@buildonspark/spark-sdk 0.1.46 → 0.2.0

package/src/signer/signer.ts

@@ -1,3 +1,10 @@
+import { privateAdd, privateNegate } from "@bitcoinerlab/secp256k1";
+import {
+  fromPrivateKey,
+  PARITY,
+  Receipt,
+  TokenSigner,
+} from "@buildonspark/lrc20-sdk";
 import {
   bytesToHex,
   bytesToNumberBE,
@@ -5,15 +12,17 @@ import {
   hexToBytes,
 } from "@noble/curves/abstract/utils";
 import { schnorr, secp256k1 } from "@noble/curves/secp256k1";
+import { sha256 } from "@noble/hashes/sha2";
 import { HDKey } from "@scure/bip32";
 import { generateMnemonic, mnemonicToSeed } from "@scure/bip39";
 import { wordlist } from "@scure/bip39/wordlists/english";
+import { Transaction } from "@scure/btc-signer";
+import { taprootTweakPrivKey } from "@scure/btc-signer/utils";
+import type { Psbt } from "bitcoinjs-lib";
 import * as ecies from "eciesjs";
 import { isReactNative } from "../constants.js";
 import { ConfigurationError, ValidationError } from "../errors/types.js";
-import { TreeNode } from "../proto/spark.js";
-import { IKeyPackage, ISigningCommitment } from "../spark_bindings/types.js";
-import { generateAdaptorFromSignature } from "../utils/adaptor-signature.js";
+import { IKeyPackage } from "../spark_bindings/types.js";
 import { subtractPrivateKeys } from "../utils/keys.js";
 import {
   splitSecretWithProofs,
@@ -23,6 +32,17 @@ import {
   getRandomSigningNonce,
   getSigningCommitmentFromNonce,
 } from "../utils/signing.js";
+import {
+  KeyDerivationType,
+  type AggregateFrostParams,
+  type DerivedHDKey,
+  type KeyDerivation,
+  type KeyPair,
+  type SignFrostParams,
+  type SigningCommitment,
+  type SigningNonce,
+  type SplitSecretWithProofsParams,
+} from "./types.js";
 
 let sparkFrostModule: any = undefined;
 const getSparkFrostModule = async () => {
@@ -36,72 +56,11 @@ const getSparkFrostModule = async () => {
   return sparkFrostModule;
 };
 
-import { privateAdd, privateNegate } from "@bitcoinerlab/secp256k1";
-import {
-  fromPrivateKey,
-  PARITY,
-  Receipt,
-  TokenSigner,
-} from "@buildonspark/lrc20-sdk";
-import { sha256 } from "@noble/hashes/sha2";
-import { Transaction } from "@scure/btc-signer";
-import { taprootTweakPrivKey } from "@scure/btc-signer/utils";
-import type { Psbt } from "bitcoinjs-lib";
-
-export { Receipt, PARITY, fromPrivateKey } from "@buildonspark/lrc20-sdk";
-export { MultisigReceiptInput } from "@buildonspark/lrc20-sdk/lrc/types";
-
-export type SigningNonce = {
-  binding: Uint8Array;
-  hiding: Uint8Array;
-};
-
-export type SigningCommitment = {
-  binding: Uint8Array;
-  hiding: Uint8Array;
-};
-
-export type SignFrostParams = {
-  message: Uint8Array;
-  privateAsPubKey: Uint8Array;
-  publicKey: Uint8Array;
-  verifyingKey: Uint8Array;
-  selfCommitment: ISigningCommitment;
-  statechainCommitments?: { [key: string]: ISigningCommitment } | undefined;
-  adaptorPubKey?: Uint8Array | undefined;
-};
-
-export type AggregateFrostParams = Omit<SignFrostParams, "privateAsPubKey"> & {
-  selfSignature: Uint8Array;
-  statechainSignatures?: { [key: string]: Uint8Array } | undefined;
-  statechainPublicKeys?: { [key: string]: Uint8Array } | undefined;
-};
-
-export type SplitSecretWithProofsParams = {
-  secret: Uint8Array;
-  curveOrder: bigint;
-  threshold: number;
-  numShares: number;
-  isSecretPubkey?: boolean;
-};
-
-type DerivedHDKey = {
-  hdKey: HDKey;
-  privateKey: Uint8Array;
-  publicKey: Uint8Array;
-};
-
-type KeyPair = {
-  privateKey: Uint8Array;
-  publicKey: Uint8Array;
-};
-
 interface SparkKeysGenerator {
   deriveKeysFromSeed(
     seed: Uint8Array,
     accountNumber: number,
   ): Promise<{
-    masterPublicKey: Uint8Array;
     identityKey: KeyPair;
     signingHDKey: DerivedHDKey;
     depositKey: KeyPair;
@@ -116,7 +75,6 @@ class DefaultSparkKeysGenerator implements SparkKeysGenerator {
     seed: Uint8Array,
     accountNumber: number,
   ): Promise<{
-    masterPublicKey: Uint8Array;
     identityKey: KeyPair;
     signingHDKey: DerivedHDKey;
     depositKey: KeyPair;
@@ -155,7 +113,78 @@ class DefaultSparkKeysGenerator implements SparkKeysGenerator {
     }
 
     return {
-      masterPublicKey: hdkey.publicKey,
+      identityKey: {
+        privateKey: identityKey.privateKey,
+        publicKey: identityKey.publicKey,
+      },
+      signingHDKey: {
+        hdKey: signingKey,
+        privateKey: signingKey.privateKey,
+        publicKey: signingKey.publicKey,
+      },
+      depositKey: {
+        privateKey: depositKey.privateKey,
+        publicKey: depositKey.publicKey,
+      },
+      staticDepositHDKey: {
+        hdKey: staticDepositKey,
+        privateKey: staticDepositKey.privateKey,
+        publicKey: staticDepositKey.publicKey,
+      },
+    };
+  }
+}
+
+class DerivationPathKeysGenerator implements SparkKeysGenerator {
+  constructor(private readonly derivationPathTemplate: string) {}
+
+  async deriveKeysFromSeed(
+    seed: Uint8Array,
+    accountNumber: number,
+  ): Promise<{
+    identityKey: KeyPair;
+    signingHDKey: DerivedHDKey;
+    depositKey: KeyPair;
+    staticDepositHDKey: DerivedHDKey;
+  }> {
+    const hdkey = HDKey.fromMasterSeed(seed);
+
+    if (!hdkey.privateKey || !hdkey.publicKey) {
+      throw new ValidationError("Failed to derive keys from seed", {
+        field: "hdkey",
+        value: seed,
+      });
+    }
+
+    const derivationPath = this.derivationPathTemplate.replaceAll(
+      "?",
+      accountNumber.toString(),
+    );
+
+    const identityKey = hdkey.derive(derivationPath);
+    const signingKey = hdkey.derive(`${derivationPath}/1'`);
+    const depositKey = hdkey.derive(`${derivationPath}/2'`);
+    const staticDepositKey = hdkey.derive(`${derivationPath}/3'`);
+
+    if (
+      !identityKey.privateKey ||
+      !identityKey.publicKey ||
+      !signingKey.privateKey ||
+      !signingKey.publicKey ||
+      !depositKey.privateKey ||
+      !depositKey.publicKey ||
+      !staticDepositKey.privateKey ||
+      !staticDepositKey.publicKey
+    ) {
+      throw new ValidationError(
+        "Failed to derive all required keys from seed",
+        {
+          field: "derivedKeys",
+        },
+      );
+    }
+
+    return {
       identityKey: {
         privateKey: identityKey.privateKey,
         publicKey: identityKey.publicKey,
@@ -185,7 +214,6 @@ class TaprootOutputKeysGenerator implements SparkKeysGenerator {
     seed: Uint8Array,
     accountNumber: number,
   ): Promise<{
-    masterPublicKey: Uint8Array;
     identityKey: KeyPair;
     signingHDKey: DerivedHDKey;
     depositKey: KeyPair;
@@ -241,7 +269,6 @@ class TaprootOutputKeysGenerator implements SparkKeysGenerator {
     }
 
     return {
-      masterPublicKey: hdkey.publicKey,
       identityKey: {
         privateKey: identityKey.privateKey,
         publicKey: identityKey.publicKey,
@@ -264,11 +291,9 @@ class TaprootOutputKeysGenerator implements SparkKeysGenerator {
   }
 }
 
