feat(statics): add TAT shared secret derivation function

Add deriveTatSharedSecret function for secure communication with the
TAT service using the user's private key and the TAT public key.
Define tatPubKey in the LightningNetwork interface and implement it
in both mainnet and testnet networks.

Co-authored-by: llm-git <[email protected]>

TICKET: BTC-2202

Author: davidkaplanbitgo

modules/abstract-lightning/src/lightning/lightningUtils.ts

@@ -209,10 +209,20 @@ export function deriveLightningServiceSharedSecret(coinName: 'lnbtc' | 'tlnbtc',
 
 /**
  * Derives the shared secret for the middleware using the user's auth extended private key and the middleware's public key.
- * This is used for secure communication between the middleware and the user's key.
+ * This is used for secure communication between the middleware and the user.
  */
 export function deriveMiddlewareSharedSecret(coinName: 'lnbtc' | 'tlnbtc', userXprv: string): Buffer {
   const publicKey = Buffer.from(getStaticsLightningNetwork(coinName).middlewarePubKey, 'hex');
   const userAuthHdNode = utxolib.bip32.fromBase58(userXprv);
   return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
 }
+
+/**
+ * Derives the shared secret for TAT service using the user's private key and the TAT public key.
+ * This is used for secure communication with the TAT service and the user.
+ */
+export function deriveTatSharedSecret(coinName: 'lnbtc' | 'tlnbtc', userXprv: string): Buffer {
+  const publicKey = Buffer.from(getStaticsLightningNetwork(coinName).tatPubKey, 'hex');
+  const userAuthHdNode = utxolib.bip32.fromBase58(userXprv);
+  return sdkcore.getSharedSecret(userAuthHdNode, publicKey);
+}

modules/abstract-lightning/test/unit/lightning/lightningUtils.ts

@@ -14,6 +14,7 @@ import {
   addIPCaveatToMacaroon,
   deriveLightningServiceSharedSecret,
   deriveMiddlewareSharedSecret,
+  deriveTatSharedSecret,
 } from '../../../src/lightning';
 
 import * as sdkcore from '@bitgo/sdk-core';
@@ -115,4 +116,13 @@ describe('lightning utils', function () {
 
     assert.deepStrictEqual(secret, expectedSecret);
   });
+
+  it(`deriveTatSharedSecret`, function () {
+    const userXprv =
+      'xprv9s21ZrQH143K4NPkV8riiTnFf72MRyQDVHMmmpekGF1w5QkS2MfTei9KXYvrZVMop4zQ4arnzSF7TRp3Cy73AWaDdADiYMCi5qpYW1bUa5m';
+    const tatPubKey = getStaticsLightningNetwork('tlnbtc').tatPubKey;
+    const expectedSecret = sdkcore.getSharedSecret(utxolib.bip32.fromBase58(userXprv), Buffer.from(tatPubKey, 'hex'));
+    const secret = deriveTatSharedSecret('tlnbtc', userXprv);
+    assert.deepStrictEqual(secret, expectedSecret);
+  });
 });

modules/statics/src/networks.ts

@@ -30,6 +30,11 @@ export interface LightningNetwork extends UtxoNetwork {
    * between the user's extended private key and the middleware service.
    */
   middlewarePubKey: string;
+  /**
+   * The public key of the TAT service, used for deriving the shared Elliptic Curve Diffie-Hellman (ECDH) secret
+   * between the user's extended private key and the TAT service.
+   */
+  tatPubKey: string;
 }
 
 export interface AdaNetwork extends BaseNetwork {
@@ -328,6 +333,8 @@ class LightningBitcoin extends Mainnet implements LightningNetwork {
   lightningServicePubKey = '0338508686f978ceffd7ce05404041b1a5b4f75a39bc92a6d355240ccc081f763e';
   // TODO - BTC-2202
   middlewarePubKey = '';
+  // TODO - BTC-2211
+  tatPubKey = '';
 }
 
 class LightningBitcoinTestnet extends Testnet implements LightningNetwork {
@@ -337,6 +344,7 @@ class LightningBitcoinTestnet extends Testnet implements LightningNetwork {
   explorerUrl = 'https://mempool.space/testnet/lightning';
   lightningServicePubKey = '024055021db1e7f019ebb783ab0b0810c21a819207d4cb1ec4a6e2150ac07f1482';
   middlewarePubKey = '027cb3bc6b49fc385d282b42a7be232a94ffcbaffc7818b603b17722582bbf539b';
+  tatPubKey = '02e747c99c371eac9c14fb19913bec8a0e3e46e35ab1a45878e5b9afbb69899c1e';
 }
 
 class Bitcoin extends Mainnet implements UtxoNetwork {