,
+            unsafeSignNonSegwit: false,
+            hasSignatures: false,
         };
         if (opts.version === 3) {
             this.setVersionTRUC();
         }
         else if (this.data.inputs.length === 0)
             this.setVersion(2);
-        const dpew = (obj, attr, enumerable, writable) => {
-            Object.defineProperty(obj, attr, {
-                enumerable,
-                writable,
-            });
-        };
-        dpew(this, '__CACHE', false, true);
-        dpew(this, 'opts', false, true);
+    }
+    /** @internal - Exposed for testing. Do not use in production code. */
+    get __CACHE() {
+        return this.#cache;
+    }
+    /** @internal - Exposed for testing. Do not use in production code. */
+    get opts() {
+        return this.#opts;
     }
     get inputCount() {
         return this.data.inputs.length;
     }
     get version() {
-        return this.__CACHE.__TX.version;
+        return this.#cache.tx.version;
     }
     set version(version) {
         this.setVersion(version);
     }
     get locktime() {
-        return this.__CACHE.__TX.locktime;
+        return this.#cache.tx.locktime;
     }
     set locktime(locktime) {
         this.setLocktime(locktime);
     }
     get txInputs() {
-        return this.__CACHE.__TX.ins.map((input) => ({
-            hash: cloneBuffer(input.hash),
+        return this.#cache.tx.ins.map((input) => ({
+            hash: clone(input.hash),
             index: input.index,
             sequence: input.sequence,
         }));
     }
     get txOutputs() {
-        return this.__CACHE.__TX.outs.map((output) => {
+        return this.#cache.tx.outs.map((output) => {
             let address;
             try {
-                address = fromOutputScript(output.script, this.opts.network);
+                address = fromOutputScript(output.script, this.#opts.network);
             }
             catch (_) { }
             return {
-                script: cloneBuffer(output.script),
+                script: clone(output.script),
                 value: output.value,
                 address,
             };
         });
     }
     static fromBase64(data, opts = {}) {
-        const buffer = Buffer.from(data, 'base64');
+        const buffer = fromBase64(data);
         return this.fromBuffer(buffer, opts);
     }
     static fromHex(data, opts = {}) {
-        const buffer = Buffer.from(data, 'hex');
+        const buffer = fromHex(data);
         return this.fromBuffer(buffer, opts);
     }
     static fromBuffer(buffer, opts = {}) {
         const psbtBase = PsbtBase.fromBuffer(buffer, transactionFromBuffer);
         const psbt = new Psbt(opts, psbtBase);
-        checkTxForDupeIns(psbt.__CACHE.__TX, psbt.__CACHE);
+        checkTxForDupeIns(psbt.#cache.tx, psbt.#cache);
+        // Check if restored PSBT has any signatures (partial or finalized)
+        psbt.#cache.hasSignatures = psbt.data.inputs.some((input) => input.partialSig?.length ||
+            input.tapKeySig ||
+            input.tapScriptSig?.length ||
+            input.finalScriptSig ||
+            input.finalScriptWitness);
         return psbt;
     }
     combine(...those) {
@@ -96,19 +158,20 @@ export class Psbt {
         return this;
     }
     clone() {
-        const clonedOpts = JSON.parse(JSON.stringify(this.opts));
-        return Psbt.fromBuffer(this.data.toBuffer(), clonedOpts);
+        // TODO: more efficient cloning
+        const clonedOpts = JSON.parse(JSON.stringify(this.#opts));
+        return Psbt.fromBuffer(new Uint8Array(this.data.toBuffer()), clonedOpts);
     }
     setMaximumFeeRate(satoshiPerByte) {
-        check32Bit(satoshiPerByte);
-        this.opts.maximumFeeRate = satoshiPerByte;
+        check32Bit(satoshiPerByte); // 42.9 BTC per byte IS excessive... so throw
+        this.#opts.maximumFeeRate = satoshiPerByte;
     }
     setVersion(version) {
         check32Bit(version);
-        checkInputsForPartialSig(this.data.inputs, 'setVersion');
-        const c = this.__CACHE;
-        c.__TX.version = version;
-        c.__EXTRACTED_TX = undefined;
+        checkInputsForPartialSig(this.data.inputs, 'setVersion', this.#cache.hasSignatures);
+        const c = this.#cache;
+        c.tx.version = version;
+        c.extractedTx = undefined;
         return this;
     }
     setVersionTRUC() {
@@ -116,21 +179,21 @@ export class Psbt {
     }
     setLocktime(locktime) {
         check32Bit(locktime);
-        checkInputsForPartialSig(this.data.inputs, 'setLocktime');
-        const c = this.__CACHE;
-        c.__TX.locktime = locktime;
-        c.__EXTRACTED_TX = undefined;
+        checkInputsForPartialSig(this.data.inputs, 'setLocktime', this.#cache.hasSignatures);
+        const c = this.#cache;
+        c.tx.locktime = locktime;
+        c.extractedTx = undefined;
         return this;
     }
     setInputSequence(inputIndex, sequence) {
         check32Bit(sequence);
-        checkInputsForPartialSig(this.data.inputs, 'setInputSequence');
-        const c = this.__CACHE;
-        if (c.__TX.ins.length <= inputIndex) {
+        checkInputsForPartialSig(this.data.inputs, 'setInputSequence', this.#cache.hasSignatures);
+        const c = this.#cache;
+        if (c.tx.ins.length <= inputIndex) {
             throw new Error('Input index too high');
         }
-        c.__TX.ins[inputIndex].sequence = sequence;
-        c.__EXTRACTED_TX = undefined;
+        c.tx.ins[inputIndex].sequence = sequence;
+        c.extractedTx = undefined;
         return this;
     }
     addInputs(inputDatas, checkPartialSigs = true) {
@@ -144,51 +207,78 @@ export class Psbt {
         }
         checkTaprootInputFields(inputData, inputData, 'addInput');
         if (checkPartialSigs) {
-            checkInputsForPartialSig(this.data.inputs, 'addInput');
+            checkInputsForPartialSig(this.data.inputs, 'addInput', this.#cache.hasSignatures);
         }
         if (inputData.witnessScript)
             checkInvalidP2WSH(inputData.witnessScript);
-        const c = this.__CACHE;
-        this.data.addInput(inputData);
-        const txIn = c.__TX.ins[c.__TX.ins.length - 1];
+        // Convert witnessUtxo for bip174 v3 compatibility (value: bigint, script: Uint8Array)
+        const normalizedInputData = inputData.witnessUtxo
+            ? {
+                ...inputData,
+                witnessUtxo: {
+                    script: inputData.witnessUtxo.script,
+                    value: typeof inputData.witnessUtxo.value === 'bigint'
+                        ? inputData.witnessUtxo.value
+                        : BigInt(inputData.witnessUtxo.value),
+                },
+            }
+            : inputData;
+        const c = this.#cache;
+        this.data.addInput(normalizedInputData);
+        const txIn = c.tx.ins[c.tx.ins.length - 1];
         checkTxInputCache(c, txIn);
         const inputIndex = this.data.inputs.length - 1;
         const input = this.data.inputs[inputIndex];
         if (input.nonWitnessUtxo) {
-            addNonWitnessTxCache(this.__CACHE, input, inputIndex);
+            addNonWitnessTxCache(this.#cache, input, inputIndex);
         }
-        c.__FEE = undefined;
-        c.__FEE_RATE = undefined;
-        c.__EXTRACTED_TX = undefined;
+        c.fee = undefined;
+        c.feeRate = undefined;
+        c.extractedTx = undefined;
+        c.prevOuts = undefined;
+        c.signingScripts = undefined;
+        c.values = undefined;
+        c.taprootHashCache = undefined;
         return this;
     }
-    addOutputs(outputDatas) {
-        outputDatas.forEach((outputData) => this.addOutput(outputData));
+    addOutputs(outputDatas, checkPartialSigs = true) {
+        outputDatas.forEach((outputData) => this.addOutput(outputData, checkPartialSigs));
         return this;
     }
-    addOutput(outputData) {
+    /**
+     * Add an output to the PSBT.
+     *
+     * **PERFORMANCE WARNING:** Passing an `address` string is ~10x slower than passing
+     * a `script` directly due to address parsing overhead (bech32 decode, etc.).
+     * For high-performance use cases with many outputs, pre-compute the script using
+     * `toOutputScript(address, network)` and pass `{ script, value }` instead.
+     *
+     * @param outputData - Output data with either `address` or `script`, and `value`
+     * @param checkPartialSigs - Whether to check for existing signatures (default: true)
+     */
+    addOutput(outputData, checkPartialSigs = true) {
         const hasAddress = 'address' in outputData;
         const hasScript = 'script' in outputData;
-        if (arguments.length > 1 ||
-            !outputData ||
-            outputData.value === undefined ||
-            (!hasAddress && !hasScript)) {
+        if (!outputData || outputData.value === undefined || (!hasAddress && !hasScript)) {
             throw new Error(`Invalid arguments for Psbt.addOutput. ` +
                 `Requires single object with at least [script or address] and [value]`);
         }
-        checkInputsForPartialSig(this.data.inputs, 'addOutput');
+        if (checkPartialSigs) {
+            checkInputsForPartialSig(this.data.inputs, 'addOutput', this.#cache.hasSignatures);
+        }
         if (hasAddress) {
             const { address } = outputData;
-            const { network } = this.opts;
+            const { network } = this.#opts;
             const script = toOutputScript(address, network);
             outputData = Object.assign({}, outputData, { script });
         }
         checkTaprootOutputFields(outputData, outputData, 'addOutput');
-        const c = this.__CACHE;
+        const c = this.#cache;
         this.data.addOutput(outputData);
-        c.__FEE = undefined;
-        c.__FEE_RATE = undefined;
-        c.__EXTRACTED_TX = undefined;
+        c.fee = undefined;
+        c.feeRate = undefined;
+        c.extractedTx = undefined;
+        c.taprootHashCache = undefined;
         return this;
     }
     extractTransaction(disableFeeCheck, disableOutputChecks) {
@@ -197,43 +287,43 @@ export class Psbt {
         }
         if (!this.data.inputs.every(isFinalized))
             throw new Error('Not finalized');
-        const c = this.__CACHE;
+        const c = this.#cache;
         if (!disableFeeCheck) {
-            checkFees(this, c, this.opts);
+            checkFees(this, c, this.#opts);
         }
-        if (c.__EXTRACTED_TX)
-            return c.__EXTRACTED_TX;
-        const tx = c.__TX.clone();
+        if (c.extractedTx)
+            return c.extractedTx;
+        const tx = c.tx.clone();
         inputFinalizeGetAmts(this.data.inputs, tx, c, true, disableOutputChecks);
         return tx;
     }
     getFeeRate(disableOutputChecks = false) {
-        return getTxCacheValue('__FEE_RATE', 'fee rate', this.data.inputs, this.__CACHE, disableOutputChecks);
+        return getTxCacheValue('feeRate', 'fee rate', this.data.inputs, this.#cache, disableOutputChecks);
     }
     getFee(disableOutputChecks = false) {
-        return getTxCacheValue('__FEE', 'fee', this.data.inputs, this.__CACHE, disableOutputChecks);
+        return getTxCacheValue('fee', 'fee', this.data.inputs, this.#cache, disableOutputChecks);
     }
     finalizeAllInputs() {
-        checkForInput(this.data.inputs, 0);
+        checkForInput(this.data.inputs, 0); // making sure we have at least one
         range(this.data.inputs.length).forEach((idx) => this.finalizeInput(idx));
         return this;
     }
     finalizeInput(inputIndex, finalScriptsFunc, canRunChecks) {
         const input = checkForInput(this.data.inputs, inputIndex);
         if (isTaprootInput(input)) {
-            return this._finalizeTaprootInput(inputIndex, input, undefined, finalScriptsFunc);
+            return this.#finalizeTaprootInput(inputIndex, input, undefined, finalScriptsFunc);
         }
-        return this._finalizeInput(inputIndex, input, finalScriptsFunc, canRunChecks ?? true);
+        return this.#finalizeInput(inputIndex, input, finalScriptsFunc, canRunChecks ?? true);
     }
     finalizeTaprootInput(inputIndex, tapLeafHashToFinalize, finalScriptsFunc = tapScriptFinalizer) {
         const input = checkForInput(this.data.inputs, inputIndex);
         if (isTaprootInput(input))
-            return this._finalizeTaprootInput(inputIndex, input, tapLeafHashToFinalize, finalScriptsFunc);
+            return this.#finalizeTaprootInput(inputIndex, input, tapLeafHashToFinalize, finalScriptsFunc);
         throw new Error(`Cannot finalize input #${inputIndex}. Not Taproot.`);
     }
     getInputType(inputIndex) {
         const input = checkForInput(this.data.inputs, inputIndex);
-        const script = getScriptFromUtxo(inputIndex, input, this.__CACHE);
+        const script = getScriptFromUtxo(inputIndex, input, this.#cache);
         const result = getMeaningfulScript(script, inputIndex, 'input', input.redeemScript || redeemFromFinalScriptSig(input.finalScriptSig), input.witnessScript || redeemFromFinalWitnessScript(input.finalScriptWitness));
         const type = result.type === 'raw' ? '' : result.type + '-';
         const mainType = classifyScript(result.meaningfulScript);
@@ -241,7 +331,7 @@ export class Psbt {
     }
     inputHasPubkey(inputIndex, pubkey) {
         const input = checkForInput(this.data.inputs, inputIndex);
-        return pubkeyInInput(pubkey, input, inputIndex, this.__CACHE);
+        return pubkeyInInput(pubkey, input, inputIndex, this.#cache);
     }
     inputHasHDKey(inputIndex, root) {
         const input = checkForInput(this.data.inputs, inputIndex);
@@ -250,7 +340,7 @@ export class Psbt {
     }
     outputHasPubkey(outputIndex, pubkey) {
         const output = checkForOutput(this.data.outputs, outputIndex);
-        return pubkeyInOutput(pubkey, output, outputIndex, this.__CACHE);
+        return pubkeyInOutput(pubkey, output, outputIndex, this.#cache);
     }
     outputHasHDKey(outputIndex, root) {
         const output = checkForOutput(this.data.outputs, outputIndex);
@@ -258,15 +348,15 @@ export class Psbt {
         return !!output.bip32Derivation && output.bip32Derivation.some(derivationIsMine);
     }
     validateSignaturesOfAllInputs(validator) {
-        checkForInput(this.data.inputs, 0);
+        checkForInput(this.data.inputs, 0); // making sure we have at least one
         const results = range(this.data.inputs.length).map((idx) => this.validateSignaturesOfInput(idx, validator));
         return results.reduce((final, res) => res && final, true);
     }
     validateSignaturesOfInput(inputIndex, validator, pubkey) {
         const input = this.data.inputs[inputIndex];
         if (isTaprootInput(input))
-            return this.validateSignaturesOfTaprootInput(inputIndex, validator, pubkey);
-        return this._validateSignaturesOfInput(inputIndex, validator, pubkey);
+            return this.#validateSignaturesOfTaprootInput(inputIndex, validator, pubkey);
+        return this.#validateSignaturesOfInput(inputIndex, validator, pubkey);
     }
     signAllInputsHD(hdKeyPair, sighashTypes = [Transaction.SIGHASH_ALL]) {
         if (!hdKeyPair || !hdKeyPair.publicKey || !hdKeyPair.fingerprint) {
@@ -334,6 +424,9 @@ export class Psbt {
     signAllInputs(keyPair, sighashTypes) {
         if (!keyPair || !keyPair.publicKey)
             throw new Error('Need Signer to sign input');
+        // TODO: Add a pubkey/pubkeyhash cache to each input
+        // as input information is added, then eventually
+        // optimize this method.
         const results = [];
         for (const i of range(this.data.inputs.length)) {
             try {
@@ -353,6 +446,9 @@ export class Psbt {
         return new Promise((resolve, reject) => {
             if (!keyPair || !keyPair.publicKey)
                 return reject(new Error('Need Signer to sign input'));
+            // TODO: Add a pubkey/pubkeyhash cache to each input
+            // as input information is added, then eventually
+            // optimize this method.
             const results = [];
             const promises = [];
             for (const [i] of this.data.inputs.entries()) {
@@ -376,9 +472,9 @@ export class Psbt {
         }
         const input = checkForInput(this.data.inputs, inputIndex);
         if (isTaprootInput(input)) {
-            return this._signTaprootInput(inputIndex, input, keyPair, undefined, sighashTypes);
+            return this.#signTaprootInput(inputIndex, input, keyPair, undefined, sighashTypes);
         }
-        return this._signInput(inputIndex, keyPair, sighashTypes);
+        return this.#signInput(inputIndex, keyPair, sighashTypes);
     }
     signTaprootInput(inputIndex, keyPair, tapLeafHashToSign, sighashTypes) {
         if (!keyPair || !keyPair.publicKey) {
@@ -386,7 +482,7 @@ export class Psbt {
         }
         const input = checkForInput(this.data.inputs, inputIndex);
         if (isTaprootInput(input)) {
-            return this._signTaprootInput(inputIndex, input, keyPair, tapLeafHashToSign, sighashTypes);
+            return this.#signTaprootInput(inputIndex, input, keyPair, tapLeafHashToSign, sighashTypes);
         }
         throw new Error(`Input #${inputIndex} is not of type Taproot.`);
     }
@@ -396,8 +492,8 @@ export class Psbt {
                 throw new Error('Need Signer to sign input');
             const input = checkForInput(this.data.inputs, inputIndex);
             if (isTaprootInput(input))
-                return this._signTaprootInputAsync(inputIndex, input, keyPair, undefined, sighashTypes);
-            return this._signInputAsync(inputIndex, keyPair, sighashTypes);
+                return this.#signTaprootInputAsync(inputIndex, input, keyPair, undefined, sighashTypes);
+            return this.#signInputAsync(inputIndex, keyPair, sighashTypes);
         });
     }
     signTaprootInputAsync(inputIndex, keyPair, tapLeafHash, sighashTypes) {
@@ -406,20 +502,20 @@ export class Psbt {
                 throw new Error('Need Signer to sign input');
             const input = checkForInput(this.data.inputs, inputIndex);
             if (isTaprootInput(input))
-                return this._signTaprootInputAsync(inputIndex, input, keyPair, tapLeafHash, sighashTypes);
+                return this.#signTaprootInputAsync(inputIndex, input, keyPair, tapLeafHash, sighashTypes);
             throw new Error(`Input #${inputIndex} is not of type Taproot.`);
         });
     }
     toBuffer() {
-        checkCache(this.__CACHE);
-        return this.data.toBuffer();
+        checkCache(this.#cache);
+        return new Uint8Array(this.data.toBuffer());
     }
     toHex() {
-        checkCache(this.__CACHE);
+        checkCache(this.#cache);
         return this.data.toHex();
     }
     toBase64() {
-        checkCache(this.__CACHE);
+        checkCache(this.#cache);
         return this.data.toBase64();
     }
     updateGlobal(updateData) {
@@ -430,9 +526,21 @@ export class Psbt {
         if (updateData.witnessScript)
             checkInvalidP2WSH(updateData.witnessScript);
         checkTaprootInputFields(this.data.inputs[inputIndex], updateData, 'updateInput');
-        this.data.updateInput(inputIndex, updateData);
+        // Convert witnessUtxo for bip174 v3 compatibility (value: bigint, script: Uint8Array)
+        const normalizedUpdate = updateData.witnessUtxo
+            ? {
+                ...updateData,
+                witnessUtxo: {
+                    script: updateData.witnessUtxo.script,
+                    value: typeof updateData.witnessUtxo.value === 'bigint'
+                        ? updateData.witnessUtxo.value
+                        : BigInt(updateData.witnessUtxo.value),
+                },
+            }
+            : updateData;
+        this.data.updateInput(inputIndex, normalizedUpdate);
         if (updateData.nonWitnessUtxo) {
-            addNonWitnessTxCache(this.__CACHE, this.data.inputs[inputIndex], inputIndex);
+            addNonWitnessTxCache(this.#cache, this.data.inputs[inputIndex], inputIndex);
         }
         return this;
     }
@@ -459,18 +567,18 @@ export class Psbt {
         return this;
     }
     checkTaprootHashesForSig(inputIndex, input, keyPair, tapLeafHashToSign, allowedSighashTypes) {
-        if (typeof keyPair.signSchnorr !== 'function')
+        if (!('signSchnorr' in keyPair) || typeof keyPair.signSchnorr !== 'function')
             throw new Error(`Need Schnorr Signer to sign taproot input #${inputIndex}.`);
-        const pubkey = Buffer.isBuffer(keyPair.publicKey)
+        const pubkey = keyPair.publicKey instanceof Uint8Array
             ? keyPair.publicKey
-            : Buffer.from(keyPair.publicKey);
-        const hashesForSig = getTaprootHashesForSig(inputIndex, input, this.data.inputs, pubkey, this.__CACHE, tapLeafHashToSign, allowedSighashTypes);
+            : new Uint8Array(keyPair.publicKey);
+        const hashesForSig = getTaprootHashesForSig(inputIndex, input, this.data.inputs, pubkey, this.#cache, tapLeafHashToSign, allowedSighashTypes);
         if (!hashesForSig || !hashesForSig.length)
-            throw new Error(`Can not sign for input #${inputIndex} with the key ${pubkey.toString('hex')}`);
+            throw new Error(`Can not sign for input #${inputIndex} with the key ${toHex(pubkey)}`);
         return hashesForSig;
     }
-    _finalizeInput(inputIndex, input, finalScriptsFunc = getFinalScripts, canRunChecks = true) {
-        const { script, isP2SH, isP2WSH, isSegwit } = getScriptFromInput(inputIndex, input, this.__CACHE);
+    #finalizeInput(inputIndex, input, finalScriptsFunc = getFinalScripts, canRunChecks = true) {
+        const { script, isP2SH, isP2WSH, isSegwit } = getScriptFromInput(inputIndex, input, this.#cache);
         if (!script)
             throw new Error(`No script found for input #${inputIndex}`);
         checkPartialSigSighashes(input);
@@ -484,9 +592,10 @@ export class Psbt {
         this.data.clearFinalizedInput(inputIndex);
         return this;
     }
-    _finalizeTaprootInput(inputIndex, input, tapLeafHashToFinalize, finalScriptsFunc = tapScriptFinalizer) {
+    #finalizeTaprootInput(inputIndex, input, tapLeafHashToFinalize, finalScriptsFunc = tapScriptFinalizer) {
         if (!input.witnessUtxo)
             throw new Error(`Cannot finalize input #${inputIndex}. Missing witness utxo.`);
+        // Check key spend first. Increased privacy and reduced block space.
         if (input.tapKeySig) {
             const payment = payments.p2tr({
                 output: input.witnessUtxo.script,
@@ -504,14 +613,14 @@ export class Psbt {
         this.data.clearFinalizedInput(inputIndex);
         return this;
     }
-    _validateSignaturesOfInput(inputIndex, validator, pubkey) {
+    #validateSignaturesOfInput(inputIndex, validator, pubkey) {
         const input = this.data.inputs[inputIndex];
         const partialSig = (input || {}).partialSig;
         if (!input || !partialSig || partialSig.length < 1)
             throw new Error('No signatures to validate');
         if (typeof validator !== 'function')
             throw new Error('Need validator function to validate signatures');
-        const mySigs = pubkey ? partialSig.filter((sig) => sig.pubkey.equals(pubkey)) : partialSig;
+        const mySigs = pubkey ? partialSig.filter((sig) => equals(sig.pubkey, pubkey)) : partialSig;
         if (mySigs.length < 1)
             throw new Error('No signatures for this pubkey');
         const results = [];
@@ -519,21 +628,23 @@ export class Psbt {
         let scriptCache;
         let sighashCache;
         for (const pSig of mySigs) {
-            const sig = bscript.signature.decode(pSig.signature);
+            const pSigSignature = pSig.signature;
+            const pSigPubkey = pSig.pubkey;
+            const sig = bscript.signature.decode(pSigSignature);
             const { hash, script } = sighashCache !== sig.hashType || !hashCache || !scriptCache
                 ? getHashForSig(inputIndex, Object.assign({}, input, {
                     sighashType: sig.hashType,
-                }), this.__CACHE, true)
+                }), this.#cache, true)
                 : { hash: hashCache, script: scriptCache };
             sighashCache = sig.hashType;
             hashCache = hash;
             scriptCache = script;
-            checkScriptForPubkey(pSig.pubkey, script, 'verify');
-            results.push(validator(pSig.pubkey, hash, sig.signature));
+            checkScriptForPubkey(pSigPubkey, script, 'verify');
+            results.push(validator(pSigPubkey, hash, sig.signature));
         }
         return results.every((res) => res);
     }
-    validateSignaturesOfTaprootInput(inputIndex, validator, pubkey) {
+    #validateSignaturesOfTaprootInput(inputIndex, validator, pubkey) {
         const input = this.data.inputs[inputIndex];
         const tapKeySig = (input || {}).tapKeySig;
         const tapScriptSig = (input || {}).tapScriptSig;
@@ -541,10 +652,10 @@ export class Psbt {
             throw new Error('No signatures to validate');
         if (typeof validator !== 'function')
             throw new Error('Need validator function to validate signatures');
-        pubkey = pubkey && toXOnly(pubkey);
-        const allHashses = pubkey
-            ? getTaprootHashesForSig(inputIndex, input, this.data.inputs, pubkey, this.__CACHE)
-            : getAllTaprootHashesForSig(inputIndex, input, this.data.inputs, this.__CACHE);
+        const xPubkey = pubkey ? toXOnly(pubkey) : undefined;
+        const allHashses = xPubkey
+            ? getTaprootHashesForSig(inputIndex, input, this.data.inputs, xPubkey, this.#cache)
+            : getAllTaprootHashesForSig(inputIndex, input, this.data.inputs, this.#cache);
         if (!allHashses.length)
             throw new Error('No signatures for this pubkey');
         const tapKeyHash = allHashses.find((h) => !h.leafHash);
@@ -557,9 +668,10 @@ export class Psbt {
         }
         if (tapScriptSig) {
             for (const tapSig of tapScriptSig) {
-                const tapSigHash = allHashses.find((h) => tapSig.pubkey.equals(h.pubkey));
+                const tapSigPubkey = tapSig.pubkey;
+                const tapSigHash = allHashses.find((h) => equals(tapSigPubkey, h.pubkey));
                 if (tapSigHash) {
-                    const isValidTapScriptSig = validator(tapSig.pubkey, tapSigHash.hash, trimTaprootSig(tapSig.signature));
+                    const isValidTapScriptSig = validator(tapSigPubkey, tapSigHash.hash, trimTaprootSig(tapSig.signature));
                     if (!isValidTapScriptSig)
                         return false;
                     validationResultCount++;
@@ -568,53 +680,58 @@ export class Psbt {
         }
         return validationResultCount > 0;
     }
-    _signInput(inputIndex, keyPair, sighashTypes = [Transaction.SIGHASH_ALL]) {
-        const pubkey = Buffer.isBuffer(keyPair.publicKey)
+    #signInput(inputIndex, keyPair, sighashTypes = [Transaction.SIGHASH_ALL]) {
+        const pubkey = keyPair.publicKey instanceof Uint8Array
             ? keyPair.publicKey
-            : Buffer.from(keyPair.publicKey);
-        const { hash, sighashType } = getHashAndSighashType(this.data.inputs, inputIndex, pubkey, this.__CACHE, sighashTypes);
+            : new Uint8Array(keyPair.publicKey);
+        const { hash, sighashType } = getHashAndSighashType(this.data.inputs, inputIndex, pubkey, this.#cache, sighashTypes);
         const sig = keyPair.sign(hash);
         const partialSig = [
             {
                 pubkey,
-                signature: bscript.signature.encode(Buffer.isBuffer(sig) ? sig : Buffer.from(sig), sighashType),
+                signature: bscript.signature.encode(sig instanceof Uint8Array ? sig : new Uint8Array(sig), sighashType),
             },
         ];
         this.data.updateInput(inputIndex, { partialSig });
+        this.#cache.hasSignatures = true;
         return this;
     }
-    _signTaprootInput(inputIndex, input, keyPair, tapLeafHashToSign, allowedSighashTypes = [Transaction.SIGHASH_DEFAULT]) {
-        const pubkey = Buffer.isBuffer(keyPair.publicKey)
+    #signTaprootInput(inputIndex, input, keyPair, tapLeafHashToSign, allowedSighashTypes = [Transaction.SIGHASH_DEFAULT]) {
+        const pubkey = (keyPair.publicKey instanceof Uint8Array
             ? keyPair.publicKey
-            : Buffer.from(keyPair.publicKey);
+            : new Uint8Array(keyPair.publicKey));
+        if (!('signSchnorr' in keyPair) || typeof keyPair.signSchnorr !== 'function')
+            throw new Error(`Need Schnorr Signer to sign taproot input #${inputIndex}.`);
+        // checkTaprootHashesForSig validates signSchnorr exists
         const hashesForSig = this.checkTaprootHashesForSig(inputIndex, input, keyPair, tapLeafHashToSign, allowedSighashTypes);
         const signSchnorr = keyPair.signSchnorr.bind(keyPair);
-        const toBuffer = (data) => Buffer.isBuffer(data) ? data : Buffer.from(data);
         const tapKeySig = hashesForSig
             .filter((h) => !h.leafHash)
-            .map((h) => serializeTaprootSignature(toBuffer(signSchnorr(h.hash)), input.sighashType))[0];
+            .map((h) => serializeTaprootSignature(signSchnorr(h.hash), input.sighashType))[0];
         const tapScriptSig = hashesForSig
             .filter((h) => !!h.leafHash)
             .map((h) => ({
             pubkey: toXOnly(pubkey),
-            signature: serializeTaprootSignature(toBuffer(signSchnorr(h.hash)), input.sighashType),
+            signature: serializeTaprootSignature(signSchnorr(h.hash), input.sighashType),
             leafHash: h.leafHash,
         }));
         if (tapKeySig) {
             this.data.updateInput(inputIndex, { tapKeySig });
+            this.#cache.hasSignatures = true;
         }
         if (tapScriptSig.length) {
             this.data.updateInput(inputIndex, { tapScriptSig });
+            this.#cache.hasSignatures = true;
         }
         return this;
     }
-    _signInputAsync(inputIndex, keyPair, sighashTypes = [Transaction.SIGHASH_ALL]) {
-        const pubkey = Buffer.isBuffer(keyPair.publicKey)
+    #signInputAsync(inputIndex, keyPair, sighashTypes = [Transaction.SIGHASH_ALL]) {
+        const pubkey = keyPair.publicKey instanceof Uint8Array
             ? keyPair.publicKey
-            : Buffer.from(keyPair.publicKey);
-        const { hash, sighashType } = getHashAndSighashType(this.data.inputs, inputIndex, pubkey, this.__CACHE, sighashTypes);
+            : new Uint8Array(keyPair.publicKey);
+        const { hash, sighashType } = getHashAndSighashType(this.data.inputs, inputIndex, pubkey, this.#cache, sighashTypes);
         return Promise.resolve(keyPair.sign(hash)).then((signature) => {
-            const sig = Buffer.isBuffer(signature) ? signature : Buffer.from(signature);
+            const sig = signature instanceof Uint8Array ? signature : new Uint8Array(signature);
             const partialSig = [
                 {
                     pubkey,
@@ -622,21 +739,24 @@ export class Psbt {
                 },
             ];
             this.data.updateInput(inputIndex, { partialSig });
+            this.#cache.hasSignatures = true;
         });
     }
-    async _signTaprootInputAsync(inputIndex, input, keyPair, tapLeafHash, sighashTypes = [Transaction.SIGHASH_DEFAULT]) {
-        const pubkey = Buffer.isBuffer(keyPair.publicKey)
+    async #signTaprootInputAsync(inputIndex, input, keyPair, tapLeafHash, sighashTypes = [Transaction.SIGHASH_DEFAULT]) {
+        const pubkey = (keyPair.publicKey instanceof Uint8Array
             ? keyPair.publicKey
-            : Buffer.from(keyPair.publicKey);
+            : new Uint8Array(keyPair.publicKey));
+        if (!('signSchnorr' in keyPair) || typeof keyPair.signSchnorr !== 'function')
+            throw new Error(`Need Schnorr Signer to sign taproot input #${inputIndex}.`);
+        // checkTaprootHashesForSig validates signSchnorr exists
         const hashesForSig = this.checkTaprootHashesForSig(inputIndex, input, keyPair, tapLeafHash, sighashTypes);
         const signSchnorr = keyPair.signSchnorr.bind(keyPair);
-        const toBuffer = (data) => Buffer.isBuffer(data) ? data : Buffer.from(data);
         const signaturePromises = [];
         const tapKeyHash = hashesForSig.filter((h) => !h.leafHash)[0];
         if (tapKeyHash) {
             const tapKeySigPromise = Promise.resolve(signSchnorr(tapKeyHash.hash)).then((sig) => {
                 return {
-                    tapKeySig: serializeTaprootSignature(toBuffer(sig), input.sighashType),
+                    tapKeySig: serializeTaprootSignature(sig, input.sighashType),
                 };
             });
             signaturePromises.push(tapKeySigPromise);
@@ -648,7 +768,7 @@ export class Psbt {
                 const tapScriptSig = [
                     {
                         pubkey: toXOnly(pubkey),
-                        signature: serializeTaprootSignature(toBuffer(signature), input.sighashType),
+                        signature: serializeTaprootSignature(signature, input.sighashType),
                         leafHash: tsh.leafHash,
                     },
                 ];
@@ -659,12 +779,23 @@ export class Psbt {
         const results = await Promise.all(signaturePromises);
         for (const v of results) {
             this.data.updateInput(inputIndex, v);
+            this.#cache.hasSignatures = true;
         }
     }
 }
+/**
+ * This function is needed to pass to the bip174 base class's fromBuffer.
