FROST/ROAST readiness branch by mswilkison · Pull Request #3866 · threshold-network/keep-core

mswilkison · 2026-02-19T20:58:37Z

Current State (as of 2026-05-17)

This draft PR is the umbrella readiness branch for feat/frost-schnorr-migration-scaffold.
It is being kept current with main so it can become a direct merge target if the FROST/ROAST stack is approved for activation.

It remains in draft until the remaining phase-gate, governance, and cross-repository readiness items are closed.

Canonical Status Sources

Cross-repo migration tracker: docs/frost-migration/external-repository-tracking.md (in tlabs-xyz/tbtc)
Companion tBTC umbrella draft: https://github.com/tlabs-xyz/tbtc/pull/10
Latest readiness audit: docs/reviews/frost-roast-production-readiness-2026-05-16.md (in tlabs-xyz/tbtc)

Latest Refresh

Merged current main into this branch.
Local verification passed for the FROST signing package and tBTC signer backend paths, with and without frost_native.
Local verification also passed the native TBTC signer-path tests covering the FFI signing primitive and signing executor.

Remaining Cross-Repo Closure Items

Wait for CI from the latest refresh to complete.
Capture the first post-fix funded nightly live run artifact for Phase 4.
Record final approver signoff in the Phase 4 decision/packet docs.
Execute external org archive/redirect mapping and record results.

Notes

Keep this PR in draft until the activation decision is explicit.
Treat it as the readiness branch for the integrated keep-core side of the stack, not only a historical index.

Stacked on feat/frost-schnorr-migration-scaffold. Adds Taproot tweak helpers and per-input merkle-root metadata for tweaked P2TR key-path inputs, routes wallet signing through root-aware FROST/tbtc-signer requests, and verifies native aggregates against the tweaked output key. Also adds Taproot-native, refund-preserving deposit sweep support: Bridge/WalletProposalValidator bindings for TaprootDepositRevealed and validateTaprootDepositSweepProposal, Taproot refund script and merkle-root derivation, proposal generation that separates legacy and Taproot deposits, Taproot sweep assembly with per-input merkle roots, P2TR wallet main UTXO/change outputs, and Electrum script-based P2TR wallet UTXO discovery. Verification: go test ./pkg/bitcoin ./pkg/tbtc ./pkg/tbtcpg ./pkg/chain/ethereum; go test ./pkg/...; go test -tags frost_native ./pkg/frost/signing ./pkg/tbtc -run 'TestMessageDigestFromBigInt|TestBuildTaggedLegacyCompatibleNativeExecutionFFISigningPrimitive_Sign_NativeFROSTPath|TestExecuteBuildTaggedTBTCSignerBootstrapCoarseRound|TestWalletTransactionExecutor_SignTransaction|TestSigningExecutor'; go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/frost/signing.

## Summary - route tBTC operator recognition, authorization, and sortition-pool checks through the FROST wallet registry when FROST authorization is configured - use the FROST sortition pool for pool/reward/chaosnet status in FROST mode - update generated FROST bindings and DKG result conversion types for the current contract ABI ## Why The local FROST testnet run showed that allowlisted operators could be provisioned on-chain, but keep-core still needed to use the FROST authorization source and sortition pool instead of the legacy ECDSA/staking path for operator lifecycle checks. ## Validation - `go test ./pkg/chain/ethereum ./pkg/tbtc`

