Elliptic curve public key type. Two constructors are provided for creating compressed and uncompressed public keys from a Point. The use of compressed keys is preferred as it produces shorter keys without compromising security. Uncompressed keys are supported for backwards compatibility.

Returns True if the public key is valid. This will check if the public key point lies on the curve.

Returns True if the public key is uncompressed

Derives a public key from a private key. This function will preserve information on key compression (PrvKey becomes PubKey and PrvKeyU becomes PubKeyU)

Computes an Address value from a public key

Elliptic curve private key type. Two constructors are provided for creating compressed or uncompressed private keys. Compression information is stored in private key WIF formats and needs to be preserved to generate the correct addresses from the corresponding public key.

Returns True if the private key is valid. This will check if the integer value representing the private key is greater than 0 and smaller than the curve order N.

Builds a compressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.

Builds an uncompressed private key from an Integer value. Returns Nothing if the Integer would not produce a valid private key. For security, the Integer needs to be generated from a random source with sufficient entropy.

Returns the Integer value of a private key

Returns True of the private key is uncompressed

Serialize a private key into the Data.Binary.Put monad as a 32 byte big endian ByteString. This is useful when a constant length serialization format for private keys is required

Deserializes a compressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString.

Deserializes an uncompressed private key from the Data.Binary.Get monad as a 32 byte big endian ByteString

Decodes a private key from a WIF encoded String. This function can fail if the input string does not decode correctly as a base 58 string or if the checksum fails. http://en.bitcoin.it/wiki/Wallet_import_format

Encodes a private key into WIF format

StateT monad stack tracking the internal state of HMAC DRBG pseudo random number generator using SHA-256. The SecretT monad is run with the withSource function by providing it a source of entropy.

Run a SecretT monad by providing it a source of entropy. You can use devURandom, devRandom or provide your own entropy source function.

/dev/urandom entropy source. This is only available on machines supporting it. This function is meant to be used together with withSource.

/dev/random entropy source. This is only available on machines supporting it. This function is meant to be used together with withSource.

Produce a new PrvKey randomly from the SecretT monad.

Data type representing an ECDSA signature.

Safely sign a message inside the SecretT monad. The SecretT monad will generate a new nonce for each signature.

Sign a message using ECDSA deterministic signatures as defined by RFC 6979 http://tools.ietf.org/html/rfc6979

Verify an ECDSA signature

Returns True if the S component of a Signature is <= order/2. Signatures need to pass this test to be canonical.

Data type representing a 512 bit unsigned integer. It is implemented as an Integer modulo 2^512.

Data type representing a 256 bit unsigned integer. It is implemented as an Integer modulo 2^256.

Data type representing a 160 bit unsigned integer. It is implemented as an Integer modulo 2^160.

Data type representing a 128 bit unsigned integer. It is implemented as an Integer modulo 2^128.

Type representing a transaction hash.

Type representing a block hash.

Computes the hash of a transaction.

Computes the hash of a coinbase transaction.

Compute the hash of a block header

Encodes a TxHash as little endian in HEX format. This is mostly used for displaying transaction ids. Internally, these ids are handled as big endian but are transformed to little endian when displaying them.

Decodes a little endian TxHash in HEX format.

Encodes a BlockHash as little endian in HEX format. This is mostly used for displaying Block hash ids. Internally, these ids are handled as big endian but are transformed to little endian when displaying them.

Decodes a little endian BlockHash in HEX format.

Computes SHA-512.

Computes SHA-512 and returns the result as a bytestring.

Computes SHA-256.

Computes SHA-256 and returns the result as a bytestring.

Computes SHA-160.

Computes SHA-160 and returns the result as a bytestring.

Computes RIPEMD-160.

Computes RIPEMD-160 and returns the result as a bytestring.

Computes two rounds of SHA-256.

Computes two rounds of SHA-256 and returns the result as a bytestring.

Computes a 32 bit checksum.

Computes HMAC over SHA-512.

Computes HMAC over SHA-512 and return the result as a bytestring.

Computes HMAC over SHA-256.

Computes HMAC over SHA-256 and return the result as a bytestring.

Split a Word512 into a pair of Word256.

Join a pair of Word256 into a Word512.

MurmurHash3 (x86_32). For more details, see http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp This code is used in the bloom filters of SPV nodes.

Decode the compact number used in the difficulty target of a block into an Integer.

As described in the Satoshi reference implementation srcbignum.h:

The compact format is a representation of a whole number N using an unsigned 32bit number similar to a floating point format. The most significant 8 bits are the unsigned exponent of base 256. This exponent can be thought of as number of bytes of N. The lower 23 bits are the mantissa. Bit number 24 (0x800000) represents the sign of N.

    N = (-1^sign) * mantissa * 256^(exponent-3)

Encode an Integer to the compact number format used in the difficulty target of a block.

Data type representing a Bitcoin address

Decodes an Address from a base58 encoded String. This function can fail if the String is not properly encoded as base58 or the checksum fails.

Transforms an Address into a base58 encoded String

Encode a bytestring to a base 58 representation.

Decode a base 58 encoded bytestring. This can fail if the input bytestring contains invalid base 58 characters such as 0,O,l,I

Computes a checksum for the input bytestring and encodes the input and the checksum to a base 58 representation.

Decode a base 58 encoded bytestring that contains a checksum. This function returns Nothing if the input bytestring contains invalid base 58 characters or if the checksum fails.

Provide intial entropy as a ByteString of length multiple of 4 bytes. Output a mnemonic sentence.

Get a 512-bit seed from a mnemonic sentence. Will calculate checksum. Passphrase can be used to protect the mnemonic. Use an empty string as passphrase if none is required.

Data type representing an extended BIP32 private key. An extended key is a node in a tree of key derivations. It has a depth in the tree, a parent node and an index to differentiate it from other siblings.

Build a BIP32 compatible extended private key from a bytestring. This will produce a root node (depth=0 and parent=0).

Returns True if the extended private key was derived through a prime derivation.

Returns the derivation index of this extended private key without the prime bit set.

Computes the key identifier of an extended private key.

Computes the key fingerprint of an extended private key.

Exports an extended private key to the BIP32 key export format (base 58).

Decodes a BIP32 encoded extended private key. This function will fail if invalid base 58 characters are detected or if the checksum fails.

Export an extended private key to WIF (Wallet Import Format).

Data type representing an extended BIP32 public key.

Derive an extended public key from an extended private key. This function will preserve the depth, parent, index and chaincode fields of the extended private keys.

Returns True if the extended public key was derived through a prime derivation.

Returns the derivation index of this extended public key without the prime bit set.

Computes the key identifier of an extended public key.

Computes the key fingerprint of an extended public key.

Computer the Address of an extended public key.

Exports an extended public key to the BIP32 key export format (base 58).

Decodes a BIP32 encoded extended public key. This function will fail if invalid base 58 characters are detected or if the checksum fails.

Compute a private, non-prime child key derivation. A private non-prime derivation will allow the equivalent extended public key to derive the public key for this child. Given a parent key m and a derivation index i, this function will compute m/i/.

Non-prime derivations allow for more flexibility such as read-only wallets. However, care must be taken not the leak both the parent extended public key and one of the extended child private keys as this would compromise the extended parent private key.

Compute a public, non-prime child key derivation. Given a parent key M and a derivation index i, this function will compute M/i/.

Compute a prime child key derivation. Prime derivations can only be computed for private keys. Prime derivations do not allow the parent public key to derive the child public keys. However, they are safer as a breach of the parent public key and child private keys does not lead to a breach of the parent private key. Given a parent key m and a derivation index i, this function will compute m/i'/.

Cyclic list of all private non-prime child key derivations of a parent key starting from an offset index.

Cyclic list of all public non-prime child key derivations of a parent key starting from an offset index.

Cyclic list of all prime child key derivations of a parent key starting from an offset index.

Compute a public, non-prime subkey derivation for all of the parent public keys in the input. This function will succeed only if the child key derivations for all the parent keys are valid.

This function is intended to be used in the context of multisignature accounts. Parties exchanging their master public keys to create a multisignature account can then individually generate all the receiving multisignature addresses without further communication.

Cyclic list of all public, non-prime multisig key derivations of a list of parent keys starting from an offset index.

Data type representing an extended private key at the root of the derivation tree. Master keys have depth 0 and no parents. They are represented as m/ in BIP32 notation.

Create a MasterKey from a seed.

Load a MasterKey from an XPrvKey. This function will fail if the extended private key does not have the properties of a MasterKey.

Data type representing a private account key. Account keys are generated from a MasterKey through prime derivation. This guarantees that the MasterKey will not be compromised if the account key is compromised. AccPrvKey is represented as m/i'/ in BIP32 notation.

Data type representing a public account key. It is computed through derivation from an AccPrvKey. It can not be derived from the MasterKey directly (property of prime derivation). It is represented as M/i'/ in BIP32 notation. AccPubKey is used for generating receiving payment addresses without the knowledge of the AccPrvKey.

Load a private account key from an XPrvKey. This function will fail if the extended private key does not have the properties of a AccPrvKey.

Load a public account key from an XPubKey. This function will fail if the extended public key does not have the properties of a AccPubKey.

Computes an AccPrvKey from a MasterKey and a derivation index.

Computes an AccPubKey from a MasterKey and a derivation index.

Cyclic list of all valid AccPrvKey derived from a MasterKey and starting from an offset index.

Cyclic list of all valid AccPubKey derived from a MasterKey and starting from an offset index.

Data type representing a private address key. Private address keys are generated through a non-prime derivation from an AccPrvKey. Non-prime derivation is used so that the public account key can generate the receiving payment addresses without knowledge of the private account key. AccPrvKey is represented as m/i'/0/j/ in BIP32 notation if it is a regular receiving address. Internal (change) addresses are represented as m/i'/1/j/. Non-prime subtree 0 is used for regular receiving addresses and non-prime subtree 1 for internal (change) addresses.

Data type representing a public address key. They are generated through non-prime derivation from an AccPubKey. This is a useful feature for read-only wallets. They are represented as M/i'/0/j in BIP32 notation for regular receiving addresses and by M/i'/1/j for internal (change) addresses.

Computes an Address from an AddrPubKey.

Computes an external AddrPrvKey from an AccPrvKey and a derivation index.

Computes an external AddrPubKey from an AccPubKey and a derivation index.

Computes an internal AddrPrvKey from an AccPrvKey and a derivation index.

Computes an internal AddrPubKey from an AccPubKey and a derivation index.

Cyclic list of all valid external AddrPrvKey derived from a AccPrvKey and starting from an offset index.

Cyclic list of all valid external AddrPubKey derived from a AccPubKey and starting from an offset index.

Cyclic list of all internal AddrPrvKey derived from a AccPrvKey and starting from an offset index.

Cyclic list of all internal AddrPubKey derived from a AccPubKey and starting from an offset index.

Computes an external address from an AccPubKey and a derivation index.

Computes an internal addres from an AccPubKey and a derivation index.

Cyclic list of all external addresses derived from a AccPubKey and starting from an offset index.

Cyclic list of all internal addresses derived from a AccPubKey and starting from an offset index.

Same as extAddrs with the list reversed.

Same as intAddrs with the list reversed.

Computes a list of external AddrPubKey from an AccPubKey, a list of thirdparty multisig keys and a derivation index. This is useful for computing the public keys associated with a derivation index for multisig accounts.

Computes a list of internal AddrPubKey from an AccPubKey, a list of thirdparty multisig keys and a derivation index. This is useful for computing the public keys associated with a derivation index for multisig accounts.

Cyclic list of all external multisignature AddrPubKey derivations starting from an offset index.

Cyclic list of all internal multisignature AddrPubKey derivations starting from an offset index.

Computes an external multisig address from an AccPubKey, a list of thirdparty multisig keys and a derivation index.

Computes an internal multisig address from an AccPubKey, a list of thirdparty multisig keys and a derivation index.

Cyclic list of all external multisig addresses derived from an AccPubKey and a list of thirdparty multisig keys. The list starts at an offset index.

Cyclic list of all internal multisig addresses derived from an AccPubKey and a list of thirdparty multisig keys. The list starts at an offset index.

A bloom filter is a probabilistic data structure that SPV clients send to other peers to filter the set of transactions received from them. Bloom filters are probabilistic and have a false positive rate. Some transactions that pass the filter may not be relevant to the receiving peer. By controlling the false positive rate, SPV nodes can trade off bandwidth versus privacy.

The bloom flags are used to tell the remote peer how to auto-update the provided bloom filter.

Build a bloom filter that will provide the given false positive rate when the given number of elements have been inserted.

Insert arbitrary data into a bloom filter. Returns the new bloom filter containing the new data.

Tests if some arbitrary data matches the filter. This can be either because the data was inserted into the filter or because it is a false positive.

Tests if a given bloom filter is valid.

Returns True if the filter is empty (all bytes set to 0x00)

Returns True if the filter is full (all bytes set to 0xff)

Computes the height of a merkle tree.

Computes the width of a merkle tree at a specific height. The transactions are at height 0.

Computes the root of a merkle tree from a list of leaf node hashes.

Computes the hash of a specific node in a merkle tree.

Build a partial merkle tree.

Extracts the matching hashes from a partial merkle tree. This will return the list of transaction hashes that have been included (set to True) in a call to buildPartialMerkle.