feat: DKG verification pre-key-rotation

Cargo.toml

@@ -28,7 +28,7 @@ stackslib = { git = "https://github.com/stacks-network/stacks-core", rev = "4977
 stacks-common = { git = "https://github.com/stacks-network/stacks-core", rev = "49777d3fd73a6dbb610be80c376b7d9389c9871a", default-features = false, features = ["canonical"] }
 
 # Trust Machines Dependencies
-wsts = { git = "https://github.com/Trust-Machines/wsts.git", rev = "53ae23f5f35def420877ccc8c0fe3662e64e38a1" }
+wsts = { git = "https://github.com/Trust-Machines/wsts.git", rev = "a7bf38bd54cddf0b78c0f7c521a5ed1537a684fa" }
 
 # Crates.io
 aquamarine = { version = "0.6.0", default-features = false }
@@ -39,6 +39,7 @@ backoff = { version = "0.4.0", default-features = false, features = ["tokio"] }
 base64 = { version = "0.22.1", default-features = false, features = ["alloc"] }
 bincode = { version = "1.3.3", default-features = false }
 bitcoin = { version = "0.32.5", default-features = false, features = ["serde", "rand-std"] }
+bitcoinconsensus = { version = "0.106.0", default-features = false }
 bitcoincore-rpc = { version = "0.19.0", default-features = false }
 bitcoincore-rpc-json = { version = "0.19.0", default-features = false }
 bitcoincore-zmq = { version = "1.5.2", default-features = false, features = ["async"] }
@@ -52,7 +53,7 @@ lru = { version = "0.12.5", default-features = false }
 metrics = { version = "0.24.1", default-features = false }
 metrics-exporter-prometheus = { version = "0.16.1", default-features = false, features = ["http-listener"] }
 openssl = { version = "0.10.68", default-features = false, features = ["vendored"] }
-p256k1 = { version = "7.2.0", default-features = false }
+p256k1 = { version = "7.2.2", default-features = false }
 prost = { version = "0.13.4", default-features = false, features = ["derive"] }
 rand = { version = "0.8.5", default-features = false }
 reqwest = { version = "0.11.27", default-features = false, features = ["json"] }
@@ -108,4 +109,4 @@ split-debuginfo = "unpacked"
 [profile.release]
 lto = "thin"
 codegen-units = 16
-overflow-checks = true
+overflow-checks = true

docker/docker-compose.yml

@@ -478,7 +478,7 @@ services:
       context: stacks-api
       args:
         GIT_URI: "https://github.com/hirosystems/stacks-blockchain-api.git"
-        GIT_BRANCH: "v8.0.3"
+        GIT_BRANCH: "v8.5.0"
     ports:
       - 3999:3999
       - 3700:3700
@@ -513,7 +513,7 @@ services:
       context: stacks-explorer
       args:
         GIT_URI: "https://github.com/hirosystems/explorer.git"
-        GIT_BRANCH: "v1.211.2"
+        GIT_BRANCH: "v1.245.0"
     ports:
       - 3020:3000
     depends_on:

protobufs/stacks/signer/v1/messages.proto

@@ -36,7 +36,7 @@ message SignerMessage {
 // A wsts message.
 message WstsMessage {
   // The transaction ID this message relates to, will be a dummy ID for DKG messages
-  bitcoin.BitcoinTxid txid = 1;
+  bitcoin.BitcoinTxid txid = 1 [deprecated = true];
   // The wsts message
   oneof inner {
     // Tell signers to begin DKG by sending DKG public shares
@@ -60,6 +60,18 @@ message WstsMessage {
     // Tell coordinator signature shares
     crypto.wsts.SignatureShareResponse signature_share_response = 11;
   }
+  oneof id {
+    // If this WSTS message is related to a Bitcoin signing round, this field
+    // will be set to the related Bitcoin transaction ID.
+    bitcoin.BitcoinTxid id_bitcoin_txid = 12;
+    // If this WSTS message is related to a rotate-keys transaction, this field
+    // will be set to the _new_ aggregate public key being verified.
+    crypto.PublicKey id_rotate_key = 13;
+    // If this WSTS message is related to a DKG round, this field will be set
+    // to the 32-byte id determined based on the coordinator public key and
+    // block hash, set by the coordinator.
+    crypto.Uint256 id_dkg = 14;
+  }
 }
 
 // Wraps an inner type with a public key and a signature,

signer/Cargo.toml

@@ -14,6 +14,7 @@ testing = ["fake", "mockall", "sbtc/testing"]
 aquamarine.workspace = true
 axum.workspace = true
 bitcoin.workspace = true
+bitcoinconsensus.workspace = true
 bitcoincore-rpc.workspace = true
 bitcoincore-rpc-json.workspace = true
 bitcoincore-zmq.workspace = true

signer/migrations/0012__dkg_verification_extensions.sql

@@ -0,0 +1,75 @@
+-- Enum table for DKG shares status
+CREATE TABLE sbtc_signer.dkg_shares_status (
+    -- The id of the status, not auto-incremented as we want to control the values.
+    id INTEGER PRIMARY KEY,
+    -- The name of the status.
+    key TEXT NOT NULL,
+    -- Brief description of what the status means.
+    description TEXT NOT NULL
+);
+
+-- Insert the initial entries.
+INSERT INTO sbtc_signer.dkg_shares_status (id, key, description) VALUES
+    (0, 'PENDING', 'DKG round successful, pending verification via signing round'),
+    (1, 'VERIFIED', 'Successfully verified via signing round'),
+    (2, 'KEY_REVOKED', 'The DKG key has been revoked and should not be used');
+
+-- Add the new columns to the `dkg_shares` table. We're not adding indexes for
+-- now because the table is so small that the overhead likely outweighs the
+-- benefits.
+ALTER TABLE sbtc_signer.dkg_shares
+    -- Contains the current 
+    ADD COLUMN dkg_shares_status_id INTEGER DEFAULT 0 REFERENCES sbtc_signer.dkg_shares_status (id),
+    ADD COLUMN verified_at_bitcoin_block_hash BYTEA DEFAULT NULL,
+    ADD COLUMN verified_at_bitcoin_block_height BIGINT DEFAULT NULL,
+    ADD CONSTRAINT fk_dkg_shares_bitcoin_block_hash
+        FOREIGN KEY (verified_at_bitcoin_block_hash)
+        REFERENCES sbtc_signer.bitcoin_blocks (block_hash),
+    ADD CONSTRAINT chk_verified_at
+        CHECK (
+            (dkg_shares_status_id = 1 AND verified_at_bitcoin_block_hash IS NOT NULL AND verified_at_bitcoin_block_height IS NOT NULL) 
+            OR (dkg_shares_status_id <> 1 AND verified_at_bitcoin_block_hash IS NULL AND verified_at_bitcoin_block_height IS NULL)
+        );
+
+-- Set all of the current `dkg_shares` to `3` (revoked) to start with. Confirmed
+-- DKG shares will be updated to `1` (verified) in the next step.
+UPDATE sbtc_signer.dkg_shares
+SET dkg_shares_status_id = 3;
+
+-- Update the `dkg_shares` which have been included in a
+-- `rotate_keys_transactions` which can also be tied to a bitcoin block to `1`
+-- (verified) and set the `verified_at_*` fields to the bitcoin block
+-- hash/height corresponding to the block where these were anchored.
+--
+-- This update is not fork aware, but at the time of writing there is no forks
+-- that should be problematic (i.e. we shouldn't have any rotate-keys events
+-- that have been orphaned).
+WITH updated_shares AS (
+    SELECT 
+        s.aggregate_key,
+        bb.block_hash AS verified_at_bitcoin_block_hash,
+        bb.block_height AS verified_at_bitcoin_block_height
+    FROM sbtc_signer.dkg_shares s
+    INNER JOIN sbtc_signer.rotate_keys_transactions rkt 
+        ON s.aggregate_key = rkt.aggregate_key
+    INNER JOIN sbtc_signer.stacks_transactions stx
+        ON rkt.txid = stx.txid
+    INNER JOIN sbtc_signer.stacks_blocks sb
+        ON stx.block_hash = sb.block_hash
+    INNER JOIN sbtc_signer.bitcoin_blocks bb
+        ON sb.bitcoin_anchor = bb.block_hash
+    ORDER BY bb.block_height DESC
+    LIMIT 1
+)
+UPDATE sbtc_signer.dkg_shares
+SET 
+    dkg_shares_status_id = 1,
+    verified_at_bitcoin_block_hash = updated_shares.verified_at_bitcoin_block_hash,
+    verified_at_bitcoin_block_height = updated_shares.verified_at_bitcoin_block_height
+FROM updated_shares
+WHERE sbtc_signer.dkg_shares.aggregate_key = updated_shares.aggregate_key;
+
+-- Make the `dkg_shares_status_id` column `NOT NULL` now that they should all
+-- have a value.
+ALTER TABLE sbtc_signer.dkg_shares
+    ALTER COLUMN dkg_shares_status_id SET NOT NULL;