refactor: leverage SignHash type throughout LLMQ signing code

Extends usage of the SignHash type to improve type safety:
- CSigBase::buildSignHash() now returns SignHash instead of uint256
- Added serialization support for database storage compatibility
- Added std::hash specialization for use in unordered_map
- Use SignHash directly where possible, only converting to uint256 at
  API boundaries (BLS verification, database operations)

This provides better type safety while maintaining clean abstraction
boundaries - the BLS library continues to work with uint256 as it
should not depend on higher-level LLMQ types.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: PastaPastaPasta

src/evo/assetlocktx.cpp

@@ -146,8 +146,8 @@ bool CAssetUnlockPayload::VerifySig(const llmq::CQuorumManager& qman, const uint
 
     const uint256 requestId = ::SerializeHash(std::make_pair(ASSETUNLOCK_REQUESTID_PREFIX, index));
 
-    if (const uint256 signHash = llmq::SignHash(llmqType, quorum->qc->quorumHash, requestId, msgHash).Get();
-            quorumSig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash)) {
+    if (const llmq::SignHash signHash(llmqType, quorum->qc->quorumHash, requestId, msgHash);
+            quorumSig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash.Get())) {
         return true;
     }
 

src/evo/mnhftx.cpp

@@ -103,8 +103,8 @@ bool MNHFTx::Verify(const llmq::CQuorumManager& qman, const uint256& quorumHash,
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-mnhf-missing-quorum");
     }
 
-    const uint256 signHash = llmq::SignHash(llmqType, quorum->qc->quorumHash, requestId, msgHash).Get();
-    if (!sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash)) {
+    const llmq::SignHash signHash(llmqType, quorum->qc->quorumHash, requestId, msgHash);
+    if (!sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash.Get())) {
         return state.Invalid(TxValidationResult::TX_CONSENSUS, "bad-mnhf-invalid");
     }
 

src/llmq/quorums.cpp

@@ -1278,8 +1278,8 @@ VerifyRecSigStatus VerifyRecoveredSig(Consensus::LLMQType llmqType, const CChain
         return VerifyRecSigStatus::NoQuorum;
     }
 
-    uint256 signHash = SignHash(llmqType, quorum->qc->quorumHash, id, msgHash).Get();
-    const bool ret = sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash);
+    SignHash signHash(llmqType, quorum->qc->quorumHash, id, msgHash);
+    const bool ret = sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash.Get());
     return ret ? VerifyRecSigStatus::Valid : VerifyRecSigStatus::Invalid;
 }
 } // namespace llmq

src/llmq/signhash.h

@@ -8,6 +8,7 @@
 #include <llmq/params.h>
 #include <uint256.h>
 
+#include <cstring>
 #include <vector>
 
 #include <util/hash_type.h>
@@ -34,8 +35,33 @@ class SignHash : public BaseHash<uint256> {
      * Get the underlying uint256 hash value.
      */
     const uint256& Get() const { return m_hash; }
+
+    // Serialization support
+    template<typename Stream>
+    void Serialize(Stream& s) const
+    {
+        s << m_hash;
+    }
+
+    template<typename Stream>
+    void Unserialize(Stream& s)
+    {
+        s >> m_hash;
+    }
 };
 
 } // namespace llmq
 
+// Make SignHash hashable for use in unordered_map
+template<>
+struct std::hash<llmq::SignHash> {
+    std::size_t operator()(const llmq::SignHash& signHash) const noexcept {
+        // Use the first 8 bytes of the hash as the hash value
+        const unsigned char* data = signHash.data();
+        std::size_t result;
+        std::memcpy(&result, data, sizeof(result));
+        return result;
+    }
+};
+
 #endif // BITCOIN_LLMQ_SIGNHASH_H

src/llmq/signing.cpp

@@ -162,7 +162,7 @@ void CRecoveredSigsDb::WriteRecoveredSig(const llmq::CRecoveredSig& recSig)
 
