Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid Schnorr SIgnature #613

Closed
Polybius93 opened this issue Feb 19, 2024 · 1 comment
Closed

Invalid Schnorr SIgnature #613

Polybius93 opened this issue Feb 19, 2024 · 1 comment

Comments

@Polybius93
Copy link

Hey all!

I'm encountering an issue when broadcasting a PSBT transaction signed using FROST for aggregated Schnorr signatures. While individual Schnorr signatures work correctly, the aggregated signature fails with the following error:

sendrawtransaction RPC error: {"code":-26,"message":"non-mandatory-script-verify-flag (Invalid Schnorr signature)"}

We generate a hash from the PSBT's unsigned transaction and sign it using a keypair. This process completes without errors.

let hash = SighashCache::new(&psbt.unsigned_tx.clone())
            .taproot_script_spend_signature_hash(
                0,
                &Prevouts::All(&[tx_out.clone()]),
                ScriptPath::with_defaults(&multisig_script),
                SchnorrSighashType::Default,
            )
            .unwrap_throw();
let sig = secp.sign_schnorr(
            &Message::from_slice(&hash).unwrap_throw(),
            &keypair,
);

When using FROST to sign the transaction, we provide the same hash as the message parameter for the SigningPackage.

let hash = SighashCache::new(&psbt.unsigned_tx.clone())
            .taproot_script_spend_signature_hash(
                0,
                &Prevouts::All(&[tx_out.clone()]),
                ScriptPath::with_defaults(&multisig_script),
                SchnorrSighashType::Default,
            )?;
let message = &Message::from_slice(&tap_sighash_hash).unwrap_throw();
let message = message.to_string();
let message = message.as_bytes();

        let signing_package = self
            .treshold_signature_handler
            .generate_signing_package_by_coordinator(
                signing_commitments,
                message,
                uuid,
            )?;

We receive back the aggregated signature, then we format it to match the other Schnorr SIgnature:

         let signature = signature.serialize();

        let signature = bitcoin::secp256k1::schnorr::Signature::from_slice(&signed[1..]).expect("convert to signature");

        let schnorr_sig = SchnorrSig {
            sig: signature,
            hash_ty: SchnorrSighashType::Default,
        };

Then, when we broadcast it, we receive the above mentioned error message.

Is there anything I'm missing or formatting it in the wrong way?

Any help is greatly appreciated, we are currently blocked by this.

Thank you!
@conradoplg
Copy link
Contributor

The secp256k1 ciphersuite is not compatible with Taproot. This contributor PR has an implementation that is compatible but that's still under review.

@ZcashFoundation ZcashFoundation locked and limited conversation to collaborators Feb 20, 2024
@mpguerra mpguerra converted this issue into discussion #617 Feb 20, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
FROST
Archived in project
Milestone
No milestone
Development

No branches or pull requests
2 participants
@conradoplg @Polybius93