Trait SparkSignerFrostSigning

pub trait SparkSignerFrostSigning {
    // Required methods
    fn sign_frost(
        &self,
        signing_jobs: Vec<FrostSigningJob>,
    ) -> Result<SignFrostResponse, SparkSdkError>;
    fn aggregate_frost(
        &self,
        request: AggregateFrostRequest,
    ) -> Result<AggregateFrostResponse, SparkSdkError>;
    fn sign_created_tree_in_bfs_order(
        &self,
        tx: Transaction,
        vout: u32,
        internal_tree_root: Arc<RwLock<DepositAddressTree>>,
        request_tree_root: CreationNode,
        creation_result_tree_root: CreationResponseNode,
    ) -> Result<(Vec<NodeSignatures>, Vec<Vec<u8>>), SparkSdkError>;
    fn sign_transfer_refunds(
        &self,
        leaf_data_map: &HashMap<String, LeafRefundSigningData>,
        operator_signing_results: &Vec<LeafRefundTxSigningResult>,
        adaptor_public_key: Vec<u8>,
    ) -> Result<Vec<NodeSignatures>, SparkSdkError>;
    fn sign_for_lightning_swap(
        &self,
        leaves: &Vec<LeafKeyTweak>,
        signing_commitments: &Vec<RequestedSigningCommitments>,
        receiver_identity_pubkey: PublicKey,
    ) -> Result<(SignFrostResponse, Vec<Vec<u8>>, Vec<SigningCommitment>), SparkSdkError>;
    fn sign_root_creation(
        &self,
        signing_pubkey_bytes: Vec<u8>,
        verifying_pubkey_bytes: Vec<u8>,
        root_tx_bytes: Vec<u8>,
        refund_tx_bytes: Vec<u8>,
        root_tx_sighash: Vec<u8>,
        refund_tx_sighash: Vec<u8>,
        root_nonce_commitment: SigningCommitments,
        refund_nonce_commitment: SigningCommitments,
        tree_creation_response: StartTreeCreationResponse,
    ) -> Result<Vec<Vec<u8>>, SparkSdkError>;
    fn sign_frost_new(
        &self,
        message: Vec<u8>,
        private_as_pubkey: Vec<u8>,
        verifying_key: Vec<u8>,
        self_commitment: SigningCommitments,
        spark_commitments: HashMap<String, SigningCommitment>,
        adaptor_public_key: Option<Vec<u8>>,
    ) -> Result<Vec<u8>, SparkSdkError>;
}

Trait for FROST threshold signing operations in the Spark wallet.

This trait provides methods for performing threshold signing using the FROST (Flexible Round-Optimized Schnorr Threshold) protocol. FROST enables multiple parties (the user and Spark Operators) to jointly sign a message without revealing their private keys.

In the Spark protocol, FROST signing is used for:

• Signing Bitcoin transactions on leaves (UTXOs)
• Creating refund transactions for security guarantees
• Facilitating Lightning Network operations
• Supporting deposit address creation

The implementation is customized to support Taproot tweaking, allowing compatibility with Bitcoin’s Taproot script system while maintaining the security properties of threshold signatures.

Required Methods

fn sign_frost( &self, signing_jobs: Vec<FrostSigningJob>, ) -> Result<SignFrostResponse, SparkSdkError>

Signs messages using the FROST threshold signature scheme.

This method generates signature shares for a set of signing jobs. Each job represents a distinct message to be signed with a specific key and set of participants.

Arguments

• signing_jobs - A vector of FrostSigningJob objects, each containing:
  • The message to sign
  • The key package (containing signing material)
  • The verifying key
  • Nonce commitments from all participants
  • Optional adaptor public key for adaptor signatures

Returns

• Ok(SignFrostResponse) - Contains the generated signature shares for each job
• Err(SparkSdkError) - If signing fails for any reason

Security Considerations

The security of FROST depends on proper nonce generation. The implementation should ensure nonces are never reused for different messages.

fn aggregate_frost( &self, request: AggregateFrostRequest, ) -> Result<AggregateFrostResponse, SparkSdkError>

Aggregates multiple FROST signature shares into a complete signature.

This method combines signature shares from all participants (the user and Spark Operators) into a single signature that can be verified using the threshold public key.

Arguments

• request - An AggregateFrostRequest containing:
  • The message that was signed
  • Signature shares from all participants
  • Public key shares from all participants
  • The verifying key (threshold public key)
  • Nonce commitments from all participants
  • Optional adaptor public key for adaptor signatures

Returns

• Ok(AggregateFrostResponse) - Contains the aggregated signature
• Err(SparkSdkError) - If aggregation fails

Security Considerations

The aggregation process must verify that all signature shares are valid before combining them to prevent rogue key attacks.

fn sign_created_tree_in_bfs_order( &self, tx: Transaction, vout: u32, internal_tree_root: Arc<RwLock<DepositAddressTree>>, request_tree_root: CreationNode, creation_result_tree_root: CreationResponseNode, ) -> Result<(Vec<NodeSignatures>, Vec<Vec<u8>>), SparkSdkError>

Signs all nodes in a deposit tree in breadth-first order.

This method traverses a deposit tree structure and signs each node’s transaction and refund transaction using FROST. The tree represents a hierarchical structure of UTXOs created during the deposit process.

Arguments

• tx - The parent transaction for the tree
• vout - The output index in the parent transaction
• internal_tree_root - The root of the internal tree structure
• request_tree_root - The tree creation request data
• creation_result_tree_root - The tree creation response data containing operator signatures

Returns

• Ok((Vec<NodeSignatures>, Vec<Vec<u8>>)) - Contains:
  • Signatures for each node in the tree
  • The signing public keys used
• Err(SparkSdkError) - If signing fails for any node

fn sign_transfer_refunds( &self, leaf_data_map: &HashMap<String, LeafRefundSigningData>, operator_signing_results: &Vec<LeafRefundTxSigningResult>, adaptor_public_key: Vec<u8>, ) -> Result<Vec<NodeSignatures>, SparkSdkError>

Signs refund transactions for transfer leaves.

This method signs refund transactions that provide security guarantees during transfers. Refund transactions allow the user to recover funds in case the transfer process is interrupted.

Arguments

• leaf_data_map - A map of leaf IDs to their refund signing data
• operator_signing_results - Signature shares from Spark Operators
• adaptor_public_key - Public key used for adaptor signatures

Returns

• Ok(Vec<NodeSignatures>) - Signatures for each refund transaction
• Err(SparkSdkError) - If signing fails for any refund transaction

fn sign_for_lightning_swap( &self, leaves: &Vec<LeafKeyTweak>, signing_commitments: &Vec<RequestedSigningCommitments>, receiver_identity_pubkey: PublicKey, ) -> Result<(SignFrostResponse, Vec<Vec<u8>>, Vec<SigningCommitment>), SparkSdkError>

Signs transactions for a Lightning swap operation.

This method generates signatures for transactions involved in a Lightning payment, where the user’s leaves are swapped with the SSP in exchange for the Lightning payment execution.

Arguments

• leaves - The leaves involved in the swap
• signing_commitments - Nonce commitments for signing
• receiver_identity_pubkey - The identity public key of the receiver

Returns

• Ok((SignFrostResponse, Vec<Vec<u8>>, Vec<SigningCommitment>)) - Contains:
  • The signature shares
  • The refund transaction data
  • The user’s signing commitments
• Err(SparkSdkError) - If signing fails

fn sign_root_creation( &self, signing_pubkey_bytes: Vec<u8>, verifying_pubkey_bytes: Vec<u8>, root_tx_bytes: Vec<u8>, refund_tx_bytes: Vec<u8>, root_tx_sighash: Vec<u8>, refund_tx_sighash: Vec<u8>, root_nonce_commitment: SigningCommitments, refund_nonce_commitment: SigningCommitments, tree_creation_response: StartTreeCreationResponse, ) -> Result<Vec<Vec<u8>>, SparkSdkError>

Signs root node and refund transactions during tree creation.

This method signs the root node transaction and its corresponding refund transaction during the deposit tree creation process.

Arguments

• signing_pubkey_bytes - The signing public key as bytes
• verifying_pubkey_bytes - The verifying public key as bytes
• root_tx_bytes - The root transaction bytes
• refund_tx_bytes - The refund transaction bytes
• root_tx_sighash - The sighash of the root transaction
• refund_tx_sighash - The sighash of the refund transaction
• root_nonce_commitment - Nonce commitment for the root transaction
• refund_nonce_commitment - Nonce commitment for the refund transaction
• tree_creation_response - Response from Spark Operators with their signature shares

Returns

• Ok(Vec<Vec<u8>>) - Signatures for the root and refund transactions
• Err(SparkSdkError) - If signing fails

fn sign_frost_new( &self, message: Vec<u8>, private_as_pubkey: Vec<u8>, verifying_key: Vec<u8>, self_commitment: SigningCommitments, spark_commitments: HashMap<String, SigningCommitment>, adaptor_public_key: Option<Vec<u8>>, ) -> Result<Vec<u8>, SparkSdkError>

Signs a message using the new FROST signing flow.

This is an improved signing method that provides a more streamlined interface for FROST signing operations.

Arguments

• message - The message to sign
• private_as_pubkey - The private key represented as a public key (for lookup)
• verifying_key - The verifying key for signature verification
• self_commitment - The user’s nonce commitment
• spark_commitments - Nonce commitments from Spark Operators
• adaptor_public_key - Optional adaptor public key for adaptor signatures

Returns

• Ok(Vec<u8>) - The signature share
• Err(SparkSdkError) - If signing fails

Implementors

impl SparkSignerFrostSigning for DefaultSigner