Invalid Schnorr SIgnature #617

Polybius93 · 2024-02-19T15:33:35Z

Polybius93
Feb 19, 2024

Hey all!

I'm encountering an issue when broadcasting a PSBT transaction signed using FROST for aggregated Schnorr signatures. While individual Schnorr signatures work correctly, the aggregated signature fails with the following error:

sendrawtransaction RPC error: {"code":-26,"message":"non-mandatory-script-verify-flag (Invalid Schnorr signature)"}

We generate a hash from the PSBT's unsigned transaction and sign it using a keypair. This process completes without errors.

let hash = SighashCache::new(&psbt.unsigned_tx.clone())
            .taproot_script_spend_signature_hash(
                0,
                &Prevouts::All(&[tx_out.clone()]),
                ScriptPath::with_defaults(&multisig_script),
                SchnorrSighashType::Default,
            )
            .unwrap_throw();

let sig = secp.sign_schnorr(
            &Message::from_slice(&hash).unwrap_throw(),
            &keypair,
);

When using FROST to sign the transaction, we provide the same hash as the message parameter for the SigningPackage.

let hash = SighashCache::new(&psbt.unsigned_tx.clone())
            .taproot_script_spend_signature_hash(
                0,
                &Prevouts::All(&[tx_out.clone()]),
                ScriptPath::with_defaults(&multisig_script),
                SchnorrSighashType::Default,
            )?;

let message = &Message::from_slice(&tap_sighash_hash).unwrap_throw();
let message = message.to_string();

let message = message.as_bytes();

        let signing_package = self
            .treshold_signature_handler
            .generate_signing_package_by_coordinator(
                signing_commitments,
                message,
                uuid,
            )?;

We receive back the aggregated signature, then we format it to match the other Schnorr SIgnature:

         let signature = signature.serialize();

        let signature = bitcoin::secp256k1::schnorr::Signature::from_slice(&signed[1..]).expect("convert to signature");

        let schnorr_sig = SchnorrSig {
            sig: signature,
            hash_ty: SchnorrSighashType::Default,
        };

Then, when we broadcast it, we receive the above mentioned error message.

Is there anything I'm missing or formatting it in the wrong way?

Any help is greatly appreciated, we are currently blocked by this.

Thank you!

Answered by conradoplg

Feb 19, 2024

The secp256k1 ciphersuite is not compatible with Taproot. This contributor PR has an implementation that is compatible but that's still under review.

View full answer

conradoplg · 2024-02-19T16:42:14Z

conradoplg
Feb 19, 2024
Maintainer

The secp256k1 ciphersuite is not compatible with Taproot. This contributor PR has an implementation that is compatible but that's still under review.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invalid Schnorr SIgnature #617

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Invalid Schnorr SIgnature #617

Polybius93 Feb 19, 2024

Replies: 1 comment

conradoplg Feb 19, 2024 Maintainer

Polybius93
Feb 19, 2024

conradoplg
Feb 19, 2024
Maintainer