rustywallet-taproot 0.1.0

Taproot (BIP340/341/342) implementation for Bitcoin wallet development
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208

//! Tagged hashes for BIP340/341
//!
//! Tagged hashes provide domain separation: SHA256(SHA256(tag) || SHA256(tag) || data)

use sha2::{Digest, Sha256};

/// Predefined tag for TapLeaf hash
pub const TAG_TAP_LEAF: &str = "TapLeaf";
/// Predefined tag for TapBranch hash
pub const TAG_TAP_BRANCH: &str = "TapBranch";
/// Predefined tag for TapTweak hash
pub const TAG_TAP_TWEAK: &str = "TapTweak";
/// Predefined tag for TapSighash
pub const TAG_TAP_SIGHASH: &str = "TapSighash";
/// Predefined tag for BIP340 challenge
pub const TAG_BIP340_CHALLENGE: &str = "BIP0340/challenge";
/// Predefined tag for BIP340 aux
pub const TAG_BIP340_AUX: &str = "BIP0340/aux";
/// Predefined tag for BIP340 nonce
pub const TAG_BIP340_NONCE: &str = "BIP0340/nonce";

/// Compute a tagged hash: SHA256(SHA256(tag) || SHA256(tag) || data)
pub fn tagged_hash(tag: &str, data: &[u8]) -> [u8; 32] {
    let tag_hash = Sha256::digest(tag.as_bytes());
    
    let mut hasher = Sha256::new();
    hasher.update(tag_hash);
    hasher.update(tag_hash);
    hasher.update(data);
    
    let result = hasher.finalize();
    let mut output = [0u8; 32];
    output.copy_from_slice(&result);
    output
}

/// TapLeaf hash
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
pub struct TapLeafHash(pub [u8; 32]);

impl TapLeafHash {
    /// Compute TapLeaf hash from leaf version and script
    pub fn from_script(leaf_version: u8, script: &[u8]) -> Self {
        let mut data = Vec::with_capacity(1 + script.len());
        data.push(leaf_version);
        data.extend_from_slice(script);
        Self(tagged_hash(TAG_TAP_LEAF, &data))
    }

    /// Get the inner bytes
    pub fn as_bytes(&self) -> &[u8; 32] {
        &self.0
    }

    /// Convert to byte array
    pub fn to_bytes(self) -> [u8; 32] {
        self.0
    }
}

impl AsRef<[u8]> for TapLeafHash {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

/// TapBranch/TapNode hash
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
pub struct TapNodeHash(pub [u8; 32]);

impl TapNodeHash {
    /// Create from raw bytes
    pub fn from_bytes(bytes: [u8; 32]) -> Self {
        Self(bytes)
    }

    /// Compute TapBranch hash from two child hashes
    /// Children are sorted lexicographically before hashing
    pub fn from_children(left: &TapNodeHash, right: &TapNodeHash) -> Self {
        let mut data = [0u8; 64];
        
        // Sort lexicographically
        if left.0 <= right.0 {
            data[..32].copy_from_slice(&left.0);
            data[32..].copy_from_slice(&right.0);
        } else {
            data[..32].copy_from_slice(&right.0);
            data[32..].copy_from_slice(&left.0);
        }
        
        Self(tagged_hash(TAG_TAP_BRANCH, &data))
    }

    /// Create from a leaf hash
    pub fn from_leaf(leaf: TapLeafHash) -> Self {
        Self(leaf.0)
    }

    /// Get the inner bytes
    pub fn as_bytes(&self) -> &[u8; 32] {
        &self.0
    }

    /// Convert to byte array
    pub fn to_bytes(self) -> [u8; 32] {
        self.0
    }
}

impl AsRef<[u8]> for TapNodeHash {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

impl From<TapLeafHash> for TapNodeHash {
    fn from(leaf: TapLeafHash) -> Self {
        Self(leaf.0)
    }
}

/// TapTweak hash
#[derive(Clone, Copy, PartialEq, Eq, Hash, Debug)]
pub struct TapTweakHash(pub [u8; 32]);

impl TapTweakHash {
    /// Compute TapTweak hash from internal key and merkle root
    pub fn from_key_and_merkle_root(internal_key: &[u8; 32], merkle_root: Option<&TapNodeHash>) -> Self {
        let mut data = Vec::with_capacity(64);
        data.extend_from_slice(internal_key);
        if let Some(root) = merkle_root {
            data.extend_from_slice(&root.0);
        }
        Self(tagged_hash(TAG_TAP_TWEAK, &data))
    }

    /// Get the inner bytes
    pub fn as_bytes(&self) -> &[u8; 32] {
        &self.0
    }

    /// Convert to byte array
    pub fn to_bytes(self) -> [u8; 32] {
        self.0
    }
}

impl AsRef<[u8]> for TapTweakHash {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_tagged_hash() {
        // Test that tagged hash produces consistent results
        let hash1 = tagged_hash("test", b"data");
        let hash2 = tagged_hash("test", b"data");
        assert_eq!(hash1, hash2);

        // Different tags produce different hashes
        let hash3 = tagged_hash("other", b"data");
        assert_ne!(hash1, hash3);

        // Different data produces different hashes
        let hash4 = tagged_hash("test", b"other");
        assert_ne!(hash1, hash4);
    }

    #[test]
    fn test_tap_leaf_hash() {
        let script = vec![0x51]; // OP_1
        let leaf_hash = TapLeafHash::from_script(0xc0, &script);
        
        // Should be deterministic
        let leaf_hash2 = TapLeafHash::from_script(0xc0, &script);
        assert_eq!(leaf_hash, leaf_hash2);
    }

    #[test]
    fn test_tap_branch_hash_ordering() {
        let left = TapNodeHash([0x01; 32]);
        let right = TapNodeHash([0x02; 32]);

        // Order shouldn't matter - children are sorted
        let hash1 = TapNodeHash::from_children(&left, &right);
        let hash2 = TapNodeHash::from_children(&right, &left);
        assert_eq!(hash1, hash2);
    }

    #[test]
    fn test_tap_tweak_hash() {
        let internal_key = [0x02; 32];
        
        // Without merkle root
        let tweak1 = TapTweakHash::from_key_and_merkle_root(&internal_key, None);
        
        // With merkle root
        let merkle_root = TapNodeHash([0x03; 32]);
        let tweak2 = TapTweakHash::from_key_and_merkle_root(&internal_key, Some(&merkle_root));
        
        assert_ne!(tweak1.0, tweak2.0);
    }
}