[ANN] boha - Rust library for Bitcoin puzzle & bounty data

[Redni]

boha is a Rust library and CLI for crypto puzzle/bounty data. All data is compiled into the binary at build time - no runtime dependencies, no API calls for basic usage.

What's included:
- b1000 - 256 Bitcoin Puzzle Transaction puzzles (82 solved)
- hash_collision - Peter Todd's 6 P2SH bounties for SHA1/SHA256/RIPEMD160 collisions
- ballet - Bobby Lee's REAL BITCOIN challenge (3 BIP38 encrypted cards)
- zden - 15 visual puzzles (keys encoded in images)
- bitaps - Shamir Secret Sharing mnemonic challenge
- bitimage - File-derived key puzzles
- gsmg - gsmg.io puzzle

Data includes:
- Addresses (P2PKH, P2SH, P2WPKH, P2WSH, P2TR)
- Private keys (hex, WIF), public keys
- BIP39 seeds where applicable
- Transaction history, claim txids
- Solver attribution
- Start dates, source URLs

Links:
- GitHub: https://github.com/oritwoen/boha
- crates.io: https://crates.io/crates/boha
- Docs: https://docs.rs/boha

[BattleDog]

How hard are you validating the data you ingest? Like, are you reconstructing scriptPubKeys and confirming the address you emit actually corresponds to the pubkey/privkey you store, and optionally confirming spend/claim txids against a known chain snapshot?

I'm asking because once you start bundling private keys and seeds (even if they're puzzle keys), people will treat this as gospel and build more tooling on top of it. A quick "self-check mode" that re-derives everything and screams if anything is inconsistent would make this thing rock solid.

Also curious how you plan to handle updates without turning it into a moving target, pinned dataset versions would be chef's kiss.

[Redni]

Validation is solid. At build time boha verifies WIF ↔ hex consistency and that key bits match the actual private key. At test time (~160 tests) it reconstructs addresses from private keys using k256 (privkey → pubkey → SHA256 → RIPEMD160), validates pubkey → hash160, verifies witness programs from bech32, confirms redeem_script hashes for P2SH, and checks key ranges for solved puzzles.

What's not implemented yet: verifying txids against chain snapshots. That's a reasonable addition.

For updates - I'm planning automated scripts + CI pipeline to fetch from chain APIs, validate, and commit. Pinned dataset versions make sense too; I'll likely embed a commit hash or data version at build time so downstream can trace exactly what they're running.

Code is open if you want to dig in: tests/validation.rs for crypto checks, build.rs for compile-time validation.