@neuraiproject/neurai-message 0.9.0 → 0.9.1

package/README.md

@@ -4,7 +4,7 @@ Sign and verify messages in Neurai in JavaScript for Node.js and modern browsers
 
 ## Scope
 
-This package follows the current Neurai `signmessage` / `verifymessage` behavior for `legacy` signatures and also exposes the new `PQ` message-signature format.
+This package follows the current Neurai `signmessage` / `verifymessage` behavior for `legacy` signatures and also exposes the current `PQ` message-signature format bound to `AuthScript` witness-v1 addresses.
 
 The package supports two formats:
 
@@ -25,13 +25,16 @@ Instead, the exported signature embeds the serialized public key and the `ML-DSA
 
 - decode the Base64 payload
 - extract the serialized PQ public key
-- confirm `HASH160(pubkey_serialized)` matches the witness v1 program in the address
+- derive the default `AuthScript` commitment for `auth_type=0x01` and `witnessScript=OP_TRUE`
+- confirm that 32-byte commitment matches the witness v1 program in the address
 - verify the `ML-DSA-44` signature over the Neurai message hash
 
 The generic `verifyMessage(...)` function now auto-detects both formats. Use `sign(...)` for legacy and `signPQMessage(...)` for PQ.
 
 `signPQMessage(...)` expects the ML-DSA-44 secret key and the corresponding public key, either raw (`1312` bytes) or serialized as `0x05 || pubkey`.
 
+Legacy PQ witness-v1 keyhash addresses (`OP_1 <20-byte-hash>`) are intentionally not supported anymore. The package now matches the current Neurai `AuthScript` destination model (`OP_1 <32-byte-commitment>`).
+
 ## Package outputs
 
 This package now publishes explicit entry points:
@@ -88,12 +91,25 @@ const CoinKey = require("coinkey");
   const crypto = require("crypto");
   const { signPQMessage, verifyPQMessage } = require("@neuraiproject/neurai-message");
 
+  function taggedHash(tag, bytes) {
+    const tagHash = crypto.createHash("sha256").update(tag).digest();
+    return crypto.createHash("sha256").update(Buffer.concat([tagHash, tagHash, bytes])).digest();
+  }
+
   const keys = ml_dsa44.keygen();
   const serializedPubKey = Buffer.concat([Buffer.from([0x05]), Buffer.from(keys.publicKey)]);
-  const program = crypto.createHash("ripemd160").update(
-    crypto.createHash("sha256").update(serializedPubKey).digest()
-  ).digest();
-  const words = bech32m.toWords(program);
+  const authDescriptor = Buffer.concat([
+    Buffer.from([0x01]),
+    crypto.createHash("ripemd160").update(
+      crypto.createHash("sha256").update(serializedPubKey).digest()
+    ).digest(),
+  ]);
+  const witnessScriptHash = crypto.createHash("sha256").update(Buffer.from([0x51])).digest(); // OP_TRUE
+  const commitment = taggedHash(
+    "NeuraiAuthScript",
+    Buffer.concat([Buffer.from([0x01]), authDescriptor, witnessScriptHash])
+  );
+  const words = bech32m.toWords(commitment);
   words.unshift(1);
   const address = bech32m.encode("tnq", words);
 

package/dist/NeuraiMessage.global.js

@@ -12624,6 +12624,11 @@ var NeuraiMessage = (() => {
   var PQ_PUBLIC_KEY_LENGTH = 1312;
   var PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
   var PQ_SIGNATURE_LENGTH = 2420;
+  var AUTHSCRIPT_PROGRAM_LENGTH = 32;
+  var AUTHSCRIPT_DEFAULT_AUTH_TYPE = 1;
+  var AUTHSCRIPT_DOMAIN_SEPARATOR = 1;
+  var AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT = import_buffer3.Buffer.from([81]);
+  var AUTHSCRIPT_TAG = "NeuraiAuthScript";
   var LEGACY_MESSAGE_PREFIX = String.fromCharCode(import_buffer3.Buffer.byteLength(MESSAGE_MAGIC, "utf8")) + MESSAGE_MAGIC;
   function encodeCompactSize(value) {
     if (!Number.isInteger(value) || value < 0) {
@@ -12680,6 +12685,10 @@ var NeuraiMessage = (() => {
   function hash1602(bytes) {
     return (0, import_create_hash2.default)("ripemd160").update(sha2563(bytes)).digest();
   }
+  function taggedHash(tag, bytes) {
+    const tagHash = sha2563(import_buffer3.Buffer.from(tag, "utf8"));
+    return sha2563(import_buffer3.Buffer.concat([tagHash, tagHash, import_buffer3.Buffer.from(bytes)]));
+  }
   function encodeMessageHash(message) {
     const messageBytes = import_buffer3.Buffer.from(message, "utf8");
     const magicBytes = import_buffer3.Buffer.from(MESSAGE_MAGIC, "utf8");
@@ -12719,6 +12728,19 @@ var NeuraiMessage = (() => {
       program: import_buffer3.Buffer.from(import_bech322.bech32m.fromWords(decoded.words.slice(1)))
     };
   }
+  function getDefaultPQAuthScriptCommitment(serializedPublicKey) {
+    const authDescriptor = import_buffer3.Buffer.concat([
+      import_buffer3.Buffer.from([AUTHSCRIPT_DEFAULT_AUTH_TYPE]),
+      hash1602(serializedPublicKey)
+    ]);
+    const witnessScriptHash = sha2563(AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT);
+    const preimage = import_buffer3.Buffer.concat([
+      import_buffer3.Buffer.from([AUTHSCRIPT_DOMAIN_SEPARATOR]),
+      authDescriptor,
+      witnessScriptHash
+    ]);
+    return taggedHash(AUTHSCRIPT_TAG, preimage);
+  }
   function sign2(message, privateKey, compressed = true) {
     const signature = signLegacyMessage(
       message,
@@ -12778,10 +12800,12 @@ var NeuraiMessage = (() => {
         return false;
       }
       const decodedAddress = decodePQAddress(address);
-      if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+      if (decodedAddress.version !== 1 || decodedAddress.program.length !== AUTHSCRIPT_PROGRAM_LENGTH) {
         return false;
       }
-      const expectedProgram = hash1602(serializedPublicKey);
+      const expectedProgram = getDefaultPQAuthScriptCommitment(
+        serializedPublicKey
+      );
       if (!expectedProgram.equals(decodedAddress.program)) {
         return false;
       }

package/dist/browser.mjs

@@ -12598,6 +12598,11 @@ var PQ_SERIALIZED_PUBKEY_PREFIX = 5;
 var PQ_PUBLIC_KEY_LENGTH = 1312;
 var PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
 var PQ_SIGNATURE_LENGTH = 2420;
+var AUTHSCRIPT_PROGRAM_LENGTH = 32;
+var AUTHSCRIPT_DEFAULT_AUTH_TYPE = 1;
+var AUTHSCRIPT_DOMAIN_SEPARATOR = 1;
+var AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT = import_buffer3.Buffer.from([81]);
+var AUTHSCRIPT_TAG = "NeuraiAuthScript";
 var LEGACY_MESSAGE_PREFIX = String.fromCharCode(import_buffer3.Buffer.byteLength(MESSAGE_MAGIC, "utf8")) + MESSAGE_MAGIC;
 function encodeCompactSize(value) {
   if (!Number.isInteger(value) || value < 0) {
@@ -12654,6 +12659,10 @@ function hash2562(bytes) {
 function hash1602(bytes) {
   return (0, import_create_hash2.default)("ripemd160").update(sha2563(bytes)).digest();
 }
+function taggedHash(tag, bytes) {
+  const tagHash = sha2563(import_buffer3.Buffer.from(tag, "utf8"));
+  return sha2563(import_buffer3.Buffer.concat([tagHash, tagHash, import_buffer3.Buffer.from(bytes)]));
+}
 function encodeMessageHash(message) {
   const messageBytes = import_buffer3.Buffer.from(message, "utf8");
   const magicBytes = import_buffer3.Buffer.from(MESSAGE_MAGIC, "utf8");
@@ -12693,6 +12702,19 @@ function decodePQAddress(address) {
     program: import_buffer3.Buffer.from(import_bech322.bech32m.fromWords(decoded.words.slice(1)))
   };
 }
+function getDefaultPQAuthScriptCommitment(serializedPublicKey) {
+  const authDescriptor = import_buffer3.Buffer.concat([
+    import_buffer3.Buffer.from([AUTHSCRIPT_DEFAULT_AUTH_TYPE]),
+    hash1602(serializedPublicKey)
+  ]);
+  const witnessScriptHash = sha2563(AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT);
+  const preimage = import_buffer3.Buffer.concat([
+    import_buffer3.Buffer.from([AUTHSCRIPT_DOMAIN_SEPARATOR]),
+    authDescriptor,
+    witnessScriptHash
+  ]);
+  return taggedHash(AUTHSCRIPT_TAG, preimage);
+}
 function sign2(message, privateKey, compressed = true) {
   const signature = signLegacyMessage(
     message,
@@ -12752,10 +12774,12 @@ function verifyPQMessage(message, address, signature) {
       return false;
     }
     const decodedAddress = decodePQAddress(address);
-    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+    if (decodedAddress.version !== 1 || decodedAddress.program.length !== AUTHSCRIPT_PROGRAM_LENGTH) {
       return false;
     }
-    const expectedProgram = hash1602(serializedPublicKey);
+    const expectedProgram = getDefaultPQAuthScriptCommitment(
+      serializedPublicKey
+    );
     if (!expectedProgram.equals(decodedAddress.program)) {
       return false;
     }

