feat(sdk-lib-mpc): add executeTillRound handler util

Adds an executeTillRound orchestration utility for the EdDSA MPSv2 DSG
protocol, mirroring DklsUtils.executeTillRound for ECDSA DKLS. Also
exposes getPartyIdx and getOtherPartyIdx accessors on the DSG class
to support index-free wiring inside the utility.

- Add executeTillRound to modules/sdk-lib-mpc/src/tss/eddsa-mps/util.ts;
  accepts two un-initialized DSG instances plus key shares, message, and
  derivation path, calls initDsg internally using getPartyIdx(), and
  drives all 3 interactive rounds (WaitMsg1 -> WaitMsg2 -> WaitMsg3 -> Complete)
- Return intermediate DeserializedMessages[][] for rounds 1-2 and the
  final 64-byte Ed25519 signature Buffer for round 3
- Add getPartyIdx() and getOtherPartyIdx() accessors to DSG class
- Add unit tests in modules/sdk-lib-mpc/test/unit/tss/eddsa/dsg.ts covering
  full sign flow with real DKG key shares, root-key signature verification via
  getCommonKeychain(), derived-path (m/0/0) key isolation check,
  intermediate round type assertions, and out-of-range round error handling

Ticket: WCI-386

Author: vibhavgo

modules/sdk-lib-mpc/src/tss/eddsa-mps/dsg.ts

@@ -56,6 +56,14 @@ export class DSG {
     return this.dsgState;
   }
 
+  getPartyIdx(): number {
+    return this.partyIdx;
+  }
+
+  getOtherPartyIdx(): number | null {
+    return this.otherPartyIdx;
+  }
+
   /**
    * Initialises the DSG session. The keyshare must come from a prior DKG run, and
    * `otherPartyIdx` must be the single counterpart who will co-sign with this party.

modules/sdk-lib-mpc/src/tss/eddsa-mps/util.ts

@@ -2,6 +2,8 @@ import crypto from 'crypto';
 import assert from 'assert';
 import { x25519 } from '@noble/curves/ed25519';
 import { DKG } from './dkg';
+import { DSG } from './dsg';
+import { DeserializedMessages } from './types';
 
 /**
  * Concatenates multiple Uint8Array instances into a single Uint8Array
@@ -74,3 +76,47 @@ export async function generateEdDsaDKGKeyShares(
 
   return [user, backup, bitgo];
 }
+
+/**
+ * Initializes two DSG parties and drives them through the protocol until the specified round.
+ *
+ * @param round - Round to execute until (1–3). Returns intermediate message arrays for 1–2,
+ *   or the 64-byte Ed25519 signature Buffer for 3.
+ * @param party1Dsg - First DSG party (`new DSG(partyIdx)`), not yet initialized.
+ * @param party2Dsg - Second DSG party (`new DSG(partyIdx)`), not yet initialized.
+ * @param keyShare1 - Key share for the first party.
+ * @param keyShare2 - Key share for the second party.
+ * @param message - Raw message bytes to sign.
+ * @param derivationPath - BIP-32-style derivation path, e.g. `"m"` or `"m/0/0"`.
+ */
+export function executeTillRound(
+  round: number,
+  party1Dsg: DSG,
+  party2Dsg: DSG,
+  keyShare1: Buffer,
+  keyShare2: Buffer,
+  message: Buffer,
+  derivationPath: string
+): DeserializedMessages[] | Buffer {
+  if (round < 1 || round > 3) {
+    throw Error('Invalid round number');
+  }
+  party1Dsg.initDsg(keyShare1, message, derivationPath, party2Dsg.getPartyIdx());
+  party2Dsg.initDsg(keyShare2, message, derivationPath, party1Dsg.getPartyIdx());
+  const party1Round0Message = party1Dsg.getFirstMessage();
+  const party2Round0Message = party2Dsg.getFirstMessage();
+
+  const [party2Round1Messages] = party2Dsg.handleIncomingMessages([party1Round0Message, party2Round0Message]);
+  const [party1Round1Messages] = party1Dsg.handleIncomingMessages([party1Round0Message, party2Round0Message]);
+  if (round === 1) return [[party1Round1Messages], [party2Round1Messages]];
+
+  const [party1Round2Messages] = party1Dsg.handleIncomingMessages([party1Round1Messages, party2Round1Messages]);
+  const [party2Round2Messages] = party2Dsg.handleIncomingMessages([party1Round1Messages, party2Round1Messages]);
+  if (round === 2) return [[party1Round2Messages], [party2Round2Messages]];
+
+  party1Dsg.handleIncomingMessages([party1Round2Messages, party2Round2Messages]);
+  party2Dsg.handleIncomingMessages([party1Round2Messages, party2Round2Messages]);
+
+  assert(party1Dsg.getSignature().toString('hex') === party2Dsg.getSignature().toString('hex'));
+  return party1Dsg.getSignature();
+}

