fix(sdk-core): vss

Ticket: BG-61217

Author: olibeyene

modules/bitgo/test/v2/unit/internal/tssUtils/ecdsa.ts

@@ -199,8 +199,7 @@ describe('TSS Ecdsa Utils:', async function () {
       should.equal(backupToBitgoEncryptedNShare.publicShare, encryptedNShare.publicShare);
     });
 
-    // TODO BG-61214 renable VSS
-    xit('should generate TSS key chains', async function () {
+    it('should generate TSS key chains', async function () {
       const backupShareHolder: BackupKeyShare = {
         userHeldKeyShare: backupKeyShare,
       };
@@ -265,8 +264,7 @@ describe('TSS Ecdsa Utils:', async function () {
       backupKeychain.provider?.should.equal(backupProvider);
     });
 
-    // TODO BG-61214 renable VSS
-    xit('should generate TSS key chains with optional params', async function () {
+    it('should generate TSS key chains with optional params', async function () {
       const enterprise = 'enterprise';
       const backupShareHolder: BackupKeyShare = {
         userHeldKeyShare: backupKeyShare,
@@ -718,13 +716,15 @@ describe('TSS Ecdsa Utils:', async function () {
           publicShare: userToBitgoShare.publicShare,
           privateShare: userToBitgoShare.encryptedPrivateShare,
           n: userToBitgoShare.n,
+          v: userToBitgoShare.v,
         },
         {
           from: 'bitgo',
           to: 'backup',
           publicShare: backupToBitgoShare.publicShare,
           privateShare: backupToBitgoShare.encryptedPrivateShare,
           n: backupToBitgoShare.n,
+          v: backupToBitgoShare.v,
         },
       ],
     };

modules/bitgo/test/v2/unit/tss/ecdsa.ts

@@ -84,15 +84,14 @@ describe('Ecdsa tss helper functions tests', function () {
       nock.cleanAll();
     });
 
-    // TODO BG-61214 renable VSS
-    xit('should encrypt n shares foreach user', async function () {
-
+    it('should encrypt n shares foreach user', async function () {
       for (let i = 2; i <= 3; i++) {
         const encryptedNShare = await ECDSAMethods.encryptNShare(userKeyShare, i, bitgoGpgKeypair.publicKey);
         const decryptedNShare = await ECDSAMethods.decryptNShare({ nShare: encryptedNShare, senderPublicArmor: userGpgKeypair.publicKey, recipientPrivateArmor: bitgoGpgKeypair.privateKey });
         decryptedNShare.u.should.equal(userKeyShare.nShares[i].u);
-        const publicKey = userKeyShare.pShare.y + userKeyShare.nShares[3].v + userKeyShare.pShare.chaincode;
+        const publicKey = userKeyShare.pShare.y + userKeyShare.pShare.chaincode;
         encryptedNShare.i.should.equal(i);
+        encryptedNShare.v!.should.equal(userKeyShare.nShares[3].v!);
         encryptedNShare.j.should.equal(1);
         encryptedNShare.publicShare.should.equal(publicKey);
       }
@@ -120,8 +119,7 @@ describe('Ecdsa tss helper functions tests', function () {
       nock.cleanAll();
     });
 
-    // TODO BG-58151 re-enable test
-    xit('should create combined user key', async function () {
+    it('should create combined user key', async function () {
       const bitgoToUserShare = await ECDSAMethods.encryptNShare(bitgoKeyShare, 1, userGpgKeypair.publicKey, false);
       const backupToUserShare = await ECDSAMethods.encryptNShare(backupKeyShare, 1, userGpgKeypair.publicKey, false);
       const combinedUserKey = await createCombinedKey(
@@ -148,8 +146,7 @@ describe('Ecdsa tss helper functions tests', function () {
       should.not.exist(combinedUserKey.signingMaterial.userNShare);
     });
 
-    // TODO BG-61214 renable VSS
-    xit('should create combined backup key', async function () {
+    it('should create combined backup key', async function () {
       const bitgoToBackupShare = await encryptNShare(
         bitgoKeyShare,
         2,
@@ -184,8 +181,7 @@ describe('Ecdsa tss helper functions tests', function () {
       should.not.exist(combinedBackupKey.signingMaterial.backupNShare);
     });
 
-    // TODO BG-58151 re-enable test
-    xit('should fail if common keychains do not match', async function () {
+    it('should fail if common keychains do not match', async function () {
       const bitgoToUserShare = await encryptNShare(
         bitgoKeyShare,
         1,
@@ -213,8 +209,7 @@ describe('Ecdsa tss helper functions tests', function () {
       ).should.be.rejectedWith('Common keychains do not match');
     });
 
-    // TODO BG-58151 re-enable test
-    xit('should fail if gpg keys are mismatched', async function () {
+    it('should fail if gpg keys are mismatched', async function () {
       const bitgoToUserShare = await encryptNShare(
         bitgoKeyShare,
         1,

modules/sdk-core/src/account-lib/mpc/tss/ecdsa/ecdsa.ts

@@ -108,17 +108,16 @@ export default class Ecdsa {
     // Add secret shares
     const x = allShares.map((participant) => hexToBigInt(participant['u'])).reduce(Ecdsa.curve.scalarAdd);
 
-    // TODO BG-61214 renable VSS
-    // // Verify shares.
-    // for (const share of nShares) {
-    //   if ('v' in share) {
-    //     try {
-    //       Ecdsa.shamir.verify(hexToBigInt(share.u), [hexToBigInt(share.y), hexToBigInt(share.v!)], pShare.i);
-    //     } catch (err) {
-    //       throw new Error(`Could not verify share from participant ${share.j}. Verification error: ${err}`);
-    //     }
-    //   }
-    // }
+    // Verify shares.
+    for (const share of nShares) {
+      if (share.v) {
+        try {
+          Ecdsa.shamir.verify(hexToBigInt(share.u), [hexToBigInt(share.y), hexToBigInt(share.v!)], pShare.i);
+        } catch (err) {
+          throw new Error(`Could not verify share from participant ${share.j}. Verification error: ${err}`);
+        }
+      }
+    }
 
     // Chaincode will be used in future when we add support for key derivation for ecdsa
     const chaincodes = [pShare, ...nShares].map(({ chaincode }) => bigIntFromBufferBE(Buffer.from(chaincode, 'hex')));

modules/sdk-core/src/bitgo/keychain/iKeychains.ts

@@ -76,6 +76,7 @@ export interface ApiKeyShare {
   privateShare: string;
   privateShareProof?: string;
   n?: string;
+  v?: string;
 }
 
 export interface CreateBackupOptions {

modules/sdk-core/src/bitgo/tss/ecdsa/ecdsa.ts

@@ -297,10 +297,9 @@ export async function encryptNShare(
 
   const publicShare = Buffer.concat([
     Buffer.from(keyShare.pShare.y, 'hex'),
-    // TODO: BG-61214
-    // Buffer.from(nShare.v!, 'hex'),
     Buffer.from(keyShare.pShare.chaincode, 'hex'),
   ]).toString('hex');
+
   let privateShare;
   if (isbs58Encoded) {
     privateShare = bip32.fromPrivateKey(Buffer.from(nShare.u, 'hex'), Buffer.from(nShare.chaincode, 'hex')).toBase58();
@@ -322,6 +321,7 @@ export async function encryptNShare(
     publicShare,
     encryptedPrivateShare,
     n: nShare.n,
+    v: nShare.v,
   };
 }
 
@@ -364,30 +364,16 @@ export async function decryptNShare(encryptedNShare: DecryptableNShare, isbs58En
     u = priv.slice(0, 64);
   }
 
-  // TODO BG-61214
-  // let v, chaincode: string;
-  // if (encryptedNShare.nShare.publicShare.length > 132) {
-  //   v = encryptedNShare.nShare.publicShare.slice(66, 132);
-  //   chaincode = encryptedNShare.nShare.publicShare.slice(132, 196);
-  // } else {
-  //   chaincode = encryptedNShare.nShare.publicShare.slice(66, 132);
-  // }
-
   const nShare: NShare = {
     i: encryptedNShare.nShare.i,
     j: encryptedNShare.nShare.j,
     n: encryptedNShare.nShare.n,
     y: encryptedNShare.nShare.publicShare.slice(0, 66),
     u: u,
-    // TODO BG-61214
     chaincode: encryptedNShare.nShare.publicShare.slice(66, 130),
+    v: encryptedNShare.nShare.v,
   };
 
-  // TODO BG-61214
-  // if (v) {
-  //   nShare.v = v;
-  // }
-
   return nShare;
 }
 

modules/sdk-core/src/bitgo/tss/ecdsa/types.ts

@@ -39,6 +39,7 @@ export type EncryptedNShare = {
   // signed and encrypted gpg armor
   encryptedPrivateShare: string;
   n: string;
+  v?: string;
 };
 
 // NShare with information needed to decrypt and verify a GPG mesasge

modules/sdk-core/src/bitgo/utils/tss/ecdsa/ecdsa.ts

@@ -281,13 +281,15 @@ export class EcdsaUtils extends baseTSSUtils<KeyShare> {
           publicShare: userToBitgoShare.publicShare,
           privateShare: userToBitgoShare.encryptedPrivateShare,
           n: userToBitgoShare.n,
+          v: userToBitgoShare.v,
         },
         {
           from: 'backup',
           to: 'bitgo',
           publicShare: backupToBitgoShare.publicShare,
           privateShare: backupToBitgoShare.encryptedPrivateShare,
           n: backupToBitgoShare.n,
+          v: backupToBitgoShare.v,
         },
       ],
       userGPGPublicKey: userGpgKey.publicKey,
@@ -465,6 +467,7 @@ export class EcdsaUtils extends baseTSSUtils<KeyShare> {
           publicShare: bitGoToRecipientShare.publicShare,
           encryptedPrivateShare: bitGoToRecipientShare.privateShare,
           n: bitGoToRecipientShare.n!,
+          v: bitGoToRecipientShare.v,
         },
         recipientPrivateArmor: userGpgKey.privateKey,
         senderPublicArmor: bitgoPublicGpgKey.armor(),