feat(core): multisig Signers

Author: Hanssen0

.changeset/little-zebras-pump.md

@@ -0,0 +1,6 @@
+---
+"@ckb-ccc/core": minor
+---
+
+feat(core): multisig Signers
+  

packages/core/src/client/clientPublicMainnet.advanced.ts

@@ -54,6 +54,23 @@ export const MAINNET_SCRIPTS: Record<KnownScript, ScriptInfoLike | undefined> =
         },
       ],
     },
+    [KnownScript.Secp256k1MultisigV2Beta]: {
+      codeHash:
+        "0xd1a9f877aed3f5e07cb9c52b61ab96d06f250ae6883cc7f0a2423db0976fc821",
+      hashType: "type",
+      cellDeps: [
+        {
+          cellDep: {
+            outPoint: {
+              txHash:
+                "0x44be4f4feda80c0e41783ab10e191df3b2bb5c3731b0970c916dbec385dcdc60",
+              index: 0,
+            },
+            depType: "depGroup",
+          },
+        },
+      ],
+    },
     [KnownScript.Secp256k1MultisigV2]: {
       codeHash:
         "0x36c971b8d41fbd94aabca77dc75e826729ac98447b46f91e00796155dddb0d29",

packages/core/src/client/clientPublicTestnet.advanced.ts

@@ -54,6 +54,23 @@ export const TESTNET_SCRIPTS: Record<KnownScript, ScriptInfoLike> =
         },
       ],
     },
+    [KnownScript.Secp256k1MultisigV2Beta]: {
+      codeHash:
+        "0x765b3ed6ae264b335d07e73ac332bf2c0f38f8d3340ed521cb447b4c42dd5f09",
+      hashType: "type",
+      cellDeps: [
+        {
+          cellDep: {
+            outPoint: {
+              txHash:
+                "0xf2013f123b2cb745e3fdf5c935a3925647496f88090503eef58332a9245b4172",
+              index: 0,
+            },
+            depType: "depGroup",
+          },
+        },
+      ],
+    },
     [KnownScript.Secp256k1MultisigV2]: {
       codeHash:
         "0x36c971b8d41fbd94aabca77dc75e826729ac98447b46f91e00796155dddb0d29",

packages/core/src/client/knownScript.ts

@@ -5,6 +5,7 @@ export enum KnownScript {
   NervosDao = "NervosDao",
   Secp256k1Blake160 = "Secp256k1Blake160",
   Secp256k1Multisig = "Secp256k1Multisig",
+  Secp256k1MultisigV2Beta = "Secp256k1MultisigV2Beta", // Fix rare failing case (https://github.com/nervosnetwork/ckb-system-scripts/pull/98)
   Secp256k1MultisigV2 = "Secp256k1MultisigV2", // Enhanced since handling (https://github.com/nervosnetwork/ckb-system-scripts/pull/99)
   AnyoneCanPay = "AnyoneCanPay",
   TypeId = "TypeId",

packages/core/src/hasher/hasherCkb.ts

@@ -4,6 +4,9 @@ import { Hex, hexFrom } from "../hex/index.js";
 import { CKB_BLAKE2B_PERSONAL } from "./advanced.js";
 import { Hasher } from "./hasher.js";
 
