Author

Topic: Javascript Taproot Address Generator for Browser (Read 348 times)

member
Activity: 264
Merit: 16
I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?
If we use the second method of creating the Taproot address (explained here) then no we can't know the public key that was used, we only see the "tweaked" public key.

What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?
ChatGPT is not suitable to answer anything technical. A simple Google search would give you better results in most cases.
In this case you are correct, by having the Tweaked pubkey alone we can not reverse it to get the original pubkey because the last step is adding two pubkeys which is not reversible (pub_tweak = pub + (t * G)).

Thank you very much for your time on this, you really help me to go in the right direction,
legendary
Activity: 3472
Merit: 10611
I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?
If we use the second method of creating the Taproot address (explained here) then no we can't know the public key that was used, we only see the "tweaked" public key.

What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?
ChatGPT is not suitable to answer anything technical. A simple Google search would give you better results in most cases.
In this case you are correct, by having the Tweaked pubkey alone we can not reverse it to get the original pubkey because the last step is adding two pubkeys which is not reversible (pub_tweak = pub + (t * G)).
member
Activity: 264
Merit: 16
Some words of ChatGPT about the subject:

According to the web search results, it is possible to revert a tweaked Taproot address to the x-only public key, but it requires some knowledge of elliptic curve cryptography and the Taproot protocol. Here is a brief explanation of how to do it:

•  A Taproot address is derived from a tweaked public key Q, which is the result of adding an internal public key P and a tweak value T. The tweak value T is the hash of the x-only public key P and an optional script path c. The formula is: Q = P + T, where T = H (P|c)G and G is the generator point of the secp256k1 curve.

•  To revert a tweaked Taproot address to the x-only public key, you need to subtract the tweak value T from the tweaked public key Q. The formula is: P = Q - T, where T = H (P|c)G.

•  However, you cannot directly compute T from Q, because you do not know P or c. You need to guess or obtain these values from some other source, such as the owner of the address or a transaction that spends from it.

•  If you know or guess c, you can compute T by hashing P and c and multiplying by G. Then you can subtract T from Q and get P. The formula is: P = Q - H (P|c)G.


What I think that is wrong, because if we know "c" we can't compute T by hashing P because we still don't know P, so, how can we use it to hash?

For my first interpretation I think tweaked taproot addresses really keep our public key private, but there is a lot of info on internet and even ChatGPT says the opposite, so, this post can help to clear the doubts for newbies like me.

Can the "legendary" guys comment it?
member
Activity: 264
Merit: 16
Quote
All Taproot addresses are always encoding a 32 byte data called the "witness program" that is always an x-only public key whether it is a single pubkey address like I explained above or if it is using the script spending route with a TapScript.
To put simply there no longer is hashing involved like P2PKH, P2WPKH, etc addresses.

I don't care about if it is P2PKH or something else, the only thing I care about is if our x-only keep private if we use a tweaked bitcoin taproot address or it can be calculated by the address as in normal taproot addresses without tweak?

For many guys it seem it is not important to hide the public key, but for Satoshi it was important, so, I keep on Satoshi line, Taproot addresses YES, but need to be possible to hide the public key, if not, no thanks.

Ok, they can be used for hot wallets and many applications but never for cold wallets, it's the first protection against a possible future attack.
legendary
Activity: 3472
Merit: 10611
I have another doubt in the hands, after google and ChatGPt the doubt subsist, is there any hashed Taproot address that protects the public key identity until 1st transaction be done as in Legacy and Segwit addresses or every Taproot address simple or with tweak never protect the public key identity ?
All Taproot addresses are always encoding a 32 byte data called the "witness program" that is always an x-only public key whether it is a single pubkey address like I explained above or if it is using the script spending route with a TapScript.
To put simply there no longer is hashing involved like P2PKH, P2WPKH, etc addresses.

Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?
Here is a NodeJS implementation of both bech32 and bech32m: https://github.com/sipa/bech32/tree/master/ref/javascript
You can test it with the following test vectors: https://github.com/bitcoin/bips/blob/master/bip-0341/wallet-test-vectors.json

An older version of the script can be installed with npm: https://www.npmjs.com/package/bech32
That's only the encoding part though. It doesn't have the code to Tweak public keys to create the address.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?
Here is a NodeJS implementation of both bech32 and bech32m: https://github.com/sipa/bech32/tree/master/ref/javascript
You can test it with the following test vectors: https://github.com/bitcoin/bips/blob/master/bip-0341/wallet-test-vectors.json

An older version of the script can be installed with npm: https://www.npmjs.com/package/bech32
member
Activity: 264
Merit: 16
Testnet or mainnet, 1st we need the code and we can look to a script that somebody have and learn step by step.

Somebody have a nodejs script working that creates tweaked taproot addresses with "dummy" script that could share here?





hero member
Activity: 862
Merit: 662
I know, but testnet for itself dont teach us how to generate Taproot addresses with our own code.

I don't buy it, the main difference between mainnet and testnet is that Testnet addresses have different byte prefix. So if you manage to do a code to generate a taproot address in testnet you only need to change the prefix to generate it on mainnet.

Testnet can indeed be a valuable tool for learning how to generate Taproot addresses with your own code. Testnet is valuable for us as developers to experiment and test our code without using real funds.

Please don't burn satoshis on mainnet.

By the way I support you to learn to do it by yourself, that kind as self learning is good.

Regards.
member
Activity: 264
Merit: 16
....  because when tested some of them with some satoshis I just lost the access to them.

There is something called Testnet where you can learn and practice, if there are some error you will not lose anything because Testnet coins are worthless.

I know, but testnet for itself dont teach us how to generate Taproot addresses with our own code.

hero member
Activity: 862
Merit: 662
....  because when tested some of them with some satoshis I just lost the access to them.

There is something called Testnet where you can learn and practice, if there are some error you will not lose anything because Testnet coins are worthless.
member
Activity: 264
Merit: 16
~
Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.


What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !
That does not matter for address generation because your x value does not change when negating a public key meaning P(x,y) = -P(x,y) = P(x,-y) and we only use the x coordinate in the address.
Even y coordinate is something you should check and take some extra steps when signing and verifying ECSDSA signatures.

I have another doubt in the hands, after google and ChatGPt the doubt subsist, is there any hashed Taproot address that protects the public key identity until 1st transaction be done as in Legacy and Segwit addresses or every Taproot address simple or with tweak never protect the public key identity ?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I'm trying to make bitcoin not only for nerds.

One example of a bitcoin JS library terms and conditions of use, that is already used by many that don't understand it:

"Be aware: this library is Apache licensed. By using it, you agree with the terms of that license.
In particular pay attention to section 7 and 8, which assert there is NO WARRANTY that this library is safe to use or bug free, and in fact that by using this code you accept that none of the contributors shall be liable for any damages or monetary loss that results from your use of their code, even if due to bugs in that code. In short, according to the license the library is distributed under, there are no situations in which you could sue any of the developers (it's as if you wrote the entire library yourself). If you can't handle that, don't use this library."


The bitcoin slogan is: "Don't trust, verify!"

All that license text is saying is:

- This library is licensed under the Apache License https://www.apache.org/licenses/LICENSE-2.0
- and that you cant sue developers for bugs (your standard "no liability" and "no warranty" sections).
member
Activity: 264
Merit: 16
Hi,

I'd like to know if there is ppl that would like to help to develop a Javascript Taproot Address Generator for Browser.

I have been working on that since some time and the idea is to make the simplest address generator possible in a standalone file, without using complicated libraries full of code that makes any guy just want to trust and not verify.

The lines of code contained in popular libraries are complex and very extensive. But there is a reason for that.

They aren't complex to make you confused when verifying.  They are complex because they are tested,  secure, efficient and accurate.

You shouldn't spend your time reinventing the wheel. This is not how new techs evolve.

By doing what those professional libraries do in your own way, you will probably create an insecure and inefficient software.

For learning purposes you are making a nice initiative.  But only for that.

Look how they are tested, secure, efficient and accurate:

https://cointelegraph.com/news/newly-discovered-bitcoin-wallet-loophole-let-hackers-steal-funds-slow-mist

That is what I have being trying to explain, we can always do it better if we study it enough, we need one simple, auditable official core APP just to generate addresses, not a core with gigas and gigas and using CSPNG's.
member
Activity: 264
Merit: 16
Understood !

Thanks again for the help, I'll keep my job.

Sorry, I have 0 merit points to give you, we need to ask admins to change merit points for LN Satoshis and anyone could send it as much as he wants.

Forum could win a fee too, it would be awesome.

legendary
Activity: 3472
Merit: 10611
~
Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.


What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !
That does not matter for address generation because your x value does not change when negating a public key meaning P(x,y) = -P(x,y) = P(x,-y) and we only use the x coordinate in the address.
Even y coordinate is something you should check and take some extra steps when signing and verifying ECSDSA signatures.
member
Activity: 264
Merit: 16
If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:
From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9
Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:
Code:
bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash
Code:
t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)
and tweak key
Code:
pub_tweak = pub + (t * G).
and computing the address using the tweaked pubkey
Code:
bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.

Hi,

I found this on internet:

To create a P2TR (Pay-to-Taproot) address for a single public key, you need to:

1º Check that the y-coordinate of your public key is even, if not, negate the public key. Taproot requires that the y coordinate of the public key is even.


What is the meaning of this?
In this example I gave you, Y was odd and it worked perfectly!

Can you help ? !
member
Activity: 264
Merit: 16
Even the wheel continues to evolve in practice.

But you should evolve from where people left, not from zero.

When I started to learn how to code I was also resistant to use libraries.  Later on I understood that a programmer who ignores them is making a worse software.

Libraries are code written by specialists. You cannot be a specialist in everything,  so you use code other people wrote.your softwares will be better when you understand the importance of libraries

Sometime you can ignore libraries because you are in a hurry or because you have a limited environment... but when you can you should use them.


Maybe in your project you may not use them. But you should be aware of the limitations you are imposing to your project (specially in security and efficiency)

Quote
Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.

This not happening. And probably will never be done from scratch by ai.  Thks is not how ai works.

even AI look at current libraries before trying to write a better code. AI might improve code.

Sometimes the best way of evolve something is start from scratch, one example is quantic computing.

If you go to the bases you can read that almost all ppl is using CSPRNG's to generate the "random" numbers for bitcoin addresses, every CSPRNG is like a casino roulette, there is none perfect and maybe can be exploited someday, nobody need to use a CSPRNG to generate his own addresses.
member
Activity: 264
Merit: 16
If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:
From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9
Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:
Code:
bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash
Code:
t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)
and tweak key
Code:
pub_tweak = pub + (t * G).
and computing the address using the tweaked pubkey
Code:
bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.

Thanks for the answer, that helped me a lot.

I had already got the first address with some node.js scripts that I thought they were wrong, because so many different scripts was giving different results and because when tested some of them with some satoshis I just lost the access to them.

About doing it on browser or nodejs is probably one of the best ways to teach how the things work, because the facility, fame and for does not need to be compiled fits perfectly.


About security everything can be put on check, even a node or hardware wallet.

Bitcoin will be attacked by all sides, there is a hacker/scam community growing everyday pointing to bitcoin/crypto, they will use methods that today we don't even imagine.

Each wallet generated should have a security level matching the quantity of money it have, if I was CZ from Binance, for sure I would have generated it with pen and paper.

To do something like that we need to know the algorithm and test it before in some environment, so Javascript Engine, because the facility, fame and for does not need to be compiled fits perfectly.

I'll focus on the code for the first example and try to understand it, thanks again for the help.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Even the wheel continues to evolve in practice.

But you should evolve from where people left, not from zero.

When I started to learn how to code I was also resistant to use libraries.  Later on I understood that a programmer who ignores them is making a worse software.

Libraries are code written by specialists. You cannot be a specialist in everything,  so you use code other people wrote.your softwares will be better when you understand the importance of libraries

Sometime you can ignore libraries because you are in a hurry or because you have a limited environment... but when you can you should use them.


Maybe in your project you may not use them. But you should be aware of the limitations you are imposing to your project (specially in security and efficiency)

Quote
Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.

This not happening. And probably will never be done from scratch by ai.  Thks is not how ai works.

even AI look at current libraries before trying to write a better code. AI might improve code.
legendary
Activity: 3472
Merit: 10611
If you don't have an advanced understanding of the Bitcoin protocol you should not attempt implementing any part of it, specially security critical parts like address generation. Not to mention that using it in browser and using Javascript is already a terrible idea.

Case in point:
From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9
Creating Taproot addresses is slightly different from other addresses. It is not a simple matter of pubkey to address since a Taproot address can be both a "pay to key" and a "pay to script" at the same time (imagine a combination of both P2PKH and P2SH but with only one address format). So there are also two ways of creating the address.
One is the simple and quick way of "pay to key" where the address encodes the pubkey you have:
Code:
bc1ps4a6zusuw8v0sruuyz94zwlw43rgz6jpy0ahmvg68nmgx02ck3gq7xmyug

The other is creating a "dummy" script with the single key to use that for spending. This requires computing the tweak hash
Code:
t = SHA256(SHA256("TapTweak") || SHA256("TapTweak") || pub_bytes)
and tweak key
Code:
pub_tweak = pub + (t * G).
and computing the address using the tweaked pubkey
Code:
bc1py5vku7tv8a39wpe6lqf3p6w5jmc3cmhtwcq3whytw59mch7542jsfyemk9

This means depending on how you created the address, the way you spend the coins sent to the address is going to be different.
member
Activity: 264
Merit: 16
Even the wheel continues to evolve in practice.

Almost all base code of all OS's etc will be rewritten by IA and will be more efficient.

For now I'm just concentrated in libraries that don't belong to JS engine and have much more code than what I need.

Maybe in future I'll make a movie step by step how to generate a taproot address only with pen and paper for Guiness records !

To understand all the process I need to isolate the less code possible to start studying it.

All the code have bugs or can be improved, If there is nobody reading, it can't evolve.

For some reason we are using Taproot now and we don't became forever on Legacy.

There is not only one library for same features, the idea is to select the best approach of each one.

When I started learning to code I was taught that the most important was algorithm.

That was a universal language that could be converted in any code language.

Any big work need to have a project, so, one algorithm is the best project for bitcoin, where is that algorithm for next generations could learn about bitcoin and maybe improve it?

With this type of approach I think we should change the slogan to: "Don't verify, just trust!"
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
Hi,

I'd like to know if there is ppl that would like to help to develop a Javascript Taproot Address Generator for Browser.

I have been working on that since some time and the idea is to make the simplest address generator possible in a standalone file, without using complicated libraries full of code that makes any guy just want to trust and not verify.

The lines of code contained in popular libraries are complex and very extensive. But there is a reason for that.

They aren't complex to make you confused when verifying.  They are complex because they are tested,  secure, efficient and accurate.

You shouldn't spend your time reinventing the wheel. This is not how new techs evolve.

By doing what those professional libraries do in your own way, you will probably create an insecure and inefficient software.

For learning purposes you are making a nice initiative.  But only for that.
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
I'm trying to made bitcoin not only for nerds.

One example of a bitcoin JS library terms and conditions of use, that is already used by many that don't understand it:

Sorry to say, but that's a stupid argument. Find me a single piece of open source software or license that doesn't include a "NO WARRANTY" clause. Even if you choose not to use the open source BitcoinJS-lib, you'll still be using a web browser and its underlying JS engine. Have you bothered checking what their licenses say?
member
Activity: 264
Merit: 16
I'm trying to make bitcoin not only for nerds.

One example of a bitcoin JS library terms and conditions of use, that is already used by many that don't understand it:

"Be aware: this library is Apache licensed. By using it, you agree with the terms of that license.
In particular pay attention to section 7 and 8, which assert there is NO WARRANTY that this library is safe to use or bug free, and in fact that by using this code you accept that none of the contributors shall be liable for any damages or monetary loss that results from your use of their code, even if due to bugs in that code. In short, according to the license the library is distributed under, there are no situations in which you could sue any of the developers (it's as if you wrote the entire library yourself). If you can't handle that, don't use this library."


The bitcoin slogan is: "Don't trust, verify!"

First step is to make a step by step manual as easier as possible, with only the code to generate addresses and forget everything else.

Generating secure addresses is the heart/core of bitcoin and nobody is doing it, a beginner can forget everything else as how to mine, how to run a node, can't forget how to generate safe addresses and many, many are mining and running nodes that don't know how to generate safe addresses, even the code of bitcoin core is questionable about the security of generating addresses safely.

The news about robberies come to the internet every single day, so, we need to have simple manual step by step for the ones that would like to learn.

I'm here ready to learn and teach what I already know, if somebody could help many will appreciate.

legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
Taproot support was added in the v6.1.0-rc.0 version of BitcoinJS-lib, so I don't see what your problem is. To clarify, I'm not advocating for bloatware or using libraries for tasks that can be done manually. However, considering the complexity of the problem you're trying to solve and the potential pitfalls, especially if you're not an experienced coder, this is a perfect example of where using a professionally made and thoroughly tested library makes sense and is justified.
member
Activity: 264
Merit: 16
I will lunch first doubt to see if someone could help.

From this x-only form coordinate point:

X= 60376045308133502588319041039213905409191423390227563583774073057371619898448 (decimal)
X= 857BA1721C71D8F80F9C208B513BEEAC46816A4123FB7DB11A3CF6833D58B450 (hexadecimal)

What is the next step to get this final taproot address:

BC1PY5VKU7TV8A39WPE6LQF3P6W5JMC3CMHTWCQ3WHYTW59MCH7542JSFYEMK9

?
member
Activity: 264
Merit: 16
Hi,

I'd like to know if there is ppl that would like to help to develop a Javascript Taproot Address Generator for Browser.

I have been working on that since some time and the idea is to make the simplest address generator possible in a standalone file, without using complicated libraries full of code that makes any guy just want to trust and not verify.

I'm trying to find ppl that have full knowledge of the process since the X-only coordinate until the final bech32m encoding to generate the BC1P... address.

As I said the idea is not just use some public libraries and make it work, that I already have, the idea is to isolate all the code and explain it step by step for any newbie that understands or pretend to learn coding could understand fully what is being done.

Someone would like to help?
Jump to: