mirror of
https://github.com/lightningnetwork/lnd.git
synced 2025-01-19 05:45:21 +01:00
8405590152
In this commit, we update the set of protos to accept the local secret nonces over RPC. This is actually a 97 byte value, as it includes the two 32 byte nonces, as well as the 33 byte value of the public key of the signer. This is needed in order to be able to open taproot channels over the RPC interface.
698 lines
23 KiB
Protocol Buffer
698 lines
23 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package signrpc;
|
|
|
|
option go_package = "github.com/lightningnetwork/lnd/lnrpc/signrpc";
|
|
|
|
// Signer is a service that gives access to the signing functionality of the
|
|
// daemon's wallet.
|
|
service Signer {
|
|
/*
|
|
SignOutputRaw is a method that can be used to generated a signature for a
|
|
set of inputs/outputs to a transaction. Each request specifies details
|
|
concerning how the outputs should be signed, which keys they should be
|
|
signed with, and also any optional tweaks. The return value is a fixed
|
|
64-byte signature (the same format as we use on the wire in Lightning).
|
|
|
|
If we are unable to sign using the specified keys, then an error will be
|
|
returned.
|
|
*/
|
|
rpc SignOutputRaw (SignReq) returns (SignResp);
|
|
|
|
/*
|
|
ComputeInputScript generates a complete InputIndex for the passed
|
|
transaction with the signature as defined within the passed SignDescriptor.
|
|
This method should be capable of generating the proper input script for both
|
|
regular p2wkh/p2tr outputs and p2wkh outputs nested within a regular p2sh
|
|
output.
|
|
|
|
Note that when using this method to sign inputs belonging to the wallet,
|
|
the only items of the SignDescriptor that need to be populated are pkScript
|
|
in the TxOut field, the value in that same field, and finally the input
|
|
index.
|
|
*/
|
|
rpc ComputeInputScript (SignReq) returns (InputScriptResp);
|
|
|
|
/*
|
|
SignMessage signs a message with the key specified in the key locator. The
|
|
returned signature is fixed-size LN wire format encoded.
|
|
|
|
The main difference to SignMessage in the main RPC is that a specific key is
|
|
used to sign the message instead of the node identity private key.
|
|
*/
|
|
rpc SignMessage (SignMessageReq) returns (SignMessageResp);
|
|
|
|
/*
|
|
VerifyMessage verifies a signature over a message using the public key
|
|
provided. The signature must be fixed-size LN wire format encoded.
|
|
|
|
The main difference to VerifyMessage in the main RPC is that the public key
|
|
used to sign the message does not have to be a node known to the network.
|
|
*/
|
|
rpc VerifyMessage (VerifyMessageReq) returns (VerifyMessageResp);
|
|
|
|
/*
|
|
DeriveSharedKey returns a shared secret key by performing Diffie-Hellman key
|
|
derivation between the ephemeral public key in the request and the node's
|
|
key specified in the key_desc parameter. Either a key locator or a raw
|
|
public key is expected in the key_desc, if neither is supplied, defaults to
|
|
the node's identity private key:
|
|
P_shared = privKeyNode * ephemeralPubkey
|
|
The resulting shared public key is serialized in the compressed format and
|
|
hashed with sha256, resulting in the final key length of 256bit.
|
|
*/
|
|
rpc DeriveSharedKey (SharedKeyRequest) returns (SharedKeyResponse);
|
|
|
|
/*
|
|
MuSig2CombineKeys (experimental!) is a stateless helper RPC that can be used
|
|
to calculate the combined MuSig2 public key from a list of all participating
|
|
signers' public keys. This RPC is completely stateless and deterministic and
|
|
does not create any signing session. It can be used to determine the Taproot
|
|
public key that should be put in an on-chain output once all public keys are
|
|
known. A signing session is only needed later when that output should be
|
|
_spent_ again.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2CombineKeys (MuSig2CombineKeysRequest)
|
|
returns (MuSig2CombineKeysResponse);
|
|
|
|
/*
|
|
MuSig2CreateSession (experimental!) creates a new MuSig2 signing session
|
|
using the local key identified by the key locator. The complete list of all
|
|
public keys of all signing parties must be provided, including the public
|
|
key of the local signing key. If nonces of other parties are already known,
|
|
they can be submitted as well to reduce the number of RPC calls necessary
|
|
later on.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2CreateSession (MuSig2SessionRequest)
|
|
returns (MuSig2SessionResponse);
|
|
|
|
/*
|
|
MuSig2RegisterNonces (experimental!) registers one or more public nonces of
|
|
other signing participants for a session identified by its ID. This RPC can
|
|
be called multiple times until all nonces are registered.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2RegisterNonces (MuSig2RegisterNoncesRequest)
|
|
returns (MuSig2RegisterNoncesResponse);
|
|
|
|
/*
|
|
MuSig2Sign (experimental!) creates a partial signature using the local
|
|
signing key that was specified when the session was created. This can only
|
|
be called when all public nonces of all participants are known and have been
|
|
registered with the session. If this node isn't responsible for combining
|
|
all the partial signatures, then the cleanup flag should be set, indicating
|
|
that the session can be removed from memory once the signature was produced.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2Sign (MuSig2SignRequest) returns (MuSig2SignResponse);
|
|
|
|
/*
|
|
MuSig2CombineSig (experimental!) combines the given partial signature(s)
|
|
with the local one, if it already exists. Once a partial signature of all
|
|
participants is registered, the final signature will be combined and
|
|
returned.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2CombineSig (MuSig2CombineSigRequest)
|
|
returns (MuSig2CombineSigResponse);
|
|
|
|
/*
|
|
MuSig2Cleanup (experimental!) allows a caller to clean up a session early in
|
|
cases where it's obvious that the signing session won't succeed and the
|
|
resources can be released.
|
|
|
|
NOTE: The MuSig2 BIP is not final yet and therefore this API must be
|
|
considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming
|
|
releases. Backward compatibility is not guaranteed!
|
|
*/
|
|
rpc MuSig2Cleanup (MuSig2CleanupRequest) returns (MuSig2CleanupResponse);
|
|
}
|
|
|
|
message KeyLocator {
|
|
// The family of key being identified.
|
|
int32 key_family = 1;
|
|
|
|
// The precise index of the key being identified.
|
|
int32 key_index = 2;
|
|
}
|
|
|
|
message KeyDescriptor {
|
|
/*
|
|
The raw bytes of the public key in the key pair being identified. Either
|
|
this or the KeyLocator must be specified.
|
|
*/
|
|
bytes raw_key_bytes = 1;
|
|
|
|
/*
|
|
The key locator that identifies which private key to use for signing.
|
|
Either this or the raw bytes of the target public key must be specified.
|
|
*/
|
|
KeyLocator key_loc = 2;
|
|
}
|
|
|
|
message TxOut {
|
|
// The value of the output being spent.
|
|
int64 value = 1;
|
|
|
|
// The script of the output being spent.
|
|
bytes pk_script = 2;
|
|
}
|
|
|
|
enum SignMethod {
|
|
/*
|
|
Specifies that a SegWit v0 (p2wkh, np2wkh, p2wsh) input script should be
|
|
signed.
|
|
*/
|
|
SIGN_METHOD_WITNESS_V0 = 0;
|
|
|
|
/*
|
|
Specifies that a SegWit v1 (p2tr) input should be signed by using the
|
|
BIP0086 method (commit to internal key only).
|
|
*/
|
|
SIGN_METHOD_TAPROOT_KEY_SPEND_BIP0086 = 1;
|
|
|
|
/*
|
|
Specifies that a SegWit v1 (p2tr) input should be signed by using a given
|
|
taproot hash to commit to in addition to the internal key.
|
|
*/
|
|
SIGN_METHOD_TAPROOT_KEY_SPEND = 2;
|
|
|
|
/*
|
|
Specifies that a SegWit v1 (p2tr) input should be spent using the script
|
|
path and that a specific leaf script should be signed for.
|
|
*/
|
|
SIGN_METHOD_TAPROOT_SCRIPT_SPEND = 3;
|
|
}
|
|
|
|
message SignDescriptor {
|
|
/*
|
|
A descriptor that precisely describes *which* key to use for signing. This
|
|
may provide the raw public key directly, or require the Signer to re-derive
|
|
the key according to the populated derivation path.
|
|
|
|
Note that if the key descriptor was obtained through walletrpc.DeriveKey,
|
|
then the key locator MUST always be provided, since the derived keys are not
|
|
persisted unlike with DeriveNextKey.
|
|
*/
|
|
KeyDescriptor key_desc = 1;
|
|
|
|
/*
|
|
A scalar value that will be added to the private key corresponding to the
|
|
above public key to obtain the private key to be used to sign this input.
|
|
This value is typically derived via the following computation:
|
|
|
|
* derivedKey = privkey + sha256(perCommitmentPoint || pubKey) mod N
|
|
*/
|
|
bytes single_tweak = 2;
|
|
|
|
/*
|
|
A private key that will be used in combination with its corresponding
|
|
private key to derive the private key that is to be used to sign the target
|
|
input. Within the Lightning protocol, this value is typically the
|
|
commitment secret from a previously revoked commitment transaction. This
|
|
value is in combination with two hash values, and the original private key
|
|
to derive the private key to be used when signing.
|
|
|
|
* k = (privKey*sha256(pubKey || tweakPub) +
|
|
tweakPriv*sha256(tweakPub || pubKey)) mod N
|
|
*/
|
|
bytes double_tweak = 3;
|
|
|
|
/*
|
|
The 32 byte input to the taproot tweak derivation that is used to derive
|
|
the output key from an internal key: outputKey = internalKey +
|
|
tagged_hash("tapTweak", internalKey || tapTweak).
|
|
|
|
When doing a BIP 86 spend, this field can be an empty byte slice.
|
|
|
|
When doing a normal key path spend, with the output key committing to an
|
|
actual script root, then this field should be: the tapscript root hash.
|
|
*/
|
|
bytes tap_tweak = 10;
|
|
|
|
/*
|
|
The full script required to properly redeem the output. This field will
|
|
only be populated if a p2tr, p2wsh or a p2sh output is being signed. If a
|
|
taproot script path spend is being attempted, then this should be the raw
|
|
leaf script.
|
|
*/
|
|
bytes witness_script = 4;
|
|
|
|
/*
|
|
A description of the output being spent. The value and script MUST be
|
|
provided.
|
|
*/
|
|
TxOut output = 5;
|
|
|
|
/*
|
|
The target sighash type that should be used when generating the final
|
|
sighash, and signature.
|
|
*/
|
|
uint32 sighash = 7;
|
|
|
|
/*
|
|
The target input within the transaction that should be signed.
|
|
*/
|
|
int32 input_index = 8;
|
|
|
|
/*
|
|
The sign method specifies how the input should be signed. Depending on the
|
|
method, either the tap_tweak, witness_script or both need to be specified.
|
|
Defaults to SegWit v0 signing to be backward compatible with older RPC
|
|
clients.
|
|
*/
|
|
SignMethod sign_method = 9;
|
|
}
|
|
|
|
message SignReq {
|
|
// The raw bytes of the transaction to be signed.
|
|
bytes raw_tx_bytes = 1;
|
|
|
|
// A set of sign descriptors, for each input to be signed.
|
|
repeated SignDescriptor sign_descs = 2;
|
|
|
|
/*
|
|
The full list of UTXO information for each of the inputs being spent. This
|
|
is required when spending one or more taproot (SegWit v1) outputs.
|
|
*/
|
|
repeated TxOut prev_outputs = 3;
|
|
}
|
|
|
|
message SignResp {
|
|
/*
|
|
A set of signatures realized in a fixed 64-byte format ordered in ascending
|
|
input order.
|
|
*/
|
|
repeated bytes raw_sigs = 1;
|
|
}
|
|
|
|
message InputScript {
|
|
// The serializes witness stack for the specified input.
|
|
repeated bytes witness = 1;
|
|
|
|
/*
|
|
The optional sig script for the specified witness that will only be set if
|
|
the input specified is a nested p2sh witness program.
|
|
*/
|
|
bytes sig_script = 2;
|
|
}
|
|
|
|
message InputScriptResp {
|
|
// The set of fully valid input scripts requested.
|
|
repeated InputScript input_scripts = 1;
|
|
}
|
|
|
|
message SignMessageReq {
|
|
/*
|
|
The message to be signed. When using REST, this field must be encoded as
|
|
base64.
|
|
*/
|
|
bytes msg = 1;
|
|
|
|
// The key locator that identifies which key to use for signing.
|
|
KeyLocator key_loc = 2;
|
|
|
|
// Double-SHA256 hash instead of just the default single round.
|
|
bool double_hash = 3;
|
|
|
|
/*
|
|
Use the compact (pubkey recoverable) format instead of the raw lnwire
|
|
format. This option cannot be used with Schnorr signatures.
|
|
*/
|
|
bool compact_sig = 4;
|
|
|
|
/*
|
|
Use Schnorr signature. This option cannot be used with compact format.
|
|
*/
|
|
bool schnorr_sig = 5;
|
|
|
|
/*
|
|
The optional Taproot tweak bytes to apply to the private key before creating
|
|
a Schnorr signature. The private key is tweaked as described in BIP-341:
|
|
privKey + h_tapTweak(internalKey || tapTweak)
|
|
*/
|
|
bytes schnorr_sig_tap_tweak = 6;
|
|
}
|
|
message SignMessageResp {
|
|
/*
|
|
The signature for the given message in the fixed-size LN wire format.
|
|
*/
|
|
bytes signature = 1;
|
|
}
|
|
|
|
message VerifyMessageReq {
|
|
// The message over which the signature is to be verified. When using
|
|
// REST, this field must be encoded as base64.
|
|
bytes msg = 1;
|
|
|
|
/*
|
|
The fixed-size LN wire encoded signature to be verified over the given
|
|
message. When using REST, this field must be encoded as base64.
|
|
*/
|
|
bytes signature = 2;
|
|
|
|
/*
|
|
The public key the signature has to be valid for. When using REST, this
|
|
field must be encoded as base64. If the is_schnorr_sig option is true, then
|
|
the public key is expected to be in the 32-byte x-only serialization
|
|
according to BIP-340.
|
|
*/
|
|
bytes pubkey = 3;
|
|
|
|
/*
|
|
Specifies if the signature is a Schnorr signature.
|
|
*/
|
|
bool is_schnorr_sig = 4;
|
|
}
|
|
|
|
message VerifyMessageResp {
|
|
// Whether the signature was valid over the given message.
|
|
bool valid = 1;
|
|
}
|
|
|
|
message SharedKeyRequest {
|
|
// The ephemeral public key to use for the DH key derivation.
|
|
bytes ephemeral_pubkey = 1;
|
|
|
|
/*
|
|
Deprecated. The optional key locator of the local key that should be used.
|
|
If this parameter is not set then the node's identity private key will be
|
|
used.
|
|
*/
|
|
KeyLocator key_loc = 2 [deprecated = true];
|
|
|
|
/*
|
|
A key descriptor describes the key used for performing ECDH. Either a key
|
|
locator or a raw public key is expected, if neither is supplied, defaults to
|
|
the node's identity private key.
|
|
*/
|
|
KeyDescriptor key_desc = 3;
|
|
}
|
|
|
|
message SharedKeyResponse {
|
|
// The shared public key, hashed with sha256.
|
|
bytes shared_key = 1;
|
|
}
|
|
|
|
message TweakDesc {
|
|
/*
|
|
Tweak is the 32-byte value that will modify the public key.
|
|
*/
|
|
bytes tweak = 1;
|
|
|
|
/*
|
|
Specifies if the target key should be converted to an x-only public key
|
|
before tweaking. If true, then the public key will be mapped to an x-only
|
|
key before the tweaking operation is applied.
|
|
*/
|
|
bool is_x_only = 2;
|
|
}
|
|
|
|
message TaprootTweakDesc {
|
|
/*
|
|
The root hash of the tapscript tree if a script path is committed to. If
|
|
the MuSig2 key put on chain doesn't also commit to a script path (BIP-0086
|
|
key spend only), then this needs to be empty and the key_spend_only field
|
|
below must be set to true. This is required because gRPC cannot
|
|
differentiate between a zero-size byte slice and a nil byte slice (both
|
|
would be serialized the same way). So the extra boolean is required.
|
|
*/
|
|
bytes script_root = 1;
|
|
|
|
/*
|
|
Indicates that the above script_root is expected to be empty because this
|
|
is a BIP-0086 key spend only commitment where only the internal key is
|
|
committed to instead of also including a script root hash.
|
|
*/
|
|
bool key_spend_only = 2;
|
|
}
|
|
|
|
enum MuSig2Version {
|
|
/*
|
|
The default value on the RPC is zero for enums so we need to represent an
|
|
invalid/undefined version by default to make sure clients upgrade their
|
|
software to set the version explicitly.
|
|
*/
|
|
MUSIG2_VERSION_UNDEFINED = 0;
|
|
|
|
/*
|
|
The version of MuSig2 that lnd 0.15.x shipped with, which corresponds to the
|
|
version v0.4.0 of the MuSig2 BIP draft.
|
|
*/
|
|
MUSIG2_VERSION_V040 = 1;
|
|
|
|
/*
|
|
The current version of MuSig2 which corresponds to the version v1.0.0rc2 of
|
|
the MuSig2 BIP draft.
|
|
*/
|
|
MUSIG2_VERSION_V100RC2 = 2;
|
|
}
|
|
|
|
message MuSig2CombineKeysRequest {
|
|
/*
|
|
A list of all public keys (serialized in 32-byte x-only format for v0.4.0
|
|
and 33-byte compressed format for v1.0.0rc2!) participating in the signing
|
|
session. The list will always be sorted lexicographically internally. This
|
|
must include the local key which is described by the above key_loc.
|
|
*/
|
|
repeated bytes all_signer_pubkeys = 1;
|
|
|
|
/*
|
|
A series of optional generic tweaks to be applied to the the aggregated
|
|
public key.
|
|
*/
|
|
repeated TweakDesc tweaks = 2;
|
|
|
|
/*
|
|
An optional taproot specific tweak that must be specified if the MuSig2
|
|
combined key will be used as the main taproot key of a taproot output
|
|
on-chain.
|
|
*/
|
|
TaprootTweakDesc taproot_tweak = 3;
|
|
|
|
/*
|
|
The mandatory version of the MuSig2 BIP draft to use. This is necessary to
|
|
differentiate between the changes that were made to the BIP while this
|
|
experimental RPC was already released. Some of those changes affect how the
|
|
combined key and nonces are created.
|
|
*/
|
|
MuSig2Version version = 4;
|
|
}
|
|
|
|
message MuSig2CombineKeysResponse {
|
|
/*
|
|
The combined public key (in the 32-byte x-only format) with all tweaks
|
|
applied to it. If a taproot tweak is specified, this corresponds to the
|
|
taproot key that can be put into the on-chain output.
|
|
*/
|
|
bytes combined_key = 1;
|
|
|
|
/*
|
|
The raw combined public key (in the 32-byte x-only format) before any tweaks
|
|
are applied to it. If a taproot tweak is specified, this corresponds to the
|
|
internal key that needs to be put into the witness if the script spend path
|
|
is used.
|
|
*/
|
|
bytes taproot_internal_key = 2;
|
|
|
|
/*
|
|
The version of the MuSig2 BIP that was used to combine the keys.
|
|
*/
|
|
MuSig2Version version = 4;
|
|
}
|
|
|
|
message MuSig2SessionRequest {
|
|
/*
|
|
The key locator that identifies which key to use for signing.
|
|
*/
|
|
KeyLocator key_loc = 1;
|
|
|
|
/*
|
|
A list of all public keys (serialized in 32-byte x-only format for v0.4.0
|
|
and 33-byte compressed format for v1.0.0rc2!) participating in the signing
|
|
session. The list will always be sorted lexicographically internally. This
|
|
must include the local key which is described by the above key_loc.
|
|
*/
|
|
repeated bytes all_signer_pubkeys = 2;
|
|
|
|
/*
|
|
An optional list of all public nonces of other signing participants that
|
|
might already be known.
|
|
*/
|
|
repeated bytes other_signer_public_nonces = 3;
|
|
|
|
/*
|
|
A series of optional generic tweaks to be applied to the the aggregated
|
|
public key.
|
|
*/
|
|
repeated TweakDesc tweaks = 4;
|
|
|
|
/*
|
|
An optional taproot specific tweak that must be specified if the MuSig2
|
|
combined key will be used as the main taproot key of a taproot output
|
|
on-chain.
|
|
*/
|
|
TaprootTweakDesc taproot_tweak = 5;
|
|
|
|
/*
|
|
The mandatory version of the MuSig2 BIP draft to use. This is necessary to
|
|
differentiate between the changes that were made to the BIP while this
|
|
experimental RPC was already released. Some of those changes affect how the
|
|
combined key and nonces are created.
|
|
*/
|
|
MuSig2Version version = 6;
|
|
|
|
/*
|
|
A set of pre generated secret local nonces to use in the musig2 session.
|
|
This field is optional. This can be useful for protocols that need to send
|
|
nonces ahead of time before the set of signer keys are known. This value
|
|
MUST be 97 bytes and be the concatenation of two CSPRNG generated 32 byte
|
|
values and local public key used for signing as specified in the key_loc
|
|
field.
|
|
*/
|
|
bytes pregenerated_local_nonce = 7;
|
|
}
|
|
|
|
message MuSig2SessionResponse {
|
|
/*
|
|
The unique ID that represents this signing session. A session can be used
|
|
for producing a signature a single time. If the signing fails for any
|
|
reason, a new session with the same participants needs to be created.
|
|
*/
|
|
bytes session_id = 1;
|
|
|
|
/*
|
|
The combined public key (in the 32-byte x-only format) with all tweaks
|
|
applied to it. If a taproot tweak is specified, this corresponds to the
|
|
taproot key that can be put into the on-chain output.
|
|
*/
|
|
bytes combined_key = 2;
|
|
|
|
/*
|
|
The raw combined public key (in the 32-byte x-only format) before any tweaks
|
|
are applied to it. If a taproot tweak is specified, this corresponds to the
|
|
internal key that needs to be put into the witness if the script spend path
|
|
is used.
|
|
*/
|
|
bytes taproot_internal_key = 3;
|
|
|
|
/*
|
|
The two public nonces the local signer uses, combined into a single value
|
|
of 66 bytes. Can be split into the two 33-byte points to get the individual
|
|
nonces.
|
|
*/
|
|
bytes local_public_nonces = 4;
|
|
|
|
/*
|
|
Indicates whether all nonces required to start the signing process are known
|
|
now.
|
|
*/
|
|
bool have_all_nonces = 5;
|
|
|
|
/*
|
|
The version of the MuSig2 BIP that was used to create the session.
|
|
*/
|
|
MuSig2Version version = 6;
|
|
}
|
|
|
|
message MuSig2RegisterNoncesRequest {
|
|
/*
|
|
The unique ID of the signing session those nonces should be registered with.
|
|
*/
|
|
bytes session_id = 1;
|
|
|
|
/*
|
|
A list of all public nonces of other signing participants that should be
|
|
registered.
|
|
*/
|
|
repeated bytes other_signer_public_nonces = 3;
|
|
}
|
|
|
|
message MuSig2RegisterNoncesResponse {
|
|
/*
|
|
Indicates whether all nonces required to start the signing process are known
|
|
now.
|
|
*/
|
|
bool have_all_nonces = 1;
|
|
}
|
|
|
|
message MuSig2SignRequest {
|
|
/*
|
|
The unique ID of the signing session to use for signing.
|
|
*/
|
|
bytes session_id = 1;
|
|
|
|
/*
|
|
The 32-byte SHA256 digest of the message to sign.
|
|
*/
|
|
bytes message_digest = 2;
|
|
|
|
/*
|
|
Cleanup indicates that after signing, the session state can be cleaned up,
|
|
since another participant is going to be responsible for combining the
|
|
partial signatures.
|
|
*/
|
|
bool cleanup = 3;
|
|
}
|
|
|
|
message MuSig2SignResponse {
|
|
/*
|
|
The partial signature created by the local signer.
|
|
*/
|
|
bytes local_partial_signature = 1;
|
|
}
|
|
|
|
message MuSig2CombineSigRequest {
|
|
/*
|
|
The unique ID of the signing session to combine the signatures for.
|
|
*/
|
|
bytes session_id = 1;
|
|
|
|
/*
|
|
The list of all other participants' partial signatures to add to the current
|
|
session.
|
|
*/
|
|
repeated bytes other_partial_signatures = 2;
|
|
}
|
|
|
|
message MuSig2CombineSigResponse {
|
|
/*
|
|
Indicates whether all partial signatures required to create a final, full
|
|
signature are known yet. If this is true, then the final_signature field is
|
|
set, otherwise it is empty.
|
|
*/
|
|
bool have_all_signatures = 1;
|
|
|
|
/*
|
|
The final, full signature that is valid for the combined public key.
|
|
*/
|
|
bytes final_signature = 2;
|
|
}
|
|
|
|
message MuSig2CleanupRequest {
|
|
/*
|
|
The unique ID of the signing session that should be removed/cleaned up.
|
|
*/
|
|
bytes session_id = 1;
|
|
}
|
|
|
|
message MuSig2CleanupResponse {
|
|
}
|