Update dual-funding and splicing workflows

We extends the interactive tx session to include:
- an optional funding nonce for the shared input (i.e. the funding tx that is being spent)
- a nonce for the commit tx that is being created, and another nonce that will become the channel's "next remote nonce" once the session completes
The funding nonce is random and its lifecycle is bound to the interactive session.

revoke_and_ack is extended to include a list of funding_tx_id -> nonce tuples (one for each active commitment).

channel_restablish is extended to include the same list of funding_tx_id -> nonce tuples, as well as an optional "current commit nonce" if we got disconnected
while a splice was in progress before both nodes exchanged their commit signatures: if that is the case, we need to re-send our peer's current signature
and will use this nonce to compute it.

Author: sstone

eclair-core/src/main/scala/fr/acinq/eclair/channel/Commitments.scala

@@ -222,7 +222,7 @@ object LocalCommit {
 
 /** The remote commitment maps to a commitment transaction that only our peer can sign and broadcast. */
 case class RemoteCommit(index: Long, spec: CommitmentSpec, txId: TxId, remotePerCommitmentPoint: PublicKey) {
-  def sign(params: ChannelParams, channelKeys: ChannelKeys, fundingTxIndex: Long, remoteFundingPubKey: PublicKey, commitInput: InputInfo): CommitSig = {
+  def sign(params: ChannelParams, channelKeys: ChannelKeys, fundingTxIndex: Long, remoteFundingPubKey: PublicKey, commitInput: InputInfo, remoteNonce_opt: Option[IndividualNonce]): CommitSig = {
     val fundingKey = channelKeys.fundingKey(fundingTxIndex)
     val commitKeys = RemoteCommitmentKeys(params, channelKeys, remotePerCommitmentPoint)
     val (remoteCommitTx, htlcTxs) = Commitment.makeRemoteTxs(params, commitKeys, index, fundingKey, remoteFundingPubKey, commitInput, spec)
@@ -232,7 +232,10 @@ case class RemoteCommit(index: Long, spec: CommitmentSpec, txId: TxId, remotePer
       case _: SegwitV0CommitmentFormat =>
         val sig = remoteCommitTx.sign(fundingKey, remoteFundingPubKey).sig
         CommitSig(params.channelId, sig, htlcSigs.toList)
-      case _: SimpleTaprootChannelCommitmentFormat => ???
+      case _: SimpleTaprootChannelCommitmentFormat =>
+        val localNonce = NonceGenerator.signingNonce(fundingKey.publicKey)
+        val Right(psig) = remoteCommitTx.partialSign(fundingKey, remoteFundingPubKey, Map.empty, localNonce, Seq(localNonce.publicNonce, remoteNonce_opt.get))
+        CommitSig(params.channelId, ByteVector64.Zeroes, htlcSigs.toList, TlvStream[CommitSigTlv](CommitSigTlv.PartialSignatureWithNonceTlv(psig)))
     }
   }
 }
@@ -666,14 +669,14 @@ case class Commitment(fundingTxIndex: Long,
       case _ =>
         None
     }
-    val tlvs = Set(
-      if (batchSize > 1) Some(CommitSigTlv.BatchTlv(batchSize)) else None,
-      partialSig
-    ).flatten[CommitSigTlv]
     val sig = params.commitmentFormat match {
       case _: SimpleTaprootChannelCommitmentFormat => ByteVector64.Zeroes
       case _: SegwitV0CommitmentFormat => remoteCommitTx.sign(fundingKey, remoteFundingPubKey).sig
     }
+    val tlvs = Set(
+      if (batchSize > 1) Some(CommitSigTlv.BatchTlv(batchSize)) else None,
+      partialSig
+    ).flatten[CommitSigTlv]
     val commitSig = CommitSig(params.channelId, sig, htlcSigs.toList, TlvStream(tlvs))
     val nextRemoteCommit = NextRemoteCommit(commitSig, RemoteCommit(remoteCommit.index + 1, spec, remoteCommitTx.tx.txid, remoteNextPerCommitmentPoint))
     (copy(nextRemoteCommit_opt = Some(nextRemoteCommit)), commitSig)
@@ -1056,18 +1059,14 @@ case class Commitments(params: ChannelParams,
     }
   }
 
-  def sendCommit(channelKeys: ChannelKeys, nextRemoteNonces: List[IndividualNonce] = List.empty)(implicit log: LoggingAdapter): Either[ChannelException, (Commitments, CommitSigs)] = {
+  def sendCommit(channelKeys: ChannelKeys, nextRemoteNonces: Map[TxId, IndividualNonce] = Map.empty)(implicit log: LoggingAdapter): Either[ChannelException, (Commitments, CommitSigs)] = {
     remoteNextCommitInfo match {
       case Right(_) if !changes.localHasChanges => Left(CannotSignWithoutChanges(channelId))
       case Right(remoteNextPerCommitmentPoint) =>
         val commitKeys = RemoteCommitmentKeys(params, channelKeys, remoteNextPerCommitmentPoint)
-        var nonceIndex = 0
 
         def remoteNonce(c: Commitment) = this.params.commitmentFormat match {
-          case _: SimpleTaprootChannelCommitmentFormat =>
-            val n = nextRemoteNonces(nonceIndex)
-            nonceIndex = nonceIndex + 1
-            Some(n)
+          case _: SimpleTaprootChannelCommitmentFormat => nextRemoteNonces.get(c.fundingTxId)
           case _ => None
         }
 
@@ -1112,7 +1111,7 @@ case class Commitments(params: ChannelParams,
           val fundingKey = channelKeys.fundingKey(c.fundingTxIndex)
           val n = NonceGenerator.verificationNonce(c.fundingTxId, fundingKey, localCommitIndex + 2).publicNonce
           log.debug(s"revokeandack: creating verification nonce $n fundingIndex = ${c.fundingTxIndex} commit index = ${localCommitIndex + 2}")
-          n
+          c.fundingTxId -> n
         })
         TlvStream(RevokeAndAckTlv.NextLocalNoncesTlv(nonces.toList))
       case _ =>
@@ -1239,17 +1238,17 @@ case class Commitments(params: ChannelParams,
   /** This function should be used to ignore a commit_sig that we've already received. */
   def ignoreRetransmittedCommitSig(channelKeys: ChannelKeys, commitSig: CommitSig): Boolean = {
     val isLatestSig = latest.localCommit.remoteSig match {
-      case ChannelSpendSignature.IndividualSignature(latestRemoteSig) => latestRemoteSig == commitSig.signature
+      case ChannelSpendSignature.IndividualSignature(latestRemoteSig) => false //  latestRemoteSig == commitSig.signature
       case psig: ChannelSpendSignature.PartialSignatureWithNonce =>
-        val fundingKey = channelKeys.fundingKey((latest.fundingTxIndex))
+        val fundingKey = channelKeys.fundingKey(latest.fundingTxIndex)
         val fundingTxId = if (!this.params.channelFeatures.hasFeature(Features.DualFunding) && localCommitIndex == 0 && latest.fundingTxIndex == 0) {
           TxId(ByteVector32.Zeroes)
         } else latest.fundingTxId
         val localNonce = NonceGenerator.verificationNonce(fundingTxId, fundingKey, localCommitIndex)
         val commitKeys = LocalCommitmentKeys(params, channelKeys, latest.localCommit.index)
         val (commitTx, _) = Commitment.makeLocalTxs(params, commitKeys, latest.localCommit.index, fundingKey, latest.remoteFundingPubKey, latest.localCommit.input, latest.localCommit.spec)
         val result = commitTx.checkRemotePartialSignature(fundingKey.publicKey, latest.remoteFundingPubKey, psig, localNonce.publicNonce)
-        result
+        false // TODO: is this valid ?
     }
     params.channelFeatures.hasFeature(Features.DualFunding) && isLatestSig
   }