feat: retrofit during eth tss recovery

zahin-mohammad · zahin-mohammad · commit 4a743ac3eb11 · 2024-11-01T15:40:13.000-04:00
TICKET: WP-2959
diff --git a/modules/abstract-eth/package.json b/modules/abstract-eth/package.json
@@ -41,7 +41,6 @@
   },
   "dependencies": {
     "@bitgo/sdk-core": "^28.12.0",
-    "@bitgo/sdk-lib-mpc": "^10.1.0",
     "@bitgo/statics": "^50.5.0",
     "@bitgo/utxo-lib": "^11.0.1",
     "@ethereumjs/common": "^2.6.5",
diff --git a/modules/abstract-eth/src/abstractEthLikeNewCoins.ts b/modules/abstract-eth/src/abstractEthLikeNewCoins.ts
@@ -6,15 +6,13 @@ import {
   BitGoBase,
   BuildNftTransferDataOptions,
   common,
-  ECDSA,
   Ecdsa,
   ECDSAMethodTypes,
   EthereumLibraryUnavailableError,
   FeeEstimateOptions,
   FullySignedTransaction,
   getIsUnsignedSweep,
   HalfSignedTransaction,
-  hexToBigInt,
   InvalidAddressError,
   InvalidAddressVerificationObjectPropertyError,
   IWallet,
@@ -36,7 +34,6 @@ import {
   Wallet,
   ECDSAUtils,
 } from '@bitgo/sdk-core';
-import { EcdsaPaillierProof, EcdsaRangeProof, EcdsaTypes } from '@bitgo/sdk-lib-mpc';
 import {
   BaseCoin as StaticsBaseCoin,
   CoinMap,
@@ -1056,174 +1053,6 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
     }
   }
 
-  /**
-   * Method to sign tss recovery transaction
-   * @param {ECDSA.KeyCombined} userKeyCombined
-   * @param {ECDSA.KeyCombined} backupKeyCombined
-   * @param {string} txHex
-   * @param {Object} options
-   * @param {EcdsaTypes.SerializedNtilde} options.rangeProofChallenge
-   * @returns {Promise<ECDSAMethodTypes.Signature>}
-   */
-  private async signRecoveryTSS(
-    userKeyCombined: ECDSA.KeyCombined,
-    backupKeyCombined: ECDSA.KeyCombined,
-    txHex: string,
-    openSSLBytes: Uint8Array,
-    {
-      rangeProofChallenge,
-    }: {
-      rangeProofChallenge?: EcdsaTypes.SerializedNtilde;
-    } = {}
-  ): Promise<ECDSAMethodTypes.Signature> {
-    if (!userKeyCombined || !backupKeyCombined) {
-      throw new Error('Missing key combined shares for user or backup');
-    }
-
-    const MPC = new Ecdsa();
-    const signerOneIndex = userKeyCombined.xShare.i;
-    const signerTwoIndex = backupKeyCombined.xShare.i;
-
-    rangeProofChallenge =
-      rangeProofChallenge ?? EcdsaTypes.serializeNtildeWithProofs(await EcdsaRangeProof.generateNtilde(openSSLBytes));
-
-    const userToBackupPaillierChallenge = await EcdsaPaillierProof.generateP(
-      hexToBigInt(userKeyCombined.yShares[signerTwoIndex].n)
-    );
-    const backupToUserPaillierChallenge = await EcdsaPaillierProof.generateP(
-      hexToBigInt(backupKeyCombined.yShares[signerOneIndex].n)
-    );
-
-    const userXShare = MPC.appendChallenge(
-      userKeyCombined.xShare,
-      rangeProofChallenge,
-      EcdsaTypes.serializePaillierChallenge({ p: userToBackupPaillierChallenge })
-    );
-    const userYShare = MPC.appendChallenge(
-      userKeyCombined.yShares[signerTwoIndex],
-      rangeProofChallenge,
-      EcdsaTypes.serializePaillierChallenge({ p: backupToUserPaillierChallenge })
-    );
-    const backupXShare = MPC.appendChallenge(
-      backupKeyCombined.xShare,
-      rangeProofChallenge,
-      EcdsaTypes.serializePaillierChallenge({ p: backupToUserPaillierChallenge })
-    );
-    const backupYShare = MPC.appendChallenge(
-      backupKeyCombined.yShares[signerOneIndex],
-      rangeProofChallenge,
-      EcdsaTypes.serializePaillierChallenge({ p: userToBackupPaillierChallenge })
-    );
-
-    const signShares: ECDSA.SignShareRT = await MPC.signShare(userXShare, userYShare);
-
-    const signConvertS21 = await MPC.signConvertStep1({
-      xShare: backupXShare,
-      yShare: backupYShare, // YShare corresponding to the other participant signerOne
-      kShare: signShares.kShare,
-    });
-    const signConvertS12 = await MPC.signConvertStep2({
-      aShare: signConvertS21.aShare,
-      wShare: signShares.wShare,
-    });
-    const signConvertS21_2 = await MPC.signConvertStep3({
-      muShare: signConvertS12.muShare,
-      bShare: signConvertS21.bShare,
-    });
-
-    const [signCombineOne, signCombineTwo] = [
-      MPC.signCombine({
-        gShare: signConvertS12.gShare,
-        signIndex: {
-          i: signConvertS12.muShare.i,
-          j: signConvertS12.muShare.j,
-        },
-      }),
-      MPC.signCombine({
-        gShare: signConvertS21_2.gShare,
-        signIndex: {
-          i: signConvertS21_2.signIndex.i,
-          j: signConvertS21_2.signIndex.j,
-        },
-      }),
-    ];
-
-    const MESSAGE = Buffer.from(txHex, 'hex');
-
-    const [signA, signB] = [
-      MPC.sign(MESSAGE, signCombineOne.oShare, signCombineTwo.dShare, Keccak('keccak256')),
-      MPC.sign(MESSAGE, signCombineTwo.oShare, signCombineOne.dShare, Keccak('keccak256')),
-    ];
-
-    return MPC.constructSignature([signA, signB]);
-  }
-
-  /**
-   * Helper which combines key shares of user and backup
-   * @param {string} userPublicOrPrivateKeyShare
-   * @param {string} backupPrivateOrPublicKeyShare
-   * @param {string} walletPassphrase
-   * @returns {[ECDSAMethodTypes.KeyCombined, ECDSAMethodTypes.KeyCombined]}
-   */
-  private getKeyCombinedFromTssKeyShares(
-    userPublicOrPrivateKeyShare: string,
-    backupPrivateOrPublicKeyShare: string,
-    walletPassphrase?: string
-  ): [ECDSAMethodTypes.KeyCombined, ECDSAMethodTypes.KeyCombined] {
-    let backupPrv;
-    let userPrv;
-    try {
-      backupPrv = this.bitgo.decrypt({
-        input: backupPrivateOrPublicKeyShare,
-        password: walletPassphrase,
-      });
-      userPrv = this.bitgo.decrypt({
-        input: userPublicOrPrivateKeyShare,
-        password: walletPassphrase,
-      });
-    } catch (e) {
-      throw new Error(`Error decrypting backup keychain: ${e.message}`);
-    }
-
-    const userSigningMaterial = JSON.parse(userPrv) as ECDSAMethodTypes.SigningMaterial;
-    const backupSigningMaterial = JSON.parse(backupPrv) as ECDSAMethodTypes.SigningMaterial;
-
-    if (!userSigningMaterial.backupNShare) {
-      throw new Error('Invalid user key - missing backupNShare');
-    }
-
-    if (!backupSigningMaterial.userNShare) {
-      throw new Error('Invalid backup key - missing userNShare');
-    }
-
-    const MPC = new Ecdsa();
-
-    const userKeyCombined = MPC.keyCombine(userSigningMaterial.pShare, [
-      userSigningMaterial.bitgoNShare,
-      userSigningMaterial.backupNShare,
-    ]);
-    const userSigningKeyDerived = MPC.keyDerive(
-      userSigningMaterial.pShare,
-      [userSigningMaterial.bitgoNShare, userSigningMaterial.backupNShare],
-      'm/0'
-    );
-    const userKeyDerivedCombined = {
-      xShare: userSigningKeyDerived.xShare,
-      yShares: userKeyCombined.yShares,
-    };
-    const backupKeyCombined = MPC.keyCombine(backupSigningMaterial.pShare, [
-      userSigningKeyDerived.nShares[2],
-      backupSigningMaterial.bitgoNShare,
-    ]);
-    if (
-      userKeyDerivedCombined.xShare.y !== backupKeyCombined.xShare.y ||
-      userKeyDerivedCombined.xShare.chaincode !== backupKeyCombined.xShare.chaincode
-    ) {
-      throw new Error('Common keychains do not match');
-    }
-    return [userKeyDerivedCombined, backupKeyCombined];
-  }
-
   /**
    * Helper which Adds signatures to tx object and re-serializes tx
    * @param {EthLikeCommon.default} ethCommon
@@ -1289,7 +1118,7 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
    */
   async recover(params: RecoverOptions): Promise<RecoveryInfo | OfflineVaultTxInfo> {
     if (params.isTss === true) {
-      return this.recoverTSS(params, params.openSSLBytes);
+      return this.recoverTSS(params);
     }
     return this.recoverEthLike(params);
   }
@@ -1974,10 +1803,7 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
    * Recovers a tx with TSS key shares
    * same expected arguments as recover method, but with TSS key shares
    */
-  protected async recoverTSS(
-    params: RecoverOptions,
-    openSSLBytes: Uint8Array
-  ): Promise<RecoveryInfo | OfflineVaultTxInfo> {
+  protected async recoverTSS(params: RecoverOptions): Promise<RecoveryInfo | OfflineVaultTxInfo> {
     this.validateRecoveryParams(params);
     // Clean up whitespace from entered values
     const userPublicOrPrivateKeyShare = params.userKey.replace(/\s/g, '');
@@ -2010,48 +1836,19 @@ export abstract class AbstractEthLikeNewCoins extends AbstractEthLikeCoin {
         params.replayProtectionOptions
       );
     } else {
-      const isGG18SigningMaterial = ECDSAUtils.isGG18SigningMaterial(
+      const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
         userPublicOrPrivateKeyShare,
+        backupPrivateOrPublicKeyShare,
         params.walletPassphrase
       );
-      let signature: ECDSAMethodTypes.Signature;
-      let unsignedTx: EthLikeTxLib.Transaction | EthLikeTxLib.FeeMarketEIP1559Transaction;
-      if (isGG18SigningMaterial) {
-        const [userKeyCombined, backupKeyCombined] = this.getKeyCombinedFromTssKeyShares(
-          userPublicOrPrivateKeyShare,
-          backupPrivateOrPublicKeyShare,
-          params.walletPassphrase
-        );
-        const backupKeyPair = new KeyPairLib({ pub: backupKeyCombined.xShare.y });
-        const baseAddress = backupKeyPair.getAddress();
-
-        unsignedTx = (await this.buildTssRecoveryTxn(baseAddress, gasPrice, gasLimit, params)).tx;
-
-        signature = await this.signRecoveryTSS(
-          userKeyCombined,
-          backupKeyCombined,
-          unsignedTx.getMessageToSign(false).toString('hex'),
-          openSSLBytes
-        );
-      } else {
-        const { userKeyShare, backupKeyShare, commonKeyChain } = await ECDSAUtils.getMpcV2RecoveryKeyShares(
-          userPublicOrPrivateKeyShare,
-          backupPrivateOrPublicKeyShare,
-          params.walletPassphrase
-        );
-
-        const MPC = new Ecdsa();
-        const derivedCommonKeyChain = MPC.deriveUnhardened(commonKeyChain, 'm');
-        const backupKeyPair = new KeyPairLib({ pub: derivedCommonKeyChain.slice(0, 66) });
-        const baseAddress = backupKeyPair.getAddress();
-
-        unsignedTx = (await this.buildTssRecoveryTxn(baseAddress, gasPrice, gasLimit, params)).tx;
-
-        const messageHash = unsignedTx.getMessageToSign(true);
-
-        signature = await ECDSAUtils.signRecoveryMpcV2(messageHash, userKeyShare, backupKeyShare, commonKeyChain);
-      }
 
+      const MPC = new Ecdsa();
+      const derivedCommonKeyChain = MPC.deriveUnhardened(commonKeyChain, 'm/0');
+      const backupKeyPair = new KeyPairLib({ pub: derivedCommonKeyChain.slice(0, 66) });
+      const baseAddress = backupKeyPair.getAddress();
+      const unsignedTx = (await this.buildTssRecoveryTxn(baseAddress, gasPrice, gasLimit, params)).tx;
+      const messageHash = unsignedTx.getMessageToSign(true);
+      const signature = await ECDSAUtils.signRecoveryMpcV2(messageHash, userKeyShare, backupKeyShare, commonKeyChain);
       const ethCommmon = AbstractEthLikeNewCoins.getEthLikeCommon(params.eip1559, params.replayProtectionOptions);
       const signedTx = this.getSignedTxFromSignature(ethCommmon, unsignedTx, signature);
 
diff --git a/modules/sdk-core/src/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts b/modules/sdk-core/src/bitgo/utils/tss/ecdsa/ecdsaMPCv2.ts
