Add BIP0322 Proof of Funds to RegisterInputsForNextRoundRequest

[louisinger]

update: #485 (comment)

This PR deletes the nostr notifications system and replace it by a simple GetNote API. OwnershipProof is also replaced by BIP0322 "Proof of Funds".

GetNote

GetNote RPC expects bip322_signature and the associated message. If the signature is valid, the server returns a note where amount = sum of bip322_signature outpoints. The server also mark the VTXOs as spent in DB to prevent cheating.

BIP0322 Proof of funds

common.bip322 package is standalone and follows the BIP0322 specifications ⚠️ except that it doesn't verify the inputs sequence in order to allow the proof to be used for offchain outpoints.

The message must be the current Unix timestamp. It is considered valid by the server if and only if it is close to current timestamp.

CLI and SDK

sdk.RecoverSweptVtxos or ark recover CLI command automatically fetch swept and unspent VTXOs, create a BIP0322 signature, fetch the associated note and redeem it.

it closes #484
it closes #483

@altafan @Kukks please review

[Kukks]

Couldn't one simply use the VTXO ownership proof in itself as a note? The api to exchange a proof for a vtxo is redundant:

This flow:

• VTXO expires/gets swept
• Wallet goes online, detected expired vtxo
• Wallet creates proof, send to GetNote
• Server returns note
• Wallet redeems note for new VTXO

Proposed flow:

• VTXO expires/gets swept
• Wallet goes online, detected expired vtxo
• Wallet creates proof and registers it as input for next batch

[louisinger]

Proposed flow:

• VTXO expires/gets swept
• Wallet goes online, detected expired vtxo
• Wallet creates proof and registers it as input for next batch

I agree, but if we do that, we should be able to register also the not expired VTXOs in the same proof no ? If I have 1 VTXO not swept + 1 expired VTXO, I create a proof containing both outpoints and use it as input ?

something like:

message RegisterInputsForNextRoundRequest {
  repeated TaprootTree revealed_taproot_tree = 1; // reveal tapscripts of unspent & not expired vtxos
  repeated string notes = 2;
  string bip322_signature = 3; // proof of funds for "inputs" array + swept vtxos you want to recover
}

[louisinger]

According to the latest discussion, I've removed the GetNote RPC and reworked the inputs' registration flow:

message RegisterInputsForNextRoundRequest {
  map<string, Tapscripts> tapscripts = 1; 
  Bip322Signature bip322_signature = 2;
  repeated string notes = 3;
}

To register inputs, users must provide a valid BIP322 signature signing a timestamp message. The server accepts the signature if now - timestamp < 15 seconds.

The BIP322 proof of funds tx may include:

• boarding UTXOs
• unspent VTXOs
• recoverable VTXOs (expired but unspent)

map<string, Tapscripts> tapscripts = 1; field should contain the revealed tapscripts for boarding and unspent VTXOs.

[bordalix]

To register inputs, users must provide a valid BIP322 signature signing a timestamp message. The server accepts the signature if now - timestamp < 15 seconds.

Fragile:

1. It should be abs(now - timestamp) < 15 seconds
2. What are the limitations for this period?
3. Why only 15 seconds?

[louisinger]

1. It should be abs(now - timestamp) < 15 seconds

not clear why ? timestamp should always be smaller than "now". I mean timestamp in the future should always be rejected by the server.

2. What are the limitations for this period?
3. Why only 15 seconds?

It can be anything, the idea was to set a small enough delta so the proof can't be reused if intercepted. In fact maybe this delta should be the signer's choice / cc @Kukks ?

[louisinger]

Converted to draft, I need to update the BIP322 proof with :

• allow outputs to be specified in the proof tx
• convert to PSBT
• specify taprootTree in the proof
• specify onchain output in the proof

[Kukks]

Converted to draft, I need to update the BIP322 proof with :

• allow outputs to be specified in the proof tx
• convert to PSBT
• specify taprootTree in the proof
• specify onchain output in the proof

After chat, we will not use psbt after all and stay compatible with BIP322. We will insert the data as a json inside the challenge message, something like

{
 "onchainOutputs": [0, 3...], (indexes)
 "inputTapTrees": [hex_encoded_tree, ...]
 (optional) "createdAt": timestamp
 (optional) "expiry": timestamp