Summary

This is the first version for the p2tr payment. It is not complete, but it covers most of the functionality. I'm opening this PR for others to test, review and provide feedback. Main changes listed below:

New payment type: P2TR

It follows the same approach as the other payments (p2wsh, p2pkh, ...)

• the PaymentOpts object takes an extra field: eccLib?: TinySecp256k1Interface
  • this field is required for P2TR (but not for the other payment types)
  • eccLib is required for the tweak operations. The ECC logic has been extracted out of this lib.
• examples of how to use P2TR can be found in the unit tests and integration tests (see tests section)

Payment interface

The Payment interface has 3 new fields:

• internalPubkey - the internal key as defined by BIP341.
• scriptTree - a Merkle tree whose leaves consist of a version number and a script (see BIP341)
• redeemVersion - the version of the leaf being spent (if the script-path spend is used). Default value: 0xc0

Some Payment fields have taproot specific meaning:

• pubkey - the tweaked internalPubkey as defined in BIP341

  • is computed as P + hash(P||m)G for a public key P, and the root m of the Merkle tree

• hash - the hash of the root of the Merkle scriptTree. Empty if not scriptTree is used.
• signature - a Schnorr signature, if key-path spent is used. Empty otherwise.
• redeem.output - the leaf script, for script-path spends

Taproot Helpers

• taproot related logic has been extracted to ts_src/payment/taprootutils.ts
• in the future it might be moved to a bip341 module. See https://github.com/bitcoinjs/bitcoinjs-lib/issues/1780

Address

• add stricter rules for Taproot (data size 32 and public key valid x-only coordinate)
• from|toOutputScript takes in an optional eccLib. If missing, then it skips the p2tr matching falls down to the final Error

PSBT

• it can now add Taproot inputs and outputs
• for the key-path spend the signer has to be tweaked (it does not perform the tweak internally)
• for the script-path spend a custom finalizer (FinalScriptsFunc) is required when a Taproot input is finalized. See test/psbt.utils.ts for such an example
• PsbtOptsOptional has a new field eccLib?: TinySecp256k1Interface;. eccLib is required if the PSBT instance uses taproot ins/outs
• the Signer interface has a new method: signSchnorr?(hash: Buffer): Buffer;. This method is required if a Taproot UTXO is being spent.

Tests

• unit test data
  • p2tr.json: data generated using the bitcoin test framework test/functional/wallet_taproot.py
  • BIP341 test cases: Test vectors for scriptPubKey construction recommended here by Pieter Wuille
• integration tests (test/integration/taproot.spec.ts)
• script-path spend on testnet (code sample and transaction links)

Further Comments

Note for reviewers: all .js files are generated, only the .ts files require review

I wanted to use this OmniLayer protocol, but have found no examples in the whole internet. I think it would be good to include such examples in the tests.

Here's a small snippet: https://gist.github.com/caffeinum/f64a51ce55d5ac9075bb2f5f2f439c0d

Just a bike shed for ~~3.0.0~~ 4.0.0, if its necessary, and the currently open PRs:

https://github.com/bitcoinjs/bitcoinjs-lib/pull/459 - Extraction of DER encoding https://github.com/bitcoinjs/bitcoinjs-lib/pull/456 - Remove message module (bitcoinjs-message) https://github.com/bitcoinjs/bitcoinjs-lib/pull/440 - Var naming conventions https://github.com/bitcoinjs/bitcoinjs-lib/pull/350 - secp256k1 https://github.com/bitcoinjs/bitcoinjs-lib/pull/428 - Altcoin support

@jprichardson I was also thinking about TransactionBuilder, and what it represents.

It is basically a convenience wrapper around Transaction (the primitive) that makes everyone's life easier when building complex transactions, but, to be honest, it could easily be extracted from the core library.

Thoughts? In general, I'm thinking we work on making this library primarily all the primitives for bitcoin operations such that other libraries can easily compose using them. I'd like to see other crypto primitives like merkle trees, bloom filters and rolling bloom filters in the ecosystem too.

The only thing missing from bitcoinjs-lib to support BIP49 is the network type designator. This simple change allows the HD wallet to support BIP49 YPUB's (or testnet UPUB's). This allows for the import of pure segwit HD wallets.

See also: https://github.com/bitcoin/bips/blob/master/bip-0049.mediawiki

Understanding that BIP49 is draft, you may reject this change, but I've made this change for a project and figured submitting a PR would be an appropriate offer to allow you to implement this simple functionality.

I am trying to build a raw transaction that will send funds from a 2 of 3 multisig address to an output address. While the below code works, it does not include the redeem script anywhere in the raw transaction. Sites like coinb.in when creating a raw transaction include it and can tell that 2 of 3 signatures are needed, but using the below code it is not seen as a 2 of 3 multisig needing 2 signature. While this isnt a big issue by itself, it also causes some clients like coinb.in to not actually sign the transaction again.

Basically I am not sure how I can include the redeem script in the raw transaction that gets created, any help is appreciated.

        const bitcoin = require('bitcoinjs-lib');
        const tx = new bitcoin.TransactionBuilder();
        tx.addInput('INPUT HERE AS STRING', 0);
        tx.addOutput('OUTPUT ADDRESS HERE', 0.01);
        const tx2 = tx.buildIncomplete();
        console.log(tx2.toHex());

WORK IN PROGRESS

getting shit to work before making it pretty; almost done with getting shit to work!

depends on: https://github.com/bitcoinjs/bitcoinjs-lib/pull/540

first time spending a p2wpkh (6a539927494f3d6f07078dd1c70a28e0c4910662593072305529eaa66257f59d) and p2wpkh as p2sh (4704de796b8ea819f262eb3399fad85b838327497639da2ceafbd04a08a06be3) with bitcoinjs-lib :D

ToDo

• [x] Output script creation for P2WPKH
• [x] Output script creation for P2WSH
• [x] Transaction encoding / decode
• [x] SignatureHash v2
• [x] Transaction signing of P2WPKH
• [x] Transaction signing of P2WPKH as P2SH
• [x] Transaction signing of P2WSH
• [x] toBuffer should be able to return both segwit and non-segwit TX
  • [x] fix getTxId using the segwit TX atm
• [x] BIP142 addresses for P2WPKH
• [ ] Add value arg to addInput and use it in TransactionBuilder.sign instead of value arg there?
• [x] Refactoring of changes made so far
• [ ] More tests
  • [x] Add tests for mix of non witness and witness (already manually tested and works)
  • [ ] Integration tests (and an API to already run them against segnet)
  • [x] Check bitcoin core projects for any vectors that we can copy
• [ ] Review and discuss changes for BIP142 addresses
• [ ] Review and discuss changes to TransactionBuilder.sign
• [ ] Review and discuss changes to TransactionBuilder.extractInput / script.classifyInput
• [ ] Cache hashPrevouts, hashSequence and hashOutputs for all signatures in a transaction (since that was one of the main reasons for changing the signatureHash xD)

Usage

Signing Native P2WPKH

transactionBuilder.sign(0, keyPair, null, null, /* segWit = */ true, /* txIn.value = */ parseInt(0.9998 * 1e8)))

Signing P2WPKH nested in P2SH

var pubKeyHash = bcrypto.hash160(keyPair.getPublicKeyBuffer())
var redeemScript = bscript.segWitPubKeyHashOutput(pubKeyHash)

transactionBuilder.sign(0, keyPair, redeemScript, null, /* segWit = */ true, /* txIn.value = */ parseInt(0.9998 * 1e8)))

References

• BIP141 (general segwit) https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki
• BIP142 (segwit address) https://github.com/bitcoin/bips/blob/master/bip-0142.mediawiki
• BIP143 (signature verification with new signature hash) https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki
• BIP144 (peer services) https://github.com/bitcoin/bips/blob/master/bip-0144.mediawiki
• Staging branch https://github.com/sipa/bitcoin/tree/segwit

Previously I remember the install instructions for browserify contained something like browserify bitcoinjs-lib -s bitcoin > bitcoinjs.js to build a standalone version of bitcoinjs.

Nowadays the instructions contain instructions to create an index.js with a myFunction which does one particular thing (creating a random private key, in this case) and then exports that function.

How do I just export everything, i.e. create the entire bitcoinjs lib that I can include in a .html file just like before?

Perhaps a stupid question, in that case my apologies, but other than bitcoinjs I never used browserify for anything else and I'm not quite sure how this works.

Hi,

I encountered a problem, I'm trying to spend a transaction from a multisig 2-3 address.

It's pretty weird, because it doesn't work when signing the input with bitcoinjs, but there is no problem when signing manually trough bitcoind.

var bitcoin = require('bitcoinjs-lib');

var rawTransaction = '01000000014c80a5129d03d0ebe28c2626fb2b35962c438f548ff399cc85b462109338550b0100000000ffffffff0210270000000000001976a914d356d4d8079f8556be4c8102ecf00cc63344e75488ac307500000000000017a9145010eb90f22f4865766e969fc5e07c1e2445f81a8700000000';
var redeemScriptHex = '522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53ae';
var privKeys = [
    'KwLPiuHXJGkuyMJkjybUH8M2nQ9A64FYXMtT9RFJLxgtT5wZBAey',
    'KxjVtJZscdLZ1GZR8cHhhDo8bXMmQNjST3f4FW2AVhCFS7h4k8q2'
].map(function(wif) { return bitcoin.ECKey.fromWIF(wif) });

// Recover transaction from raw_transaction
var tx  = bitcoin.Transaction.fromHex(rawTransaction);

// Build it into Transaction Builder
var txb = bitcoin.TransactionBuilder.fromTransaction(tx);

txb.sign(0, privKeys[0], bitcoin.Script.fromHex(redeemScriptHex));
txb.sign(0, privKeys[1], bitcoin.Script.fromHex(redeemScriptHex));

console.log(txb.build().toHex());
// => 01000000014c80a5129d03d0ebe28c2626fb2b35962c438f548ff399cc85b462109338550b01000000fdfd00004830450221008a56762640196d092c897116232d230a14fa72f017a6ee98bd65001237a2e5f1022024ac1279838bf297c80c3a47de75d2277835e43ad6696068c734497bb59a61a901473044022070d4173c23d3cdacc18d6c30cf984b3651de12a9c99a1d5ae3af645aa2a0fd5a02201fff50654f80b9b88062d92d4132cbd6ce70dea65ca30198959744feeda984f4014c69522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53aeffffffff0210270000000000001976a914d356d4d8079f8556be4c8102ecf00cc63344e75488ac307500000000000017a9145010eb90f22f4865766e969fc5e07c1e2445f81a8700000000

Then, I try to send the raw transaction through bitcoind, I've got "64: non-canonical (code -26)".

But when I try to sign manually with bitcoind :

signrawtransaction 01000000014c80a5129d03d0ebe28c2626fb2b35962c438f548ff399cc85b462109338550b0100000000ffffffff0210270000000000001976a914d356d4d8079f8556be4c8102ecf00cc63344e75488ac307500000000000017a9145010eb90f22f4865766e969fc5e07c1e2445f81a8700000000 '[{"txid":"0b5538931062b485cc99f38f548f432c96352bfb26268ce2ebd0039d12a5804c","vout":1,"redeemScript":"522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53ae","scriptPubKey":"a914d84ffa293e48acb6f8d3be488eb0c6898a3d465887"}]' '["KwLPiuHXJGkuyMJkjybUH8M2nQ9A64FYXMtT9RFJLxgtT5wZBAey"]'

then

signrawtransaction 01000000014c80a5129d03d0ebe28c2626fb2b35962c438f548ff399cc85b462109338550b01000000b500483045022100bb11d0ec4ed0507a3888110fba30ccfe6348d22d8ea95f4c9df50f156531f34c022027c722cecd7390b6f9b65f9d8142e35c738c977ffef4197cea862f4a2e52752d014c69522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53aeffffffff0210270000000000001976a914d356d4d8079f8556be4c8102ecf00cc63344e75488ac307500000000000017a9145010eb90f22f4865766e969fc5e07c1e2445f81a8700000000 '[{"txid":"0b5538931062b485cc99f38f548f432c96352bfb26268ce2ebd0039d12a5804c","vout":1,"redeemScript":"522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53ae","scriptPubKey":"a914d84ffa293e48acb6f8d3be488eb0c6898a3d465887"}]' '["KxjVtJZscdLZ1GZR8cHhhDo8bXMmQNjST3f4FW2AVhCFS7h4k8q2"]'

# => 01000000014c80a5129d03d0ebe28c2626fb2b35962c438f548ff399cc85b462109338550b01000000fdfd0000473044022049f3ab459f56f04c110e9c513862446c50b79edaf6b9eda8dc593686a3591e4e022006235cc8ef671a9e25660e65102965ca4c23919f089f7eec5ceb5b2a22e77ec101483045022100bb11d0ec4ed0507a3888110fba30ccfe6348d22d8ea95f4c9df50f156531f34c022027c722cecd7390b6f9b65f9d8142e35c738c977ffef4197cea862f4a2e52752d014c69522102a6074afbed684715760e4eebe9878fea1ea3862828e687674a841d7e03db07c7210253468fb6d90c4d9bf6d02dde920dc7cfa214b3103fc0f59b7c52a4163df6bbaf210210ec8ae465d9d6a686a8718e9051b581277ee05889fc7776a2925a111c7fc77f53aeffffffff0210270000000000001976a914d356d4d8079f8556be4c8102ecf00cc63344e75488ac307500000000000017a9145010eb90f22f4865766e969fc5e07c1e2445f81a8700000000

And send it via bitcoind, it just works. Did I miss something?

Thanks.

Continuation of the discussion in #228.

There seems to be a collective of users that don't want to go down the browserify path, and instead prefer the all-in-1 bundle approach (for better or worse).

This pull request would provide the latter.

On the surface, this is a terrible decision in avoiding future problems where we do intend to change the underlying BigInteger implementation, and remove CryptoJS as a dependency completely. Its a step backwards in re-usable software, but its a massive convenience to those who just want to plug and play with bitcoin in Javascript.

Thoughts? Can we somehow have both? Maybe a separate repository that bundles all this together that we can point them at?

Alternative to #826, with thanks to @junderw.

Avoids making Bitcoin Cash the default hashType, and exposes the functionality once the transaction_builder has been set to allow it. Adds a test case for P2PKH ALL|FORKID.

• TransactionBuilder.enableBitcoinCash(setting)
• Transaction.hashForCashSignature

Opening this so it's visible and people can use if needed, see #826 for discussions

Do you guys have any plans to merge the bitcoin cash support into the main branch? Currently, anybody trying to support both Segwit and BCH signing needs to require two separate library versions.

performance optimisation: loop through TAGS and calculating hash prefixes on library require takes some time. instead calculate it on-demand when taggedHash is called.

I tried to create a payment in bitcoin with Psbt class and then after reading some issues on this repository I figured out a way to make things work. But then I recognized something unusual... Some of my UTXO's wont work properly on gave me Error.

I got my UTXO's from https://api.blockcypher.com/v1/btc/test3/addrs/myuBm5iiUBYqrCRbw6N2dNEtVE9znJk7bM/full?unspentOnly=true&includeHex=true API and tried to send a satoshi to a p2wpkh address.

here is how I did it:

// Creating all types of address to check
const keyPair = ECPair.fromWIF(req.body.private_key, NETWORK);

const p2wpkh = bitcoin.payments.p2wpkh({ pubkey: keyPair.publicKey, network: NETWORK });
const p2pkh = bitcoin.payments.p2pkh({ pubkey: keyPair.publicKey, network: NETWORK });
const p2sh = bitcoin.payments.p2sh({ redeem: p2wpkh, network: NETWORK });

let totalUnspents = 0;

const txb = new bitcoin.Psbt({ network: NETWORK })

txb.setVersion(2)
// Specify the receiver and amount
txb.addOutput({
   address: req.body.receiver,
   value: Math.abs(Number(req.body.amount))
})


// Adding Inputs
for (let i = 0; i < unspents.length; i++) {
    // Get Total Balance From Unspents
    for (let j = 0; j < unspents[i]['outputs'].length; j++) {
        if (unspents[i]['outputs'][j]['addresses'].includes(p2wpkh.address) ||
            unspents[i]['outputs'][j]['addresses'].includes(p2sh.address) ||
            unspents[i]['outputs'][j]['addresses'].includes(p2pkh.address)
        ) {
            totalUnspents += unspents[i]['outputs'][j]['value']
        }
    }

    // Addding Inputs
    txb.addInput({
        hash: unspents[i]['hash'],
        index: unspents[i]['inputs'][0]['output_index'],
        nonWitnessUtxo: Buffer.from(unspents[i]['hex'], "hex"), // Raw Transaction
        sequence: unspents[i]['inputs'][0]['sequence'],
    });
}

// Specify Return Address to get back unspent amount
txb.addOutput({
   address: p2wpkh.address,
   value: totalUnspents - Math.abs(Number(req.body.amount))
})

// Signing inputs
for (let i = 0; i < unspents.length; i++) {
    txb.signInput(i, keyPair)
}

// Finalize
txb.finalizeAllInputs()
const signedTx = txb.extractTransaction()

I got the below error in Signing inputs section:

Error: Can not sign for this input with the key 02955438d222cefd0d427172a55993ef280a4734b75e8831f9f2b68b10b09ed767

Can you guys figure-out what is the problem here? Why it can't sign the inputs?

PS: Here is my temporary wallet information and it is on testnet only to demonstrate the problem :

private key:  30cae98351e9f9ecf021b8f5dc9f4fed768dce5d4568c6a3de413e64b3644c0e
public key:  02955438d222cefd0d427172a55993ef280a4734b75e8831f9f2b68b10b09ed767
wallet address:  tb1qexn20aupkzz3ty9wtdmkga2n3t4n8s5rlg8wne
address hash:  c9a6a7f781b0851590ae5b776475538aeb33c283
p2pkh address:  myuBm5iiUBYqrCRbw6N2dNEtVE9znJk7bM

Provided data to adding Inputs

{
  hash: '01b08ea1049613410c30dfb35c19cacd52c8cfd0c502027bd923b0aa6d977e80',
  index: 1,
  nonWitnessUtxo: '020000000001017f69fe2b79778461108241beae6e76c04d5c28df15051ed2e89864b99a13111b0100000000feffffff02a8340000000000001976a914c9a6a7f781b0851590ae5b776475538aeb33c28388ac8d315f0a000000001976a914474410e6a3f485a04f90e2032e81609dc625c88688ac0247304402206c65e47a78770437d14196ffa840acadf89379705ca49b8ad174f345334ad0070220282024e105bd8feaae61ecaf2d6d870b219a700000a31988bbf9673a559638e9012103a9a0881f181035441cbbb3f0605e6bde8d44e7c265ab4903388420e5e517598c8bd22400',
  sequence: 4294967294
}

Here is the Actual Error I got:

macbook@MACBOOKs-MacBook-Pro btc_service % npm run build

[email protected] build (tsc||true)

node_modules/bitcoinjs-lib/src/crypto.d.ts:7:50 - error TS1005: ']' expected.

7 declare const TAGS: readonly ["BIP0340/challenge", "BIP0340/aux", "BIP0340/nonce", "TapLeaf", "TapBranch", "TapSighash", "TapTweak", "KeyAgg list", "KeyAgg coefficient"]; ~

node_modules/bitcoinjs-lib/src/crypto.d.ts:7:52 - error TS1134: Variable declaration expected.

7 declare const TAGS: readonly ["BIP0340/challenge", "BIP0340/aux", "BIP0340/nonce", "TapLeaf", "TapBranch", "TapSighash", "TapTweak", "KeyAgg list", "KeyAgg coefficient"]; ~~~~~~~~~~~~~

node_modules/bitcoinjs-lib/src/crypto.d.ts:7:169 - error TS1005: ';' expected.

7 declare const TAGS: readonly ["BIP0340/challenge", "BIP0340/aux", "BIP0340/nonce", "TapLeaf", "TapBranch", "TapSighash", "TapTweak", "KeyAgg list", "KeyAgg coefficient"]; ~

tsconfig.json:17:7 - error TS5023: Unknown compiler option 'noUncheckedIndexedAccess'.

17 "noUncheckedIndexedAccess": false ~~~~~~~~~~~~~~~~~~~~~~~~~~

Found 4 errors.

Since Buffer is a subclass of Uint8Array, is there any plans to migrate the library to use them to have native support in browsers without polyfills? https://nodejs.dev/en/api/v18/buffer/

Hi.

I have a unit test running a generic script that has been working flawlessly. But some days ago I made some changes and got into trouble so I undid the changes.

But now the unit tests fails around 50% of the times. Every time I create new bitcoin addresses, the script, etc.

The script has a multisignature with its public keys sorted as in the test code.

What can cause random failures with error Signature must be zero for failed CHECK(MULTI)SIG operation?

Thanks.