-// TODO: Properly clean up keys when they are no longer needed
 interface SparkSigner extends TokenSigner {
   getIdentityPublicKey(): Promise<Uint8Array>;
   getDepositSigningKey(): Promise<Uint8Array>;
-  generateStaticDepositKey(idx: number): Promise<Uint8Array>;
   getStaticDepositSigningKey(idx: number): Promise<Uint8Array>;
   getStaticDepositSecretKey(idx: number): Promise<Uint8Array>;
 
@@ -280,21 +305,35 @@ interface SparkSigner extends TokenSigner {
     accountNumber?: number,
   ): Promise<string>;
 
-  restoreSigningKeysFromLeafs(leafs: TreeNode[]): Promise<void>;
-  getTrackedPublicKeys(): Promise<Uint8Array[]>;
-  // Generates a new private key, and returns the public key
-  generatePublicKey(hash?: Uint8Array): Promise<Uint8Array>;
-  // Called when a public key is no longer needed
-  removePublicKey(publicKey: Uint8Array): Promise<void>;
-  getSchnorrPublicKey(publicKey: Uint8Array): Promise<Uint8Array>;
+  getPublicKeyFromDerivation(
+    keyDerivation?: KeyDerivation,
+  ): Promise<Uint8Array>;
 
-  signSchnorr(message: Uint8Array, publicKey: Uint8Array): Promise<Uint8Array>;
   signSchnorrWithIdentityKey(message: Uint8Array): Promise<Uint8Array>;
 
-  subtractPrivateKeysGivenPublicKeys(
-    first: Uint8Array,
-    second: Uint8Array,
+  subtractPrivateKeysGivenDerivationPaths(
+    first: string,
+    second: string,
   ): Promise<Uint8Array>;
+
+  subtractAndSplitSecretWithProofsGivenDerivations(
+    params: Omit<SplitSecretWithProofsParams, "secret"> & {
+      first: KeyDerivation;
+      second?: KeyDerivation | undefined;
+    },
+  ): Promise<VerifiableSecretShare[]>;
+
+  subtractSplitAndEncrypt(
+    params: Omit<SplitSecretWithProofsParams, "secret"> & {
+      first: KeyDerivation;
+      second: KeyDerivation;
+      receiverPublicKey: Uint8Array;
+    },
+  ): Promise<{
+    shares: VerifiableSecretShare[];
+    secretCipher: Uint8Array;
+  }>;
+
   splitSecretWithProofs(
     params: SplitSecretWithProofsParams,
   ): Promise<VerifiableSecretShare[]>;
@@ -302,11 +341,6 @@ interface SparkSigner extends TokenSigner {
   signFrost(params: SignFrostParams): Promise<Uint8Array>;
   aggregateFrost(params: AggregateFrostParams): Promise<Uint8Array>;
 
-  signMessageWithPublicKey(
-    message: Uint8Array,
-    publicKey: Uint8Array,
-    compact?: boolean,
-  ): Promise<Uint8Array>;
   // If compact is true, the signature should be in ecdsa compact format else it should be in DER format
   signMessageWithIdentityKey(
     message: Uint8Array,
@@ -323,34 +357,18 @@ interface SparkSigner extends TokenSigner {
     publicKey: Uint8Array,
   ): void;
 
-  encryptLeafPrivateKeyEcies(
-    receiverPublicKey: Uint8Array,
-    publicKey: Uint8Array,
-  ): Promise<Uint8Array>;
   decryptEcies(ciphertext: Uint8Array): Promise<Uint8Array>;
 
   getRandomSigningCommitment(): Promise<SigningCommitment>;
 
