@shakesco/silent 1.0.0

package/README.md

@@ -0,0 +1,200 @@
+# @shakesco/silent
+
+## Install
+
+To get started, install the package with your package manager.
+
+```shell {filename=cmd}
+npm i @shakesco/silent
+```
+
+After installing:
+
+```js {filename="index.js"}
+const shakesco = require("@shakesco/silent");
+const {
+  KeyGeneration,
+  SilentPaymentDestination,
+  SilentPaymentBuilder,
+  ECPrivateInfo,
+  Network,
+  BitcoinScriptOutput,
+  bip32,
+  bip39
+} = shakesco;
+```
+
+### Generate Silent Payment address
+
+This will generate the silent payment address. It prepares a receiver to receive silent payments.
+You can generate a silent payment address in three ways:
+
+##### Private Keys
+
+If you are not a wallet provider, use this method. More specifically, you can make the user sign a message and then derive `b_scan` and `b_spend` from the resulting [signature](https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages#ecdsa-sign) (Use `r` as `b_scan` and `s` as `b_spend` or vice versa).
+
+>⚠️ If you are not using this method, ensure that a cryptographically secure random number generator is being used.
+
+```js {filename="index.js"}
+function main() {
+    const b_scan = "";
+    const b_spend = "";
+    const keys = KeyGeneration.fromPrivateKeys({
+    b_scan: b_scan,
+    b_spend: b_spend,
+    network: "testnet",
+    });
+    const silentPaymentAddress = keys.toAddress();
+    console.log(silentPaymentAddress); // Silent payment address
+}
+```
+
+##### Mnemonic and HD Key
+
+If you are a wallet provider, use this method.
+
+```js {filename="index.js"}
+function main() {
+  const mnemonic = ""; // 12, 15, 24 word phrase
+  const keys = KeyGeneration.fromMnemonic(mnemonic);
+  const silentPaymentAddress = keys.toAddress();
+  console.log(silentPaymentAddress);
+
+// const seed = bip39.mnemonicToSeedSync(mnemonic);
+// const node = bip32.fromSeed(seed);
+// const keys = KeyGeneration.fromHd(node);
+// const silentPaymentAddress = keys.toAddress();
+// console.log(silentPaymentAddress);
+}
+```
+
+### Create a taproot address destination
+
+Here is where you create a destination address for the user to send to a newly generated Taproot address, derived from the receiver's silent payment address generated above.
+You will need:
+
+1. The Unspent Transaction Output(UTXO) of the user, hash and output_index.
+2. The private key of the UTXO in 1 above.
+3. Amount the user wants to send. Should be in satoshis(1 BTC = 100<sup>6</sup> satoshis)
+4. Finally, the public keys of the 2 secret shares, `B_scan` and `B_spend`
+
+```js {filename="index.js"}
+function main() {
+    const addressPubKeys = KeyGeneration.fromAddress(silentPaymentAddress);
+    const vinOutpoints = [
+    {
+        txid: "367e24cac43a7d77621ceb1cbc1cf4a7719fc81b05b07b38f99b043f4e8b95dc",
+        index: 1,
+    },
+    ];
+
+    const pubkeys = [
+    "025c471f0e7d30d6f9095058bbaedaf13e1de67dbfcbe8328e6378d2a3bfb5cfd0",
+    ];
+    const UTXOPrivatekey = "";
+    const builder = new SilentPaymentBuilder({
+    vinOutpoints: vinOutpoints,
+    pubkeys: pubkeys,
+    }).createOutputs(
+    [
+        new ECPrivateInfo(
+        UTXOPrivatekey,
+        false // If the output is from a taproot address
+        ),
+    ],
+    [
+        new SilentPaymentDestination({
+        amount: 1000,
+        network: Network.Testnet,
+        version: 0,
+        scanPubkey: addressPubKeys.B_scan,
+        spendPubkey: addressPubKeys.B_spend,
+        }),
+    ]
+    );
+    console.log(builder[silentPaymentAddress][0]); // Access the taproot address and send 1000 satoshis
+}
+```
+
+### Scan for funds
+
+Scanning for funds is a drawback of silent payments. So below is how you can check if a certain transaction belongs to a user. You will need:
+
+1. The transaction input's tx_hash and output_index.
+2. Public key outputted.
+3. Script and amount from the outputted taproot address
+
+For more info, go [here](https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki#scanning-silent-payment-eligible-transactions)
+
+```js {filename="index.js"}
+function main() {
+    const vinOutpoints = [
+    {
+        txid: "367e24cac43a7d77621ceb1cbc1cf4a7719fc81b05b07b38f99b043f4e8b95dc",
+        index: 1,
+    },
+    ];
+
+    const pubkeys = [
+    "025c471f0e7d30d6f9095058bbaedaf13e1de67dbfcbe8328e6378d2a3bfb5cfd0",
+    ];
+    const search = new SilentPaymentBuilder({
+    vinOutpoints: vinOutpoints,
+    pubkeys: pubkeys,
+    network: Network.Testnet,
+    }).scanOutputs(keys.b_scan, keys.B_spend, [
+    new BitcoinScriptOutput(
+        "5120fdcb28bcea339a5d36d0c00a3e110b837bf1151be9e7ac9a8544e18b2f63307d",
+        BigInt(1000)
+    ),
+    ]);
+
+    console.log(
+    search[builder[keys.toAddress()][0].address.pubkey.toString("hex")].output
+    );
+}
+```
+
+If the address above matches the taproot address from the output in the transaction, it belongs to the user.
+
+### Spend funds
+
+If the funds belong to the user, they can spend like so:
+
+First, you will need:
+
+1. The transaction input's tx_hash and output_index.
+2. Public key outputted.
+3. Receiver's spend and scan private keys.
+
+```js {filename="index.js"}
+function main() {
+     const vinOutpoints = [
+        {
+            txid: "367e24cac43a7d77621ceb1cbc1cf4a7719fc81b05b07b38f99b043f4e8b95dc",
+            index: 1,
+        },
+    ];
+
+    const pubkeys = [
+    "025c471f0e7d30d6f9095058bbaedaf13e1de67dbfcbe8328e6378d2a3bfb5cfd0",
+    ];
+    const private_key = new SilentPaymentBuilder({
+    vinOutpoints: vinOutpoints,
+    pubkeys: pubkeys,
+    }).spendOutputs(keys.b_scan, keys.b_spend);
+
+    console.log(private_key); // use this to build a taproot transaction with bitcoinjs: https://github.com/bitcoinjs/bitcoinjs-lib
+}
+```
+
+The receiver can use `private_key` to spend the funds!
+
+Thats it! 🎊🎊🎊
+
+### Contribute
+
+If you love what we do to progress privacy, [contribute](https://me-qr.com/text/vPod5qN0 "btc_addr") to further development
+
+<img src="./images/bitcoin.png" alt="btc_addr" style="display: inline-block; margin-right: 100px; margin-left: 70px;" width="200">
+<img src="./images/silent.png" alt="silent_addr" width="200" style="display: inline-block; margin-right: 10px;">

package/classes/CreateOutput.js

@@ -0,0 +1,337 @@
+const elliptic = require("elliptic");
+const ec = new elliptic.ec("secp256k1");
+const BN = require("bn.js");
+const { toTaprootAddress } = require("../utils/taproot");
+const {
+  toBytes,
+  taggedHash,
+  toTweakedTaprootKey,
+  negate,
+  tweakAddPrivate,
+  tweakMulPrivate,
+  tweakMulPublic,
+  tweakAddPublic,
+  pubNegate,
+} = require("../utils/utils");
+const SilentPaymentScanningOutput = require("../utils/output");
+
+/**
+ * This class helps you create a destination taproot address, scan and spend
+ * silent payment.
+ */
+
+class SilentPaymentBuilder {
+  constructor({ vinOutpoints, pubkeys, network = "mainnet", receiverTweak }) {
+    this.vinOutpoints = vinOutpoints;
+    this.pubkeys = pubkeys;
+    this.receiverTweak = receiverTweak;
+    this.network = network;
+    this.A_sum = null;
+    this.inputHash = null;
+
+    if (receiverTweak == null && pubkeys != null) {
+      this._getAsum();
+      this._getInputHash();
+    }
+  }
+
+  _getAsum() {
+    const head = this.pubkeys[0];
+    const tail = this.pubkeys.slice(1);
+
+    this.A_sum = tail.reduce((acc, item) => {
+      const accPoint = ec.keyFromPublic(acc, "hex").getPublic();
+      const itemPoint = ec.keyFromPublic(item, "hex").getPublic();
+      return accPoint.add(itemPoint).encode("hex", true);
+    }, head);
+  }
+
+  _getInputHash() {
+    const sortedOutpoints = this.vinOutpoints.map((outpoint) => {
+      const txidBuffer = Buffer.from(outpoint.txid, "hex").reverse();
+      const indexBuffer = Buffer.alloc(4);
+      indexBuffer.writeUInt32LE(outpoint.index);
+      return Buffer.concat([txidBuffer, indexBuffer]);
+    });
+
+    sortedOutpoints.sort(Buffer.compare);
+    const lowestOutpoint = sortedOutpoints[0];
+
+    const A_sumBuffer = Buffer.from(this.A_sum, "hex");
+    this.inputHash = taggedHash(
+      Buffer.concat([lowestOutpoint, A_sumBuffer]),
+      "BIP0352/Inputs"
+    );
+  }
+
+  /**
+   * Create a destination taproot address for each silent payment address
+   * @param inputPrivKeyInfos Private key for each transaction output. Use ECPrivateInfo
+   * @param silentPaymentDestinations Destination of the silent payment. Use SilentPaymentDestination
+   * @returns Object pointing each silent payment address to the destination taproot address
+   */
+
+  createOutputs(inputPrivKeyInfos, silentPaymentDestinations) {
+    let a_sum = null;
+    let network;
+
+    for (const info of inputPrivKeyInfos) {
+      let k = ec.keyFromPrivate(info.privkey);
+      const isTaproot = info.isTaproot;
+
+      if (isTaproot) {
+        if (info.tweak) {
+          k = toTweakedTaprootKey(k);
+        }
+
+        const xOnlyPubkey = k.getPublic();
+        const isOdd = xOnlyPubkey.getY().isOdd();
+
+        if (isOdd) {
+          k = negate(k);
+        }
+      }
+
+      if (a_sum === null) {
+        a_sum = k;
+      } else {
+        a_sum = tweakAddPrivate(a_sum, k.getPrivate());
+      }
+    }
+
+    this.A_sum = a_sum.getPublic().encode("hex", true);
+    this._getInputHash();
+
+    const silentPaymentGroups = {};
+
+    for (const silentPaymentDestination of silentPaymentDestinations) {
+      const B_scan = silentPaymentDestination.B_scan;
+      network = silentPaymentDestination.network;
+      const scanPubkey = B_scan;
+
+      if (silentPaymentGroups[scanPubkey]) {
+        const group = silentPaymentGroups[scanPubkey];
+        const ecdhSharedSecret = Object.keys(group)[0];
+        const recipients = group[ecdhSharedSecret];
+
+        silentPaymentGroups[scanPubkey] = {
+          [ecdhSharedSecret]: [...recipients, silentPaymentDestination],
+        };
+      } else {
+        const senderPartialSecret = tweakMulPrivate(
+          a_sum,
+          new BN(this.inputHash)
+        );
+        const ecdhSharedSecret = tweakMulPublic(
+          ec.keyFromPublic(B_scan, "hex").getPublic(),
+          senderPartialSecret.getPrivate()
+        ).encode("hex", true);
+
+        silentPaymentGroups[scanPubkey] = {
+          [ecdhSharedSecret]: [silentPaymentDestination],
+        };
+      }
+    }
+
+    const result = {};
+
+    for (const [scanPubkey, group] of Object.entries(silentPaymentGroups)) {
+      const ecdhSharedSecret = Object.keys(group)[0];
+      const destinations = group[ecdhSharedSecret];
+
+      let k = 0;
+      for (const destination of destinations) {
+        const t_k = taggedHash(
+          Buffer.concat([
+            Buffer.from(
+              ec
+                .keyFromPublic(Buffer.from(ecdhSharedSecret, "hex"))
+                .getPublic()
+                .encodeCompressed(),
+              "array"
+            ),
+            Buffer.from(toBytes(BigInt(k), 4), "array"),
+          ]),
+          "BIP0352/SharedSecret"
+        );
+
+        const P_mn = tweakAddPublic(
+          ec.keyFromPublic(destination.B_spend, "hex").getPublic(),
+          new BN(t_k)
+        );
+
+        const resOutput = {
+          address: toTaprootAddress(P_mn, network, { tweak: false }),