     // store by signHash
     auto signHash = recSig.buildSignHash();
-    auto k4 = std::make_tuple(std::string("rs_s"), signHash);
+    auto k4 = std::make_tuple(std::string("rs_s"), signHash.Get());
     batch.Write(k4, (uint8_t)1);
 
     // store by current time. Allows fast cleanup of old recSigs
@@ -174,7 +174,7 @@ void CRecoveredSigsDb::WriteRecoveredSig(const llmq::CRecoveredSig& recSig)
     {
         LOCK(cs_cache);
         hasSigForIdCache.insert(std::make_pair(recSig.getLlmqType(), recSig.getId()), true);
-        hasSigForSessionCache.insert(signHash, true);
+        hasSigForSessionCache.insert(signHash.Get(), true);
         hasSigForHashCache.insert(recSig.GetHash(), true);
     }
 }
@@ -212,7 +212,7 @@ void CRecoveredSigsDb::RemoveRecoveredSig(CDBBatch& batch, Consensus::LLMQType l
 
     LOCK(cs_cache);
     hasSigForIdCache.erase(std::make_pair(recSig.getLlmqType(), recSig.getId()));
-    hasSigForSessionCache.erase(signHash);
+    hasSigForSessionCache.erase(signHash.Get());
     if (deleteHashKey) {
         hasSigForHashCache.erase(recSig.GetHash());
     }
@@ -470,7 +470,7 @@ void CSigningManager::CollectPendingRecoveredSigsToVerify(
 
             bool alreadyHave = db.HasRecoveredSigForHash(recSig->GetHash());
             if (!alreadyHave) {
-                uniqueSignHashes.emplace(nodeId, recSig->buildSignHash());
+                uniqueSignHashes.emplace(nodeId, recSig->buildSignHash().Get());
                 retSigShares[nodeId].emplace_back(recSig);
             }
             ns.erase(ns.begin());
@@ -554,7 +554,7 @@ bool CSigningManager::ProcessPendingRecoveredSigs(PeerManager& peerman)
             }
 
             const auto& quorum = quorums.at(std::make_pair(recSig->getLlmqType(), recSig->getQuorumHash()));
-            batchVerifier.PushMessage(nodeId, recSig->GetHash(), recSig->buildSignHash(), recSig->sig.Get(), quorum->qc->quorumPublicKey);
+            batchVerifier.PushMessage(nodeId, recSig->GetHash(), recSig->buildSignHash().Get(), recSig->sig.Get(), quorum->qc->quorumPublicKey);
             verifyCount++;
         }
     }
@@ -606,7 +606,7 @@ void CSigningManager::ProcessRecoveredSig(const std::shared_ptr<const CRecovered
         CRecoveredSig otherRecoveredSig;
         if (db.GetRecoveredSigById(llmqType, recoveredSig->getId(), otherRecoveredSig)) {
             auto otherSignHash = otherRecoveredSig.buildSignHash();
-            if (signHash != otherSignHash) {
+            if (signHash.Get() != otherSignHash.Get()) {
                 // this should really not happen, as each masternode is participating in only one vote,
                 // even if it's a member of multiple quorums. so a majority is only possible on one quorum and one msgHash per id
                 LogPrintf("CSigningManager::%s -- conflicting recoveredSig for signHash=%s, id=%s, msgHash=%s, otherSignHash=%s\n", __func__,
@@ -837,9 +837,9 @@ void CSigningManager::WorkThreadMain(PeerManager& peerman)
     }
 }
 
-uint256 CSigBase::buildSignHash() const
+SignHash CSigBase::buildSignHash() const
 {
-    return SignHash(llmqType, quorumHash, id, msgHash).Get();
+    return SignHash(llmqType, quorumHash, id, msgHash);
 }
 
 

src/llmq/signing.h

@@ -8,6 +8,7 @@
 #include <bls/bls.h>
 #include <gsl/pointers.h>
 #include <llmq/params.h>
+#include <llmq/signhash.h>
 #include <net_types.h>
 #include <protocol.h>
 #include <random.h>
@@ -67,7 +68,7 @@ class CSigBase
         return msgHash;
     }
 
