Skip to content

feat(sdk-core): add createOfflineKeyGenRound1Share to EddsaMPCv2Utils#9187

Open
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
wci-889-add-createofflinekeygenround1share
Open

feat(sdk-core): add createOfflineKeyGenRound1Share to EddsaMPCv2Utils#9187
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
masterfrom
wci-889-add-createofflinekeygenround1share

Conversation

@bitgo-ai-agent-dev

Copy link
Copy Markdown

What

  • Added createOfflineKeyGenRound1Share method to EddsaMPCv2Utils in modules/sdk-core/src/bitgo/utils/tss/eddsa/eddsaMPCv2.ts
  • The method decrypts the caller-supplied GPG private key, extracts the Ed25519 key pair, parses the BitGo and counter-party GPG public keys, initializes a DKG session, produces and signs the round-1 message, then encrypts the session state (dkgSession + ownMsgPayload + ownMsgFrom) with the wallet passphrase
  • Returns { signedMsg1: MPSTypes.MPSSignedMessage, encryptedRound1Session: string }, following the same offline signer pattern as createOfflineRound1Share for signing
  • Added a MPS_DKG_KEYGEN_ROUND1_STATE domain-separator constant to prevent session ciphertext reuse across signing and key-gen contexts
  • Added 4 unit tests covering: valid output shape, passphrase binding, session restorability + message verification, and rejection of invalid GPG key material

Why

  • The EdDSA MPCv2 key generation (DKG) flow for the external signer (AKM) pattern requires a server-side method that produces a signed round-1 DKG message and an encrypted session blob without access to the plaintext GPG key at rest — exactly the same isolation guarantee as the existing offline signing rounds
  • This is the first of three DKG signer methods (Round1 / Round2 / Finalize) required before the orchestrator (createKeychainsWithExternalSigner) can be wired up — see WCI-888 for the full scoping

Test plan

  • EddsaMPCv2Utils.createOfflineKeyGenRound1Share — 4 unit tests pass
  • Full eddsaMPCv2.ts test suite (52 tests) passes with no regressions

Ticket: WCI-889

@linear-code

linear-code Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

WCI-889

@bitgo-ai-agent-dev bitgo-ai-agent-dev Bot force-pushed the wci-889-add-createofflinekeygenround1share branch from 6ed644e to 348b90e Compare July 6, 2026 12:21
Add createOfflineKeyGenRound1Share to EddsaMPCv2Utils to support the
external signer pattern for EdDSA MPCv2 DKG. This method decrypts the
caller-provided GPG private key, initializes a DKG session for the
given party, produces and signs the round-1 message, then serializes
and encrypts the session state so round 2 can resume it later without
re-running round 1.

Pattern mirrors createOfflineRound1Share (signing) but targets
EddsaMPSDkg.DKG instead of EddsaMPSDsg.DSG. The encryptedRound1Session
payload includes dkgSession, ownMsgPayload (base64), and ownMsgFrom so
that handleIncomingMessages can reconstruct the round-1 DeserializedMessage
in round 2.

Tests verify: valid signedMsg1 + encrypted session, passphrase binding,
session restorability + message verification, and rejection of invalid
GPG key material.

Ticket: WCI-889
Session-Id: eac7d223-cc21-440f-83a1-6de6cd3cb3b6
Task-Id: 03326a98-89d2-41c6-8fab-6c6040541092
@Marzooqa Marzooqa force-pushed the wci-889-add-createofflinekeygenround1share branch from 348b90e to 76e2907 Compare July 8, 2026 19:06
@Marzooqa Marzooqa marked this pull request as ready for review July 8, 2026 19:34
@Marzooqa Marzooqa requested review from a team as code owners July 8, 2026 19:34
@Marzooqa Marzooqa self-assigned this Jul 9, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this code deserves it's own package outside of sdk-core with more precise CODEOWNERS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants