feat: add public key hashing support

Author: childhoodisend

crypto/addresses/src/lib.rs

@@ -128,7 +128,7 @@ impl TryFrom<&str> for Prefix {
 }
 
 ///
-///  Kaspa `Address` version (`PubKey`, `PubKey ECDSA`, `ScriptHash`)
+///  Kaspa `Address` version (`PubKey`, `PubKey ECDSA`, `ScriptHash`, `PubKeyHash`)
 ///
 /// @category Address
 #[derive(PartialEq, Eq, PartialOrd, Ord, Clone, Copy, Debug, Hash, Serialize, Deserialize, BorshSerialize, BorshDeserialize)]
@@ -142,6 +142,8 @@ pub enum Version {
     PubKeyECDSA = 1,
     /// ScriptHash addresses always have the version byte set to 8
     ScriptHash = 8,
+    /// PubKeyHash addresses always have the version byte set to 2 (hashed public key for enhanced privacy)
+    PubKeyHash = 2,
 }
 
 impl TryFrom<&str> for Version {
@@ -152,6 +154,7 @@ impl TryFrom<&str> for Version {
             "PubKey" => Ok(Version::PubKey),
             "PubKeyECDSA" => Ok(Version::PubKeyECDSA),
             "ScriptHash" => Ok(Version::ScriptHash),
+            "PubKeyHash" => Ok(Version::PubKeyHash),
             _ => Err(AddressError::InvalidVersionString(value.to_owned())),
         }
     }
@@ -163,6 +166,7 @@ impl Version {
             Version::PubKey => 32,
             Version::PubKeyECDSA => 33,
             Version::ScriptHash => 32,
+            Version::PubKeyHash => 32,
         }
     }
 }
@@ -174,6 +178,7 @@ impl TryFrom<u8> for Version {
         match value {
             0 => Ok(Version::PubKey),
             1 => Ok(Version::PubKeyECDSA),
+            2 => Ok(Version::PubKeyHash),
             8 => Ok(Version::ScriptHash),
             _ => Err(AddressError::InvalidVersion(value)),
         }
@@ -186,6 +191,7 @@ impl Display for Version {
             Version::PubKey => write!(f, "PubKey"),
             Version::PubKeyECDSA => write!(f, "PubKeyECDSA"),
             Version::ScriptHash => write!(f, "ScriptHash"),
+            Version::PubKeyHash => write!(f, "PubKeyHash"),
         }
     }
 }

crypto/txscript/src/script_class.rs

@@ -28,12 +28,15 @@ pub enum ScriptClass {
     PubKeyECDSA,
     /// Pay to script hash
     ScriptHash,
+    /// Pay to pubkey hash
+    PubKeyHash,
 }
 
 const NON_STANDARD: &str = "nonstandard";
 const PUB_KEY: &str = "pubkey";
 const PUB_KEY_ECDSA: &str = "pubkeyecdsa";
 const SCRIPT_HASH: &str = "scripthash";
+const PUB_KEY_HASH: &str = "pubkeyhash";
 
 impl ScriptClass {
     pub fn from_script(script_public_key: &ScriptPublicKey) -> Self {
@@ -45,6 +48,8 @@ impl ScriptClass {
                 Self::PubKeyECDSA
             } else if Self::is_pay_to_script_hash(script_public_key_) {
                 Self::ScriptHash
+            } else if Self::is_pay_to_pubkey_hash(script_public_key_) {
+                Self::PubKeyHash
             } else {
                 ScriptClass::NonStandard
             }
@@ -81,12 +86,22 @@ impl ScriptClass {
         (script_public_key[34] == opcodes::codes::OpEqual)
     }
 
+    /// Returns true if the script is in the standard
+    /// pay-to-pubkey-hash (P2PKH) format, false otherwise.
+    #[inline(always)]
+    pub fn is_pay_to_pubkey_hash(script_public_key: &[u8]) -> bool {
+        (script_public_key.len() == 34) && // 2 opcodes number + 32 data
+        (script_public_key[0] == opcodes::codes::OpData32) &&
+        (script_public_key[33] == opcodes::codes::OpCheckSig)
+    }
+
     fn as_str(&self) -> &'static str {
         match self {
             ScriptClass::NonStandard => NON_STANDARD,
             ScriptClass::PubKey => PUB_KEY,
             ScriptClass::PubKeyECDSA => PUB_KEY_ECDSA,
             ScriptClass::ScriptHash => SCRIPT_HASH,
+            ScriptClass::PubKeyHash => PUB_KEY_HASH,
         }
     }
 
