logos-execution-zone/key_protocol/src/key_management/secret_holders.rs

use bip39::Mnemonic;
use common::HashType;
use nssa_core::{
    NullifierPublicKey, NullifierSecretKey,
    encryption::{Scalar, ViewingPublicKey},
};
use rand::{RngCore, rngs::OsRng};
use serde::{Deserialize, Serialize};
use sha2::{Digest, digest::FixedOutput};

const NSSA_ENTROPY_BYTES: [u8; 32] = [0; 32];

#[derive(Debug)]
/// Seed holder. Non-clonable to ensure that different holders use different seeds.
/// Produces `TopSecretKeyHolder` objects.
pub struct SeedHolder {
    // ToDo: Needs to be vec as serde derives is not implemented for [u8; 64]
    pub(crate) seed: Vec<u8>,
}

#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
/// Secret spending key object. Can produce `PrivateKeyHolder` objects.
pub struct SecretSpendingKey(pub(crate) [u8; 32]);

pub type ViewingSecretKey = Scalar;
pub type OutgoingViewingSecretKey = Scalar;

#[derive(Serialize, Deserialize, Debug, Clone)]
/// Private key holder. Produces public keys. Can produce account_id. Can produce shared secret for
/// recepient.
pub struct PrivateKeyHolder {
    pub nullifier_secret_key: NullifierSecretKey,
    pub(crate) viewing_secret_key: ViewingSecretKey,
}

impl SeedHolder {
    pub fn new_os_random() -> Self {
        let mut enthopy_bytes: [u8; 32] = [0; 32];
        OsRng.fill_bytes(&mut enthopy_bytes);

        let mnemonic = Mnemonic::from_entropy(&enthopy_bytes)
            .expect("Enthropy must be a multiple of 32 bytes");
        let seed_wide = mnemonic.to_seed("mnemonic");

        Self {
            seed: seed_wide.to_vec(),
        }
    }

    pub fn new_mnemonic(passphrase: String) -> Self {
        let mnemonic = Mnemonic::from_entropy(&NSSA_ENTROPY_BYTES)
            .expect("Enthropy must be a multiple of 32 bytes");
        let seed_wide = mnemonic.to_seed(passphrase);

        Self {
            seed: seed_wide.to_vec(),
        }
    }

    pub fn generate_secret_spending_key_hash(&self) -> HashType {
        let mut hash = hmac_sha512::HMAC::mac(&self.seed, "NSSA_seed");

        for _ in 1..2048 {
            hash = hmac_sha512::HMAC::mac(hash, "NSSA_seed");
        }

        // Safe unwrap
        *hash.first_chunk::<32>().unwrap()
    }

    pub fn produce_top_secret_key_holder(&self) -> SecretSpendingKey {
        SecretSpendingKey(self.generate_secret_spending_key_hash())
    }
}

impl SecretSpendingKey {
    pub fn generate_nullifier_secret_key(&self) -> NullifierSecretKey {
        let mut hasher = sha2::Sha256::new();

        hasher.update("LEE/keys");
        hasher.update(self.0);
        hasher.update([1u8]);
        hasher.update([0u8; 23]);

        <NullifierSecretKey>::from(hasher.finalize_fixed())
    }

    pub fn generate_viewing_secret_key(&self) -> ViewingSecretKey {
        let mut hasher = sha2::Sha256::new();

        hasher.update("LEE/keys");
        hasher.update(self.0);
        hasher.update([2u8]);
        hasher.update([0u8; 23]);

        <HashType>::from(hasher.finalize_fixed())
    }

    pub fn produce_private_key_holder(&self) -> PrivateKeyHolder {
        PrivateKeyHolder {
            nullifier_secret_key: self.generate_nullifier_secret_key(),
            viewing_secret_key: self.generate_viewing_secret_key(),
        }
    }

    pub fn generate_child_nullifier_secret_key(&self, cci: u32) -> NullifierSecretKey {
        let mut key = vec![];
        key.extend_from_slice(b"LEE/chain");

        let mut input = vec![];

        input.extend_from_slice(&self.0);
        input.extend_from_slice(&[1u8]);
        input.extend_from_slice(&cci.to_le_bytes());
        input.extend_from_slice(&[0u8; 22]);

        let hash_value = hmac_sha512::HMAC::mac(input, key);