+          amount: destination.amount,
+        };
+
+        if (result[destination.toString()]) {
+          result[destination.toString()].push(resOutput);
+        } else {
+          result[destination.toString()] = [resOutput];
+        }
+
+        k++;
+      }
+    }
+
+    return result;
+  }
+
+  /**
+   * Scan every transaction on the network to find users silent payments
+   * Check here to see valid checks: https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki#scanning-silent-payment-eligible-transactions
+   * @param b_scan Scan private key.
+   * @param B_spend Spend Public key
+   * @param outputsToCheck Script and amount to check. Use BitcoinScriptOutput
+   * @param precomputedLabels Optional labels to differentiate silent payments if already precomputed.
+   * @returns Silent payment address and the amount
+   */
+
+  scanOutputs(b_scan, B_spend, outputsToCheck, precomputedLabels = {}) {
+    const tweakDataForRecipient = this.receiverTweak
+      ? ec.keyFromPublic(this.receiverTweak).getPublic()
+      : tweakMulPublic(
+          ec.keyFromPublic(Buffer.from(this.A_sum, "hex")).getPublic(),
+          this.inputHash
+        );
+    const ecdhSharedSecret = tweakMulPublic(tweakDataForRecipient, b_scan);
+
+    const matches = {};
+    var k = 0;
+
+    do {
+      const t_k = taggedHash(
+        Buffer.concat([
+          Buffer.from(ecdhSharedSecret.encodeCompressed(), "array"),
+          Buffer.from(toBytes(BigInt(k), 4), "array"),
+        ]),
+        "BIP0352/SharedSecret"
+      );
+
+      const P_k = tweakAddPublic(B_spend, t_k);
+      const length = outputsToCheck.length;
+
+      for (var i = 0; i < length; i++) {
+        const output = outputsToCheck[i].script.slice(4);
+        const outputPubkey = output.toString("hex");
+        const outputAmount = Number(outputsToCheck[i].value);
+
+        if (
+          Buffer.compare(
+            Buffer.from(output, "hex"),
+            Buffer.from(P_k.encodeCompressed().slice(1), "array")
+          ) === 0
+        ) {
+          matches[outputPubkey] = new SilentPaymentScanningOutput({
+            output: new SilentPaymentOutput(
+              toTaprootAddress(P_k, this.network, {
+                tweak: false,
+              }),
+              outputAmount
+            ),
+            tweak: t_k.toString("hex"),
+          });
+
+          outputsToCheck.splice(i, 1);
+          k++;
+          break;
+        }
+
+        if (precomputedLabels != null && precomputedLabels.isNotEmpty) {
+          var m_G_sub = tweakAddPublic(
+            ec.keyFromPublic(Buffer.from(output, "hex")).getPublic(),
+            pubNegate(P_k)
+          );
+          var m_G =
+            precomputedLabels[
+              ec.keyFromPublic(m_G_sub).getPublic().encodeCompressed("hex")
+            ];
+
+          if (!m_G) {
+            m_G_sub = ec
+              .keyFromPublic(Buffer.from(output, "hex"))
+              .getPublic()
+              .add(pubNegate(P_k));
+            m_G =
+              precomputedLabels[
+                ec.keyFromPublic(m_G_sub).getPublic().encodeCompressed("hex")
+              ];
+          }
+
+          if (m_G) {
+            const P_km = tweakAddPublic(P_k, m_G);
+
+            matches[outputPubkey] = new SilentPaymentScanningOutput({
+              output: new SilentPaymentOutput(
+                toTaprootAddress(P_km, this.network, {
+                  tweak: false,
+                }),
+                outputAmount
+              ),
+              tweak: tweakAddPrivate(ec.keyFromPrivate(t_k).getPrivate(), m_G)
+                .getPrivate()
+                .toString("hex"),
+              label: m_G,
+            });
+
+            outputsToCheck.splice(i, 1);
+            k++;
+            break;
+          }
+        }
+
+        outputsToCheck.splice(i, 1);
+
+        if (i + 1 >= outputsToCheck.length) {
+          break;
+        }
+      }
+    } while (outputsToCheck.isNotEmpty);
+
+    return matches;
+  }
+
+  /**
+   * Spend the silent payment
+   * @param b_scan Scan private key
+   * @param b_spend Spend private Key
+   * @returns
+   */
+
+  spendOutputs(b_scan, b_spend) {
+    const tweakDataForRecipient = this.receiverTweak
+      ? ec.keyFromPublic(this.receiverTweak).getPublic()
+      : tweakMulPublic(
+          ec.keyFromPublic(Buffer.from(this.A_sum, "hex")).getPublic(),
+          this.inputHash
+        );
+    const ecdhSharedSecret = tweakMulPublic(tweakDataForRecipient, b_scan);
+
+    var k = 0;
+
+    const t_k = taggedHash(
+      Buffer.concat([
+        Buffer.from(ecdhSharedSecret.encodeCompressed(), "array"),
+        Buffer.from(toBytes(BigInt(k), 4), "array"),
+      ]),
+      "BIP0352/SharedSecret"
+    );
+
+    const p_k = tweakAddPrivate(
+      ec.keyFromPrivate(b_spend.toString("hex")),
+      new BN(t_k)
+    );
+
+    return p_k.getPrivate().toString("hex");
+  }
+}
+
+class SilentPaymentOutput {
+  constructor(address, value) {
+    this.address = address;
+    this.value = value;
+  }
+}
+
+module.exports = SilentPaymentBuilder;

package/classes/KeyGeneration.js

@@ -0,0 +1,195 @@
+const EC = require("elliptic").ec;
+const ec = new EC("secp256k1");
+const tinysecp = require("tiny-secp256k1");
+const { BIP32Factory } = require("bip32");
+const bip39 = require("bip39");
+const {
+  encodeBech32,
+  convertToBase32,
+  convertFromBase32,
+  decodeBech32,
+} = require("../utils/bech32");
+const Network = require("../utils/network");
+const bip32 = BIP32Factory(tinysecp);
+
+const SCAN_PATH = "m/352'/1'/0'/1'/0";
+
+const SPEND_PATH = "m/352'/1'/0'/0'/0";
+
+class SilentPaymentAddress {
+  static get regex() {
+    return /(^|\s)t?sp(rt)?1[0-9a-zA-Z]{113}($|\s)/;
+  }
+
+  constructor({ B_scan, B_spend, network = Network.Mainnet, version = 0 }) {
+    this.B_scan = B_scan;
+    this.B_spend = B_spend;
+    this.network = network;
+    this.version = version;
+    this.hrp = this.network === Network.Testnet ? "tsp" : "sp";
+
+    // Version validation
+    if (this.version !== 0) {
+      throw new Error("Can't have other version than 0 for now");
+    }
+  }
+
+  /**
+   * Returns silent address public keys
+   * @param address The silent payment address
+   * @returns Scan public key and Spend public key
+   */
+
+  static fromAddress(address) {
+    const decoded = decodeBech32(address);
+    const prefix = decoded[0];
+    const words = decoded[1];
+
+    if (prefix !== "sp" && prefix !== "sprt" && prefix !== "tsp") {
+      throw new Error(`Invalid prefix: ${prefix}`);
+    }
+
+    const version = words[0];
+    if (version !== 0) throw new Error("Invalid version");
+
+    // Convert words to bytes (base32 to bytes)
+    const key = convertFromBase32(words.slice(1));
+
+    return new SilentPaymentAddress({
+      B_scan: ec.keyFromPublic(key.slice(0, 33)).getPublic(),
+      B_spend: ec.keyFromPublic(key.slice(33)).getPublic(),
+      network: prefix === "tsp" ? Network.Testnet : Network.Mainnet,
+      version: version,
+    });
+  }
+
+  /**
+   * Get silent payment address
+   * @returns Silent payment address
+   */
+
+  toAddress() {
+    return this.toString();
+  }
+
+  static toString() {
+    const encodedResult = encodeBech32(this.hrp, [
+      this.version,
+      ...convertToBase32([
+        ...this.B_scan.encodeCompressed("array"),
+        ...this.B_spend.encodeCompressed("array"),
+      ]),
+    ]);
+
+    return encodedResult;
+  }
+}
+
+class SilentPaymentDestination extends SilentPaymentAddress {
+  constructor({ version, scanPubkey, spendPubkey, network, amount }) {
+    super({
+      version,
+      B_scan: scanPubkey,
+      B_spend: spendPubkey,
+      network: network,
+    });
+    this.amount = amount;
+  }
+
+  static fromAddress(address, amount) {
+    const receiver = SilentPaymentAddress.fromAddress(address);
+
+    return new SilentPaymentDestination({
+      scanPubkey: receiver.B_scan,
+      spendPubkey: receiver.B_spend,
+      network: receiver.network,
+      version: receiver.version,
+      amount: amount,
+    });
+  }
+}
+
+// Creating spending and scanning keys
+class KeyGeneration extends SilentPaymentAddress {
+  constructor({ version = 0, B_scan, B_spend, b_scan, b_spend, network }) {
+    super({
+      B_scan: B_scan,
+      B_spend: B_spend,
+      network: network,
+      version: version,
+    });
+    this.b_scan = b_scan;
+    this.b_spend = b_spend;
+    this.B_scan = B_scan;
