Merge pull request #1602 from lightninglabs/wip/improve-GenGroupAnchorVerifier

Improve robustness of `GenGroupAnchorVerifier` with anchor checks

Author: GeorgeTsagk

asset/asset.go

@@ -937,6 +937,12 @@ type AssetGroup struct {
 	*GroupKey
 }
 
+// IsGroupAnchor returns true if this genesis matches the group anchor asset ID,
+// meaning it corresponds to the first tranche that established the group.
+func (a *AssetGroup) IsGroupAnchor() (bool, error) {
+	return a.GroupKey.IsGroupAnchor(a.Genesis.ID())
+}
+
 // ExternalKey represents an external key used for deriving and managing
 // hierarchical deterministic (HD) wallet addresses according to BIP-86.
 type ExternalKey struct {

asset/group_key.go

@@ -92,6 +92,38 @@ type GroupKey struct {
 	Witness wire.TxWitness
 }
 
+// IsGroupAnchor returns true if the provided asset ID matches the first asset
+// minted into the group. Each asset group key is derived from a single group
+// anchor asset ID.
+func (g *GroupKey) IsGroupAnchor(assetID ID) (bool, error) {
+	var zero bool
+
+	// We will use the given asset ID and the parameters of the receiver
+	// GroupKey to derive a group public key.
+	//
+	// We will then compare the derived key to the GroupPubKey in the
+	// receiver. If they match, then the asset ID is the group anchor
+	// asset ID from which the receiver group key is derived.
+	expectedGroupPubKey := g.GroupPubKey
+
+	// The group key reveal logic derives the group public key.
+	// Although we pass in the receiver’s GroupKey, its group public key is
+	// not used. Instead, the key is re-derived from the associated
+	// parameters.
+	gkr, err := NewGroupKeyReveal(*g, assetID)
+	if err != nil {
+		return zero, err
+	}
+
+	derivedGroupPubKey, err := gkr.GroupPubKey(assetID)
+	if err != nil {
+		return zero, fmt.Errorf("cannot derive group public key: %w",
+			err)
+	}
+
+	return expectedGroupPubKey.IsEqual(derivedGroupPubKey), nil
+}
+
 // GroupKeyRequest contains the essential fields used to derive a group key.
 type GroupKeyRequest struct {
 	// Version is the version of the group key construction.

