multi: store KeyLocator in OpenChannel, use ECDH

This commit adds a RevocationKeyLocator field to the OpenChannel struct so that the SCB derivation doesn't have to brute-force the sha chain root key and match the public key. ECDH derivation is now used to derive the key instead of regular private key derivation a la DerivePrivKey. The legacy can still be used to recover old channels.
2025-08-30 23:53:41 +02:00 · 2020-10-21 13:34:05 -04:00
parent 986e69c81b
commit bb84f0ebc8
6 changed files with 183 additions and 58 deletions
--- a/lnwallet/revocation_producer.go
+++ b/lnwallet/revocation_producer.go
@@ -0,0 +1,51 @@
+// +build !rpctest
+
+package lnwallet
+
+import (
+	"github.com/lightningnetwork/lnd/keychain"
+	"github.com/lightningnetwork/lnd/shachain"
+)
+
+// nextRevocationProducer creates a new revocation producer, deriving the
+// revocation root by applying ECDH to a new key from our revocation root family
+// and the multisig key we use for the channel.
+func (l *LightningWallet) nextRevocationProducer(res *ChannelReservation,
+	keyRing keychain.KeyRing) (shachain.Producer, error) {
+
+	// Derive the next key in the revocation root family.
+	nextRevocationKeyDesc, err := keyRing.DeriveNextKey(
+		keychain.KeyFamilyRevocationRoot,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// If the DeriveNextKey call returns the first key with Index 0, we need
+	// to re-derive the key as the keychain/btcwallet.go DerivePrivKey call
+	// special-cases Index 0.
+	if nextRevocationKeyDesc.Index == 0 {
+		nextRevocationKeyDesc, err = keyRing.DeriveNextKey(
+			keychain.KeyFamilyRevocationRoot,
+		)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	res.nextRevocationKeyLoc = nextRevocationKeyDesc.KeyLocator
+
+	// Perform an ECDH operation between the private key described in
+	// nextRevocationKeyDesc and our public multisig key. The result will be
+	// used to seed the revocation producer.
+	revRoot, err := l.ECDH(
+		nextRevocationKeyDesc, res.ourContribution.MultiSigKey.PubKey,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// Once we have the root, we can then generate our shachain producer
+	// and from that generate the per-commitment point.
+	return shachain.NewRevocationProducer(revRoot), nil
+}