+export const HASH_CKB_LENGTH = 32;
+export const HASH_CKB_SHORT_LENGTH = 20;
+
 /**
  * @public
  */
@@ -73,7 +76,6 @@ export class HasherCkb implements Hasher {
  * const hash = hashCkb("some data"); // Outputs something like "0x..."
  * ```
  */
-
 export function hashCkb(...data: BytesLike[]): Hex {
   const hasher = new HasherCkb();
   data.forEach((d) => hasher.update(d));

packages/core/src/signer/ckb/index.ts

@@ -1,5 +1,7 @@
+export * from "./secp256k1Signing.js";
 export * from "./signerCkbPrivateKey.js";
 export * from "./signerCkbPublicKey.js";
 export * from "./signerCkbScriptReadonly.js";
-export * from "./verifyCkbSecp256k1.js";
+export * from "./signerMultisigCkbPrivateKey.js";
+export * from "./signerMultisigCkbReadonly.js";
 export * from "./verifyJoyId.js";

packages/core/src/signer/ckb/secp256k1Signing.test.ts

@@ -0,0 +1,85 @@
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { describe, expect, it } from "vitest";
+import { ccc } from "../../index";
+import {
+  recoverMessageSecp256k1,
+  signMessageSecp256k1,
+  verifyMessageSecp256k1,
+} from "./secp256k1Signing";
+
+const client = new ccc.ClientPublicTestnet();
+const signer = new ccc.SignerCkbPrivateKey(
+  client,
+  "0x0123456789012345678901234567890123456789012345678901234567890123",
+);
+
+describe("verifyMessageCkbSecp256k1", () => {
+  it("should verify a message signed by SignerCkbPrivateKey", async () => {
+    const message = "Hello CKB!";
+    const { signature, identity } = await signer.signMessage(message);
+
+    const isValid = ccc.verifyMessageCkbSecp256k1(message, signature, identity);
+    expect(isValid).toBe(true);
+  });
+
+  it("should fail to verify a message with a wrong signature", async () => {
+    const message = "Hello CKB!";
+    const { identity } = await signer.signMessage(message);
+
+    const signature =
+      "0x0010000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000";
+
+    const isValid = ccc.verifyMessageCkbSecp256k1(message, signature, identity);
+    expect(isValid).toBe(false);
+  });
+
+  it("should fail to verify a message with a wrong public key", async () => {
+    const message = "Hello CKB!";
+    const { signature } = await signer.signMessage(message);
+
+    const identity =
+      "0x000000000000000000000000000000000000000000000000000000000000000000";
+
+    const isValid = ccc.verifyMessageCkbSecp256k1(message, signature, identity);
+    expect(isValid).toBe(false);
+  });
+});
+
+describe("Secp256k1 Helpers", () => {
+  const privateKey =
+    "0x0123456789012345678901234567890123456789012345678901234567890123";
+  const publicKey = ccc.hexFrom(
+    secp256k1.getPublicKey(ccc.bytesFrom(privateKey), true),
+  );
+  const messageHash =
+    "0x1234567890123456789012345678901234567890123456789012345678901234";
+
+  it("should verifies a message", () => {
+    const isValid = verifyMessageSecp256k1(
+      messageHash,
+      "0xf71fd3e5b90289fa939bd3f3c0e263e8ea8e37550417344e58c9b1675084be456c506a30789a6ec98919e5458b3898199b560a41d5262cb18db37058cff339a300",
+      publicKey,
+    );
+    expect(isValid).toBe(true);
+  });
+
+  it("should sign and verify a message hash", () => {
+    const signature = signMessageSecp256k1(messageHash, privateKey);
+    const isValid = verifyMessageSecp256k1(messageHash, signature, publicKey);
+    expect(isValid).toBe(true);
+  });
+
+  it("should recover the public key from the signature", () => {
+    const signature = signMessageSecp256k1(messageHash, privateKey);
+    const recovered = recoverMessageSecp256k1(messageHash, signature);
+    expect(recovered).toBe(publicKey);
+  });
+
+  it("should fail verification with wrong message", () => {
+    const signature = signMessageSecp256k1(messageHash, privateKey);
+    const wrongMessage =
+      "0x0000000000000000000000000000000000000000000000000000000000000000";
+    const isValid = verifyMessageSecp256k1(wrongMessage, signature, publicKey);
+    expect(isValid).toBe(false);
+  });
+});

packages/core/src/signer/ckb/secp256k1Signing.ts

@@ -0,0 +1,94 @@
+import { secp256k1 } from "@noble/curves/secp256k1.js";
+import { bytesConcat, bytesFrom, BytesLike } from "../../bytes/index.js";
+import { hashCkb } from "../../hasher/index.js";
+import { Hex, hexFrom } from "../../hex/index.js";
+
+export const SECP256K1_SIGNATURE_LENGTH = 65;
+
+/**
+ * Sign a message using Secp256k1.
+ *
+ * @param message - The message to sign.
+ * @param privateKey - The private key.
+ * @returns The signature.
+ * @public
+ */
+export function signMessageSecp256k1(
+  message: BytesLike,
+  privateKey: BytesLike,
+): Hex {