## Summary - register the build-tagged tbtc-signer bridge as the native FROST DKG engine and the full native FROST signing engine - add Go request/response adapters for the new interactive Rust ABI from #4011 - keep old/missing signer builds fail-closed through `ErrNativeCryptographyUnavailable` - disable legacy ECDSA DKG execution when the configured pre-parameters pool size is zero, so FROST-only local/testnet runs do not require an unused ECDSA preparams pipeline - reject Schnorr/FROST signing executors for non-Taproot transaction inputs before threshold signing begins - add registration coverage plus an optional linked-dylib smoke test that runs DKG, signing, aggregation, and BIP340 verification when the Rust symbols are present ## Stack - base: #4010 - requires Rust signer ABI: #4011 ## Testnet rehearsal note The local FROST testnet reached threshold signing for a real revealed Bitcoin testnet deposit and produced a native aggregate signature. The action then failed while applying the signature because the deposit sweep input was a legacy P2WSH deposit output requiring ECDSA semantics, not a Taproot key-path wallet input. This PR now fails closed earlier for that class of mismatch: a Schnorr/FROST signing executor will not sign non-P2TR transaction inputs. This does not make legacy deposits sweepable by FROST; it prevents wasting a threshold signing round and producing a misleading invalid-signature failure. ## Validation - `go test -tags 'frost_native frost_tbtc_signer' ./pkg/frost/signing` - `CGO_LDFLAGS='-L/private/tmp/keep-core-pr4005-worktree/pkg/tbtc/signer/target/debug -lfrost_tbtc' DYLD_LIBRARY_PATH=/private/tmp/keep-core-pr4005-worktree/pkg/tbtc/signer/target/debug go test -tags 'frost_native frost_tbtc_signer' ./pkg/frost/signing -run TestBuildTaggedTBTCSignerInteractiveFROSTBridge_WithLinkedSigner -count=1 -v` - `KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true go test -tags 'frost_native frost_tbtc_signer' ./pkg/tbtc` - `go test ./pkg/tbtc -run 'TestWalletTransactionExecutor_SignTransaction_RejectsSchnorrForLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_RejectsMixedTaprootAndLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_AddsTaprootKeyPathWitness|TestDkgExecutor_DisablesECDSAPreParamsWhenPoolSizeZero'` - `go test -tags frost_native ./pkg/tbtc -run 'TestWalletTransactionExecutor_SignTransaction_RejectsSchnorrForLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_RejectsMixedTaprootAndLegacyInputsBeforeSigning|TestWalletTransactionExecutor_SignTransaction_AddsTaprootKeyPathWitness|TestDkgExecutor_DisablesECDSAPreParamsWhenPoolSizeZero|TestCalculateWalletIDForSigner_FrostUniFFIV2UsesXOnlyOutputKey'` Note: without `KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true`, the broad `pkg/tbtc` run fails on existing scaffold-era legacy private-key-share fixtures, not on this bridge registration change.

## Summary - stop the frost_tbtc_signer build from registering the tbtc-signer bridge as the generic UniFFI FROST DKG/signing engine - ensure new FROST DKG prefers coarse frost-tbtc-signer-v1 material if a tbtc-signer engine is available - add regression coverage so fresh FROST DKG cannot emit frost-uniffi-v2 material in the tbtc-signer stack ## Why The private testnet E2E reached Taproot deposit sweep signing with a wallet generated as frost-uniffi-v2. That material cannot produce Taproot-tweaked signatures, so real Taproot deposits would be stuck at sweep signing. The production FROST rollout should only generate tbtc-signer-backed FROST wallet material. ## Tests - go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/frost/signing -run 'TestRegisterBuildTaggedTBTCSignerEngine|TestBuildTaggedTBTCSignerInteractiveFROSTBridge_WithLinkedSigner' - go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/tbtc -run 'TestExecuteFrostDKG_PrefersTBTCSignerMaterial|TestOutputKeyFromTBTCSignerDKGResult' - go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/frost/signing - KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/tbtc

## Summary - Require the tbtc-signer engine for FROST DKG output and stop falling back to the generic UniFFI FROST DKG path - Reject unsupported `frost-uniffi-v2` signer material before signing, group-key extraction, Taproot output-key extraction, and FROST wallet-ID derivation - Remove the UniFFI FROST wrapper adapters/tests while keeping the tbtc-signer ABI smoke coverage and legacy `frost-uniffi-v1` ECDSA compatibility ## Rationale `frost-uniffi-v2` is not a production compatibility format. It cannot produce Taproot-tweaked signatures, so a FROST wallet using it can accept Taproot deposits that are effectively unsweepable. This PR fails closed before new FROST wallet material or BTC deposits can be created on that unsupported path. ## Tests - `go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/frost/signing` - `KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/tbtc` - `go test -tags 'frost_native frost_tbtc_signer frost_roast_retry cgo' ./pkg/frost/signing` Stacked on #4020.

