ark-lib 0.1.3

Primitives for the Ark protocol and bark implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253


pub extern crate bitcoin;

#[macro_use] extern crate serde;
#[macro_use] extern crate lazy_static;

#[macro_use] pub mod util;

pub mod address;
pub mod arkoor;
pub mod attestations;
pub mod board;
pub mod connectors;
pub mod encode;
pub mod error;
pub mod fees;
pub mod forfeit;
pub mod lightning;
pub mod mailbox;
pub mod musig;
pub mod offboard;
pub mod rounds;
pub mod time;
pub mod tree;
pub mod vtxo;
pub mod integration;

pub use crate::address::Address;
pub use crate::encode::{ProtocolEncoding, WriteExt, ReadExt, ProtocolDecodingError};
pub use crate::vtxo::{Vtxo, VtxoId, VtxoPolicy, ServerVtxoPolicy, ServerVtxo};

#[cfg(test)]
mod napkin;
#[cfg(any(test, feature = "test-util"))]
pub mod test_util;


use std::time::Duration;

use bitcoin::{Amount, FeeRate, Network};
use bitcoin::secp256k1::{self, PublicKey};

use bitcoin_ext::BlockDelta;

use crate::fees::FeeSchedule;

lazy_static! {
	/// Global secp context.
	pub static ref SECP: secp256k1::Secp256k1<secp256k1::All> = secp256k1::Secp256k1::new();
}

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ArkInfo {
	/// The bitcoin network the server operates on
	pub network: Network,
	/// The Ark server pubkey
	pub server_pubkey: PublicKey,
	/// The pubkey used for blinding unified mailbox IDs
	pub mailbox_pubkey: PublicKey,
	/// The interval between each round
	pub round_interval: Duration,
	/// Number of nonces per round
	pub nb_round_nonces: usize,
	/// Delta between exit confirmation and coins becoming spendable
	pub vtxo_exit_delta: BlockDelta,
	/// Expiration delta of the VTXO
	pub vtxo_expiry_delta: BlockDelta,
	/// The number of blocks after which an HTLC-send VTXO expires once granted.
	pub htlc_send_expiry_delta: BlockDelta,
	/// The number of blocks to keep between Lightning and Ark HTLCs expiries
	pub htlc_expiry_delta: BlockDelta,
	/// Maximum amount of a VTXO
	pub max_vtxo_amount: Option<Amount>,
	/// The number of confirmations required to register a board vtxo
	pub required_board_confirmations: usize,
	/// Maximum CLTV delta server will allow clients to request an
	/// invoice generation with.
	pub max_user_invoice_cltv_delta: u16,
	/// Minimum amount for a board the server will cosign
	pub min_board_amount: Amount,

	//TODO(stevenroose) move elsewhere eith other temp fields

	/// The feerate for offboards
	pub offboard_feerate: FeeRate,

	/// Indicates whether the Ark server requires clients to either
	/// provide a VTXO ownership proof, or a lightning receive token
	/// when preparing a lightning claim.
	pub ln_receive_anti_dos_required: bool,

	/// Fee schedule for all Ark operations
	pub fees: FeeSchedule,

	/// Maximum exit depth (genesis chain length) allowed for a VTXO.
	/// Once a VTXO's exit depth reaches this value the server will refuse to
	/// cosign further OOR transactions spending it. Clients should refresh
	/// their VTXOs into a round before this limit is reached.
	pub max_vtxo_exit_depth: u16,
}

/// Request for the creation of an vtxo.
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
pub struct VtxoRequest {
	pub amount: Amount,
	#[serde(with = "crate::encode::serde")]
	pub policy: VtxoPolicy,
}

impl AsRef<VtxoRequest> for VtxoRequest {
	fn as_ref(&self) -> &VtxoRequest {
	    self
	}
}

/// Request for the creation of an vtxo in a signed round
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Deserialize, Serialize)]
pub struct SignedVtxoRequest {
	/// The actual VTXO request.
	pub vtxo: VtxoRequest,
	/// The public key used by the client to cosign the transaction tree
	/// The client SHOULD forget this key after signing it
	pub cosign_pubkey: PublicKey,
	/// The public cosign nonces for the cosign pubkey
	pub nonces: Vec<musig::PublicNonce>,
}

impl AsRef<VtxoRequest> for SignedVtxoRequest {
	fn as_ref(&self) -> &VtxoRequest {
	    &self.vtxo
	}
}

pub mod scripts {
	use bitcoin::{opcodes, ScriptBuf, TapSighash, TapTweakHash, Transaction};
	use bitcoin::hashes::{sha256, ripemd160, Hash};
	use bitcoin::secp256k1::{schnorr, PublicKey, XOnlyPublicKey};

	use bitcoin_ext::{BlockDelta, BlockHeight, TAPROOT_KEYSPEND_WEIGHT};

	use crate::musig;

	/// Create a tapscript that is a checksig and a relative timelock.
	pub fn delayed_sign(delay_blocks: BlockDelta, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let csv = bitcoin::Sequence::from_height(delay_blocks);
		bitcoin::Script::builder()
			.push_int(csv.to_consensus_u32() as i64)
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Create a tapscript that is a checksig and an absolute timelock.
	pub fn timelock_sign(timelock_height: BlockHeight, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
		bitcoin::Script::builder()
			.push_int(lt.to_consensus_u32() as i64)
			.push_opcode(opcodes::all::OP_CLTV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Create a tapscript
	pub fn delay_timelock_sign(
		delay_blocks: BlockDelta,
		timelock_height: BlockHeight,
		pubkey: XOnlyPublicKey,
	) -> ScriptBuf {
		let csv = bitcoin::Sequence::from_height(delay_blocks);
		let lt = bitcoin::absolute::LockTime::from_height(timelock_height).unwrap();
		bitcoin::Script::builder()
			.push_int(lt.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CLTV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_int(csv.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Contract that requires revealing the preimage to the given hash
	/// and a signature using the given (aggregate) pubkey
	///
	/// The expected spending script witness is the preimage followed by
	/// the signature.
	pub fn hash_and_sign(hash: sha256::Hash, pubkey: XOnlyPublicKey) -> ScriptBuf {
		let hash_160 = ripemd160::Hash::hash(&hash[..]);

		bitcoin::Script::builder()
			.push_opcode(opcodes::all::OP_HASH160)
			.push_slice(hash_160.as_byte_array())
			.push_opcode(opcodes::all::OP_EQUALVERIFY)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	pub fn hash_delay_sign(
		hash: sha256::Hash,
		delay_blocks: BlockDelta,
		pubkey: XOnlyPublicKey,
	) -> ScriptBuf {
		let hash_160 = ripemd160::Hash::hash(&hash[..]);
		let csv = bitcoin::Sequence::from_height(delay_blocks);

		bitcoin::Script::builder()
			.push_int(csv.to_consensus_u32().try_into().unwrap())
			.push_opcode(opcodes::all::OP_CSV)
			.push_opcode(opcodes::all::OP_DROP)
			.push_opcode(opcodes::all::OP_HASH160)
			.push_slice(hash_160.as_byte_array())
			.push_opcode(opcodes::all::OP_EQUALVERIFY)
			.push_x_only_key(&pubkey)
			.push_opcode(opcodes::all::OP_CHECKSIG)
			.into_script()
	}

	/// Fill in the signatures into the unsigned transaction.
	///
	/// Panics if the nb of inputs and signatures doesn't match or if some input
	/// witnesses are not empty.
	pub fn fill_taproot_sigs(tx: &mut Transaction, sigs: &[schnorr::Signature]) {
		assert_eq!(tx.input.len(), sigs.len());
		for (input, sig) in tx.input.iter_mut().zip(sigs.iter()) {
			assert!(input.witness.is_empty());
			input.witness.push(&sig[..]);
			debug_assert_eq!(TAPROOT_KEYSPEND_WEIGHT, input.witness.size());
		}
	}

	/// Verify a partial signature from either of the two parties cosigning a tx.
	pub fn verify_partial_sig(
		sighash: TapSighash,
		tweak: TapTweakHash,
		signer: (PublicKey, &musig::PublicNonce),
		other: (PublicKey, &musig::PublicNonce),
		partial_signature: &musig::PartialSignature,
	) -> bool {
		let agg_nonce = musig::nonce_agg(&[&signer.1, &other.1]);
		let agg_pk = musig::tweaked_key_agg([signer.0, other.0], tweak.to_byte_array()).0;

		let session = musig::Session::new(&agg_pk, agg_nonce, &sighash.to_byte_array());
		session.partial_verify(
			&agg_pk, partial_signature, signer.1, musig::pubkey_to(signer.0),
		)
	}
}