# sBTC Signers ### Overview The [sBTC Signers contract](https://github.com/stacks-network/sbtc/blob/main/contracts/contracts/sbtc-bootstrap-signers.clar) (`sbtc-bootstrap-signers.clar`) manages the signer set for the sBTC system. It handles rotation of signer keys and provides utilities for generating multisig addresses. **Constants** * `key-size`: The required length of public keys (33 bytes). **Error Constants** * `ERR_KEY_SIZE_PREFIX`: Prefix for key size errors in batch processing. * `ERR_KEY_SIZE` (u200): Indicates that a provided key is not the correct length. * `ERR_INVALID_CALLER` (u201): Signifies that the function caller is not the current signer principal. * `ERR_SIGNATURE_THRESHOLD` (u202): Indicates an invalid signature threshold (must be >50% and ≤100% of total signer keys). #### Public Functions **`rotate-keys-wrapper`** Rotates the keys of the signers. Called when the signer set is updated. * Parameters: * `new-keys`: `(list 128 (buff 33))` - List of new signer public keys * `new-aggregate-pubkey`: `(buff 33)` - New aggregate public key * `new-signature-threshold`: `uint` - New signature threshold * Returns: `(response (buff 33) uint)` Function flow: {% stepper %} {% step %} **Validate signature threshold** Ensure the new signature threshold is valid (must be >50% and ≤100% of total signer keys). {% endstep %} {% step %} **Verify caller** Verify that the caller is the current signer principal. {% endstep %} {% step %} **Validate keys** Check the length of each new key and the aggregate public key (must be 33 bytes). {% endstep %} {% step %} **Update registry** Call the sBTC Registry contract to update the keys and address. {% endstep %} {% endstepper %} #### Read-only Functions **`pubkeys-to-spend-script`** Generates the p2sh redeem script for a multisig. * Parameters: * `pubkeys`: `(list 128 (buff 33))` - List of public keys * `m`: `uint` - Number of required signatures * Returns: `(buff 1024)` - The p2sh redeem script **`pubkeys-to-hash`** Computes the hash160 of the p2sh redeem script. * Parameters: * `pubkeys`: `(list 128 (buff 33))` - List of public keys * `m`: `uint` - Number of required signatures * Returns: `(buff 20)` - The hash160 of the redeem script **`pubkeys-to-principal`** Generates a principal (Stacks address) from a set of pubkeys and an m-of-n threshold. * Parameters: * `pubkeys`: `(list 128 (buff 33))` - List of public keys * `m`: `uint` - Number of required signatures * Returns: `principal` - The generated Stacks address **`pubkeys-to-bytes`** Concatenates a list of pubkeys into a buffer with length prefixes. * Parameters: * `pubkeys`: `(list 128 (buff 33))` - List of public keys * Returns: `(buff 510)` - Concatenated pubkeys with length prefixes **`concat-pubkeys-fold`** Concatenates a pubkey buffer with a length prefix. * Parameters: * `pubkey`: `(buff 33)` - A single public key * `iterator`: `(buff 510)` - Accumulator for concatenation * Returns: `(buff 510)` - Updated concatenated buffer **`bytes-len`** Returns the length of a byte buffer as a single byte. * Parameters: * `bytes`: `(buff 33)` - Input byte buffer * Returns: `(buff 1)` - Length as a single byte **`uint-to-byte`** Converts a uint to a single byte. * Parameters: * `n`: `uint` - Input number * Returns: `(buff 1)` - Number as a single byte #### Private Functions **`signer-key-length-check`** Checks that the length of each key is exactly 33 bytes. * Parameters: * `current-key`: `(buff 33)` - Public key to check * `helper-response`: `(response uint uint)` - Accumulator for error handling * Returns: `(response uint uint)` - Updated accumulator or error #### Constants **`BUFF_TO_BYTE`** A constant list mapping uint values (0-255) to their corresponding byte representations. Interactions with Other Contracts * `.sbtc-registry`: Calls `get-current-signer-data` and `rotate-keys` to manage signer data. Security Considerations {% hint style="warning" %} * Access Control: Only the current signer principal can call the key rotation function. * Key Validation: Ensures all provided keys are the correct length. * Signature Threshold: Enforces a minimum threshold of over 50% of signers and a maximum of 100%. * Multisig Generation: Provides utilities for secure generation of multisig addresses. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stacks.co/learn/sbtc/clarity-contracts/sbtc-signers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.