wallet: Sign transactions containing MuSig2 inputs #31245

pull achow101 wants to merge 24 commits into bitcoin:master from achow101:musig2-signing changing 21 files +1398 −118
  1. achow101 commented at 6:12 pm on November 7, 2024: member

    Implements all of the signing logic for transactions containing MuSig2 inputs.

    Note that this is not actually usable as the session data for MuSig2 is not stored. That will require the PSBT fields from #29675

    Depends on #31242, #31243, and #31244

    Split from #29675

  2. desc spkm: Return SigningProvider only if we have the privkey
    If we know about a pubkey that's in our descriptor, but we don't have
    the private key, don't return a SigningProvider for that pubkey.
    
    This is specifically an issue for Taproot outputs that use the H point
    as the resulting PSBTs may end up containing irrelevant information
    because the H point was detected as a pubkey each unrelated descriptor
    knew about.
    aa2913fe1a
  3. wallet, rpc: Only allow keypool import from single key descriptors
    Instead of relying on implicit assumptions about whether pubkeys show up
    or now after expanding a descriptor, just explicitly allow only single
    key descriptors to import keys into a legacy wallet's keypool.
    5065ad250a
  4. descriptors: Have GetPubKey fill origins directly
    Instead of having ExpandHelper fill in the origins in the
    FlatSigningProvider output, have GetPubKey do it by itself. This reduces
    the extra variables needed in order to track and set origins in
    ExpandHelper.
    
    Also changes GetPubKey to return a std::optional<CPubKey> rather than
    using a bool and output parameters.
    b2375ba54b
  5. descriptors: Move FlatSigningProvider pubkey filling to GetPubKey
    Instead of MakeScripts inconsistently filling the output
    FlatSigningProvider with the pubkeys involved, just do it in GetPubKey.
    563da2b909
  6. descriptors: Have GetPrivKey fill keys directly
    Instead of GetPrivKey returning a key and having the caller fill the
    FlatSigningProvider, have GetPrivKey take the FlatSigningProvider and
    fill it by itself.
    
    GetPrivKey is now changed to void as the caller no longer cares whether
    it succeeds or fails.
    82fdbaeda2
  7. XOnlyPubKey: Add GetCPubKeys
    We need to retrieve the even and odd compressed pubkeys for xonly
    pubkeys, so add a function to do that. Also reuse it in GetKeyIDs.
    7db5e9b5f7
  8. spanparsing: Allow Const to not skip the found constant b2f8cc3270
  9. descriptors: Add PubkeyProvider::IsBIP32() bb0a83271f
  10. build: Enable secp256k1 musig module 256ed61f63
  11. sign: Add GetAggregateParticipantPubkeys to SigningProvider 994719869d
  12. Add MuSig2 Keyagg Cache class and functions
    - MuSig2KeyAggCache contains a MuSig2KeyAggCacheImpl which has the
      secp256ke_musig_keyagg_cache object to avoid having to link libsecp256k1
      everywhere.
    - GetMuSig2KeyAggCache creates the MuSig2KeyAggCache from a
      std::vector<CPubKey>
    - GetCPubKeyFromMuSig2KeyAggCache creates a CPubKey from a cache created
      with GetMuSig2KeyAggCache
    - MuSig2AggregatePubKeys does the two above functions together.
    cd22790ee0
  13. descriptor: Add MuSigPubkeyProvider 72836cc6ff
  14. descriptor: Parse musig() key expressions 71aac9edd5
  15. tests: Test musig() parsing c30d07c51f
  16. sign: Refactor Schnorr sighash computation out of CreateSchnorrSig
    There will be other functions within MutableTransactionSignatureCreator
    that need to compute the same sighash, so make it a separate member
    function.
    93b2b66781
  17. pubkey: Return tweaks from BIP32 derivation 425489081b
  18. sign: Include taproot output key's KeyOriginInfo in sigdata bd94410996
  19. Add MuSig2SecNonce class for secure allocation of musig nonces 13f889a358
  20. signingprovider: Add musig2 secnonces
    Adds GetMuSig2SecNonces which returns secp256k1_musig_secnonce*, and
    DeleteMuSig2Session which removes the MuSig2 secnonce from wherever it
    was retrieved. FlatSigningProvider stores it as a pointer to a map of
    session id to secnonce so that deletion will actually delete from the
    object that actually owns the secnonces.
    
    The session id is just a unique identifier for the caller to determine
    what secnonces have been created.
    b7a5ff7963
  21. sign: Add CreateMuSig2AggregateSig 1fb3fb8389
  22. sign: Add CreateMuSig2Nonce 357f4277c9
  23. sign: Add CreateMuSig2PartialSig 56b10a85af
  24. sign: Create MuSig2 signatures for known MuSig2 aggregate keys
    When creating Taproot signatures, if the key being signed for is known
    to be a MuSig2 aggregate key, do the MuSig2 signing algorithms.
    
    First try to create the aggregate signature. This will fail if there are
    not enough partial signatures or public nonces. If it does fail, try to
    create a partial signature with all participant keys. This will fail for
    those keys that we do not have the private keys for, and if there are
    not enough public nonces. Lastly, if the partial signatures could be
    created, add our own public nonces for the private keys that we know, if
    they do not yet exist.
    9c43df13d0
  25. wallet: Keep secnonces in DescriptorScriptPubKeyMan 5a90774a85
  26. DrahtBot commented at 6:12 pm on November 7, 2024: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage & Benchmarks

    For details see: https://corecheck.dev/bitcoin/bitcoin/pulls/31245.

    Reviews

    See the guideline for information on the review process. A summary of reviews will appear here.

  27. DrahtBot added the label Wallet on Nov 7, 2024
  28. achow101 closed this on Nov 7, 2024


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-21 15:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me