From 9c0261206dc90420fa0bcbbe21b8d28e49a74e3b Mon Sep 17 00:00:00 2001
From: Olaoluwa Osuntokun <laolu32@gmail.com>
Date: Sat, 29 Jul 2017 18:47:06 -0700
Subject: [PATCH] lnwallet: modify the Signer interface to reflect new key
 derivation scheme

This commit modifies the Signer interface to reflect the new key
derivation defined within BOLT-0003. This entails removing the prior
PrivateTweak field all together in favor of two new fields: SingleTweak
and DoubleTweak.

These two fields are mutually exclusive. The SingleTweak field is now
required in order to sign all regular non-delay, and also must be used
to generate signatures for the localKey, or delayKey. The DoubleTweak
field is used to generate the private key that corresponds to the
revoked revocation key.
---
 lnwallet/interface.go | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/lnwallet/interface.go b/lnwallet/interface.go
index 34556ab5..5dbc4d50 100644
--- a/lnwallet/interface.go
+++ b/lnwallet/interface.go
@@ -234,14 +234,33 @@ type SignDescriptor struct {
 	// key corresponding to this public key.
 	PubKey *btcec.PublicKey
 
-	// PrivateTweak is a scalar value that should be added to the private
-	// key corresponding to the above public key to obtain the private key
-	// to be used to sign this input. This value is typically a leaf node
-	// from the revocation tree.
+	// SingleTweak is a scalar value that will be added to the private key
+	// corresponding to the above public key to obtain the private key to
+	// be used to sign this input. This value is typically derived via the
+	// following computation:
+	//
+	//  * derivedKey = privkey + sha256(perCommitmentPoint || pubKey) mod N
 	//
 	// NOTE: If this value is nil, then the input can be signed using only
-	// the above public key.
-	PrivateTweak []byte
+	// the above public key. Either a SingleTweak should be set or a
+	// DoubleTweak, not both.
+	SingleTweak []byte
+
+	// DoubleTweak is a private key that will be used in combination with
+	// its corresponding private key to derive the private key that is to
+	// be used to sign the target input. Within the Lightning protocol,
+	// this value is typically the commitment secret from a previously
+	// revoked commitment transaction. This value is in combination with
+	// two hash values, and the original private key to derive the private
+	// key to be used when signing.
+	//
+	//  * k = (privKey*sha256(pubKey || tweakPub) +
+	//        tweakPriv*sha256(tweakPub || pubKey)) mod N
+	//
+	// NOTE: If this value is nil, then the input can be signed using only
+	// the above public key. Either a SingleTweak should be set or a
+	// DoubleTweak, not both.
+	DoubleTweak *btcec.PrivateKey
 
 	// WitnessScript is the full script required to properly redeem the
 	// output. This field will only be populated if a p2wsh or a p2sh
@@ -283,6 +302,10 @@ type Signer interface {
 	// SignDescriptor. This method should be capable of generating the
 	// proper input script for both regular p2wkh output and p2wkh outputs
 	// nested within a regular p2sh output.
+	//
+	// NOTE: This method will ignore any tweak parameters set within the
+	// passed SignDescriptor as it assumes a set of typical script
+	// templates (p2wkh, np2wkh, etc).
 	ComputeInputScript(tx *wire.MsgTx, signDesc *SignDescriptor) (*InputScript, error)
 }