Javascript Taproot Address Generator for Browser

cfbtcman

member

Activity: 264

Merit: 16

Quote from: pooya87 on August 27, 2023, 01:45:08 AM

Quote from: cfbtcman on August 26, 2023, 09:39:29 AM

I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?

If we use the second method of creating the Taproot address (explained here) then no we can't know the public key that was used, we only see the "tweaked" public key.

Quote from: cfbtcman on August 26, 2023, 09:47:39 AM

What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?

ChatGPT is not suitable to answer anything technical. A simple Google search would give you better results in most cases.
In this case you are correct, by having the Tweaked pubkey alone we can not reverse it to get the original pubkey because the last step is adding two pubkeys which is not reversible (pub_tweak = pub + (t * G)).

Thank you very much for your time on this, you really help me to go in the right direction,

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: cfbtcman on August 26, 2023, 09:39:29 AM

I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?

If we use the second method of creating the Taproot address (explained here) then no we can't know the public key that was used, we only see the "tweaked" public key.

Quote from: cfbtcman on August 26, 2023, 09:47:39 AM

What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?

ChatGPT is not suitable to answer anything technical. A simple Google search would give you better results in most cases.
In this case you are correct, by having the Tweaked pubkey alone we can not reverse it to get the original pubkey because the last step is adding two pubkeys which is not reversible (pub_tweak = pub + (t * G)).

cfbtcman

member

Activity: 264

Merit: 16

Some words of ChatGPT about the subject:

According to the web search results, it is possible to revert a tweaked Taproot address to the x-only public key, but it requires some knowledge of elliptic curve cryptography and the Taproot protocol. Here is a brief explanation of how to do it:

• A Taproot address is derived from a tweaked public key Q, which is the result of adding an internal public key P and a tweak value T. The tweak value T is the hash of the x-only public key P and an optional script path c. The formula is: Q = P + T, where T = H (P|c)G and G is the generator point of the secp256k1 curve.

• To revert a tweaked Taproot address to the x-only public key, you need to subtract the tweak value T from the tweaked public key Q. The formula is: P = Q - T, where T = H (P|c)G.

• However, you cannot directly compute T from Q, because you do not know P or c. You need to guess or obtain these values from some other source, such as the owner of the address or a transaction that spends from it.

• If you know or guess c, you can compute T by hashing P and c and multiplying by G. Then you can subtract T from Q and get P. The formula is: P = Q - H (P|c)G.

What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?

For my first interpretation I think tweaked taproot addresses really keep our public key private, but there is a lot of info on internet and even ChatGPT says the opposite, so, this post can help to clear the doubts for newbies like me.

Can the "legendary" guys comment it?

cfbtcman

member

Activity: 264

Merit: 16

Quote

All Taproot addresses are always encoding a 32 byte data called the "witness program" that is always an x-only public key whether it is a single pubkey address like I explained above or if it is using the script spending route with a TapScript.
To put simply there no longer is hashing involved like P2PKH, P2WPKH, etc addresses.

I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?

For many guys it seem it is not important to hide the public key, but for Satoshi it was important, so, I keep on Satoshi line, Taproot addresses YES, but need to be possible to hide the public key, if not, no thanks.

Ok, they can be used for hot wallets and many applications but never for cold wallets, it's the first protection against a possible future attack.

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: cfbtcman on August 24, 2023, 10:12:45 AM

I have another doubt in the hands, after google and ChatGPt the doubt subsist, is there any hashed Taproot address that protects the public key identity until 1st transaction be done as in Legacy and Segwit addresses or every Taproot address simple or with tweak never protect the public key identity ?

All Taproot addresses are always encoding a 32 byte data called the "witness program" that is always an x-only public key whether it is a single pubkey address like I explained above or if it is using the script spending route with a TapScript.
To put simply there no longer is hashing involved like P2PKH, P2WPKH, etc addresses.

Quote from: witcher_sense on August 25, 2023, 11:58:22 PM

Quote from: cfbtcman on August 25, 2023, 05:09:58 PM

Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?

Here is a NodeJS implementation of both bech32 and bech32m: https://github.com/sipa/bech32/tree/master/ref/javascript
You can test it with the following test vectors: https://github.com/bitcoin/bips/blob/master/bip-0341/wallet-test-vectors.json

An older version of the script can be installed with npm: https://www.npmjs.com/package/bech32

That's only the encoding part though. It doesn't have the code to Tweak public keys to create the address.

witcher_sense

legendary

Activity: 2310

Merit: 4313

🔐BitcoinMessage.Tools🔑

Quote from: cfbtcman on August 25, 2023, 05:09:58 PM

Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?

