feat(sdk-lib-mpc): bump @bitgo/wasm-mps to 1.10.0 and use Eddsa.deriveUnhardened#9147
Conversation
12947a6 to
5ba7d50
Compare
dac11ad to
2f7d1ac
Compare
2f7d1ac to
5b46095
Compare
63ad0bf to
7133688
Compare
…eUnhardened - Bump @bitgo/wasm-mps from 1.8.1 to 1.10.0 in @bitgo/sdk-lib-mpc - wasm-mps 1.10.0 uses BIP32-Ed25519 dual-HMAC (Eddsa.deriveUnhardened) for DSG path derivation, replacing the Silence Labs single-HMAC formula - Fix express externalSign test: replace deriveUnhardenedMps with MPC.deriveUnhardened for DSG signature verification - Mark deriveUnhardenedMps @deprecated in sdk-lib-mpc Ticket: WCI-793 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7133688 to
f5ea12d
Compare
|
Claude finished @zahin-mohammad's task —— View job Code Review for wasm-mps 1.10.0 BumpTodo List:
Review SummaryThis is a well-executed dependency update that properly handles a breaking change in the cryptographic derivation formula used by Positive Aspects✅ Proper deprecation handling: The ✅ Comprehensive test updates: All affected tests have been updated to use the new derivation method with proper verification against the BIP32-Ed25519 standard ✅ Correct API usage: The switch from ✅ Backward compatibility: The deprecated function remains available for existing code while new implementations use the standard approach ✅ Security improvement: Moving to standard BIP32-Ed25519 improves cryptographic interoperability and follows established standards Technical Details ReviewedDependency Update (
Core Implementation Changes (
Test Coverage (
No Issues Found
Recommendation: APPROVE ✅This PR correctly implements the necessary changes for the wasm-mps upgrade and maintains backward compatibility while moving to cryptographic standards. The implementation is thorough and well-tested. |
What
@bitgo/wasm-mpsfrom1.8.1to1.10.0in@bitgo/sdk-lib-mpc@bitgo/expressexternalSign test: replacederiveUnhardenedMpswithMPC.deriveUnhardenedfor DSG signature verificationderiveUnhardenedMpsis already marked@deprecatedinsdk-lib-mpc(full removal tracked under WCI-644)Why
wasm-mps1.10.0 switches DSG path derivation from the Silence Labs single-HMAC formula (deriveUnhardenedMps) to standard BIP32-Ed25519 dual-HMAC (Eddsa.deriveUnhardened). Any test that verifies a DSG-produced signature against a public key computed withderiveUnhardenedMpsnow fails because the two formulas produce completely different child keys.Test plan
@bitgo/expressexternalSign EddsaMPCv2Round1/2/3 test passes locally@bitgo/sdk-coreunit tests pass (447 passing)@bitgo/sdk-lib-mpcpass@bitgo/sdk-corepass@bitgo/expresspassTicket: WCI-793