ark/

lib.rs

pub extern crate bitcoin;

#[macro_use] extern crate serde;
#[macro_use] extern crate lazy_static;

#[macro_use] mod util;

pub mod address;
pub mod arkoor;
pub mod challenges;
pub mod connectors;
pub mod encode;
pub mod error;
pub mod forfeit;
pub mod lightning;
pub mod mailbox;
pub mod musig;
pub mod board;
pub mod rounds;
pub mod tree;
pub mod vtxo;
pub mod integration;

pub use crate::address::Address;
pub use crate::encode::{ProtocolEncoding, WriteExt, ReadExt, ProtocolDecodingError};
pub use crate::vtxo::{Vtxo, VtxoId, VtxoPolicy};

#[cfg(test)]
mod napkin;
#[cfg(any(test, feature = "test-util"))]
pub mod test;


use std::time::Duration;

use bitcoin::{Amount, FeeRate, Network, Script, ScriptBuf, TxOut, Weight};
use bitcoin::secp256k1::{self, schnorr, PublicKey};

use bitcoin_ext::{
	BlockDelta, TxOutExt, P2PKH_DUST_VB, P2SH_DUST_VB, P2TR_DUST_VB, P2WPKH_DUST_VB, P2WSH_DUST_VB
};

lazy_static! {
	/// Global secp context.
	pub static ref SECP: secp256k1::Secp256k1<secp256k1::All> = secp256k1::Secp256k1::new();
}

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct ArkInfo {
	/// The bitcoin network the server operates on
	pub network: Network,
	/// The Ark server pubkey
	pub server_pubkey: PublicKey,
	/// The pubkey used for blinding unified mailbox IDs
	pub mailbox_pubkey: PublicKey,
	/// The interval between each round
	pub round_interval: Duration,
	/// Number of nonces per round
	pub nb_round_nonces: usize,
	/// Delta between exit confirmation and coins becoming spendable
	pub vtxo_exit_delta: BlockDelta,
	/// Expiration delta of the VTXO
	pub vtxo_expiry_delta: BlockDelta,
	/// The number of blocks after which an HTLC-send VTXO expires once granted.
	pub htlc_send_expiry_delta: BlockDelta,
	/// The number of blocks to keep between Lightning and Ark HTLCs expiries
	pub htlc_expiry_delta: BlockDelta,
	/// Maximum amount of a VTXO
	pub max_vtxo_amount: Option<Amount>,
	/// The number of confirmations required to register a board vtxo
	pub required_board_confirmations: usize,
	/// Maximum CLTV delta server will allow clients to request an
	/// invoice generation with.
	pub max_user_invoice_cltv_delta: u16,
	/// Minimum amount for a board the server will cosign
	pub min_board_amount: Amount,

	//TODO(stevenroose) move elsewhere eith other temp fields
	pub offboard_feerate: FeeRate,
	/// Indicates whether the Ark server requires clients to either
	/// provide a VTXO ownership proof, or a lightning receive token
	/// when preparing a lightning claim.
	pub ln_receive_anti_dos_required: bool,
}

/// Input of a round
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
pub struct VtxoIdInput {
	pub vtxo_id: VtxoId,
	/// A schnorr signature over a message containing a static prefix,
	/// a random challenge generated by the server and the VTXO's id.
	/// See [`challenges::RoundAttemptChallenge`].
	///
	/// Should be produced using VTXO's private key
	pub ownership_proof: schnorr::Signature,
}

/// Request for the creation of an vtxo.
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
pub struct VtxoRequest {
	pub amount: Amount,
	#[serde(with = "crate::encode::serde")]
	pub policy: VtxoPolicy,
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct SignedVtxoRequest {
	/// The actual VTXO request.
	pub vtxo: VtxoRequest,
	/// The public key used by the client to cosign the transaction tree
	/// The client SHOULD forget this key after signing it
	pub cosign_pubkey: Option<PublicKey>,
}


#[derive(Debug, Clone, PartialEq, Eq, Hash, thiserror::Error)]
#[error("invalid offboard request: {0}")]
pub struct InvalidOffboardRequestError(&'static str);


#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
pub struct OffboardRequest {
	#[serde(with = "bitcoin_ext::serde::encodable")]
	pub script_pubkey: ScriptBuf,
	#[serde(rename = "amount_sat", with = "bitcoin::amount::serde::as_sat")]
	pub amount: Amount,
}

impl OffboardRequest {
	/// Calculate the fee we have to charge for adding an output
	/// with the given scriptPubkey to a transaction.
	///
	/// Returns an error if the output type is non-standard.
	pub fn calculate_fee(
		script_pubkey: &Script,
		fee_rate: FeeRate,
	) -> Result<Amount, InvalidOffboardRequestError> {
		// NB We calculate the required extra fee as the "dust" fee for the given feerate.
		// We take Bitcoin's dust amounts, which are calculated at 3 sat/vb, but then
		// calculated for the given feerate. For more on dust, see:
		// https://bitcoin.stackexchange.com/questions/10986/what-is-meant-by-bitcoin-dust

		let vb = if script_pubkey.is_p2pkh() {
			P2PKH_DUST_VB
		} else if script_pubkey.is_p2sh() {
			P2SH_DUST_VB
		} else if script_pubkey.is_p2wpkh() {
			P2WPKH_DUST_VB
		} else if script_pubkey.is_p2wsh() {
			P2WSH_DUST_VB
		} else if script_pubkey.is_p2tr() {
			P2TR_DUST_VB
		} else if script_pubkey.is_op_return() {
			if script_pubkey.len() > 83 {
				return Err(InvalidOffboardRequestError("OP_RETURN over 83 bytes"));
			} else {
				bitcoin::consensus::encode::VarInt(script_pubkey.len() as u64).size() as u64
					+ script_pubkey.len() as u64
					+ 8  // output amount
					// the input data (scriptSig and witness length fields included)
					+ 36 // input prevout
					+ 4  // sequence
					+ 1  // 0 length scriptsig
					+ 1  // 0 length witness
			}
		} else {
			return Err(InvalidOffboardRequestError("non-standard scriptPubkey"));
		};
		Ok(fee_rate * Weight::from_vb(vb).expect("no overflow"))
	}

	/// Validate that the offboard has a valid script.
	pub fn validate(&self) -> Result<(), InvalidOffboardRequestError> {
		if self.to_txout().is_standard() {
			Ok(())
		} else {
			Err(InvalidOffboardRequestError("non-standard output"))
		}
	}

	/// Convert into a tx output.
	pub fn to_txout(&self) -> TxOut {
		TxOut {
			script_pubkey: self.script_pubkey.clone(),
			value: self.amount,
		}
	}

	/// Returns the fee charged for the user to make this offboard given the fee rate.
	pub fn fee(&self, fee_rate: FeeRate) -> Result<Amount, InvalidOffboardRequestError> {
		Ok(Self::calculate_fee(&self.script_pubkey, fee_rate)?)
	}
}

pub mod scripts {
	use bitcoin::{opcodes, ScriptBuf, TapSighash, TapTweakHash, Transaction};
	use bitcoin::hashes::{sha256, ripemd160, Hash};
	use bitcoin::secp256k1::{schnorr, PublicKey, XOnlyPublicKey};

	use bitcoin_ext::{BlockDelta, BlockHeight, TAPROOT_KEYSPEND_WEIGHT};

	use crate::musig;

	/// Create a tapscript that is a checksig and a relative timelock.
	pub fn delayed_sign(delay_blocks: BlockDelta, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let csv = bitcoin::Sequence::from_height(delay_blocks);
		bitcoin::Script::builder()
			.push_int(csv.to_consensus_u32() as i64)
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Create a tapscript that is a checksig and an absolute timelock.
	pub fn timelock_sign(timelock_height: BlockHeight, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
		bitcoin::Script::builder()
			.push_int(lt.to_consensus_u32() as i64)
			.push_opcode(opcodes::all::OP_CLTV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Create a tapscript
	pub fn delay_timelock_sign(delay_blocks: BlockDelta, timelock_height: BlockHeight, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let csv = bitcoin::Sequence::from_height(delay_blocks);
		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
		bitcoin::Script::builder()
			.push_int(lt.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CLTV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_int(csv.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	pub fn hash_and_sign(hash: sha256::Hash, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let hash_160 = ripemd160::Hash::hash(&hash[..]);

		bitcoin::Script::builder()
			.push_opcode(opcodes::all::OP_HASH160)
			.push_slice(hash_160.as_byte_array())
			.push_opcode(opcodes::all::OP_EQUALVERIFY)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	pub fn hash_delay_sign(hash: sha256::Hash, delay_blocks: BlockDelta, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let hash_160 = ripemd160::Hash::hash(&hash[..]);
		let csv = bitcoin::Sequence::from_height(delay_blocks);

		bitcoin::Script::builder()
			.push_int(csv.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_opcode(opcodes::all::OP_HASH160)
			.push_slice(hash_160.as_byte_array())
			.push_opcode(opcodes::all::OP_EQUALVERIFY)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Fill in the signatures into the unsigned transaction.
	///
	/// Panics if the nb of inputs and signatures doesn't match or if some input
	/// witnesses are not empty.
	pub fn fill_taproot_sigs(tx: &mut Transaction, sigs: &[schnorr::Signature]) {
		assert_eq!(tx.input.len(), sigs.len());
		for (input, sig) in tx.input.iter_mut().zip(sigs.iter()) {
			assert!(input.witness.is_empty());
			input.witness.push(&sig[..]);
			debug_assert_eq!(TAPROOT_KEYSPEND_WEIGHT, input.witness.size());
		}
	}

	/// Verify a partial signature from either of the two parties cosigning a tx.
	pub fn verify_partial_sig(
		sighash: TapSighash,
		tweak: TapTweakHash,
		signer: (PublicKey, &musig::PublicNonce),
		other: (PublicKey, &musig::PublicNonce),
		partial_signature: &musig::PartialSignature,
	) -> bool {
		let agg_nonce = musig::nonce_agg(&[&signer.1, &other.1]);
		let agg_pk = musig::tweaked_key_agg([signer.0, other.0], tweak.to_byte_array()).0;

		let session = musig::Session::new(&agg_pk, agg_nonce, &sighash.to_byte_array());
		session.partial_verify(
			&agg_pk, partial_signature, signer.1, musig::pubkey_to(signer.0),
		)
	}
}