V6.4.0

- Update dependencies.
- Improved security: Private key operations now use blinded ecmult for safer public key generation.
- All signing methods now use constant-time operations with blinded ecmult to securely generate signatures.

Author: mrtnetwork

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 6.4.0
+
+- Update dependencies.
+- Improved security: Private key operations now use blinded ecmult for safer public key generation.
+- All signing methods now use constant-time operations with blinded ecmult to securely generate signatures.
+
+
+
 ## 6.3.0
 
 - Update dependencies.

example/lib/musig/methods.dart

@@ -3,8 +3,11 @@ import 'package:example/services_examples/electrum/electrum_ssl_service.dart';
 
 Future<ElectrumProvider> getProvider(
     {String url = "testnet4-electrumx.wakiyamap.dev:51002"}) async {
-  final service = await ElectrumSSLService.connect(
-      "testnet4-electrumx.wakiyamap.dev:51002");
+  // final service = await ElectrumSSLService.connect(
+  //     "testnet4-electrumx.wakiyamap.dev:51002");
+
+  final service =
+      await ElectrumSSLService.connect("testnet.aranguren.org:51002");
   return ElectrumProvider(service);
 }
 

example/pubspec.lock

@@ -15,15 +15,15 @@ packages:
       path: ".."
       relative: true
     source: path
-    version: "6.2.0"
+    version: "6.3.0"
   blockchain_utils:
     dependency: "direct main"
     description:
       name: blockchain_utils
-      sha256: "104f5212ade36b01a67511b074feed2ece513876d45c8daace277818cdc16873"
+      sha256: fbddd2a7f1849d2244a35bf996b6fb00bf6bd557f0e13aed65ba0c16ad133cb7
       url: "https://pub.dev"
     source: hosted
-    version: "4.4.0"
+    version: "5.0.0"
   boolean_selector:
     dependency: transitive
     description:

example/pubspec.yaml

@@ -39,7 +39,7 @@ dependencies:
     path: ../
   # blockchain_utils:
   #   path: ../../blockchain_utils
-  blockchain_utils: ^4.4.0
+  blockchain_utils: ^5.0.0
   http: ^1.2.0
 
 dev_dependencies:

lib/src/bitcoin/address/legacy_address.dart

@@ -154,7 +154,7 @@ class P2pkAddress extends LegacyAddress {
   P2pkAddress._(this.publicKey) : super._();
   factory P2pkAddress({required String publicKey}) {
     final toBytes = BytesUtils.fromHexString(publicKey);
-    if (!Secp256k1PublicKeyEcdsa.isValidBytes(toBytes)) {
+    if (!Secp256k1PublicKey.isValidBytes(toBytes)) {
       throw const DartBitcoinPluginException('Invalid Public key.');
     }
     return P2pkAddress._(StringUtils.strip0x(publicKey.toLowerCase()));

lib/src/crypto/keypair/ec_private.dart

@@ -101,7 +101,7 @@ class ECPrivate {
     List<int> extraEntropy = const [],
   }) {
     final btcSigner = BitcoinKeySigner.fromKeyBytes(toBytes());
-    final signature = btcSigner.signMessage(
+    final signature = btcSigner.signMessageConst(
         message: message,
         messagePrefix: messagePrefix,
         extraEntropy: extraEntropy);
@@ -122,7 +122,7 @@ class ECPrivate {
       {String messagePrefix = BitcoinSignerUtils.signMessagePrefix,
       List<int> extraEntropy = const []}) {
     final btcSigner = BitcoinKeySigner.fromKeyBytes(toBytes());
-    final signature = btcSigner.signMessage(
+    final signature = btcSigner.signMessageConst(
         message: message,
         messagePrefix: messagePrefix,
         extraEntropy: extraEntropy);
@@ -138,7 +138,7 @@ class ECPrivate {
       List<int> extraEntropy = const []}) {
     final btcSigner = BitcoinKeySigner.fromKeyBytes(toBytes());
     List<int> signature =
-        btcSigner.signECDSADer(txDigest, extraEntropy: extraEntropy);
+        btcSigner.signECDSADerConst(txDigest, extraEntropy: extraEntropy);
     if (sighash != null) {
       signature = <int>[...signature, sighash];
     }
@@ -157,7 +157,8 @@ class ECPrivate {
       {int sighash = BitcoinOpCodeConst.sighashDefault,
       List<int> extraEntropy = const []}) {
     final btcSigner = BitcoinKeySigner.fromKeyBytes(toBytes());
-    var signature = btcSigner.signSchnorr(txDigest, extraEntropy: extraEntropy);
+    var signature =
+        btcSigner.signSchnorrConst(txDigest, extraEntropy: extraEntropy);
     if (sighash != BitcoinOpCodeConst.sighashDefault) {
       signature = <int>[...signature, sighash];
     }
@@ -193,7 +194,7 @@ class ECPrivate {
           "Use either tapTweakHash or (treeScript/merkleRoot), not both.");
     }
     final btcSigner = BitcoinKeySigner.fromKeyBytes(toBytes());
-    List<int> signature = btcSigner.signBip340(
+    List<int> signature = btcSigner.signBip340Const(
         digest: txDigest,
         aux: aux,
         tapTweakHash: tweak

lib/src/crypto/keypair/ec_public.dart

@@ -9,21 +9,21 @@ import 'package:blockchain_utils/blockchain_utils.dart';
 typedef PublicKeyType = PubKeyModes;
 
 class ECPublic {
-  final Secp256k1PublicKeyEcdsa publicKey;
+  final Secp256k1PublicKey publicKey;
   const ECPublic._(this.publicKey);
 
   factory ECPublic.fromBip32(Bip32PublicKey publicKey) {
     if (publicKey.curveType != EllipticCurveTypes.secp256k1) {
       throw const DartBitcoinPluginException(
           'invalid public key curve for bitcoin');
     }
-    return ECPublic._(publicKey.pubKey as Secp256k1PublicKeyEcdsa);
+    return ECPublic._(publicKey.pubKey as Secp256k1PublicKey);
   }
   ProjectiveECCPoint get point => publicKey.point.cast();
 
   /// Constructs an ECPublic key from a byte representation.
   factory ECPublic.fromBytes(List<int> public) {
-    final publicKey = Secp256k1PublicKeyEcdsa.fromBytes(public);
+    final publicKey = Secp256k1PublicKey.fromBytes(public);
     return ECPublic._(publicKey);
   }
 

lib/src/psbt/psbt_builder/types/internal_types.dart

@@ -335,13 +335,14 @@ class PsbtGeneratedTransactionDigest {
 
   bool verifyEcdsaSignature(PsbtInputPartialSig sig) {
     try {
+      /// handle bch schnorr signature
       if (CryptoSignatureUtils.isValidSchnorrSignature(sig.signature)) {
         return sig.publicKey
             .verifySchnorrSignature(digest: digest, signature: sig.signature);
       }
-
-      return sig.publicKey
+      final verify = sig.publicKey
           .verifyDerSignature(digest: digest, signature: sig.signature);
+      return verify;
     } catch (_) {
       return false;
     }

lib/src/psbt/types/types/inputs.dart

@@ -651,7 +651,7 @@ class PsbtInputBip32DerivationPath extends PsbtInputData {
     required List<int> publicKey,
   }) {
     if (fingerprint.length == Bip32KeyDataConst.fingerprintByteLen &&
-        Secp256k1PublicKeyEcdsa.isValidBytes(publicKey)) {
+        Secp256k1PublicKey.isValidBytes(publicKey)) {
       return PsbtInputBip32DerivationPath._(
           fingerprint: fingerprint,
           indexes: indexes,
@@ -694,7 +694,7 @@ class PsbtInputBip32DerivationPath extends PsbtInputData {
             offset, offset + Bip32KeyDataConst.keyIndexByteLen));
       });
       if (fingerPrint.length == Bip32KeyDataConst.fingerprintByteLen &&
-          Secp256k1PublicKeyEcdsa.isValidBytes(keypair.key.extraData ?? [])) {
+          Secp256k1PublicKey.isValidBytes(keypair.key.extraData ?? [])) {
         return PsbtInputBip32DerivationPath._(
             fingerprint: fingerPrint,
             indexes: bip32Indexes,
@@ -1943,9 +1943,9 @@ class PsbtInputMuSig2PublicNonce extends PsbtInputData {
             : keypair.key.extraData!
                 .sublist(EcdsaKeysConst.pubKeyCompressedByteLen * 2);
         if (publicKey.length == EcdsaKeysConst.pubKeyCompressedByteLen &&
-            Secp256k1PublicKeyEcdsa.isValidBytes(publicKey) &&
+            Secp256k1PublicKey.isValidBytes(publicKey) &&
             plainPublicKey.length == EcdsaKeysConst.pubKeyCompressedByteLen &&
-            Secp256k1PublicKeyEcdsa.isValidBytes(plainPublicKey) &&
+            Secp256k1PublicKey.isValidBytes(plainPublicKey) &&
             (hash == null || hash.length == QuickCrypto.sha256DigestSize) &&
             keypair.value.data.length ==
                 EcdsaKeysConst.pubKeyCompressedByteLen * 2) {
@@ -2042,9 +2042,9 @@ class PsbtInputMuSig2ParticipantPartialSignature
             ? null
             : keypair.key.extraData!.sublist(66);
         if (publicKey.length == EcdsaKeysConst.pubKeyCompressedByteLen &&
-            Secp256k1PublicKeyEcdsa.isValidBytes(publicKey) &&
+            Secp256k1PublicKey.isValidBytes(publicKey) &&
             plainPublicKey.length == EcdsaKeysConst.pubKeyCompressedByteLen &&
-            Secp256k1PublicKeyEcdsa.isValidBytes(plainPublicKey) &&
+            Secp256k1PublicKey.isValidBytes(plainPublicKey) &&
             (hash == null || hash.length == QuickCrypto.sha256DigestSize) &&
             keypair.value.data.length == QuickCrypto.sha256DigestSize) {
           return PsbtInputMuSig2ParticipantPartialSignature._(

lib/src/psbt/types/types/outputs.dart

@@ -326,7 +326,7 @@ class PsbtOutputBip32DerivationPath extends PsbtOutputData {
       required List<Bip32KeyIndex> indexes,
       required List<int> publicKey}) {
     if (fingerprint.length == Bip32KeyDataConst.fingerprintByteLen &&
-        Secp256k1PublicKeyEcdsa.isValidBytes(publicKey)) {
+        Secp256k1PublicKey.isValidBytes(publicKey)) {
       return PsbtOutputBip32DerivationPath._(
           fingerprint: fingerprint,
           indexes: indexes,
@@ -348,7 +348,7 @@ class PsbtOutputBip32DerivationPath extends PsbtOutputData {
           "Invalid PSBT bip32 derivation path type flag");
     }
     if (keypair.key.extraData == null ||
-        !Secp256k1PublicKeyEcdsa.isValidBytes(keypair.key.extraData!)) {
+        !Secp256k1PublicKey.isValidBytes(keypair.key.extraData!)) {
       throw DartBitcoinPluginException(
           "Invalid PSBT bip32 derivation public key.");
     }
@@ -370,7 +370,7 @@ class PsbtOutputBip32DerivationPath extends PsbtOutputData {
             offset, offset + Bip32KeyDataConst.keyIndexByteLen));
       });
       if (fingerPrint.length == Bip32KeyDataConst.fingerprintByteLen &&
-          Secp256k1PublicKeyEcdsa.isValidBytes(keypair.key.extraData!)) {
+          Secp256k1PublicKey.isValidBytes(keypair.key.extraData!)) {
         return PsbtOutputBip32DerivationPath._(
             fingerprint: fingerPrint,
             indexes: bip32Indexes,
@@ -748,8 +748,8 @@ class PsbtOutputMuSig2ParticipantPublicKeys extends PsbtOutputData {
         super(type: PsbtOutputTypes.muSig2ParticipantPublicKeys);
   factory PsbtOutputMuSig2ParticipantPublicKeys(
       {required List<int> aggregatePubKey, required List<List<int>> pubKeys}) {
-    if (Secp256k1PublicKeyEcdsa.isValidBytes(aggregatePubKey) &&
-        pubKeys.every(Secp256k1PublicKeyEcdsa.isValidBytes)) {
+    if (Secp256k1PublicKey.isValidBytes(aggregatePubKey) &&
+        pubKeys.every(Secp256k1PublicKey.isValidBytes)) {
       return PsbtOutputMuSig2ParticipantPublicKeys._(
           aggregatePubKey: aggregatePubKey,
           pubKeys: pubKeys,
@@ -781,8 +781,8 @@ class PsbtOutputMuSig2ParticipantPublicKeys extends PsbtOutputData {
                 offset, offset + EcdsaKeysConst.pubKeyCompressedByteLen);
             pubKeys.add(key);
           }
-          if (Secp256k1PublicKeyEcdsa.isValidBytes(keypair.key.extraData!) &&
-              pubKeys.every(Secp256k1PublicKeyEcdsa.isValidBytes)) {
+          if (Secp256k1PublicKey.isValidBytes(keypair.key.extraData!) &&
+              pubKeys.every(Secp256k1PublicKey.isValidBytes)) {
             return PsbtOutputMuSig2ParticipantPublicKeys._(
                 aggregatePubKey: keypair.key.extraData!,
                 pubKeys: pubKeys,