+  const signature = secp256k1.sign(bytesFrom(message), bytesFrom(privateKey), {
+    format: "recovered",
+    prehash: false,
+  });
+  return hexFrom(bytesConcat(signature.slice(1), signature.slice(0, 1)));
+}
+
+/**
+ * Verify a message using Secp256k1.
+ *
+ * @param message - The message to verify.
+ * @param signature - The signature.
+ * @param publicKey - The public key.
+ * @returns True if the signature is valid, false otherwise.
+ * @public
+ */
+export function verifyMessageSecp256k1(
+  message: BytesLike,
+  signature: BytesLike,
+  publicKey: BytesLike,
+): boolean {
+  const signatureBytes = bytesFrom(signature);
+  return secp256k1.verify(
+    bytesConcat(signatureBytes.slice(64), signatureBytes.slice(0, 64)),
+    bytesFrom(message),
+    bytesFrom(publicKey),
+    { format: "recovered", prehash: false },
+  );
+}
+
+/**
+ * Recover the public key from a Secp256k1 signature.
+ *
+ * @param message - The message.
+ * @param signature - The signature.
+ * @returns The recovered public key.
+ * @public
+ */
+export function recoverMessageSecp256k1(
+  message: BytesLike,
+  signature: BytesLike,
+): Hex {
+  const signatureBytes = bytesFrom(signature);
+  return hexFrom(
+    secp256k1.recoverPublicKey(
+      bytesConcat(signatureBytes.slice(64), signatureBytes.slice(0, 64)),
+      bytesFrom(message),
+      { prehash: false },
+    ),
+  );
+}
+
+/**
+ * @public
+ */
+export function messageHashCkbSecp256k1(message: string | BytesLike): Hex {
+  const msg = typeof message === "string" ? message : hexFrom(message);
+  const buffer = bytesFrom(`Nervos Message:${msg}`, "utf8");
+  return hashCkb(buffer);
+}
+
+/**
+ * @public
+ */
+export function verifyMessageCkbSecp256k1(
+  message: string | BytesLike,
+  signature: string,
+  publicKey: string,
+): boolean {
+  return verifyMessageSecp256k1(
+    messageHashCkbSecp256k1(message),
+    signature,
+    publicKey,
+  );
+}

packages/core/src/signer/ckb/signerCkbPrivateKey.ts

@@ -1,10 +1,13 @@
 import { secp256k1 } from "@noble/curves/secp256k1.js";
-import { bytesConcat, bytesFrom, BytesLike } from "../../bytes/index.js";
+import { bytesFrom, BytesLike } from "../../bytes/index.js";
 import { Transaction, TransactionLike, WitnessArgs } from "../../ckb/index.js";
 import { Client } from "../../client/index.js";
 import { Hex, hexFrom, HexLike } from "../../hex/index.js";
+import {
+  messageHashCkbSecp256k1,
+  signMessageSecp256k1,
+} from "./secp256k1Signing.js";
 import { SignerCkbPublicKey } from "./signerCkbPublicKey.js";
-import { messageHashCkbSecp256k1 } from "./verifyCkbSecp256k1.js";
 
 /**
  * @public
@@ -23,15 +26,7 @@ export class SignerCkbPrivateKey extends SignerCkbPublicKey {
   }
 
   async _signMessage(message: HexLike): Promise<Hex> {
-    const signature = secp256k1.sign(
-      bytesFrom(message),
-      bytesFrom(this.privateKey),
-      {
-        format: "recovered",
-        prehash: false,
-      },
-    );
-    return hexFrom(bytesConcat(signature.slice(1), signature.slice(0, 1)));
+    return signMessageSecp256k1(message, this.privateKey);
   }
 
   async signMessageRaw(message: string | BytesLike): Promise<Hex> {

packages/core/src/signer/ckb/signerCkbPublicKey.ts

@@ -2,9 +2,10 @@ import { Address } from "../../address/index.js";
 import { bytesFrom } from "../../bytes/index.js";
 import { Script, Transaction, TransactionLike } from "../../ckb/index.js";
 import { CellDepInfo, Client, KnownScript } from "../../client/index.js";
-import { hashCkb } from "../../hasher/index.js";
+import { HASH_CKB_SHORT_LENGTH, hashCkb } from "../../hasher/index.js";
 import { Hex, HexLike, hexFrom } from "../../hex/index.js";
 import { Signer, SignerSignType, SignerType } from "../signer/index.js";
+import { SECP256K1_SIGNATURE_LENGTH } from "./secp256k1Signing.js";
 
 /**
  * @public
@@ -47,7 +48,7 @@ export class SignerCkbPublicKey extends Signer {
     return Address.fromKnownScript(
       this.client,
       KnownScript.Secp256k1Blake160,
-      bytesFrom(hashCkb(this.publicKey)).slice(0, 20),
+      bytesFrom(hashCkb(this.publicKey)).slice(0, HASH_CKB_SHORT_LENGTH),
     );
   }
 
@@ -140,7 +141,11 @@ export class SignerCkbPublicKey extends Signer {
 
     await Promise.all(
       (await this.getRelatedScripts(tx)).map(async ({ script, cellDeps }) => {
-        await tx.prepareSighashAllWitness(script, 65, this.client);
+        await tx.prepareSighashAllWitness(
+          script,
+          SECP256K1_SIGNATURE_LENGTH,
+          this.client,
+        );
         await tx.addCellDepInfos(this.client, cellDeps);
       }),
     );