Part 1: Asset Minting with V1 Asset Group Key and Chantools Cold Storage Support #1272
Conversation
ffranr
force-pushed
the
cold-group-key
branch
3 times, most recently
from
c766bbe to
cabfd1d
Compare
Pull Request Test Coverage Report for Build 12709993838Details
💛 - Coveralls |
Introduce a new method to support future usage in the tapgarden package.
Refactored the `FundBatch` method to use a general return type, `FundBatchResp`. This change improves code health and allows for easier extension by enabling the state machine to return additional fields in the future.
Introduced a `newVerboseBatch` function to create a verbose mint batch from a regular mint batch. This functionality is extracted from the existing list batch logic as part of a refactor. The function will be used in a future commit to include a verbose batch in the response of the FundBatch RPC endpoint.
Added comments to the planter function `buildGroupReqs` to improve code readability and explain the logic more clearly.
Introduce a guide outlining the workflow for using external group keys. Future commits in this PR will add features and implement changes to support the described workflow.
The FundBatch RPC endpoint now returns a verbose batch instead of a regular batch. The verbose batch includes additional asset group information required by external signers.
Added a new `ExternalKey` message type to represent an external key used for deriving and managing HD wallet addresses per BIP-86. A new field of type `ExternalKey` was added to the `MintAsset` message, enabling the specification of an external key when a mint request is added to the batch.
Introduce a new `ExternalKey` type and add external key fields of this type to `Seedling` and `GroupKeyRequest`.
Add unmarshalling support for the new `Asset.ExternalGroupKey` field in the `MintAsset` RPC endpoint. Also populate the external key in the `Seedling` instance.
Add an `external_key` field to the `GroupKeyRequest` RPC message, which will also make it available in the `UnsealedAsset` RPC message. Include marshalling functionality for the new field.
Added the following command line minting flags: - group_key_xpub - group_key_derivation_path - group_key_fingerprint
Updated the documentation for the `MintAsset.group_tapscript_root` field to clarify its purpose: it now represents the custom tapscript subtree root for V1 group key reveals and serves as the tapscript tree root for V0 group key reveals.
Add the `CustomTapscriptRoot` field to both the `GroupKey` and `GroupKeyRequest` types. This field stores the user-defined custom tapscript subtree root, which is committed to by the asset group key. Update the `buildGroupReqs` function to leverage this new field when constructing group key requests for generating asset group keys.
Introduce a new `GroupKeyVersion` type to represent the group key version in `asset.GroupKey` and `asset.GroupKeyRequest`. Add a `version` field to both `asset.GroupKey` and `asset.GroupKeyRequest`, with logic to populate it. Enhance the verification process by adding version-specific checks.
Update `GroupKeyRequest` methods to support the generation of version 1 (V1) group keys.
Add a new PSBT field to the `UnsealedAssets` RPC message type, which contains the byte-serialized PSBT equivalent of the group virtual transaction for unsealed assets. As a result, the `FundBatch` and `ListBatches` RPC endpoints now return group virtual PSBTs. Include logic to generate the group virtual PSBT. The PSBT is unsigned and is provided to allow signing with an external cold private key.
ffranr
force-pushed
the
cold-group-key
branch
2 times, most recently
from
8af293f to
4666b23
Compare
ffranr
force-pushed
the
cold-group-key
branch
2 times, most recently
from
1e543e2 to
e61d638
Compare
|
I think these are the necessary changes. This PR can't really be made smaller in any meaningful way. |
ffranr
changed the title
Extended the `asset_groups` database table with two new columns: `rows_version` and `custom_subtree_root`. These fields are required to store and retrieve new GroupKey data for use during mint proof generation, where the group key reveal is formulated.
Ensured the `version` and `custom_subtree_root` columns are populated with the appropriate GroupKey data when storing a group key in the database.
Implemented parsing logic for the `version` and `custom_subtree_root` fields when reading from the database.
Added support for group key reveal V1 alongside the existing group key reveal V0 when generating mint proofs.
Adds a test to ensure the new PSBT field introduced in the previous commit can be used to derive a transaction identical to the group virtual transaction.
Update the `build-itest` Makefile target, used as a subcommand during `make itest`, to ensure `chantools` is properly set up for integration tests. Additionally, update `.gitignore` to exclude the `chantools` build directory.
Add a test harness to execute the chantools binary via the command line and parse its output.
Added a new integration test, `testMintExternalGroupKeyChantools`, to verify the ability to mint an asset and generate an asset group signature using chantools with an externally managed signing key.
ffranr
force-pushed
the
cold-group-key
branch
from
e61d638 to
c0c6795
Compare
|
As mentioned during our last call, I’ve updated |
| This key enables signing operations to be performed externally, outside | ||
| the daemon. | ||
| */ | ||
| taprpc.ExternalKey external_group_key = 14; |
There was a problem hiding this comment.
Is this field mutually exclusive with the existing group_key field above?
| @@ -883,6 +966,10 @@ type GroupKeyRequest struct { | |||
| // has been applied. | |||
| RawKey keychain.KeyDescriptor | |||
|
|
|||
| // ExternalKey specifies a public key that, when provided, is used to | |||
| // externally sign the group virtual transaction outside of tapd. | |||
| ExternalKey fn.Option[ExternalKey] | |||
There was a problem hiding this comment.
Same comment here re the proto: can RawKey and ExternalKey be specified at the same time?
| @@ -138,6 +139,21 @@ var mintAssetCommand = cli.Command{ | |||
| "in order to avoid printing a large amount " + | |||
| "of data in case of large batches", | |||
| }, | |||
| cli.StringFlag{ | |||
| Name: "group_key_xpub", | |||
There was a problem hiding this comment.
