xpi-ts 0.2.13 → 0.2.15

package/dist/esm/lib/bitcore/script/interpreter/script-num.js

@@ -0,0 +1,195 @@
+import { BufferUtil } from '../../util/buffer';
+import { SCRIPTNUM_MAX_ELEMENT_SIZE } from './types';
+export class ScriptNumError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'ScriptNumError';
+    }
+}
+export class ScriptNum {
+    static INT64_MAX = (1n << 63n) - 1n;
+    static INT64_MIN_EXCLUSIVE = -(1n << 63n) + 1n;
+    value;
+    constructor(value) {
+        this.value = value;
+    }
+    static fromBuffer(buf, requireMinimal = true, maxSize = SCRIPTNUM_MAX_ELEMENT_SIZE) {
+        if (buf.length > maxSize) {
+            throw new ScriptNumError('script number overflow');
+        }
+        if (requireMinimal && !ScriptNum.isMinimallyEncoded(buf, maxSize)) {
+            throw new ScriptNumError('non-minimally encoded script number');
+        }
+        return new ScriptNum(ScriptNum.decode(buf));
+    }
+    static isMinimallyEncoded(buf, maxSize = SCRIPTNUM_MAX_ELEMENT_SIZE) {
+        if (buf.length > maxSize) {
+            return false;
+        }
+        if (buf.length === 0) {
+            return true;
+        }
+        if ((buf[buf.length - 1] & 0x7f) === 0) {
+            if (buf.length <= 1 || (buf[buf.length - 2] & 0x80) === 0) {
+                return false;
+            }
+        }
+        return true;
+    }
+    static minimallyEncode(data) {
+        if (data.length === 0) {
+            return data;
+        }
+        let last = data[data.length - 1];
+        if ((last & 0x7f) !== 0) {
+            return data;
+        }
+        let i = data.length - 1;
+        while (i > 0 && data[i] === 0) {
+            i--;
+        }
+        if (i === 0 && data[0] === 0) {
+            return BufferUtil.alloc(0);
+        }
+        const result = BufferUtil.alloc(i + 1 + ((data[i] & 0x80) !== 0 ? 1 : 0));
+        data.copy(result, 0, 0, i + 1);
+        if ((data[i] & 0x80) !== 0) {
+            result[result.length - 1] = last & 0x80;
+        }
+        else {
+            result[i] |= last & 0x80;
+        }
+        return result;
+    }
+    static decode(buf) {
+        if (buf.length === 0) {
+            return 0n;
+        }
+        let result = 0n;
+        for (let i = 0; i < buf.length; i++) {
+            result |= BigInt(buf[i]) << BigInt(8 * i);
+        }
+        if (buf[buf.length - 1] & 0x80) {
+            const mask = 0x80n << BigInt(8 * (buf.length - 1));
+            return -(result & ~mask);
+        }
+        return result;
+    }
+    toBuffer() {
+        return ScriptNum.serialize(this.value);
+    }
+    static serialize(value) {
+        if (value === 0n) {
+            return BufferUtil.alloc(0);
+        }
+        const neg = value < 0n;
+        let absvalue = neg ? -value : value;
+        const result = [];
+        while (absvalue > 0n) {
+            result.push(Number(absvalue & 0xffn));
+            absvalue >>= 8n;
+        }
+        if (result[result.length - 1] & 0x80) {
+            result.push(neg ? 0x80 : 0x00);
+        }
+        else if (neg) {
+            result[result.length - 1] |= 0x80;
+        }
+        return BufferUtil.from(result);
+    }
+    toNumber() {
+        const MAX_INT = 2_147_483_647;
+        const MIN_INT = -2_147_483_648;
+        if (this.value > BigInt(MAX_INT)) {
+            return MAX_INT;
+        }
+        if (this.value < BigInt(MIN_INT)) {
+            return MIN_INT;
+        }
+        return Number(this.value);
+    }
+    add(other) {
+        const result = this.value + other.value;
+        ScriptNum.checkOverflow(result);
+        return new ScriptNum(result);
+    }
+    sub(other) {
+        const result = this.value - other.value;
+        ScriptNum.checkOverflow(result);
+        return new ScriptNum(result);
+    }
+    negate() {
+        return new ScriptNum(-this.value);
+    }
+    abs() {
+        return this.value < 0n ? this.negate() : this;
+    }
+    div(other) {
+        return new ScriptNum(this.value / other.value);
+    }
+    mod(other) {
+        return new ScriptNum(this.value % other.value);
+    }
+    mulpow2(shift) {
+        if (this.value === 0n) {
+            return new ScriptNum(0n);
+        }
+        const sign = this.value > 0n ? 1n : -1n;
+        const absval = this.value > 0n ? this.value : -this.value;
+        if (shift.value > 0n) {
+            if (shift.value >= 63n) {
+                throw new ScriptNumError('script number mulpow2 non-zero shift >= 63');
+            }
+            const overflowMask = ~((1n << (63n - shift.value)) - 1n) & ((1n << 64n) - 1n);
+            if ((absval & overflowMask) !== 0n) {
+                throw new ScriptNumError('script number mulpow2 overflow');
+            }
+            return new ScriptNum(sign * (absval << shift.value));
+        }
+        else {
+            const rshift = -shift.value;
+            if (rshift >= 63n) {
+                return new ScriptNum(0n);
+            }
+            return new ScriptNum(sign * (absval >> rshift));
+        }
+    }
+    bitwiseAnd(mask) {
+        return new ScriptNum(this.value & mask);
+    }
+    isZero() {
+        return this.value === 0n;
+    }
+    isNegative() {
+        return this.value < 0n;
+    }
+    lt(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value < val;
+    }
+    gt(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value > val;
+    }
+    lte(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value <= val;
+    }
+    gte(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value >= val;
+    }
+    eq(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value === val;
+    }
+    neq(other) {
+        const val = other instanceof ScriptNum ? other.value : other;
+        return this.value !== val;
+    }
+    static checkOverflow(value) {
+        if (value > ScriptNum.INT64_MAX || value < ScriptNum.INT64_MIN_EXCLUSIVE) {
+            throw new ScriptNumError('script number overflow');
+        }
+    }
+}

package/dist/esm/lib/bitcore/script/interpreter/types.js

@@ -0,0 +1,93 @@
+export const MAX_SCRIPT_ELEMENT_SIZE = 520;
+export const MAX_OPS_PER_SCRIPT = 400;
+export const MAX_PUBKEYS_PER_MULTISIG = 20;
+export const MAX_SCRIPT_SIZE = 10_000;
+export const MAX_STACK_SIZE = 1_000;
+export const MAX_NUM2BIN_SIZE = 68;
+export const LOCKTIME_THRESHOLD = 500_000_000;
+export const SCRIPTNUM_MAX_ELEMENT_SIZE = 8;
+export var ScriptFlags;
+(function (ScriptFlags) {
+    ScriptFlags[ScriptFlags["VERIFY_NONE"] = 0] = "VERIFY_NONE";
+    ScriptFlags[ScriptFlags["TAPROOT_KEY_SPEND_PATH"] = 1] = "TAPROOT_KEY_SPEND_PATH";
+    ScriptFlags[ScriptFlags["DISABLE_TAPROOT_SIGHASH_LOTUS"] = 2] = "DISABLE_TAPROOT_SIGHASH_LOTUS";
+    ScriptFlags[ScriptFlags["VERIFY_DISCOURAGE_UPGRADABLE_NOPS"] = 128] = "VERIFY_DISCOURAGE_UPGRADABLE_NOPS";
+    ScriptFlags[ScriptFlags["VERIFY_CLEANSTACK"] = 256] = "VERIFY_CLEANSTACK";
+    ScriptFlags[ScriptFlags["VERIFY_MINIMALIF"] = 8192] = "VERIFY_MINIMALIF";
+    ScriptFlags[ScriptFlags["ENABLE_SIGHASH_FORKID"] = 65536] = "ENABLE_SIGHASH_FORKID";
+    ScriptFlags[ScriptFlags["ENABLE_REPLAY_PROTECTION"] = 131072] = "ENABLE_REPLAY_PROTECTION";
+    ScriptFlags[ScriptFlags["VERIFY_INPUT_SIGCHECKS"] = 4194304] = "VERIFY_INPUT_SIGCHECKS";
+})(ScriptFlags || (ScriptFlags = {}));
+export const STANDARD_SCRIPT_VERIFY_FLAGS = ScriptFlags.VERIFY_CLEANSTACK |
+    ScriptFlags.VERIFY_DISCOURAGE_UPGRADABLE_NOPS |
+    ScriptFlags.VERIFY_MINIMALIF |
+    ScriptFlags.ENABLE_SIGHASH_FORKID |
+    ScriptFlags.VERIFY_INPUT_SIGCHECKS;
+export var ScriptError;
+(function (ScriptError) {
+    ScriptError["OK"] = "OK";
+    ScriptError["UNKNOWN"] = "UNKNOWN";
+    ScriptError["EVAL_FALSE"] = "EVAL_FALSE";
+    ScriptError["OP_RETURN"] = "OP_RETURN";
+    ScriptError["SCRIPT_SIZE"] = "SCRIPT_SIZE";
+    ScriptError["PUSH_SIZE"] = "PUSH_SIZE";
+    ScriptError["OP_COUNT"] = "OP_COUNT";
+    ScriptError["STACK_SIZE"] = "STACK_SIZE";
+    ScriptError["SIG_COUNT"] = "SIG_COUNT";
+    ScriptError["PUBKEY_COUNT"] = "PUBKEY_COUNT";
+    ScriptError["INPUT_SIGCHECKS"] = "INPUT_SIGCHECKS";
+    ScriptError["INVALID_OPERAND_SIZE"] = "INVALID_OPERAND_SIZE";
+    ScriptError["INVALID_NUMBER_RANGE"] = "INVALID_NUMBER_RANGE";
+    ScriptError["IMPOSSIBLE_ENCODING"] = "IMPOSSIBLE_ENCODING";
+    ScriptError["INVALID_SPLIT_RANGE"] = "INVALID_SPLIT_RANGE";
+    ScriptError["INVALID_BIT_COUNT"] = "INVALID_BIT_COUNT";
+    ScriptError["VERIFY"] = "VERIFY";
+    ScriptError["EQUALVERIFY"] = "EQUALVERIFY";
+    ScriptError["CHECKMULTISIGVERIFY"] = "CHECKMULTISIGVERIFY";
+    ScriptError["CHECKSIGVERIFY"] = "CHECKSIGVERIFY";
+    ScriptError["CHECKDATASIGVERIFY"] = "CHECKDATASIGVERIFY";
+    ScriptError["NUMEQUALVERIFY"] = "NUMEQUALVERIFY";
+    ScriptError["BAD_OPCODE"] = "BAD_OPCODE";
+    ScriptError["DISABLED_OPCODE"] = "DISABLED_OPCODE";
+    ScriptError["INVALID_STACK_OPERATION"] = "INVALID_STACK_OPERATION";
+    ScriptError["INVALID_ALTSTACK_OPERATION"] = "INVALID_ALTSTACK_OPERATION";
+    ScriptError["UNBALANCED_CONDITIONAL"] = "UNBALANCED_CONDITIONAL";
+    ScriptError["DIV_BY_ZERO"] = "DIV_BY_ZERO";
+    ScriptError["MOD_BY_ZERO"] = "MOD_BY_ZERO";
+    ScriptError["INVALID_BITFIELD_SIZE"] = "INVALID_BITFIELD_SIZE";
+    ScriptError["INVALID_BIT_RANGE"] = "INVALID_BIT_RANGE";
+    ScriptError["NEGATIVE_LOCKTIME"] = "NEGATIVE_LOCKTIME";
+    ScriptError["UNSATISFIED_LOCKTIME"] = "UNSATISFIED_LOCKTIME";
+    ScriptError["SIG_HASHTYPE"] = "SIG_HASHTYPE";
+    ScriptError["SIG_DER"] = "SIG_DER";
+    ScriptError["MINIMALDATA"] = "MINIMALDATA";
+    ScriptError["SIG_PUSHONLY"] = "SIG_PUSHONLY";
+    ScriptError["SIG_HIGH_S"] = "SIG_HIGH_S";
+    ScriptError["PUBKEYTYPE"] = "PUBKEYTYPE";
+    ScriptError["CLEANSTACK"] = "CLEANSTACK";
+    ScriptError["MINIMALIF"] = "MINIMALIF";
+    ScriptError["SIG_NULLFAIL"] = "SIG_NULLFAIL";
+    ScriptError["SIG_BADLENGTH"] = "SIG_BADLENGTH";
+    ScriptError["SIG_NONSCHNORR"] = "SIG_NONSCHNORR";
+    ScriptError["DISCOURAGE_UPGRADABLE_NOPS"] = "DISCOURAGE_UPGRADABLE_NOPS";
+    ScriptError["ILLEGAL_FORKID"] = "ILLEGAL_FORKID";
+    ScriptError["MUST_USE_FORKID"] = "MUST_USE_FORKID";
+    ScriptError["INVALID_NUM2BIN_SIZE"] = "INVALID_NUM2BIN_SIZE";
+    ScriptError["INVALID_OP_SCRIPTTYPE"] = "INVALID_OP_SCRIPTTYPE";
+    ScriptError["SCRIPTTYPE_INVALID_TYPE"] = "SCRIPTTYPE_INVALID_TYPE";
+    ScriptError["SCRIPTTYPE_MALFORMED_SCRIPT"] = "SCRIPTTYPE_MALFORMED_SCRIPT";
+    ScriptError["TAPROOT_KEY_SPEND_MUST_USE_LOTUS_SIGHASH"] = "TAPROOT_KEY_SPEND_MUST_USE_LOTUS_SIGHASH";
+    ScriptError["TAPROOT_KEY_SPEND_MUST_USE_SCHNORR_SIG"] = "TAPROOT_KEY_SPEND_MUST_USE_SCHNORR_SIG";
+    ScriptError["TAPROOT_VERIFY_SIGNATURE_FAILED"] = "TAPROOT_VERIFY_SIGNATURE_FAILED";
+    ScriptError["TAPROOT_ANNEX_NOT_SUPPORTED"] = "TAPROOT_ANNEX_NOT_SUPPORTED";
+    ScriptError["TAPROOT_WRONG_CONTROL_SIZE"] = "TAPROOT_WRONG_CONTROL_SIZE";
+    ScriptError["TAPROOT_VERIFY_COMMITMENT_FAILED"] = "TAPROOT_VERIFY_COMMITMENT_FAILED";
+    ScriptError["TAPROOT_LEAF_VERSION_NOT_SUPPORTED"] = "TAPROOT_LEAF_VERSION_NOT_SUPPORTED";
+    ScriptError["TAPROOT_PHASEOUT"] = "TAPROOT_PHASEOUT";
+})(ScriptError || (ScriptError = {}));
+export const NULL_SIGNATURE_CHECKER = {
+    verifySignature: () => false,
+    checkSignature: () => false,
+    checkLockTime: () => false,
+    checkSequence: () => false,
+};

package/dist/esm/lib/bitcore/{taproot.js → script/taproot.js}

@@ -1,11 +1,12 @@
-import { Hash } from './crypto/hash.js';
-import { PublicKey } from './publickey.js';
-import { PrivateKey } from './privatekey.js';
-import { Script } from './script.js';
-import { Opcode } from './opcode.js';
-import { BN } from './crypto/bn.js';
-import { BufferWriter } from './encoding/bufferwriter.js';
-import { Signature } from './crypto/signature.js';
+import { Hash } from '../crypto/hash';
+import { PUBKEY_PREFIX_EVEN, PUBKEY_PREFIX_ODD, PublicKey } from '../publickey';
