backend/btc: remove address-level signing config

The previous commits moved towards using an account config plus
derivation info to get to the address. This commit removes the
address-level signing config for BTC.

This is a simplification, as it does not make sense to derive a full "signing config" when all
that is derived is the keypath, nothing else changes.

This is part of moving to general descriptor support. There are still
remaining issues where code assumes it's a single-sig (calls to
address.AbsoluteKeypath(), and NewAddress(), etc.), but we can solve
that later step by step.

Author: benma

backend/coins/btc/addresses/address.go

@@ -22,6 +22,7 @@ import (
 	ourbtcutil "github.com/BitBoxSwiss/bitbox-wallet-app/backend/coins/btc/util"
 	"github.com/BitBoxSwiss/bitbox-wallet-app/backend/signing"
 	"github.com/BitBoxSwiss/bitbox-wallet-app/util/errp"
+	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/btcsuite/btcd/btcec/v2/schnorr"
 	"github.com/btcsuite/btcd/btcutil"
 	"github.com/btcsuite/btcd/chaincfg"
@@ -37,9 +38,9 @@ type AccountAddress struct {
 
 	// AccountConfiguration is the account level configuration from which this address was derived.
 	AccountConfiguration *signing.Configuration
-	// Configuration contains the absolute keypath and the extended public keys of the address.
-	Configuration *signing.Configuration
-	Derivation    types.Derivation
+	// publicKey is the public key of a single-sig address.
+	publicKey  *btcec.PublicKey
+	Derivation types.Derivation
 
 	// redeemScript stores the redeem script of a BIP16 P2SH output or nil if address type is P2PKH.
 	redeemScript []byte
@@ -55,25 +56,29 @@ func NewAccountAddress(
 	log *logrus.Entry,
 ) *AccountAddress {
 
-	var address btcutil.Address
-	var redeemScript []byte
-	configuration, err := accountConfiguration.Derive(
-		signing.NewEmptyRelativeKeypath().
-			Child(derivation.SimpleChainIndex(), signing.NonHardened).
-			Child(derivation.AddressIndex, signing.NonHardened),
-	)
-	if err != nil {
-		log.WithError(err).Panic("Failed to derive the configuration.")
-	}
 	log = log.WithFields(logrus.Fields{
 		"accountConfiguration": accountConfiguration.String(),
 		"change":               derivation.Change,
 		"addressIndex":         derivation.AddressIndex,
 	})
 	log.Debug("Creating new account address")
 
-	publicKeyHash := btcutil.Hash160(configuration.PublicKey().SerializeCompressed())
-	switch configuration.ScriptType() {
+	var address btcutil.Address
+	var redeemScript []byte
+	relativeKeypath := signing.NewEmptyRelativeKeypath().
+		Child(derivation.SimpleChainIndex(), signing.NonHardened).
+		Child(derivation.AddressIndex, signing.NonHardened)
+	derivedXpub, err := relativeKeypath.Derive(accountConfiguration.ExtendedPublicKey())
+	if err != nil {
+		log.WithError(err).Panic("Failed to derive xpub.")
+	}
+	publicKey, err := derivedXpub.ECPubKey()
+	if err != nil {
+		log.WithError(err).Panic("Failed to convert an extended public key to a normal public key.")
+	}
+
+	publicKeyHash := btcutil.Hash160(publicKey.SerializeCompressed())
+	switch accountConfiguration.ScriptType() {
 	case signing.ScriptTypeP2PKH:
 		address, err = btcutil.NewAddressPubKeyHash(publicKeyHash, net)
 		if err != nil {
@@ -99,19 +104,19 @@ func NewAccountAddress(
 			log.WithError(err).Panic("Failed to get p2wpkh addr. from publ. key hash.")
 		}
 	case signing.ScriptTypeP2TR:
-		outputKey := txscript.ComputeTaprootKeyNoScript(configuration.PublicKey())
+		outputKey := txscript.ComputeTaprootKeyNoScript(publicKey)
 		address, err = btcutil.NewAddressTaproot(schnorr.SerializePubKey(outputKey), net)
 		if err != nil {
 			log.WithError(err).Panic("Failed to get p2tr addr")
 		}
 	default:
-		log.Panic(fmt.Sprintf("Unrecognized script type: %s", configuration.ScriptType()))
+		log.Panic(fmt.Sprintf("Unrecognized script type: %s", accountConfiguration.ScriptType()))
 	}
 
 	return &AccountAddress{
 		Address:              address,
 		AccountConfiguration: accountConfiguration,
-		Configuration:        configuration,
+		publicKey:            publicKey,
 		Derivation:           derivation,
 		redeemScript:         redeemScript,
 		log:                  log,
@@ -128,8 +133,8 @@ func (address *AccountAddress) ID() string {
 // - 32 byte x-only public key for p2tr
 // See https://github.com/bitcoin/bips/blob/master/bip-0352.mediawiki#user-content-Inputs_For_Shared_Secret_Derivation.
 func (address *AccountAddress) BIP352Pubkey() ([]byte, error) {
-	publicKey := address.Configuration.PublicKey()
-	switch address.Configuration.ScriptType() {
+	publicKey := address.publicKey
+	switch address.AccountConfiguration.ScriptType() {
 	case signing.ScriptTypeP2PKH, signing.ScriptTypeP2WPKHP2SH, signing.ScriptTypeP2WPKH:
 		return publicKey.SerializeCompressed(), nil
 	case signing.ScriptTypeP2TR:
@@ -145,9 +150,11 @@ func (address *AccountAddress) EncodeForHumans() string {
 	return address.EncodeAddress()
 }
 
-// AbsoluteKeypath implements coin.AbsoluteKeypath.
+// AbsoluteKeypath implements accounts.Address.
 func (address *AccountAddress) AbsoluteKeypath() signing.AbsoluteKeypath {
-	return address.Configuration.AbsoluteKeypath()
+	return address.AccountConfiguration.AbsoluteKeypath().
+		Child(address.Derivation.SimpleChainIndex(), false).
+		Child(address.Derivation.AddressIndex, false)
 }
 
 // PubkeyScript returns the pubkey script of this address. Use this in a tx output to receive funds.
@@ -169,7 +176,7 @@ func (address *AccountAddress) PubkeyScriptHashHex() blockchain.ScriptHashHex {
 // calculating the hash to be signed in a transaction. This info is needed when trying to spend
 // from this address.
 func (address *AccountAddress) ScriptForHashToSign() (bool, []byte) {
-	switch address.Configuration.ScriptType() {
+	switch address.AccountConfiguration.ScriptType() {
 	case signing.ScriptTypeP2PKH:
 		return false, address.PubkeyScript()
 	case signing.ScriptTypeP2WPKHP2SH:
@@ -187,8 +194,8 @@ func (address *AccountAddress) ScriptForHashToSign() (bool, []byte) {
 func (address *AccountAddress) SignatureScript(
 	signature types.Signature,
 ) ([]byte, wire.TxWitness) {
-	publicKey := address.Configuration.PublicKey()
-	switch address.Configuration.ScriptType() {
+	publicKey := address.publicKey
+	switch address.AccountConfiguration.ScriptType() {
 	case signing.ScriptTypeP2PKH:
 		signatureScript, err := txscript.NewScriptBuilder().
 			AddData(append(signature.SerializeDER(), byte(txscript.SigHashAll))).

backend/coins/btc/addresses/address_export_test.go

@@ -0,0 +1,22 @@
+// Copyright 2025 Shift Crypto AG
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package addresses
+
+import "github.com/btcsuite/btcd/btcec/v2"
+
+// TstPublicKey exports the publickey for use in unit tests.
+func (address *AccountAddress) TstPublicKey() *btcec.PublicKey {
+	return address.publicKey
+}

backend/coins/btc/addresses/address_test.go

@@ -57,7 +57,7 @@ func (s *addressTestSuite) TestNewAddress() {
 		Child(10, false).
 		Child(0, false).
 		Child(0, false)
-	s.Require().Equal(expectedKeypath, s.address.Configuration.AbsoluteKeypath())
+	s.Require().Equal(expectedKeypath, s.address.AbsoluteKeypath())
 	s.Require().Equal("moTM88EgqzATgCjSrcNfahXaT9uCy3FHh3", s.address.EncodeAddress())
 	s.Require().True(s.address.IsForNet(net))
 }

backend/coins/btc/addresses/addresschain_test.go

@@ -142,8 +142,8 @@ func (s *addressChainTestSuite) TestEnsureAddresses() {
 	}
 	s.Require().Len(newAddresses, s.gapLimit)
 	for index, address := range newAddresses {
-		s.Require().Equal(uint32(index), address.Configuration.AbsoluteKeypath().ToUInt32()[1])
-		s.Require().Equal(getPubKey(index), address.Configuration.PublicKey())
+		s.Require().Equal(uint32(index), address.AbsoluteKeypath().ToUInt32()[1])
+		s.Require().Equal(getPubKey(index), address.TstPublicKey())
 	}
 	// Address statuses are still the same, so calling it again won't produce more addresses.
 	addrs, err := s.addresses.EnsureAddresses()
@@ -157,7 +157,7 @@ func (s *addressChainTestSuite) TestEnsureAddresses() {
 	moreAddresses, err := s.addresses.EnsureAddresses()
 	s.Require().NoError(err)
 	s.Require().Len(moreAddresses, s.gapLimit)
-	s.Require().Equal(uint32(s.gapLimit), moreAddresses[0].Configuration.AbsoluteKeypath().ToUInt32()[1])
+	s.Require().Equal(uint32(s.gapLimit), moreAddresses[0].Derivation.AddressIndex)
 
