feat: use rust unified combiner to support frost and multiple ecdsa signing schemes signature aggregation

Author: FedericoAmura

local-tests/build.mjs

@@ -35,6 +35,7 @@ const createBuildConfig = (entry, outfile, globalName) => ({
   format: 'esm',
   inject: [getPath('./shim.mjs')],
   mainFields: ['module', 'main'],
+  sourcemap: true,
   ...(globalName ? { globalName } : {}),
 });
 

local-tests/setup/tinny-person.ts

@@ -27,9 +27,7 @@ export class TinnyPerson {
   public authMethodOwnedPkp: PKPInfo;
 
   // Pass this to data to sign
-  public loveLetter: Uint8Array = ethers.utils.arrayify(
-    ethers.utils.keccak256([1, 2, 3, 4, 5])
-  );
+  public loveLetter: Uint8Array = new Uint8Array([1, 2, 3, 4, 5]);
 
   public provider: ethers.providers.StaticJsonRpcProvider;
 
@@ -156,9 +154,9 @@ export class TinnyPerson {
     this.pkp = walletMintRes.pkp;
 
     /**
-     * ====================================
-     * Mint a PKP wiuth eth wallet auth method
-     * ====================================
+     * ======================================
+     * Mint a PKP with eth wallet auth method
+     * ======================================
      */
     console.log(
       '[𐬺🧪 Tinny Person𐬺] Minting a PKP with eth wallet auth method...'

local-tests/tests/testUseEoaSessionSigsToPkpSign.ts

@@ -1,86 +1,215 @@
-import { ethers } from 'ethers';
+import { hexToBytes } from '@noble/hashes/utils';
 
+import { UnknownSignatureError } from '@lit-protocol/constants';
+import {
+  curveFunctions,
+  hashLitMessage,
+  verifyLitSignature,
+} from '@lit-protocol/crypto';
 import { log } from '@lit-protocol/misc';
+import { SigningScheme } from '@lit-protocol/types';
+
 import { getEoaSessionSigs } from 'local-tests/setup/session-sigs/get-eoa-session-sigs';
 import { TinnyEnvironment } from 'local-tests/setup/tinny-environment';
 
+interface SigningSchemeConfig {
+  hasRecoveryId?: boolean;
+  hashesMessage: boolean;
+  recoversPublicKey?: boolean;
+  signingScheme: SigningScheme;
+}
+
 /**
  * Test Commands:
- * ✅ NETWORK=datil-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSign
- * ✅ NETWORK=datil-test yarn test:local --filter=testUseEoaSessionSigsToPkpSign
+ * ✅ NETWORK=naga-dev yarn test:local --filter=testUseEoaSessionSigsToPkpSign
+ * ✅ NETWORK=naga-test yarn test:local --filter=testUseEoaSessionSigsToPkpSign
  * ✅ NETWORK=custom yarn test:local --filter=testUseEoaSessionSigsToPkpSign
  */
 export const testUseEoaSessionSigsToPkpSign = async (
   devEnv: TinnyEnvironment
 ) => {
   const alice = await devEnv.createRandomPerson();
+  const signingSchemeConfigs: SigningSchemeConfig[] = [
+    // BLS
+    // {
+    //   signingScheme: 'Bls12381', // TODO NodeErrror: Unsupported key type when for Signable. No esta en tss_state.rs::TssState::get_signing_state, puede que no sea posible firmar con esto?
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'Bls12381G1ProofOfPossession', // TODO pkpSignature.signature: '{ProofOfPossession:984ffb9ef7a0e6225dd074bade4b9494fab3487ff543f25a90d86f794cbf190ed20179df6eb6dd3eb9a285838d3cf4980e5e7028688e0461bd1cb95c075046fcafa343d3702e7edff70fb8eb8ada130f58fa45140ab2d90f24b1309b026d98d6}'
+    //   hashesMessage: false,
+    // },
+    // ECDSA
+    {
+      hasRecoveryId: true,
+      hashesMessage: true,
+      recoversPublicKey: true,
+      signingScheme: 'EcdsaK256Sha256',
+    },
+    {
+      hasRecoveryId: true,
+      hashesMessage: true,
+      recoversPublicKey: true,
+      signingScheme: 'EcdsaP256Sha256',
+    },
+    {
+      hasRecoveryId: true,
+      hashesMessage: true,
+      recoversPublicKey: true,
+      signingScheme: 'EcdsaP384Sha384',
+    },
+    // FROST
+    {
+      signingScheme: 'SchnorrEd25519Sha512',
+      hashesMessage: false,
+    },
+    // {
+    //   signingScheme: 'SchnorrK256Sha256', // TODO signature of length 64 expected, got 65
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrP256Sha256', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrP384Sha384', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrRistretto25519Sha512', // TODO curve.verify is not a function
+    //   hashesMessage: false,
+    // },
+    {
+      signingScheme: 'SchnorrEd448Shake256',
+      hashesMessage: false,
+    },
+    // {
+    //   signingScheme: 'SchnorrRedJubjubBlake2b512', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrK256Taproot', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrRedDecaf377Blake2b512', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+    // {
+    //   signingScheme: 'SchnorrkelSubstrate', // TODO Expected pkpSignature to consistently verify its components
+    //   hashesMessage: false,
+    // },
+  ];
 
