fix: correct bech32 address verification to use compressed public key

- Ensure compressed public key format for bech32 witness v0 addresses
- Convert uncompressed (65 bytes) to compressed (33 bytes) when needed
- Properly compute hash160 of compressed key for P2WPKH addresses
- Fixes signature verification for dgb1 (bech32) addresses

2 files changed, 12 insertions, 2 deletions

diff --git a/package.json b/package.json
index 1edba61..1c618f8 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "digiid-ts",
-  "version": "2.0.1-beta.0",
+  "version": "2.0.1-beta.1",
   "description": "A modern TypeScript implementation of the DigiID authentication protocol.",
   "main": "dist/digiid-ts.umd.js",
   "module": "dist/digiid-ts.es.js",
diff --git a/src/digiid.ts b/src/digiid.ts
index 168e097..c8a1eda 100644
--- a/src/digiid.ts
+++ b/src/digiid.ts
@@ -255,7 +255,17 @@ function verifyAddress(address: string, publicKey: Uint8Array): boolean {
       const { version, program } = decoded;
 
       if (version === 0) {
-        const computedHash = hash160(publicKey);
+        // For witness v0 P2WPKH, use hash160 of compressed public key
+        let pkToHash = publicKey;
+        // If uncompressed (65 bytes), convert to compressed (33 bytes)
+        if (publicKey.length === 65) {
+          const isEven = publicKey[64]! % 2 === 0;
+          pkToHash = new Uint8Array(33);
+          pkToHash[0] = isEven ? 0x02 : 0x03;
+          pkToHash.set(publicKey.slice(1, 33), 1);
+        }
+
+        const computedHash = hash160(pkToHash);
         return program.every((byte, i) => byte === computedHash[i]);
       }