## Summary - remove the unregistered generic native FROST signing and DKG protocol orchestration - keep the supported tbtc-signer coarse path and its ROAST/attempt-context round contribution flow intact - retarget attempt-context and overflow tests to the surviving tbtc-signer contribution messages - drop obsolete generic native DKG startup/unmarshaller registration ## Validation - go test ./pkg/frost/signing - go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/frost/signing - go test -tags 'frost_native frost_tbtc_signer frost_roast_retry cgo' ./pkg/frost/signing - KEEP_CORE_FROST_TBTC_SIGNER_ACCEPT_SCAFFOLD_KEY_GROUP=true go test -tags 'frost_native frost_tbtc_signer cgo' ./pkg/tbtc

maclane added 3 commits February 19, 2026 14:47

Add FROST migration scaffold package and RFC

a1b3e12

Set Schnorr/FROST RFC author to Threshold Labs

2d0a5c8

Wire tbtc runtime signing flow to frost signature types

fc58fed

mswilkison changed the title ~~Draft: Add Schnorr/FROST migration scaffold package and RFC~~ Draft: Add Schnorr/FROST scaffold and tBTC runtime signing adapter slice Feb 20, 2026

maclane added 26 commits February 20, 2026 09:30

Add FROST retry and coordinator attempt metadata path

2702c7a

Fix triplet retry eligibility to use third operator seat count

3fc7c9f

Add pluggable FROST signing backend execution seam

b57775a

Wire tbtc config to selectable FROST signing backend

952946f

Add native FROST signing backend scaffold

0df807c

Expose tbtc FROST signing backend CLI flag

7817a13

Add build-tagged native FROST adapter bootstrap

fc4c750

Test FROST backend selection in node startup

f85b3d5

Execute native-tag FROST adapter via legacy bridge

01ea9f4

Harden backend-state test guidance after interim review

9734656

Add native bridge scaffold with fallback routing

f57aa09

Split native and ffi backend fallback semantics

7efb2f9

Fail fast for strict ffi mode availability

e42bf43

Add dynamic native bridge registration for ffi

606e73d

Register build-tagged bridge for strict ffi path

d007635

frost/signing: add ffi executor registration path

8e23f5e

frost/signing: restore mode on failed backend selection

ed642b2

frost/signing: decouple request signer material from tecdsa share

74e894c

frost/tbtc: thread generic signer material through execute request

656f62f

frost/signing: add native signer material and ffi adapter contract

83bf3af

frost/signing: include transport context in ffi adapter request

3083e15

tbtc: persist native signer material envelope in signer state

31026eb

frost/native: fallback when ffi signer material is unavailable

a1525a0

tbtc: add signer-material resolver hook for dkg signer creation

eeaad8f

frost/native: add provider-based build registration hooks

4069ffe

frost/native: wire default transitional provider integrations

c3e8b02

mswilkison added 30 commits June 5, 2026 16:39

Support Taproot redemption SPV proofs

06db137

Bound Taproot signing sessions compactly

74349a0

Preserve live Bridge wallets without ECDSA registration

6e54cb8

Prefer Taproot reveal data for deposit sweeps

6d9709e

Parse Taproot deposit sweep SPV inputs

20e6af3

Preserve pending FROST wallets before registration

011fa01

Keep moving funds legacy-only

3375dcc

Include tBTC generated bindings in Docker build

6f76f1d

Use headers for Ethereum timestamp lookup

1084e43

Skip Ethereum timestamp integration test on RPC rate limit

2632ba4

Deduplicate Taproot deposit reveal events

4367fd0

Preserve legacy tbtc-signer wallet ID fallback

bf71053

Reject unsupported Taproot legacy sweep paths

cc7bb41

Assert production FROST registry availability

ee730af

Preserve legacy signer classification in native mode

8e70507

Consume native FROST nonces after signing

74e258a

Recognize legacy native signer material by default

65016d9

Keep legacy operator IDs during FROST routing

e408b0b

Merge FROST scaffold updates into authorization routing

f387447

Preserve FROST eligible weight recognition check

dc251e3

Merge FROST scaffold updates into tbtc-signer engine registration

fe6258e

Prevent UniFFI FROST wallet material generation

1d6da59

Remove unsupported UniFFI FROST material path

3c44ce7

Remove unreachable generic FROST protocol scaffolding

1c692bf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FROST/ROAST readiness branch#3866

FROST/ROAST readiness branch#3866
mswilkison wants to merge 240 commits into
mainfrom
feat/frost-schnorr-migration-scaffold

mswilkison commented Feb 19, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

mswilkison commented Feb 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Current State (as of 2026-05-17)

Canonical Status Sources

Latest Refresh

Remaining Cross-Repo Closure Items

Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

mswilkison commented Feb 19, 2026 •

edited

Loading