Creating fresh destination scripts for every channel in KeysManager

[vss96]

This fixes #1139

[TheBlueMatt]

This is great!....except misses backwards compat in a few places.

[codecov-commenter]

Codecov Report

Base: 90.70% // Head: 90.70% // No change to project coverage 👍

Coverage data is based on head (fb6e018) compared to base (fb6e018).
Patch has no changes to coverable lines.

❗ Current head fb6e018 differs from pull request most recent head 75e7377. Consider uploading reports for the commit 75e7377 to get more accurate results

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1312   +/-   ##
=======================================
  Coverage   90.70%   90.70%           
=======================================
  Files          91       91           
  Lines       48392    48392           
  Branches    48392    48392           
=======================================
  Hits        43893    43893           
  Misses       4499     4499           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[vss96]

@TheBlueMatt do you know why the payment script we create from the pubkey in spendable outputs is not matching the output script? 🤔
The tests are basically failing because of that.

[TheBlueMatt]

Just using a derivation_idx of 3 in the spender doesn't solve it, you have to actually derive using the same pattern in both places.

[vss96]

@TheBlueMatt Does this mean that instead of driving private keys using the derivation_idx, I'm just creating a fresh witness script directly? Right now we derive the private key -> pubkey -> Witness, Payment script.

[TheBlueMatt]

The new derivation you've added here isn't simply a derivation index of 3, which is what you've left in the spending side, both the spending side (the SpendableOutputDescriptor::StaticOutput handling) and the creation side (get_destination_script) need to match exactly.

[vss96]

@TheBlueMatt So I guess the derivation_idx should be the first 8 bytes of the channel_keys_id if the channel_keys_id is present and the output_script matches the new style destination_script. If none of the conditions match just assign the idx to 2. Does that make sense?

[vss96]

Addon question: There is secp engine which is passed to the spenable_outputs method and there is one available as part of the KeysManager. The newly derived destination script are using the KeysManager secp engine. Does that make a difference? Should I be passing the secp engine onto the KeysInterface method as a parameter?

[TheBlueMatt]

@TheBlueMatt So I guess the derivation_idx should be the first 8 bytes of the channel_keys_id if the channel_keys_id is present and the output_script matches the new style destination_script. If none of the conditions match just assign the idx to 2. Does that make sense?

Yep, exactly, the two things just have to match exactly. Now that I look closer, actually, however, I think we should do a two-level derivation for the get_destination_script call - first derive a sub-key at a new, constant, index (I think we dont use 3 yet?) then from there derive something using the channel_keys_id (and then do the same on the spending side).

Should I be passing the secp engine onto the KeysInterface method as a parameter?

Nope, the secp engine doesn't matter at all.

[vss96]

@TheBlueMatt If we are deriving two different destination scripts for get_destination_script under which condition are we gonna return which script? That isn't clear :/

[TheBlueMatt]

@TheBlueMatt If we are deriving two different destination scripts for get_destination_script under which condition are we gonna return which script? That isn't clear :/

Hmm, I'm not sure I understand your question. My understanding of the goal here is to (a) on the creation side, we have a configuration boolean that determines whether we do "old-style" derivation, or "new-style" and (b) on the spending side, we always try new-style (if we have the channel_keys_id available) and then compare to the script that is provided to us in the spend descriptor (we always know the script_pubkey, and can re-generate the expected ones and compare, letting that decide how to spend).

[vss96]

@TheBlueMatt I changed the creation side to create the new style destination script if the flag is set or set the idx to 3. For the tests that are failing, i noticed that both side use the channel_keys_id (spending / creation). Any idea why it's not matching? (the payment script and output script in spendable_outputs)

[TheBlueMatt]

Any idea why it's not matching?

Double check exactly what's derived where -

• in get_destination_script, you derive from channel_master_key at an idx chosen from the channel keys. channel_master_key is derived from master_key at an idx of 3.
• In spend_spendable_outputs you derive from master_key (not channel_master_key) at a variable index.

[TheBlueMatt]

Awesome work getting it all passing! I should have been a bit more clear in my previous feedback, I apologize for that, one suggested change in derivation and I think we're there.

[TheBlueMatt]

It looks like this is unused for the !channel_keys_id.is_some(), maybe just map and leave it as None, then in the if below do if Some(&output.script_pubkey) == destination_script.as_ref()

[TheBlueMatt]

Hmm, I actually liked the two-level derivation - it seems like kinda strange to have two different sets of derivations against the master key - one with a few fixed indexes and one with a random number. I'd strongly prefer to just create a new fixed index (I think 4 is free?) and do the new-style derivations off of that. Obvious the old style derivations will need to stay where they are (fixed at 3 directly off the master).

[vss96]

so basically derive from the channel_master_key at either 3 or 4 (4 for new style), and then derive the byte slice from the channel_keys_id if it's new style?

[TheBlueMatt]

Yep! That sounds great to me.

[vss96]

@TheBlueMatt I'm assuming that we'll have to use and derive the channel master key on the spending side as well? I tried out the changes and have some tests failing 😞

[vss96]

I basically have the assertion for the shutdown pubkey failing (2 tests).

[TheBlueMatt]

We shouldn't be looking at new_style_derivation at all in this method, I think - we can totally have something that had the keys picked in the current version of LDK, but which needs to be spent in a new version with this code. In that case, we have to decide which derivation to use purely based on the output.script_pub_key field, not the setting here.

[TheBlueMatt]

Sorry about the response delay here.

[TheBlueMatt]

Let me know when you want another round of review or if you're stuck getting CI to pass again after trying a few times.

[vss96]

@TheBlueMatt I was afk for a couple of weeks so couldn't do this then (sorry about that).
I'm setting the master_derivation_idx based on whether the spent script matches the old script or not. Ran the tests and it seems like 2 tests are still failing (assertion of the shutdown pubkey seems to be the issue).

[TheBlueMatt]

Looks like you're always deriving a child key here? We should derive a child key if we're doing a new-style derivation, but if we're not we should just use the channel_master_key derivation and use that key directly.

[TheBlueMatt]

Maybe simplify all of this by moving the key derivation into the if's and do it all in one go - ie just use the single above if statement, and do the secret derivation in that if and store the key, instead of figuring out the indexes and then setting a variable based on it.

[TheBlueMatt]

Looks like this needs a rebase to address conflicts with upstream.

[TheBlueMatt]

Let me know when you want another round of review!

[TheBlueMatt]

Needs rebase again, sadly. Do you intend to push this forward?

[vss96]

@TheBlueMatt Hey, been caught up with work. I'll try to work on this and wrap this up soon. Sorry about the massive delay 😓

[TheBlueMatt]

If we're passing a channel_keys_id that's pretty clear indication the method belongs in Sign instead :)

[tnull]

@vss96 Did you close this on purpose, or are you still working on this?

[vss96]

@tnull Working on it, I discarded the commit and started fresh cause the code diverged.

[tnull]

@tnull Working on it, I discarded the commit and started fresh cause the code diverged.

Great to hear, thank you!