Skip to content

Expose interactive FROST DKG signer ABI#4011

Merged
mswilkison merged 4 commits into
extraction/frost-signer-mirror-2026-05-26from
codex/tbtc-signer-interactive-frost
Jun 6, 2026
Merged

Expose interactive FROST DKG signer ABI#4011
mswilkison merged 4 commits into
extraction/frost-signer-mirror-2026-05-26from
codex/tbtc-signer-interactive-frost

Conversation

@mswilkison
Copy link
Copy Markdown
Contributor

@mswilkison mswilkison commented Jun 4, 2026

Summary

  • add stateless Rust C ABI endpoints for interactive FROST DKG part1/part2/part3
  • add stateless signing endpoints for nonce generation, signing-package construction, share signing, and aggregation
  • normalize DKG outputs to the even-Y BIP340 convention and export the group key as x-only material
  • cover the full Rust FFI path with a 3-member DKG, threshold signing, aggregation, and BIP340 verification test

Validation

  • cargo test --lib
  • cargo build

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jun 4, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: c3110776-1bd6-47ec-82e2-de5c45572d78

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/tbtc-signer-interactive-frost

Comment @coderabbitai help to get the list of available commands and usage tips.

@mswilkison mswilkison mentioned this pull request Jun 4, 2026
Merged
@mswilkison mswilkison marked this pull request as ready for review June 6, 2026 23:11
@mswilkison mswilkison merged commit abdae01 into extraction/frost-signer-mirror-2026-05-26 Jun 6, 2026
19 checks passed
@mswilkison mswilkison deleted the codex/tbtc-signer-interactive-frost branch June 6, 2026 23:22
mswilkison added a commit that referenced this pull request Jun 6, 2026
@mswilkison
Register tbtc-signer interactive FROST engine (#4012)
acdf8f1 
## Summary

- register the build-tagged tbtc-signer bridge as the native FROST DKG
engine and the full native FROST signing engine
- add Go request/response adapters for the new interactive Rust ABI from
#4011
- keep old/missing signer builds fail-closed through
`ErrNativeCryptographyUnavailable`
- disable legacy ECDSA DKG execution when the configured pre-parameters
pool size is zero, so FROST-only local/testnet runs do not require an
unused ECDSA preparams pipeline
- reject Schnorr/FROST signing executors for non-Taproot transaction
inputs before threshold signing begins
- add registration coverage plus an optional linked-dylib smoke test
that runs DKG, signing, aggregation, and BIP340 verification when the
Rust symbols are present

## Stack

- base: #4010
- requires Rust signer ABI: #4011

## Testnet rehearsal note

The local FROST testnet reached threshold signing for a real revealed
Bitcoin testnet deposit and produced a native aggregate signature. The
action then failed while applying the signature because the deposit
sweep input was a legacy P2WSH deposit output requiring ECDSA semantics,
not a Taproot key-path wallet input.

This PR now fails closed earlier for that class of mismatch: a
Schnorr/FROST signing executor will not sign non-P2TR transaction
inputs. This does not make legacy deposits sweepable by FROST; it
prevents wasting a threshold signing round and producing a misleading
invalid-signature failure.

## Validation

- `go test -tags 'frost_native frost_tbtc_signer' ./pkg/frost/signing`
-
`CGO_LDFLAGS='-L/private/tmp/keep-core-pr4005-worktree/pkg/tbtc/signer/target/debug
-lfrost_tbtc'
DYLD_LIBRARY_PATH=/private/tmp/keep-core-pr4005-worktree/pkg/tbtc/signer/target/debug
go test -tags 'frost_native frost_tbtc_signer' ./pkg/frost/signing -run
TestBuildTaggedTBTCSignerInteractiveFROSTBridge_WithLinkedSigner
-count=1 -v`
- `KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true go test
-tags 'frost_native frost_tbtc_signer' ./pkg/tbtc`
- `go test ./pkg/tbtc -run
'TestWalletTransactionExecutor_SignTransaction_RejectsSchnorrForLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_RejectsMixedTaprootAndLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_AddsTaprootKeyPathWitness|TestDkgExecutor_DisablesECDSAPreParamsWhenPoolSizeZero'`
- `go test -tags frost_native ./pkg/tbtc -run
'TestWalletTransactionExecutor_SignTransaction_RejectsSchnorrForLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_RejectsMixedTaprootAndLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_AddsTaprootKeyPathWitness|TestDkgExecutor_DisablesECDSAPreParamsWhenPoolSizeZero|TestCalculateWalletIDForSigner_FrostUniFFIV2UsesXOnlyOutputKey'`

Note: without
`KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true`, the broad
`pkg/tbtc` run fails on existing scaffold-era legacy private-key-share
fixtures, not on this bridge registration change.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mswilkison