@@ -96,6 +111,7 @@ impl ScriptClass {
             ScriptClass::PubKey => MAX_SCRIPT_PUBLIC_KEY_VERSION,
             ScriptClass::PubKeyECDSA => MAX_SCRIPT_PUBLIC_KEY_VERSION,
             ScriptClass::ScriptHash => MAX_SCRIPT_PUBLIC_KEY_VERSION,
+            ScriptClass::PubKeyHash => MAX_SCRIPT_PUBLIC_KEY_VERSION,
         }
     }
 }
@@ -115,6 +131,7 @@ impl FromStr for ScriptClass {
             PUB_KEY => Ok(ScriptClass::PubKey),
             PUB_KEY_ECDSA => Ok(ScriptClass::PubKeyECDSA),
             SCRIPT_HASH => Ok(ScriptClass::ScriptHash),
+            PUB_KEY_HASH => Ok(ScriptClass::PubKeyHash),
             _ => Err(Error::InvalidScriptClass(script_class.to_string())),
         }
     }
@@ -134,6 +151,7 @@ impl From<Version> for ScriptClass {
             Version::PubKey => ScriptClass::PubKey,
             Version::PubKeyECDSA => ScriptClass::PubKeyECDSA,
             Version::ScriptHash => ScriptClass::ScriptHash,
+            Version::PubKeyHash => ScriptClass::PubKeyHash,
         }
     }
 }

crypto/txscript/src/standard.rs

@@ -36,12 +36,21 @@ fn pay_to_script_hash(script_hash: &[u8]) -> ScriptVec {
     SmallVec::from_iter([OpBlake2b, OpData32].iter().copied().chain(script_hash.iter().copied()).chain(once(OpEqual)))
 }
 
+/// Creates a new script to pay a transaction output to a hashed pubkey.
+/// It is expected that the input is a valid hash of a public key.
+fn pay_to_pub_key_hash(pubkey_hash: &[u8]) -> ScriptVec {
+    // TODO: use ScriptBuilder when add_op and add_data fns or equivalents are available
+    assert_eq!(pubkey_hash.len(), 32);
+    SmallVec::from_iter(once(OpData32).chain(pubkey_hash.iter().copied()).chain(once(OpCheckSig)))
+}
+
 /// Creates a new script to pay a transaction output to the specified address.
 pub fn pay_to_address_script(address: &Address) -> ScriptPublicKey {
     let script = match address.version {
         Version::PubKey => pay_to_pub_key(address.payload.as_slice()),
         Version::PubKeyECDSA => pay_to_pub_key_ecdsa(address.payload.as_slice()),
         Version::ScriptHash => pay_to_script_hash(address.payload.as_slice()),
+        Version::PubKeyHash => pay_to_pub_key_hash(address.payload.as_slice()),
     };
     ScriptPublicKey::new(ScriptClass::from(address.version).version(), script)
 }
@@ -80,6 +89,7 @@ pub fn extract_script_pub_key_address(script_public_key: &ScriptPublicKey, prefi
         ScriptClass::PubKey => Ok(Address::new(prefix, Version::PubKey, &script[1..33])),
         ScriptClass::PubKeyECDSA => Ok(Address::new(prefix, Version::PubKeyECDSA, &script[1..34])),
         ScriptClass::ScriptHash => Ok(Address::new(prefix, Version::ScriptHash, &script[2..34])),
+        ScriptClass::PubKeyHash => Ok(Address::new(prefix, Version::PubKeyHash, &script[1..33])),
     }
 }
 

mining/src/mempool/check_transaction_standard.rs

@@ -186,6 +186,7 @@ impl Mempool {
                 }
                 ScriptClass::PubKey => {}
                 ScriptClass::PubKeyECDSA => {}
+                ScriptClass::PubKeyHash => {}
                 ScriptClass::ScriptHash => {
                     // todo relax due to on fly calculation
                     let num_sig_ops = get_sig_op_count_upper_bound::<PopulatedTransaction, SigHashReusedValuesUnsync>(

wallet/core/src/key_hashing.rs

@@ -0,0 +1,114 @@
+//!
+//! Key hashing utilities for enhanced privacy in UTXO management.
+//!
+//! This module provides functionality to create addresses from hashed public keys,
+//! improving privacy by not exposing the actual public key until the UTXO is spent.
+
+use crate::imports::*;
+use kaspa_addresses::{Address, Prefix, Version};
+use kaspa_hashes::{Hash, Hasher, TransactionHash};
+use secp256k1::PublicKey;
+
+/// Creates a hash of a public key for use in UTXO addresses
+pub fn hash_public_key(public_key: &PublicKey) -> Hash {
+    TransactionHash::hash(&public_key.serialize())
+}
+
+/// Creates an address from a hashed public key
+pub fn create_hashed_address(public_key: &PublicKey, prefix: Prefix) -> Result<Address> {
+    let key_hash = hash_public_key(public_key);
+    let address = Address::new(prefix, Version::PubKeyHash, &key_hash.as_bytes());
+    Ok(address)
+}
+
+/// Creates an address from a hashed public key for Schnorr signatures
+pub fn create_hashed_schnorr_address(public_key: &secp256k1::XOnlyPublicKey, prefix: Prefix) -> Result<Address> {
+    let key_hash = TransactionHash::hash(&public_key.serialize());
+    let address = Address::new(prefix, Version::PubKeyHash, &key_hash.as_bytes());
+    Ok(address)
+}
+
+/// Derives the next change address using hashed public key
+pub fn derive_next_change_address_hashed(public_key: &PublicKey, change_index: u32, prefix: Prefix) -> Result<Address> {
+    // We'll use a simple derivation by hashing the public key with the index
+    // In a real implementation, this would use proper HD derivation
+    let mut data = public_key.serialize().to_vec();
+    data.extend_from_slice(&change_index.to_le_bytes());
+    let key_hash = TransactionHash::hash(&data);
+    let address = Address::new(prefix, Version::PubKeyHash, &key_hash.as_bytes());
+    Ok(address)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use secp256k1::Secp256k1;
+
+    #[test]
+    fn test_hash_public_key() {
+        let secp = Secp256k1::new();
+        let (_, public_key) = secp.generate_keypair(&mut secp256k1::rand::thread_rng());
+
+        let hash1 = hash_public_key(&public_key);
+        let hash2 = hash_public_key(&public_key);
+
+        // Same public key should produce same hash
+        assert_eq!(hash1, hash2);
+
+        // Hash should be different from the original public key
+        assert_ne!(hash1.as_bytes(), &public_key.serialize()[..]);
+    }
+    #[test]
+    fn test_create_hashed_address_compare() -> Result<()> {
+        println!("\n=== Key Hashing for Enhanced Privacy Example ===");
+
+        let secp = Secp256k1::new();
+        let (_secret_key, public_key) = secp.generate_keypair(&mut secp256k1::rand::thread_rng());
+
+        // Create regular address (exposes public key)
+        let regular_address = Address::new(Prefix::Testnet, Version::PubKeyECDSA, &public_key.serialize());
+        println!("Regular Address (exposes public key): {}", regular_address);
+
+        // Create hashed address (hides public key until spent)
+        let hashed_address = create_hashed_address(&public_key, Prefix::Testnet)?;
+        println!("Hashed Address (privacy enhanced): {}", hashed_address);
+
+        // Demonstrate that the hashed address doesn't reveal the public key
+        println!("Public key: {}", faster_hex::hex_string(&public_key.serialize()));
+        println!("Hashed address payload: {}", faster_hex::hex_string(hashed_address.payload.as_slice()));
+
+        // Show that different public keys produce different hashed addresses
+        let (_, another_public_key) = secp.generate_keypair(&mut secp256k1::rand::thread_rng());
+        let another_hashed_address = create_hashed_address(&another_public_key, Prefix::Testnet)?;
+        println!("Another hashed address: {}", another_hashed_address);
+
+        assert_eq!(another_hashed_address.version, Version::PubKeyHash);
+        assert_eq!(another_hashed_address.prefix, Prefix::Testnet);
+        assert_eq!(another_hashed_address.payload.len(), 32);
+
+        assert_eq!(hashed_address.version, Version::PubKeyHash);
+        assert_eq!(hashed_address.prefix, Prefix::Testnet);
+        assert_eq!(hashed_address.payload.len(), 32);
+
+        assert_ne!(hashed_address, another_hashed_address);
+        println!("✓ Different public keys produce different hashed addresses");
+
+        Ok(())
+    }
+
+    #[test]
+    fn test_derive_next_change_address() {
+        let secp = Secp256k1::new();
+        let (_, public_key) = secp.generate_keypair(&mut secp256k1::rand::thread_rng());
+
+        let address1 = derive_next_change_address_hashed(&public_key, 0, Prefix::Mainnet).unwrap();
+        let address2 = derive_next_change_address_hashed(&public_key, 1, Prefix::Mainnet).unwrap();
+
+        // Different indices should produce different addresses
+        assert_ne!(address1, address2);
+
+        // Both should be PubKeyHash addresses
+        assert_eq!(address1.version, Version::PubKeyHash);
+        assert_eq!(address2.version, Version::PubKeyHash);
+    }
+}

wallet/core/src/lib.rs

@@ -83,6 +83,7 @@ pub mod error;
 pub mod events;
 pub mod factory;
 mod imports;
+pub mod key_hashing;
 pub mod message;
 pub mod metrics;
 pub mod prelude;