@frontiercompute/zcash-ika 0.3.0 → 0.4.0

package/dist/index.d.ts

@@ -71,6 +71,19 @@ export declare const CHAIN_PARAMS: {
  *   4. Base58 encode (version + hash + checksum)
  */
 export declare function deriveZcashAddress(publicKey: Uint8Array, network?: "mainnet" | "testnet"): string;
+/**
+ * Derive a Bitcoin P2PKH address from a compressed secp256k1 public key.
+ *
+ * Same as Zcash transparent but with a 1-byte version prefix:
+ *   mainnet 0x00 (1...), testnet 0x6f (m.../n...)
+ *
+ * Steps:
+ *   1. SHA256(pubkey) then RIPEMD160 = 20-byte hash
+ *   2. Prepend 1-byte version
+ *   3. Double-SHA256 checksum (first 4 bytes)
+ *   4. Base58 encode (version + hash + checksum)
+ */
+export declare function deriveBitcoinAddress(publicKey: Uint8Array, network?: "mainnet" | "testnet"): string;
 export interface DWalletHandle {
     /** dWallet object ID on Sui */
     id: string;

package/dist/index.js

@@ -118,6 +118,45 @@ export function deriveZcashAddress(publicKey, network = "mainnet") {
     full.set(checksum, 22);
     return base58Encode(full);
 }
+// Bitcoin P2PKH version bytes (1 byte each)
+const BITCOIN_VERSION_BYTE = {
+    mainnet: 0x00, // 1...
+    testnet: 0x6f, // m... or n...
+};
+/**
+ * Derive a Bitcoin P2PKH address from a compressed secp256k1 public key.
+ *
+ * Same as Zcash transparent but with a 1-byte version prefix:
+ *   mainnet 0x00 (1...), testnet 0x6f (m.../n...)
+ *
+ * Steps:
+ *   1. SHA256(pubkey) then RIPEMD160 = 20-byte hash
+ *   2. Prepend 1-byte version
+ *   3. Double-SHA256 checksum (first 4 bytes)
+ *   4. Base58 encode (version + hash + checksum)
+ */
+export function deriveBitcoinAddress(publicKey, network = "mainnet") {
+    if (publicKey.length !== 33) {
+        throw new Error(`Expected 33-byte compressed secp256k1 pubkey, got ${publicKey.length} bytes`);
+    }
+    const prefix = publicKey[0];
+    if (prefix !== 0x02 && prefix !== 0x03) {
+        throw new Error(`Invalid compressed pubkey prefix 0x${prefix.toString(16)}, expected 0x02 or 0x03`);
+    }
+    const pubkeyHash = hash160(publicKey); // 20 bytes
+    const version = BITCOIN_VERSION_BYTE[network];
+    // version (1) + hash160 (20) = 21 bytes
+    const payload = new Uint8Array(21);
+    payload[0] = version;
+    payload.set(pubkeyHash, 1);
+    // checksum: first 4 bytes of SHA256(SHA256(payload))
+    const checksum = sha256(sha256(payload)).subarray(0, 4);
+    // final: payload (21) + checksum (4) = 25 bytes
+    const full = new Uint8Array(25);
+    full.set(payload, 0);
+    full.set(checksum, 21);
+    return base58Encode(full);
+}
 // Default poll settings for testnet (epochs can be slow)
 const POLL_OPTS = {
     timeout: 300_000,
@@ -276,6 +315,9 @@ export async function createWallet(config, chain, _operatorSeed) {
     if (pubkey && pubkey.length === 33 && chain === "zcash-transparent") {
         derivedAddress = deriveZcashAddress(pubkey, config.network);
     }
+    else if (pubkey && pubkey.length === 33 && chain === "bitcoin") {
+        derivedAddress = deriveBitcoinAddress(pubkey, config.network);
+    }
     return {
         id: dwalletId,
         publicKey: pubkey || new Uint8Array(0),

package/dist/tx-builder.d.ts

@@ -9,6 +9,7 @@
 export declare const BRANCH_ID: {
     readonly NU5: 3268858036;
     readonly NU6: 3370586197;
+    readonly NU61: 1307332080;
 };
 export interface UTXO {
     txid: string;