-    [[nodiscard]] uint256 buildSignHash() const;
+    [[nodiscard]] SignHash buildSignHash() const;
 };
 
 class CRecoveredSig : virtual public CSigBase

src/llmq/signing_shares.cpp

@@ -28,7 +28,7 @@ namespace llmq
 {
 void CSigShare::UpdateKey()
 {
-    key.first = this->buildSignHash();
+    key.first = this->buildSignHash().Get();
     key.second = quorumMember;
 }
 
@@ -126,9 +126,9 @@ CSigSharesNodeState::Session& CSigSharesNodeState::GetOrCreateSessionFromShare(c
 CSigSharesNodeState::Session& CSigSharesNodeState::GetOrCreateSessionFromAnn(const llmq::CSigSesAnn& ann)
 {
     auto signHash = ann.buildSignHash();
-    auto& s = sessions[signHash];
+    auto& s = sessions[signHash.Get()];
     if (s.announced.inv.empty()) {
-        InitSession(s, signHash, ann);
+        InitSession(s, signHash.Get(), ann);
     }
     return s;
 }
@@ -831,7 +831,7 @@ void CSigSharesManager::TryRecoverSig(PeerManager& peerman, const CQuorumCPtr& q
     // verification because this is unbatched and thus slow verification that happens here.
     if (((recoveredSigsCounter++) % 100) == 0) {
         auto signHash = rs->buildSignHash();
-        bool valid = recoveredSig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash);
+        bool valid = recoveredSig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash.Get());
         if (!valid) {
             // this should really not happen as we have verified all signature shares before
             LogPrintf("CSigSharesManager::%s -- own recovered signature is invalid. id=%s, msgHash=%s\n", __func__,
@@ -1557,7 +1557,7 @@ std::optional<CSigShare> CSigSharesManager::CreateSigShare(const CQuorumCPtr& qu
         }
 
         CSigShare sigShare(quorum->params.type, quorum->qc->quorumHash, id, msgHash, uint16_t(memberIdx), {});
-        uint256 signHash = sigShare.buildSignHash();
+        uint256 signHash = sigShare.buildSignHash().Get();
 
         // TODO: This one should be SIGN by QUORUM key, not by OPERATOR key
         // see TODO in CDKGSession::FinalizeSingleCommitment for details
@@ -1593,7 +1593,7 @@ std::optional<CSigShare> CSigSharesManager::CreateSigShare(const CQuorumCPtr& qu
     }
 
     CSigShare sigShare(quorum->params.type, quorum->qc->quorumHash, id, msgHash, uint16_t(memberIdx), {});
-    uint256 signHash = sigShare.buildSignHash();
+    uint256 signHash = sigShare.buildSignHash().Get();
 
     sigShare.sigShare.Set(skShare.Sign(signHash, bls::bls_legacy_scheme.load()), bls::bls_legacy_scheme.load());
     if (!sigShare.sigShare.Get().IsValid()) {
@@ -1640,7 +1640,7 @@ void CSigSharesManager::ForceReAnnouncement(const CQuorumCPtr& quorum, Consensus
 MessageProcessingResult CSigSharesManager::HandleNewRecoveredSig(const llmq::CRecoveredSig& recoveredSig)
 {
     LOCK(cs);
-    RemoveSigSharesForSession(recoveredSig.buildSignHash());
+    RemoveSigSharesForSession(recoveredSig.buildSignHash().Get());
     return {};
 }
 

src/rpc/quorums.cpp

@@ -608,8 +608,8 @@ static RPCHelpMan quorum_verify()
         throw JSONRPCError(RPC_INVALID_PARAMETER, "quorum not found");
     }
 
-    uint256 signHash = llmq::SignHash(llmqType, quorum->qc->quorumHash, id, msgHash).Get();
-    return sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash);
+    llmq::SignHash signHash(llmqType, quorum->qc->quorumHash, id, msgHash);
+    return sig.VerifyInsecure(quorum->qc->quorumPublicKey, signHash.Get());
 },
     };
 }