Skip to content

libwallet: sign payment proofs with the key matching the addressed index#1

Draft
2ro wants to merge 1 commit into
GetGrin:masterfrom
2ro:proof-address-index
Draft

libwallet: sign payment proofs with the key matching the addressed index#1
2ro wants to merge 1 commit into
GetGrin:masterfrom
2ro:proof-address-index

Conversation

@2ro

@2ro 2ro commented Jul 6, 2026

Copy link
Copy Markdown

The receive path created the payment-proof signature with the index-0 key regardless of which of the wallet's derived proof addresses the sender paid to, so a payment addressed to any non-zero derivation index failed the sender's finalize-time signature check (verify_slate_payment_proof). The new address::proof_address_derivation_index detects the addressed index (0 probed first — an ordinary receive costs one derivation exactly as before; scan bounded by MAX_PROOF_ADDRESS_INDEX = 1023) and receive_tx signs with the MATCHING key; an address outside the bound falls back to index 0, the old behavior. verify_payment_proof's is-this-mine test likewise now recognizes any derived address, not only index 0.

Tests: minted indices derive pairwise-distinct addresses and map back to exactly their index (foreign addresses are never claimed); and the full round trip — mint at index 7, receive-side detection, proof signed with index 7's key — VERIFIES under the sender's finalize-time check while the old pinned index-0 signature FAILS it.

The receive path created the payment-proof signature with the index-0 key
regardless of which of the wallet's derived proof addresses the sender paid
to, so a payment addressed to any non-zero derivation index failed the
sender's finalize-time signature check (verify_slate_payment_proof). The new
address::proof_address_derivation_index detects the addressed index (0 probed
first — an ordinary receive costs one derivation exactly as before; scan
bounded by MAX_PROOF_ADDRESS_INDEX = 1023) and receive_tx signs with the
MATCHING key; an address outside the bound falls back to index 0, the old
behavior. verify_payment_proof's is-this-mine test likewise now recognizes any
derived address, not only index 0.

Tests: minted indices derive pairwise-distinct addresses and map back to
exactly their index (foreign addresses are never claimed); and the full round
trip — mint at index 7, receive-side detection, proof signed with index 7's
key — VERIFIES under the sender's finalize-time check while the old pinned
index-0 signature FAILS it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant