rename program

integration_tests/src/lib.rs

@@ -29,7 +29,7 @@ pub mod test_context_ffi;
 pub const TIME_TO_WAIT_FOR_BLOCK_SECONDS: u64 = 12;
 pub const NSSA_PROGRAM_FOR_TEST_DATA_CHANGER: &str = "data_changer.bin";
 pub const NSSA_PROGRAM_FOR_TEST_NOOP: &str = "noop.bin";
-pub const NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY: &str = "auth_transfer_pda_proxy.bin";
+pub const NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY: &str = "pda_fund_spend_proxy.bin";
 
 const BEDROCK_SERVICE_WITH_OPEN_PORT: &str = "logos-blockchain-node-0";
 const BEDROCK_SERVICE_PORT: u16 = 18080;

integration_tests/tests/private_pda.rs

@@ -7,7 +7,7 @@ use std::{path::PathBuf, time::Duration};
 
 use anyhow::{Context as _, Result};
 use integration_tests::{
-    NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY, TIME_TO_WAIT_FOR_BLOCK_SECONDS, TestContext,
+    NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY, TIME_TO_WAIT_FOR_BLOCK_SECONDS, TestContext,
     verify_commitment_is_in_state,
 };
 use log::info;
@@ -55,7 +55,7 @@ async fn fund_private_pda(
                 },
             ],
             Program::serialize_instruction((seed, amount, auth_transfer_id, true))
-                .context("failed to serialize auth_transfer_pda_proxy fund instruction")?,
+                .context("failed to serialize pda_fund_spend_proxy fund instruction")?,
             proxy_program,
         )
         .await
@@ -91,7 +91,7 @@ async fn spend_private_pda(
                 },
             ],
             Program::serialize_instruction((seed, amount, auth_transfer_id, false))
-                .context("failed to serialize auth_transfer_pda_proxy instruction")?,
+                .context("failed to serialize pda_fund_spend_proxy instruction")?,
             spend_program,
         )
         .await
@@ -126,9 +126,9 @@ async fn private_pda_family_members_receive_and_spend() -> Result<()> {
     let proxy = {
         let path = PathBuf::from(env!("CARGO_MANIFEST_DIR"))
             .join("../artifacts/test_program_methods")
-            .join(NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY);
+            .join(NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY);
         Program::new(std::fs::read(&path).with_context(|| format!("reading {path:?}"))?)
-            .context("invalid auth_transfer_pda_proxy binary")?
+            .context("invalid pda_fund_spend_proxy binary")?
     };
     let auth_transfer = Program::authenticated_transfer_program();
     let proxy_id = proxy.id();

key_protocol/src/key_management/group_key_holder.rs

@@ -347,7 +347,8 @@ mod tests {
         ]);
         // AccountId is derived from (program_id, seed, npk), so it changes when npk changes.
         // We verify npk is pinned, and AccountId is deterministically derived from it.
-        let expected_account_id = AccountId::for_private_pda(&program_id, &seed, &expected_npk, u128::MAX);
+        let expected_account_id =
+            AccountId::for_private_pda(&program_id, &seed, &expected_npk, u128::MAX);
 
         assert_eq!(npk, expected_npk);
         assert_eq!(account_id, expected_account_id);

nssa/src/privacy_preserving_transaction/circuit.rs

@@ -730,7 +730,7 @@ mod tests {
     /// to `PrivateAccountKind::Pda` carrying the correct `(program_id, seed, identifier)`.
     #[test]
     fn private_pda_update_encrypts_pda_kind_with_identifier() {
-        let program = Program::auth_transfer_pda_proxy();
+        let program = Program::pda_fund_spend_proxy();
         let auth_transfer = Program::authenticated_transfer_program();
         let keys = test_private_account_keys_1();
         let npk = keys.npk();
@@ -811,7 +811,7 @@ mod tests {
 
     #[test]
     fn private_pda_update_identifier_mismatch_fails() {
-        let program = Program::auth_transfer_pda_proxy();
+        let program = Program::pda_fund_spend_proxy();
         let auth_transfer = Program::authenticated_transfer_program();
         let keys = test_private_account_keys_1();
         let npk = keys.npk();

nssa/src/program.rs

@@ -333,12 +333,12 @@ mod tests {
         }
 
         #[must_use]
-        pub fn auth_transfer_pda_proxy() -> Self {
-            use test_program_methods::{AUTH_TRANSFER_PDA_PROXY_ELF, AUTH_TRANSFER_PDA_PROXY_ID};
+        pub fn pda_fund_spend_proxy() -> Self {
+            use test_program_methods::{PDA_FUND_SPEND_PROXY_ELF, PDA_FUND_SPEND_PROXY_ID};
 
             Self {
-                id: AUTH_TRANSFER_PDA_PROXY_ID,
-                elf: AUTH_TRANSFER_PDA_PROXY_ELF.to_vec(),
+                id: PDA_FUND_SPEND_PROXY_ID,
+                elf: PDA_FUND_SPEND_PROXY_ELF.to_vec(),
             }
         }
 

nssa/src/state.rs

@@ -4307,7 +4307,7 @@ pub mod tests {
         let alice_keys = test_private_account_keys_1();
         let alice_npk = alice_keys.npk();
 
-        let proxy = Program::auth_transfer_pda_proxy();
+        let proxy = Program::pda_fund_spend_proxy();
         let auth_transfer = Program::authenticated_transfer_program();
         let proxy_id = proxy.id();
         let auth_transfer_id = auth_transfer.id();

test_program_methods/guest/src/bin/pda_fund_spend_proxy.rs

@@ -0,0 +1,70 @@
+use nssa_core::{
+    account::AccountWithMetadata,
+    program::{
+        AccountPostState, ChainedCall, PdaSeed, ProgramId, ProgramInput, ProgramOutput,
+        read_nssa_inputs,
+    },
+};
+use risc0_zkvm::serde::to_vec;
+
+/// Proxy for interacting with private PDAs via `auth_transfer`.
+///
+/// The `is_fund` flag selects the operating mode:
+///
+/// - `false` (Spend): `pre_states = [pda (authorized), recipient]`. Debits the PDA. The PDA-to-npk
+///   binding is established via `pda_seeds` in the chained call to `auth_transfer`.
+///
+/// - `true` (Fund): `pre_states = [sender (authorized), pda (foreign/uninitialized)]`. Credits the
+///   PDA. A direct call to `auth_transfer` cannot bind the PDA because `auth_transfer` uses
+///   `Claim::Authorized`, not `Claim::Pda`. Routing through this proxy establishes the binding via
+///   `pda_seeds` in the chained call.
+type Instruction = (PdaSeed, u128, ProgramId, bool);
+
+fn main() {
+    let (
+        ProgramInput {
+            self_program_id,
+            caller_program_id,
+            pre_states,
+            instruction: (seed, amount, auth_transfer_id, is_fund),
+        },
+        instruction_words,
+    ) = read_nssa_inputs::<Instruction>();
+
+    let Ok([first, second]) = <[_; 2]>::try_from(pre_states) else {
+        return;
+    };
+
+    assert!(first.is_authorized, "first pre_state must be authorized");
+
+    let chained_pre_states = if is_fund {
+        let pda_authorized = AccountWithMetadata {
+            account: second.account.clone(),
+            account_id: second.account_id,
+            is_authorized: true,
+        };
+        vec![first.clone(), pda_authorized]
+    } else {
+        vec![first.clone(), second.clone()]
+    };
+
+    let first_post = AccountPostState::new(first.account.clone());
+    let second_post = AccountPostState::new(second.account.clone());
+
+    let chained_call = ChainedCall {
+        program_id: auth_transfer_id,
+        instruction_data: to_vec(&amount).unwrap(),
+        pre_states: chained_pre_states,
+        pda_seeds: vec![seed],
+    };
+
+    ProgramOutput::new(
+        self_program_id,
+        caller_program_id,
+        instruction_words,
+        vec![first, second],
+        vec![first_post, second_post],
+    )
+    .with_chained_calls(vec![chained_call])
+    .write();
+}

wallet/src/privacy_preserving_tx.rs

@@ -341,8 +341,12 @@ async fn private_acc_preparation(
         .shared_private_account(&account_id)
         .ok_or(ExecutionFailureKind::KeyNotFoundError)?;
 
-    let pda_seed = entry.pda_seed.ok_or(ExecutionFailureKind::KeyNotFoundError)?;
-    let program_id = entry.pda_program_id.ok_or(ExecutionFailureKind::KeyNotFoundError)?;
+    let pda_seed = entry
+        .pda_seed
+        .ok_or(ExecutionFailureKind::KeyNotFoundError)?;
+    let program_id = entry
+        .pda_program_id
+        .ok_or(ExecutionFailureKind::KeyNotFoundError)?;
 
     let holder = wallet
         .storage