package/dist/index.cjs

@@ -2699,6 +2699,11 @@ var PQ_SERIALIZED_PUBKEY_PREFIX = 5;
 var PQ_PUBLIC_KEY_LENGTH = 1312;
 var PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
 var PQ_SIGNATURE_LENGTH = 2420;
+var AUTHSCRIPT_PROGRAM_LENGTH = 32;
+var AUTHSCRIPT_DEFAULT_AUTH_TYPE = 1;
+var AUTHSCRIPT_DOMAIN_SEPARATOR = 1;
+var AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT = import_buffer2.Buffer.from([81]);
+var AUTHSCRIPT_TAG = "NeuraiAuthScript";
 var LEGACY_MESSAGE_PREFIX = String.fromCharCode(import_buffer2.Buffer.byteLength(MESSAGE_MAGIC, "utf8")) + MESSAGE_MAGIC;
 function encodeCompactSize(value) {
   if (!Number.isInteger(value) || value < 0) {
@@ -2755,6 +2760,10 @@ function hash2562(bytes) {
 function hash1602(bytes) {
   return (0, import_create_hash2.default)("ripemd160").update(sha2563(bytes)).digest();
 }
+function taggedHash(tag, bytes) {
+  const tagHash = sha2563(import_buffer2.Buffer.from(tag, "utf8"));
+  return sha2563(import_buffer2.Buffer.concat([tagHash, tagHash, import_buffer2.Buffer.from(bytes)]));
+}
 function encodeMessageHash(message) {
   const messageBytes = import_buffer2.Buffer.from(message, "utf8");
   const magicBytes = import_buffer2.Buffer.from(MESSAGE_MAGIC, "utf8");
@@ -2794,6 +2803,19 @@ function decodePQAddress(address) {
     program: import_buffer2.Buffer.from(import_bech322.bech32m.fromWords(decoded.words.slice(1)))
   };
 }
+function getDefaultPQAuthScriptCommitment(serializedPublicKey) {
+  const authDescriptor = import_buffer2.Buffer.concat([
+    import_buffer2.Buffer.from([AUTHSCRIPT_DEFAULT_AUTH_TYPE]),
+    hash1602(serializedPublicKey)
+  ]);
+  const witnessScriptHash = sha2563(AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT);
+  const preimage = import_buffer2.Buffer.concat([
+    import_buffer2.Buffer.from([AUTHSCRIPT_DOMAIN_SEPARATOR]),
+    authDescriptor,
+    witnessScriptHash
+  ]);
+  return taggedHash(AUTHSCRIPT_TAG, preimage);
+}
 function sign2(message, privateKey, compressed = true) {
   const signature = signLegacyMessage(
     message,
@@ -2853,10 +2875,12 @@ function verifyPQMessage(message, address, signature) {
       return false;
     }
     const decodedAddress = decodePQAddress(address);
-    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+    if (decodedAddress.version !== 1 || decodedAddress.program.length !== AUTHSCRIPT_PROGRAM_LENGTH) {
       return false;
     }
-    const expectedProgram = hash1602(serializedPublicKey);
+    const expectedProgram = getDefaultPQAuthScriptCommitment(
+      serializedPublicKey
+    );
     if (!expectedProgram.equals(decodedAddress.program)) {
       return false;
     }

package/dist/index.mjs

@@ -2689,6 +2689,11 @@ var PQ_SERIALIZED_PUBKEY_PREFIX = 5;
 var PQ_PUBLIC_KEY_LENGTH = 1312;
 var PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
 var PQ_SIGNATURE_LENGTH = 2420;
+var AUTHSCRIPT_PROGRAM_LENGTH = 32;
+var AUTHSCRIPT_DEFAULT_AUTH_TYPE = 1;
+var AUTHSCRIPT_DOMAIN_SEPARATOR = 1;
+var AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT = Buffer3.from([81]);
+var AUTHSCRIPT_TAG = "NeuraiAuthScript";
 var LEGACY_MESSAGE_PREFIX = String.fromCharCode(Buffer3.byteLength(MESSAGE_MAGIC, "utf8")) + MESSAGE_MAGIC;
 function encodeCompactSize(value) {
   if (!Number.isInteger(value) || value < 0) {
@@ -2745,6 +2750,10 @@ function hash2562(bytes) {
 function hash1602(bytes) {
   return (0, import_create_hash2.default)("ripemd160").update(sha2563(bytes)).digest();
 }
+function taggedHash(tag, bytes) {
+  const tagHash = sha2563(Buffer3.from(tag, "utf8"));
+  return sha2563(Buffer3.concat([tagHash, tagHash, Buffer3.from(bytes)]));
+}
 function encodeMessageHash(message) {
   const messageBytes = Buffer3.from(message, "utf8");
   const magicBytes = Buffer3.from(MESSAGE_MAGIC, "utf8");
@@ -2784,6 +2793,19 @@ function decodePQAddress(address) {
     program: Buffer3.from(import_bech322.bech32m.fromWords(decoded.words.slice(1)))
   };
 }
+function getDefaultPQAuthScriptCommitment(serializedPublicKey) {
+  const authDescriptor = Buffer3.concat([
+    Buffer3.from([AUTHSCRIPT_DEFAULT_AUTH_TYPE]),
+    hash1602(serializedPublicKey)
+  ]);
+  const witnessScriptHash = sha2563(AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT);
+  const preimage = Buffer3.concat([
+    Buffer3.from([AUTHSCRIPT_DOMAIN_SEPARATOR]),
+    authDescriptor,
+    witnessScriptHash
+  ]);
+  return taggedHash(AUTHSCRIPT_TAG, preimage);
+}
 function sign2(message, privateKey, compressed = true) {
   const signature = signLegacyMessage(
     message,
@@ -2843,10 +2865,12 @@ function verifyPQMessage(message, address, signature) {
       return false;
     }
     const decodedAddress = decodePQAddress(address);
-    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+    if (decodedAddress.version !== 1 || decodedAddress.program.length !== AUTHSCRIPT_PROGRAM_LENGTH) {
       return false;
     }
-    const expectedProgram = hash1602(serializedPublicKey);
+    const expectedProgram = getDefaultPQAuthScriptCommitment(
+      serializedPublicKey
+    );
     if (!expectedProgram.equals(decodedAddress.program)) {
       return false;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neuraiproject/neurai-message",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Sign and Verify messages in Neurai",
   "source": "index.ts",
   "main": "dist/index.cjs",

package/src/core.ts

@@ -10,6 +10,11 @@ const PQ_SERIALIZED_PUBKEY_PREFIX = 0x05;
 const PQ_PUBLIC_KEY_LENGTH = 1312;
 const PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
 const PQ_SIGNATURE_LENGTH = 2420;
+const AUTHSCRIPT_PROGRAM_LENGTH = 32;
+const AUTHSCRIPT_DEFAULT_AUTH_TYPE = 0x01;
+const AUTHSCRIPT_DOMAIN_SEPARATOR = 0x01;
+const AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT = Buffer.from([0x51]); // OP_TRUE
+const AUTHSCRIPT_TAG = "NeuraiAuthScript";
 const LEGACY_MESSAGE_PREFIX =
   String.fromCharCode(Buffer.byteLength(MESSAGE_MAGIC, "utf8")) +
   MESSAGE_MAGIC;
@@ -83,6 +88,11 @@ function hash160(bytes: Uint8Array) {
   return createHash("ripemd160").update(sha256(bytes)).digest();
 }
 
+function taggedHash(tag: string, bytes: Uint8Array) {
+  const tagHash = sha256(Buffer.from(tag, "utf8"));
+  return sha256(Buffer.concat([tagHash, tagHash, Buffer.from(bytes)]));
+}
+
 function encodeMessageHash(message: string) {
   const messageBytes = Buffer.from(message, "utf8");
   const magicBytes = Buffer.from(MESSAGE_MAGIC, "utf8");
@@ -137,6 +147,21 @@ function decodePQAddress(address: string) {
   };
 }
 
+function getDefaultPQAuthScriptCommitment(serializedPublicKey: Uint8Array) {
+  const authDescriptor = Buffer.concat([
+    Buffer.from([AUTHSCRIPT_DEFAULT_AUTH_TYPE]),
+    hash160(serializedPublicKey),
+  ]);
+  const witnessScriptHash = sha256(AUTHSCRIPT_DEFAULT_WITNESS_SCRIPT);
+  const preimage = Buffer.concat([
+    Buffer.from([AUTHSCRIPT_DOMAIN_SEPARATOR]),
+    authDescriptor,
+    witnessScriptHash,
+  ]);
+
+  return taggedHash(AUTHSCRIPT_TAG, preimage);
+}
+
 /** returns a base64 encoded string representation of the legacy signature */
 export function sign(message: string, privateKey: Uint8Array, compressed = true) {
   const signature = signLegacyMessage(
@@ -227,11 +252,16 @@ export function verifyPQMessage(
     }
 
     const decodedAddress = decodePQAddress(address);
-    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+    if (
+      decodedAddress.version !== 1 ||
+      decodedAddress.program.length !== AUTHSCRIPT_PROGRAM_LENGTH
+    ) {
       return false;
     }
 
