chore(sdk-lib-mpc): bump @bitgo/wasm-mps to 1.8.2#9101
Draft
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
Draft
chore(sdk-lib-mpc): bump @bitgo/wasm-mps to 1.8.2#9101bitgo-ai-agent-dev[bot] wants to merge 1 commit into
bitgo-ai-agent-dev[bot] wants to merge 1 commit into
Conversation
Ticket: WCI-793 Session-Id: 01cf0284-3429-472d-8205-b7ef491d6426 Task-Id: 2a3decb6-9318-4219-94b3-21a0acdfebfb
bitgo-ai-agent-dev
Bot
force-pushed
the
wci-793-bump-wasm-mps
branch
from
a92f175 to
4a8c2f0
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
@bitgo/wasm-mpsfrom1.8.1to1.8.2inmodules/sdk-lib-mpc.yarn.lockfor the new tarball.No other code or test changes — this is an intentionally minimal bump to surface what breaks.
Why
Step toward WCI-644 (remove the
deriveUnhardenedMpsworkaround and usederiveUnhardenedconsistently). The Linear ticket originally targeted1.9.0; opening as1.8.2first to scope the blast radius.Known breakage to discuss
Running unit tests with
1.8.2reveals that the wasm-mps DSG derivation formula appears to have already changed under signing, even on this patch bump. Concretely:sdk-lib-mpc—test/unit/tss/eddsa/derive.ts(2 failing):DSG at "m/0" should verify against deriveUnhardenedMps result at "m/0"— fails.DSG at "m/0/1" should verify against deriveUnhardenedMps result at "m/0/1"— fails.sdk-core—test/unit/bitgo/utils/tss/eddsa/eddsaMPCv2.ts(2 failing):signRecoveryEddsaMPCv2 › should return a 64-byte signature that verifies against the derived public key—EdDSA MPCv2 recovery signature verification failed.signRecoveryEddsaMPCv2 › should throw when the signed message is different from the verified message— same error insidesignRecoveryEddsaMPCv2.In my local investigation against the freshly installed wasm-mps:
m/0,m/1, …) verify againstEd25519Bip32HdTree.publicDerive(the Cardano BIP32-Ed25519 formula used byEddsa.deriveUnhardened), but not againstderiveUnhardenedMps(old Silence Labs formula).m/0/0,m/0/1, …) verify against neither — couldn't reproduce the DSG result with any combination of BIP32 / MPS formulas in JS.This suggests
1.8.2already aligns DSG signing with the unifiedderiveUnhardenedformula for at least single-level paths, which is the eventual goal of WCI-644 — but multi-level paths may need a separate look (could be a wasm-mps bug, or a derivation scheme we don't know about yet).Test plan
1.8.2and align on next steps.deriveUnhardenedMps→deriveUnhardenedmigration in WCI-644, or (b) include the migration here.Ticket: WCI-793