* Add OrderedSchnorrSignatures, use it in OracleAttestment, propagate it threw the codebase
* Small cleanups
* Add SortedVecFactory
* Fix test case with out of order nonces
* Represent and handle SIGHASH_DEFAULT correctly in TaprootKeyPath
* Prevent construction of invalid TaprootKeyPath, fix tests
* Have SIGHASH_DEFAULT be SIGHASH_ALL in preTaproot cases
* Add static test vectors for Taproot and the ability to parse those test cases
Add TaprootWitness data structure, get parsing working for first static test case
WIP: Distinguish between TaprootKeyPath and TaprootScriptPath
Remove invariants and make val to method in TaprootScriptPath so we can parse test cases
Add TaprootTestCase.{txSigComponents, programs} methods
Try to run test case
WIP
Wrap failure case in Try
Get first test case passing
Fix building of sig component for p2sh
WIP test case legacy/pk-wrongkey
Get more test cases passing
Move where MAX_PUSH_SIZE is checked for segwit
Get another test case passing
Add links to bitcoin core in test case
Fix stack parsing for witness
Get success test cases passing (without signature verification?)
Add failure test cases
Fix basic compile failures except in javascript projects
Get basic TaprootKeyPath parsing working from ScriptWitness
Get invariants implemented correctly for TaprootScriptPath
WIP
WIP
Get first taproot signature serialization test working
Get tagged hash working correctly
Rework test framework, get 2nd success test case passing
Get compile working with rebase
Implement computeTapleafHash with a unit test case
Add scaffolding of computing merkle root test case
Implement computeTaprootMerkleRoot() with a unit test
Implement computeTapTweakHash() with a unit test
WIP: checkTapTweak()
WIP
Implement computeTapTweakHash() unit test
Rebase onto master
Get verifyTaprootCommitment() passing unit test
Refactors to be more readable
* WIP: Tapscript signature checking
* Get taproot script path signature serialization working for unit test
* Add carve out for unknown public key types
* WIP: OP_CHECKSIGADD
* Add test case to detect annex and compute its hash
* Get test case passing when using upgradable public keys with an annex on the stack
* Fix missing pattern match
* Fix bug with tapscript SIGHASH_ALL and add test case
* Add check if taproot flag is enabled
* Get signature verification working with annex hash
* Implement correct handling of fail case for OP_CHECKSIGADD
* Get test case passing
* DRY
* Fix bug, now we only allow tapscript sig checking when pubkey is 32 bytes in size
* Refactor evalChecksigTapscript to use XOnlyPubKey
* Get signature serialization working with OP_CODESEPARATOR
* Get SIGHASH_ANYONECANPAY|SINGLE example working
* Fix bug in BIP342 impl where we don't count op codes if the version is taproot
* Fix OP_CODESEPARATOR bug
* Implement calculating of OP_CODESEPARATOR idx relative to other opcodes, not push operations
* Fix OP_CHECKSIG tapscript bug where we didn't push OP_FALSE onto stack in case of signature validation failure
* Add annex to TaprootKeyPath
* Get signature chcking working with tapscript keypath annex
* Cleanup test framework code a bit to avoid casting exceptions
* Implement handling of OP_SUCCESS
* WIP: Segwit v0 serialization with nonstandard sighash flag
* Fix hash bug in segwit v0 serialization
* WIP
* Fix bug where we weren't defaulting to SIGHASH_DEFAULT when using tapscript
* Add disabled opcodes to OP_SUCCESS case
* Fix parsing for witnesses in test case
* Get a SIGHASH_SINGLE test case working
* Clean up rebase
* Fix default hash type in TaprootKeyPath
* Implement opCodeSeparator counting that does NOT work when OP_CODESEPARATOR is is not executed inside of an OP_IF, otherwise is very simple for the base case
* Cherry-pick ben's commits & rebase
* Remove script size limit for tap scripts
* Fix incorrect handling of unassigned spk
* Fix invariant
* get correct test case failing
* WIP: SIGHASH_ALL_ANYONECANPAY test case
* Cleanup logging/println