-    const expectedProgram = hash160(serializedPublicKey);
+    const expectedProgram = getDefaultPQAuthScriptCommitment(
+      serializedPublicKey
+    );
     if (!expectedProgram.equals(decodedAddress.program)) {
       return false;
     }

package/test.spec.js

@@ -16,6 +16,30 @@ const address = "RVDUQTULaceEudDsgqCQBT6bfcdqUSvJPV";
 const message = "Hello world";
 const signature = sign(message, privateKey, compressed);
 
+function sha256(bytes) {
+  return createHash("sha256").update(bytes).digest();
+}
+
+function taggedHash(tag, bytes) {
+  const tagHash = sha256(Buffer.from(tag, "utf8"));
+  return sha256(Buffer.concat([tagHash, tagHash, Buffer.from(bytes)]));
+}
+
+function createDefaultPQAuthScriptAddress(hrp, serializedPublicKey) {
+  const authDescriptor = Buffer.concat([
+    Buffer.from([0x01]),
+    createHash("ripemd160").update(sha256(serializedPublicKey)).digest(),
+  ]);
+  const witnessScriptHash = sha256(Buffer.from([0x51]));
+  const commitment = taggedHash(
+    "NeuraiAuthScript",
+    Buffer.concat([Buffer.from([0x01]), authDescriptor, witnessScriptHash])
+  );
+  const words = bech32m.toWords(commitment);
+  words.unshift(1);
+  return bech32m.encode(hrp, words);
+}
+
 test("Verify valid message signature", () => {
   const result = verifyMessage(message, address, signature);
 
@@ -39,12 +63,7 @@ test("Verify valid PQ message signature", async () => {
     Buffer.from([0x05]),
     Buffer.from(keys.publicKey),
   ]);
-  const program = createHash("ripemd160")
-    .update(createHash("sha256").update(serializedPublicKey).digest())
-    .digest();
-  const words = bech32m.toWords(program);
-  words.unshift(1);
-  const pqAddress = bech32m.encode("tnq", words);
+  const pqAddress = createDefaultPQAuthScriptAddress("tnq", serializedPublicKey);
   const pqMessage = "Hello from PQ";
   const pqSignature = signPQMessage(pqMessage, keys.secretKey, keys.publicKey);
 
@@ -60,12 +79,7 @@ test("Reject invalid PQ message signature", async () => {
     Buffer.from([0x05]),
     Buffer.from(keys.publicKey),
   ]);
-  const program = createHash("ripemd160")
-    .update(createHash("sha256").update(serializedPublicKey).digest())
-    .digest();
-  const words = bech32m.toWords(program);
-  words.unshift(1);
-  const pqAddress = bech32m.encode("tnq", words);
+  const pqAddress = createDefaultPQAuthScriptAddress("tnq", serializedPublicKey);
   const pqMessage = "Hello from PQ";
   const pqSignature = signPQMessage(pqMessage, keys.secretKey, keys.publicKey);
 
@@ -73,3 +87,24 @@ test("Reject invalid PQ message signature", async () => {
     false
   );
 });
+
+test("Reject old PQ witness-v1 keyhash addresses", async () => {
+  const { ml_dsa44 } = await import("@noble/post-quantum/ml-dsa.js");
+  const seed = Buffer.alloc(32, 11);
+  const keys = ml_dsa44.keygen(seed);
+  const serializedPublicKey = Buffer.concat([
+    Buffer.from([0x05]),
+    Buffer.from(keys.publicKey),
+  ]);
+  const oldProgram = createHash("ripemd160")
+    .update(sha256(serializedPublicKey))
+    .digest();
+  const words = bech32m.toWords(oldProgram);
+  words.unshift(1);
+  const oldPqAddress = bech32m.encode("tnq", words);
+  const pqMessage = "Hello from PQ";
+  const pqSignature = signPQMessage(pqMessage, keys.secretKey, keys.publicKey);
+
+  expect(verifyPQMessage(pqMessage, oldPqAddress, pqSignature)).toBe(false);
+  expect(verifyMessage(pqMessage, oldPqAddress, pqSignature)).toBe(false);
+});