Skip to content

feat!: stop deriving signing key from privacy keys #24439

Open
nventuro wants to merge 8 commits into
merge-train/fairies-v5from
nico/f-778-remove-usage-of-ivsk-in-schnorr-account-derivation
Open

feat!: stop deriving signing key from privacy keys #24439
nventuro wants to merge 8 commits into
merge-train/fairies-v5from
nico/f-778-remove-usage-of-ivsk-in-schnorr-account-derivation

Conversation

@nventuro

@nventuro nventuro commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Closes #5837

This PR makes it so we no longer derive signing keys from the master privacy key. If there's no user-supplied privacy key seed, we instead derive it from the signing key, which is a safe derivation: PXE never sees the signing key nor any value it is derived from.

This has a large knock-on effect on wallets, CLI, tutorials, etc., but there's ultimately no large decisions being made there, it is mostly mechanical changes. In some cases I reworked some internals of wallets to make this distinction clearer.

nventuro added 8 commits June 30, 2026 22:15
Renames the account flag from --secret-key to --signing-key: the signing key is now
the account's root and the privacy secret is derived from it, instead of deriving the
signing key from the privacy secret. SSH accounts keep an independent random secret
since their key is external. The wallet DB persists both keys.

Also splits the ambiguous createOrRetrieveAccount into separate createAccount and
retrieveAccount, and wires up the previously-unhandled ecdsasecp256k1 account type.

BREAKING CHANGE: --secret-key is renamed to --signing-key and account addresses change.
The embedded stub providers routed schnorr_initializerless accounts to the ECDSA stub,
disagreeing with stubClassIds which registers them under the schnorr stub class.
…unts

Removes the deriveSigningKey(secret) fallback from the embedded wallet and TestWallet
createSchnorr* methods so the signing key is always supplied explicitly, and threads it
through the worker registerAccount RPC. Callers pass their fixture's signing key or a
fresh random one.

BREAKING CHANGE: createSchnorrAccount/createSchnorrInitializerlessAccount now require a
signing key argument.
Removes the last usages of deriveSigningKey (which derived the account signing key from
the privacy secret) and deletes the function, closing out #5837. The bot now treats its
configured senderPrivateKey as the signing key and derives the privacy secret from it; the
remaining test callers pass an explicit random signing key.

BREAKING CHANGE: deriveSigningKey is removed; the bot's account address changes for a given
senderPrivateKey.
cli-wallet switched to --signing-key, leaving createSecretKeyOption and parseSecretKey
without any callers, so drop them. Also removes a now-redundant comment in the bot factory.
Adds migration notes for the signing-key decoupling, the aztec-wallet --secret-key ->
--signing-key rename, and the bot senderPrivateKey change. Corrects the create-account
guide and the wallet-extension tutorial (which taught the removed deriveSigningKey), and
updates the type-checked examples to pass an explicit signing key.
@nventuro nventuro requested a review from nchamo July 1, 2026 18:01
@nventuro nventuro requested a review from a team as a code owner July 1, 2026 18:01
@@ -13,7 +13,6 @@
// createAztecNodeAdminClient,
// createAztecNodeClient,
// } from '@aztec/stdlib/interfaces/client';
// import { deriveSigningKey } from '@aztec/stdlib/keys';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are all these imports? Can we delete them?

);
let secretKey: Fr;
if (accountType === 'ecdsasecp256r1ssh') {
// SSH accounts sign with a key held in the agent, and so we cannot derive their privacy secret key from it. Insted

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// SSH accounts sign with a key held in the agent, and so we cannot derive their privacy secret key from it. Insted
// SSH accounts sign with a key held in the agent, and so we cannot derive their privacy secret key from it. Instead

.env('SECRET_KEY')
.argParser(argsParser ?? parseSecretKey)
new Option('-sk, --signing-key <string>', description)
.env('SIGNING_KEY')

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should also update docker-compose.yaml, since it still used "SECRET_KEY"

```typescript
// From stdlib/src/keys/derivation.ts
export function deriveSigningKey(secretKey: Fr): GrumpkinScalar {
export function deriveMasterIncomingViewingSecretKey(secretKey: Fr): GrumpkinScalar {

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deriveMasterIncomingViewingSecretKey and deriveMasterNullifierHidingKey say we use GeneratorIndex.IVSK_M and GeneratorIndex.NHK_M, but they are actually DomainSeparator.IVSK_M / DomainSeparator.NHK_M

if (!this.db) {
throw new Error('Cannot retrieve an account without a wallet database');
}
const { type, signingKey, secretKey, salt } = await this.db.retrieveAccount(address);

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please confirm, because maybe I got lost somewhere:

  1. The wallet_db file now returns signingKey = undefined when it doesn't address:signing is absent
  2. this.buildAccount will fail if signingKey = undefined
  3. But previously saved accounts didn't have the ":signing"

Do we need a migration somehow? Or maybe just document it as part of the migration notes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants