Skip to content

Add experimental silent payment transaction creation support #220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add experimental silent payment transaction creation support #220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ bdk_redb = { version = "0.1.0", optional = true }
shlex = { version = "1.3.0", optional = true }
tracing = "0.1.41"
tracing-subscriber = "0.3.19"
bdk_sp = { version = "0.1.0", optional = true, git = "https://github.com/bitcoindevkit/bdk-sp", tag = "v0.1.0" }

[features]
default = ["repl", "sqlite"]
Expand All @@ -54,3 +55,6 @@ verify = []
# Extra utility tools
# Compile policies
compiler = []

# Experimental silent payment sending capabilities
sp = ["dep:bdk_sp"]
59 changes: 59 additions & 0 deletions src/commands.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@

#![allow(clippy::large_enum_variant)]

#[cfg(feature = "sp")]
use {crate::utils::parse_sp_code_value_pairs, bdk_sp::encoding::SilentPaymentCode};

use bdk_wallet::bitcoin::{
Address, Network, OutPoint, ScriptBuf,
bip32::{DerivationPath, Xpriv},
Expand Down Expand Up @@ -315,6 +318,62 @@ pub enum OfflineWalletSubCommand {
)]
add_data: Option<String>, //base 64 econding
},
/// Creates a silent payment transaction
///
/// This sub-command is **EXPERIMENTAL** and should only be used for testing. Do not use this
/// feature to create transactions that spend actual funds on the Bitcoin mainnet.

// This command DOES NOT return a PSBT. Instead, it directly returns a signed transaction
// ready for broadcast, as it is not yet possible to perform a shared derivation of a silent
// payment script pubkey in a secure and trustless manner.
#[cfg(feature = "sp")]
CreateSpTx {
/// Adds a recipient to the transaction.
// Clap Doesn't support complex vector parsing https://github.com/clap-rs/clap/issues/1704.
// Address and amount parsing is done at run time in handler function.
#[arg(env = "ADDRESS:SAT", long = "to", required = false, value_parser = parse_recipient)]
recipients: Option<Vec<(ScriptBuf, u64)>>,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a need to add these recipients again since the focus is on sp_recipients?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to show that's still possible to send a non silent payment output together with a silent payment output in the same transaction, that's why I left this here.

/// Parse silent payment recipients
#[arg(long = "to-sp", required = true, value_parser = parse_sp_code_value_pairs)]
silent_payment_recipients: Vec<(SilentPaymentCode, u64)>,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how can one construct sp_recipients? can you add that to the readme?

Copy link
Author

@nymius nymius Oct 18, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Each silent payment recipient is a string of the form <silent-payment-address>:<amount>, for example: sprt1qq0u4yswlkqx36shz7j8mwt335p4el5txc8tt6yny3dqewlw4rwdqkqewtzh728u7mzkne3uf0a35mzqlm0jf4q2kgc5aakq4d04a9l734u5ddn6e:1000 (this is a regtest address, because human readable prefix is sprt).
You cannot get addresses from your bdk-cli because I don't think the receiving side is mature enough yet, but;
SilentPaymentCode is prepared to decode any silent payment encoded address, so I recommend you to take a look in bdk-sp encoding tests to get some fake addresses from there.
If you want to create silent payment addresses dynamically you would have to compile sp-cli2, the cli implemented in bdk-sp, maybe that's too much to add to the README (to ask to compile another tool to get one), what do you think?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I think is that, if it is possible, you should add deriving SP addresses to this PR. I wanted to test how you implemented it in the CLI v2 but it broke. Else you can add a link to the test addresses so it is easy for users to find them.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But if we add the chances to derive addresses, then we are allowing the creation of transactions locking funds into those addresses. I could restrict this functionality to only derive testnet addresses, so no one lose any real funds.
I mean, is problematic to open the door to receive without implementing the whole functionality to scan for new outputs.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, only testnet addresses are fine. We generally warn users against using this tool for mainnet.

/// Sends all the funds (or all the selected utxos). Requires only one recipient with value 0.
#[arg(long = "send_all", short = 'a')]
send_all: bool,
/// Make a PSBT that can be signed by offline signers and hardware wallets. Forces the addition of `non_witness_utxo` and more details to let the signer identify the change output.
#[arg(long = "offline_signer")]
offline_signer: bool,
/// Selects which utxos *must* be spent.
#[arg(env = "MUST_SPEND_TXID:VOUT", long = "utxos", value_parser = parse_outpoint)]
utxos: Option<Vec<OutPoint>>,
/// Marks a utxo as unspendable.
#[arg(env = "CANT_SPEND_TXID:VOUT", long = "unspendable", value_parser = parse_outpoint)]
unspendable: Option<Vec<OutPoint>>,
/// Fee rate to use in sat/vbyte.
#[arg(env = "SATS_VBYTE", short = 'f', long = "fee_rate")]
fee_rate: Option<f32>,
/// Selects which policy should be used to satisfy the external descriptor.
#[arg(env = "EXT_POLICY", long = "external_policy")]
external_policy: Option<String>,
/// Selects which policy should be used to satisfy the internal descriptor.
#[arg(env = "INT_POLICY", long = "internal_policy")]
internal_policy: Option<String>,
/// Optionally create an OP_RETURN output containing given String in utf8 encoding (max 80 bytes)
#[arg(
env = "ADD_STRING",
long = "add_string",
short = 's',
conflicts_with = "add_data"
)]
add_string: Option<String>,
/// Optionally create an OP_RETURN output containing given base64 encoded String. (max 80 bytes)
#[arg(
env = "ADD_DATA",
long = "add_data",
short = 'o',
conflicts_with = "add_string"
)]
add_data: Option<String>, //base 64 econding
},
/// Bumps the fees of an RBF transaction.
BumpFee {
/// TXID of the transaction to update.
Expand Down
166 changes: 160 additions & 6 deletions src/handlers.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ use bdk_wallet::bitcoin::{
};
use bdk_wallet::chain::ChainPosition;
use bdk_wallet::descriptor::Segwitv0;
use bdk_wallet::keys::{
DerivableKey, DescriptorKey, DescriptorKey::Secret, ExtendedKey, GeneratableKey, GeneratedKey,
bip39::WordCount,
};
use bdk_wallet::miniscript::miniscript;
#[cfg(feature = "sqlite")]
use bdk_wallet::rusqlite::Connection;
use bdk_wallet::{KeychainKind, SignOptions, Wallet};
Expand All @@ -39,12 +44,6 @@ use bdk_wallet::{
miniscript::policy::Concrete,
};
use cli_table::{Cell, CellStruct, Style, Table, format::Justify};

use bdk_wallet::keys::{
DerivableKey, DescriptorKey, DescriptorKey::Secret, ExtendedKey, GeneratableKey, GeneratedKey,
bip39::WordCount,
};
use bdk_wallet::miniscript::miniscript;
use serde_json::json;
use std::collections::BTreeMap;
#[cfg(any(feature = "electrum", feature = "esplora"))]
Expand All @@ -53,6 +52,16 @@ use std::convert::TryFrom;
#[cfg(any(feature = "repl", feature = "electrum", feature = "esplora"))]
use std::io::Write;
use std::str::FromStr;
#[cfg(feature = "sp")]
use {
bdk_sp::{
bitcoin::{PrivateKey, PublicKey, ScriptBuf, XOnlyPublicKey},
encoding::SilentPaymentCode,
send::psbt::derive_sp,
},
bdk_wallet::keys::{DescriptorPublicKey, DescriptorSecretKey, SinglePubKey},
std::collections::HashMap,
};

#[cfg(feature = "electrum")]
use crate::utils::BlockchainClient::Electrum;
Expand Down Expand Up @@ -318,7 +327,152 @@ pub fn handle_offline_wallet_subcommand(
)?)
}
}
#[cfg(feature = "sp")]
CreateSpTx {
recipients: maybe_recipients,
silent_payment_recipients,
send_all,
offline_signer,
utxos,
unspendable,
fee_rate,
external_policy,
internal_policy,
add_data,
add_string,
} => {
let mut tx_builder = wallet.build_tx();

let sp_recipients: Vec<SilentPaymentCode> = silent_payment_recipients
.iter()
.map(|(sp_code, _)| sp_code.clone())
.collect();

let mut outputs: Vec<(ScriptBuf, Amount)> = silent_payment_recipients
.iter()
.map(|(sp_code, amount)| {
let script = sp_code.get_placeholder_p2tr_spk();
(script, Amount::from_sat(*amount))
})
.collect();

if let Some(recipients) = maybe_recipients {
if send_all {
tx_builder.drain_wallet().drain_to(recipients[0].0.clone());
} else {
let recipients = recipients
.into_iter()
.map(|(script, amount)| (script, Amount::from_sat(amount)));

outputs.extend(recipients);
}
}

tx_builder.set_recipients(outputs);

// Do not enable RBF for this transaction
tx_builder.set_exact_sequence(Sequence::MAX);

if offline_signer {
tx_builder.include_output_redeem_witness_script();
}

if let Some(fee_rate) = fee_rate {
if let Some(fee_rate) = FeeRate::from_sat_per_vb(fee_rate as u64) {
tx_builder.fee_rate(fee_rate);
}
}

if let Some(utxos) = utxos {
tx_builder.add_utxos(&utxos[..]).unwrap();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you use the Error enum from the error module to gracefully handle errors rather than unwrapping?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm reviewing this unwraps again. I was basing these changes in the CreateTx command, that has the same number of unwraps on the same places.
I can come up with a graceful error handling for this PR, but then we would need to open a new PR to update the other command.
Also, as I'm using the unwraps on the same places, then the Error variants should be as general as possible to reuse them in the CreateTx command, and then this PR wouldn't be doing a single thing, but two.
Any recommendations about how to proceed?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I have noticed that the CreateTx command has unwrappings, which we have not updated after adding the Error enum. If you can come up with variants to handle both cases, that would be great. After you have handled the CreateSpTx case, you can add an extra commit to fix the case for CreateTx.

}

if let Some(unspendable) = unspendable {
tx_builder.unspendable(unspendable);
}

if let Some(base64_data) = add_data {
let op_return_data = BASE64_STANDARD.decode(base64_data).unwrap();
tx_builder.add_data(&PushBytesBuf::try_from(op_return_data).unwrap());
} else if let Some(string_data) = add_string {
let data = PushBytesBuf::try_from(string_data.as_bytes().to_vec()).unwrap();
tx_builder.add_data(&data);
}

let policies = vec![
external_policy.map(|p| (p, KeychainKind::External)),
internal_policy.map(|p| (p, KeychainKind::Internal)),
];

for (policy, keychain) in policies.into_iter().flatten() {
let policy = serde_json::from_str::<BTreeMap<String, Vec<usize>>>(&policy)?;
tx_builder.policy_path(policy, keychain);
}

let mut psbt = tx_builder.finish()?;

let unsigned_psbt = psbt.clone();

let _signed = wallet.sign(&mut psbt, SignOptions::default())?;

for (full_input, psbt_input) in unsigned_psbt.inputs.iter().zip(psbt.inputs.iter_mut())
{
// repopulate key derivation data
psbt_input.bip32_derivation = full_input.bip32_derivation.clone();
psbt_input.tap_key_origins = full_input.tap_key_origins.clone();
}

let secp = Secp256k1::new();
let mut external_signers = wallet.get_signers(KeychainKind::External).as_key_map(&secp);
let internal_signers = wallet.get_signers(KeychainKind::Internal).as_key_map(&secp);
external_signers.extend(internal_signers);

match external_signers.iter().next().expect("not empty") {
(DescriptorPublicKey::Single(single_pub), DescriptorSecretKey::Single(prv)) => {
match single_pub.key {
SinglePubKey::FullKey(pk) => {
let keys: HashMap<PublicKey, PrivateKey> = [(pk, prv.key)].into();
derive_sp(&mut psbt, &keys, &sp_recipients, &secp)
.expect("will fix later");
}
SinglePubKey::XOnly(xonly) => {
let keys: HashMap<XOnlyPublicKey, PrivateKey> =
[(xonly, prv.key)].into();
derive_sp(&mut psbt, &keys, &sp_recipients, &secp)
.expect("will fix later");
}
};
}
(_, DescriptorSecretKey::XPrv(k)) => {
derive_sp(&mut psbt, &k.xkey, &sp_recipients, &secp).expect("will fix later");
}
_ => unimplemented!("multi xkey signer"),
};

// Unfinalize PSBT to resign
for psbt_input in psbt.inputs.iter_mut() {
psbt_input.final_script_sig = None;
psbt_input.final_script_witness = None;
}

let _resigned = wallet.sign(&mut psbt, SignOptions::default())?;

let raw_tx = psbt.extract_tx()?;
if cli_opts.pretty {
let table = vec![vec![
"Raw Transaction".cell().bold(true),
serialize_hex(&raw_tx).cell(),
]]
.table()
.display()
.map_err(|e| Error::Generic(e.to_string()))?;
Ok(format!("{table}"))
} else {
Ok(serde_json::to_string_pretty(
&json!({"raw_tx": serialize_hex(&raw_tx)}),
)?)
}
}
CreateTx {
recipients,
send_all,
Expand Down
21 changes: 21 additions & 0 deletions src/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ use bdk_kyoto::{
UnboundedReceiver, Warning,
builder::NodeBuilder,
};
#[cfg(feature = "sp")]
use bdk_sp::encoding::SilentPaymentCode;
use bdk_wallet::bitcoin::{Address, Network, OutPoint, ScriptBuf};

#[cfg(any(
Expand Down Expand Up @@ -51,6 +53,25 @@ pub(crate) fn parse_recipient(s: &str) -> Result<(ScriptBuf, u64), String> {
Ok((addr.script_pubkey(), val))
}

#[cfg(feature = "sp")]
pub(crate) fn parse_sp_code_value_pairs(s: &str) -> Result<(SilentPaymentCode, u64), String> {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can return the Error and use the Generic variant instead of String here too.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment than above, this function is following the style of parse_recipient. The error should be generic in terms of parsing or should be particular to silent payments?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if your library is returning a specific error for this, you can add it to the enum or you can just use the generic variant

let parts: Vec<&str> = s.split(':').collect();
if parts.len() != 2 {
return Err(format!("Invalid format '{}'. Expected 'key:value'", s));
}

let value_0 = parts[0].trim();
let key = SilentPaymentCode::try_from(value_0)
.map_err(|_| format!("Invalid silent payment address: {}", value_0))?;

let value = parts[1]
.trim()
.parse::<u64>()
.map_err(|_| format!("Invalid number '{}' for key '{}'", parts[1], key))?;

Ok((key, value))
}

#[cfg(any(feature = "electrum", feature = "esplora", feature = "rpc"))]
/// Parse the proxy (Socket:Port) argument from the cli input.
pub(crate) fn parse_proxy_auth(s: &str) -> Result<(String, String), Error> {
Expand Down