MuSig2Sign

MuSig2Sign (experimental!) creates a partial signature using the local signing key that was specified when the session was created. This can only be called when all public nonces of all participants are known and have been registered with the session. If this node isn't responsible for combining all the partial signatures, then the cleanup flag should be set, indicating that the session can be removed from memory once the signature was produced.

NOTE: The MuSig2 BIP is not final yet and therefore this API must be considered to be HIGHLY EXPERIMENTAL and subject to change in upcoming releases. Backward compatibility is not guaranteed!

Source: signrpc/signer.proto

gRPC

rpc MuSig2Sign (MuSig2SignRequest) returns (MuSig2SignResponse);

REST

HTTP Method	Path
POST	/v2/signer/musig2/sign

Code Samples

gRPC

Javascript

const fs = require('fs');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');

const GRPC_HOST = 'localhost:10009'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
const TLS_PATH = 'LND_DIR/tls.cert'

const loaderOptions = {
  keepCase: true,
  longs: String,
  enums: String,
  defaults: true,
  oneofs: true,
};
const packageDefinition = protoLoader.loadSync(['lightning.proto', 'signrpc/signer.proto'], loaderOptions);
const signrpc = grpc.loadPackageDefinition(packageDefinition).signrpc;
process.env.GRPC_SSL_CIPHER_SUITES = 'HIGH+ECDSA';
const tlsCert = fs.readFileSync(TLS_PATH);
const sslCreds = grpc.credentials.createSsl(tlsCert);
const macaroon = fs.readFileSync(MACAROON_PATH).toString('hex');
const macaroonCreds = grpc.credentials.createFromMetadataGenerator(function(args, callback) {
  let metadata = new grpc.Metadata();
  metadata.add('macaroon', macaroon);
  callback(null, metadata);
});
let creds = grpc.credentials.combineChannelCredentials(sslCreds, macaroonCreds);
let client = new signrpc.Signer(GRPC_HOST, creds);
let request = {
  session_id: <bytes>,
  message_digest: <bytes>,
  cleanup: <bool>,
};
client.muSig2Sign(request, function(err, response) {
  console.log(response);
});
// Console output:
//  {
//    "local_partial_signature": <bytes>,
//  }

Python

import codecs, grpc, os
# Generate the following 2 modules by compiling the signrpc/signer.proto with the grpcio-tools.
# See https://github.com/lightningnetwork/lnd/blob/master/docs/grpc/python.md for instructions.
import signer_pb2 as signrpc, signer_pb2_grpc as signerstub

GRPC_HOST = 'localhost:10009'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'

# create macaroon credentials
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
def metadata_callback(context, callback):
  callback([('macaroon', macaroon)], None)
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# create SSL credentials
os.environ['GRPC_SSL_CIPHER_SUITES'] = 'HIGH+ECDSA'
cert = open(TLS_PATH, 'rb').read()
ssl_creds = grpc.ssl_channel_credentials(cert)
# combine macaroon and SSL credentials
combined_creds = grpc.composite_channel_credentials(ssl_creds, auth_creds)
# make the request
channel = grpc.secure_channel(GRPC_HOST, combined_creds)
stub = signerstub.SignerStub(channel)
request = signrpc.MuSig2SignRequest(
  session_id=<bytes>,
  message_digest=<bytes>,
  cleanup=<bool>,
)
response = stub.MuSig2Sign(request)
print(response)
# {
#    "local_partial_signature": <bytes>,
# }

REST

Javascript

const fs = require('fs');
const request = require('request');

const REST_HOST = 'localhost:8080'
const MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'

let requestBody = {
  session_id: <string>, // <bytes> (base64 encoded)
  message_digest: <string>, // <bytes> (base64 encoded)
  cleanup: <boolean>, // <bool> 
};
let options = {
  url: `https://${REST_HOST}/v2/signer/musig2/sign`,
  // Work-around for self-signed certificates.
  rejectUnauthorized: false,
  json: true,
  headers: {
    'Grpc-Metadata-macaroon': fs.readFileSync(MACAROON_PATH).toString('hex'),
  },
  form: JSON.stringify(requestBody),
}
request.post(options, function(error, response, body) {
  console.log(body);
});
// Console output:
//  {
//    "local_partial_signature": <string>, // <bytes> 
//  }

Python

import base64, codecs, json, requests

REST_HOST = 'localhost:8080'
MACAROON_PATH = 'LND_DIR/data/chain/bitcoin/regtest/admin.macaroon'
TLS_PATH = 'LND_DIR/tls.cert'

url = f'https://{REST_HOST}/v2/signer/musig2/sign'
macaroon = codecs.encode(open(MACAROON_PATH, 'rb').read(), 'hex')
headers = {'Grpc-Metadata-macaroon': macaroon}
data = {
  'session_id': base64.b64encode(<bytes>),
  'message_digest': base64.b64encode(<bytes>),
  'cleanup': <bool>,
}
r = requests.post(url, headers=headers, data=json.dumps(data), verify=TLS_PATH)
print(r.json())
# {
#    "local_partial_signature": <bytes>,
# }

Shell

# There is no CLI command for this RPC

Messages

signrpc.MuSig2SignRequest

Source: signrpc/signer.proto

Field	gRPC Type	REST Type	REST Placement
session_id The unique ID of the signing session to use for signing.	bytes	string	body
message_digest The 32-byte SHA256 digest of the message to sign.	bytes	string	body
cleanup Cleanup indicates that after signing, the session state can be cleaned up, since another participant is going to be responsible for combining the partial signatures.	bool	boolean	body

signrpc.MuSig2SignResponse

Source: signrpc/signer.proto

Field	gRPC Type	REST Type
local_partial_signature The partial signature created by the local signer.	bytes	string