@sip-protocol/sdk 0.10.0 → 0.11.0

package/src/chains/near/types.ts

@@ -8,7 +8,7 @@
  */
 
 import type { HexString, StealthAddress } from '@sip-protocol/types'
-import { SIP_MEMO_PREFIX, VIEW_TAG_MIN, VIEW_TAG_MAX } from './constants'
+import { SIP_MEMO_PREFIX_V2, VIEW_TAG_MIN, VIEW_TAG_MAX } from './constants'
 
 // ─── Announcement Types ──────────────────────────────────────────────────────
 
@@ -18,6 +18,8 @@ import { SIP_MEMO_PREFIX, VIEW_TAG_MIN, VIEW_TAG_MAX } from './constants'
  * Contains the information needed for recipients to scan for payments.
  */
 export interface NEARAnnouncement {
+  /** Announcement scheme version: '1' = legacy swapped, '2' = canonical EIP-5564 */
+  version?: string
   /** Ephemeral public key (ed25519, 0x-prefixed hex) */
   ephemeralPublicKey: HexString
   /** View tag for efficient filtering (0-255) */
@@ -35,16 +37,21 @@ export interface NEARAnnouncement {
 /**
  * Parse an announcement from a NEAR memo string
  *
- * Format: SIP:1:<ephemeral_pubkey_hex>:<view_tag_hex>
+ * Accepts SIP:1 (legacy swapped scheme) and SIP:2 (canonical EIP-5564); the detected
+ * version is returned. NEAR derives canonically regardless, so the version is recorded
+ * for consistency rather than to route the claim.
+ *
+ * Format: SIP:<version>:<ephemeral_pubkey_hex>:<view_tag_hex>
  *
  * @param memo - The memo string to parse
  * @returns Parsed announcement or null if invalid
  *
  * @example
  * ```typescript
- * const memo = 'SIP:1:1234...abcd:0f'
+ * const memo = 'SIP:2:1234...abcd:0f'
  * const announcement = parseAnnouncement(memo)
  * if (announcement) {
+ *   console.log(announcement.version) // '2'
  *   console.log(announcement.ephemeralPublicKey)
  *   console.log(announcement.viewTag) // 15
  * }
@@ -55,13 +62,15 @@ export function parseAnnouncement(memo: string): Partial<NEARAnnouncement> | nul
     return null
   }
 
-  // Check prefix
-  if (!memo.startsWith(SIP_MEMO_PREFIX)) {
+  // Accept SIP:1 (legacy) and SIP:2 (canonical); capture the version.
+  const versionMatch = /^SIP:([12]):/.exec(memo)
+  if (!versionMatch) {
     return null
   }
+  const version = versionMatch[1]
 
-  // Parse parts: SIP:1:<ephemeral_pubkey>:<view_tag>
-  const content = memo.slice(SIP_MEMO_PREFIX.length)
+  // Parse parts: <ephemeral_pubkey_hex>:<view_tag_hex>
+  const content = memo.slice(versionMatch[0].length)
   const parts = content.split(':')
 
   if (parts.length < 2) {
@@ -86,6 +95,7 @@ export function parseAnnouncement(memo: string): Partial<NEARAnnouncement> | nul
   }
 
   return {
+    version,
     ephemeralPublicKey: `0x${ephemeralKeyHex.toLowerCase()}` as HexString,
     viewTag,
   }
@@ -104,7 +114,7 @@ export function parseAnnouncement(memo: string): Partial<NEARAnnouncement> | nul
  *   stealthAddress.ephemeralPublicKey,
  *   stealthAddress.viewTag
  * )
- * // => 'SIP:1:1234...abcd:0f'
+ * // => 'SIP:2:1234...abcd:0f'
  * ```
  */
 export function createAnnouncementMemo(
@@ -117,7 +127,8 @@ export function createAnnouncementMemo(
   // Convert view tag to 2-char hex
   const viewTagHex = viewTag.toString(16).padStart(2, '0')
 
-  return `${SIP_MEMO_PREFIX}${ephemeralKeyHex}:${viewTagHex}`
+  // Emit the canonical SIP:2 announcement (EIP-5564). Legacy SIP:1 remains parseable.
+  return `${SIP_MEMO_PREFIX_V2}${ephemeralKeyHex}:${viewTagHex}`
 }
 
 // ─── Transfer Types ──────────────────────────────────────────────────────────

package/src/chains/solana/transfer.ts

@@ -218,7 +218,7 @@ export async function sendPrivateSPLTransfer(
   )
 
   // 4. Add memo with announcement for recipient scanning
-  // Format: SIP:1:<ephemeral_pubkey_base58>:<view_tag_hex>
+  // Format: SIP:2:<ephemeral_pubkey_base58>:<view_tag_hex>:<stealth_address_base58>
   // viewTag is a number (0-255), convert to 2-char hex
   const viewTagHex = stealthAddress.viewTag.toString(16).padStart(2, '0')
   const memoContent = createAnnouncementMemo(

package/src/stealth/secp256k1.ts

@@ -173,11 +173,17 @@ export function generateSecp256k1StealthAddress(
     // Hash the shared secret for use as a scalar
     const sharedSecretHash = sha256(sharedSecretPoint)
 
-    // Compute stealth address: A = K_spend + hash(S)*G
-    const hashTimesG = secp256k1.getPublicKey(sharedSecretHash, true)
+    // Compute stealth address: A = K_spend + hash(S)*G.
+    // Reduce hash(S) to a scalar in [1, n-1] before deriving the point: secp256k1.getPublicKey
+    // throws for a scalar >= n or == 0 (~3.7e-39 for a random SHA-256 digest). Reducing mod n
+    // mirrors the ed25519 path and keeps generate symmetric with derive (k_spend + hash(S) mod n).
+    const hashScalar = bytesToBigInt(sharedSecretHash) % secp256k1.CURVE.n
+    if (hashScalar === 0n) {
+      throw new Error('CRITICAL: zero hash scalar after reduction - investigate hash computation')
+    }
 
     const spendingKeyPoint = secp256k1.ProjectivePoint.fromHex(spendingKeyBytes)
-    const hashTimesGPoint = secp256k1.ProjectivePoint.fromHex(hashTimesG)
+    const hashTimesGPoint = secp256k1.ProjectivePoint.BASE.multiply(hashScalar)
     const stealthPoint = spendingKeyPoint.add(hashTimesGPoint)
     const stealthAddressBytes = stealthPoint.toRawBytes(true)
 
@@ -378,10 +384,15 @@ export function checkSecp256k1StealthAddress(
       return false
     }
 
-    // Expected address: A = K_spend + hash(S)*G  (no spending private key needed)
-    const hashTimesG = secp256k1.getPublicKey(sharedSecretHash, true)
+    // Expected address: A = K_spend + hash(S)*G  (no spending private key needed).
+    // Reduce hash(S) mod n (symmetric with generate); a zero scalar can't correspond to a
+    // real stealth payment, so treat it as a non-match.
+    const hashScalar = bytesToBigInt(sharedSecretHash) % secp256k1.CURVE.n
+    if (hashScalar === 0n) {
+      return false
+    }
     const expectedPoint = secp256k1.ProjectivePoint.fromHex(spendingPubBytes).add(
-      secp256k1.ProjectivePoint.fromHex(hashTimesG),
+      secp256k1.ProjectivePoint.BASE.multiply(hashScalar),
     )
 
     // Compare with provided stealth address