+    this.B_spend = B_spend;
+    this.network = network;
+  }
+
+  /**
+   * Generate silent payment address through private keys
+   * @param b_scan Scan private key
+   * @param b_spend Spend private key
+   * @returns
+   */
+
+  static fromPrivateKeys({
+    b_scan,
+    b_spend,
+    network = Network.Mainnet,
+    version = 0,
+  }) {
+    b_scan = b_scan.startsWith("0x") ? b_scan.slice(2) : b_scan;
+    b_spend = b_spend.startsWith("0x") ? b_spend.slice(2) : b_spend;
+
+    const B_scan = ec.keyFromPrivate(b_scan).getPublic();
+    const B_spend = ec.keyFromPrivate(b_spend).getPublic();
+
+    return new KeyGeneration({
+      b_scan: ec.keyFromPrivate(b_scan).getPrivate(),
+      b_spend: ec.keyFromPrivate(b_spend).getPrivate(),
+      B_scan: B_scan,
+      B_spend: B_spend,
+      network: network,
+      version: version,
+    });
+  }
+
+  /**
+   * Generate silent payment address through HD keys
+   * @param bip32 HD wallet. We have provided an easy way to access bip32
+   * @param hrp 'sp' for mainnet, tsp for testnet
+   * @returns
+   */
+
+  static fromHd(bip32, { hrp = "sp", version = 0 } = {}) {
+    const scanDerivation = bip32.derivePath(SCAN_PATH);
+    const spendDerivation = bip32.derivePath(SPEND_PATH);
+    return new KeyGeneration({
+      b_scan: ec.keyFromPrivate(scanDerivation.privateKey).getPrivate(),
+      b_spend: ec.keyFromPrivate(spendDerivation.privateKey).getPrivate(),
+      B_scan: ec.keyFromPrivate(scanDerivation.privateKey).getPublic(),
+      B_spend: ec.keyFromPrivate(spendDerivation.privateKey).getPublic(),
+      network: hrp == "tsp" ? Network.Testnet : Network.Mainnet,
+      version: version,
+    });
+  }
+
+  /**
+   * Generate silent payment address through mnemonic
+   * @param mnemonic Mnemonic phrase.
+   * @param hrp 'sp' for mainnet, tsp for testnet
+   * @returns
+   */
+
+  static fromMnemonic(mnemonic, { hrp = "sp", version = 0 } = {}) {
+    return KeyGeneration.fromHd(
+      bip32.fromSeed(bip39.mnemonicToSeedSync(mnemonic)),
+      {
+        hrp: hrp,
+        version: version,
+      }
+    );
+  }
+}
+
+module.exports = { KeyGeneration, SilentPaymentDestination };

package/index.js

@@ -0,0 +1,23 @@
+const {
+  KeyGeneration,
+  SilentPaymentDestination,
+} = require("./classes/KeyGeneration");
+const SilentPaymentBuilder = require("./classes/CreateOutput");
+const ECPrivateInfo = require("./utils/info");
+const Network = require("./utils/network");
+const BitcoinScriptOutput = require("./utils/scriptOutput");
+const { BIP32Factory } = require("bip32");
+const tinysecp = require("tiny-secp256k1");
+const bip32 = BIP32Factory(tinysecp);
+const bip39 = require("bip39");
+
+module.exports = {
+  KeyGeneration,
+  SilentPaymentDestination,
+  SilentPaymentBuilder,
+  ECPrivateInfo,
+  Network,
+  BitcoinScriptOutput,
+  bip32,
+  bip39,
+};

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@shakesco/silent",
+  "version": "1.0.0",
+  "description": "Bitcoin Silent Payments",
+  "main": "index.js",
+  "author": "Shawn Kimtai",
+  "license": "MIT",
+  "keywords": [
+    "shakesco",
+    "shakespay",
+    "private",
+    "bitcoin",
+    "silent payments",
+    "ECDH"
+  ],
+  "dependencies": {
+    "elliptic": "^6.5.7"
+  },
+  "devDependencies": {
+    "bip32": "^5.0.0-rc.0",
+    "bip39": "^3.1.0",
+    "tiny-secp256k1": "^2.2.3"
+  }
+}

package/utils/bech32.js

@@ -0,0 +1,171 @@
+// Bech32 character set for encoding
+const CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
+
+// Generator coefficients for checksum calculation
+const GENERATOR = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
+
+const ENCODING_CONST = {
+  bech32: 1,
+  bech32m: 0x2bc830a3,
+};
+
+const Bech32Consts = {
+  /// The separator character used in Bech32 encoded strings.
+  separator: "1",
+
+  /// The length of the checksum part in a Bech32 encoded string.
+  checksumStrLen: 6,
+};
+
+// Bech32 encoding function
+function encodeBech32(
+  hrp,
+  data,
+  separator = Bech32Consts.separator,
+  encoding = "bech32m"
+) {
+  const checksum = createChecksum(hrp, data, encoding);
+  const combined = [...data, ...checksum];
+  const encodedData = combined.map((value) => CHARSET[value]).join("");
+  return `${hrp}${separator}${encodedData}`;
+}
+
+// Convert bytes to base32
+function convertToBase32(data) {
+  const result = [];
+  let accumulator = 0;
+  let bits = 0;
+  const maxV = 31; // 5-bit chunks for base32
+
+  for (const value of data) {
+    accumulator = (accumulator << 8) | value;
+    bits += 8;
+
+    while (bits >= 5) {
+      bits -= 5;
+      result.push((accumulator >> bits) & maxV);
+    }
+  }
+
+  if (bits > 0) {
+    result.push((accumulator << (5 - bits)) & maxV);
+  }
+
+  return result;
+}
+
+function convertFromBase32(data) {
+  const result = [];
+  let accumulator = 0;
+  let bits = 0;
+  const maxV = 255; // 8-bit chunks for bytes
+
+  for (const value of data) {
+    accumulator = (accumulator << 5) | value;
+    bits += 5;
+
+    while (bits >= 8) {
+      bits -= 8;
+      result.push((accumulator >> bits) & maxV);
+    }
+  }
+
+  return result;
+}
+
+// Create checksum
+function createChecksum(hrp, data, encoding = "bech32m") {
+  const values = [...expandHrp(hrp), ...data, 0, 0, 0, 0, 0, 0];
+  const polymod = polyMod(values) ^ ENCODING_CONST[encoding];
+  return Array.from({ length: 6 }, (_, i) => (polymod >> (5 * (5 - i))) & 31);
+}
+
+// Expand the human-readable part
+function expandHrp(hrp) {
+  const expand = [];
+  for (let i = 0; i < hrp.length; i++) {
+    expand.push(hrp.charCodeAt(i) >> 5);
+  }
+  expand.push(0);
+  for (let i = 0; i < hrp.length; i++) {
+    expand.push(hrp.charCodeAt(i) & 31);
+  }
+  return expand;
+}
+
+// PolyMod function for checksum calculation
+function polyMod(values) {
+  let chk = 1;
+  for (const value of values) {
+    const top = chk >> 25;
+    chk = ((chk & 0x1ffffff) << 5) ^ value;
+    for (let i = 0; i < 5; i++) {
+      if ((top >> i) & 1) {
+        chk ^= GENERATOR[i];
+      }
+    }
+  }
+  return chk;
+}
+
+function decodeBech32(
+  bechStr,
+  sep = Bech32Consts.separator,
+  checksumLen = Bech32Consts.checksumStrLen,
+  encoding = "bech32m"
+) {
+  if (_isStringMixed(bechStr)) {
+    throw new Error("Invalid bech32 format (string is mixed case)");
+  }
+
+  bechStr = bechStr.toLowerCase();
+
+  const sepPos = bechStr.lastIndexOf(sep);
+  if (sepPos == -1) {
+    throw new Error("Invalid bech32 format (no separator found)");
+  }
+
+  const hrp = bechStr.substring(0, sepPos);
+  if (
+    hrp.length === 0 ||
+    hrp
+      .split("")
+      .some((char) => char.charCodeAt(0) < 33 || char.charCodeAt(0) > 126)
+  ) {
+    throw new Error(`Invalid bech32 format (HRP not valid: ${hrp})`);
+  }
+
+  const dataPart = bechStr.substring(sepPos + 1);
+
+  if (
+    dataPart.length < checksumLen + 1 ||
+    dataPart.split("").some((char) => !CHARSET.includes(char))
+  ) {
+    throw new Error("Invalid bech32 format (data part not valid)");
+  }
+
+  const intData = dataPart.split("").map((char) => CHARSET.indexOf(char));
+
+  if (!veriCheckSum(hrp, intData, encoding)) {
+    throw new Error("Invalid bech32 checksum");
+  }
+
+  return [hrp, Array.from(intData.slice(0, intData.length - checksumLen))];
+}
+
+function veriCheckSum(hrp, data, encoding = "bech32m") {
+  const polymod = polyMod([...expandHrp(hrp), ...data]);
+
+  return polymod == ENCODING_CONST[encoding];
+}
+
+function _isStringMixed(str) {
+  return str !== str.toLowerCase() && str !== str.toUpperCase();
+}
+
+module.exports = {
+  convertToBase32,
+  convertFromBase32,
+  encodeBech32,
+  decodeBech32,
+};

package/utils/const.js

@@ -0,0 +1,2 @@
+const TAPROOT_WITNESS_VERSION = 0x01;
+module.exports = { TAPROOT_WITNESS_VERSION };

package/utils/info.js

@@ -0,0 +1,9 @@
+class ECPrivateInfo {
+  constructor(privkey, isTaproot, tweak = false) {
+    this.privkey = privkey;
+    this.isTaproot = isTaproot;
+    this.tweak = tweak;
+  }
+}
+
+module.exports = ECPrivateInfo;

