logos-execution-zone/key_protocol/src/key_management/secret_holders.rs

use bip39::Mnemonic;
use common::HashType;
use nssa_core::{
    NullifierPublicKey, NullifierSecretKey,
    encryption::{Scalar, ViewingPublicKey},
};
use rand::{RngCore as _, rngs::OsRng};
use serde::{Deserialize, Serialize};
use sha2::{Digest as _, digest::FixedOutput as _};

const NSSA_ENTROPY_BYTES: [u8; 32] = [0; 32];

#[derive(Debug)]
/// Seed holder. Non-clonable to ensure that different holders use different seeds.
/// Produces `TopSecretKeyHolder` objects.
pub struct SeedHolder {
    // ToDo: Needs to be vec as serde derives is not implemented for [u8; 64]
    pub(crate) seed: Vec<u8>,
}

#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
/// Secret spending key object. Can produce `PrivateKeyHolder` objects.
pub struct SecretSpendingKey(pub [u8; 32]);

pub type ViewingSecretKey = Scalar;

#[derive(Serialize, Deserialize, Debug, Clone)]
/// Private key holder. Produces public keys. Can produce `account_id`. Can produce shared secret
/// for recepient.
pub struct PrivateKeyHolder {
    pub nullifier_secret_key: NullifierSecretKey,
    pub viewing_secret_key: ViewingSecretKey,
}

impl SeedHolder {
    #[must_use]
    pub fn new_os_random() -> Self {
        let mut enthopy_bytes: [u8; 32] = [0; 32];
        OsRng.fill_bytes(&mut enthopy_bytes);

        let mnemonic = Mnemonic::from_entropy(&enthopy_bytes)
            .expect("Enthropy must be a multiple of 32 bytes");
        let seed_wide = mnemonic.to_seed("mnemonic");

        Self {
            seed: seed_wide.to_vec(),
        }
    }

    #[must_use]
    pub fn new_mnemonic(passphrase: String) -> Self {
        let mnemonic = Mnemonic::from_entropy(&NSSA_ENTROPY_BYTES)
            .expect("Enthropy must be a multiple of 32 bytes");
        let seed_wide = mnemonic.to_seed(passphrase);

        Self {
            seed: seed_wide.to_vec(),
        }
    }

    #[must_use]
    pub fn generate_secret_spending_key_hash(&self) -> HashType {
        let mut hash = hmac_sha512::HMAC::mac(&self.seed, "NSSA_seed");

        for _ in 1..2048 {
            hash = hmac_sha512::HMAC::mac(hash, "NSSA_seed");
        }

        // Safe unwrap
        HashType(*hash.first_chunk::<32>().unwrap())
    }

    #[must_use]
    pub fn produce_top_secret_key_holder(&self) -> SecretSpendingKey {
        SecretSpendingKey(self.generate_secret_spending_key_hash().into())
    }
}

impl SecretSpendingKey {
    #[must_use]
    #[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]
    pub fn generate_nullifier_secret_key(&self, index: Option<u32>) -> NullifierSecretKey {
        const PREFIX: &[u8; 8] = b"LEE/keys";
        const SUFFIX_1: &[u8; 1] = &[1];
        const SUFFIX_2: &[u8; 19] = &[0; 19];

        let index = match index {
            None => 0_u32,
            _ => index.expect("Expect a valid u32"),
        };

        let mut hasher = sha2::Sha256::new();
        hasher.update(PREFIX);
        hasher.update(self.0);
        hasher.update(SUFFIX_1);
        hasher.update(index.to_be_bytes());
        hasher.update(SUFFIX_2);

        <NullifierSecretKey>::from(hasher.finalize_fixed())
    }

    #[must_use]
    #[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]
    pub fn generate_viewing_secret_key(&self, index: Option<u32>) -> ViewingSecretKey {
        const PREFIX: &[u8; 8] = b"LEE/keys";
        const SUFFIX_1: &[u8; 1] = &[2];
        const SUFFIX_2: &[u8; 19] = &[0; 19];

        let index = match index {
            None => 0_u32,
            _ => index.expect("Expect a valid u32"),
        };

        let mut hasher = sha2::Sha256::new();
        hasher.update(PREFIX);
        hasher.update(self.0);
        hasher.update(SUFFIX_1);
        hasher.update(index.to_be_bytes());
        hasher.update(SUFFIX_2);

        hasher.finalize_fixed().into()
    }

    #[must_use]
    pub fn produce_private_key_holder(&self, index: Option<u32>) -> PrivateKeyHolder {
        PrivateKeyHolder {
            nullifier_secret_key: self.generate_nullifier_secret_key(index),
            viewing_secret_key: self.generate_viewing_secret_key(index),
        }
    }
}

impl PrivateKeyHolder {
    #[must_use]
    pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {
        (&self.nullifier_secret_key).into()
    }