modules/sdk-lib-mpc/test/unit/tss/eddsa/dsg.ts

@@ -1,6 +1,6 @@
 import assert from 'assert';
 import { ed25519 } from '@noble/curves/ed25519';
-import { EddsaMPSDkg, EddsaMPSDsg, MPSTypes } from '../../../../src/tss/eddsa-mps';
+import { EddsaMPSDkg, EddsaMPSDsg, MPSTypes, MPSUtil } from '../../../../src/tss/eddsa-mps';
 import { generateEdDsaDKGKeyShares, runEdDsaDSG } from './util';
 
 const MESSAGE = Buffer.from('The Times 03/Jan/2009 Chancellor on brink of second bailout for banks');
@@ -203,6 +203,74 @@ describe('EdDSA MPS DSG', function () {
     });
   });
 
+  describe('executeTillRound', function () {
+    it('should return 64-byte signature verifying under root public key from getCommonKeychain()', function () {
+      const party1Dsg = new EddsaMPSDsg.DSG(0);
+      const party2Dsg = new EddsaMPSDsg.DSG(2);
+      const result = MPSUtil.executeTillRound(3, party1Dsg, party2Dsg, userKeyShare, bitgoKeyShare, MESSAGE, 'm');
+      assert(Buffer.isBuffer(result), 'round 3 should return a Buffer');
+      const sig = result as Buffer;
+      assert.strictEqual(sig.length, 64, 'Signature must be 64 bytes');
+      const rootPubKey = Buffer.from(userDkg.getCommonKeychain().slice(0, 64), 'hex');
+      assert(
+        ed25519.verify(sig, MESSAGE, rootPubKey),
+        'Signature should verify under root public key from getCommonKeychain()'
+      );
+    });
+
+    it('should sign at m/0/0 using a derived key distinct from the root key', function () {
+      const party1Dsg = new EddsaMPSDsg.DSG(0);
+      const party2Dsg = new EddsaMPSDsg.DSG(2);
+      const sig = MPSUtil.executeTillRound(
+        3,
+        party1Dsg,
+        party2Dsg,
+        userKeyShare,
+        bitgoKeyShare,
+        MESSAGE,
+        'm/0/0'
+      ) as Buffer;
+      assert.strictEqual(sig.length, 64, 'Derived path signature must be 64 bytes');
+
+      // A derived path uses a different signing key, so the signature must NOT
+      // verify under the root public key.
+      const rootPubKey = Buffer.from(userDkg.getCommonKeychain().slice(0, 64), 'hex');
+      assert(
+        !ed25519.verify(sig, MESSAGE, rootPubKey),
+        'Derived-path signature should not verify under the root public key'
+      );
+    });
+
+    it('should return message arrays (not a Buffer) for intermediate round 1', function () {
+      const party1Dsg = new EddsaMPSDsg.DSG(0);
+      const party2Dsg = new EddsaMPSDsg.DSG(2);
+      const result = MPSUtil.executeTillRound(1, party1Dsg, party2Dsg, userKeyShare, bitgoKeyShare, MESSAGE, 'm');
+      assert(!Buffer.isBuffer(result), 'round 1 should return message arrays, not a signature Buffer');
+      assert.strictEqual(result.length, 2, 'should have message arrays for both parties');
+    });
+
+    it('should return message arrays (not a Buffer) for intermediate round 2', function () {
+      const party1Dsg = new EddsaMPSDsg.DSG(0);
+      const party2Dsg = new EddsaMPSDsg.DSG(2);
+      const result = MPSUtil.executeTillRound(2, party1Dsg, party2Dsg, userKeyShare, bitgoKeyShare, MESSAGE, 'm');
+      assert(!Buffer.isBuffer(result), 'round 2 should return message arrays, not a signature Buffer');
+      assert.strictEqual(result.length, 2, 'should have message arrays for both parties');
+    });
+
+    it('should throw for round out of range', function () {
+      const party1Dsg = new EddsaMPSDsg.DSG(0);
+      const party2Dsg = new EddsaMPSDsg.DSG(2);
+      assert.throws(
+        () => MPSUtil.executeTillRound(0, party1Dsg, party2Dsg, userKeyShare, bitgoKeyShare, MESSAGE, 'm'),
+        /Invalid round number/
+      );
+      assert.throws(
+        () => MPSUtil.executeTillRound(4, party1Dsg, party2Dsg, userKeyShare, bitgoKeyShare, MESSAGE, 'm'),
+        /Invalid round number/
+      );
+    });
+  });
+
   describe('Session Management', function () {
     it('should export and restore DSG session and continue protocol to a valid signature', function () {
       const dsgA = new EddsaMPSDsg.DSG(0);