Do we also need to be able to specify optional leaves for the custom tapscript root?
| }) | ||
| } | ||
|
|
||
| // TODO(guggero): Actually just ask for the signed PSBT back and extract |
There was a problem hiding this comment.
Will this be addressed in this PR?
So accepting the signed PSBT to extract the signatures manually ourselves.
There was a problem hiding this comment.
One other related thing is that we want to add some basic meta data to the group key minting PSBT to allow external software to display information such as the asset ID, name, and units to be minted.
| group key. This allows for future asset issuance authorized using a | ||
| script witness. | ||
| If an external group key is provided, the V1 scheme for group key script |
There was a problem hiding this comment.
Why this assumption vs a version + default?
There was a problem hiding this comment.
Not sure if I understand @Roasbeef's suggestion here, but at least mention the default V0 scheme so that it is clear what we the change in behavior entails.
| return nil, fmt.Errorf("error producing group virtual PSBT "+ | ||
| "from tx: %w", err) | ||
| } | ||
|
|
There was a problem hiding this comment.
Re my other comment, this is where we'd add the new custom global fields to allow external signers/coordinates to display meta data w.r.t what it actually being minted. We can also provide the information needed to derive the virtual tx in the first place (for additional validation).
| @@ -124,6 +124,9 @@ message UnsealedAsset { | |||
|
|
|||
| // The group virtual transaction for the asset. | |||
| taprpc.GroupVirtualTx group_virtual_tx = 3; | |||
|
|
|||
| // The byte serialized PSBT equivalent of the group virtual transaction. | |||
| string group_virtual_psbt = 4; | |||
There was a problem hiding this comment.
SealBatch can also optionally accept this.
| -- is used to store the root of the custom subtree for the asset group. The | ||
| -- custom subtree, if provided, represents a subtree of the final tapscript | ||
| -- tree. | ||
| ALTER TABLE asset_groups ADD COLUMN custom_subtree_root BLOB; |
There was a problem hiding this comment.
Why isn't the existing field sufficient?
There was a problem hiding this comment.
I think we only need the version here added for this migration.
| GroupPubKey: *tweakedGroupKey, | ||
| TapscriptRoot: tapscriptRoot, | ||
| Witness: groupWitness, | ||
| CustomTapscriptRoot: customSubtreeRootHash, |
There was a problem hiding this comment.
Should expand assertions for db tests to make sure these new fields are read/write properly.
Although I don't think we need the new custom tapscript root at all. We can get away with just one field, the existing one, instead of having to lug around two fields where one is a transformation of the other.
| @@ -501,6 +505,188 @@ func testMintFundSealAssets(t *harnessTest) { | |||
| }) | |||
| } | |||
|
|
|||
| // testMintExternalGroupKeyChantools tests that we're able to mint an asset | |||
| // using an external asset signing group key derived and managed by chantools. | |||
| func testMintExternalGroupKeyChantools(t *harnessTest) { | |||
There was a problem hiding this comment.
Great work. I have added some small comments throughout.
nit: the commit message of commit a993070 claims the commit populates the external key in the seedling instance, but I don't think that happens in that commit.
I would love to see a itest that tests the re-issuance of an asset with cold minting.
Would also like to see a unit test that tests both the V0 and the V1 flow re GroupTapscriptRoot and a custom tapscript root. Whatever approach we take regarding implicit or explicit flow @Roasbeef suggested, we will end up with two separate flows that are currently not fully covered by unit tests.
|
|
||
| if len(e.DerivationPath) != 5 { | ||
| return fmt.Errorf("derivation path must have exactly 5 " + | ||
| "componenets") |
There was a problem hiding this comment.
| "componenets") | |
| "components") |
| group key. This allows for future asset issuance authorized using a | ||
| script witness. | ||
| If an external group key is provided, the V1 scheme for group key script |
There was a problem hiding this comment.
Not sure if I understand @Roasbeef's suggestion here, but at least mention the default V0 scheme so that it is clear what we the change in behavior entails.
| ) | ||
| // Construct an asset group pub key. | ||
| genesisAssetID := req.AnchorGen.ID() | ||
| groupPubKey, err := req.NewGroupPubKey(genesisAssetID) |
There was a problem hiding this comment.
👍 I don't mind these small commits. Your commit narrative is very clear to me.
| assets.asset_id AS asset_primary_key, assets.genesis_id, version, spent, | ||
| assets.asset_id AS asset_primary_key, | ||
| assets.genesis_id, assets.version, | ||
| spent, |
There was a problem hiding this comment.
ultra-nit: What are our coding style guidelines re line breaks and such for SQL?
| -- assets we care about. We obtain only the assets found in the batch | ||
| -- above, with the WHERE query at the bottom. |
There was a problem hiding this comment.
This is copy pasta from the original migration file. The comment assets found in the batch above doesn't make sense here.
| -- assets we care about. We obtain only the assets found in the batch | |
| -- above, with the WHERE query at the bottom. | |
| -- assets we care about. We obtain the assets with the WHERE query at the | |
| -- bottom. |
This PR builds on Oli's WIP to demonstrate asset minting using the new V1 asset group key formulation. It integrates
chantoolsto mint assets with an external asset group signing key (taproot internal key), offering a viable option for users who wish to keep their asset group signing key in cold storage.A new integration test is included to simulate user behavior by leveraging
chantoolsvia the command line. The test verifies that the minter can successfully sign an asset into the asset group using the external asset group signing key.Notes for Reviewers
Work which will be included in a future PR(s), ordered by most important first:
ExternalKeytype and methods (draft: Add unit test for method ExternalKey.PubKey #1284)PendingAssetGroup.PSBT.