* Refactors & fix regressions in some simple unit tests
* Remove logback in core to get the entire project compiling again
* Make TapscriptPath.hasAnnex() more robust against exceptions
* Add validation of XOnlyPubKey to control block
* Implement known leaf versions in the control block
* Add TaprootUnknownPath and UnknownControlBlock
* Fix rebase
* Fix interpreter bug where v0 segwit wasn't failing when a wrong program was used
* Cleanup println
* Clean up println pt2
* Re-enable -Xfatal-warnings
* Turn off logback-test.xml
* Parallelize taproot success test cases
* Try to bump timeout
* Optimization: Reduce number of intersections in ScriptInterpreter.run()
* Ben's code review
* Take ben's clean stack bugfix
Co-authored-by: benthecarman <benthecarman@live.com>
* An initial (not yet working) implementation with test
* Added custom (non-bip-340) verification for now
* Made KeySet a case class
* Got MuSig2 working with BIP340 verification passing
* Responds to Ben's review
* Fixed hash tags and added parital signature verification
* Added point multiplication that allows infinity and did some refactoring
* Refactored type defs into case classes
* Added tests for more signers and fixed single-party bug
* Added key aggregation test vectors from BIP
* Added nonce generation test vectors from BIP
* Added nonce aggregation test vectors from BIP
* Made nonce aggregation test vectors pass by having MultiNoncePub wrap SecpPoints
* Added remaining static test vectors from BIP
* Implements tweaking support and adds tests, including all of the remaining BIP tests
* Added factory objects for nonce types
* Refactored things into multiple files with renaming and restructuring
* Some minor renaming
* Introduced ParityMultiplier ADT to remove unneccesary computations
* Added scaladocs
* Added messages to invariants
* Fixed a typo
* Nonce generation now takes a SchnorrPublicKey instead of raw bytes
* Made point multiplication more robust
* Responded to Ben nits
* Added musig.md
* Implement BIP341
Get coreTest working
* REmove logger
* scalafmt
* Cleanup
* Make checkSigTapScrip() take a SchnorrPublicKey
* Address ben's code review
* Adjust error type on WitenssVersionV1.rebuild()
* Renamed ECPublicKey.tweakMultiply to just multiply and added CryptoParams.getG
* Used decompressed G in FieldElement.G
* Removed G from FieldElement altogether
* HashType now uses Int instead of Int32
* Moved HashType from core to crypto
* Added HashType helper functions to ECDigitalSignature
* Added tests
* Fixed compile
* Get refactor working where we decouple CETSignatures and the partial refund signature
* Add DLCAcceptWithCetSigs() for the case where we have a refund sig, but no cet signatures
* Fix bugs
* Fix sighash parsing bugs
* Encapsulate initialization of DLCOracle.start() method
* Use internal WalletAppConfig.kmConf rather than passing in custom key manager parameters
* Add KeyManagerAppConfig.defaultAccountType
* Get all tests passing besides TrezorAddressTest
* Get TrezorAddressTest passing with provided entropy
* Add unit test to make sure we can always derive the seed
* Get docs compiling
* Fix dlcWalletTest test cases
* Add more test cases to keymanager
* Add the new configuration to the example configuration
* Add more test cases
* Remove coverage on 2.12 as it isn't accurate
* Rework DLCOracleAppConfig.start() to call kmConf.start() so the oracle can use entropy provided via bitcoin-s.conf
* Removed type parameter from PublicKey
* Deduplicated call to public key decompression in isFullyValid
* Fixed FieldElement
* Added CurveCoordinate to replace FieldElement in places where it was being misused
* Added edge case tests
* Removed ExecutionContext from ECKey
* Refactored ECPublicKey to remove compression state and introduced ECPublicKeyBytes to handle cases where serialization of input is important
* Fixed the rest of bitcoin-s so that it passes all tests
* Made all ECKeys into case classes
* Successfully added isFullyValid invariant to ECPublicKey!
* Fixed docs
* Added scaladocs and fixed a RpcPsbtResult bug
* Reject private keys of length < 32 and fix WIF parsing bug
* Replaced secp256k1 with secp256k1-zkp as submodule pointing to my java-bindings branch
* Built new binaries for schnorr signing and adaptor signing and integrated into LibSecp256k1CryptoRuntime
* Added public key compression function with tests, removed old adaptor signature point serializers
* Implemented ECDSA adaptor signatures in scala according to the most recent spec
* Added static test vectors for adaptor signing from spec
* Moved bouncy castle adaptor signing tests to .jvm
* Added scaladocs and responded to nits
* Added scaladocs with legends to spec naming
* Responded to Ben's review
* Fixed scala 2.12 compile issue
* Fixed BouncyCastle secKeyVerify
* Updated add-to-jni build instructions
* Updated secp256k1-zkp to target bitcoin-s-master
* Add windows binary (#14)
* Added Mac OS binaries
Co-authored-by: benthecarman <benthecarman@live.com>
* Silence scalajs warnings for org.bitcoins.crypto package
* Add comments
* Create 'facades' package, move all js facades into that package. Make the new -Wconf flags work with only scala 2.13.x
* Small cleanups
* Schnorr sigs for Scala.js
* fix build
* put BIP340 test vectors in a shared space
* remove teskit dependency, fix point edge cases
* fix build
* Adaptor signatures for Scala.jsr
* add some more tests
* add unit tests for point addition
* scaladoc
* add more public keys tests
* Add scaladoc
* Remove extra isCompressed flag on CryptoRuntime.toPublicKey() as it is inside of ECPrivateKey already
Co-authored-by: christewart <stewart.chris1234@gmail.com>
* Schnorr sigs for Scala.js
* fix build
* put BIP340 test vectors in a shared space
* remove teskit dependency, fix point edge cases
* fix build
* add unit tests for point addition
* scaladoc
* cleanup
* respond to the comments
* Fix usage of BitcoinSLogger
Co-authored-by: christewart <stewart.chris1234@gmail.com>
* Update all deps that failed because of bad build
* Revert jvmopts
* Try bumping jvmopts max heap size to get mac builds to work
* Double up timeout in ScriptGenerators
* Use Future.successful() in signFunction to try and reduce overload on executionContext
* Push to github to force re-run of CI
* Upgrade sbt to 1.4.9
* Move CryptoParams to shared crypto project, make BouncyCastleCryptoParams for bouncy castle specific things
* Rework build structure to work better with scalajs
* Add unit test to make sure CryptoParams & BouncyCastleCryptoParams are consistent
* Refactor crypto module to be compatible with Scala.js
* more changes
* some more changes
* abstract out Schnorr stuff
* abstract out adapter stuff
* cleanup
* some more cleanup
* fix build
* Removed references to ECPoint outside of .jvm scope
* remove references to ECPoint from the shared code
* cleanup
* remove cirlular dependencies
* more cleanup
* cleanup
* move SipHash to CryptoContext
* scaladoc
* scalafmt
Co-authored-by: nkohen <nadavk25@gmail.com>
* Add CryptoRuntime, extend it with CryptoUtil
* Remove direct usages of CryptoUtil in the core project, use CryptoTrait.cryptoRuntime
* Add JvmCryptoRuntime
* Take ben's suggestion so we don't need to modify anyting in core, h/t to ben
* Refactor ECPrivateKey.freshPrivateKey to use CryptoUtil.freshPrivateKey
* Remove CryptoTrait as it is no longer necessary
* Moved dlc data structures from commons to core
* Renamed DLC payout curve classes
* Split OutcomeValuePoint up into an ADT
* Added utility for computing Schnorr multiple-signature points
* Replaced tuples in RoundingIntervals with types
* Replaced tuples in DLCPayoutCurve with Indexed
* Fixed a compile bug
* Pulled down work from adaptor-dlc onto master
* Reverted some accidental deletions
* Removed unused import
* Added scaladocs
* Responded to Ben's review
* Added some scaladocs and invariants
* Responded to chris' review
* Responded to more review
* Added some comments