package/dist/tx-builder.js

@@ -16,6 +16,7 @@ const TX_VERSION_GROUP_ID = 0x26a7270a;
 export const BRANCH_ID = {
     NU5: 0xc2d6d0b4,
     NU6: 0xc8e71055,
+    NU61: 0x4dec4df0,
 };
 // SIGHASH flags
 const SIGHASH_ALL = 0x01;
@@ -159,7 +160,7 @@ function hashPrevouts(inputs, branchId) {
         parts.push(outpoint);
     }
     const data = Buffer.concat(parts);
-    return blake2b256(data, personalization("ZTxIdPrevoutHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxIdPrevoutHash"));
 }
 // Hash of all input amounts
 function hashAmounts(inputs, branchId) {
@@ -167,7 +168,7 @@ function hashAmounts(inputs, branchId) {
     for (let i = 0; i < inputs.length; i++) {
         writeI64LE(data, inputs[i].value, i * 8);
     }
-    return blake2b256(data, personalization("ZTxTrAmountsHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxTrAmountsHash"));
 }
 // Hash of all input scriptPubKeys
 function hashScriptPubKeys(inputs, branchId) {
@@ -177,7 +178,7 @@ function hashScriptPubKeys(inputs, branchId) {
         parts.push(inp.script);
     }
     const data = Buffer.concat(parts);
-    return blake2b256(data, personalization("ZTxTrScriptsHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxTrScriptsHash"));
 }
 // Hash of all sequences
 function hashSequences(inputs, branchId) {
@@ -185,7 +186,7 @@ function hashSequences(inputs, branchId) {
     for (let i = 0; i < inputs.length; i++) {
         writeU32LE(data, inputs[i].sequence, i * 4);
     }
-    return blake2b256(data, personalization("ZTxIdSequencHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxIdSequencHash"));
 }
 // Hash of all transparent outputs
 function hashOutputs(outputs, branchId) {
@@ -198,70 +199,66 @@ function hashOutputs(outputs, branchId) {
         parts.push(out.script);
     }
     const data = Buffer.concat(parts);
-    return blake2b256(data, personalization("ZTxIdOutputsHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxIdOutputsHash"));
 }
-// Transparent inputs digest (ZIP 244 section T.3a)
-function transparentInputsDigest(inputs, branchId) {
-    const prevoutsHash = hashPrevouts(inputs, branchId);
-    const amountsHash = hashAmounts(inputs, branchId);
-    const scriptPubKeysHash = hashScriptPubKeys(inputs, branchId);
-    const sequencesHash = hashSequences(inputs, branchId);
-    const data = Buffer.concat([prevoutsHash, amountsHash, scriptPubKeysHash, sequencesHash]);
-    return blake2b256(data, personalization("ZTxIdTrInHash__", branchIdBytes(branchId)));
-}
-// Transparent outputs digest (ZIP 244 section T.3b)
-function transparentOutputsDigest(outputs, branchId) {
-    const outputsHash = hashOutputs(outputs, branchId);
-    return blake2b256(outputsHash, personalization("ZTxIdTrOutHash_", branchIdBytes(branchId)));
-}
-// Full transparent digest for txid (ZIP 244 T.3)
+// Full transparent digest for txid (ZIP 244 T.2)
+// transparent_digest = BLAKE2b("ZTxIdTranspaHash", prevouts || sequences || outputs)
 function transparentDigest(inputs, outputs, branchId) {
     if (inputs.length === 0 && outputs.length === 0) {
-        return blake2b256(Buffer.alloc(0), personalization("ZTxIdTranspaHash", branchIdBytes(branchId)));
+        return blake2b256(Buffer.alloc(0), personalization("ZTxIdTranspaHash"));
     }
-    const inDigest = transparentInputsDigest(inputs, branchId);
-    const outDigest = transparentOutputsDigest(outputs, branchId);
-    return blake2b256(Buffer.concat([inDigest, outDigest]), personalization("ZTxIdTranspaHash", branchIdBytes(branchId)));
+    const prevoutsDigest = hashPrevouts(inputs, branchId);
+    const sequenceDigest = hashSequences(inputs, branchId);