 	// Repeating it does not add more the unused addresses are the same.
 	addrs, err = s.addresses.EnsureAddresses()

backend/coins/btc/handlers/handlers.go

@@ -380,7 +380,7 @@ func (handlers *Handlers) getUTXOs(*http.Request) (interface{}, error) {
 				"txOutput":      output.OutPoint.Index,
 				"amount":        handlers.formatBTCAmountAsJSON(btcutil.Amount(output.TxOut.Value), false),
 				"address":       address,
-				"scriptType":    output.Address.Configuration.ScriptType(),
+				"scriptType":    output.Address.AccountConfiguration.ScriptType(),
 				"note":          handlers.account.TxNote(output.OutPoint.Hash.String()),
 				"addressReused": addressReused,
 				"isChange":      output.IsChange,

backend/coins/btc/maketx/maketx.go

@@ -127,7 +127,7 @@ func toInputConfigurations(
 ) []*signing.Configuration {
 	inputConfigurations := make([]*signing.Configuration, len(selectedOutPoints))
 	for i, outPoint := range selectedOutPoints {
-		inputConfigurations[i] = spendableOutputs[outPoint].Address.Configuration
+		inputConfigurations[i] = spendableOutputs[outPoint].Address.AccountConfiguration
 	}
 	return inputConfigurations
 }
@@ -277,7 +277,7 @@ func NewTx(
 		}
 		changeAmount := selectedOutputsSum - targetAmount - maxRequiredFee
 		changeIsDust := isDustAmount(
-			changeAmount, len(changePKScript), changeAddress.Configuration, feePerKb)
+			changeAmount, len(changePKScript), changeAddress.AccountConfiguration, feePerKb)
 		finalFee := maxRequiredFee
 		if changeIsDust {
 			log.Info("change is dust")

backend/coins/btc/maketx/txsize_internal_test.go

@@ -92,7 +92,7 @@ func testEstimateTxSize(
 				Witness:         witness,
 				Sequence:        0,
 			})
-			inputConfigurations = append(inputConfigurations, inputAddress.Configuration)
+			inputConfigurations = append(inputConfigurations, inputAddress.AccountConfiguration)
 		}
 	}
 	changePkScriptSize := 0
@@ -119,8 +119,8 @@ func TestSigScriptWitnessSize(t *testing.T) {
 	// Test all singlesig configurations.
 	for _, scriptType := range scriptTypes {
 		address := addressesTest.GetAddress(scriptType)
-		t.Run(address.Configuration.String(), func(t *testing.T) {
-			sigScriptSize, witnessSize := sigScriptWitnessSize(address.Configuration)
+		t.Run(address.AccountConfiguration.String(), func(t *testing.T) {
+			sigScriptSize, witnessSize := sigScriptWitnessSize(address.AccountConfiguration)
 			sigScript, witness := address.SignatureScript(sig)
 			require.Equal(t, len(sigScript), sigScriptSize)
 			if witness != nil {

backend/coins/btc/transaction.go

@@ -104,7 +104,7 @@ func (account *Account) pickChangeAddress(utxos map[wire.OutPoint]maketx.UTXO) (
 	if p2trIndex >= 0 {
 		// Check if there is at least one taproot UTXO.
 		for _, utxo := range utxos {
-			if utxo.Address.Configuration.ScriptType() == signing.ScriptTypeP2TR {
+			if utxo.Address.AccountConfiguration.ScriptType() == signing.ScriptTypeP2TR {
 				// Found a taproot UTXO.
 				unusedAddresses, err := account.subaccounts[p2trIndex].changeAddresses.GetUnused()
 				if err != nil {
@@ -211,7 +211,7 @@ func (account *Account) newTx(args *accounts.TxProposalArgs) (
 		if err != nil {
 			return nil, nil, err
 		}
-		account.log.Infof("Change address script type: %s", changeAddress.Configuration.ScriptType())
+		account.log.Infof("Change address script type: %s", changeAddress.AccountConfiguration.ScriptType())
 		txProposal, err = maketx.NewTx(
 			account.coin,
 			wireUTXO,

backend/coins/btc/transaction_test.go

@@ -167,7 +167,7 @@ func TestGetFeePerKb(t *testing.T) {
 func utxo(scriptType signing.ScriptType) maketx.UTXO {
 	return maketx.UTXO{
 		Address: &addresses.AccountAddress{
-			Configuration: &signing.Configuration{
+			AccountConfiguration: &signing.Configuration{
 				BitcoinSimple: &signing.BitcoinSimple{
 					ScriptType: scriptType,
 				},

backend/devices/bitbox02/keystore.go

@@ -356,7 +356,7 @@ func (keystore *keystore) signBTCTransaction(btcProposedTx *btc.ProposedTransact
 				PrevOutIndex:      txIn.PreviousOutPoint.Index,
 				PrevOutValue:      uint64(prevOut.TxOut.Value),
 				Sequence:          txIn.Sequence,
-				Keypath:           inputAddress.Configuration.AbsoluteKeypath().ToUInt32(),
+				Keypath:           inputAddress.AbsoluteKeypath().ToUInt32(),
 				ScriptConfigIndex: uint32(scriptConfigIndex),
 			},
 			BIP352Pubkey: bip352Pubkey,
@@ -444,13 +444,13 @@ func (keystore *keystore) signBTCTransaction(btcProposedTx *btc.ProposedTransact
 			}
 			switch {
 			case sameAccount:
-				keypath = outputAddress.Configuration.AbsoluteKeypath().ToUInt32()
+				keypath = outputAddress.AbsoluteKeypath().ToUInt32()
 				scriptConfigIndex = addScriptConfig(&messages.BTCScriptConfigWithKeypath{
 					ScriptConfig: firmware.NewBTCScriptConfigSimple(msgScriptType),
 					Keypath:      accountConfiguration.AbsoluteKeypath().ToUInt32(),
 				})
 			case keystore.device.Version().AtLeast(semver.NewSemVer(9, 22, 0)):
-				keypath = outputAddress.Configuration.AbsoluteKeypath().ToUInt32()
+				keypath = outputAddress.AbsoluteKeypath().ToUInt32()
 				outputScriptConfigIdx := addOutputScriptConfig(&messages.BTCScriptConfigWithKeypath{
 					ScriptConfig: firmware.NewBTCScriptConfigSimple(msgScriptType),
 					Keypath:      accountConfiguration.AbsoluteKeypath().ToUInt32(),

backend/keystore/software/software.go

@@ -203,7 +203,7 @@ func (keystore *Keystore) signBTCTransaction(btcProposedTx *btc.ProposedTransact
 			return err
 		}
 
-		xprv, err := address.Configuration.AbsoluteKeypath().Derive(keystore.master)
+		xprv, err := address.AbsoluteKeypath().Derive(keystore.master)
 		if err != nil {
 			return err
 		}
@@ -212,7 +212,7 @@ func (keystore *Keystore) signBTCTransaction(btcProposedTx *btc.ProposedTransact
 			return errp.WithStack(err)
 		}
 
-		if address.Configuration.ScriptType() == signing.ScriptTypeP2TR {
+		if address.AccountConfiguration.ScriptType() == signing.ScriptTypeP2TR {
 			prv = txscript.TweakTaprootPrivKey(*prv, nil)
 			signatureHash, err := txscript.CalcTaprootSignatureHash(
 				sigHashes, txscript.SigHashDefault, transaction,

backend/signing/configuration.go

@@ -189,29 +189,6 @@ func (configuration *Configuration) PublicKey() *btcec.PublicKey {
 	return publicKey
 }
 
-// Derive derives a subkeypath from the configuration's base absolute keypath.
-func (configuration *Configuration) Derive(relativeKeypath RelativeKeypath) (*Configuration, error) {
-	btc := configuration.BitcoinSimple
-	if btc != nil {
-		if relativeKeypath.Hardened() {
-			return nil, errp.New("A configuration can only be derived with a non-hardened relative keypath.")
-		}
-
-		derivedPublicKey, err := relativeKeypath.Derive(btc.KeyInfo.ExtendedPublicKey)
-		if err != nil {
-			return nil, err
-		}
-		return NewBitcoinConfiguration(
-			btc.ScriptType,
-			btc.KeyInfo.RootFingerprint,
-			btc.KeyInfo.AbsoluteKeypath.Append(relativeKeypath),
-			derivedPublicKey,
-		), nil
-	}
-
-	return nil, errp.New("Can only call this on a bitcoin configuration")
-}
-
 // String returns a short summary of the configuration to be used in logs, etc.
 func (configuration *Configuration) String() string {
 	if configuration.BitcoinSimple != nil {