-  const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
-  const runWithSessionSigs = await devEnv.litNodeClient.pkpSign({
-    toSign: alice.loveLetter,
-    pubKey: alice.pkp.publicKey,
-    sessionSigs: eoaSessionSigs,
-  });
-
-  devEnv.releasePrivateKeyFromUser(alice);
-
-  // Expected output:
-  // {
-  //   r: "25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9",
-  //   s: "549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b101833214",
-  //   recid: 1,
-  //   signature: "0x25fc0d2fecde8ed801e9fee5ad26f2cf61d82e6f45c8ad1ad1e4798d3b747fd9549fe745b4a09536e6e7108d814cf7e44b93f1d73c41931b8d57d1b1018332141c",
-  //   publicKey: "04A3CD53CCF63597D3FFCD1DF1E8236F642C7DF8196F532C8104625635DC55A1EE59ABD2959077432FF635DF2CED36CC153050902B71291C4D4867E7DAAF964049",
-  //   dataSigned: "7D87C5EA75F7378BB701E404C50639161AF3EFF66293E9F375B5F17EB50476F4",
-  // }
-
-  // -- assertions
-  // r, s, dataSigned, and public key should be present
-  if (!runWithSessionSigs.r) {
-    throw new Error(`Expected "r" in runWithSessionSigs`);
-  }
-  if (!runWithSessionSigs.s) {
-    throw new Error(`Expected "s" in runWithSessionSigs`);
-  }
-  if (!runWithSessionSigs.dataSigned) {
-    throw new Error(`Expected "dataSigned" in runWithSessionSigs`);
-  }
-  if (!runWithSessionSigs.publicKey) {
-    throw new Error(`Expected "publicKey" in runWithSessionSigs`);
-  }
+  for (const signingSchemeConfig of signingSchemeConfigs) {
+    try {
 
-  // signature must start with 0x
-  if (!runWithSessionSigs.signature.startsWith('0x')) {
-    throw new Error(`Expected "signature" to start with 0x`);
-  }
+      const signingScheme = signingSchemeConfig.signingScheme;
+      log(`Checking testUseEoaSessionSigsToPkpSign for ${signingSchemeConfig}`);
+      const eoaSessionSigs = await getEoaSessionSigs(devEnv, alice);
 
-  // recid must be parseable as a number
-  if (isNaN(runWithSessionSigs.recid)) {
-    throw new Error(`Expected "recid" to be parseable as a number`);
-  }
+      const pkpSignature = await devEnv.litNodeClient.pkpSign({
+        pubKey: alice.pkp.publicKey,
+        sessionSigs: eoaSessionSigs,
+        messageToSign: alice.loveLetter,
+        signingScheme,
+      });
 
-  const signature = ethers.utils.joinSignature({
-    r: '0x' + runWithSessionSigs.r,
-    s: '0x' + runWithSessionSigs.s,
-    recoveryParam: runWithSessionSigs.recid,
-  });
-  const recoveredPubKey = ethers.utils.recoverPublicKey(
-    alice.loveLetter,
-    signature
-  );
-
-  console.log('recoveredPubKey:', recoveredPubKey);
-
-  if (recoveredPubKey !== `0x${runWithSessionSigs.publicKey.toLowerCase()}`) {
-    throw new Error(
-      `Expected recovered public key to match runWithSessionSigs.publicKey`
-    );
-  }
-  if (recoveredPubKey !== `0x${alice.pkp.publicKey.toLowerCase()}`) {
-    throw new Error(
-      `Expected recovered public key to match alice.pkp.publicKey`
-    );
+      devEnv.releasePrivateKeyFromUser(alice);
+
+      // -- Combined signature format assertions
+      for (const hexString of [
+        'signature',
+        'verifyingKey',
+        'signedData',
+        'publicKey',
+      ]) {
+        if (
+          !pkpSignature[hexString] ||
+          !pkpSignature[hexString].startsWith('0x')
+        ) {
+          throw new Error(
+            `Expected "${hexString}" hex string in pkpSignature. SigningScheme: ${signingScheme}`
+          );
+        }
+      }
+      // Verify correct recoveryId
+      if (
+        signingSchemeConfig.hasRecoveryId
+          ? ![0, 1].includes(pkpSignature.recoveryId)
+          : pkpSignature.recoveryId !== null
+      ) {
+        throw new Error(
+          `Expected "recoveryId" to be 0/1 for ECDSA and "null" for the rest of curves. SigningScheme: ${signingScheme}`
+        );
+      }
+
+      // Signature, public key and signed data verification
+      const signatureVerification = verifyLitSignature(
+        signingSchemeConfig.signingScheme,
+        pkpSignature.publicKey.replace('0x', ''),
+        pkpSignature.signedData.replace('0x', ''),
+        pkpSignature.signature.replace('0x', '')
+      );
+      if (!signatureVerification) {
+        throw new Error(
+          `Expected pkpSignature to consistently verify its components. SigningScheme: ${signingScheme}`
+        );
+      }
+
+      if (signingSchemeConfig.recoversPublicKey) {
+        const curve = curveFunctions[signingScheme];
+        const signatureBytes = hexToBytes(
+          pkpSignature.signature.replace(/^0x/, '')
+        );
+        // @ts-expect-error In progress. ECDSA works, not yet Frost
+        const signature = curve.Signature.fromCompact(
+          signatureBytes
+        ).addRecoveryBit(pkpSignature.recoveryId);
+
+        const msgHash = hexToBytes(pkpSignature.signedData.replace(/^0x/, ''));
+        const recoveredPubKeyBytes = signature.recoverPublicKey(msgHash);
+        const recoveredPubKey = recoveredPubKeyBytes.toHex(false);
+
+        if (pkpSignature.publicKey.replace('0x', '') !== recoveredPubKey) {
+          throw new Error(
+            `Expected recovered public key to match nodesPublicKey`
+          );
+        }
+        // PKP public key lives in k256, it cannot be directly compared in any other curve
+        if (
+          signingScheme === 'EcdsaK256Sha256' &&
+          alice.pkp.publicKey !== recoveredPubKey
+        ) {
+          throw new Error(
+            `Expected recovered public key to match alice.pkp.publicKey. SigningScheme: ${signingSchemeConfig}`
+          );
+        }
+      }
+
+      const messageHash = signingSchemeConfig.hashesMessage ? hashLitMessage(signingScheme, alice.loveLetter) : alice.loveLetter;
+      const messageHashHex = Buffer.from(messageHash).toString('hex');
+      if (pkpSignature.signedData.replace('0x', '') !== messageHashHex) {
+        throw new Error(
+          `Expected signed data to match hashLitMessage(signingScheme, alice.loveLetter). SigningScheme: ${signingScheme}`
+        );
+      }
+
+      log(`✅ testUseEoaSessionSigsToPkpSign - ${signingScheme}`);
+    } catch (e) {
+      throw new UnknownSignatureError(
+        {
+          info: {
+            signingSchemeConfig,
+            message: alice.loveLetter,
+            pkp: alice.pkp,
+          },
+          cause: e,
+        },
+        `Signature failed with signing scheme ${signingSchemeConfig.signingScheme}`
+      );
+    }
   }
 
-  log('✅ testUseEoaSessionSigsToPkpSign');
+  log('✅ testUseEoaSessionSigsToPkpSign all signing schemes');
 };

package.json

@@ -44,6 +44,7 @@
     "@lit-protocol/contracts": "^0.0.86",
     "@metamask/eth-sig-util": "5.0.2",
     "@mysten/sui.js": "^0.37.1",
+    "@noble/curves": "^1.8.1",
     "@openagenda/verror": "^3.1.4",
     "@simplewebauthn/browser": "^7.2.0",
     "@simplewebauthn/typescript-types": "^7.0.0",
@@ -60,6 +61,7 @@
     "cross-fetch": "3.1.8",
     "date-and-time": "^2.4.1",
     "depd": "^2.0.0",
+    "elliptic": "^6.6.1",
     "ethers": "^5.7.1",
     "jose": "^4.14.4",
     "micromodal": "^0.4.10",
@@ -70,7 +72,8 @@
     "tslib": "^2.7.0",
     "tweetnacl": "^1.0.3",
     "tweetnacl-util": "^0.15.1",
-    "uint8arrays": "^4.0.3"
+    "uint8arrays": "^4.0.3",
+    "zod": "^3.24.1"
   },
   "devDependencies": {
     "@nx/devkit": "17.3.0",
@@ -86,6 +89,7 @@
     "@nx/web": "17.3.0",
     "@solana/web3.js": "1.95.3",
     "@types/depd": "^1.1.36",
+    "@types/elliptic": "^6.4.18",
     "@types/events": "^3.0.3",
     "@types/jest": "27.4.1",
     "@types/node": "18.19.18",

packages/constants/src/index.ts

@@ -3,7 +3,6 @@ export * from './lib/version';
 
 // ----------- Constants -----------
 export * from './lib/constants/constants';
-export * from './lib/constants/mappers';
 export * from './lib/constants/endpoints';
 export * from './lib/constants/mappers';
 export * from './lib/constants/curves';