Skip to content

feat(bip322-multisig): add BIP-322 P2WSH signature verification#175

Merged
TaprootFreak merged 3 commits intodevelopfrom
feat/bip322-multisig-verify
Apr 30, 2026
Merged

feat(bip322-multisig): add BIP-322 P2WSH signature verification#175
TaprootFreak merged 3 commits intodevelopfrom
feat/bip322-multisig-verify

Conversation

@TaprootFreak
Copy link
Copy Markdown
Contributor

@TaprootFreak TaprootFreak commented Apr 30, 2026
edited
Loading

Context

The @dfx.swiss/bip322-multisig package currently only provides building and signing primitives (bip322MessageHash, buildToSpendTx, buildToSignPsbt, extractBip322Signature, etc.). It has no verification capability.

In DFXswiss/api#3637, we added BIP-322 P2WSH multisig auth support. The verification logic currently lives as a standalone bip322-p2wsh.util.ts file in the API repo (~190 lines). Review feedback asks to remove that file and use this package instead.

This PR adds the missing verification functions so the API can replace the custom util file with a single package import.

Changes

New module src/verify.ts exporting:

  • isP2wshAddress(address) — mainnet P2WSH bech32 address detection (witness v0, 32-byte program)
  • verifyBip322P2wshSignature(message, address, signatureBase64) — full BIP-322 simple signature verification for standard P2WSH multisig (OP_M ... OP_N OP_CHECKMULTISIG)

Internally uses existing core.ts primitives (bip322MessageHash, buildToSpendTx, p2wshScriptPubKey) + bitcoinjs-lib Transaction.hashForWitnessV0 for sighash computation. ECDSA verification via @noble/curves/secp256k1.

New dependency: @noble/curves@^2.2.0

Tests

16 tests in src/__tests__/verify.test.ts:

  • 6× address validation (mainnet P2WSH, P2WPKH, legacy, testnet, malformed, empty)
  • 3× structural negatives (empty sig, garbage base64, wrong address type)
  • 3× synthetic 2-of-3 sortedmulti roundtrip sign+verify
  • 3× rejection (under-threshold, wrong message, foreign key)
  • 1× todo placeholder for real wallet fixture

@TaprootFreak
feat(bip322-multisig): add BIP-322 P2WSH signature verification
9912336 
Add verifyBip322P2wshSignature() and isP2wshAddress() for server-side
validation of BIP-322 simple signatures from P2WSH multisig wallets.

- New src/verify.ts with DER parsing, witness stack decoding, and
  OP_CHECKMULTISIG verification using @noble/curves/secp256k1
- 16 tests covering address validation, roundtrip sign/verify,
  under-threshold rejection, wrong-message rejection, foreign-key rejection
- Bump version to 0.2.0-beta.1
@TaprootFreak
style: fix prettier formatting
1b44175
@TaprootFreak
fix: use Node crypto.randomBytes in tests, reject trailing witness bytes
ecbffa1
@TaprootFreak TaprootFreak marked this pull request as ready for review April 30, 2026 15:03
@TaprootFreak TaprootFreak mentioned this pull request Apr 30, 2026
Open
4 tasks
@TaprootFreak TaprootFreak merged commit d70a7e3 into develop Apr 30, 2026
1 check passed
@TaprootFreak TaprootFreak deleted the feat/bip322-multisig-verify branch April 30, 2026 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidleomay davidleomay davidleomay approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TaprootFreak @davidleomay