package/utils/network.js

@@ -0,0 +1,9 @@
+class Network {
+  // Bitcoin Mainnet
+  static Mainnet = "mainnet";
+
+  //Bitcoin Testnet
+  static Testnet = "testnet";
+}
+
+module.exports = Network;

package/utils/output.js

@@ -0,0 +1,9 @@
+class SilentPaymentScanningOutput {
+  constructor(output, tweak, label = null) {
+    this.output = output;
+    this.tweak = tweak;
+    this.label = label;
+  }
+}
+
+module.exports = SilentPaymentScanningOutput;

package/utils/scriptOutput.js

@@ -0,0 +1,8 @@
+class BitcoinScriptOutput {
+  constructor(script, value) {
+    this.script = script;
+    this.value = value;
+  }
+}
+
+module.exports = BitcoinScriptOutput;

package/utils/taproot.js

@@ -0,0 +1,102 @@
+const elliptic = require("elliptic");
+const ec = new elliptic.ec("secp256k1");
+const BN = require("bn.js");
+const { createHash } = require("crypto");
+const { convertToBase32, encodeBech32 } = require("./bech32");
+const { TAPROOT_WITNESS_VERSION } = require("./const");
+const Network = require("./network");
+
+class P2trAddress {
+  constructor(address, pubkey) {
+    this.address = address;
+    this.pubkey = pubkey;
+  }
+
+  static saveTaproot({ address, pubkey }) {
+    return new P2trAddress(address, pubkey);
+  }
+}
+
+function toTaprootAddress(
+  publicKey,
+  network = Network.Mainnet,
+  { scripts = null, tweak = true } = {}
+) {
+  const pubKey = toTapRotHex(publicKey, { script: scripts, tweak });
+  const words = convertToBase32(Buffer.from(pubKey, "hex"));
+  words.unshift(TAPROOT_WITNESS_VERSION);
+
+  const hrp = network == Network.Testnet ? "tb" : "bc";
+  return P2trAddress.saveTaproot({
+    address: encodeBech32(hrp, words),
+    pubkey: Buffer.from(pubKey, "hex"),
+  });
+}
+
+function toTapRotHex(pubKey, { script = null, tweak = true }) {
+  let point = ec.keyFromPublic(pubKey, "hex").getPublic();
+
+  if (tweak) {
+    const scriptBytes = script?.map((e) => e.map((e) => Buffer.from(e, "hex")));
+    point = P2TRUtils.tweakPublicKey(point, { script: scriptBytes });
+  }
+
+  return point.getX().toString("hex").padStart(64, "0");
+}
+
+class P2TRUtils {
+  static tweakPublicKey(pubPoint, { script = null }) {
+    const h = this.calculateTweak(pubPoint, { script });
+    const n = ec.g.mul(new BN(h, 16));
+    const outPoint = this.liftX(pubPoint).add(n);
+
+    return outPoint;
+  }
+
+  static liftX(pubKeyPoint) {
+    const p = ec.curve.p; // Prime for the secp256k1 curve
+    const x = pubKeyPoint.x;
+
+    // Check if x is valid
+    if (x.cmp(p) >= 0) {
+      throw new Error("Unable to compute LiftX point");
+    }
+
+    // Compute y^2 = (x^3 + 7) % p
+    const ySq = x.pow(new BN(3)).mod(p).add(new BN(7)).mod(p);
+
+    // Compute y = ySq ^ ((p + 1) / 4) % p
+    const y = ySq.pow(p.add(new BN(1)).div(new BN(4))).mod(p);
+
+    // Check if y^2 == ySq (i.e., the point is on the curve)
+    if (y.pow(new BN(2)).mod(p).cmp(ySq) !== 0) {
+      throw new Error("Unable to compute LiftX point");
+    }
+
+    // Ensure y is the correct parity (even or odd)
+    const result = y.isEven() ? y : p.sub(y);
+
+    // Return the new point on the curve
+    return ec.curve.point(x, result);
+  }
+
+  static calculateTweak(pubPoint, { script = null }) {
+    const x = pubPoint.getX().toString("hex").padStart(64, "0");
+    let t = Buffer.from(x, "hex");
+
+    if (script) {
+      const h = createHash("sha256");
+      h.update(t);
+      for (const leaf of script) {
+        h.update(Buffer.concat(leaf));
+      }
+      t = h.digest();
+    }
+
+    return t.toString("hex");
+  }
+}
+
+module.exports = {
+  toTaprootAddress,
+};

package/utils/utils.js

@@ -0,0 +1,176 @@
+const elliptic = require("elliptic");
+const ec = new elliptic.ec("secp256k1");
+const BN = require("bn.js");
+const { createHash } = require("crypto");
+
+function toBytes(bigInt, length = 4) {
+  let hex = bigInt.toString(16);
+  if (hex.length % 2) {
+    hex = "0" + hex; // Ensure the hex string has even length
+  }
+  const bytes = [];
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes.push(parseInt(hex.substr(i, 2), 16));
+  }
+
+  // Ensure the byte array has the required length by padding with leading zeros
+  while (bytes.length < length) {
+    bytes.unshift(0);
+  }
+  return bytes.slice(-length); // Ensure it's exactly 'length' bytes
+}
+
+function tweakAddPrivate(key, tweak) {
+  const privateKey = key.getPrivate().add(tweak).umod(ec.curve.n);
+  return ec.keyFromPrivate(privateKey);
+}
+
+function tweakMulPrivate(key, tweak) {
+  const privateKey = key.getPrivate().mul(tweak).umod(ec.curve.n);
+  return ec.keyFromPrivate(privateKey);
+}
+
+function tweakAddPublic(key, tweak) {
+  return key.add(ec.g.mul(tweak));
+}
+
+function tweakMulPublic(key, tweak) {
+  return key.mul(tweak);
+}
+
+function negate(key) {
+  const negatedPrivate = ec.curve.n.sub(key.getPrivate());
+  return ec.keyFromPrivate(negatedPrivate);
+}
+
+function pubNegate(key) {
+  // Get the current point
+  const point = key;
+
+  // Negate the Y-coordinate
+  const negatedPoint = point.neg();
+
+  // Convert the negated point to uncompressed format (04 || x || y)
+  const xHex = negatedPoint.getX().toString("hex").padStart(64, "0");
+  const yHex = negatedPoint.getY().toString("hex").padStart(64, "0");
+  const uncompressedHex = "04" + xHex + yHex;
+
+  // Create and return a new ECPublic instance
+  return ec.keyFromPublic(uncompressedHex, "hex");
+}
+
+function toTweakedTaprootKey(key) {
+  const pubKey = key.getPublic();
+  const t = calculateTweek(pubKey);
+  return calculatePrivateTweek(key.getPrivate(), new BN(t));
+}
+
+function calculateTweek(pubPoint, script = null) {
+  const keyX = pubPoint.getX().toArrayLike(Buffer, "be", 32);
+  if (script === null) {
+    return this.taggedHash("TapTweak", keyX);
+  }
+  const merkleRoot = this._getTagHashedMerkleRoot(script);
+  return this.taggedHash("TapTweak", Buffer.concat([keyX, merkleRoot]));
+}
+
+function taggedHash(tag, dataBytes) {
+  if (typeof tag !== "string" && !Buffer.isBuffer(tag)) {
+    throw new Error("tag must be string or Buffer");
+  }
+  const tagHash = typeof tag === "string" ? this.sha256(Buffer.from(tag)) : tag;
+  return this.sha256(Buffer.concat([tagHash, tagHash, dataBytes]));
+}
+
+function _getTagHashedMerkleRoot(args) {
+  if (Buffer.isBuffer(args)) {
+    return this._tapleafTaggedHash(args);
+  }
+
+  if (!Array.isArray(args)) throw new Error("args must be Buffer or Array");
+  if (args.length === 0) return Buffer.alloc(0);
+  if (args.length === 1) {
+    return this._getTagHashedMerkleRoot(args[0]);
+  } else if (args.length === 2) {
+    const left = _getTagHashedMerkleRoot(args[0]);
+    const right = _getTagHashedMerkleRoot(args[1]);
+    return _tapBranchTaggedHash(left, right);
+  }
+  throw new Error("List cannot have more than 2 branches.");
+}
+
+function _tapleafTaggedHash(script) {
+  const scriptBytes = this.prependVarint(script);
+  const part = Buffer.concat([Buffer.from([0xc0]), scriptBytes]);
+  return taggedHash("TapLeaf", part);
+}
+
+function prependVarint(data) {
+  const varintBytes = this.encodeVarint(data.length);
+  return Buffer.concat([varintBytes, data]);
+}
+
+function encodeVarint(i) {
+  if (i < 253) {
+    return Buffer.from([i]);
+  } else if (i < 0x10000) {
+    const buf = Buffer.alloc(3);
+    buf.writeUInt8(0xfd, 0);
+    buf.writeUInt16LE(i, 1);
+    return buf;
+  } else if (i < 0x100000000) {
+    const buf = Buffer.alloc(5);
+    buf.writeUInt8(0xfe, 0);
+    buf.writeUInt32LE(i, 1);
+    return buf;
+  } else {
+    throw new Error(`Integer is too large: ${i}`);
+  }
+}
+
+function _tapBranchTaggedHash(a, b) {
+  return this.taggedHash(
+    "TapBranch",
+    Buffer.compare(a, b) < 0 ? Buffer.concat([a, b]) : Buffer.concat([b, a])
+  );
+}
+
+function calculatePrivateTweek(secret, tweek) {
+  let negatedKey = new BN(secret);
+  const publicKey = ec.g.mul(negatedKey);
+  if (publicKey.getY().isOdd()) {
+    negatedKey = ec.n.sub(negatedKey);
+  }
+  const tw = negatedKey.add(tweek).umod(ec.n);
+  return tw.toArrayLike(Buffer, "be", 32);
+}
+
+function sha256(data) {
+  return createHash("sha256").update(data).digest();
+}
+
+function taggedHash(data, tag) {
+  const tagDigest = sha256(Buffer.from(tag, "utf8"));
+  const concat = Buffer.concat([tagDigest, tagDigest, data]);
+  return sha256(concat);
+}
+
+function sha256(data) {
+  return createHash("sha256").update(data).digest();
+}
+
+module.exports = {
+  toBytes,
+  tweakMulPublic,
+  tweakAddPublic,
+  tweakAddPrivate,
+  tweakMulPrivate,
+  negate,
+  pubNegate,
+  toTweakedTaprootKey,
+  taggedHash,
+  _getTagHashedMerkleRoot,
+  _tapleafTaggedHash,
+  prependVarint,
+  encodeVarint,
+};