-  hashRandomPrivateKey(): Promise<Uint8Array>;
-  generateAdaptorFromSignature(signature: Uint8Array): Promise<{
-    adaptorSignature: Uint8Array;
-    adaptorPublicKey: Uint8Array;
-  }>;
-
   getDepositSigningKey(): Promise<Uint8Array>;
-  getMasterPublicKey(): Promise<Uint8Array>;
 }
 
 class DefaultSparkSigner implements SparkSigner {
-  private masterPublicKey: Uint8Array | null = null;
   private identityKey: KeyPair | null = null;
   private signingKey: HDKey | null = null;
   private depositKey: KeyPair | null = null;
   private staticDepositKey: HDKey | null = null;
-  private staticDepositKeyMap: Map<number, HDKey> = new Map();
-
-  // <hex, hex>
-  protected publicKeyToPrivateKeyMap: Map<string, string> = new Map();
 
   protected commitmentToNonceMap: Map<SigningCommitment, SigningNonce> =
     new Map();
@@ -385,48 +403,37 @@ class DefaultSparkSigner implements SparkSigner {
     return newPrivateKey;
   }
 
-  async restoreSigningKeysFromLeafs(leafs: TreeNode[]) {
-    if (!this.signingKey) {
-      throw new ValidationError("Signing key is not set", {
-        field: "signingKey",
-      });
-    }
-
-    for (const leaf of leafs) {
-      const hash = sha256(leaf.id);
-      const privateKey = this.deriveSigningKey(hash);
-
-      const publicKey = secp256k1.getPublicKey(privateKey);
-      this.publicKeyToPrivateKeyMap.set(
-        bytesToHex(publicKey),
-        bytesToHex(privateKey),
-      );
-    }
-  }
-
-  async getSchnorrPublicKey(publicKey: Uint8Array): Promise<Uint8Array> {
-    const privateKey = this.publicKeyToPrivateKeyMap.get(bytesToHex(publicKey));
-    if (!privateKey) {
-      throw new ValidationError("Private key is not set", {
-        field: "privateKey",
+  private async decryptEciesToPrivateKey(
+    ciphertext: Uint8Array,
+  ): Promise<Uint8Array> {
+    if (!this.identityKey?.privateKey) {
+      throw new ConfigurationError("Identity key not initialized", {
+        configKey: "identityKey",
       });
     }
+    const receiverEciesPrivKey = ecies.PrivateKey.fromHex(
+      bytesToHex(this.identityKey.privateKey),
+    );
+    const privateKey = ecies.decrypt(receiverEciesPrivKey.toHex(), ciphertext);
 
-    return schnorr.getPublicKey(hexToBytes(privateKey));
+    return privateKey;
   }
 
-  async signSchnorr(
-    message: Uint8Array,
-    publicKey: Uint8Array,
+  protected async getSigningPrivateKeyFromDerivation(
+    keyDerivation: KeyDerivation,
   ): Promise<Uint8Array> {
-    const privateKey = this.publicKeyToPrivateKeyMap.get(bytesToHex(publicKey));
-    if (!privateKey) {
-      throw new ValidationError("Private key is not set", {
-        field: "privateKey",
-      });
+    switch (keyDerivation.type) {
+      case KeyDerivationType.LEAF:
+        return this.deriveSigningKey(sha256(keyDerivation.path));
+      case KeyDerivationType.DEPOSIT:
+        return this.depositKey?.privateKey ?? new Uint8Array();
+      case KeyDerivationType.STATIC_DEPOSIT:
+        return this.getStaticDepositSecretKey(keyDerivation.path);
+      case KeyDerivationType.ECIES:
+        return this.decryptEciesToPrivateKey(keyDerivation.path);
+      case KeyDerivationType.RANDOM:
+        return secp256k1.utils.randomPrivateKey();
     }
-
-    return schnorr.sign(message, hexToBytes(privateKey));
   }
 
   async signSchnorrWithIdentityKey(message: Uint8Array): Promise<Uint8Array> {
@@ -461,49 +468,9 @@ class DefaultSparkSigner implements SparkSigner {
     return this.depositKey.publicKey;
   }
 
-  async generateStaticDepositKey(idx: number): Promise<Uint8Array> {
-    if (!this.staticDepositKey?.privateKey) {
-      throw new ValidationError("Static deposit key is not set", {
-        field: "staticDepositKey",
-      });
-    }
-
-    if (this.staticDepositKeyMap.has(idx)) {
-      const staticDepositKey = this.staticDepositKeyMap.get(idx);
-      return staticDepositKey?.publicKey!;
-    }
-
-    const staticDepositKey = this.staticDepositKey.deriveChild(
-      HARDENED_OFFSET + idx,
-    );
-    this.staticDepositKeyMap.set(idx, staticDepositKey);
-    this.publicKeyToPrivateKeyMap.set(
-      bytesToHex(staticDepositKey.publicKey!),
-      bytesToHex(staticDepositKey.privateKey!),
-    );
-    return staticDepositKey.publicKey!;
-  }
-
   async getStaticDepositSigningKey(idx: number): Promise<Uint8Array> {
-    if (!this.staticDepositKey) {
-      throw new ValidationError("Static deposit key is not set", {
-        field: "staticDepositKey",
-      });
-    }
-
-    if (!this.staticDepositKeyMap.has(idx)) {
-      await this.generateStaticDepositKey(idx);
-    }
-
-    const staticDepositKey = this.staticDepositKeyMap.get(idx);
-
-    if (!staticDepositKey?.publicKey) {
-      throw new ValidationError("Static deposit key is not set", {
-        field: "staticDepositKey",
-      });
-    }
-
-    return staticDepositKey.publicKey;
+    const staticDepositKey = await this.getStaticDepositSecretKey(idx);
+    return secp256k1.getPublicKey(staticDepositKey);
   }
 
   async getStaticDepositSecretKey(idx: number): Promise<Uint8Array> {
@@ -513,11 +480,9 @@ class DefaultSparkSigner implements SparkSigner {
       });
     }
 
-    if (!this.staticDepositKeyMap.has(idx)) {
-      await this.generateStaticDepositKey(idx);
-    }
-
-    const staticDepositKey = this.staticDepositKeyMap.get(idx);
+    const staticDepositKey = this.staticDepositKey.deriveChild(
+      HARDENED_OFFSET + idx,
+    );
 
     if (!staticDepositKey?.privateKey) {
       throw new ValidationError("Static deposit key is not set", {
@@ -536,72 +501,92 @@ class DefaultSparkSigner implements SparkSigner {
     return await mnemonicToSeed(mnemonic);
   }
 
-  async getTrackedPublicKeys(): Promise<Uint8Array[]> {
-    return Array.from(this.publicKeyToPrivateKeyMap.keys()).map(hexToBytes);
+  async getPublicKeyFromDerivation(
+    keyDerivation: KeyDerivation,
+  ): Promise<Uint8Array> {
+    const privateKey =
+      await this.getSigningPrivateKeyFromDerivation(keyDerivation);
+    return secp256k1.getPublicKey(privateKey);
   }
 
-  async generatePublicKey(hash?: Uint8Array): Promise<Uint8Array> {
-    if (!this.signingKey) {
-      throw new ValidationError("Private key is not set", {
-        field: "signingKey",
-      });
-    }
-
-    let newPrivateKey: Uint8Array | null = null;
-    if (hash) {
-      newPrivateKey = this.deriveSigningKey(hash);
-    } else {
-      newPrivateKey = secp256k1.utils.randomPrivateKey();
-    }
-
-    if (!newPrivateKey) {
-      throw new ValidationError("Failed to generate new private key", {
-        field: "privateKey",
-      });
-    }
-
-    const publicKey = secp256k1.getPublicKey(newPrivateKey);
-    const pubKeyHex = bytesToHex(publicKey);
-
-    const privKeyHex = bytesToHex(newPrivateKey);
-    this.publicKeyToPrivateKeyMap.set(pubKeyHex, privKeyHex);
+  async subtractPrivateKeysGivenDerivationPaths(
+    first: string,
+    second: string,
+  ): Promise<Uint8Array> {
+    const firstPrivateKey = this.deriveSigningKey(sha256(first));
+    const secondPrivateKey = this.deriveSigningKey(sha256(second));
 
-    return publicKey;
-  }
+    const resultPrivKey = subtractPrivateKeys(
+      firstPrivateKey,
+      secondPrivateKey,
+    );
+    const resultPubKey = secp256k1.getPublicKey(resultPrivKey);
 
