Taurus CMP (ECDSA)

[vietddude]

PR Summary

Implement all Taurus protocols (CMP, FROST, Taproot) and add Presign support for CMP (CGGMP21).

Presign for CMP (CGGMP21)

• Added presign endpoint for preparing pre-signature data.
• To optimize latency, call Presign before signing a transaction.
• Presign entries are cached locally with TTL and cleaned up automatically.

[anhthii]

I just checked documentation. Presign is a step to generate a preSig that doesn't depend on the message being signed

So I think we might need to change implementation of Presign api , in the presign examples, it's presigning with transaction data which make it difficult for application integration.

txMsg := &types.PresignTxMessage{
		KeyType:             types.KeyTypeCGGMP21,
		WalletID:            "196c6858-30de-4a49-9134-8bc825d40764", // Use the generated wallet ID
		NetworkInternalCode: "solana-devnet",
		TxID:                txID,
		Tx:                  dummyTx,
	}
	err = mpcClient.PresignTransaction(txMsg)
	if err != nil {
		logger.Fatal("PresignTransaction failed", err)

I think the correct flow is that it only expose PresignTransaction that accept KeyType only.

And we can specify the number of Presigs that we want to generate. For intance 30 , that will be generated sequentially through a worker. The presigs can be stored both in Ram using a pool implementation, and can be persisted in badger with used boolean to mark if the presig is already used or not

Pooling strategy

Keep RAM pool (e.g. up to 30 unused pre-signs per wallet) for sub-millisecond access.

Persist all in BadgerDB (or Postgres if cluster-wide).

Worker thread runs in background:

If pool size < threshold (e.g. 30), refill N new presigns.

Mark used=true atomically to prevent reuse.

Encryption: store pre-signs encrypted with workspace key (AES-GCM).

In the config, we can have a flag to automatically enable presig pool fill. This mean that when the mpcium node detects that it's idle doesn't process any transaciton, it will run fillPresignPool

[anhthii]

is cggmp21_pub_key ecdsa or eddsa?

I think in keygen, sign event payload. We pass algorithm: Enum : gg18/20 | cggmp21 | ...

In the result event, we use ECDSAPubKey, EDDSAPubKey onl

[anhthii]

type MPCAlgorithm string

const (
    // Threshold ECDSA family (GG18/GG20)
    MPCAlgorithmGG MPCAlgorithm = "gg18/20"

    // Advanced threshold ECDSA (modern successors)
    MPCAlgorithmCGGMP21 MPCAlgorithm = "cggmp21"

    // Threshold Schnorr family
    MPCAlgorithmFROST   MPCAlgorithm = "frost"
    MPCAlgorithmTaproot MPCAlgorithm = "taproot"
)

[vietddude]

currently all three cggmp21, frost, and taproot only support ECDSA

[anhthii]

Should we call it CreateCGGMP21Session to be more generic

[vietddude]

This one’s a factory that sets up sessions for all protocols (CGGMP21, FROST, Taproot). Keeping it generic makes sign/presign creation cleaner and the code easier to read.

[anhthii]

Not sure if this Taurus Message is necessary, can we use existing events in initiator_msg.go

[vietddude]

yeah this one’s like a generic TssMessage wrapper for protocol transport, not the same as the initiator events

[anhthii]

The pull request lacking pratical examples for cggmp21 + taproot + frost signing. May need to add more examples in examples folder

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​fxamacker/​cbor/​v2@​v2.4.0
	github.com/​taurusgroup/​multi-party-sig@​v0.7.0-alpha-2025-01-28

View full report