boltz_client/swaps/

bitcoin.rs

use bitcoin::consensus::deserialize;
use bitcoin::hashes::Hash;
use bitcoin::hex::DisplayHex;
use bitcoin::key::rand::rngs::OsRng;
use bitcoin::key::rand::RngCore;
use bitcoin::secp256k1::{Keypair, Message, Secp256k1};
use bitcoin::sighash::Prevouts;
use bitcoin::taproot::{LeafVersion, Signature, TaprootBuilder, TaprootSpendInfo};
use bitcoin::transaction::Version;
use bitcoin::{
    blockdata::script::{Builder, Instruction, ScriptBuf},
    opcodes::{all::*, OP_0},
    Address, OutPoint, PublicKey,
};
use bitcoin::{sighash::SighashCache, Network, Sequence, Transaction, TxIn, TxOut, Witness};
use bitcoin::{Amount, Script, TapLeafHash, TapSighashType, Txid, XOnlyPublicKey};
use elements::pset::serialize::Serialize;
use secp256k1_musig::{
    musig::{self},
    Scalar,
};
use std::str::FromStr;

use crate::util::hex_to_bytes32;
use crate::util::secrets::rng_32b;
use crate::{error::Error, util::secrets::Preimage};

use bitcoin::{blockdata::locktime::absolute::LockTime, hashes::hash160};

use super::boltz::{
    BoltzApiClientV2, ChainSwapDetails, Cooperative, CreateReverseResponse,
    CreateSubmarineResponse, Side, SwapTxKind, SwapType, ToSign,
};
use super::wrappers::SwapScriptCommon;

use crate::network::{BitcoinChain, BitcoinClient};
use crate::util::fees::{create_tx_with_fee, Fee};

pub(crate) fn find_utxo(tx: &Transaction, script_pubkey: &Script) -> Option<(OutPoint, TxOut)> {
    for (vout, output) in tx.clone().output.into_iter().enumerate() {
        if output.script_pubkey == *script_pubkey {
            let outpoint = OutPoint::new(tx.compute_txid(), vout as u32);
            return Some((outpoint, output));
        }
    }
    None
}

/// Bitcoin v2 swap script helper.
// TODO: This should encode the network at global level.
#[derive(Debug, PartialEq, Clone)]
pub struct BtcSwapScript {
    pub swap_type: SwapType,
    // pub swap_id: String,
    pub side: Option<Side>,
    pub funding_addrs: Option<Address>, // we should not store this as a field, since we have a method
    // if we are using it just to recognize regtest, we should consider another strategy
    pub hashlock: hash160::Hash,
    pub receiver_pubkey: PublicKey,
    pub locktime: LockTime,
    pub sender_pubkey: PublicKey,
}

impl BtcSwapScript {
    /// Create the struct for a submarine swap from boltz create swap response.
    pub fn submarine_from_swap_resp(
        create_swap_response: &CreateSubmarineResponse,
        our_pubkey: PublicKey,
    ) -> Result<Self, Error> {
        let claim_script = ScriptBuf::from_hex(&create_swap_response.swap_tree.claim_leaf.output)?;
        let refund_script =
            ScriptBuf::from_hex(&create_swap_response.swap_tree.refund_leaf.output)?;

        let claim_instructions = claim_script.instructions();
        let refund_instructions = refund_script.instructions();

        let mut last_op = OP_0;
        let mut hashlock = None;
        let mut timelock = None;

        for instruction in claim_instructions {
            match instruction {
                Ok(Instruction::PushBytes(bytes)) => {
                    if bytes.len() == 20 {
                        hashlock = Some(hash160::Hash::from_slice(bytes.as_bytes())?);
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        for instruction in refund_instructions {
            match instruction {
                Ok(Instruction::Op(opcode)) => last_op = opcode,
                Ok(Instruction::PushBytes(bytes)) => {
                    if last_op == OP_CHECKSIGVERIFY {
                        timelock = Some(LockTime::from_consensus(bytes_to_u32_little_endian(
                            bytes.as_bytes(),
                        )));
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        let hashlock =
            hashlock.ok_or_else(|| Error::Protocol("No hashlock provided".to_string()))?;

        let timelock =
            timelock.ok_or_else(|| Error::Protocol("No timelock provided".to_string()))?;

        let funding_addrs = Address::from_str(&create_swap_response.address)?.assume_checked();

        Ok(BtcSwapScript {
            swap_type: SwapType::Submarine,
            // swap_id: create_swap_response.id.clone(),
            side: None,
            funding_addrs: Some(funding_addrs),
            hashlock,
            receiver_pubkey: create_swap_response.claim_public_key,
            locktime: timelock,
            sender_pubkey: our_pubkey,
        })
    }

    pub fn musig_keyagg_cache(&self) -> musig::KeyAggCache {
        match (self.swap_type, self.side.clone()) {
            (SwapType::ReverseSubmarine, _) | (SwapType::Chain, Some(Side::Claim)) => {
                let pubkeys = [self.sender_pubkey.inner, self.receiver_pubkey.inner];
                let [a, b] = convert_pubkeys_for_musig(&pubkeys);
                musig::KeyAggCache::new(&[&a, &b])
            }

            (SwapType::Submarine, _) | (SwapType::Chain, _) => {
                let pubkeys = [self.receiver_pubkey.inner, self.sender_pubkey.inner];
                let [a, b] = convert_pubkeys_for_musig(&pubkeys);
                musig::KeyAggCache::new(&[&a, &b])
            }
        }
    }

    /// Create the struct for a reverse swap from a boltz create response.
    pub fn reverse_from_swap_resp(
        reverse_response: &CreateReverseResponse,
        our_pubkey: PublicKey,
    ) -> Result<Self, Error> {
        let claim_script = ScriptBuf::from_hex(&reverse_response.swap_tree.claim_leaf.output)?;
        let refund_script = ScriptBuf::from_hex(&reverse_response.swap_tree.refund_leaf.output)?;

        let claim_instructions = claim_script.instructions();
        let refund_instructions = refund_script.instructions();

        let mut last_op = OP_0;
        let mut hashlock = None;
        let mut timelock = None;

        for instruction in claim_instructions {
            match instruction {
                Ok(Instruction::PushBytes(bytes)) => {
                    if bytes.len() == 20 {
                        hashlock = Some(hash160::Hash::from_slice(bytes.as_bytes())?);
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        for instruction in refund_instructions {
            match instruction {
                Ok(Instruction::Op(opcode)) => last_op = opcode,
                Ok(Instruction::PushBytes(bytes)) => {
                    if last_op == OP_CHECKSIGVERIFY {
                        timelock = Some(LockTime::from_consensus(bytes_to_u32_little_endian(
                            bytes.as_bytes(),
                        )));
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        let hashlock =
            hashlock.ok_or_else(|| Error::Protocol("No hashlock provided".to_string()))?;

        let timelock =
            timelock.ok_or_else(|| Error::Protocol("No timelock provided".to_string()))?;

        let funding_addrs = Address::from_str(&reverse_response.lockup_address)?.assume_checked();

        Ok(BtcSwapScript {
            swap_type: SwapType::ReverseSubmarine,
            // swap_id: reverse_response.id.clone(),
            side: None,
            funding_addrs: Some(funding_addrs),
            hashlock,
            receiver_pubkey: our_pubkey,
            locktime: timelock,
            sender_pubkey: reverse_response.refund_public_key,
        })
    }

    /// Create the struct for a chain swap from a boltz create response.
    pub fn chain_from_swap_resp(
        side: Side,
        chain_swap_details: ChainSwapDetails,
        our_pubkey: PublicKey,
    ) -> Result<Self, Error> {
        let claim_script = ScriptBuf::from_hex(&chain_swap_details.swap_tree.claim_leaf.output)?;
        let refund_script = ScriptBuf::from_hex(&chain_swap_details.swap_tree.refund_leaf.output)?;

        let claim_instructions = claim_script.instructions();
        let refund_instructions = refund_script.instructions();

        let mut last_op = OP_0;
        let mut hashlock = None;
        let mut timelock = None;

        for instruction in claim_instructions {
            match instruction {
                Ok(Instruction::PushBytes(bytes)) => {
                    if bytes.len() == 20 {
                        hashlock = Some(hash160::Hash::from_slice(bytes.as_bytes())?);
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        for instruction in refund_instructions {
            match instruction {
                Ok(Instruction::Op(opcode)) => last_op = opcode,
                Ok(Instruction::PushBytes(bytes)) => {
                    if last_op == OP_CHECKSIGVERIFY {
                        timelock = Some(LockTime::from_consensus(bytes_to_u32_little_endian(
                            bytes.as_bytes(),
                        )));
                    } else {
                        continue;
                    }
                }
                _ => continue,
            }
        }

        let hashlock =
            hashlock.ok_or_else(|| Error::Protocol("No hashlock provided".to_string()))?;

        let timelock =
            timelock.ok_or_else(|| Error::Protocol("No timelock provided".to_string()))?;

        let funding_addrs = Address::from_str(&chain_swap_details.lockup_address)?.assume_checked();

        let (sender_pubkey, receiver_pubkey) = match side {
            Side::Lockup => (our_pubkey, chain_swap_details.server_public_key),
            Side::Claim => (chain_swap_details.server_public_key, our_pubkey),
        };

        Ok(BtcSwapScript {
            swap_type: SwapType::Chain,
            // swap_id: reverse_response.id.clone(),
            side: Some(side),
            funding_addrs: Some(funding_addrs),
            hashlock,
            receiver_pubkey,
            locktime: timelock,
            sender_pubkey,
        })
    }

    fn claim_script(&self) -> ScriptBuf {
        match self.swap_type {
            SwapType::Submarine => Builder::new()
                .push_opcode(OP_HASH160)
                .push_slice(self.hashlock.to_byte_array())
                .push_opcode(OP_EQUALVERIFY)
                .push_x_only_key(&self.receiver_pubkey.inner.x_only_public_key().0)
                .push_opcode(OP_CHECKSIG)
                .into_script(),

            SwapType::ReverseSubmarine | SwapType::Chain => Builder::new()
                .push_opcode(OP_SIZE)
                .push_int(32)
                .push_opcode(OP_EQUALVERIFY)
                .push_opcode(OP_HASH160)
                .push_slice(self.hashlock.to_byte_array())
                .push_opcode(OP_EQUALVERIFY)
                .push_x_only_key(&self.receiver_pubkey.inner.x_only_public_key().0)
                .push_opcode(OP_CHECKSIG)
                .into_script(),
        }
    }

    fn refund_script(&self) -> ScriptBuf {
        // Refund scripts are same for all swap types
        Builder::new()
            .push_x_only_key(&self.sender_pubkey.inner.x_only_public_key().0)
            .push_opcode(OP_CHECKSIGVERIFY)
            .push_lock_time(self.locktime)
            .push_opcode(OP_CLTV)
            .into_script()
    }

