Skip to content

Support async signing of interactive-tx initial commitment signatures #4355

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wpaulino wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Support async signing of interactive-tx initial commitment signatures #4355

wpaulino wants to merge 4 commits into from
+1,157 −584

Conversation

@wpaulino
Copy link
Contributor

@wpaulino wpaulino commented Jan 28, 2026 

This commit allows for an async signer to immediately return upon a call
to `EcdsaChannelSigner::sign_counterparty_commitment` for the initial
commitment signatures of an interactively funded transaction, such that
they can call back in via `ChannelManager::signer_unblocked` once the
signatures are ready. This is done for both splices and dual-funded
channels, though note that the latter still require more work to be
integrated. Since `tx_signatures` must be sent only after exchanging
`commitment_signed`, we make sure to hold them back if they're ready to
be sent until our `commitment_signed` is also ready.

Depends on #4336.

@wpaulino
Rework ChannelManager::funding_transaction_signed
d7a6e27 
Previously, we'd emit a FundingTransactionReadyForSigning event once the
initial commitment_signed is exchanged for a splicing/dual-funding
attempt and require users to call back with their signed inputs using
ChannelManager::funding_transaction_signed. While this approach worked
in practice, it prevents us from abandoning a splice if we cannot or no
longer wish to sign as the splice has already been committed to by this
point.

This commit reworks the API such that this is now possible. After
exchanging tx_complete, we will no longer immediately send our initial
commitment_signed. We will now emit the
FundingTransactionReadyForSigning event and wait for the user to call
back before releasing both our initial commitment_signed and our
tx_signatures. As a result, the event is now persisted, as there is only
one possible path in which it is generated. Note that we continue to
only emit the event if a local contribution to negotiated transaction
was made.

Future work will expose a cancellation API such that we can abandon
splice attempts safely (we can just force close the channel with
dual-funding).
@wpaulino
Buffer interactive-tx initial commitment signed from counterparty
6f5c826 
This is crucial to enable the splice cancellation use case. When we
process the initial commitment signed from our counterparty, we queue a
monitor update that cannot be undone. To give the user a chance to abort
the splice negotiation before it's committed to, we buffer the message
until a successful call to `Channel::funding_transaction_signed` and
process it then.

Note that this is currently only done for splice and RBF attempts, as
if we want to abort a dual funding negotiation, we can just force close
the channel as it hasn't been funded yet.
@wpaulino
Support funding_transaction_signed for unfunded dual-funded channels
04a7560 
Now that we require users to first call
`ChannelManager::funding_transaction_signed` before releasing any
signatures, it's possible that it is called before we receive the
initial commitment signed from our counterparty, which would transition
the channel to funded. Because of this, we need to support the API call
while the channel is still in the unfunded phase.

Note that this commit is mostly a code move of
`FundedChannel::funding_transaction_signed` to
`Channel::funding_transaction_signed` that doesn't alter the signing
logic.
@wpaulino
Support async signing of interactive-tx initial commitment signatures
9933019 
This commit allows for an async signer to immediately return upon a call
to `EcdsaChannelSigner::sign_counterparty_commitment` for the initial
commitment signatures of an interactively funded transaction, such that
they can call back in via `ChannelManager::signer_unblocked` once the
signatures are ready. This is done for both splices and dual-funded
channels, though note that the latter still require more work to be
integrated. Since `tx_signatures` must be sent only after exchanging
`commitment_signed`, we make sure to hold them back if they're ready to
be sent until our `commitment_signed` is also ready.
@wpaulino wpaulino added this to the 0.3 milestone Jan 28, 2026
@wpaulino wpaulino self-assigned this Jan 28, 2026
@ldk-reviews-bot
Copy link

ldk-reviews-bot commented Jan 28, 2026
edited
Loading

👋 Thanks for assigning @jkczyz as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

@codecov
Copy link

codecov bot commented Jan 28, 2026

Codecov Report

❌ Patch coverage is 76.96737% with 120 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.08%. Comparing base (8cdc86a) to head (9933019).
⚠️ Report is 15 commits behind head on main.

Files with missing lines Patch % Lines
lightning/src/ln/channel.rs 75.24% 66 Missing and 9 partials ⚠️
lightning/src/ln/channelmanager.rs 79.62% 35 Missing and 9 partials ⚠️
lightning/src/ln/interactivetxs.rs 50.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4355      +/-   ##
==========================================
- Coverage   86.53%   86.08%   -0.46%     
==========================================
  Files         158      156       -2     
  Lines      103190   102620     -570     
  Branches   103190   102620     -570     
==========================================
- Hits        89300    88340     -960     
- Misses      11469    11775     +306     
- Partials     2421     2505      +84
Flag Coverage Δ
fuzzing ?
tests 86.08% <76.96%> (+0.24%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

TheBlueMatt
TheBlueMatt approved these changes Jan 28, 2026
View reviewed changes
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! Easy enough. We should ask claude to add async signing to the chanmon_consistency fuzzer as a followup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TheBlueMatt TheBlueMatt TheBlueMatt approved these changes

@jkczyz jkczyz Awaiting requested review from jkczyz

Assignees

@wpaulino wpaulino

Labels

None yet

Projects

None yet

Milestone

0.3

Development

Successfully merging this pull request may close these issues.

3 participants

@wpaulino @ldk-reviews-bot @TheBlueMatt