+import { PrivateKey } from '../privatekey';
+import { Script } from '../script';
+import { Opcode } from '../opcode';
+import { BN } from '../crypto/bn';
+import { BufferWriter } from '../encoding/bufferwriter';
+import { BufferUtil } from '../util/buffer';
+import { Signature } from '../crypto/signature';
 export const TAPROOT_LEAF_MASK = 0xfe;
 export const TAPROOT_LEAF_TAPSCRIPT = 0xc0;
 export const TAPROOT_CONTROL_BASE_SIZE = 33;
@@ -15,39 +16,45 @@ export const TAPROOT_CONTROL_MAX_SIZE = TAPROOT_CONTROL_BASE_SIZE +
     TAPROOT_CONTROL_NODE_SIZE * TAPROOT_CONTROL_MAX_NODE_COUNT;
 export const TAPROOT_SCRIPTTYPE = Opcode.OP_1;
 export const TAPROOT_INTRO_SIZE = 3;
-export const TAPROOT_SIZE_WITHOUT_STATE = TAPROOT_INTRO_SIZE + 33;
-export const TAPROOT_SIZE_WITH_STATE = TAPROOT_INTRO_SIZE + 33 + 33;
+export const PUBKEY_COMPRESSED_SIZE = 33;
+export const PUBKEY_UNCOMPRESSED_SIZE = 65;
+export const PUBKEY_XCOORD_SIZE = 32;
+export const SHA256_HASH_SIZE = 32;
+export const TAPROOT_STATE_PUSH_SIZE = 32;
+export const TAPROOT_SIZE_WITHOUT_STATE = TAPROOT_INTRO_SIZE + PUBKEY_COMPRESSED_SIZE;
+export const TAPROOT_SIZE_WITH_STATE = TAPROOT_INTRO_SIZE + PUBKEY_COMPRESSED_SIZE + 1 + SHA256_HASH_SIZE;
 export const TAPROOT_SIGHASH_TYPE = Signature.SIGHASH_ALL | Signature.SIGHASH_LOTUS;
 export const TAPROOT_ANNEX_TAG = 0x50;
+export const TAPROOT_TAG_TAPLEAF = 'TapLeaf';
+export const TAPROOT_TAG_TAPBRANCH = 'TapBranch';
+export const TAPROOT_TAG_TAPTWEAK = 'TapTweak';
 export function taggedHash(tag, data) {
-    const tagHash = Hash.sha256(Buffer.from(tag, 'utf8'));
-    const combined = Buffer.concat([tagHash, tagHash, data]);
+    const tagHash = Hash.sha256(BufferUtil.from(tag, 'utf8'));
+    const combined = BufferUtil.concat([tagHash, tagHash, data]);
     return Hash.sha256(combined);
 }
-export function calculateTapTweak(internalPubKey, merkleRoot = Buffer.alloc(32)) {
-    const pubKeyBytes = internalPubKey.toBuffer();
-    const data = Buffer.concat([pubKeyBytes, merkleRoot]);
-    return taggedHash('TapTweak', data);
+export function calculateTapTweak(internalPubKey, merkleRoot = BufferUtil.alloc(SHA256_HASH_SIZE)) {
+    return taggedHash(TAPROOT_TAG_TAPTWEAK, BufferUtil.concat([internalPubKey.toBuffer(), merkleRoot]));
 }
 export function calculateTapLeaf(script, leafVersion = TAPROOT_LEAF_TAPSCRIPT) {
-    const scriptBuf = Buffer.isBuffer(script) ? script : script.toBuffer();
+    const scriptBuf = BufferUtil.isBuffer(script) ? script : script.toBuffer();
     const writer = new BufferWriter();
     writer.writeUInt8(leafVersion);
     writer.writeVarintNum(scriptBuf.length);
     writer.write(scriptBuf);
-    return taggedHash('TapLeaf', writer.toBuffer());
+    return taggedHash(TAPROOT_TAG_TAPLEAF, writer.toBuffer());
 }
 export function calculateTapBranch(left, right) {
-    const ordered = Buffer.compare(left, right) < 0
-        ? Buffer.concat([left, right])
-        : Buffer.concat([right, left]);
-    return taggedHash('TapBranch', ordered);
+    const ordered = BufferUtil.compare(left, right) < 0
+        ? BufferUtil.concat([left, right])
+        : BufferUtil.concat([right, left]);
+    return taggedHash(TAPROOT_TAG_TAPBRANCH, ordered);
 }
-export function tweakPublicKey(internalPubKey, merkleRoot = Buffer.alloc(32)) {
+export function tweakPublicKey(internalPubKey, merkleRoot = BufferUtil.alloc(SHA256_HASH_SIZE)) {
     const tweak = calculateTapTweak(internalPubKey, merkleRoot);
     return internalPubKey.addScalar(tweak);
 }
-export function tweakPrivateKey(internalPrivKey, merkleRoot = Buffer.alloc(32)) {
+export function tweakPrivateKey(internalPrivKey, merkleRoot = BufferUtil.alloc(SHA256_HASH_SIZE)) {
     const internalPubKey = internalPrivKey.publicKey;
     const tweak = calculateTapTweak(internalPubKey, merkleRoot);
     const tweakBN = new BN(tweak);
@@ -65,7 +72,7 @@ export function buildTapTree(tree) {
     if (isTapLeafNode(tree)) {
         const leafNode = tree;
         const leafVersion = leafNode.leafVersion || TAPROOT_LEAF_TAPSCRIPT;
-        const scriptBuf = Buffer.isBuffer(leafNode.script)
+        const scriptBuf = BufferUtil.isBuffer(leafNode.script)
             ? leafNode.script
             : leafNode.script.toBuffer();
         const leafHash = calculateTapLeaf(scriptBuf, leafVersion);
@@ -104,83 +111,83 @@ export function createControlBlock(internalPubKey, leafIndex, tree) {
     }
     const leaf = treeResult.leaves[leafIndex];
     const pubKeyBytes = internalPubKey.toBuffer();
-    const parity = pubKeyBytes[0] === 0x03 ? 1 : 0;
+    const parity = pubKeyBytes[0] === PUBKEY_PREFIX_ODD ? 1 : 0;
     const controlByte = (leaf.leafVersion & TAPROOT_LEAF_MASK) | parity;
     const writer = new BufferWriter();
     writer.writeUInt8(controlByte);
-    writer.write(pubKeyBytes.slice(1, 33));
+    writer.write(pubKeyBytes.slice(1, PUBKEY_COMPRESSED_SIZE));
     for (const node of leaf.merklePath) {
         writer.write(node);
     }
     return writer.toBuffer();
 }
-export function verifyTaprootCommitment(commitmentPubKey, internalPubKey, merkleRoot) {
-    const expectedCommitment = tweakPublicKey(internalPubKey, merkleRoot);
-    return commitmentPubKey.toString() === expectedCommitment.toString();
+export function applyTweakToPublicKey(internalPubKey, tweak) {
+    return internalPubKey.addScalar(tweak);
 }
-export function isPayToTaproot(script) {
-    const buf = script.toBuffer();
-    if (buf.length < TAPROOT_SIZE_WITHOUT_STATE) {
-        return false;
-    }
-    if (buf[0] !== Opcode.OP_SCRIPTTYPE || buf[1] !== TAPROOT_SCRIPTTYPE) {
-        return false;
-    }
-    if (buf[2] !== 33) {
-        return false;
+export function verifyTaprootCommitment(controlBlock, commitment, script) {
+    try {
+        if (controlBlock.length < TAPROOT_CONTROL_BASE_SIZE) {
+            return { tapleafHash: BufferUtil.alloc(SHA256_HASH_SIZE), success: false };
+        }
+        const pathLen = Math.floor((controlBlock.length - TAPROOT_CONTROL_BASE_SIZE) /
+            TAPROOT_CONTROL_NODE_SIZE);
+        const leafVersion = controlBlock[0] & TAPROOT_LEAF_MASK;
+        let leafHash = calculateTapLeaf(script, leafVersion);
+        let merkleHash = leafHash;
+        for (let i = 0; i < pathLen; i++) {
+            const nodeOffset = TAPROOT_CONTROL_BASE_SIZE + i * TAPROOT_CONTROL_NODE_SIZE;
+            const node = controlBlock.slice(nodeOffset, nodeOffset + TAPROOT_CONTROL_NODE_SIZE);
+            if (BufferUtil.compare(merkleHash, node) < 0) {
+                merkleHash = calculateTapBranch(merkleHash, node);
+            }
+            else {
+                merkleHash = calculateTapBranch(node, merkleHash);
+            }
+        }
+        const pubkeyBytes = controlBlock.slice(0, TAPROOT_CONTROL_BASE_SIZE);
+        const pubkeyBuffer = BufferUtil.from(pubkeyBytes);
+        pubkeyBuffer[0] =
+            pubkeyBuffer[0] & 1 ? PUBKEY_PREFIX_ODD : PUBKEY_PREFIX_EVEN;
+        const internalPubKey = new PublicKey(pubkeyBuffer);
+        const tweakHash = calculateTapTweak(internalPubKey, merkleHash);
+        const commitmentKey = new PublicKey(commitment);
+        const expectedCommitment = applyTweakToPublicKey(internalPubKey, tweakHash);
+        return {
+            tapleafHash: leafHash,
+            success: commitmentKey.toString() === expectedCommitment.toString(),
+        };
     }
-    if (buf.length === TAPROOT_SIZE_WITHOUT_STATE) {
-        return true;
+    catch (e) {
+        return { tapleafHash: BufferUtil.alloc(SHA256_HASH_SIZE), success: false };
     }
-    return (buf.length === TAPROOT_SIZE_WITH_STATE &&
-        buf[TAPROOT_SIZE_WITHOUT_STATE] === 32);
 }
 export function extractTaprootCommitment(script) {
-    if (!isPayToTaproot(script)) {
+    if (!script.isTaprootOut()) {
         throw new Error('Not a valid Pay-To-Taproot script');
     }
-    const buf = script.toBuffer();
-    const commitmentBytes = buf.subarray(3, 3 + 33);
-    return PublicKey.fromBuffer(commitmentBytes);
+    return PublicKey.fromBuffer(script.chunks[2].buf);
 }
 export function extractTaprootState(script) {
-    const buf = script.toBuffer();
-    if (buf.length !== TAPROOT_SIZE_WITH_STATE) {
+    if (!script.isTaprootOut()) {
         return null;
     }
-    return buf.subarray(TAPROOT_SIZE_WITHOUT_STATE + 1, TAPROOT_SIZE_WITH_STATE);
-}
-export function buildPayToTaproot(commitment, state) {
-    if (state && state.length !== 32) {
-        throw new Error('Taproot state must be exactly 32 bytes');
-    }
-    const commitmentBytes = commitment.toBuffer();
-    if (commitmentBytes.length !== 33) {
-        throw new Error('Commitment must be 33-byte compressed public key');
-    }
-    if (state) {
-        return new Script()
-            .add(Opcode.OP_SCRIPTTYPE)
-            .add(TAPROOT_SCRIPTTYPE)
-            .add(commitmentBytes)
-            .add(state);
-    }
-    else {
-        return new Script()
-            .add(Opcode.OP_SCRIPTTYPE)
-            .add(TAPROOT_SCRIPTTYPE)
-            .add(commitmentBytes);
+    if (script.chunks.length !== 4) {
+        return null;
     }
+    return script.chunks[3].buf;
+}
+export function buildPayToTaproot(_commitment, _state) {
+    throw new Error('This function has been deprecated. Used Script.buildTaprootOut instead');
 }
-export function buildKeyPathTaproot(internalPubKey, state) {
-    const merkleRoot = Buffer.alloc(32);
+export function buildKeyPathTaproot(internalPubKey) {
+    const merkleRoot = BufferUtil.alloc(SHA256_HASH_SIZE);
     const commitment = tweakPublicKey(internalPubKey, merkleRoot);
-    return buildPayToTaproot(commitment, state);
+    return Script.buildTaprootOut(commitment);
 }
 export function buildScriptPathTaproot(internalPubKey, tree, state) {
     const treeInfo = buildTapTree(tree);
     const commitment = tweakPublicKey(internalPubKey, treeInfo.merkleRoot);
-    const script = buildPayToTaproot(commitment, state);
+    const script = Script.buildTaprootOut(commitment, state);
     return {
         script,
         commitment,
@@ -190,14 +197,14 @@ export function buildScriptPathTaproot(internalPubKey, tree, state) {
 }
 export function verifyTaprootScriptPath(internalPubKey, script, commitmentPubKey, leafVersion, merklePath, parity) {
     try {
-        const pubkeyPrefix = parity === 0 ? 0x02 : 0x03;
-        const fullPubkey = Buffer.concat([
-            Buffer.from([pubkeyPrefix]),
+        const pubkeyPrefix = parity === 0 ? PUBKEY_PREFIX_EVEN : PUBKEY_PREFIX_ODD;
+        const fullPubkey = BufferUtil.concat([
+            BufferUtil.from([pubkeyPrefix]),
             internalPubKey,
         ]);
         let leafHash = calculateTapLeaf(script, leafVersion);
         for (const pathNode of merklePath) {
-            if (Buffer.compare(leafHash, pathNode) < 0) {
+            if (BufferUtil.compare(leafHash, pathNode) < 0) {
                 leafHash = calculateTapBranch(leafHash, pathNode);
             }
             else {
@@ -216,6 +223,10 @@ export function verifyTaprootScriptPath(internalPubKey, script, commitmentPubKey
         return false;
     }
 }
+export function verifyTaprootScriptPathFromControlBlock(controlBlock, commitment, script) {
+    const result = verifyTaprootCommitment(controlBlock, commitment, script);
+    return result.success;
+}
 export function verifyTaprootSpend(scriptPubkey, stack, flags) {
     const SCRIPT_DISABLE_TAPROOT_SIGHASH_LOTUS = 1 << 22;
     const SCRIPT_TAPROOT_KEY_SPEND_PATH = 1 << 23;
@@ -223,7 +234,7 @@ export function verifyTaprootSpend(scriptPubkey, stack, flags) {
     if (flags & SCRIPT_DISABLE_TAPROOT_SIGHASH_LOTUS) {
         return { success: false, error: 'SCRIPT_ERR_TAPROOT_PHASEOUT' };
     }
-    if (!isPayToTaproot(scriptPubkey)) {
+    if (!scriptPubkey.isTaprootOut()) {
         return { success: false, error: 'SCRIPT_ERR_SCRIPTTYPE_MALFORMED_SCRIPT' };
     }
     const scriptBuf = scriptPubkey.toBuffer();