fix: preserve original PartyIndex from keygen for signing sessions

- Add PartyIndex field to protobuf ParticipantInfo message - Pass original PartyIndex from account shares to session coordinator - Use original PartyIndex instead of loop variable when creating participants - This fixes TSS signing failures when non-consecutive parties are selected
2025-12-06 10:45:05 -08:00 · 2025-12-06 10:45:05 -08:00 · ac4d9283dc
parent 1d507a7afd
commit ac4d9283dc
9 changed files with 2222 additions and 21 deletions
--- a/backend/mpc-system/api/grpc/coordinator/v1/session_coordinator.pb.go
+++ b/backend/mpc-system/api/grpc/coordinator/v1/session_coordinator.pb.go
@ -259,6 +259,7 @@ type ParticipantInfo struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	PartyId       string                 `protobuf:"bytes,1,opt,name=party_id,json=partyId,proto3" json:"party_id,omitempty"`
 	DeviceInfo    *DeviceInfo            `protobuf:"bytes,2,opt,name=device_info,json=deviceInfo,proto3" json:"device_info,omitempty"`
+	PartyIndex    int32                  `protobuf:"varint,3,opt,name=party_index,json=partyIndex,proto3" json:"party_index,omitempty"` // Original party index from keygen (required for signing)
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
@ -307,6 +308,13 @@ func (x *ParticipantInfo) GetDeviceInfo() *DeviceInfo {
 	return nil
 }

+func (x *ParticipantInfo) GetPartyIndex() int32 {
+	if x != nil {
+		return x.PartyIndex
+	}
+	return 0
+}
+
 // DeviceInfo contains device information
 type DeviceInfo struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
@ -1536,11 +1544,13 @@ const file_api_proto_session_coordinator_proto_rawDesc = "" +
 	"\x10PartyComposition\x12)\n" +
 	"\x10persistent_count\x18\x01 \x01(\x05R\x0fpersistentCount\x12%\n" +
 	"\x0edelegate_count\x18\x02 \x01(\x05R\rdelegateCount\x12'\n" +
-	"\x0ftemporary_count\x18\x03 \x01(\x05R\x0etemporaryCount\"m\n" +
+	"\x0ftemporary_count\x18\x03 \x01(\x05R\x0etemporaryCount\"\x8e\x01\n" +
 	"\x0fParticipantInfo\x12\x19\n" +
 	"\bparty_id\x18\x01 \x01(\tR\apartyId\x12?\n" +
 	"\vdevice_info\x18\x02 \x01(\v2\x1e.mpc.coordinator.v1.DeviceInfoR\n" +
-	"deviceInfo\"\x87\x01\n" +
+	"deviceInfo\x12\x1f\n" +
+	"\vparty_index\x18\x03 \x01(\x05R\n" +
+	"partyIndex\"\x87\x01\n" +
 	"\n" +
 	"DeviceInfo\x12\x1f\n" +
 	"\vdevice_type\x18\x01 \x01(\tR\n" +
--- a/backend/mpc-system/api/proto/session_coordinator.pb.go
+++ b/backend/mpc-system/api/proto/session_coordinator.pb.go
--- a/backend/mpc-system/api/proto/session_coordinator.proto
+++ b/backend/mpc-system/api/proto/session_coordinator.proto
@ -52,6 +52,7 @@ message PartyComposition {
 message ParticipantInfo {
  string party_id = 1;
  DeviceInfo device_info = 2;
+  int32 party_index = 3;                 // Original party index from keygen (required for signing)
 }

 // DeviceInfo contains device information
--- a/backend/mpc-system/api/proto/session_coordinator_grpc.pb.go
+++ b/backend/mpc-system/api/proto/session_coordinator_grpc.pb.go
@ -0,0 +1,395 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.6.0
+// - protoc             v6.33.1
+// source: api/proto/session_coordinator.proto
+
+package coordinator
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+	SessionCoordinator_CreateSession_FullMethodName       = "/mpc.coordinator.v1.SessionCoordinator/CreateSession"
+	SessionCoordinator_JoinSession_FullMethodName         = "/mpc.coordinator.v1.SessionCoordinator/JoinSession"
+	SessionCoordinator_GetSessionStatus_FullMethodName    = "/mpc.coordinator.v1.SessionCoordinator/GetSessionStatus"
+	SessionCoordinator_MarkPartyReady_FullMethodName      = "/mpc.coordinator.v1.SessionCoordinator/MarkPartyReady"
+	SessionCoordinator_StartSession_FullMethodName        = "/mpc.coordinator.v1.SessionCoordinator/StartSession"
+	SessionCoordinator_ReportCompletion_FullMethodName    = "/mpc.coordinator.v1.SessionCoordinator/ReportCompletion"
+	SessionCoordinator_CloseSession_FullMethodName        = "/mpc.coordinator.v1.SessionCoordinator/CloseSession"
+	SessionCoordinator_SubmitDelegateShare_FullMethodName = "/mpc.coordinator.v1.SessionCoordinator/SubmitDelegateShare"
+)
+
+// SessionCoordinatorClient is the client API for SessionCoordinator service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// SessionCoordinator service manages MPC sessions
+type SessionCoordinatorClient interface {
+	// Session management
+	CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*CreateSessionResponse, error)
+	JoinSession(ctx context.Context, in *JoinSessionRequest, opts ...grpc.CallOption) (*JoinSessionResponse, error)
+	GetSessionStatus(ctx context.Context, in *GetSessionStatusRequest, opts ...grpc.CallOption) (*GetSessionStatusResponse, error)
+	MarkPartyReady(ctx context.Context, in *MarkPartyReadyRequest, opts ...grpc.CallOption) (*MarkPartyReadyResponse, error)
+	StartSession(ctx context.Context, in *StartSessionRequest, opts ...grpc.CallOption) (*StartSessionResponse, error)
+	ReportCompletion(ctx context.Context, in *ReportCompletionRequest, opts ...grpc.CallOption) (*ReportCompletionResponse, error)
+	CloseSession(ctx context.Context, in *CloseSessionRequest, opts ...grpc.CallOption) (*CloseSessionResponse, error)
+	// Delegate party share submission (delegate party submits user's share after keygen)
+	SubmitDelegateShare(ctx context.Context, in *SubmitDelegateShareRequest, opts ...grpc.CallOption) (*SubmitDelegateShareResponse, error)
+}
+
+type sessionCoordinatorClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewSessionCoordinatorClient(cc grpc.ClientConnInterface) SessionCoordinatorClient {
+	return &sessionCoordinatorClient{cc}
+}
+
+func (c *sessionCoordinatorClient) CreateSession(ctx context.Context, in *CreateSessionRequest, opts ...grpc.CallOption) (*CreateSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CreateSessionResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_CreateSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) JoinSession(ctx context.Context, in *JoinSessionRequest, opts ...grpc.CallOption) (*JoinSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(JoinSessionResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_JoinSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) GetSessionStatus(ctx context.Context, in *GetSessionStatusRequest, opts ...grpc.CallOption) (*GetSessionStatusResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetSessionStatusResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_GetSessionStatus_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) MarkPartyReady(ctx context.Context, in *MarkPartyReadyRequest, opts ...grpc.CallOption) (*MarkPartyReadyResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(MarkPartyReadyResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_MarkPartyReady_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) StartSession(ctx context.Context, in *StartSessionRequest, opts ...grpc.CallOption) (*StartSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(StartSessionResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_StartSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) ReportCompletion(ctx context.Context, in *ReportCompletionRequest, opts ...grpc.CallOption) (*ReportCompletionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ReportCompletionResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_ReportCompletion_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) CloseSession(ctx context.Context, in *CloseSessionRequest, opts ...grpc.CallOption) (*CloseSessionResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(CloseSessionResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_CloseSession_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *sessionCoordinatorClient) SubmitDelegateShare(ctx context.Context, in *SubmitDelegateShareRequest, opts ...grpc.CallOption) (*SubmitDelegateShareResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(SubmitDelegateShareResponse)
+	err := c.cc.Invoke(ctx, SessionCoordinator_SubmitDelegateShare_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// SessionCoordinatorServer is the server API for SessionCoordinator service.
+// All implementations must embed UnimplementedSessionCoordinatorServer
+// for forward compatibility.
+//
+// SessionCoordinator service manages MPC sessions
+type SessionCoordinatorServer interface {
+	// Session management
+	CreateSession(context.Context, *CreateSessionRequest) (*CreateSessionResponse, error)
+	JoinSession(context.Context, *JoinSessionRequest) (*JoinSessionResponse, error)
+	GetSessionStatus(context.Context, *GetSessionStatusRequest) (*GetSessionStatusResponse, error)
+	MarkPartyReady(context.Context, *MarkPartyReadyRequest) (*MarkPartyReadyResponse, error)
+	StartSession(context.Context, *StartSessionRequest) (*StartSessionResponse, error)
+	ReportCompletion(context.Context, *ReportCompletionRequest) (*ReportCompletionResponse, error)
+	CloseSession(context.Context, *CloseSessionRequest) (*CloseSessionResponse, error)
+	// Delegate party share submission (delegate party submits user's share after keygen)
+	SubmitDelegateShare(context.Context, *SubmitDelegateShareRequest) (*SubmitDelegateShareResponse, error)
+	mustEmbedUnimplementedSessionCoordinatorServer()
+}
+
+// UnimplementedSessionCoordinatorServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedSessionCoordinatorServer struct{}
+
+func (UnimplementedSessionCoordinatorServer) CreateSession(context.Context, *CreateSessionRequest) (*CreateSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CreateSession not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) JoinSession(context.Context, *JoinSessionRequest) (*JoinSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method JoinSession not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) GetSessionStatus(context.Context, *GetSessionStatusRequest) (*GetSessionStatusResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetSessionStatus not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) MarkPartyReady(context.Context, *MarkPartyReadyRequest) (*MarkPartyReadyResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method MarkPartyReady not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) StartSession(context.Context, *StartSessionRequest) (*StartSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method StartSession not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) ReportCompletion(context.Context, *ReportCompletionRequest) (*ReportCompletionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method ReportCompletion not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) CloseSession(context.Context, *CloseSessionRequest) (*CloseSessionResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method CloseSession not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) SubmitDelegateShare(context.Context, *SubmitDelegateShareRequest) (*SubmitDelegateShareResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method SubmitDelegateShare not implemented")
+}
+func (UnimplementedSessionCoordinatorServer) mustEmbedUnimplementedSessionCoordinatorServer() {}
+func (UnimplementedSessionCoordinatorServer) testEmbeddedByValue()                            {}
+
+// UnsafeSessionCoordinatorServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to SessionCoordinatorServer will
+// result in compilation errors.
+type UnsafeSessionCoordinatorServer interface {
+	mustEmbedUnimplementedSessionCoordinatorServer()
+}
+
+func RegisterSessionCoordinatorServer(s grpc.ServiceRegistrar, srv SessionCoordinatorServer) {
+	// If the following call panics, it indicates UnimplementedSessionCoordinatorServer was
+	// embedded by pointer and is nil.  This will cause panics if an
+	// unimplemented method is ever invoked, so we test this at initialization
+	// time to prevent it from happening at runtime later due to I/O.
+	if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+		t.testEmbeddedByValue()
+	}
+	s.RegisterService(&SessionCoordinator_ServiceDesc, srv)
+}
+
+func _SessionCoordinator_CreateSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).CreateSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_CreateSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).CreateSession(ctx, req.(*CreateSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_JoinSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(JoinSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).JoinSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_JoinSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).JoinSession(ctx, req.(*JoinSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_GetSessionStatus_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetSessionStatusRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).GetSessionStatus(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_GetSessionStatus_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).GetSessionStatus(ctx, req.(*GetSessionStatusRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_MarkPartyReady_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MarkPartyReadyRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).MarkPartyReady(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_MarkPartyReady_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).MarkPartyReady(ctx, req.(*MarkPartyReadyRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_StartSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(StartSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).StartSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_StartSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).StartSession(ctx, req.(*StartSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_ReportCompletion_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ReportCompletionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).ReportCompletion(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_ReportCompletion_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).ReportCompletion(ctx, req.(*ReportCompletionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_CloseSession_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CloseSessionRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).CloseSession(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_CloseSession_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).CloseSession(ctx, req.(*CloseSessionRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _SessionCoordinator_SubmitDelegateShare_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SubmitDelegateShareRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(SessionCoordinatorServer).SubmitDelegateShare(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: SessionCoordinator_SubmitDelegateShare_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(SessionCoordinatorServer).SubmitDelegateShare(ctx, req.(*SubmitDelegateShareRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// SessionCoordinator_ServiceDesc is the grpc.ServiceDesc for SessionCoordinator service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var SessionCoordinator_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "mpc.coordinator.v1.SessionCoordinator",
+	HandlerType: (*SessionCoordinatorServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "CreateSession",
+			Handler:    _SessionCoordinator_CreateSession_Handler,
+		},
+		{
+			MethodName: "JoinSession",
+			Handler:    _SessionCoordinator_JoinSession_Handler,
+		},
+		{
+			MethodName: "GetSessionStatus",
+			Handler:    _SessionCoordinator_GetSessionStatus_Handler,
+		},
+		{
+			MethodName: "MarkPartyReady",
+			Handler:    _SessionCoordinator_MarkPartyReady_Handler,
+		},
+		{
+			MethodName: "StartSession",
+			Handler:    _SessionCoordinator_StartSession_Handler,
+		},
+		{
+			MethodName: "ReportCompletion",
+			Handler:    _SessionCoordinator_ReportCompletion_Handler,
+		},
+		{
+			MethodName: "CloseSession",
+			Handler:    _SessionCoordinator_CloseSession_Handler,
+		},
+		{
+			MethodName: "SubmitDelegateShare",
+			Handler:    _SessionCoordinator_SubmitDelegateShare_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "api/proto/session_coordinator.proto",
+}
--- a/backend/mpc-system/services/account/adapters/input/http/account_handler.go
+++ b/backend/mpc-system/services/account/adapters/input/http/account_handler.go
@ -710,14 +710,16 @@ func (h *AccountHTTPHandler) CreateSigningSession(c *gin.Context) {
 	}

