From 3249486761301b41144458d10ab72cc2e9c4aa7c Mon Sep 17 00:00:00 2001 From: renaud dubois Date: Fri, 29 Nov 2024 16:45:10 +0100 Subject: [PATCH] remove Logs + readme update --- src/libMPC/README.md | 57 +++++++++++++++++++++++++++++++-- src/libMPC/SCL_Musig2.mjs | 26 --------------- src/libMPC/SCL_atomic_swaps.mjs | 6 ++-- src/libMPC/test_Musig2.mjs | 2 +- 4 files changed, 59 insertions(+), 32 deletions(-) diff --git a/src/libMPC/README.md b/src/libMPC/README.md index 57ce603..6824c7f 100644 --- a/src/libMPC/README.md +++ b/src/libMPC/README.md @@ -25,7 +25,7 @@ The SmoothMPCLib consists in two parts: | Protocol | status | branch | Comment | File| |--------:|---------|:--:|:----|:----| | Onchain Verifier | OK | main | | libSCL_BIP327.sol | -| Musig2-secp256k1 | OK | main | | bip327.mjs/SCL_Musig2.mjs | +| Musig2-secp256k1 | OK | main | | bip327.mjs or SCL_Musig2.mjs | | Musig2-ed25519 | OK | main | | SCL_Musig2.mjs| | Atomic Swaps | In progress | - | | SCL_atomic_swaps.mjs | | Frost| TBD | - | | | @@ -119,7 +119,7 @@ res is the final results to push onchain. One can check the correctness in front console.log("check=", check); ``` -# Performing an atomic swap +# Performing an atomic swap (WIP) The description doesn't include the timelock on both chains, which cancel the deposits if Alice and Bob didn't succeed in their withdrawal. Abortion of one of the participant is the only way the protocol shall fail, which is resolved by the timelock condition of withdrawal. @@ -139,6 +139,41 @@ The sequencing of a Musig2 based atomic swap session is as follow: - knowing $t, S_A1, S_B1$ A computes $S_{AB}$ the Musig2 signatures of $m_1$ using `sign_untweak`, and broadcast it **on chain** 1. - B reads the value $S_{AB}$ on chain 1, learns t, then broadcast **on chain 2** $S_{AB}(m_2)$ using `sign_untweak` on chain 2 to unlock its token. +To reduce the complexity for developpers, the library provides state machine for the initiator and responder of the swap. +Each of the previous exchange between a message from Alice to Bob. + +``` + //generating keypairs + let Initiator=new SCL_Atomic_Initiator(curve, signer.curve.Get_Random_privateKey()); + let Responder=new SCL_Atomic_Responder(curve, signer.curve.Get_Random_privateKey()); + + //the transaction unlocking tokens for Alice and Bob, must be multisigned with Musig2 + //Alice want to compute msg1 signed by AB + //Bob wants to compute msg2 signed by AB + const tx1=Buffer.from("Unlock 1strkBTC on Starknet to Alice",'utf-8'); + const tx2=Buffer.from("Unlock 1WBTC on Ethereum to Bob",'utf-8'); + + + console.log("Initiator Start session"); + let Message_I1=Initiator.InitSession(tx1, tx2); //Initiator sends I1 to responder offchain + + console.log("Responder Start session"); + let Message_R1=Responder.RespondInit(Message_I1);//Respondeur sends R1 to Initiator offchain + + console.log("Initiator Partial Sign and tweak"); + let Message_I2=Initiator.PartialSign_Tweaked(Message_R1);//Initiator sends I2 to responder offchain + //At this Point Alice and Bob locks the funds to multisig address on chain 1 and chain 2 + + console.log("Responder Check and Partial Sign"); + let Message_R2=Responder.PartialSign(Message_I2);//Respondeur sends R2 to Initiator offchain + + console.log("Initiator Signature Aggregation and Unlock"); + let UnlockSigAlice=Initiator.FinalUnlock(Message_R2);//final signature to Unlock chain1 token by Initiator + + console.log("Responder Signature Aggregation and Unlock"); + let UnlockSigBob=Initiator.FinalUnlock(UnlockSigAlice);//final signature to Unlock chain2 token by Responder +``` + Note: the protocol requires to broadcast onchain 4 values (2 locked tokens, then two unlocking signatures). ### Improving privacy @@ -152,6 +187,24 @@ The element $t$ shall be as protected as a secret key, to prevent $B$ from steal +# Testing + +## Musig2 + +Tests can be ran using the following command : +``` + node test_Musig2.mjs +``` +Tests are run against BIP327 reference vectors to unitary test each function. +Then a full Musig2 session is ran using dynamically generated input for each supported curve. + + +## Atomic Swap + +## Bridging (WIP) + +The `file test_atomic_bitcoin.js` aims to provide a full onchain demonstration of a bridging. + # Product Roadmap diff --git a/src/libMPC/SCL_Musig2.mjs b/src/libMPC/SCL_Musig2.mjs index 3b1dba2..a66f96a 100644 --- a/src/libMPC/SCL_Musig2.mjs +++ b/src/libMPC/SCL_Musig2.mjs @@ -364,10 +364,6 @@ Partial_sig_agg(psigs, session_ctx){ s=int_to_bytes(s,32); let R=this.curve.GetX(sessionV[4]); - console.log("R=",R); - console.log("from ",sessionV[4]); - console.log("s=",s, s.length); - return Buffer.concat([R,s]); } @@ -439,7 +435,6 @@ Psign(secnonce, sk, session_ctx){ Psig_verify(psig, pubnonce, pk, session_ctx){ let sessionV=this.Get_session_values(session_ctx);//(Q, gacc, _, b, R, e) let s = int_from_bytes(psig); - console.log("psig:", psig); let Q=sessionV[0]; let gacc=sessionV[1]; let b=sessionV[3]; @@ -511,9 +506,6 @@ Psig_verify(psig, pubnonce, pk, session_ctx){ return true; } - - - } /********************************************************************************************/ /* END OF CLASS MUSIG2 */ @@ -523,24 +515,6 @@ Psig_verify(psig, pubnonce, pk, session_ctx){ -function test_hash8032(){ - console.log("/*************************** "); - console.log("Test test_hash8032:"); - - const curve = 'ed25519'; - const signer = new SCL_Musig2(curve); - - //test vector extracted from example of RFC8032 - let r=Buffer.from("6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac",'hex');//beware, lsb encoding - let KpubC=Buffer.from("fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025",'hex');//beware, lsb encoding - let Msg=Buffer.from("af82",'hex'); - const expected=Buffer.from("060ab51a60e3f1ceb60549479b152ae2f4a41d9dd8da0f6c3ef2892d51118e95",'hex');// - - const encoded = Buffer.concat([r, KpubC, Msg]); - - - console.log(":",expected.equals(signer.TagHash('',encoded))); -} diff --git a/src/libMPC/SCL_atomic_swaps.mjs b/src/libMPC/SCL_atomic_swaps.mjs index 23cb667..cd268c4 100644 --- a/src/libMPC/SCL_atomic_swaps.mjs +++ b/src/libMPC/SCL_atomic_swaps.mjs @@ -335,12 +335,12 @@ function test_full_atomic_session_automatas(curve){ //the transaction unlocking tokens for Alice and Bob, must be multisigned with Musig2 //Alice want to compute msg1 signed by AB //Bob wants to compute msg2 signed by AB - const msg1=Buffer.from("Unlock 1strkBTC on Starknet to Alice",'utf-8'); - const msg2=Buffer.from("Unlock 1WBTC on Ethereum to Bob",'utf-8'); + const tx1=Buffer.from("Unlock 1strkBTC on Starknet to Alice",'utf-8'); + const tx2=Buffer.from("Unlock 1WBTC on Ethereum to Bob",'utf-8'); console.log("Initiator Start session"); - let Message_I1=Initiator.InitSession(msg1, msg2); //Initiator sends I1 to responder offchain + let Message_I1=Initiator.InitSession(tx1, tx2); //Initiator sends I1 to responder offchain console.log("Responder Start session"); let Message_R1=Responder.RespondInit(Message_I1);//Respondeur sends R1 to Initiator offchain diff --git a/src/libMPC/test_Musig2.mjs b/src/libMPC/test_Musig2.mjs index a349b2f..d4a0bff 100644 --- a/src/libMPC/test_Musig2.mjs +++ b/src/libMPC/test_Musig2.mjs @@ -379,7 +379,7 @@ function random_fullsession(Curve){ console.log(" -Aggregating signature"); let res=signer.Partial_sig_agg(psigs, session_ctx); - console.log("res", res, res.length); + console.log("Final signature:", res, res.length); console.log(" -Final Schnorr verify:");