Merge pull request #10436 from ellemouton/musigRegisterAggNonce

Author: ellemouton

docs/release-notes/release-notes-0.21.0.md

@@ -50,6 +50,14 @@
 
 ## RPC Additions
 
+* [Added support for coordinator-based MuSig2 signing
+  patterns](https://github.com/lightningnetwork/lnd/pull/10436) with two new
+  RPCs: `MuSig2RegisterCombinedNonce` allows registering a pre-aggregated
+  combined nonce for a session (useful when a coordinator aggregates all nonces
+  externally), and `MuSig2GetCombinedNonce` retrieves the combined nonce after
+  it becomes available. These methods provide an alternative to the standard
+  `MuSig2RegisterNonces` workflow and are only supported in MuSig2 v1.0.0rc2.
+
 ## lncli Additions
 
 # Improvements

go.mod

@@ -5,7 +5,7 @@ require (
 	github.com/Yawning/aez v0.0.0-20211027044916-e49e68abd344
 	github.com/andybalholm/brotli v1.0.4
 	github.com/btcsuite/btcd v0.24.3-0.20250318170759-4f4ea81776d6
-	github.com/btcsuite/btcd/btcec/v2 v2.3.4
+	github.com/btcsuite/btcd/btcec/v2 v2.3.6
 	github.com/btcsuite/btcd/btcutil v1.1.5
 	github.com/btcsuite/btcd/btcutil/psbt v1.1.8
 	github.com/btcsuite/btcd/chaincfg/chainhash v1.1.0

go.sum

@@ -46,8 +46,8 @@ github.com/btcsuite/btcd v0.24.3-0.20250318170759-4f4ea81776d6 h1:8n9k3I7e8DkpdQ
 github.com/btcsuite/btcd v0.24.3-0.20250318170759-4f4ea81776d6/go.mod h1:OmM4kFtB0klaG/ZqT86rQiyw/1iyXlJgc3UHClPhhbs=
 github.com/btcsuite/btcd/btcec/v2 v2.1.0/go.mod h1:2VzYrv4Gm4apmbVVsSq5bqf1Ec8v56E48Vt0Y/umPgA=
 github.com/btcsuite/btcd/btcec/v2 v2.1.3/go.mod h1:ctjw4H1kknNJmRN4iP1R7bTQ+v3GJkZBd6mui8ZsAZE=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4 h1:3EJjcN70HCu/mwqlUsGK8GcNVyLVxFDlWurTXGPFfiQ=
-github.com/btcsuite/btcd/btcec/v2 v2.3.4/go.mod h1:zYzJ8etWJQIv1Ogk7OzpWjowwOdXY1W/17j2MW85J04=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6 h1:IzlsEr9olcSRKB/n7c4351F3xHKxS2lma+1UFGCYd4E=
+github.com/btcsuite/btcd/btcec/v2 v2.3.6/go.mod h1:m22FrOAiuxl/tht9wIqAoGHcbnCCaPWyauO8y2LGGtQ=
 github.com/btcsuite/btcd/btcutil v1.0.0/go.mod h1:Uoxwv0pqYWhD//tfTiipkxNfdhG9UrLwaeswfjfdF0A=
 github.com/btcsuite/btcd/btcutil v1.1.0/go.mod h1:5OapHB7A2hBBWLm48mmw4MOHNJCcUBTwmWH/0Jn8VHE=
 github.com/btcsuite/btcd/btcutil v1.1.5 h1:+wER79R5670vs/ZusMTF1yTcRYE5GUsFbdjdisflzM8=

input/mocks.go

@@ -258,6 +258,29 @@ func (m *MockInputSigner) MuSig2RegisterNonces(versio MuSig2SessionID,
 	return args.Bool(0), args.Error(1)
 }
 
+// MuSig2RegisterCombinedNonce registers a pre-aggregated combined nonce for a
+// session identified by its ID.
+func (m *MockInputSigner) MuSig2RegisterCombinedNonce(sessionID MuSig2SessionID,
+	combinedNonce [musig2.PubNonceSize]byte) error {
+
+	args := m.Called(sessionID, combinedNonce)
+
+	return args.Error(0)
+}
+
+// MuSig2GetCombinedNonce retrieves the combined nonce for a session identified
+// by its ID.
+func (m *MockInputSigner) MuSig2GetCombinedNonce(sessionID MuSig2SessionID) (
+	[musig2.PubNonceSize]byte, error) {
+
+	args := m.Called(sessionID)
+	if args.Get(0) == nil {
+		return [musig2.PubNonceSize]byte{}, args.Error(1)
+	}
+
+	return args.Get(0).([musig2.PubNonceSize]byte), args.Error(1)
+}
+
 // MuSig2Sign creates a partial signature using the local signing key that was
 // specified when the session was created.
 func (m *MockInputSigner) MuSig2Sign(sessionID MuSig2SessionID,

input/musig2.go

@@ -64,6 +64,25 @@ type MuSig2Signer interface {
 	MuSig2RegisterNonces(MuSig2SessionID,
 		[][musig2.PubNonceSize]byte) (bool, error)
 
+	// MuSig2RegisterCombinedNonce registers a pre-aggregated combined nonce
+	// for a session identified by its ID. This is an alternative to
+	// MuSig2RegisterNonces and is used when a coordinator has already
+	// aggregated all individual nonces and wants to distribute the combined
+	// nonce to participants.
+	//
+	// NOTE: This method is mutually exclusive with MuSig2RegisterNonces for
+	// the same session. Once this method is called, MuSig2RegisterNonces
+	// will return an error if called later for the same session.
+	MuSig2RegisterCombinedNonce(MuSig2SessionID,
+		[musig2.PubNonceSize]byte) error
+
+	// MuSig2GetCombinedNonce retrieves the combined nonce for a session
+	// identified by its ID. This will be available after either all
+	// individual nonces have been registered via MuSig2RegisterNonces, or a
+	// combined nonce has been registered via MuSig2RegisterCombinedNonce.
+	MuSig2GetCombinedNonce(MuSig2SessionID) ([musig2.PubNonceSize]byte,
+		error)
+
 	// MuSig2Sign creates a partial signature using the local signing key
 	// that was specified when the session was created. This can only be
 	// called when all public nonces of all participants are known and have
@@ -130,6 +149,26 @@ type MuSig2Session interface {
 	// of signers. This method returns true once all the public nonces have
 	// been accounted for.
 	RegisterPubNonce(nonce [musig2.PubNonceSize]byte) (bool, error)
+
+	// CombinedNonce returns the combined/aggregated public nonce for the
+	// session. This will be available after either all individual nonces
+	// have been registered via RegisterPubNonce, or a combined nonce has
+	// been registered via RegisterCombinedNonce.
+	//
+	// If the combined nonce is not yet available, this method returns an
+	// error.
+	CombinedNonce() ([musig2.PubNonceSize]byte, error)
+
+	// RegisterCombinedNonce allows a caller to directly register a
+	// pre-aggregated nonce that was generated externally. This is useful
+	// in coordinator-based protocols where the coordinator aggregates all
+	// nonces and distributes the combined nonce to participants.
+	//
+	// NOTE: This method is mutually exclusive with RegisterPubNonce. Once
+	// this method is called, RegisterPubNonce will return an error if
+	// called later. Similarly, if RegisterPubNonce has already been called,
+	// this method will return an error.
+	RegisterCombinedNonce(combinedNonce [musig2.PubNonceSize]byte) error
 }
 
 // MuSig2SessionInfo is a struct for keeping track of a signing session

input/musig2_session_manager.go

@@ -302,3 +302,70 @@ func (m *MusigSessionManager) MuSig2RegisterNonces(sessionID MuSig2SessionID,
 
 	return session.HaveAllNonces, nil
 }
+
+// MuSig2RegisterCombinedNonce registers a pre-aggregated combined nonce for a
+// session identified by its ID. This is an alternative to MuSig2RegisterNonces
+// and is used when a coordinator has already aggregated all individual nonces
+// and wants to distribute the combined nonce to participants.
+//
+// NOTE: This method is mutually exclusive with MuSig2RegisterNonces for the
+// same session. Once this method is called, MuSig2RegisterNonces will return
+// an error if called later for the same session.
+func (m *MusigSessionManager) MuSig2RegisterCombinedNonce(
+	sessionID MuSig2SessionID,
+	combinedNonce [musig2.PubNonceSize]byte) error {
+
+	// Hold the lock during the whole operation.
+	m.sessionMtx.Lock(sessionID)
+	defer m.sessionMtx.Unlock(sessionID)
+
+	// Load the session.
+	session, ok := m.musig2Sessions.Load(sessionID)
+	if !ok {
+		return fmt.Errorf("session with ID %x not found", sessionID[:])
+	}
+
+	// Check if we already have all nonces.
+	if session.HaveAllNonces {
+		return fmt.Errorf("already have all nonces")
+	}
+
+	// Delegate to the version-specific implementation.
+	err := session.session.RegisterCombinedNonce(combinedNonce)
+	if err != nil {
+		return fmt.Errorf("error registering combined nonce: %w", err)
+	}
+
+	// Mark that we have all nonces now.
+	session.HaveAllNonces = true
+
+	return nil
+}
+
+// MuSig2GetCombinedNonce retrieves the combined nonce for a session identified
+// by its ID. This will be available after either all individual nonces have
+// been registered via MuSig2RegisterNonces, or a combined nonce has been
+// registered via MuSig2RegisterCombinedNonce.
+func (m *MusigSessionManager) MuSig2GetCombinedNonce(
+	sessionID MuSig2SessionID) ([musig2.PubNonceSize]byte, error) {
+
+	// Hold the lock during the operation.
+	m.sessionMtx.Lock(sessionID)
+	defer m.sessionMtx.Unlock(sessionID)
+
+	// Load the session.
+	session, ok := m.musig2Sessions.Load(sessionID)
+	if !ok {
+		return [musig2.PubNonceSize]byte{}, fmt.Errorf("session with "+
+			"ID %x not found", sessionID[:])
+	}
+
+	// Get the combined nonce from the session.
+	combinedNonce, err := session.session.CombinedNonce()
+	if err != nil {
+		return [musig2.PubNonceSize]byte{}, fmt.Errorf("error getting "+
+			"combined nonce: %w", err)
+	}
+
+	return combinedNonce, nil
+}

internal/musig2v040/README.md

@@ -8,3 +8,17 @@ This corresponds to the [MuSig2 BIP specification version of
 
 We only keep this code here to allow implementing a backward compatible,
 versioned MuSig2 RPC.
+
+## Unsupported Methods
+
+The following methods from the newer MuSig2 specifications are not supported in
+this legacy v0.4.0 implementation and will return `ErrUnsupportedMethod` if
+called:
+
+- `CombinedNonce()`: Returns error instead of the combined nonce.
+- `RegisterCombinedNonce()`: Returns error instead of registering a
+  pre-aggregated combined nonce.
+
+These methods are only available when using MuSig2 v1.0.0rc2 or later. To use
+these features, create sessions with `MuSig2Version100RC2` instead of
+`MuSig2Version040`.

internal/musig2v040/context.go

@@ -59,6 +59,11 @@ var (
 	// ErrNotEnoughSigners is returned if a caller attempts to obtain an
 	// early nonce when it wasn't specified
 	ErrNoEarlyNonce = fmt.Errorf("no early nonce available")
+
+	// ErrUnsupportedMethod is returned when calling methods that are not
+	// supported in the legacy v0.4.0 implementation.
+	ErrUnsupportedMethod = fmt.Errorf("method not supported in MuSig2 " +
+		"v0.4.0")
 )
 
 // Context is a managed signing context for musig2. It takes care of things
@@ -668,3 +673,15 @@ func (s *Session) CombineSig(sig *PartialSignature) (bool, error) {
 func (s *Session) FinalSig() *schnorr.Signature {
 	return s.finalSig
 }
+
+// CombinedNonce is not supported in the legacy v0.4.0 implementation and will
+// always return an error.
+func (s *Session) CombinedNonce() ([PubNonceSize]byte, error) {
+	return [PubNonceSize]byte{}, ErrUnsupportedMethod
+}
+
+// RegisterCombinedNonce is not supported in the legacy v0.4.0 implementation
+// and will always return an error.
+func (s *Session) RegisterCombinedNonce(_ [PubNonceSize]byte) error {
+	return ErrUnsupportedMethod
+}