implements ledger dkg round2 (#5390)

* implements ledger dkg round2 adds dkgRound2 method to Ledger util implements performRound2WithLedger in round2 CLI command * implements ledger dkg round3 (#5391) * implements ledger dkg round3 implements dkgRound3 method on Ledger util class implements dkgRetrieveKeys on Ledger util class to retrieve all shared multisig keys implements dkgGetPublicPackage on Ledger util class to retrieve public key package updates round3 command to run dkg round3, retrieve keys, get public key package, and import account with ledger flag * includes participant's own gsk share in round3 input
iron-fish · Sep 19, 2024 · 4266864 · 4266864
1 parent 3c60c8b
commit 4266864
Show file tree

Hide file tree

Showing 4 changed files with 218 additions and 13 deletions.
diff --git a/ironfish-cli/src/commands/wallet/multisig/dkg/round2.ts b/ironfish-cli/src/commands/wallet/multisig/dkg/round2.ts
@@ -70,7 +70,7 @@ export class DkgRound2Command extends IronfishCommand {
     round1PublicPackages = round1PublicPackages.map((i) => i.trim())
 
     if (flags.ledger) {
-      await this.performRound2WithLedger()
+      await this.performRound2WithLedger(round1PublicPackages, round1SecretPackage)
       return
     }
 
@@ -93,16 +93,38 @@ export class DkgRound2Command extends IronfishCommand {
     this.log('Send the round 2 public package to each participant')
   }
 
-  async performRound2WithLedger(): Promise<void> {
+  async performRound2WithLedger(
+    round1PublicPackages: string[],
+    round1SecretPackage: string,
+  ): Promise<void> {
     const ledger = new Ledger(this.logger)
     try {
-      await ledger.connect()
+      await ledger.connect(true)
     } catch (e) {
       if (e instanceof Error) {
         this.error(e.message)
       } else {
         throw e
       }
     }
+
+    // TODO(hughy): determine how to handle multiple identities using index
+    const { publicPackage, secretPackage } = await ledger.dkgRound2(
+      0,
+      round1PublicPackages,
+      round1SecretPackage,
+    )
+
+    this.log('\nRound 2 Encrypted Secret Package:\n')
+    this.log(secretPackage.toString('hex'))
+    this.log()
+
+    this.log('\nRound 2 Public Package:\n')
+    this.log(publicPackage.toString('hex'))
+    this.log()
+
+    this.log()
+    this.log('Next step:')
+    this.log('Send the round 2 public package to each participant')
   }
 }
diff --git a/ironfish-cli/src/commands/wallet/multisig/dkg/round3.ts b/ironfish-cli/src/commands/wallet/multisig/dkg/round3.ts
@@ -1,6 +1,11 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+import {
+  deserializePublicPackage,
+  deserializeRound2CombinedPublicPackage,
+} from '@ironfish/rust-nodejs'
+import { AccountFormat, encodeAccountImport, RpcClient } from '@ironfish/sdk'
 import { Flags } from '@oclif/core'
 import { IronfishCommand } from '../../../../command'
 import { RemoteFlags } from '../../../../flags'
@@ -107,7 +112,13 @@ export class DkgRound3Command extends IronfishCommand {
     round2PublicPackages = round2PublicPackages.map((i) => i.trim())
 
     if (flags.ledger) {
-      await this.performRound3WithLedger()
+      await this.performRound3WithLedger(
+        client,
+        participantName,
+        round1PublicPackages,
+        round2PublicPackages,
+        round2SecretPackage,
+      )
       return
     }
 
@@ -125,16 +136,93 @@ export class DkgRound3Command extends IronfishCommand {
     )
   }
 
-  async performRound3WithLedger(): Promise<void> {
+  async performRound3WithLedger(
+    client: RpcClient,
+    participantName: string,
+    round1PublicPackagesStr: string[],
+    round2PublicPackagesStr: string[],
+    round2SecretPackage: string,
+  ): Promise<void> {
     const ledger = new Ledger(this.logger)
     try {
-      await ledger.connect()
+      await ledger.connect(true)
     } catch (e) {
       if (e instanceof Error) {
         this.error(e.message)
       } else {
         throw e
       }
     }
+
+    const identityResponse = await client.wallet.multisig.getIdentity({ name: participantName })
+    const identity = identityResponse.content.identity
+
+    // Sort packages by identity
+    const round1PublicPackages = round1PublicPackagesStr
+      .map(deserializePublicPackage)
+      .sort((a, b) => a.identity.localeCompare(b.identity))
+
+    // Filter out packages not intended for participant and sort by sender identity
+    const round2CombinedPublicPackages = round2PublicPackagesStr.map(
+      deserializeRound2CombinedPublicPackage,
+    )
+    const round2PublicPackages = round2CombinedPublicPackages
+      .flatMap((combined) =>
+        combined.packages.filter((pkg) => pkg.recipientIdentity === identity),
+      )
+      .sort((a, b) => a.senderIdentity.localeCompare(b.senderIdentity))
+
+    // Extract raw parts from round1 and round2 public packages
+    const participants = []
+    const round1FrostPackages = []
+    const gskBytes = []
+    for (const pkg of round1PublicPackages) {
+      // Exclude participant's own identity and round1 public package
+      if (pkg.identity !== identity) {
+        participants.push(pkg.identity)
+        round1FrostPackages.push(pkg.frostPackage)
+      }
+
+      gskBytes.push(pkg.groupSecretKeyShardEncrypted)
+    }
+
+    const round2FrostPackages = round2PublicPackages.map((pkg) => pkg.frostPackage)
+
+    // Perform round3 with Ledger
+    await ledger.dkgRound3(
+      0,
+      participants,
+      round1FrostPackages,
+      round2FrostPackages,
+      round2SecretPackage,
+      gskBytes,
+    )
+
+    // Retrieve all multisig account keys and publicKeyPackage
+    const dkgKeys = await ledger.dkgRetrieveKeys()
+
+    const publicKeyPackage = await ledger.dkgGetPublicPackage()
+
+    const accountImport = {
+      ...dkgKeys,
+      multisigKeys: {
+        publicKeyPackage: publicKeyPackage.toString('hex'),
+        identity,
+      },
+      version: 4,
+      name: participantName,
+      spendingKey: null,
+      createdAt: null,
+    }
+
+    // Import multisig account
+    const response = await client.wallet.importAccount({
+      account: encodeAccountImport(accountImport, AccountFormat.Base64Json),
+    })
+
+    this.log()
+    this.log(
+      `Account ${response.content.name} imported with public address: ${dkgKeys.publicAddress}`,
+    )
   }
 }
diff --git a/ironfish-cli/src/utils/ledger.ts b/ironfish-cli/src/utils/ledger.ts
@@ -1,14 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
-import { createRootLogger, Logger } from '@ironfish/sdk'
-import { AccountImport } from '@ironfish/sdk/src/wallet/exporter'
+import { AccountImport, createRootLogger, Logger } from '@ironfish/sdk'
 import TransportNodeHid from '@ledgerhq/hw-transport-node-hid'
 import IronfishApp, {
   IronfishKeys,
   KeyResponse,
   ResponseAddress,
   ResponseDkgRound1,
+  ResponseDkgRound2,
   ResponseIdentity,
   ResponseProofGenKey,
   ResponseSign,
@@ -93,7 +93,7 @@ export class Ledger {
     }
   }
 
-  importAccount = async () => {
+  importAccount = async (): Promise<AccountImport> => {
     if (!this.app) {
       throw new Error('Connect to Ledger first')
     }
@@ -106,8 +106,6 @@ export class Ledger {
       throw new Error(`No public address returned.`)
     }
 
-    this.logger.log('Please confirm the request on your ledger device.')
-
     const responseViewKey = await this.tryInstruction(
       this.app.retrieveKeys(this.PATH, IronfishKeys.ViewKey, true),
     )
@@ -183,6 +181,104 @@ export class Ledger {
 
     return this.tryInstruction(this.app.dkgRound1(index, identities, minSigners))
   }
+
+  dkgRound2 = async (
+    index: number,
+    round1PublicPackages: string[],
+    round1SecretPackage: string,
+  ): Promise<ResponseDkgRound2> => {
+    if (!this.app) {
+      throw new Error('Connect to Ledger first')
+    }
+
+    this.logger.log('Please approve the request on your ledger device.')
+
+    return this.tryInstruction(
+      this.app.dkgRound2(index, round1PublicPackages, round1SecretPackage),
+    )
+  }
+
+  dkgRound3 = async (
+    index: number,
+    participants: string[],
+    round1PublicPackages: string[],
+    round2PublicPackages: string[],
+    round2SecretPackage: string,
+    gskBytes: string[],
+  ): Promise<void> => {
+    if (!this.app) {
+      throw new Error('Connect to Ledger first')
+    }
+
+    return this.tryInstruction(
+      this.app.dkgRound3Min(
+        index,
+        participants,
+        round1PublicPackages,
+        round2PublicPackages,
+        round2SecretPackage,
+        gskBytes,
+      ),
+    )
+  }
+
+  dkgRetrieveKeys = async (): Promise<{
+    publicAddress: string
+    viewKey: string
+    incomingViewKey: string
+    outgoingViewKey: string
+    proofAuthorizingKey: string
+  }> => {
+    if (!this.app) {
+      throw new Error('Connect to Ledger first')
+    }
+
+    const responseAddress: KeyResponse = await this.tryInstruction(
+      this.app.dkgRetrieveKeys(IronfishKeys.PublicAddress),
+    )
+
+    if (!isResponseAddress(responseAddress)) {
+      throw new Error(`No public address returned.`)
+    }
+
+    this.logger.log('Please confirm the request on your ledger device.')
+
+    const responseViewKey = await this.tryInstruction(
+      this.app.dkgRetrieveKeys(IronfishKeys.ViewKey),
+    )
+
+    if (!isResponseViewKey(responseViewKey)) {
+      throw new Error(`No view key returned.`)
+    }
+
+    const responsePGK: KeyResponse = await this.tryInstruction(
+      this.app.dkgRetrieveKeys(IronfishKeys.ProofGenerationKey),
+    )
+
+    if (!isResponseProofGenKey(responsePGK)) {
+      throw new Error(`No proof authorizing key returned.`)
+    }
+
+    return {
+      publicAddress: responseAddress.publicAddress.toString('hex'),
+      viewKey: responseViewKey.viewKey.toString('hex'),
+      incomingViewKey: responseViewKey.ivk.toString('hex'),
+      outgoingViewKey: responseViewKey.ovk.toString('hex'),
+      proofAuthorizingKey: responsePGK.nsk.toString('hex'),
+    }
+  }
+
+  dkgGetPublicPackage = async (): Promise<Buffer> => {
+    if (!this.app) {
+      throw new Error('Connect to Ledger first')
+    }
+
+    this.logger.log('Please approve the request on your ledger device.')
+
+    const response = await this.tryInstruction(this.app.dkgGetPublicPackage())
+
+    return response.publicPackage
+  }
 }
 
 function isResponseAddress(response: KeyResponse): response is ResponseAddress {

diff --git a/ironfish/src/wallet/index.ts b/ironfish/src/wallet/index.ts
@@ -3,8 +3,7 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 export * from './account/account'
 export * from './wallet'
-export * from './exporter/encoder'
-export * from './exporter/account'
+export * from './exporter'
 export { AccountValue } from './walletdb/accountValue'
 export { Base64JsonEncoder } from './exporter/encoders/base64json'
 export { JsonEncoder } from './exporter/encoders/json'