        *hash_value
            .first_chunk::<32>()
            .expect("hash_value is 64 bytes, must be safe to get first 32")
    }

    pub fn generate_child_viewing_secret_key(&self, cci: u32) -> ViewingSecretKey {
        let mut key = vec![];
        key.extend_from_slice(b"LEE/chain");

        let mut input = vec![];

        input.extend_from_slice(&self.0);
        input.extend_from_slice(&[2u8]);
        input.extend_from_slice(&cci.to_le_bytes());
        input.extend_from_slice(&[0u8; 22]);

        let hash_value = hmac_sha512::HMAC::mac(input, key);

        *hash_value
            .first_chunk::<32>()
            .expect("hash_value is 64 bytes, must be safe to get first 32")
    }
}

impl PrivateKeyHolder {
    pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {
        (&self.nullifier_secret_key).into()
    }

    pub fn generate_viewing_public_key(&self) -> ViewingPublicKey {
        ViewingPublicKey::from_scalar(self.viewing_secret_key)
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    // TODO? are these necessary?
    #[test]
    fn seed_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);
    }

    #[test]
    fn ssk_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);

        let _ = seed_holder.generate_secret_spending_key_hash();
    }

    #[test]
    fn ivs_generation_test() {
        let seed_holder = SeedHolder::new_os_random();

        assert_eq!(seed_holder.seed.len(), 64);

        let top_secret_key_holder = seed_holder.produce_top_secret_key_holder();

        let _ = top_secret_key_holder.generate_viewing_secret_key();
    }

    #[test]
    fn two_seeds_generated_same_from_same_mnemonic() {
        let mnemonic = "test_pass";

        let seed_holder1 = SeedHolder::new_mnemonic(mnemonic.to_string());
        let seed_holder2 = SeedHolder::new_mnemonic(mnemonic.to_string());

        assert_eq!(seed_holder1.seed, seed_holder2.seed);
    }
}
fix: seed generation from mnemonic 2025-09-04 17:49:55 +03:00			`use bip39::Mnemonic;`
rename TreeHashType to HashType 2025-10-17 16:04:09 -03:00			`use common::HashType;`
fix: revers of scalar dep 2025-09-17 08:59:14 +03:00			`use nssa_core::{`
			`NullifierPublicKey, NullifierSecretKey,`
update tests 2026-01-21 17:27:23 -05:00			`encryption::{Scalar, ViewingPublicKey},`
fix: revers of scalar dep 2025-09-17 08:59:14 +03:00			`};`
fix: fmt 2025-09-08 15:23:32 +03:00			`use rand::{RngCore, rngs::OsRng};`
serialize/deserialize `TopSecretKeyHolder` and `UTXOSecretKeyHolder` 2025-05-30 15:20:52 -04:00			`use serde::{Deserialize, Serialize};`
fix: try edition 2024 2025-09-04 14:38:41 +03:00			`use sha2::{Digest, digest::FixedOutput};`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`const NSSA_ENTROPY_BYTES: [u8; 32] = [0; 32];`

feat: accounts core added 2024-10-30 12:32:36 +02:00			`#[derive(Debug)]`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`/// Seed holder. Non-clonable to ensure that different holders use different seeds.`
feat: accounts core added 2024-10-30 12:32:36 +02:00			/// Produces `TopSecretKeyHolder` objects.
			`pub struct SeedHolder {`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`// ToDo: Needs to be vec as serde derives is not implemented for [u8; 64]`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`pub(crate) seed: Vec<u8>,`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

update tests 2026-01-21 17:27:23 -05:00			`#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			/// Secret spending key object. Can produce `PrivateKeyHolder` objects.
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub struct SecretSpendingKey(pub(crate) [u8; 32]);`

update tests 2026-01-21 17:27:23 -05:00			`pub type ViewingSecretKey = Scalar;`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub type OutgoingViewingSecretKey = Scalar;`
feat: accounts core added 2024-10-30 12:32:36 +02:00
serialize/deserialize `TopSecretKeyHolder` and `UTXOSecretKeyHolder` 2025-05-30 15:20:52 -04:00			`#[derive(Serialize, Deserialize, Debug, Clone)]`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`/// Private key holder. Produces public keys. Can produce account_id. Can produce shared secret for`
			`/// recepient.`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`pub struct PrivateKeyHolder {`
feat: shielded+deshielded token transfers 2025-09-16 14:53:00 +03:00			`pub nullifier_secret_key: NullifierSecretKey,`
update tests 2026-01-21 17:27:23 -05:00			`pub(crate) viewing_secret_key: ViewingSecretKey,`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

			`impl SeedHolder {`
			`pub fn new_os_random() -> Self {`
fix: seed generation from mnemonic 2025-09-04 17:49:55 +03:00			`let mut enthopy_bytes: [u8; 32] = [0; 32];`
			`OsRng.fill_bytes(&mut enthopy_bytes);`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`let mnemonic = Mnemonic::from_entropy(&enthopy_bytes)`
			`.expect("Enthropy must be a multiple of 32 bytes");`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_wide = mnemonic.to_seed("mnemonic");`
feat: accounts core added 2024-10-30 12:32:36 +02:00
			`Self {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`seed: seed_wide.to_vec(),`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`

feat: stat of deterministic passwords 2025-11-04 16:09:04 +02:00			`pub fn new_mnemonic(passphrase: String) -> Self {`
fix: suggestions fix 3 2025-11-26 14:53:26 +02:00			`let mnemonic = Mnemonic::from_entropy(&NSSA_ENTROPY_BYTES)`
			`.expect("Enthropy must be a multiple of 32 bytes");`
feat: stat of deterministic passwords 2025-11-04 16:09:04 +02:00			`let seed_wide = mnemonic.to_seed(passphrase);`

			`Self {`
			`seed: seed_wide.to_vec(),`
			`}`
			`}`

rename TreeHashType to HashType 2025-10-17 16:04:09 -03:00			`pub fn generate_secret_spending_key_hash(&self) -> HashType {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let mut hash = hmac_sha512::HMAC::mac(&self.seed, "NSSA_seed");`
feat: accounts core added 2024-10-30 12:32:36 +02:00
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`for _ in 1..2048 {`
fix: keys structures updates 2025-09-08 14:48:58 +03:00			`hash = hmac_sha512::HMAC::mac(hash, "NSSA_seed");`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`
feat: accounts core added 2024-10-30 12:32:36 +02:00
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`// Safe unwrap`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`*hash.first_chunk::<32>().unwrap()`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub fn produce_top_secret_key_holder(&self) -> SecretSpendingKey {`
			`SecretSpendingKey(self.generate_secret_spending_key_hash())`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`

fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`impl SecretSpendingKey {`
			`pub fn generate_nullifier_secret_key(&self) -> NullifierSecretKey {`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`let mut hasher = sha2::Sha256::new();`

update tests 2026-01-21 17:27:23 -05:00			`hasher.update("LEE/keys");`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`hasher.update(self.0);`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`hasher.update([1u8]);`
update tests 2026-01-21 17:27:23 -05:00			`hasher.update([0u8; 23]);`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`<NullifierSecretKey>::from(hasher.finalize_fixed())`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

update tests 2026-01-21 17:27:23 -05:00			`pub fn generate_viewing_secret_key(&self) -> ViewingSecretKey {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let mut hasher = sha2::Sha256::new();`

update tests 2026-01-21 17:27:23 -05:00			`hasher.update("LEE/keys");`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`hasher.update(self.0);`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`hasher.update([2u8]);`
update tests 2026-01-21 17:27:23 -05:00			`hasher.update([0u8; 23]);`
feat: accounts core added 2024-10-30 12:32:36 +02:00
rename TreeHashType to HashType 2025-10-17 16:04:09 -03:00			`<HashType>::from(hasher.finalize_fixed())`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`pub fn produce_private_key_holder(&self) -> PrivateKeyHolder {`
			`PrivateKeyHolder {`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`nullifier_secret_key: self.generate_nullifier_secret_key(),`
update tests 2026-01-21 17:27:23 -05:00			`viewing_secret_key: self.generate_viewing_secret_key(),`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
			`}`
private key protocol fixes 2025-12-15 17:24:59 -05:00
			`pub fn generate_child_nullifier_secret_key(&self, cci: u32) -> NullifierSecretKey {`
			`let mut key = vec![];`
update tests 2026-01-21 17:27:23 -05:00			`key.extend_from_slice(b"LEE/chain");`
private key protocol fixes 2025-12-15 17:24:59 -05:00
			`let mut input = vec![];`

			`input.extend_from_slice(&self.0);`
			`input.extend_from_slice(&[1u8]);`
			`input.extend_from_slice(&cci.to_le_bytes());`
fixed private keys 2025-12-22 19:50:03 -05:00			`input.extend_from_slice(&[0u8; 22]);`
private key protocol fixes 2025-12-15 17:24:59 -05:00
			`let hash_value = hmac_sha512::HMAC::mac(input, key);`

			`*hash_value`
			`.first_chunk::<32>()`
fixed private keys 2025-12-22 19:50:03 -05:00			`.expect("hash_value is 64 bytes, must be safe to get first 32")`
private key protocol fixes 2025-12-15 17:24:59 -05:00			`}`

update tests 2026-01-21 17:27:23 -05:00			`pub fn generate_child_viewing_secret_key(&self, cci: u32) -> ViewingSecretKey {`
private key protocol fixes 2025-12-15 17:24:59 -05:00			`let mut key = vec![];`
update tests 2026-01-21 17:27:23 -05:00			`key.extend_from_slice(b"LEE/chain");`
private key protocol fixes 2025-12-15 17:24:59 -05:00
			`let mut input = vec![];`

			`input.extend_from_slice(&self.0);`
			`input.extend_from_slice(&[2u8]);`
			`input.extend_from_slice(&cci.to_le_bytes());`
fixed private keys 2025-12-22 19:50:03 -05:00			`input.extend_from_slice(&[0u8; 22]);`
private key protocol fixes 2025-12-15 17:24:59 -05:00
			`let hash_value = hmac_sha512::HMAC::mac(input, key);`

			`*hash_value`
			`.first_chunk::<32>()`
fixed private keys 2025-12-22 19:50:03 -05:00			`.expect("hash_value is 64 bytes, must be safe to get first 32")`
private key protocol fixes 2025-12-15 17:24:59 -05:00			`}`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`

fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`impl PrivateKeyHolder {`
fix: deviations adjustments 2025-09-15 14:04:49 +03:00			`pub fn generate_nullifier_public_key(&self) -> NullifierPublicKey {`
update tests 2026-01-21 17:27:23 -05:00			`(&self.nullifier_secret_key).into()`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

update tests 2026-01-21 17:27:23 -05:00			`pub fn generate_viewing_public_key(&self) -> ViewingPublicKey {`
			`ViewingPublicKey::from_scalar(self.viewing_secret_key)`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`
			`}`

			`#[cfg(test)]`
			`mod tests {`
			`use super::*;`

fmt 2026-01-21 17:48:10 -05:00			`// TODO? are these necessary?`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn seed_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`
			`}`

			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn ssk_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`

update tests 2026-01-21 17:27:23 -05:00			`let _ = seed_holder.generate_secret_spending_key_hash();`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`}`

			`#[test]`
update tests 2026-01-21 17:27:23 -05:00			`fn ivs_generation_test() {`
fix: keys corect generatin 2025-09-05 14:47:58 +03:00			`let seed_holder = SeedHolder::new_os_random();`

			`assert_eq!(seed_holder.seed.len(), 64);`

			`let top_secret_key_holder = seed_holder.produce_top_secret_key_holder();`

update tests 2026-01-21 17:27:23 -05:00			`let _ = top_secret_key_holder.generate_viewing_secret_key();`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`
feat: deterministic keys 2025-11-11 12:15:20 +02:00
			`#[test]`
			`fn two_seeds_generated_same_from_same_mnemonic() {`
			`let mnemonic = "test_pass";`

			`let seed_holder1 = SeedHolder::new_mnemonic(mnemonic.to_string());`
			`let seed_holder2 = SeedHolder::new_mnemonic(mnemonic.to_string());`

			`assert_eq!(seed_holder1.seed, seed_holder2.seed);`
			`}`
feat: accounts core added 2024-10-30 12:32:36 +02:00			`}`