+ * It takes the "transaction buffer" portion of the psbt buffer and returns a
+ * Transaction (From the bip174 library) interface.
+ */
 const transactionFromBuffer = (buffer) => new PsbtTransaction(buffer);
+/**
+ * This class implements the Transaction interface from bip174 library.
+ * It contains a bitcoinjs-lib Transaction object.
+ */
 class PsbtTransaction {
-    constructor(buffer = Buffer.from([2, 0, 0, 0, 0, 0, 0, 0, 0, 0])) {
+    tx;
+    constructor(buffer = new Uint8Array([2, 0, 0, 0, 0, 0, 0, 0, 0, 0])) {
         this.tx = Transaction.fromBuffer(buffer);
         checkTxEmpty(this.tx);
         Object.defineProperty(this, 'tx', {
@@ -681,20 +812,18 @@ class PsbtTransaction {
     addInput(input) {
         if (input.hash === undefined ||
             input.index === undefined ||
-            (!Buffer.isBuffer(input.hash) && typeof input.hash !== 'string') ||
+            (!(input.hash instanceof Uint8Array) && typeof input.hash !== 'string') ||
             typeof input.index !== 'number') {
             throw new Error('Error adding input.');
         }
-        const hash = typeof input.hash === 'string'
-            ? reverseBuffer(Buffer.from(input.hash, 'hex'))
-            : input.hash;
+        const hash = (typeof input.hash === 'string' ? reverse(fromHex(input.hash)) : input.hash);
         this.tx.addInput(hash, input.index, input.sequence);
     }
     addOutput(output) {
         if (output.script === undefined ||
             output.value === undefined ||
-            !Buffer.isBuffer(output.script) ||
-            typeof output.value !== 'number') {
+            !(output.script instanceof Uint8Array) ||
+            typeof output.value !== 'bigint') {
             throw new Error('Error adding output.');
         }
         this.tx.addOutput(output.script, output.value);
@@ -713,6 +842,8 @@ function canFinalize(input, script, scriptType) {
             const p2ms = payments.p2ms({
                 output: script,
             });
+            if (p2ms.m === undefined)
+                throw new Error('Cannot determine m for multisig');
             return hasSigs(p2ms.m, input.partialSig, p2ms.pubkeys);
         }
         case 'nonstandard':
@@ -721,11 +852,6 @@ function canFinalize(input, script, scriptType) {
             return false;
     }
 }
-function checkCache(cache) {
-    if (cache.__UNSAFE_SIGN_NONSEGWIT) {
-        throw new Error('Not BIP174 compliant, can not export');
-    }
-}
 function hasSigs(neededSigs, partialSig, pubkeys) {
     if (!partialSig)
         return false;
@@ -734,7 +860,7 @@ function hasSigs(neededSigs, partialSig, pubkeys) {
         sigs = pubkeys
             .map((pkey) => {
             const pubkey = compressPubkey(pkey);
-            return partialSig.find((pSig) => pSig.pubkey.equals(pubkey));
+            return partialSig.find((pSig) => equals(pSig.pubkey, pubkey));
         })
             .filter((v) => !!v);
     }
@@ -745,31 +871,25 @@ function hasSigs(neededSigs, partialSig, pubkeys) {
         throw new Error('Too many signatures');
     return sigs.length === neededSigs;
 }
-function isFinalized(input) {
-    return !!input.finalScriptSig || !!input.finalScriptWitness;
-}
 function bip32DerivationIsMine(root) {
     return (d) => {
-        const fingerprint = Buffer.isBuffer(root.fingerprint)
+        const fingerprint = root.fingerprint instanceof Uint8Array
             ? root.fingerprint
-            : Buffer.from(root.fingerprint);
-        if (!d.masterFingerprint.equals(fingerprint))
+            : new Uint8Array(root.fingerprint);
+        if (!equals(d.masterFingerprint, fingerprint))
             return false;
         const derivedPubkey = root.derivePath(d.path).publicKey;
-        const pubkey = Buffer.isBuffer(derivedPubkey) ? derivedPubkey : Buffer.from(derivedPubkey);
-        if (!pubkey.equals(d.pubkey))
+        const pubkey = derivedPubkey instanceof Uint8Array ? derivedPubkey : new Uint8Array(derivedPubkey);
+        if (!equals(pubkey, d.pubkey))
             return false;
         return true;
     };
 }
-function check32Bit(num) {
-    if (typeof num !== 'number' || num !== Math.floor(num) || num > 0xffffffff || num < 0) {
-        throw new Error('Invalid 32 bit integer');
-    }
-}
 function checkFees(psbt, cache, opts) {
-    const feeRate = cache.__FEE_RATE || psbt.getFeeRate();
-    const vsize = cache.__EXTRACTED_TX.virtualSize();
+    const feeRate = cache.feeRate || psbt.getFeeRate();
+    if (!cache.extractedTx)
+        throw new Error('Transaction not extracted');
+    const vsize = cache.extractedTx.virtualSize();
     const satoshis = feeRate * vsize;
     if (feeRate >= opts.maximumFeeRate) {
         throw new Error(`Warning: You are paying around ${(satoshis / 1e8).toFixed(8)} in ` +
@@ -779,81 +899,24 @@ function checkFees(psbt, cache, opts) {
             `pass true to the first arg of extractTransaction.`);
     }
 }
-function checkInputsForPartialSig(inputs, action) {
-    inputs.forEach((input) => {
-        const throws = isTaprootInput(input)
-            ? checkTaprootInputForSigs(input, action)
-            : checkInputForSig(input, action);
-        if (throws)
-            throw new Error('Can not modify transaction, signatures exist.');
-    });
-}
-function checkPartialSigSighashes(input) {
-    if (!input.sighashType || !input.partialSig)
-        return;
-    const { partialSig, sighashType } = input;
-    partialSig.forEach((pSig) => {
-        const { hashType } = bscript.signature.decode(pSig.signature);
-        if (sighashType !== hashType) {
-            throw new Error('Signature sighash does not match input sighash type');
-        }
-    });
-}
-function checkScriptForPubkey(pubkey, script, action) {
-    if (!pubkeyInScript(pubkey, script)) {
-        throw new Error(`Can not ${action} for this input with the key ${pubkey.toString('hex')}`);
-    }
-}
-function checkTxEmpty(tx) {
-    const isEmpty = tx.ins.every((input) => input.script &&
-        input.script.length === 0 &&
-        input.witness &&
-        input.witness.length === 0);
-    if (!isEmpty) {
-        throw new Error('Format Error: Transaction ScriptSigs are not empty');
-    }
-}
-function checkTxForDupeIns(tx, cache) {
-    tx.ins.forEach((input) => {
-        checkTxInputCache(cache, input);
-    });
-}
-function checkTxInputCache(cache, input) {
-    const key = `${reverseBuffer(Buffer.from(input.hash)).toString('hex')}:${input.index}`;
-    if (cache.__TX_IN_CACHE[key])
-        throw new Error('Duplicate input detected.');
-    cache.__TX_IN_CACHE[key] = 1;
-}
-function scriptCheckerFactory(payment, paymentScriptName) {
-    return (inputIndex, scriptPubKey, redeemScript, ioType) => {
-        const redeemScriptOutput = payment({
-            redeem: { output: redeemScript },
-        }).output;
-        if (!scriptPubKey.equals(redeemScriptOutput)) {
-            throw new Error(`${paymentScriptName} for ${ioType} #${inputIndex} doesn't match the scriptPubKey in the prevout`);
-        }
-    };
-}
-const checkRedeemScript = scriptCheckerFactory(payments.p2sh, 'Redeem script');
-const checkWitnessScript = scriptCheckerFactory(payments.p2wsh, 'Witness script');
 function getTxCacheValue(key, name, inputs, c, disableOutputChecks = false) {
     if (!inputs.every(isFinalized))
         throw new Error(`PSBT must be finalized to calculate ${name}`);
-    if (key === '__FEE_RATE' && c.__FEE_RATE)
-        return c.__FEE_RATE;
-    if (key === '__FEE' && c.__FEE)
-        return c.__FEE;
+    if (key === 'feeRate' && c.feeRate)
+        return c.feeRate;
+    if (key === 'fee' && c.fee)
+        return c.fee;
     let tx;
     let mustFinalize = true;
-    if (c.__EXTRACTED_TX) {
-        tx = c.__EXTRACTED_TX;
+    if (c.extractedTx) {
+        tx = c.extractedTx;
         mustFinalize = false;
     }
     else {
-        tx = c.__TX.clone();
+        tx = c.tx.clone();
     }
     inputFinalizeGetAmts(inputs, tx, c, mustFinalize, disableOutputChecks);
-    const value = key === '__FEE_RATE' ? c.__FEE_RATE : c.__FEE;
+    const value = key === 'feeRate' ? c.feeRate : c.fee;
     if (value === undefined)
         throw new Error(`Failed to calculate ${name}`);
     return value;
@@ -863,23 +926,27 @@ export function getFinalScripts(inputIndex, input, script, isSegwit, isP2SH, isP
     if (!canFinalize(input, script, scriptType) && canRunChecks) {
         throw new Error(`Can not finalize input #${inputIndex}`);
     }
+    if (!input.partialSig)
+        throw new Error('Input missing partial signatures');
     return prepareFinalScripts(script, scriptType, input.partialSig, isSegwit, isP2SH, isP2WSH, solution);
 }
 export function prepareFinalScripts(script, scriptType, partialSig, isSegwit, isP2SH, isP2WSH, solution) {
     let finalScriptSig;
     let finalScriptWitness;
+    // Wow, the payments API is very handy
     const payment = getPayment(script, scriptType, partialSig);
     const p2wsh = !isP2WSH ? null : payments.p2wsh({ redeem: payment });
     const p2sh = !isP2SH ? null : payments.p2sh({ redeem: p2wsh || payment });
     if (isSegwit) {
-        if (p2wsh) {
+        if (p2wsh && p2wsh.witness) {
             finalScriptWitness = witnessStackToScriptWitness(p2wsh.witness);
         }
-        else if (payment) {
+        else if (payment && payment.witness) {
             finalScriptWitness = witnessStackToScriptWitness(payment.witness);
         }
         else {
-            finalScriptWitness = witnessStackToScriptWitness(solution ?? [Buffer.from([0x00])]);
+            // nonstandard segwit script
+            finalScriptWitness = witnessStackToScriptWitness(solution ?? [new Uint8Array([0x00])]);
         }
         if (p2sh) {
             finalScriptSig = p2sh?.input;
@@ -891,8 +958,7 @@ export function prepareFinalScripts(script, scriptType, partialSig, isSegwit, is
         }
         else {
             if (!payment) {
-                finalScriptSig =
-                    Array.isArray(solution) && solution[0] ? solution[0] : Buffer.from([0x01]);
+                finalScriptSig = (Array.isArray(solution) && solution[0] ? solution[0] : new Uint8Array([0x01]));
             }
             else {
                 finalScriptSig = payment.input;
@@ -914,7 +980,7 @@ function getHashAndSighashType(inputs, inputIndex, pubkey, cache, sighashTypes)
     };
 }
 function getHashForSig(inputIndex, input, cache, forValidate, sighashTypes) {
-    const unsignedTx = cache.__TX;
+    const unsignedTx = cache.tx;
     const sighashType = input.sighashType || Transaction.SIGHASH_ALL;
     checkSighashTypeAllowed(sighashType, sighashTypes);
     let hash;
@@ -923,33 +989,42 @@ function getHashForSig(inputIndex, input, cache, forValidate, sighashTypes) {
         const nonWitnessUtxoTx = nonWitnessUtxoTxFromCache(cache, input, inputIndex);
         const prevoutHash = unsignedTx.ins[inputIndex].hash;
         const utxoHash = nonWitnessUtxoTx.getHash();
-        if (!prevoutHash.equals(utxoHash)) {
+        // If a non-witness UTXO is provided, its hash must match the hash specified in the prevout
+        if (!equals(prevoutHash, utxoHash)) {
             throw new Error(`Non-witness UTXO hash for input #${inputIndex} doesn't match the hash specified in the prevout`);
         }
         const prevoutIndex = unsignedTx.ins[inputIndex].index;
         prevout = nonWitnessUtxoTx.outs[prevoutIndex];
     }
     else if (input.witnessUtxo) {
-        prevout = input.witnessUtxo;
+        prevout = {
+            script: input.witnessUtxo.script,
+            value: input.witnessUtxo.value,
+        };
     }
     else {
         throw new Error('Need a Utxo input item for signing');
     }
     const { meaningfulScript, type } = getMeaningfulScript(prevout.script, inputIndex, 'input', input.redeemScript, input.witnessScript);
+    const script = meaningfulScript;
     if (['p2sh-p2wsh', 'p2wsh'].indexOf(type) >= 0) {
-        hash = unsignedTx.hashForWitnessV0(inputIndex, meaningfulScript, prevout.value, sighashType);
+        hash = unsignedTx.hashForWitnessV0(inputIndex, script, prevout.value, sighashType);
     }
     else if (isP2WPKH(meaningfulScript)) {
-        const signingScript = payments.p2pkh({
+        // P2WPKH uses the P2PKH template for prevoutScript when signing
+        const p2pkhPayment = payments.p2pkh({
             hash: meaningfulScript.subarray(2),
-        }).output;
-        hash = unsignedTx.hashForWitnessV0(inputIndex, signingScript, prevout.value, sighashType);
+        });
+        if (!p2pkhPayment.output)
+            throw new Error('Unable to create signing script');
+        hash = unsignedTx.hashForWitnessV0(inputIndex, p2pkhPayment.output, prevout.value, sighashType);
     }
     else {
-        if (input.nonWitnessUtxo === undefined && !cache.__UNSAFE_SIGN_NONSEGWIT)
+        // non-segwit
+        if (input.nonWitnessUtxo === undefined && !cache.unsafeSignNonSegwit)
             throw new Error(`Input #${inputIndex} has witnessUtxo but non-segwit script: ` +
-                meaningfulScript.toString('hex'));
-        if (!forValidate && cache.__UNSAFE_SIGN_NONSEGWIT)
+                toHex(meaningfulScript));
+        if (!forValidate && cache.unsafeSignNonSegwit)
             console.warn('Warning: Signing non-segwit inputs without the full parent transaction ' +
                 'means there is a chance that a miner could feed you incorrect information ' +
                 "to trick you into paying large fees. This behavior is the same as Psbt's predecessor " +
@@ -957,10 +1032,10 @@ function getHashForSig(inputIndex, input, cache, forValidate, sighashTypes) {
                 'able to export this Psbt with toBuffer|toBase64|toHex since it is not ' +
                 'BIP174 compliant.\n*********************\nPROCEED WITH CAUTION!\n' +
                 '*********************');
-        hash = unsignedTx.hashForSignature(inputIndex, meaningfulScript, sighashType);
+        hash = unsignedTx.hashForSignature(inputIndex, script, sighashType);
     }
     return {
-        script: meaningfulScript,
+        script,
         sighashType,
         hash,
     };
@@ -982,24 +1057,34 @@ function getAllTaprootHashesForSig(inputIndex, input, inputs, cache) {
 }
 function getPrevoutTaprootKey(inputIndex, input, cache) {
     const { script } = getScriptAndAmountFromUtxo(inputIndex, input, cache);
-    return isP2TR(script) ? Buffer.from(script.subarray(2, 34)) : null;
+    return isP2TR(script) ? script.subarray(2, 34) : null;
 }
 function trimTaprootSig(signature) {
-    return signature.length === 64 ? signature : Buffer.from(signature.subarray(0, 64));
+    return signature.length === 64 ? signature : signature.subarray(0, 64);
 }
 function getTaprootHashesForSig(inputIndex, input, inputs, pubkey, cache, tapLeafHashToSign, allowedSighashTypes) {
-    const unsignedTx = cache.__TX;
+    const unsignedTx = cache.tx;
     const sighashType = input.sighashType || Transaction.SIGHASH_DEFAULT;
     checkSighashTypeAllowed(sighashType, allowedSighashTypes);
-    const prevOuts = inputs.map((i, index) => getScriptAndAmountFromUtxo(index, i, cache));
-    const signingScripts = prevOuts.map((o) => o.script);
-    const values = prevOuts.map((o) => o.value);
+    if (!cache.prevOuts) {
+        const prevOuts = inputs.map((i, index) => getScriptAndAmountFromUtxo(index, i, cache));
+        cache.prevOuts = prevOuts;
+        cache.signingScripts = prevOuts.map((o) => o.script);
+        cache.values = prevOuts.map((o) => o.value);
+    }
+    const signingScripts = cache.signingScripts;
+    const values = cache.values;
+    // Compute taproot hash cache once for all inputs (O(n) -> O(1) per input)
+    if (!cache.taprootHashCache) {
+        cache.taprootHashCache = unsignedTx.getTaprootHashCache(signingScripts, values);
+    }
+    const taprootCache = cache.taprootHashCache;
     const hashes = [];
     if (input.tapInternalKey && !tapLeafHashToSign) {
-        const outputKey = getPrevoutTaprootKey(inputIndex, input, cache) || Buffer.from([]);
-        if (toXOnly(pubkey).equals(outputKey)) {
-            const tapKeyHash = unsignedTx.hashForWitnessV1(inputIndex, signingScripts, values, sighashType);
-            hashes.push({ pubkey, hash: tapKeyHash });
+        const outputKey = getPrevoutTaprootKey(inputIndex, input, cache) || new Uint8Array(0);
+        if (equals(toXOnly(pubkey), outputKey)) {
+            const tapKeyHash = unsignedTx.hashForWitnessV1(inputIndex, signingScripts, values, sighashType, undefined, undefined, taprootCache);
+            hashes.push({ pubkey: pubkey, hash: tapKeyHash });
         }
     }
     const tapLeafHashes = (input.tapLeafScript || [])
@@ -1011,11 +1096,11 @@ function getTaprootHashesForSig(inputIndex, input, inputs, pubkey, cache, tapLea
         });
         return Object.assign({ hash }, tapLeaf);
     })
-        .filter((tapLeaf) => !tapLeafHashToSign || tapLeafHashToSign.equals(tapLeaf.hash))
+        .filter((tapLeaf) => !tapLeafHashToSign || equals(tapLeafHashToSign, tapLeaf.hash))
         .map((tapLeaf) => {
-        const tapScriptHash = unsignedTx.hashForWitnessV1(inputIndex, signingScripts, values, sighashType, tapLeaf.hash);
+        const tapScriptHash = unsignedTx.hashForWitnessV1(inputIndex, signingScripts, values, sighashType, tapLeaf.hash, undefined, taprootCache);
         return {
-            pubkey,
+            pubkey: pubkey,
             hash: tapScriptHash,
             leafHash: tapLeaf.hash,
         };
@@ -1030,41 +1115,38 @@ function checkSighashTypeAllowed(sighashType, sighashTypes) {
     }
 }
 function getPayment(script, scriptType, partialSig) {
-    let payment;
+    const scriptBranded = script;
     switch (scriptType) {
         case 'multisig': {
             const sigs = getSortedSigs(script, partialSig);
-            payment = payments.p2ms({
-                output: script,
+            return payments.p2ms({
+                output: scriptBranded,
                 signatures: sigs,
             });
-            break;
         }
         case 'pubkey':
-            payment = payments.p2pk({
-                output: script,
+            return payments.p2pk({
+                output: scriptBranded,
                 signature: partialSig[0].signature,
             });
-            break;
         case 'pubkeyhash':
-            payment = payments.p2pkh({
-                output: script,
+            return payments.p2pkh({
+                output: scriptBranded,
                 pubkey: partialSig[0].pubkey,
                 signature: partialSig[0].signature,
             });
-            break;
         case 'witnesspubkeyhash':
-            payment = payments.p2wpkh({
-                output: script,
+            return payments.p2wpkh({
+                output: scriptBranded,
                 pubkey: partialSig[0].pubkey,
                 signature: partialSig[0].signature,
             });
-            break;
+        default:
+            throw new Error(`Unknown script type: ${scriptType}`);
     }
-    return payment;
 }
 function getScriptFromInput(inputIndex, input, cache) {
-    const unsignedTx = cache.__TX;
+    const unsignedTx = cache.tx;
     const res = {
         script: null,
         isSegwit: false,
@@ -1089,7 +1171,7 @@ function getScriptFromInput(inputIndex, input, cache) {
             res.script = input.witnessUtxo.script;
         }
     }
-    if (input.witnessScript || isP2WPKH(res.script)) {
+    if (input.witnessScript || (res.script && isP2WPKH(res.script))) {
         res.isSegwit = true;
     }
     else {
@@ -1110,7 +1192,7 @@ function getSignersFromHD(inputIndex, inputs, hdKeyPair) {
     }
     const myDerivations = input.bip32Derivation
         .map((bipDv) => {
-        if (bipDv.masterFingerprint.equals(hdKeyPair.fingerprint)) {
+        if (equals(bipDv.masterFingerprint, hdKeyPair.fingerprint)) {
             return bipDv;
         }
         else {
@@ -1123,7 +1205,7 @@ function getSignersFromHD(inputIndex, inputs, hdKeyPair) {
     }
     return myDerivations.map((bipDv) => {
         const node = hdKeyPair.derivePath(bipDv.path);
-        if (!bipDv.pubkey.equals(node.publicKey)) {
+        if (!equals(bipDv.pubkey, node.publicKey)) {
             throw new Error('pubkey did not match bip32Derivation');
         }
         return node;
@@ -1131,80 +1213,56 @@ function getSignersFromHD(inputIndex, inputs, hdKeyPair) {
 }
 function getSortedSigs(script, partialSig) {
     const p2ms = payments.p2ms({ output: script });
-    return p2ms
-        .pubkeys.map((pk) => {
-        return (partialSig.filter((ps) => {
-            return ps.pubkey.equals(pk);
-        })[0] || {}).signature;
-    })
-        .filter((v) => !!v);
-}
-function scriptWitnessToWitnessStack(buffer) {
-    let offset = 0;
-    function readSlice(n) {
-        offset += n;
-        return buffer.subarray(offset - n, offset);
-    }
-    function readVarInt() {
-        const vi = varuintDecode(buffer, offset);
-        offset += varuintDecode.bytes;
-        return vi;
-    }
-    function readVarSlice() {
-        return readSlice(readVarInt());
-    }
-    function readVector() {
-        const count = readVarInt();
-        const vector = [];
-        for (let i = 0; i < count; i++)
-            vector.push(readVarSlice());
-        return vector;
-    }
-    return readVector();
-}
-function sighashTypeToString(sighashType) {
-    let text = sighashType & Transaction.SIGHASH_ANYONECANPAY ? 'SIGHASH_ANYONECANPAY | ' : '';
-    const sigMod = sighashType & 0x1f;
-    switch (sigMod) {
-        case Transaction.SIGHASH_ALL:
-            text += 'SIGHASH_ALL';
-            break;
-        case Transaction.SIGHASH_SINGLE:
-            text += 'SIGHASH_SINGLE';
-            break;
-        case Transaction.SIGHASH_NONE:
-            text += 'SIGHASH_NONE';
-            break;
-    }
-    return text;
+    if (!p2ms.pubkeys)
+        throw new Error('Cannot extract pubkeys from multisig script');
+    // for each pubkey in order of p2ms script
+    const result = [];
+    for (const pk of p2ms.pubkeys) {
+        // filter partialSig array by pubkey being equal
+        const matched = partialSig.filter((ps) => {
+            return equals(ps.pubkey, pk);
+        })[0];
+        if (matched) {
+            result.push(new Uint8Array(matched.signature));
+        }
+    }
+    return result;
 }
 function addNonWitnessTxCache(cache, input, inputIndex) {
-    cache.__NON_WITNESS_UTXO_BUF_CACHE[inputIndex] = input.nonWitnessUtxo;
-    cache.__NON_WITNESS_UTXO_TX_CACHE[inputIndex] = Transaction.fromBuffer(input.nonWitnessUtxo);
+    if (!input.nonWitnessUtxo)
+        throw new Error('nonWitnessUtxo is required');
+    // Prevent prototype pollution - ensure input is a valid object
+    if (input === null || input === Object.prototype) {
+        throw new Error('Invalid input object');
+    }
+    const nonWitnessUtxoBuf = input.nonWitnessUtxo;
+    cache.nonWitnessUtxoBufCache[inputIndex] = nonWitnessUtxoBuf;
+    cache.nonWitnessUtxoTxCache[inputIndex] = Transaction.fromBuffer(nonWitnessUtxoBuf);
     const self = cache;
     const selfIndex = inputIndex;
     delete input.nonWitnessUtxo;
-    Object.defineProperty(input, 'nonWitnessUtxo', {
+    // Using Reflect.defineProperty to avoid prototype pollution concerns
+    Reflect.defineProperty(input, 'nonWitnessUtxo', {
         enumerable: true,
         get() {
-            const buf = self.__NON_WITNESS_UTXO_BUF_CACHE[selfIndex];
-            const txCache = self.__NON_WITNESS_UTXO_TX_CACHE[selfIndex];
+            const buf = self.nonWitnessUtxoBufCache[selfIndex];
+            const txCache = self.nonWitnessUtxoTxCache[selfIndex];
             if (buf !== undefined) {
                 return buf;
             }
             else {
                 const newBuf = txCache.toBuffer();
-                self.__NON_WITNESS_UTXO_BUF_CACHE[selfIndex] = newBuf;
+                self.nonWitnessUtxoBufCache[selfIndex] = newBuf;
                 return newBuf;
             }
         },
         set(data) {
-            self.__NON_WITNESS_UTXO_BUF_CACHE[selfIndex] = data;
+            self.nonWitnessUtxoBufCache[selfIndex] = data;
         },
     });
 }
 function inputFinalizeGetAmts(inputs, tx, cache, mustFinalize, disableOutputChecks) {
-    let inputAmount = 0;
+    let inputAmount = 0n;
     inputs.forEach((input, idx) => {
         if (mustFinalize && input.finalScriptSig)
             tx.ins[idx].script = input.finalScriptSig;
@@ -1221,20 +1279,20 @@ function inputFinalizeGetAmts(inputs, tx, cache, mustFinalize, disableOutputChec
             inputAmount += out.value;
         }
     });
-    const outputAmount = tx.outs.reduce((total, o) => total + o.value, 0);
+    const outputAmount = tx.outs.reduce((total, o) => total + o.value, 0n);
     const fee = inputAmount - outputAmount;
     if (!disableOutputChecks) {
-        if (fee < 0) {
+        if (fee < 0n) {
             throw new Error(`Outputs are spending more than Inputs ${inputAmount} < ${outputAmount}`);
         }
     }
     const bytes = tx.virtualSize();
-    cache.__FEE = fee;
-    cache.__EXTRACTED_TX = tx;
-    cache.__FEE_RATE = Math.floor(fee / bytes);
+    cache.fee = Number(fee);
+    cache.extractedTx = tx;
+    cache.feeRate = Math.floor(Number(fee) / bytes);
 }
 function nonWitnessUtxoTxFromCache(cache, input, inputIndex) {
-    const c = cache.__NON_WITNESS_UTXO_TX_CACHE;
+    const c = cache.nonWitnessUtxoTxCache;
     if (!c[inputIndex]) {
         addNonWitnessTxCache(cache, input, inputIndex);
     }
@@ -1253,7 +1311,7 @@ function getScriptAndAmountFromUtxo(inputIndex, input, cache) {
     }
     else if (input.nonWitnessUtxo !== undefined) {
         const nonWitnessUtxoTx = nonWitnessUtxoTxFromCache(cache, input, inputIndex);
-        const o = nonWitnessUtxoTx.outs[cache.__TX.ins[inputIndex].index];
+        const o = nonWitnessUtxoTx.outs[cache.tx.ins[inputIndex].index];
         return { script: o.script, value: o.value };
     }
     else {
@@ -1266,7 +1324,7 @@ function pubkeyInInput(pubkey, input, inputIndex, cache) {
     return pubkeyInScript(pubkey, meaningfulScript);
 }
 function pubkeyInOutput(pubkey, output, outputIndex, cache) {
-    const script = cache.__TX.outs[outputIndex].script;
+    const script = cache.tx.outs[outputIndex].script;
     const { meaningfulScript } = getMeaningfulScript(script, outputIndex, 'output', output.redeemScript, output.witnessScript);
     return pubkeyInScript(pubkey, meaningfulScript);
 }
@@ -1277,7 +1335,7 @@ function redeemFromFinalScriptSig(finalScript) {
     if (!decomp)
         return;
     const lastItem = decomp[decomp.length - 1];
-    if (!Buffer.isBuffer(lastItem) || isPubkeyLike(lastItem) || isSigLike(lastItem))
+    if (!(lastItem instanceof Uint8Array) || isPubkeyLike(lastItem) || isSigLike(lastItem))
         return;
     const sDecomp = bscript.decompile(lastItem);
     if (!sDecomp)
@@ -1296,69 +1354,4 @@ function redeemFromFinalWitnessScript(finalScript) {
         return;
     return lastItem;
 }
-function compressPubkey(pubkey) {
-    if (pubkey.length === 65) {
-        const parity = pubkey[64] & 1;
-        const newKey = Buffer.from(pubkey.subarray(0, 33));
-        newKey[0] = 2 | parity;
-        return newKey;
-    }
-    return Buffer.from(pubkey);
-}
-function isPubkeyLike(buf) {
-    return buf.length === 33 && bscript.isCanonicalPubKey(buf);
-}
-function isSigLike(buf) {
-    return bscript.isCanonicalScriptSignature(buf);
-}
-function getMeaningfulScript(script, index, ioType, redeemScript, witnessScript) {
-    const isP2SH = isP2SHScript(script);
-    const isP2SHP2WSH = isP2SH && redeemScript && isP2WSHScript(redeemScript);
-    const isP2WSH = isP2WSHScript(script);
-    if (isP2SH && redeemScript === undefined)
-        throw new Error('scriptPubkey is P2SH but redeemScript missing');
-    if ((isP2WSH || isP2SHP2WSH) && witnessScript === undefined)
-        throw new Error('scriptPubkey or redeemScript is P2WSH but witnessScript missing');
-    let meaningfulScript;
-    if (isP2SHP2WSH) {
-        meaningfulScript = witnessScript;
-        checkRedeemScript(index, script, redeemScript, ioType);
-        checkWitnessScript(index, redeemScript, witnessScript, ioType);
-        checkInvalidP2WSH(meaningfulScript);
-    }
-    else if (isP2WSH) {
-        meaningfulScript = witnessScript;
-        checkWitnessScript(index, script, witnessScript, ioType);
-        checkInvalidP2WSH(meaningfulScript);
-    }
-    else if (isP2SH) {
-        meaningfulScript = redeemScript;
-        checkRedeemScript(index, script, redeemScript, ioType);
-    }
-    else {
-        meaningfulScript = script;
-    }
-    return {
-        meaningfulScript,
-        type: isP2SHP2WSH ? 'p2sh-p2wsh' : isP2SH ? 'p2sh' : isP2WSH ? 'p2wsh' : 'raw',
-    };
-}
-function checkInvalidP2WSH(script) {
-    if (isP2WPKH(script) || isP2SHScript(script)) {
-        throw new Error('P2WPKH or P2SH can not be contained within P2WSH');
-    }
-}
-function classifyScript(script) {
-    if (isP2WPKH(script))
-        return 'witnesspubkeyhash';
-    if (isP2PKH(script))
-        return 'pubkeyhash';
-    if (isP2MS(script))
-        return 'multisig';
-    if (isP2PK(script))
-        return 'pubkey';
-    return 'nonstandard';
-}
-function range(n) {
-    return [...Array(n).keys()];
-}
+//# sourceMappingURL=psbt.js.map