Here is a NodeJS implementation of both bech32 and bech32m: https://github.com/sipa/bech32/tree/master/ref/javascript
You can test it with the following test vectors: https://github.com/bitcoin/bips/blob/master/bip-0341/wallet-test-vectors.json

An older version of the script can be installed with npm: https://www.npmjs.com/package/bech32

cfbtcman

member

Activity: 264

Merit: 16

Testnet or mainnet, 1st we need the code and we can look to a script that somebody have and learn step by step.

Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?

albert0bsd

hero member

Activity: 828

Merit: 657

Quote from: cfbtcman on August 25, 2023, 01:01:07 PM

I know, but testnet for itself dont teach us how to generate Taproot addresses with our own code.

I don't buy it, the main difference between mainnet and testnet is that Testnet addresses have different byte prefix. So if you manage to do a code to generate a taproot address in testnet you only need to change the prefix to generate it on mainnet.

Testnet can indeed be a valuable tool for learning how to generate Taproot addresses with your own code. Testnet is valuable for us as developers to experiment and test our code without using real funds.

Please don't burn satoshis on mainnet.

By the way I support you to learn to do it by yourself, that kind as self learning is good.

Regards.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: albert0bsd on August 25, 2023, 11:03:24 AM

Quote from: cfbtcman on July 30, 2023, 10:43:39 PM

.... because when tested some of them with some satoshis I just lost the access to them.

There is something called Testnet where you can learn and practice, if there are some error you will not lose anything because Testnet coins are worthless.

I know, but testnet for itself dont teach us how to generate Taproot addresses with our own code.

albert0bsd

hero member

Activity: 828

Merit: 657

Quote from: cfbtcman on July 30, 2023, 10:43:39 PM

.... because when tested some of them with some satoshis I just lost the access to them.

There is something called Testnet where you can learn and practice, if there are some error you will not lose anything because Testnet coins are worthless.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: pooya87 on August 01, 2023, 01:32:52 AM

Quote from: cfbtcman on July 31, 2023, 04:54:33 PM

~
Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.

What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !

That does not matter for address generation because your x value does not change when negating a public key meaning P(x,y) = -P(x,y) = P(x,-y) and we only use the x coordinate in the address.
Even y coordinate is something you should check and take some extra steps when signing and verifying ECSDSA signatures.

I have another doubt in the hands, after google and ChatGPt the doubt subsist, is there any hashed Taproot address that protects the public key identity until 1st transaction be done as in Legacy and Segwit addresses or every Taproot address simple or with tweak never protect the public key identity ?

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: cfbtcman on July 28, 2023, 03:34:37 PM

I'm trying to make bitcoin not only for nerds.

One example of a bitcoin JS library terms and conditions of use, that is already used by many that don't understand it:

"Be aware: this library is Apache licensed. By using it, you agree with the terms of that license.
In particular pay attention to section 7 and 8, which assert there is NO WARRANTY that this library is safe to use or bug free, and in fact that by using this code you accept that none of the contributors shall be liable for any damages or monetary loss that results from your use of their code, even if due to bugs in that code. In short, according to the license the library is distributed under, there are no situations in which you could sue any of the developers (it's as if you wrote the entire library yourself). If you can't handle that, don't use this library."

The bitcoin slogan is: "Don't trust, verify!"

All that license text is saying is:

- This library is licensed under the Apache License https://www.apache.org/licenses/LICENSE-2.0
- and that you cant sue developers for bugs (your standard "no liability" and "no warranty" sections).

cfbtcman

member

Activity: 264

Merit: 16

Quote from: bitmover on July 28, 2023, 04:51:13 PM

Quote from: cfbtcman on July 28, 2023, 02:26:44 AM

Hi,

I'd like to know if there is ppl that would like to help to develop a Javascript Taproot Address Generator for Browser.

I have been working on that since some time and the idea is to make the simplest address generator possible in a standalone file, without using complicated libraries full of code that makes any guy just want to trust and not verify.

The lines of code contained in popular libraries are complex and very extensive. But there is a reason for that.

They aren't complex to make you confused when verifying. They are complex because they are tested, secure, efficient and accurate.

You shouldn't spend your time reinventing the wheel. This is not how new techs evolve.

By doing what those professional libraries do in your own way, you will probably create an insecure and inefficient software.

For learning purposes you are making a nice initiative. But only for that.

Look how they are tested, secure, efficient and accurate:

https://cointelegraph.com/news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-funds-slow-mist

That is what I have being trying to explain, we can always do it better if we study it enough, we need one simple, auditable official core APP just to generate addresses, not a core with gigas and gigas and using CSPNG's.

cfbtcman

member

Activity: 264

Merit: 16

Understood !

Thanks again for the help, I'll keep my job.

Sorry, I have 0 merit points to give you, we need to ask admins to change merit points for LN Satoshis and anyone could send it as much as he wants.

Forum could win a fee too, it would be awesome.

pooya87

legendary

Activity: 3430

Merit: 10505

Quote from: cfbtcman on July 31, 2023, 04:54:33 PM

~
Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.

What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !

That does not matter for address generation because your x value does not change when negating a public key meaning P(x,y) = -P(x,y) = P(x,-y) and we only use the x coordinate in the address.
Even y coordinate is something you should check and take some extra steps when signing and verifying ECSDSA signatures.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: pooya87 on July 30, 2023, 01:19:28 AM

If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:

Quote from: cfbtcman on July 28, 2023, 02:37:29 AM

From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9

Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:

Code:

bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash

Code:

t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)

and tweak key

Code:

pub_tweak = pub + (t * G).

and computing the address using the tweaked pubkey

Code:

bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.

Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.

What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !

cfbtcman

member

Activity: 264

Merit: 16

Quote from: bitmover on July 30, 2023, 05:36:33 PM

Quote from: cfbtcman on July 28, 2023, 08:56:29 PM

Even the wheel continues to evolve in practice.

But you should evolve from where people left, not from zero.

When I started to learn how to code I was also resistant to use libraries. Later on I understood that a programmer who ignores them is making a worse software.

Libraries are code written by specialists. You cannot be a specialist in everything, so you use code other people wrote.your softwares will be better when you understand the importance of libraries

Sometime you can ignore libraries because you are in a hurry or because you have a limited environment... but when you can you should use them.

Maybe in your project you may not use them. But you should be aware of the limitations you are imposing to your project (specially in security and efficiency)

Quote

Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.

This not happening. And probably will never be done from scratch by ai. Thks is not how ai works.

even AI look at current libraries before trying to write a better code. AI might improve code.

Sometimes the best way of evolve something is start from scratch, one example is quantic computing.

If you go to the bases you can read that almost all ppl is using CSPRNG's to generate the "random" numbers for bitcoin addresses, every CSPRNG is like a casino roulette, there is none perfect and maybe can be exploited someday, nobody need to use a CSPRNG to generate his own addresses.

cfbtcman

member

Activity: 264

Merit: 16

Quote from: pooya87 on July 30, 2023, 01:19:28 AM

If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:

Quote from: cfbtcman on July 28, 2023, 02:37:29 AM

From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9

Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:

Code:

bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash

Code:

t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)

and tweak key

Code:

pub_tweak = pub + (t * G).

and computing the address using the tweaked pubkey

Code:

bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.

Thanks for the answer, that helped me a lot.

I had already got the first address with some node.js scripts that I thought they were wrong, because so many different scripts was giving different results and because when tested some of them with some satoshis I just lost the access to them.

About doing it on browser or nodejs is probably one of the best ways to teach how the things work, because the facility, fame and for does not need to be compiled fits perfectly.

About security everything can be put on check, even a node or hardware wallet.

Bitcoin will be attacked by all sides, there is a hacker/scam community growing everyday pointing to bitcoin/crypto, they will use methods that today we don't even imagine.

Each wallet generated should have a security level matching the quantity of money it have, if I was CZ from Binance, for sure I would have generated it with pen and paper.

To do something like that we need to know the algorithm and test it before in some environment, so Javascript Engine, because the facility, fame and for does not need to be compiled fits perfectly.

I'll focus on the code for the first example and try to understand it, thanks again for the help.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: cfbtcman on July 28, 2023, 08:56:29 PM

Even the wheel continues to evolve in practice.

But you should evolve from where people left, not from zero.

When I started to learn how to code I was also resistant to use libraries. Later on I understood that a programmer who ignores them is making a worse software.

Libraries are code written by specialists. You cannot be a specialist in everything, so you use code other people wrote.your softwares will be better when you understand the importance of libraries

Sometime you can ignore libraries because you are in a hurry or because you have a limited environment... but when you can you should use them.

Maybe in your project you may not use them. But you should be aware of the limitations you are imposing to your project (specially in security and efficiency)

Quote

Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.

This not happening. And probably will never be done from scratch by ai. Thks is not how ai works.

even AI look at current libraries before trying to write a better code. AI might improve code.

pooya87

legendary

Activity: 3430

Merit: 10505

If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:

Quote from: cfbtcman on July 28, 2023, 02:37:29 AM

From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9

Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:

Code:

bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash

Code:

t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)

and tweak key

Code:

pub_tweak = pub + (t * G).

and computing the address using the tweaked pubkey

Code:

bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.

Topic: Javascript Taproot Address Generator for Browser (Read 300 times)