+    const outputsDigest = hashOutputs(outputs, branchId);
+    return blake2b256(Buffer.concat([prevoutsDigest, sequenceDigest, outputsDigest]), personalization("ZTxIdTranspaHash"));
 }
 // Sapling digest (empty bundle)
-function emptyBundleDigest(tag, branchId) {
-    return blake2b256(Buffer.alloc(0), personalization(tag, branchIdBytes(branchId)));
+function emptyBundleDigest(tag) {
+    return blake2b256(Buffer.alloc(0), personalization(tag));
 }
 // Header digest (ZIP 244 T.1)
 function headerDigest(version, versionGroupId, branchId, lockTime, expiryHeight) {
     const data = Buffer.alloc(4 + 4 + 4 + 4 + 4);
-    writeU32LE(data, version, 0);
+    writeU32LE(data, (version | (1 << 31)) >>> 0, 0);
     writeU32LE(data, versionGroupId, 4);
     writeU32LE(data, branchId, 8);
     writeU32LE(data, lockTime, 12);
     writeU32LE(data, expiryHeight, 16);
-    return blake2b256(data, personalization("ZTxIdHeadersHash", branchIdBytes(branchId)));
+    return blake2b256(data, personalization("ZTxIdHeadersHash"));
 }
 // Transaction digest for txid (ZIP 244 T)
 function txidDigest(inputs, outputs, branchId, lockTime, expiryHeight) {
     const hdrDigest = headerDigest(TX_VERSION, TX_VERSION_GROUP_ID, branchId, lockTime, expiryHeight);
     const txpDigest = transparentDigest(inputs, outputs, branchId);
-    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash", branchId);
-    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash", branchId);
+    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash");
+    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash");
     return blake2b256(Buffer.concat([hdrDigest, txpDigest, sapDigest, orchDigest]), personalization("ZcashTxHash__", branchIdBytes(branchId)));
 }
-// Per-input sighash for signing (ZIP 244 S.2 - transparent)
-// This is the hash that actually gets signed by ECDSA
+// Per-input sighash for signing (ZIP 244 signature_digest)
+// Structure: BLAKE2b("ZcashTxHash_" || BRANCH_ID,
+//   S.1: header_digest
+//   S.2: transparent_sig_digest (NOT the txid transparent digest)
+//   S.3: sapling_digest
+//   S.4: orchard_digest
+// )
 function transparentSighash(inputs, outputs, branchId, lockTime, expiryHeight, inputIndex, hashType) {
-    // T.1: header digest
+    // S.1: header digest (same as T.1)
     const hdrDigest = headerDigest(TX_VERSION, TX_VERSION_GROUP_ID, branchId, lockTime, expiryHeight);
-    // T.3: transparent digest (full, for the txid computation)
-    const txpDigest = transparentDigest(inputs, outputs, branchId);
-    // T.4: sapling digest (empty)
-    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash", branchId);
-    // T.5: orchard digest (empty)
-    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash", branchId);
-    // S.2: per-input transparent sighash data
-    // hash_type (1 byte)
-    // prevout (32 + 4 bytes)
-    // value (8 bytes)
-    // scriptPubKey (compact size + script bytes)
-    // sequence (4 bytes)
+    // S.2: transparent_sig_digest
+    // For SIGHASH_ALL without ANYONECANPAY:
+    // S.2a: hash_type (1 byte)
+    // S.2b: prevouts_sig_digest = prevouts_digest (same as T.2a)
+    // S.2c: amounts_sig_digest
+    // S.2d: scriptpubkeys_sig_digest
+    // S.2e: sequence_sig_digest = sequence_digest (same as T.2b)
+    // S.2f: outputs_sig_digest = outputs_digest (same as T.2c)
+    // S.2g: txin_sig_digest (per-input)
+    const prevoutsSigDigest = hashPrevouts(inputs, branchId);
+    const amountsSigDigest = hashAmounts(inputs, branchId);
+    const scriptpubkeysSigDigest = hashScriptPubKeys(inputs, branchId);
+    const sequenceSigDigest = hashSequences(inputs, branchId);
+    const outputsSigDigest = hashOutputs(outputs, branchId);
+    // S.2g: txin_sig_digest for the input being signed
     const inp = inputs[inputIndex];
     const prevout = Buffer.alloc(36);
     inp.prevTxid.copy(prevout, 0);
@@ -270,17 +267,23 @@ function transparentSighash(inputs, outputs, branchId, lockTime, expiryHeight, i
     writeI64LE(valueBuf, inp.value, 0);
     const seqBuf = Buffer.alloc(4);
     writeU32LE(seqBuf, inp.sequence, 0);
-    const txinSigDigestData = Buffer.concat([
+    const txinSigDigest = blake2b256(Buffer.concat([prevout, valueBuf, compactSize(inp.script.length), inp.script, seqBuf]), personalization("Zcash___TxInHash"));
+    // S.2: transparent_sig_digest
+    const transparentSigDigest = blake2b256(Buffer.concat([
         Buffer.from([hashType]),
-        prevout,
-        valueBuf,
-        compactSize(inp.script.length),
-        inp.script,
-        seqBuf,
-    ]);
-    const txinSigDigest = blake2b256(txinSigDigestData, personalization("Zcash___TxInHash", branchIdBytes(branchId)));
-    // Final sighash: BLAKE2b of all digests
-    return blake2b256(Buffer.concat([hdrDigest, txpDigest, sapDigest, orchDigest, txinSigDigest]), personalization("ZcashTxHash__", branchIdBytes(branchId)));
+        prevoutsSigDigest,
+        amountsSigDigest,
+        scriptpubkeysSigDigest,
+        sequenceSigDigest,
+        outputsSigDigest,
+        txinSigDigest,
+    ]), personalization("ZTxIdTranspaHash"));
+    // S.3: sapling digest (empty)
+    const sapDigest = emptyBundleDigest("ZTxIdSaplingHash");
+    // S.4: orchard digest (empty)
+    const orchDigest = emptyBundleDigest("ZTxIdOrchardHash");
+    // Final signature_digest
+    return blake2b256(Buffer.concat([hdrDigest, transparentSigDigest, sapDigest, orchDigest]), personalization("ZcashTxHash_", branchIdBytes(branchId)));
 }
 // Serialize a v5 transparent-only transaction to raw bytes.
 // If scriptSigs is provided, inputs get signed scriptSigs.
@@ -402,7 +405,7 @@ export function selectUTXOs(utxos, targetAmount, fee) {
  * Returns the unsigned serialized TX and per-input sighashes
  * that need to be signed via MPC.
  */
-export function buildUnsignedTx(utxos, recipient, amount, fee = 10000, changeAddress, branchId = BRANCH_ID.NU5) {
+export function buildUnsignedTx(utxos, recipient, amount, fee = 10000, changeAddress, branchId = BRANCH_ID.NU61) {
     if (utxos.length === 0)
         throw new Error("No UTXOs provided");
     if (amount <= 0)
@@ -467,7 +470,7 @@ function buildScriptSig(derSig, pubkey) {
  * DER-encoded signatures from MPC, and the compressed pubkey.
  * Returns hex-encoded signed transaction ready for broadcast.
  */
-export function attachSignatures(utxos, recipient, amount, fee, changeAddress, signatures, pubkey, branchId = BRANCH_ID.NU5) {
+export function attachSignatures(utxos, recipient, amount, fee, changeAddress, signatures, pubkey, branchId = BRANCH_ID.NU61) {
     if (signatures.length !== utxos.length) {
         throw new Error(`Expected ${utxos.length} signatures, got ${signatures.length}`);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@frontiercompute/zcash-ika",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Split-key custody for Zcash, Bitcoin, and EVM. 2PC-MPC signing, on-chain spend policy, transparent TX builder, ZAP1 attestation.",
   "type": "module",
   "main": "dist/index.js",
@@ -12,7 +12,8 @@
   "dependencies": {
     "@ika.xyz/sdk": "^0.3.1",
     "@mysten/sui": "^2.5.0",
-    "blakejs": "^1.2.1"
+    "blakejs": "^1.2.1",
+    "elliptic": "^6.6.1"
   },
   "devDependencies": {
     "@types/node": "^25.5.2",