-  async removePublicKey(publicKey: Uint8Array): Promise<void> {
-    this.publicKeyToPrivateKeyMap.delete(bytesToHex(publicKey));
+    return resultPubKey;
   }
 
-  async subtractPrivateKeysGivenPublicKeys(
-    first: Uint8Array,
-    second: Uint8Array,
-  ): Promise<Uint8Array> {
-    const firstPubKeyHex = bytesToHex(first);
-    const secondPubKeyHex = bytesToHex(second);
+  async subtractAndSplitSecretWithProofsGivenDerivations({
+    first,
+    second,
+    curveOrder,
+    threshold,
+    numShares,
+  }: Omit<SplitSecretWithProofsParams, "secret"> & {
+    first: KeyDerivation;
+    second: KeyDerivation;
+  }): Promise<VerifiableSecretShare[]> {
+    const firstPrivateKey =
+      await this.getSigningPrivateKeyFromDerivation(first);
+    const secondPrivateKey =
+      await this.getSigningPrivateKeyFromDerivation(second);
 
-    const firstPrivateKeyHex =
-      this.publicKeyToPrivateKeyMap.get(firstPubKeyHex);
-    const secondPrivateKeyHex =
-      this.publicKeyToPrivateKeyMap.get(secondPubKeyHex);
+    const resultPrivKey = subtractPrivateKeys(
+      firstPrivateKey,
+      secondPrivateKey,
+    );
 
-    if (!firstPrivateKeyHex || !secondPrivateKeyHex) {
-      throw new Error("Private key is not set");
-    }
+    return await this.splitSecretWithProofs({
+      secret: resultPrivKey,
+      curveOrder,
+      threshold,
+      numShares,
+    });
+  }
 
-    const firstPrivateKey = hexToBytes(firstPrivateKeyHex);
-    const secondPrivateKey = hexToBytes(secondPrivateKeyHex);
+  async subtractSplitAndEncrypt({
+    first,
+    second,
+    curveOrder,
+    threshold,
+    numShares,
+    receiverPublicKey,
+  }: Omit<SplitSecretWithProofsParams, "secret"> & {
+    first: KeyDerivation;
+    second: KeyDerivation;
+    receiverPublicKey: Uint8Array;
+  }): Promise<{
+    shares: VerifiableSecretShare[];
+    secretCipher: Uint8Array;
+  }> {
+    const firstPrivateKey =
+      await this.getSigningPrivateKeyFromDerivation(first);
+    const secondPrivateKey =
+      await this.getSigningPrivateKeyFromDerivation(second);
 
     const resultPrivKey = subtractPrivateKeys(
       firstPrivateKey,
       secondPrivateKey,
     );
-    const resultPubKey = secp256k1.getPublicKey(resultPrivKey);
 
-    const resultPrivKeyHex = bytesToHex(resultPrivKey);
-    const resultPubKeyHex = bytesToHex(resultPubKey);
-    this.publicKeyToPrivateKeyMap.set(resultPubKeyHex, resultPrivKeyHex);
-    return resultPubKey;
+    return {
+      shares: await this.splitSecretWithProofs({
+        secret: resultPrivKey,
+        curveOrder,
+        threshold,
+        numShares,
+      }),
+      secretCipher: ecies.encrypt(receiverPublicKey, secondPrivateKey),
+    };
   }
 
   async splitSecretWithProofs({
@@ -609,23 +594,14 @@ class DefaultSparkSigner implements SparkSigner {
     curveOrder,
     threshold,
     numShares,
-    isSecretPubkey = false,
   }: SplitSecretWithProofsParams): Promise<VerifiableSecretShare[]> {
-    if (isSecretPubkey) {
-      const pubKeyHex = bytesToHex(secret);
-      const privateKey = this.publicKeyToPrivateKeyMap.get(pubKeyHex);
-      if (!privateKey) {
-        throw new Error("Private key is not set");
-      }
-      secret = hexToBytes(privateKey);
-    }
     const secretAsInt = bytesToNumberBE(secret);
     return splitSecretWithProofs(secretAsInt, curveOrder, threshold, numShares);
   }
 
   async signFrost({
     message,
-    privateAsPubKey,
+    keyDerivation,
     publicKey,
     verifyingKey,
     selfCommitment,
@@ -638,9 +614,9 @@ class DefaultSparkSigner implements SparkSigner {
         field: "SparkFrost",
       });
     }
-    const privateAsPubKeyHex = bytesToHex(privateAsPubKey);
+
     const signingPrivateKey =
-      this.publicKeyToPrivateKeyMap.get(privateAsPubKeyHex);
+      await this.getSigningPrivateKeyFromDerivation(keyDerivation);
 
     if (!signingPrivateKey) {
       throw new ValidationError("Private key not found for public key", {
@@ -656,7 +632,7 @@ class DefaultSparkSigner implements SparkSigner {
     }
 
     const keyPackage: IKeyPackage = {
-      secretKey: hexToBytes(signingPrivateKey),
+      secretKey: signingPrivateKey,
       publicKey: publicKey,
       verifyingKey: verifyingKey,
     };
@@ -710,56 +686,20 @@ class DefaultSparkSigner implements SparkSigner {
     }
 
     const {
-      masterPublicKey,
       identityKey,
       signingHDKey: signingKey,
       depositKey,
       staticDepositHDKey: staticDepositKey,
     } = await this.keysGenerator.deriveKeysFromSeed(seed, accountNumber ?? 0);
 
-    this.masterPublicKey = masterPublicKey;
     this.identityKey = identityKey;
     this.depositKey = depositKey;
     this.signingKey = signingKey.hdKey;
     this.staticDepositKey = staticDepositKey.hdKey;
 
-    this.publicKeyToPrivateKeyMap.set(
-      bytesToHex(identityKey.publicKey),
-      bytesToHex(identityKey.privateKey),
-    );
-    this.publicKeyToPrivateKeyMap.set(
-      bytesToHex(depositKey.publicKey),
-      bytesToHex(depositKey.privateKey),
-    );
-    this.publicKeyToPrivateKeyMap.set(
-      bytesToHex(staticDepositKey.publicKey),
-      bytesToHex(staticDepositKey.privateKey),
-    );
     return bytesToHex(identityKey.publicKey);
   }
 
-  async signMessageWithPublicKey(
-    message: Uint8Array,
-    publicKey: Uint8Array,
-    compact?: boolean,
-  ): Promise<Uint8Array> {
-    const privateKey = this.publicKeyToPrivateKeyMap.get(bytesToHex(publicKey));
-    if (!privateKey) {
-      throw new ValidationError("Private key not found for public key", {
-        field: "privateKey",
-        value: bytesToHex(publicKey),
-      });
-    }
-
-    const signature = secp256k1.sign(message, hexToBytes(privateKey));
-
-    if (compact) {
-      return signature.toCompactRawBytes();
-    }
-
-    return signature.toDERRawBytes();
-  }
-
   async signMessageWithIdentityKey(
     message: Uint8Array,
     compact?: boolean,
@@ -779,19 +719,6 @@ class DefaultSparkSigner implements SparkSigner {
     return signature.toDERRawBytes();
   }
 
-  async encryptLeafPrivateKeyEcies(
-    receiverPublicKey: Uint8Array,
-    publicKey: Uint8Array,
-  ): Promise<Uint8Array> {
-    const publicKeyHex = bytesToHex(publicKey);
-    const privateKey = this.publicKeyToPrivateKeyMap.get(publicKeyHex);
-    if (!privateKey) {
-      throw new Error("Private key is not set");
-    }
-
-    return ecies.encrypt(receiverPublicKey, hexToBytes(privateKey));
-  }
-
   async decryptEcies(ciphertext: Uint8Array): Promise<Uint8Array> {
     if (!this.identityKey?.privateKey) {
       throw new ConfigurationError("Identity key not initialized", {
@@ -803,9 +730,7 @@ class DefaultSparkSigner implements SparkSigner {
     );
     const privateKey = ecies.decrypt(receiverEciesPrivKey.toHex(), ciphertext);
     const publicKey = secp256k1.getPublicKey(privateKey);
-    const publicKeyHex = bytesToHex(publicKey);
-    const privateKeyHex = bytesToHex(privateKey);
-    this.publicKeyToPrivateKeyMap.set(publicKeyHex, privateKeyHex);
+
     return publicKey;
   }
 
@@ -816,37 +741,6 @@ class DefaultSparkSigner implements SparkSigner {
     return commitment;
   }
 
-  async hashRandomPrivateKey(): Promise<Uint8Array> {
-    return sha256(secp256k1.utils.randomPrivateKey());
-  }
-
-  async generateAdaptorFromSignature(signature: Uint8Array): Promise<{
-    adaptorSignature: Uint8Array;
-    adaptorPublicKey: Uint8Array;
-  }> {
-    const adaptor = generateAdaptorFromSignature(signature);
-
-    const adaptorPublicKey = secp256k1.getPublicKey(adaptor.adaptorPrivateKey);
-
-    this.publicKeyToPrivateKeyMap.set(
-      bytesToHex(adaptorPublicKey),
-      bytesToHex(adaptor.adaptorPrivateKey),
-    );
-
-    return {
-      adaptorSignature: signature,
-      adaptorPublicKey: adaptorPublicKey,
-    };
-  }
-
-  async getMasterPublicKey(): Promise<Uint8Array> {
-    if (!this.masterPublicKey) {
-      throw new Error("Private key is not set");
-    }
-
-    return this.masterPublicKey;
-  }
-
   async validateMessageWithIdentityKey(
     message: Uint8Array,
     signature: Uint8Array,
@@ -913,10 +807,6 @@ class DefaultSparkSigner implements SparkSigner {
       equalBytes(publicKey, this.depositKey?.publicKey ?? new Uint8Array())
     ) {
       privateKey = this.depositKey?.privateKey;
-    } else {
-      privateKey = hexToBytes(
-        this.publicKeyToPrivateKeyMap.get(bytesToHex(publicKey)) ?? "",
-      );
     }
 
     if (!privateKey) {
@@ -931,10 +821,50 @@ class DefaultSparkSigner implements SparkSigner {
 }
 
 class TaprootSparkSigner extends DefaultSparkSigner {
-  constructor() {
-    super({ sparkKeysGenerator: new TaprootOutputKeysGenerator() });
+  constructor(useAddressIndex = false) {
+    super({
+      sparkKeysGenerator: new TaprootOutputKeysGenerator(useAddressIndex),
+    });
   }
 }
 
-export { DefaultSparkSigner, TaprootSparkSigner, TaprootOutputKeysGenerator };
-export type { SparkSigner, TokenSigner };
+class NativeSegwitSparkSigner extends DefaultSparkSigner {
+  constructor(useAddressIndex = false) {
+    super({
+      sparkKeysGenerator: new DerivationPathKeysGenerator(
+        useAddressIndex ? "m/84'/0'/0'/0/?" : "m/84'/0'/?'/0/0",
+      ),
+    });
+  }
+}
+
+class WrappedSegwitSparkSigner extends DefaultSparkSigner {
+  constructor(useAddressIndex = false) {
+    super({
+      sparkKeysGenerator: new DerivationPathKeysGenerator(
+        useAddressIndex ? "m/49'/0'/0'/0/?" : "m/49'/0'/?'/0/0",
+      ),
+    });
+  }
+}
+
+class LegacyBitcoinSparkSigner extends DefaultSparkSigner {
+  constructor(useAddressIndex = false) {
+    super({
+      sparkKeysGenerator: new DerivationPathKeysGenerator(
+        useAddressIndex ? "m/44'/0'/0'/0/?" : "m/44'/0'/?'/0/0",
+      ),
+    });
+  }
+}
+
+export {
+  DefaultSparkSigner,
+  LegacyBitcoinSparkSigner,
+  NativeSegwitSparkSigner,
+  TaprootOutputKeysGenerator,
+  TaprootSparkSigner,
+  WrappedSegwitSparkSigner,
+  type SparkSigner,
+  type TokenSigner,
+};