asset/group_key_test.go

@@ -679,3 +679,195 @@ func TestGroupKeyDerivationInvalidAsset(t *testing.T) {
 	require.NoError(t, err)
 	require.NotNil(t, groupKey)
 }
+
+// TestAssetIsGroupAnchor tests the GroupKey.IsGroupAnchor method with various
+// test cases covering both positive and negative scenarios.
+func TestAssetIsGroupAnchor(t *testing.T) {
+	t.Parallel()
+
+	// Generate a sample asset ID to use as the group anchor asset ID.
+	firstAssetID := RandID(t)
+
+	testCases := []struct {
+		name string
+
+		// groupKeyVersion indicates the version of the group key
+		// to be tested.
+		groupKeyVersion GroupKeyVersion
+
+		// customTapscriptRoot is an optional custom tapscript root
+		// that can be used for group key derivation.
+		customTapscriptRoot fn.Option[chainhash.Hash]
+
+		// groupAnchorAssetID is the asset ID that the group key is
+		// derived from.
+		groupAnchorAssetID ID
+
+		// candidateAssetID is the asset ID being checked to determine
+		// whether it is the group anchor asset ID.
+		candidateAssetID ID
+
+		// expectedIsGroupAnchorRes indicates whether we expect the
+		// IsGroupAnchor method to return true or false for the
+		// candidate asset ID.
+		expectedIsGroupAnchorRes bool
+	}{{
+		name: "v0 group key matching group anchor asset",
+
+		groupKeyVersion:          GroupKeyV0,
+		customTapscriptRoot:      fn.None[chainhash.Hash](),
+		groupAnchorAssetID:       firstAssetID,
+		candidateAssetID:         firstAssetID,
+		expectedIsGroupAnchorRes: true,
+	}, {
+		name: "v0 group key non-matching asset",
+
+		groupKeyVersion:          GroupKeyV0,
+		customTapscriptRoot:      fn.None[chainhash.Hash](),
+		groupAnchorAssetID:       RandID(t),
+		candidateAssetID:         RandID(t),
+		expectedIsGroupAnchorRes: false,
+	}, {
+		name: "v1 group key matching group anchor asset",
+
+		groupKeyVersion:          GroupKeyV1,
+		customTapscriptRoot:      fn.None[chainhash.Hash](),
+		groupAnchorAssetID:       firstAssetID,
+		candidateAssetID:         firstAssetID,
+		expectedIsGroupAnchorRes: true,
+	}, {
+		name:                     "v1 group key non-matching asset",
+		groupKeyVersion:          GroupKeyV1,
+		customTapscriptRoot:      fn.None[chainhash.Hash](),
+		groupAnchorAssetID:       RandID(t),
+		candidateAssetID:         RandID(t),
+		expectedIsGroupAnchorRes: false,
+	}, {
+		name: "v1 group key with custom tapscript root matching " +
+			"group anchor",
+
+		groupKeyVersion:          GroupKeyV1,
+		customTapscriptRoot:      fn.Some(test.RandHash()),
+		groupAnchorAssetID:       firstAssetID,
+		candidateAssetID:         firstAssetID,
+		expectedIsGroupAnchorRes: true,
+	}, {
+		name: "v1 group key with custom tapscript root non-matching",
+
+		groupKeyVersion:          GroupKeyV1,
+		customTapscriptRoot:      fn.Some(test.RandHash()),
+		groupAnchorAssetID:       RandID(t),
+		candidateAssetID:         RandID(t),
+		expectedIsGroupAnchorRes: false,
+	}}
+
+	for idx := range testCases {
+		tc := testCases[idx]
+
+		t.Run(tc.name, func(tt *testing.T) {
+			tt.Parallel()
+
+			// Create a taproot internal key for use in constructing
+			// the group key.
+			internalKey := test.RandPubKey(tt)
+
+			// Create the group key using the group anchor asset ID
+			// and other parameters (we don't use the candidate
+			// asset ID here, as it is only used for the
+			// IsGroupAnchor check).
+			var groupKey *GroupKey
+			switch tc.groupKeyVersion {
+			case GroupKeyV0:
+				// For V0, we need to derive the group key using
+				// the genesis asset ID.
+				rawKey := ToSerialized(internalKey)
+				tapscriptRoot := test.RandBytes(32)
+				gkr := NewGroupKeyRevealV0(
+					rawKey, tapscriptRoot,
+				)
+
+				groupPubKey, err := gkr.GroupPubKey(
+					tc.groupAnchorAssetID,
+				)
+				require.NoError(tt, err)
+
+				groupKey = &GroupKey{
+					Version: GroupKeyV0,
+					RawKey: keychain.KeyDescriptor{
+						PubKey: internalKey,
+					},
+					GroupPubKey:   *groupPubKey,
+					TapscriptRoot: tapscriptRoot,
+				}
+
+			case GroupKeyV1:
+				// For V1, we need to derive the group key using
+				// the group anchor asset ID.
+				gkr, err := NewGroupKeyRevealV1(
+					PedersenVersion, *internalKey,
+					tc.groupAnchorAssetID,
+					tc.customTapscriptRoot,
+				)
+				require.NoError(tt, err)
+
+				groupPubKey, err := gkr.GroupPubKey(
+					tc.groupAnchorAssetID,
+				)
+				require.NoError(tt, err)
+
+				groupKey = &GroupKey{
+					Version: GroupKeyV1,
+					RawKey: keychain.KeyDescriptor{
+						PubKey: internalKey,
+					},
+					GroupPubKey:   *groupPubKey,
+					TapscriptRoot: gkr.tapscript.root[:],
+
+					// nolint: lll
+					CustomTapscriptRoot: tc.customTapscriptRoot,
+				}
+
+			default:
+				t.Fatalf("unknown group key version: %d",
+					tc.groupKeyVersion)
+			}
+
+			// Call IsGroupAnchor with the candidate asset ID.
+			result, err := groupKey.IsGroupAnchor(
+				tc.candidateAssetID,
+			)
+
+			// Verify the result matches expectations.
+			require.NoError(tt, err)
+			require.Equal(tt, tc.expectedIsGroupAnchorRes, result)
+
+			// Additional verification: if we're testing a matching
+			// case, verify that the same asset ID returns true and
+			// a different one returns false
+			if tc.expectedIsGroupAnchorRes {
+				// Test with the actual group anchor asset ID
+				// (should return true).
+				result, err := groupKey.IsGroupAnchor(
+					tc.groupAnchorAssetID,
+				)
+				require.NoError(tt, err)
+				require.True(tt, result)
+
+				// Test with a different asset ID (should return
+				// false).
+				differentAssetID := RandID(t)
+				for differentAssetID == tc.groupAnchorAssetID {
+					// This case should be rare, but we fail
+					// explicitly if it occurs.
+					t.Fatal("very unexpected asset ID " +
+						"match")
+				}
+				result, err = groupKey.IsGroupAnchor(
+					differentAssetID,
+				)
+				require.NoError(tt, err)
+				require.False(tt, result)
+			}
+		})
+	}
+}

tapgarden/caretaker.go

@@ -1512,6 +1512,20 @@ func GenGroupAnchorVerifier(ctx context.Context,
 					ErrGroupKeyUnknown)
 			}
 
+			isGroupAnchor, err := storedGroup.IsGroupAnchor()
+			if err != nil {
+				return fmt.Errorf("%x: group anchor verifier: "+
+					"unable to check if genesis is "+
+					"group anchor: %w", assetGroupKey[:],
+					err)
+			}
+
+			if !isGroupAnchor {
+				return fmt.Errorf("%x: group anchor verifier: "+
+					"genesis is not a group anchor: %w",
+					assetGroupKey[:], err)
+			}
+
 			groupAnchor = newSingleValue(storedGroup.Genesis)
 
 			_, _ = groupAnchors.Put(assetGroupKey, groupAnchor)