 	// Determine which parties to use for signing
-	var partyIDs []string
+	var signingParties []grpcclient.SigningPartyInfo
+	var partyIDs []string // For logging and validation
 	if accountOutput.Account.HasSigningPartiesConfig() {
 		// Use configured signing parties
 		configuredParties := accountOutput.Account.GetSigningParties()

-		// Validate all configured parties are still active
+		// Validate all configured parties are still active and build signing party info
 		for _, partyID := range configuredParties {
-			if _, exists := activeSharesMap[partyID]; !exists {
+			share, exists := activeSharesMap[partyID]
+			if !exists {
 				c.JSON(http.StatusBadRequest, gin.H{
 					"error":    "configured signing party is no longer active",
 					"party_id": partyID,
@ -725,8 +727,12 @@ func (h *AccountHTTPHandler) CreateSigningSession(c *gin.Context) {
 				})
 				return
 			}
+			signingParties = append(signingParties, grpcclient.SigningPartyInfo{
+				PartyID:    partyID,
+				PartyIndex: int32(share.PartyIndex),
+			})
+			partyIDs = append(partyIDs, partyID)
 		}
-		partyIDs = configuredParties

 		logger.Info("Using configured signing parties",
 			zap.String("username", req.Username),
@ -745,8 +751,16 @@ func (h *AccountHTTPHandler) CreateSigningSession(c *gin.Context) {
 			return
 		}

-		// Select first 'threshold_t + 1' parties
-		partyIDs = allActivePartyIDs[:requiredParties]
+		// Select first 'threshold_t + 1' parties with their original PartyIndex
+		for i := 0; i < requiredParties; i++ {
+			partyID := allActivePartyIDs[i]
+			share := activeSharesMap[partyID]
+			signingParties = append(signingParties, grpcclient.SigningPartyInfo{
+				PartyID:    partyID,
+				PartyIndex: int32(share.PartyIndex),
+			})
+			partyIDs = append(partyIDs, partyID)
+		}

 		logger.Info("Using minimum required parties for threshold signing",
 			zap.String("username", req.Username),
@ -822,7 +836,7 @@ func (h *AccountHTTPHandler) CreateSigningSession(c *gin.Context) {
 	resp, err := h.sessionCoordinatorClient.CreateSigningSessionAuto(
 		ctx,
 		int32(accountOutput.Account.ThresholdT),
-		partyIDs,
+		signingParties,
 		messageHash,
 		600, // 10 minutes expiry
 		delegateUserShare,
--- a/backend/mpc-system/services/account/adapters/output/grpc/session_coordinator_client.go
+++ b/backend/mpc-system/services/account/adapters/output/grpc/session_coordinator_client.go
@ -128,29 +128,36 @@ type DelegateUserShareInput struct {
 	PartyIndex      int32
 }

+// SigningPartyInfo contains party ID and its original index from keygen
+type SigningPartyInfo struct {
+	PartyID    string
+	PartyIndex int32
+}
+
 // CreateSigningSessionAuto creates a new signing session with automatic party selection
-// Coordinator will select parties from the provided party IDs (from account shares)
+// Coordinator will select parties from the provided party info (from account shares)
 // delegateUserShare is required if any of the parties is a delegate party
 func (c *SessionCoordinatorClient) CreateSigningSessionAuto(
 	ctx context.Context,
 	thresholdT int32,
-	partyIDs []string,
+	parties []SigningPartyInfo,
 	messageHash []byte,
 	expiresInSeconds int64,
 	delegateUserShare *DelegateUserShareInput,
 	keygenSessionID string,
 ) (*CreateSessionAutoResponse, error) {
-	// Convert party IDs to participant info (minimal info, coordinator will fill in details)
-	pbParticipants := make([]*coordinatorpb.ParticipantInfo, len(partyIDs))
-	for i, partyID := range partyIDs {
+	// Convert party info to participant info with original party index from keygen
+	pbParticipants := make([]*coordinatorpb.ParticipantInfo, len(parties))
+	for i, party := range parties {
 		pbParticipants[i] = &coordinatorpb.ParticipantInfo{
-			PartyId: partyID,
+			PartyId:    party.PartyID,
+			PartyIndex: party.PartyIndex,
 		}
 	}

 	req := &coordinatorpb.CreateSessionRequest{
 		SessionType:      "sign",
-		ThresholdN:       int32(len(partyIDs)),
+		ThresholdN:       int32(len(parties)),
 		ThresholdT:       thresholdT,
 		Participants:     pbParticipants,
 		MessageHash:      messageHash,
@ -167,12 +174,12 @@ func (c *SessionCoordinatorClient) CreateSigningSessionAuto(
 		}
 		logger.Info("Sending CreateSigningSession gRPC request with delegate user share",
 			zap.Int32("threshold_t", thresholdT),
-			zap.Int("num_parties", len(partyIDs)),
+			zap.Int("num_parties", len(parties)),
 			zap.String("delegate_party_id", delegateUserShare.DelegatePartyID))
 	} else {
 		logger.Info("Sending CreateSigningSession gRPC request",
 			zap.Int32("threshold_t", thresholdT),
-			zap.Int("num_parties", len(partyIDs)))
+			zap.Int("num_parties", len(parties)))
 	}

 	resp, err := c.client.CreateSession(ctx, req)
--- a/backend/mpc-system/services/session-coordinator/adapters/input/grpc/session_grpc_handler.go
+++ b/backend/mpc-system/services/session-coordinator/adapters/input/grpc/session_grpc_handler.go
@ -147,6 +147,7 @@ func (s *SessionCoordinatorServer) CreateSession(
 		participants[i] = input.ParticipantInfo{
 			PartyID:    p.PartyId,
 			DeviceInfo: deviceInfo,
+			PartyIndex: int(p.PartyIndex),
 		}
 	}

--- a/backend/mpc-system/services/session-coordinator/application/ports/input/session_management_port.go
+++ b/backend/mpc-system/services/session-coordinator/application/ports/input/session_management_port.go
@ -61,6 +61,7 @@ type CreateSessionInput struct {
 type ParticipantInfo struct {
 	PartyID    string
 	DeviceInfo entities.DeviceInfo
+	PartyIndex int // Original party index from keygen (required for signing)
 }

 // CreateSessionOutput contains output from creating a session
--- a/backend/mpc-system/services/session-coordinator/application/use_cases/create_session.go
+++ b/backend/mpc-system/services/session-coordinator/application/use_cases/create_session.go
@ -249,14 +249,16 @@ func (uc *CreateSessionUseCase) Execute(
 			tokens["*"] = universalToken
 		}
 	} else {
-		// For pre-registered participants, generate individual tokens
-		for i, pInfo := range req.Participants {
+		// For pre-registered participants (e.g., signing sessions with specified parties)
+		// Use PartyIndex from input - this is the original index from keygen which must be preserved
+		for _, pInfo := range req.Participants {
 			partyID, err := value_objects.NewPartyID(pInfo.PartyID)
 			if err != nil {
 				return nil, err
 			}

-			participant, err := entities.NewParticipant(partyID, i, pInfo.DeviceInfo)
+			// Use the original PartyIndex from keygen (critical for TSS signing)
+			participant, err := entities.NewParticipant(partyID, pInfo.PartyIndex, pInfo.DeviceInfo)
 			if err != nil {
 				return nil, err
 			}