HD wallets: Support presignatures independent of derivation path

[survived]

We don't actually need to know a derivation path when we generate presignatures. This PR adds an option to specify derivation path when issuing a partial signature.

Blocked by #72

[github-actions[bot]]

The spec was successfully compiled. PDF is available here.

[github-actions[bot]]

Benchmark Result

Benchmarks

```text RUST_TESTS_SEED=a635dd17bcedc4be9671ce1386bd4319bb9f595bf1738a8051bf85ffc0bc1ff4 n = 3 Non-threshold DKG Protocol Performance: - Protocol took 424.16µs to complete In particular: - Stage: 9.60µs - Setup networking: 9.42µs (98.1%) - Unstaged: 180.00ns (1.9%) - Round 1: 145.23µs - Compute execution id: 4.21µs (2.9%) - Sample x_i, rid_i, chain_code: 66.32µs (45.7%) - Sample schnorr commitment: 58.88µs (40.5%) - Commit to public data: 15.48µs (10.7%) - Unstaged: 342.00ns (0.2%) - Round 2: 1.09µs - Hash received msgs (reliability check): 902.00ns (82.6%) - Unstaged: 190.00ns (17.4%) - Round 3: 260.00ns - Assert other parties hashed messages (reliability check): 140.00ns (53.8%) - Unstaged: 120.00ns (46.2%) - Round 4: 31.62µs - Validate decommitments: 30.21µs (95.5%) - Calculate challege rid: 1.10µs (3.5%) - Prove knowledge of `x_i`: 170.00ns (0.5%) - Unstaged: 142.00ns (0.4%) - Round 5: 236.36µs - Validate schnorr proofs: 236.00µs (99.8%) - Unstaged: 359.00ns (0.2%) Threshold DKG Protocol Performance: - Protocol took 1.24ms to complete In particular: - Stage: 2.03µs - Setup networking: 1.95µs (96.1%) - Unstaged: 80.00ns (3.9%) - Round 1: 201.14µs - Compute execution id: 1.03µs (0.5%) - Sample rid_i, schnorr commitment, polynomial, chain_code: 177.56µs (88.3%) - Commit to public data: 22.35µs (11.1%) - Unstaged: 191.00ns (0.1%) - Round 2: 971.00ns - Hash received msgs (reliability check): 832.00ns (85.7%) - Unstaged: 139.00ns (14.3%) - Round 3: 270.00ns - Assert other parties hashed messages (reliability check): 140.00ns (51.9%) - Unstaged: 130.00ns (48.1%) - Round 4: 770.65µs - Validate decommitments: 43.56µs (5.7%) - Validate data size: 301.00ns (0.0%) - Validate Feldmann VSS: 353.80µs (45.9%) - Compute rid: 330.00ns (0.0%) - Compute Ys: 357.55µs (46.4%) - Compute sigma: 300.00ns (0.0%) - Calculate challenge: 14.49µs (1.9%) - Prove knowledge of `sigma_i`: 161.00ns (0.0%) - Unstaged: 160.00ns (0.0%) - Round 5: 266.52µs - Validate schnorr proofs: 264.92µs (99.4%) - Derive resulting public key and other data: 1.32µs (0.5%) - Unstaged: 271.00ns (0.1%) Auxiliary data generation protocol Protocol Performance: - Protocol took 9.57s to complete In particular: - Stage: 10.61µs - Retrieve auxiliary data: 170.00ns (1.6%) - Setup networking: 9.33µs (87.9%) - Precompute execution id and shared state: 1.06µs (10.0%) - Unstaged: 50.00ns (0.5%) - Round 1: 1.19s - Retrieve primes (p and q): 70.00ns (0.0%) - Compute paillier decryption key (N): 7.54µs (0.0%) - Generate auxiliary params r, λ, t, s: 9.08ms (0.8%) - Prove Πprm (ψˆ_i): 1.18s (99.2%) - Sample random bytes: 1.68µs (0.0%) - Compute hash commitment and sample decommitment: 301.54µs (0.0%) - Unstaged: 231.00ns (0.0%) - Round 2: 1.40µs - Hash received msgs (reliability check): 1.11µs (79.3%) - Unstaged: 291.00ns (20.7%) - Round 3: 330.00ns - Assert other parties hashed messages (reliability check): 160.00ns (48.5%) - Unstaged: 170.00ns (51.5%) - Round 4: 5.90s - Validate round 1 decommitments: 598.46µs (0.0%) - Validate П_prm (ψ_i): 2.29s (38.8%) - Add together shared random bytes: 1.35µs (0.0%) - Compute П_mod (ψ_i): 3.44s (58.3%) - Assemble security params for П_fac (ф_i): 5.47µs (0.0%) - Compute П_fac (ф_i^j): 171.31ms (2.9%) - Unstaged: 1.10µs (0.0%) - Round 5: 2.48s - Validate ψ_j (П_mod): 2.31s (93.1%) - Validate ф_j (П_fac): 172.30ms (6.9%) - Assemble auxiliary info: 148.49µs (0.0%) - Unstaged: 630.00ns (0.0%) Signing protocol Protocol Performance: - Protocol took 4.16s to complete In particular: - Stage: 138.56µs - Map t-out-of-n protocol to t-out-of-t: 64.34µs (46.4%) - Retrieve auxiliary data: 70.27µs (50.7%) - Precompute execution id and security params: 711.00ns (0.5%) - Setup networking: 3.16µs (2.3%) - Unstaged: 80.00ns (0.1%) - Round 1: 188.51ms - Generate local ephemeral secrets (k_i, y_i, p_i, v_i): 49.13µs (0.0%) - Encrypt G_i and K_i: 107.39ms (57.0%) - Prove ψ0_j: 81.07ms (43.0%) - Unstaged: 903.00ns (0.0%) - Round 2: 14.81µs - Hash received msgs (reliability check): 14.63µs (98.8%) - Unstaged: 181.00ns (1.2%) - Round 3: 2.23s - Assert other parties hashed messages (reliability check): 391.00ns (0.0%) - Verify psi0 proofs: 269.04ms (12.1%) - Sample random r, hat_r, s, hat_s, beta, hat_beta: 42.27µs (0.0%) - Encrypt D_ji: 70.27ms (3.2%) - Encrypt F_ji: 35.85ms (1.6%) - Encrypt hat_D_ji: 559.17ms (25.1%) - Encrypt hat_F_ji: 35.78ms (1.6%) - Prove psi_ji: 789.97ms (35.5%) - Prove psiˆ_ji: 208.83ms (9.4%) - Prove psi_prime_ji : 257.71ms (11.6%) - Unstaged: 1.04µs (0.0%) - Round 4: 1.56s - Retrieve auxiliary data: 13.18µs (0.0%) - Validate psi: 164.49ms (10.5%) - Validate hat_psi: 164.76ms (10.6%) - Validate psi_prime: 934.69ms (59.9%) - Compute Gamma, Delta_i, delta_i, chi_i: 215.41ms (13.8%) - Prove psi_prime_prime: 81.12ms (5.2%) - Unstaged: 503.00ns (0.0%) - Presig output: 184.87ms - Validate psi_prime_prime: 184.74ms (99.9%) - Calculate presignature: 134.71µs (0.1%) - Unstaged: 501.00ns (0.0%) - Partial signing: 9.02µs - Signature reconstruction: 201.96µs ```