MuSig2CombineKeys
MuSig2CombineKeys (experimental!) is a stateless helper RPC that can be used to calculate the combined MuSig2 public key from a list of all participating signers' public keys. This RPC is completely stateless and deterministic and does not create any signing session. It can be used to determine the Taproot public key that should be put in an on-chain output once all public keys are known. A signing session is only needed later when that output should be spent again.
NOTE: The MuSig2 BIP is not final yet and therefore this API must be considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming releases. Backward compatibility is not guaranteed!
Source: signrpc/signer.proto
gRPC
rpc MuSig2CombineKeys (MuSig2CombineKeysRequest) returns (MuSig2CombineKeysResponse);
REST
HTTP Method | Path |
---|---|
POST | /v2/signer/musig2/combinekeys |
Code Samples
- gRPC
- REST
- Shell
- Javascript
- Python
const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const GRPC_HOST = 'localhost:10009'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
const TLS_PATH = 'LND_DIR/tls.cert'
const loaderOptions = {
keepCase: true,
longs: String,
enums: String,
defaults: true,
oneofs: true,
};
const packageDefinition = protoLoader.loadSync(['lightning.proto', 'signrpc/signer.proto'], loaderOptions);
const signrpc = grpc.loadPackageDefinition(packageDefinition).signrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
let metadata = new grpc.Metadata();
metadata.add('macaroon', macaroon);
callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new signrpc.Signer(GRPC_HOST, creds);
let request = {
all_signer_pubkeys: <bytes>,
tweaks: <TweakDesc>,
taproot_tweak: <TaprootTweakDesc>,
};
client.muSig2CombineKeys(request, function(err, response) {
console.log(response);
});
// Console output:
// {
// "combined_key": <bytes>,
// "taproot_internal_key": <bytes>,
// }
import codecs, grpc, os
# Generate the following 2 modules by compiling the signrpc/signer.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import signer_pb2 as signrpc, signer_pb2_grpc as signerstub
GRPC_HOST = 'localhost:10009'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = signerstub.SignerStub(channel)
request = signrpc.MuSig2CombineKeysRequest(
all_signer_pubkeys=<bytes>,
tweaks=<TweakDesc>,
taproot_tweak=<TaprootTweakDesc>,
)
response = stub.MuSig2CombineKeys(request)
print(response)
# {
# "combined_key": <bytes>,
# "taproot_internal_key": <bytes>,
# }
- Javascript
- Python
const fs = require('fs');
const request = require('request');
const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
let requestBody = {
all_signer_pubkeys: <array>, // <bytes> (base64 encoded)
tweaks: <array>, // <TweakDesc>
taproot_tweak: <object>, // <TaprootTweakDesc>
};
let options = {
url: `https://${REST_HOST}/v2/signer/musig2/combinekeys`,
// Work-around for self-signed certificates.
rejectUnauthorized: false,
json: true,
headers: {
'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
},
form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
console.log(body);
});
// Console output:
// {
// "combined_key": <string>, // <bytes>
// "taproot_internal_key": <string>, // <bytes>
// }
import base64, codecs, json, requests
REST_HOST = 'localhost:8080'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'
url = f'https://{REST_HOST}/v2/signer/musig2/combinekeys'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
'all_signer_pubkeys': base64.b64encode(<bytes>),
'tweaks': <TweakDesc>,
'taproot_tweak': <TaprootTweakDesc>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
# "combined_key": <bytes>,
# "taproot_internal_key": <bytes>,
# }
# There is no CLI command for this RPC
Messages
signrpc.MuSig2CombineKeysRequest
Source: signrpc/signer.proto
Field | gRPC Type | REST Type | REST Placement |
---|---|---|---|
all_signer_pubkeys | bytes[] | array | body |
tweaks | TweakDesc[] | array | body |
taproot_tweak | TaprootTweakDesc | object | body |
signrpc.MuSig2CombineKeysResponse
Source: signrpc/signer.proto
Field | gRPC Type | REST Type |
---|---|---|
combined_key | bytes | string |
taproot_internal_key | bytes | string |
Nested Messages
signrpc.TweakDesc
Field | gRPC Type | REST Type |
---|---|---|
tweak | bytes | string |
is_x_only | bool | boolean |
signrpc.TaprootTweakDesc
Field | gRPC Type | REST Type |
---|---|---|
script_root | bytes | string |
key_spend_only | bool | boolean |