    /// Internally used to convert struct into a bitcoin::Script type
    fn taproot_spendinfo(&self) -> Result<TaprootSpendInfo, Error> {
        let secp = Secp256k1::new();

        // Setup Key Aggregation cache
        // let pubkeys = [self.receiver_pubkey.inner, self.sender_pubkey.inner];

        let key_agg_cache = self.musig_keyagg_cache();

        // Construct the Taproot
        let internal_key = key_agg_cache.agg_pk();

        let taproot_builder = TaprootBuilder::new();

        let taproot_builder =
            taproot_builder.add_leaf_with_ver(1, self.claim_script(), LeafVersion::TapScript)?;
        let taproot_builder =
            taproot_builder.add_leaf_with_ver(1, self.refund_script(), LeafVersion::TapScript)?;

        let taproot_spend_info =
            match taproot_builder.finalize(&secp, convert_xonly_key(internal_key)) {
                Ok(r) => r,
                Err(e) => {
                    return Err(Error::Taproot(format!(
                        "Could not finalize taproot constructions: {e:?}"
                    )))
                }
            };

        // Verify taproot construction, only if we have funding address previously known.
        // Which will be None only for regtest integration tests, so verification will be skipped for them.
        if let Some(funding_address) = &self.funding_addrs {
            let claim_key = taproot_spend_info.output_key();

            let lockup_spk = funding_address.script_pubkey();

            let pubkey_instruction = lockup_spk
                .instructions()
                .last()
                .ok_or(Error::Protocol(
                    "Script should contain at least one instruction".to_string(),
                ))?
                .map_err(|_| Error::Protocol("Failed to parse script instruction".to_string()))?;

            let lockup_xonly_pubkey_bytes = pubkey_instruction.push_bytes().ok_or(
                Error::Protocol("Expected push bytes instruction for pubkey".to_string()),
            )?;

            let lockup_xonly_pubkey =
                XOnlyPublicKey::from_slice(lockup_xonly_pubkey_bytes.as_bytes())?;

            if lockup_xonly_pubkey != claim_key.to_x_only_public_key() {
                return Err(Error::Protocol(format!(
                    "Taproot construction Failed. Lockup Pubkey: {lockup_xonly_pubkey}, Claim Pubkey {claim_key}"
                )));
            }

            log::info!("Taproot creation and verification success!");
        }

        Ok(taproot_spend_info)
    }

    /// Get taproot address for the swap script.
    pub fn to_address(&self, network: BitcoinChain) -> Result<Address, Error> {
        let spend_info = self.taproot_spendinfo()?;
        let output_key = spend_info.output_key();

        let network = match network {
            BitcoinChain::Bitcoin => Network::Bitcoin,
            BitcoinChain::BitcoinRegtest => Network::Regtest,
            BitcoinChain::BitcoinTestnet => Network::Testnet,
        };

        Ok(Address::p2tr_tweaked(output_key, network))
    }

    pub fn validate_address(&self, chain: BitcoinChain, address: String) -> Result<(), Error> {
        let to_address = self.to_address(chain)?;
        if to_address.to_string() == address {
            Ok(())
        } else {
            Err(Error::Protocol("Script/LockupAddress Mismatch".to_string()))
        }
    }

    /// Get the balance of the script
    pub async fn get_balance<BC: BitcoinClient + ?Sized>(
        &self,
        bitcoin_client: &BC,
    ) -> Result<(u64, i64), Error> {
        bitcoin_client
            .get_address_balance(&self.to_address(bitcoin_client.network())?)
            .await
    }

    /// Fetch (utxo,amount) pairs for all utxos of the script_pubkey of this swap.
    pub async fn fetch_utxos<BC: BitcoinClient + ?Sized>(
        &self,
        bitcoin_client: &BC,
    ) -> Result<Vec<(OutPoint, TxOut)>, Error> {
        bitcoin_client
            .get_address_utxos(&self.to_address(bitcoin_client.network())?)
            .await
    }

    pub(crate) async fn fetch_swap_utxo<BC: BitcoinClient + ?Sized>(
        &self,
        lockup_tx: Option<&Transaction>,
        bitcoin_client: &BC,
        boltz_client: &BoltzApiClientV2,
        swap_id: &str,
        tx_kind: SwapTxKind,
    ) -> Result<(OutPoint, TxOut), Error> {
        let outpoint = match lockup_tx {
            Some(tx) => self.find_utxo(tx, bitcoin_client.network()),
            None => match self.fetch_utxos(bitcoin_client).await {
                Ok(v) => Ok(v.first().cloned()),
                Err(_) => {
                    self.fetch_lockup_utxo_boltz(
                        bitcoin_client.network(),
                        boltz_client,
                        swap_id,
                        tx_kind,
                    )
                    .await
                }
            },
        }?;

        outpoint.ok_or(Error::Protocol(
            "No Bitcoin UTXO detected for this script".to_string(),
        ))
    }

    pub(crate) fn find_utxo(
        &self,
        tx: &Transaction,
        network: BitcoinChain,
    ) -> Result<Option<(OutPoint, TxOut)>, Error> {
        let address = self.to_address(network)?;
        Ok(find_utxo(tx, &address.script_pubkey()))
    }

    /// Fetch utxo for script from BoltzApi
    pub async fn fetch_lockup_utxo_boltz(
        &self,
        network: BitcoinChain,
        boltz_client: &BoltzApiClientV2,
        swap_id: &str,
        tx_kind: SwapTxKind,
    ) -> Result<Option<(OutPoint, TxOut)>, Error> {
        let hex = match self.swap_type {
            SwapType::Chain => match tx_kind {
                SwapTxKind::Claim => {
                    let chain_txs = boltz_client.get_chain_txs(swap_id).await?;
                    chain_txs
                        .server_lock
                        .ok_or(Error::Protocol(
                            "No server_lock transaction for Chain Swap available".to_string(),
                        ))?
                        .transaction
                        .hex
                }
                SwapTxKind::Refund => {
                    let chain_txs = boltz_client.get_chain_txs(swap_id).await?;
                    chain_txs
                        .user_lock
                        .ok_or(Error::Protocol(
                            "No user_lock transaction for Chain Swap available".to_string(),
                        ))?
                        .transaction
                        .hex
                }
            },
            SwapType::ReverseSubmarine => boltz_client.get_reverse_tx(swap_id).await?.hex,
            SwapType::Submarine => boltz_client.get_submarine_tx(swap_id).await?.hex,
        };
        if hex.is_none() {
            return Err(Error::Hex(
                "No transaction hex found in boltz response".to_string(),
            ));
        }
        let tx: Transaction = deserialize(&hex::decode(hex.unwrap())?)?;
        self.find_utxo(&tx, network)
    }
}

pub fn bytes_to_u32_little_endian(bytes: &[u8]) -> u32 {
    let mut result = 0u32;
    for (i, &byte) in bytes.iter().enumerate() {
        result |= (byte as u32) << (8 * i);
    }
    result
}

/// A structure representing either a Claim or a Refund Tx.
/// This Tx spends from the HTLC.
#[derive(Debug, Clone)]
pub struct BtcSwapTx {
    pub kind: SwapTxKind, // These fields needs to be public to do manual creation in IT.
    pub swap_script: BtcSwapScript,
    pub output_address: Address,
    /// All utxos for the script_pubkey of this swap, at this point in time:
    /// - the initial lockup utxo, if not yet spent (claimed or refunded)
    /// - any further utxos, if not yet spent
    pub utxos: Vec<(OutPoint, TxOut)>,
}

impl BtcSwapTx {
    /// Craft a new ClaimTx. Only works for Reverse and Chain Swaps.
    /// Returns None, if the HTLC utxo doesn't exist for the swap.
    pub async fn new_claim<BC: BitcoinClient + ?Sized>(
        swap_script: BtcSwapScript,
        claim_address: String,
        bitcoin_client: &BC,
        boltz_client: &BoltzApiClientV2,
        swap_id: String,
    ) -> Result<BtcSwapTx, Error> {
        let utxo = swap_script
            .fetch_swap_utxo(
                None,
                bitcoin_client,
                boltz_client,
                &swap_id,
                SwapTxKind::Claim,
            )
            .await?;
        Self::new_claim_with_utxo(swap_script, claim_address, bitcoin_client, utxo)
    }

    pub(crate) fn new_claim_with_utxo<BC: BitcoinClient + ?Sized>(
        swap_script: BtcSwapScript,
        claim_address: String,
        bitcoin_client: &BC,
        utxo: (OutPoint, TxOut),
    ) -> Result<BtcSwapTx, Error> {
        if swap_script.swap_type == SwapType::Submarine {
            return Err(Error::Protocol(
                "Claim transactions cannot be constructed for Submarine swaps.".to_string(),
            ));
        }

        let address = Address::from_str(&claim_address)?;

        address.is_valid_for_network(bitcoin_client.network().into());

        Ok(BtcSwapTx {
            kind: SwapTxKind::Claim,
            swap_script,
            output_address: address.assume_checked(),
            utxos: vec![utxo], // When claiming, we only consider the first utxo
        })
    }

    /// Construct a RefundTX corresponding to the swap_script. Only works for Submarine and Chain Swaps.
    /// Returns None, if the HTLC UTXO for the swap doesn't exist in blockhcian.
    pub async fn new_refund<BC: BitcoinClient + ?Sized>(
        swap_script: BtcSwapScript,
        refund_address: &str,
        bitcoin_client: &BC,
        boltz_client: &BoltzApiClientV2,
        swap_id: String,
    ) -> Result<BtcSwapTx, Error> {
        if swap_script.swap_type == SwapType::ReverseSubmarine {
            return Err(Error::Protocol(
                "Refund Txs cannot be constructed for Reverse Submarine Swaps.".to_string(),
            ));
        }

        let address = Address::from_str(refund_address)?;
        if !address.is_valid_for_network(bitcoin_client.network().into()) {
            return Err(Error::Address("Address validation failed".to_string()));
        };

        let utxos = match swap_script.fetch_utxos(bitcoin_client).await {
            Ok(r) => r,
            Err(_) => {
                let lockup_utxo_info = swap_script
                    .fetch_lockup_utxo_boltz(
                        bitcoin_client.network(),
                        boltz_client,
                        &swap_id,
                        SwapTxKind::Refund,
                    )
                    .await?;

                match lockup_utxo_info {
                    Some(r) => vec![r],
                    None => vec![],
                }
            }
        };

        match utxos.is_empty() {
            true => Err(Error::Protocol(
                "No Bitcoin UTXO detected for this script".to_string(),
            )),
            false => Ok(BtcSwapTx {
                kind: SwapTxKind::Refund,
                swap_script,
                output_address: address.assume_checked(),
                utxos,
            }),
        }
    }

    /// Compute the Musig partial signature.
    /// This is used to cooperatively settle a Submarine or Chain Swap.
    pub fn partial_sign(
        &self,
        keys: &Keypair,
        pub_nonce: &str,
        transaction_hash: &str,
    ) -> Result<(musig::PartialSignature, musig::PublicNonce), Error> {
        self.swap_script
            .partial_sign(keys, pub_nonce, transaction_hash)
    }

    /// Sign a claim transaction.
    /// Errors if called on a Submarine Swap or Refund Tx.
    /// If the claim is cooperative, provide the other party's partial sigs.
    /// If this is None, transaction will be claimed via taproot script path.
    pub async fn sign_claim(
        &self,
        keys: &Keypair,
        preimage: &Preimage,
        fee: Fee,
        is_cooperative: Option<Cooperative<'_>>,
    ) -> Result<Transaction, Error> {
        if self.swap_script.swap_type == SwapType::Submarine {
            return Err(Error::Protocol(
                "Claim Tx signing is not applicable for Submarine Swaps".to_string(),
            ));
        }

        if self.kind == SwapTxKind::Refund {
            return Err(Error::Protocol(
                "Cannot sign claim with refund-type BtcSwapTx".to_string(),
            ));
        }

        if self.utxos.is_empty() {
            return Err(Error::Protocol(
                "No Bitcoin UTXO available for claim transaction".to_string(),
            ));
        }

        let mut claim_tx = create_tx_with_fee(
            fee,
            |fee| self.create_claim(keys, preimage, fee, is_cooperative.is_some()),
            |tx| tx.vsize(),
        )?;

        // If it's a cooperative claim, compute the Musig2 Aggregate Signature and use Keypath spending
        if let Some(Cooperative {
            boltz_api,
            swap_id,
            signature,
        }) = is_cooperative
        {
            let secp = Secp256k1::new();

            // Start the Musig session
            // Step 1: Get the sighash
            let claim_tx_taproot_hash = SighashCache::new(claim_tx.clone())
                .taproot_key_spend_signature_hash(
                    0,
                    &Prevouts::All(&[&self.utxos.first().unwrap().1]),
                    bitcoin::TapSighashType::Default,
                )?;

            let msg = *claim_tx_taproot_hash.as_byte_array();

            // Step 2: Get the Public and Secret nonces
            let mut key_agg_cache = self.swap_script.musig_keyagg_cache();

            let tweak = Scalar::from_be_bytes(
                *self
                    .swap_script
                    .taproot_spendinfo()?
                    .tap_tweak()
                    .as_byte_array(),
            )?;

            let _ = key_agg_cache.pubkey_xonly_tweak_add(&tweak)?;

            let session_secret_rand =
                musig::SessionSecretRand::assume_unique_per_nonce_gen(rng_32b());

            let mut extra_rand = [0u8; 32];
            OsRng.fill_bytes(&mut extra_rand);

            let (claim_sec_nonce, claim_pub_nonce) = key_agg_cache.nonce_gen(
                session_secret_rand,
                convert_public_key(keys.public_key()),
                &msg,
                Some(extra_rand),
            );

            // Step 7: Get boltz's partial sig
            let claim_tx_hex = claim_tx.serialize().to_lower_hex_string();
            let partial_sig_resp = match self.swap_script.swap_type {
                SwapType::Chain => {
                    boltz_api
                        .post_chain_claim_tx_details(
                            &swap_id,
                            preimage,
                            signature,
                            ToSign {
                                pub_nonce: claim_pub_nonce.serialize().to_lower_hex_string(),
                                transaction: claim_tx_hex,
                                index: 0,
                            },
                        )
                        .await
                }
                SwapType::ReverseSubmarine => {
                    boltz_api
                        .get_reverse_partial_sig(
                            &swap_id,
                            preimage,
                            &claim_pub_nonce,
                            &claim_tx_hex,
                        )
                        .await
                }
                _ => Err(Error::Protocol(format!(
                    "Cannot get partial sig for {:?} Swap",
                    self.swap_script.swap_type
                ))),
            }?;

            let boltz_public_nonce = musig::PublicNonce::from_str(&partial_sig_resp.pub_nonce)?;

            let boltz_partial_sig =
                musig::PartialSignature::from_str(&partial_sig_resp.partial_signature)?;

            // Aggregate Our's and Other's Nonce and start the Musig session.
            let agg_nonce = musig::AggregatedNonce::new(&[&boltz_public_nonce, &claim_pub_nonce]);

            let musig_session = musig::Session::new(&key_agg_cache, agg_nonce, &msg);

            // Verify the Boltz's sig.
            let boltz_partial_sig_verify = musig_session.partial_verify(
                &key_agg_cache,
                &boltz_partial_sig,
                &boltz_public_nonce,
                convert_public_key(self.swap_script.sender_pubkey.inner),
            );

            if !boltz_partial_sig_verify {
                return Err(Error::Protocol(
                    "Invalid partial-sig received from Boltz".to_string(),
                ));
            }

            let our_partial_sig =
                musig_session.partial_sign(claim_sec_nonce, &convert_keypair(keys), &key_agg_cache);

            let schnorr_sig = musig_session
                .partial_sig_agg(&[&boltz_partial_sig, &our_partial_sig])
                .assume_valid();

            let final_schnorr_sig = Signature {
                signature: convert_schnorr_signature(schnorr_sig),
                sighash_type: TapSighashType::Default,
            };

            let output_key = self.swap_script.taproot_spendinfo()?.output_key();

            secp.verify_schnorr(
                &final_schnorr_sig.signature,
                &bitcoin::secp256k1::Message::from_digest_slice(&msg)?,
                &output_key.to_x_only_public_key(),
            )?;

            let mut witness = Witness::new();
            witness.push(final_schnorr_sig.to_vec());

            claim_tx.input[0].witness = witness;
        }

        Ok(claim_tx)
    }

    fn create_claim(
        &self,
        keys: &Keypair,
        preimage: &Preimage,
        absolute_fees: u64,
        is_cooperative: bool,
    ) -> Result<Transaction, Error> {
        if preimage.bytes.is_none() {
            return Err(Error::Protocol(
                "No preimage provided while signing.".to_string(),
            ));
        };

        // For claim, we only consider 1 utxo
        let utxo = self.utxos.first().ok_or(Error::Protocol(
            "No Bitcoin UTXO detected for this script".to_string(),
        ))?;

        let txin = TxIn {
            previous_output: utxo.0,
            sequence: Sequence::ENABLE_RBF_NO_LOCKTIME,
            script_sig: ScriptBuf::new(),
            witness: Witness::new(),
        };

        let destination_spk = self.output_address.script_pubkey();

        let output_value = utxo
            .1
            .value
            .checked_sub(Amount::from_sat(absolute_fees))
            .ok_or(Error::Protocol(format!(
                "Claim output value {} is less than fees {}",
                utxo.1.value, absolute_fees
            )))?;

        let txout = TxOut {
            script_pubkey: destination_spk,
            value: output_value,
        };

        let mut claim_tx = Transaction {
            version: Version::TWO,
            lock_time: LockTime::ZERO,
            input: vec![txin],
            output: vec![txout],
        };

        if is_cooperative {
            claim_tx.input[0].witness = Self::stubbed_cooperative_witness();
        } else {
            let secp = Secp256k1::new();

            // If Non-Cooperative claim use the Script Path spending
            claim_tx.input[0].sequence = Sequence::ZERO;

            let leaf_hash =
                TapLeafHash::from_script(&self.swap_script.claim_script(), LeafVersion::TapScript);

            let sighash = SighashCache::new(claim_tx.clone()).taproot_script_spend_signature_hash(
                0,
                &Prevouts::All(&[&utxo.1]),
                leaf_hash,
                TapSighashType::Default,
            )?;

            let msg = Message::from_digest_slice(sighash.as_byte_array())?;

            let signature = secp.sign_schnorr(&msg, keys);

            let final_sig = Signature {
                signature,
                sighash_type: TapSighashType::Default,
            };

            let control_block = self
                .swap_script
                .taproot_spendinfo()?
                .control_block(&(self.swap_script.claim_script(), LeafVersion::TapScript))
                .ok_or(Error::Taproot(
                    "Control block calculation failed".to_string(),
                ))?;

            let mut witness = Witness::new();

            witness.push(final_sig.to_vec());
            witness.push(preimage.bytes.ok_or(Error::Protocol(
                "Preimage bytes not available - cannot claim without actual preimage".to_string(),
            ))?);
            witness.push(self.swap_script.claim_script().as_bytes());
            witness.push(control_block.serialize());

            claim_tx.input[0].witness = witness;
        }

        Ok(claim_tx)
    }

    /// Sign a refund transaction.
    /// Errors if called for a Reverse Swap.
    pub async fn sign_refund(
        &self,
        keys: &Keypair,
        fee: Fee,
        is_cooperative: Option<Cooperative<'_>>,
    ) -> Result<Transaction, Error> {
        if self.swap_script.swap_type == SwapType::ReverseSubmarine {
            return Err(Error::Protocol(
                "Refund Tx signing is not applicable for Reverse Submarine Swaps".to_string(),
            ));
        }

        if self.kind == SwapTxKind::Claim {
            return Err(Error::Protocol(
                "Cannot sign refund with a claim-type BtcSwapTx".to_string(),
            ));
        }

        let mut refund_tx = create_tx_with_fee(
            fee,
            |fee| self.create_refund(keys, fee, is_cooperative.is_some()),
            |tx| tx.vsize(),
        )?;

        if let Some(Cooperative {
            boltz_api, swap_id, ..
        }) = is_cooperative
        {
            let secp = Secp256k1::new();

            // Start the Musig session
            refund_tx.lock_time = LockTime::ZERO; // No locktime for cooperative spend

            for input_index in 0..refund_tx.input.len() {
                // Step 1: Get the sighash
                let tx_outs: Vec<&TxOut> = self.utxos.iter().map(|(_, out)| out).collect();
                let refund_tx_taproot_hash = SighashCache::new(refund_tx.clone())
                    .taproot_key_spend_signature_hash(
                        input_index,
                        &Prevouts::All(&tx_outs),
                        bitcoin::TapSighashType::Default,
                    )?;

                let msg = *refund_tx_taproot_hash.as_byte_array();

                // Step 2: Get the Public and Secret nonces
                let mut key_agg_cache = self.swap_script.musig_keyagg_cache();

                let tweak = Scalar::from_be_bytes(
                    *self
                        .swap_script
                        .taproot_spendinfo()?
                        .tap_tweak()
                        .as_byte_array(),
                )?;

                let _ = key_agg_cache.pubkey_xonly_tweak_add(&tweak)?;

                let session_secret_rand =
                    musig::SessionSecretRand::assume_unique_per_nonce_gen(rng_32b());

                let mut extra_rand = [0u8; 32];
                OsRng.fill_bytes(&mut extra_rand);

                let (sec_nonce, pub_nonce) = key_agg_cache.nonce_gen(
                    session_secret_rand,
                    convert_public_key(keys.public_key()),
                    &msg,
                    Some(extra_rand),
                );

                // Step 7: Get boltz's partial sig
                let refund_tx_hex = refund_tx.serialize().to_lower_hex_string();
                let partial_sig_resp = match self.swap_script.swap_type {
                    SwapType::Chain => {
                        boltz_api
                            .get_chain_partial_sig(
                                &swap_id,
                                input_index,
                                &pub_nonce,
                                &refund_tx_hex,
                            )
                            .await
                    }
                    SwapType::Submarine => {
                        boltz_api
                            .get_submarine_partial_sig(
                                &swap_id,
                                input_index,
                                &pub_nonce,
                                &refund_tx_hex,
                            )
                            .await
                    }
                    _ => Err(Error::Protocol(format!(
                        "Cannot get partial sig for {:?} Swap",
                        self.swap_script.swap_type
                    ))),
                }?;

                let boltz_public_nonce = musig::PublicNonce::from_str(&partial_sig_resp.pub_nonce)?;

                let boltz_partial_sig =
                    musig::PartialSignature::from_str(&partial_sig_resp.partial_signature)?;

                // Aggregate Our's and Other's Nonce and start the Musig session.
                let agg_nonce = musig::AggregatedNonce::new(&[&boltz_public_nonce, &pub_nonce]);

                let musig_session = musig::Session::new(&key_agg_cache, agg_nonce, &msg);

                // Verify the Boltz's sig.
                let boltz_partial_sig_verify = musig_session.partial_verify(
                    &key_agg_cache,
                    &boltz_partial_sig,
                    &boltz_public_nonce,
                    convert_public_key(self.swap_script.receiver_pubkey.inner), //boltz key
                );

                if !boltz_partial_sig_verify {
                    return Err(Error::Protocol(
                        "Invalid partial-sig received from Boltz".to_string(),
                    ));
                }

                let our_partial_sig =
                    musig_session.partial_sign(sec_nonce, &convert_keypair(keys), &key_agg_cache);

                let schnorr_sig = musig_session
                    .partial_sig_agg(&[&boltz_partial_sig, &our_partial_sig])
                    .assume_valid();

                let final_schnorr_sig = Signature {
                    signature: convert_schnorr_signature(schnorr_sig),
                    sighash_type: TapSighashType::Default,
                };

                let output_key = self.swap_script.taproot_spendinfo()?.output_key();

                secp.verify_schnorr(
                    &final_schnorr_sig.signature,
                    &bitcoin::secp256k1::Message::from_digest_slice(&msg)?,
                    &output_key.to_x_only_public_key(),
                )?;

                let mut witness = Witness::new();
                witness.push(final_schnorr_sig.to_vec());
                refund_tx.input[input_index].witness = witness;
            }
        }

        Ok(refund_tx)
    }

    fn create_refund(
        &self,
        keys: &Keypair,
        absolute_fees: u64,
        is_cooperative: bool,
    ) -> Result<Transaction, Error> {
        let utxos_amount = self
            .utxos
            .iter()
            .fold(Amount::ZERO, |acc, (_, txo)| acc + txo.value);
        let absolute_fees_amount = Amount::from_sat(absolute_fees);
        let output_amount =
            utxos_amount
                .checked_sub(absolute_fees_amount)
                .ok_or(Error::Protocol(format!(
                    "Refund output value {utxos_amount} is less than fees {absolute_fees_amount}"
                )))?;
        let output: TxOut = TxOut {
            script_pubkey: self.output_address.script_pubkey(),
            value: output_amount,
        };

        let unsigned_inputs = self
            .utxos
            .iter()
            .map(|(outpoint, _txo)| TxIn {
                previous_output: *outpoint,
                script_sig: ScriptBuf::new(),
                sequence: Sequence::MAX,
                witness: Witness::new(),
            })
            .collect();

        let lock_time = match self
            .swap_script
            .refund_script()
            .instructions()
            .filter_map(|i| {
                let ins = i.ok()?;
                if let Instruction::PushBytes(bytes) = ins {
                    if bytes.len() < 5_usize {
                        Some(LockTime::from_consensus(bytes_to_u32_little_endian(
                            bytes.as_bytes(),
                        )))
                    } else {
                        None
                    }
                } else {
                    None
                }
            })
            .next()
        {
            Some(r) => r,
            None => {
                return Err(Error::Protocol(
                    "Error getting timelock from refund script".to_string(),
                ))
            }
        };

        let mut refund_tx = Transaction {
            version: Version::TWO,
            lock_time,
            input: unsigned_inputs,
            output: vec![output],
        };

        let tx_outs: Vec<&TxOut> = self.utxos.iter().map(|(_, out)| out).collect();

        if is_cooperative {
            for index in 0..refund_tx.input.len() {
                refund_tx.input[index].witness = Self::stubbed_cooperative_witness();
            }
        } else {
            let leaf_hash =
                TapLeafHash::from_script(&self.swap_script.refund_script(), LeafVersion::TapScript);

            let control_block = self
                .swap_script
                .taproot_spendinfo()?
                .control_block(&(
                    self.swap_script.refund_script().clone(),
                    LeafVersion::TapScript,
                ))
                .ok_or(Error::Protocol(
                    "Control block calculation failed".to_string(),
                ))?;

            // Input sequence has to be set for all inputs before signing
            for input_index in 0..refund_tx.input.len() {
                refund_tx.input[input_index].sequence = Sequence::ZERO;
            }

            for input_index in 0..refund_tx.input.len() {
                let sighash = SighashCache::new(refund_tx.clone())
                    .taproot_script_spend_signature_hash(
                        input_index,
                        &Prevouts::All(&tx_outs),
                        leaf_hash,
                        TapSighashType::Default,
                    )?;

                let msg = Message::from_digest_slice(sighash.as_byte_array())?;

                let signature = Secp256k1::new().sign_schnorr(&msg, keys);

                let final_sig = Signature {
                    signature,
                    sighash_type: TapSighashType::Default,
                };

                let mut witness = Witness::new();
                witness.push(final_sig.to_vec());
                witness.push(self.swap_script.refund_script().as_bytes());
                witness.push(control_block.serialize());
                refund_tx.input[input_index].witness = witness;
            }
        }

        Ok(refund_tx)
    }

    fn stubbed_cooperative_witness() -> Witness {
        let mut witness = Witness::new();
        // Stub because we don't want to create cooperative signatures here
        // but still be able to have an accurate size estimation
        witness.push([0; 64]);
        witness
    }

    /// Calculate the size of a transaction.
    /// Use this before calling drain to help calculate the absolute fees.
    /// Multiply the size by the fee_rate to get the absolute fees.
    pub fn size(&self, keys: &Keypair, is_cooperative: bool) -> Result<usize, Error> {
        let dummy_abs_fee = 1;
        let tx = match self.kind {
            SwapTxKind::Claim => {
                let preimage = Preimage::from_vec([0; 32].to_vec())?;
                self.create_claim(keys, &preimage, dummy_abs_fee, is_cooperative)?
            }
            SwapTxKind::Refund => self.create_refund(keys, dummy_abs_fee, is_cooperative)?,
        };
        Ok(tx.vsize())
    }

    /// Broadcast transaction to the network.
    pub async fn broadcast<BC: BitcoinClient + ?Sized>(
        &self,
        signed_tx: &Transaction,
        bitcoin_client: &BC,
    ) -> Result<Txid, Error> {
        bitcoin_client.broadcast_tx(signed_tx).await
    }
}

impl SwapScriptCommon for BtcSwapScript {
    fn swap_type(&self) -> SwapType {
        self.swap_type
    }

    /// Compute the Musig partial signature.
    /// This is used to cooperatively settle a Submarine or Chain Swap.
    fn partial_sign(
        &self,
        keys: &Keypair,
        pub_nonce: &str,
        transaction_hash: &str,
    ) -> Result<(musig::PartialSignature, musig::PublicNonce), Error> {
        // Step 1: Start with a Musig KeyAgg Cache

        let mut key_agg_cache = self.musig_keyagg_cache();

        let tweak = Scalar::from_be_bytes(*self.taproot_spendinfo()?.tap_tweak().as_byte_array())?;

        let _ = key_agg_cache.pubkey_xonly_tweak_add(&tweak)?;

        let session_secret_rand = musig::SessionSecretRand::assume_unique_per_nonce_gen(rng_32b());

        let msg = hex_to_bytes32(transaction_hash)?;

        // Step 4: Start the Musig2 Signing session
        let mut extra_rand = [0u8; 32];
        OsRng.fill_bytes(&mut extra_rand);

        let (gen_sec_nonce, gen_pub_nonce) = key_agg_cache.nonce_gen(
            session_secret_rand,
            convert_public_key(keys.public_key()),
            &msg,
            Some(extra_rand),
        );

        let boltz_nonce = musig::PublicNonce::from_str(pub_nonce)?;

        let agg_nonce = musig::AggregatedNonce::new(&[&boltz_nonce, &gen_pub_nonce]);

        let musig_session = musig::Session::new(&key_agg_cache, agg_nonce, &msg);

        let partial_sig =
            musig_session.partial_sign(gen_sec_nonce, &convert_keypair(keys), &key_agg_cache);

        Ok((partial_sig, gen_pub_nonce))
    }
}

fn convert_pubkeys_for_musig(
    pubkeys: &[bitcoin::secp256k1::PublicKey; 2],
) -> [secp256k1_musig::PublicKey; 2] {
    [
        convert_public_key(pubkeys[0]),
        convert_public_key(pubkeys[1]),
    ]
}

fn convert_xonly_key(key: secp256k1_musig::XOnlyPublicKey) -> bitcoin::XOnlyPublicKey {
    bitcoin::XOnlyPublicKey::from_slice(&key.serialize()[..]).expect("xonly key size matches")
}

fn convert_public_key(key: bitcoin::secp256k1::PublicKey) -> secp256k1_musig::PublicKey {
    secp256k1_musig::PublicKey::from_slice(&key.serialize()[..]).expect("public key size matches")
}

fn convert_keypair(keys: &bitcoin::secp256k1::Keypair) -> secp256k1_musig::Keypair {
    secp256k1_musig::Keypair::from_seckey_byte_array(keys.secret_bytes())
        .expect("keypair size matches")
}

fn convert_schnorr_signature(
    schnorr_sig: secp256k1_musig::schnorr::Signature,
) -> bitcoin::secp256k1::schnorr::Signature {
    bitcoin::secp256k1::schnorr::Signature::from_slice(schnorr_sig.as_byte_array())
        .expect("signature size matches")
}