Skip to main content

ark/
lib.rs

1
2pub extern crate bitcoin;
3
4#[macro_use] extern crate serde;
5#[macro_use] extern crate lazy_static;
6
7#[macro_use] pub mod util;
8
9pub mod address;
10pub mod arkoor;
11pub mod attestations;
12pub mod board;
13pub mod connectors;
14pub mod encode;
15pub mod error;
16pub mod fees;
17pub mod forfeit;
18pub mod lightning;
19pub mod mailbox;
20pub mod musig;
21pub mod offboard;
22pub mod rounds;
23pub mod time;
24pub mod tree;
25pub mod vtxo;
26pub mod integration;
27
28pub use crate::address::Address;
29pub use crate::encode::{ProtocolEncoding, WriteExt, ReadExt, ProtocolDecodingError};
30pub use crate::vtxo::{Vtxo, VtxoId, VtxoPolicy, ServerVtxoPolicy, ServerVtxo};
31
32#[cfg(test)]
33mod napkin;
34#[cfg(any(test, feature = "test-util"))]
35pub mod test_util;
36
37
38use std::time::Duration;
39
40use bitcoin::{Amount, FeeRate, Network};
41use bitcoin::secp256k1::{self, PublicKey};
42
43use bitcoin_ext::BlockDelta;
44
45use crate::fees::FeeSchedule;
46
47lazy_static! {
48	/// Global secp context.
49	pub static ref SECP: secp256k1::Secp256k1<secp256k1::All> = secp256k1::Secp256k1::new();
50}
51
52#[derive(Debug, Clone, PartialEq, Eq)]
53pub struct ArkInfo {
54	/// The bitcoin network the server operates on
55	pub network: Network,
56	/// The Ark server pubkey
57	pub server_pubkey: PublicKey,
58	/// The pubkey used for blinding unified mailbox IDs
59	pub mailbox_pubkey: PublicKey,
60	/// The interval between each round
61	pub round_interval: Duration,
62	/// Number of nonces per round
63	pub nb_round_nonces: usize,
64	/// Delta between exit confirmation and coins becoming spendable
65	pub vtxo_exit_delta: BlockDelta,
66	/// Expiration delta of the VTXO
67	pub vtxo_expiry_delta: BlockDelta,
68	/// The number of blocks after which an HTLC-send VTXO expires once granted.
69	pub htlc_send_expiry_delta: BlockDelta,
70	/// The number of blocks to keep between Lightning and Ark HTLCs expiries
71	pub htlc_expiry_delta: BlockDelta,
72	/// Maximum amount of a VTXO
73	pub max_vtxo_amount: Option<Amount>,
74	/// The number of confirmations required to register a board vtxo
75	pub required_board_confirmations: usize,
76	/// Maximum CLTV delta server will allow clients to request an
77	/// invoice generation with.
78	pub max_user_invoice_cltv_delta: u16,
79	/// Minimum amount for a board the server will cosign
80	pub min_board_amount: Amount,
81
82	/// The feerate for offboard transactions.
83	///
84	/// Deprecated in favour of the dedicated `GetOffboardFeeRate` RPC.
85	/// This field is still populated for backwards compatibility with
86	/// older clients but may be stale; prefer
87	/// [`ServerConnection::offboard_feerate`] which calls the dedicated
88	/// endpoint.
89	#[deprecated(since = "0.1.5", note = "use ServerConnection::offboard_feerate instead")]
90	pub offboard_feerate: FeeRate,
91
92	/// Indicates whether the Ark server requires clients to either
93	/// provide a VTXO ownership proof, or a lightning receive token
94	/// when preparing a lightning claim.
95	pub ln_receive_anti_dos_required: bool,
96
97	/// Fee schedule for all Ark operations
98	pub fees: FeeSchedule,
99
100	/// Maximum exit depth (genesis chain length) allowed for a VTXO.
101	/// Once a VTXO's exit depth reaches this value the server will refuse to
102	/// cosign further OOR transactions spending it. Clients should refresh
103	/// their VTXOs into a round before this limit is reached.
104	pub max_vtxo_exit_depth: u16,
105}
106
107/// Request for the creation of an vtxo.
108#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
109pub struct VtxoRequest {
110	pub amount: Amount,
111	#[serde(with = "crate::encode::serde")]
112	pub policy: VtxoPolicy,
113}
114
115impl AsRef<VtxoRequest> for VtxoRequest {
116	fn as_ref(&self) -> &VtxoRequest {
117	    self
118	}
119}
120
121/// Request for the creation of an vtxo in a signed round
122#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
123pub struct SignedVtxoRequest {
124	/// The actual VTXO request.
125	pub vtxo: VtxoRequest,
126	/// The public key used by the client to cosign the transaction tree
127	/// The client SHOULD forget this key after signing it
128	pub cosign_pubkey: PublicKey,
129	/// The public cosign nonces for the cosign pubkey
130	pub nonces: Vec<musig::PublicNonce>,
131}
132
133impl AsRef<VtxoRequest> for SignedVtxoRequest {
134	fn as_ref(&self) -> &VtxoRequest {
135	    &self.vtxo
136	}
137}
138
139pub mod scripts {
140	use bitcoin::{opcodes, ScriptBuf, TapSighash, TapTweakHash, Transaction};
141	use bitcoin::hashes::{sha256, ripemd160, Hash};
142	use bitcoin::secp256k1::{schnorr, PublicKey, XOnlyPublicKey};
143
144	use bitcoin_ext::{BlockDelta, BlockHeight, TAPROOT_KEYSPEND_WEIGHT};
145
146	use crate::musig;
147
148	/// Create a tapscript that is a checksig and a relative timelock.
149	pub fn delayed_sign(delay_blocks: BlockDelta, pubkey: XOnlyPublicKey) -> ScriptBuf {
150		let csv = bitcoin::Sequence::from_height(delay_blocks);
151		bitcoin::Script::builder()
152			.push_int(csv.to_consensus_u32() as i64)
153			.push_opcode(opcodes::all::OP_CSV)
154			.push_opcode(opcodes::all::OP_DROP)
155			.push_x_only_key(&pubkey)
156			.push_opcode(opcodes::all::OP_CHECKSIG)
157			.into_script()
158	}
159
160	/// Create a tapscript that is a checksig and an absolute timelock.
161	pub fn timelock_sign(timelock_height: BlockHeight, pubkey: XOnlyPublicKey) -> ScriptBuf {
162		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
163		bitcoin::Script::builder()
164			.push_int(lt.to_consensus_u32() as i64)
165			.push_opcode(opcodes::all::OP_CLTV)
166			.push_opcode(opcodes::all::OP_DROP)
167			.push_x_only_key(&pubkey)
168			.push_opcode(opcodes::all::OP_CHECKSIG)
169			.into_script()
170	}
171
172	/// Create a tapscript
173	pub fn delay_timelock_sign(
174		delay_blocks: BlockDelta,
175		timelock_height: BlockHeight,
176		pubkey: XOnlyPublicKey,
177	) -> ScriptBuf {
178		let csv = bitcoin::Sequence::from_height(delay_blocks);
179		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
180		bitcoin::Script::builder()
181			.push_int(lt.to_consensus_u32().try_into().unwrap())
182			.push_opcode(opcodes::all::OP_CLTV)
183			.push_opcode(opcodes::all::OP_DROP)
184			.push_int(csv.to_consensus_u32().try_into().unwrap())
185			.push_opcode(opcodes::all::OP_CSV)
186			.push_opcode(opcodes::all::OP_DROP)
187			.push_x_only_key(&pubkey)
188			.push_opcode(opcodes::all::OP_CHECKSIG)
189			.into_script()
190	}
191
192	/// Contract that requires revealing the preimage to the given hash
193	/// and a signature using the given (aggregate) pubkey
194	///
195	/// The expected spending script witness is the preimage followed by
196	/// the signature.
197	pub fn hash_and_sign(hash: sha256::Hash, pubkey: XOnlyPublicKey) -> ScriptBuf {
198		let hash_160 = ripemd160::Hash::hash(&hash[..]);
199
200		bitcoin::Script::builder()
201			.push_opcode(opcodes::all::OP_HASH160)
202			.push_slice(hash_160.as_byte_array())
203			.push_opcode(opcodes::all::OP_EQUALVERIFY)
204			.push_x_only_key(&pubkey)
205			.push_opcode(opcodes::all::OP_CHECKSIG)
206			.into_script()
207	}
208
209	pub fn hash_delay_sign(
210		hash: sha256::Hash,
211		delay_blocks: BlockDelta,
212		pubkey: XOnlyPublicKey,
213	) -> ScriptBuf {
214		let hash_160 = ripemd160::Hash::hash(&hash[..]);
215		let csv = bitcoin::Sequence::from_height(delay_blocks);
216
217		bitcoin::Script::builder()
218			.push_int(csv.to_consensus_u32().try_into().unwrap())
219			.push_opcode(opcodes::all::OP_CSV)
220			.push_opcode(opcodes::all::OP_DROP)
221			.push_opcode(opcodes::all::OP_HASH160)
222			.push_slice(hash_160.as_byte_array())
223			.push_opcode(opcodes::all::OP_EQUALVERIFY)
224			.push_x_only_key(&pubkey)
225			.push_opcode(opcodes::all::OP_CHECKSIG)
226			.into_script()
227	}
228
229	/// Fill in the signatures into the unsigned transaction.
230	///
231	/// Panics if the nb of inputs and signatures doesn't match or if some input
232	/// witnesses are not empty.
233	pub fn fill_taproot_sigs(tx: &mut Transaction, sigs: &[schnorr::Signature]) {
234		assert_eq!(tx.input.len(), sigs.len());
235		for (input, sig) in tx.input.iter_mut().zip(sigs.iter()) {
236			assert!(input.witness.is_empty());
237			input.witness.push(&sig[..]);
238			debug_assert_eq!(TAPROOT_KEYSPEND_WEIGHT, input.witness.size());
239		}
240	}
241
242	/// Verify a partial signature from either of the two parties cosigning a tx.
243	pub fn verify_partial_sig(
244		sighash: TapSighash,
245		tweak: TapTweakHash,
246		signer: (PublicKey, &musig::PublicNonce),
247		other: (PublicKey, &musig::PublicNonce),
248		partial_signature: &musig::PartialSignature,
249	) -> bool {
250		let agg_nonce = musig::nonce_agg(&[&signer.1, &other.1]);
251		let agg_pk = musig::tweaked_key_agg([signer.0, other.0], tweak.to_byte_array()).0;
252
253		let session = musig::Session::new(&agg_pk, agg_nonce, &sighash.to_byte_array());
254		session.partial_verify(
255			&agg_pk, partial_signature, signer.1, musig::pubkey_to(signer.0),
256		)
257	}
258}