    #[must_use]
    pub fn generate_viewing_public_key(&self) -> ViewingPublicKey {
        ViewingPublicKey::from_scalar(self.viewing_secret_key)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    // TODO? are these necessary?
    #[test]
    fn seed_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);
    }

    #[test]
    fn ssk_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);

        let _hash = seed_holder.generate_secret_spending_key_hash();
    }

    #[test]
    fn ivs_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);

        let top_secret_key_holder = seed_holder.produce_top_secret_key_holder();

        let _vsk = top_secret_key_holder.generate_viewing_secret_key(None);
    }

    #[test]
    fn two_seeds_generated_same_from_same_mnemonic() {
        let mnemonic = "test_pass";

        let seed_holder1 = SeedHolder::new_mnemonic(mnemonic.to_owned());
        let seed_holder2 = SeedHolder::new_mnemonic(mnemonic.to_owned());

        assert_eq!(seed_holder1.seed, seed_holder2.seed);
    }
}
fix: seed generation from mnemonic 2025-09-04 17:49:55 +03:00			`use bip39::Mnemonic;`
rename TreeHashType to HashType 2025-10-17 16:04:09 -03:00			`use common::HashType;`
fix: revers of scalar dep 2025-09-17 08:59:14 +03:00			`use nssa_core::{`
			`NullifierPublicKey, NullifierSecretKey,`
update tests 2026-01-21 17:27:23 -05:00			`encryption::{Scalar, ViewingPublicKey},`
fix: revers of scalar dep 2025-09-17 08:59:14 +03:00			`};`
feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`use rand::{RngCore as _, rngs::OsRng};`
serialize/deserialize `TopSecretKeyHolder` and `UTXOSecretKeyHolder` 2025-05-30 15:20:52 -04:00			`use serde::{Deserialize, Serialize};`
feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`use sha2::{Digest as _, digest::FixedOutput as _};`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`const NSSA_ENTROPY_BYTES: [u8; 32] = [0; 32];`

feat: accounts core added 2024-10-30 12:32:36 +02:00			`#[derive(Debug)]`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`/// Seed holder. Non-clonable to ensure that different holders use different seeds.`
feat: accounts core added 2024-10-30 12:32:36 +02:00			/// Produces `TopSecretKeyHolder` objects.
			`pub struct SeedHolder {`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`// ToDo: Needs to be vec as serde derives is not implemented for [u8; 64]`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`pub(crate) seed: Vec<u8>,`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

update tests 2026-01-21 17:27:23 -05:00			`#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			/// Secret spending key object. Can produce `PrivateKeyHolder` objects.
fix: suggestions fix 2 2026-03-19 18:01:15 +02:00			`pub struct SecretSpendingKey(pub [u8; 32]);`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00
update tests 2026-01-21 17:27:23 -05:00			`pub type ViewingSecretKey = Scalar;`
feat: accounts core added 2024-10-30 12:32:36 +02:00
serialize/deserialize `TopSecretKeyHolder` and `UTXOSecretKeyHolder` 2025-05-30 15:20:52 -04:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			/// Private key holder. Produces public keys. Can produce `account_id`. Can produce shared secret
			`/// for recepient.`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`pub struct PrivateKeyHolder {`
feat: shielded+deshielded token transfers 2025-09-16 14:53:00 +03:00			`pub nullifier_secret_key: NullifierSecretKey,`
fix: suggestions fix 2 2026-03-19 18:01:15 +02:00			`pub viewing_secret_key: ViewingSecretKey,`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

			`impl SeedHolder {`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`pub fn new_os_random() -> Self {`
fix: seed generation from mnemonic 2025-09-04 17:49:55 +03:00			`let mut enthopy_bytes: [u8; 32] = [0; 32];`
			`OsRng.fill_bytes(&mut enthopy_bytes);`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`let mnemonic = Mnemonic::from_entropy(&enthopy_bytes)`
			`.expect("Enthropy must be a multiple of 32 bytes");`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_wide = mnemonic.to_seed("mnemonic");`
feat: accounts core added 2024-10-30 12:32:36 +02:00
			`Self {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`seed: seed_wide.to_vec(),`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
feat: stat of deterministic passwords 2025-11-04 16:09:04 +02:00			`pub fn new_mnemonic(passphrase: String) -> Self {`
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`let mnemonic = Mnemonic::from_entropy(&NSSA_ENTROPY_BYTES)`
			`.expect("Enthropy must be a multiple of 32 bytes");`
feat: stat of deterministic passwords 2025-11-04 16:09:04 +02:00			`let seed_wide = mnemonic.to_seed(passphrase);`

			`Self {`
			`seed: seed_wide.to_vec(),`
			`}`
			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
rename TreeHashType to HashType 2025-10-17 16:04:09 -03:00			`pub fn generate_secret_spending_key_hash(&self) -> HashType {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let mut hash = hmac_sha512::HMAC::mac(&self.seed, "NSSA_seed");`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`for _ in 1..2048 {`
fix: keys structures updates 2025-09-08 14:48:58 +03:00			`hash = hmac_sha512::HMAC::mac(hash, "NSSA_seed");`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`
feat: accounts core added 2024-10-30 12:32:36 +02:00
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`// Safe unwrap`
feat: fully integrate Sequencer, Indexer and Explorer with Bedrock 2026-01-29 22:20:42 +03:00			`HashType(*hash.first_chunk::<32>().unwrap())`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub fn produce_top_secret_key_holder(&self) -> SecretSpendingKey {`
feat: fully integrate Sequencer, Indexer and Explorer with Bedrock 2026-01-29 22:20:42 +03:00			`SecretSpendingKey(self.generate_secret_spending_key_hash().into())`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`

fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`impl SecretSpendingKey {`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
lint issues 2026-03-18 18:44:07 -04:00			`#[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`pub fn generate_nullifier_secret_key(&self, index: Option<u32>) -> NullifierSecretKey {`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`const PREFIX: &[u8; 8] = b"LEE/keys";`
			`const SUFFIX_1: &[u8; 1] = &[1];`
			`const SUFFIX_2: &[u8; 19] = &[0; 19];`

fixed with unified approach 2026-01-27 16:00:42 -05:00			`let index = match index {`
feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`None => 0_u32,`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`_ => index.expect("Expect a valid u32"),`
			`};`

			`let mut hasher = sha2::Sha256::new();`
			`hasher.update(PREFIX);`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`hasher.update(self.0);`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`hasher.update(SUFFIX_1);`
initialize bip-032 changes 2026-02-25 15:18:27 -05:00			`hasher.update(index.to_be_bytes());`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`hasher.update(SUFFIX_2);`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`<NullifierSecretKey>::from(hasher.finalize_fixed())`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
lint issues 2026-03-18 18:44:07 -04:00			`#[expect(clippy::big_endian_bytes, reason = "BIP-032 uses big endian")]`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`pub fn generate_viewing_secret_key(&self, index: Option<u32>) -> ViewingSecretKey {`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`const PREFIX: &[u8; 8] = b"LEE/keys";`
			`const SUFFIX_1: &[u8; 1] = &[2];`
			`const SUFFIX_2: &[u8; 19] = &[0; 19];`

fixed with unified approach 2026-01-27 16:00:42 -05:00			`let index = match index {`
feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`None => 0_u32,`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`_ => index.expect("Expect a valid u32"),`
			`};`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00
fixed with unified approach 2026-01-27 16:00:42 -05:00			`let mut hasher = sha2::Sha256::new();`
			`hasher.update(PREFIX);`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`hasher.update(self.0);`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`hasher.update(SUFFIX_1);`
initialize bip-032 changes 2026-02-25 15:18:27 -05:00			`hasher.update(index.to_be_bytes());`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`hasher.update(SUFFIX_2);`
feat: accounts core added 2024-10-30 12:32:36 +02:00
feat: fully integrate Sequencer, Indexer and Explorer with Bedrock 2026-01-29 22:20:42 +03:00			`hasher.finalize_fixed().into()`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`pub fn produce_private_key_holder(&self, index: Option<u32>) -> PrivateKeyHolder {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`PrivateKeyHolder {`
fixed with unified approach 2026-01-27 16:00:42 -05:00			`nullifier_secret_key: self.generate_nullifier_secret_key(index),`
			`viewing_secret_key: self.generate_viewing_secret_key(index),`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`
			`}`

fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`impl PrivateKeyHolder {`
feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {`
update tests 2026-01-21 17:27:23 -05:00			`(&self.nullifier_secret_key).into()`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

feat: add pedantic clippy lints 2026-03-03 23:21:08 +03:00			`#[must_use]`
update tests 2026-01-21 17:27:23 -05:00			`pub fn generate_viewing_public_key(&self) -> ViewingPublicKey {`
			`ViewingPublicKey::from_scalar(self.viewing_secret_key)`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`
			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use super::*;`

fmt 2026-01-21 17:48:10 -05:00			`// TODO? are these necessary?`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn seed_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`
			`}`

			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn ssk_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`

feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`let _hash = seed_holder.generate_secret_spending_key_hash();`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn ivs_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`

			`let top_secret_key_holder = seed_holder.produce_top_secret_key_holder();`

feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`let _vsk = top_secret_key_holder.generate_viewing_secret_key(None);`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
feat: deterministic keys 2025-11-11 12:15:20 +02:00
			`#[test]`
			`fn two_seeds_generated_same_from_same_mnemonic() {`
			`let mnemonic = "test_pass";`

feat: add restriction clippy lints 2026-03-04 18:42:33 +03:00			`let seed_holder1 = SeedHolder::new_mnemonic(mnemonic.to_owned());`
			`let seed_holder2 = SeedHolder::new_mnemonic(mnemonic.to_owned());`
feat: deterministic keys 2025-11-11 12:15:20 +02:00
			`assert_eq!(seed_holder1.seed, seed_holder2.seed);`
			`}`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`