Group key witness support #490
Conversation
|
I don't see a neat solution to the dependency cycle issues, so just moving some of the virtual TX creation logic for these special group genesis assets into |
I think so? Would imagine the main interface can stay, then the implementation of
What do you mean by this? The script path auth is just the existing witness field right? Or do you mean the group key derivation reveal? The group key witness (for minting) should be more or less the same as the flow for signing virtual txns normally. IIUC, we don't need any new fields in the In other words, the group key witness is the same thing as signing a normal virtual tx. The only difference is that the input key is the group key, instead of the actual previous asset input. The output then commits to the script key for minting as normal. |
From the RPC level, what data types to I need to provide as arguments when minting a grouped asset into a group, where I want to use a script path and not a simple signature? And then, how does that get passed in to the final signing descriptor (I think this part is clearer to me now). |
Ah, I think for that, we'd just make sure we're able to handle such spends internally via unit tests, then defer the expansion of the RPC interface to satisfy more complex group minting conditions. So to start, we can just allow them to specify their own group key and we use that instead of the auto generated one. The caller would then need to handle storing all the tapcript leaves, just like the itests we have to do non keyspend spends for normal assets. With that said, if we wanted to do some design sketches, I'd say:
You'd need to specify:
We can't necessarily generate the witness ourselves, as we may not even control the key used. Instead, the caller would use the
We don't do signing in this context, as we might not be able to. The minting witness is just the witness of a "normal" spend, but it can spend the "all zero" outpoint, as it's a proof that the group key can be satisfied. You can think of it like the PSBT based channel funding for lnd: we don't know what inputs the caller is using, but we can provide them with the information needed to make the funding transaction (the funding outpoint). |
|
Read through the feedback, my current plan is:
WIP branch is here which I'll swap in to this PR: https://github.com/lightninglabs/taproot-assets/tree/group-key-witness-support-wip |
jharveyb
force-pushed
the
group-key-witness-support
branch
from
afe2f53 to
843584a
Compare
|
Latest version is on this branch with the described changes. The commits were re-done and should be relatively readable. Moving on to improving test coverage. |
|
Another source of dependency issues: taproot-assets/commitment/asset.go Line 151 in 843584a Verifying the group witness on asset commitment insertion. |
So I think we can actually move this out entirely. Looks like the only time we call |
| // Compute the tweaked group key and set it in the asset before | ||
| // creating the virtual minting transaction. | ||
| genesisTweak := initialGen.ID() | ||
| tweakedGroupKey, err := GroupPubKey(rawKey.PubKey, genesisTweak[:], nil) |
There was a problem hiding this comment.
Eventually should also have the script root here. Could have it be a functional option or something like that for now.
jharveyb
force-pushed
the
group-key-witness-support
branch
2 times, most recently
from
d02d4ac to
f9b692f
Compare
|
Addressed a few comments, updated this main branch and the WIP branch with unfinished test fixes here: https://github.com/lightninglabs/taproot-assets/tree/group-key-witness-support-wip There was an issue with not using the correct branching condition in However, VM validation for normal state transitions is now failing, so I think the branch condition as I've written it is too broad - I think this could be fixed by also considering If both the new asset and the prev asset are genesis grouped assets, then it must be a genesis grouped asset mint, branch to VirtualGenesisTxIn. We still have the sanity check very early in the VM that I think should stay as The WIP branch also has some fixes for other tests but those haven't been exercised yet since they usually depend on the VM working anyways. |
guggero
force-pushed
the
v0-3-0-staging
branch
from
c4bddfa to
eafaca4
Compare
jharveyb
force-pushed
the
group-key-witness-support
branch
2 times, most recently
from
fb3ddaf to
3a32d59
Compare
jharveyb
force-pushed
the
group-key-witness-support
branch
from
3a32d59 to
9bd6cdf
Compare
|
Unit tests (excluding one checking the generated proof file) are passing, moving on to itest fixes now. |
jharveyb
force-pushed
the
group-key-witness-support
branch
from
9bd6cdf to
7618af1
Compare
|
Latest push is further fixes to address some unit test fixes + fix group insertion when syncing from a Universe (h/t guggero). Most itests pass, but reissuance does not work - adding a |
|
Adding a From offline discussion, I realized that the GroupKeyReveal should be omitted for genesis proofs of reissued assets, and instead the asset's group key should only be checked against stored group keys to ensure that the daemon has previously verified the group anchor (along with group witness verification). However, this introduces new ordering constraints in many places where we handle grouped assets (storing to disk, verifying a proof, or populating a universe tree). The anchor asset for a group MUST be inserted before attempting to verify or store any other member of that asset group. Right now many DB operations are unordered over e.x. the set of all assets in a minting batch, which I'm updating now. |
jharveyb
force-pushed
the
group-key-witness-support
branch
from
02e13fa to
d4ce176
Compare
guggero
force-pushed
the
v0-3-0-staging
branch
from
eafaca4 to
cbcfdd7
Compare
In this commit, we switch the group tapscript root to a slice to better represent an empty tapscript root (BIP-86 tweaking). We also fix some areas where a non-nil root on disk was not returned from DB queries.
In this commit, we define valid genesis assets when members of a group. We also define virtual TxIns and TxOuts for such assets. We combine these changes to support making VirtualTxs for genesis grouped assets with existing virtualTx constructors.
jharveyb
force-pushed
the
group-key-witness-support
branch
from
6476137 to
394a02d
Compare
In this commit, we define a new interface for constructing virtual transactions used to represent minting of grouped assets, GenesisTxBuilder. We also redefine GenesisSigner to match VirtualTxSigner, as they both use the same underlying signing API.
In this commit, we modify the early VM sanity checks to prevent an early exit for genesis grouped assets. We also add support for the GenesisPrevOutFetcher, which is needed for virtual TX construction in the VM to match the TX used to produce the group witness.
In this commit, we update DeriveGroupKey to construct a virtualTx representing the mint and produce a witness using the new group key definition that supports script-path spends.
In this commit, we extend the config used to initialize the planter to include the new interfaces needed for group asset minting. We also reorder some operations in the caretaker to simplify the usage of DeriveGroupKey.
In this commit, we update the minter the ensure that valid group witnesses are preesent in genesis grouped assets. Group witnesses are now copied into the asset PrevWitness on asset creation, and then validated by the VM before the minter continues sprouting seedlings.
In this commit, we introduce two new verifier callbacks, which are needed to check that group keys attached to assets have already been imported and verified. This is relevant during proof verification, minting, and universe sync, amongst other areas.
In this commit, we update proof verification to verify group keys for reissued assets and grouped asset transfers. We also update callers of proof.Verify() to passthrough group verifier callbacks.
In this commit, we address the issue of asset insertion ordering during minting. Group anchors must be inserted before reissued assets in the same batch for group info to be stored correctly and asset verification to succeed. We also update configs for other minting subsystems to propogate group verifier callbacks.
In this commit, we ensure that issuances for grouped assets are handled correctly during universe sync. This requires inserting group anchors before reissuances. We also update the group key insertion on universe sync to handle both group anchors and reissuances.
In this commit, we remove vestigial verification of group witnesses when constructing an asset commitment or upserting a leaf that was a grouped asset. This verification is now done on asset minting, proof export and import, and when syncing bootstrap information for an asset group.
jharveyb
force-pushed
the
group-key-witness-support
branch
from
394a02d to
6686744
Compare
|
Rebased and addressed most recent feedback. |
Implements changes outlined in #466.
Known TODOs:
DeriveGroupKeyto verify witness correctnessasset.PrevWitnesseswhere need so the witness gets serializedproof.Verifyto use new genesis asset definitiontapscriptpackageApproach:
Modify the
virtualTxmethods to add new branches for creating a virtual TX for a genesis grouped asset.Modify the VM to prevent an early exit for genesis grouped assets, and add early assertions for such assets.
Update
DeriveGroupKeyto sign over a virtualTx representing minting of a genesis grouped asset.Update
DeriveGroupKeyto accept external scripts and support different signing methods.Open questions:
Can we reuse the existing
VirtualTxSignerfor theGenesisSigner?Is there other data needed for a group key script path authorization here besides a single
TapLeaf? InCreateTaprootSignatureI see validation against other fields but not use of those other fields for signing.How can we resolve the
tapscriptdependency cycle? I see two issues, one being the placement ofRawKeyGenesisSignercode, which AFAICT is only used in tests. The other is that, theassetpackage can't call methods from thetapscriptpackage without causing a cycle, but with the current setupDeriveGroupKeymust build a virtual TX at some point. I think one option may be to move some of the group signing logic into thetapscriptpackage. As-is I think the definition ofDeriveGroupKeycould move intotapscriptand self-contained parts of that logic could stay in theassetpackage.