refactor(lee): state-machine to use PrivateAddressPlaintext

This commit is contained in:
Artem Gureev 2026-06-30 10:23:16 +00:00 committed by agureev
parent 2cee0b3861
commit 7370f78226
4 changed files with 127 additions and 109 deletions

View File

@ -180,7 +180,9 @@ mod tests {
use lee_core::{
Commitment, DUMMY_COMMITMENT_HASH, EncryptionScheme, EphemeralSecretKey, Nullifier,
PrivacyPreservingCircuitOutput, SharedSecretKey,
account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
account::{
Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data,
},
program::{PdaSeed, PrivateAccountKind},
};
@ -236,7 +238,8 @@ mod tests {
);
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id();
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
let balance_to_move: u128 = 37;
@ -316,14 +319,15 @@ mod tests {
data: Data::default(),
},
true,
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let commitment_sender = Commitment::new(&sender_account_id, &sender_pre.account);
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id();
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
let balance_to_move: u128 = 37;
@ -429,7 +433,7 @@ mod tests {
let pre = AccountWithMetadata::new(
Account::default(),
false,
AccountId::for_regular_private_account(&account_keys.npk(), &account_keys.vpk(), 0),
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
);
let validity_window_chain_caller = Program::validity_window_chain_caller();
@ -473,8 +477,8 @@ mod tests {
let npk = keys.npk();
let seed = PdaSeed::new([42; 32]);
let identifier: u128 = 99;
let account_id =
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier);
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier)
.pda_account_id(&program.id(), &seed);
let init_nonce = Nonce::private_account_nonce_init(&account_id);
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &init_nonce);
let shared_secret = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
@ -517,7 +521,8 @@ mod tests {
let seed = PdaSeed::new([42; 32]);
// PDA (new, private PDA)
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0);
let pda_id =
PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed);
let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id);
let auth_id = auth_transfer.id();
@ -556,7 +561,8 @@ mod tests {
let seed = PdaSeed::new([42; 32]);
// PDA (new, private PDA)
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0);
let pda_id =
PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed);
let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id);
// Recipient (public)
@ -624,7 +630,8 @@ mod tests {
// Recipient: shared private account (new, unauthorized)
let shared_account_id =
AccountId::from((&shared_npk, &shared_keys.vpk(), shared_identifier));
PrivateAddressPlaintext::new(shared_npk, shared_keys.vpk(), shared_identifier)
.account_id();
let recipient = AccountWithMetadata::new(Account::default(), false, shared_account_id);
let balance_to_move: u128 = 100;
@ -662,7 +669,7 @@ mod tests {
let keys = test_private_account_keys_1();
let identifier: u128 = 99;
let account_id =
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
let nonce = Nonce::private_account_nonce_init(&account_id);
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &nonce);
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
@ -696,7 +703,7 @@ mod tests {
let keys = test_private_account_keys_1();
let identifier: u128 = 99;
let account_id =
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
let pre = AccountWithMetadata::new(Account::default(), true, account_id);
let (output, _) = execute_and_prove(
@ -742,7 +749,7 @@ mod tests {
let identifier: u128 = 99;
// create an account id with one set of viewing keys
let account_id =
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
let pre = AccountWithMetadata::new(Account::default(), true, account_id);
let result = execute_and_prove(
@ -771,7 +778,7 @@ mod tests {
let keys = test_private_account_keys_1();
let identifier: u128 = 99;
let recipient_id =
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
let init_nonce = Nonce::private_account_nonce_init(&recipient_id);
let esk = EphemeralSecretKey::new(&recipient_id, &[0; 32], &init_nonce);
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
@ -820,7 +827,7 @@ mod tests {
let keys = test_private_account_keys_1();
let identifier: u128 = 99;
let account_id =
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk);
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &update_nonce);
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
@ -873,8 +880,8 @@ mod tests {
let seed = PdaSeed::new([42; 32]);
let identifier: u128 = 99;
let auth_transfer_id = auth_transfer.id();
let pda_id =
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier);
let pda_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier)
.pda_account_id(&program.id(), &seed);
let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk);
let esk = EphemeralSecretKey::new(&pda_id, &[0; 32], &update_nonce);
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
@ -930,7 +937,8 @@ mod tests {
let keys = test_private_account_keys_1();
let npk = keys.npk();
let seed = PdaSeed::new([42; 32]);
let account_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5);
let account_id =
PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed);
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
let result = execute_and_prove(
@ -957,7 +965,8 @@ mod tests {
let npk = keys.npk();
let seed = PdaSeed::new([42; 32]);
let auth_transfer_id = auth_transfer.id();
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5);
let pda_id =
PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed);
let pda_account = Account {
program_owner: auth_transfer_id,
balance: 1,

View File

@ -119,10 +119,12 @@ pub mod tests {
let encrypted_private_post_states = Vec::new();
let account_id2 = lee_core::account::AccountId::for_regular_private_account(&npk2, &vpk, 0);
let account_id2 =
lee_core::account::PrivateAddressPlaintext::new(npk2, vpk.clone(), 0).account_id();
let new_commitments = vec![Commitment::new(&account_id2, &account2)];
let account_id1 = lee_core::account::AccountId::for_regular_private_account(&npk1, &vpk, 0);
let account_id1 =
lee_core::account::PrivateAddressPlaintext::new(npk1, vpk, 0).account_id();
let old_commitment = Commitment::new(&account_id1, &account1);
let new_nullifiers = vec![(
Nullifier::for_account_update(&old_commitment, &nsk1),
@ -198,7 +200,8 @@ pub mod tests {
let npk = NullifierPublicKey::from(&[1; 32]);
let vpk = ViewingPublicKey::from_seed(&[2_u8; 32], &[3_u8; 32]);
let account = Account::default();
let account_id = lee_core::account::AccountId::for_regular_private_account(&npk, &vpk, 0);
let account_id =
lee_core::account::PrivateAddressPlaintext::new(npk, vpk.clone(), 0).account_id();
let commitment = Commitment::new(&account_id, &account);
let (shared_secret, epk) =
SharedSecretKey::encapsulate_deterministic(&vpk, &EphemeralSecretKey([0_u8; 32]));

View File

@ -420,7 +420,9 @@ pub mod tests {
use lee_core::{
BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey,
NullifierSecretKey, Timestamp,
account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
account::{
Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data,
},
encryption::ViewingPublicKey,
program::{
BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId,
@ -517,7 +519,7 @@ pub mod tests {
#[must_use]
pub fn with_private_account(mut self, keys: &TestPrivateKeys, account: &Account) -> Self {
let account_id = AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), 0);
let account_id = PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), 0).account_id();
let commitment = Commitment::new(&account_id, account);
self.private_state.0.extend(&[commitment]);
self
@ -729,8 +731,8 @@ pub mod tests {
..Account::default()
};
let account_id1 = AccountId::for_regular_private_account(&keys1.npk(), &keys1.vpk(), 0);
let account_id2 = AccountId::for_regular_private_account(&keys2.npk(), &keys2.vpk(), 0);
let account_id1 = PrivateAddressPlaintext::new(keys1.npk(), keys1.vpk(), 0).account_id();
let account_id2 = PrivateAddressPlaintext::new(keys2.npk(), keys2.vpk(), 0).account_id();
let init_commitment1 = Commitment::new(&account_id1, &account);
let init_commitment2 = Commitment::new(&account_id2, &account);
@ -1406,7 +1408,8 @@ pub mod tests {
let recipient = AccountWithMetadata::new(
Account::default(),
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let (output, proof) = circuit::execute_and_prove(
@ -1448,17 +1451,18 @@ pub mod tests {
) -> PrivacyPreservingTransaction {
let program = Program::authenticated_transfer_program();
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
let sender_pre = AccountWithMetadata::new(
sender_private_account.clone(),
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let recipient_pre = AccountWithMetadata::new(
Account::default(),
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let (output, proof) = circuit::execute_and_prove(
@ -1504,12 +1508,12 @@ pub mod tests {
) -> PrivacyPreservingTransaction {
let program = Program::authenticated_transfer_program();
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
let sender_pre = AccountWithMetadata::new(
sender_private_account.clone(),
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let recipient_pre = AccountWithMetadata::new(
state.get_account_by_id(*recipient_account_id),
@ -1615,9 +1619,10 @@ pub mod tests {
);
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id();
let expected_new_commitment_1 = Commitment::new(
&sender_account_id,
&Account {
@ -1769,7 +1774,7 @@ pub mod tests {
);
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let expected_new_commitment = Commitment::new(
&sender_account_id,
&Account {
@ -2081,12 +2086,13 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account::default(),
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
// Setting the recipient nsk to authorize the sender.
@ -2129,7 +2135,7 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account {
@ -2138,7 +2144,8 @@ pub mod tests {
..Account::default()
},
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let result = execute_and_prove(
@ -2177,7 +2184,7 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account {
@ -2186,7 +2193,8 @@ pub mod tests {
..Account::default()
},
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let result = execute_and_prove(
@ -2225,7 +2233,7 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account {
@ -2234,7 +2242,8 @@ pub mod tests {
..Account::default()
},
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let result = execute_and_prove(
@ -2273,7 +2282,7 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account {
@ -2282,7 +2291,8 @@ pub mod tests {
..Account::default()
},
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let result = execute_and_prove(
@ -2322,13 +2332,14 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let private_account_2 = AccountWithMetadata::new(
Account::default(),
// This should be set to false in normal circumstances
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let result = execute_and_prove(
@ -2397,9 +2408,10 @@ pub mod tests {
/// Happy path: a program claims a new private PDA via `Claim::Pda(seed)`. The circuit
/// reads the npk for that `pre_state` from `private_account_keys` at the `pre_state`'s
/// position, derives `AccountId` via `AccountId::for_private_pda(program_id, seed, npk)`, and
/// asserts it equals the `pre_state`'s `account_id`. The equality both validates the claim
/// and binds the supplied npk to the `account_id`.
/// position, derives `AccountId` via `PrivateAddressPlaintext::new(npk,
/// ..).pda_account_id(program_id, seed)`, and asserts it equals the `pre_state`'s
/// `account_id`. The equality both validates the claim and binds the supplied npk to the
/// `account_id`.
#[test]
fn private_pda_claim_succeeds() {
let program = Program::pda_claimer();
@ -2407,8 +2419,8 @@ pub mod tests {
let npk = keys.npk();
let seed = PdaSeed::new([42; 32]);
let account_id =
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX);
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
.pda_account_id(&program.id(), &seed);
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
let result = execute_and_prove(
@ -2433,7 +2445,8 @@ pub mod tests {
}
/// An npk is supplied that does not match the `pre_state`'s `account_id` under
/// `AccountId::for_private_pda(program, claim_seed, npk)`. The claim equality check rejects.
/// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(program, claim_seed)`. The claim
/// equality check rejects.
#[test]
fn private_pda_npk_mismatch_fails() {
// `keys_a` produces the `pre_state`'s `account_id` (the registered pair), `keys_b` is
@ -2446,10 +2459,10 @@ pub mod tests {
let seed = PdaSeed::new([42; 32]);
// `account_id` is derived from `npk_a`, but `npk_b` is supplied for this pre_state.
// `AccountId::for_private_pda(program, seed, npk_b) != account_id`, so the claim check in
// the circuit must reject.
let account_id =
AccountId::for_private_pda(&program.id(), &seed, &npk_a, &keys_a.vpk(), u128::MAX);
// `PrivateAddressPlaintext::new(npk_b, ..).pda_account_id(program, seed) != account_id`, so
// the claim check in the circuit must reject.
let account_id = PrivateAddressPlaintext::new(npk_a, keys_a.vpk(), u128::MAX)
.pda_account_id(&program.id(), &seed);
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
let result = execute_and_prove(
@ -2472,7 +2485,7 @@ pub mod tests {
/// private PDA via `Claim::Pda(seed)`, then chains to a callee (`noop`) delegating the same
/// seed via `ChainedCall.pda_seeds`. In the callee's step, the `pre_state`'s authorization
/// is established via the private derivation
/// `AccountId::for_private_pda(delegator, seed, npk) == pre.account_id`.
/// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(delegator, seed) == pre.account_id`.
#[test]
fn caller_pda_seeds_authorize_private_pda_for_callee() {
let delegator = Program::private_pda_delegator();
@ -2481,8 +2494,8 @@ pub mod tests {
let npk = keys.npk();
let seed = PdaSeed::new([77; 32]);
let account_id =
AccountId::for_private_pda(&delegator.id(), &seed, &npk, &keys.vpk(), u128::MAX);
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
.pda_account_id(&delegator.id(), &seed);
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
let callee_id = callee.id();
@ -2521,8 +2534,8 @@ pub mod tests {
let claim_seed = PdaSeed::new([77; 32]);
let wrong_delegated_seed = PdaSeed::new([88; 32]);
let account_id =
AccountId::for_private_pda(&delegator.id(), &claim_seed, &npk, &keys.vpk(), u128::MAX);
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
.pda_account_id(&delegator.id(), &claim_seed);
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
let callee_id = callee.id();
@ -2560,20 +2573,10 @@ pub mod tests {
let keys_b = test_private_account_keys_2();
let seed = PdaSeed::new([55; 32]);
let account_a = AccountId::for_private_pda(
&program.id(),
&seed,
&keys_a.npk(),
&keys_a.vpk(),
u128::MAX,
);
let account_b = AccountId::for_private_pda(
&program.id(),
&seed,
&keys_b.npk(),
&keys_b.vpk(),
u128::MAX,
);
let account_a = PrivateAddressPlaintext::new(keys_a.npk(), keys_a.vpk(), u128::MAX)
.pda_account_id(&program.id(), &seed);
let account_b = PrivateAddressPlaintext::new(keys_b.npk(), keys_b.vpk(), u128::MAX)
.pda_account_id(&program.id(), &seed);
let pre_a = AccountWithMetadata::new(Account::default(), false, account_a);
let pre_b = AccountWithMetadata::new(Account::default(), false, account_b);
@ -2617,8 +2620,8 @@ pub mod tests {
// Simulate a previously-claimed private PDA: program_owner != DEFAULT, is_authorized =
// true, account_id derived via the private formula.
let account_id =
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX);
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
.pda_account_id(&program.id(), &seed);
let owned_pre_state = AccountWithMetadata::new(
Account {
program_owner: program.id(),
@ -2711,7 +2714,7 @@ pub mod tests {
..Account::default()
},
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let result = execute_and_prove(
@ -3045,7 +3048,7 @@ pub mod tests {
..Account::default()
};
let sender_account_id =
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
let sender_commitment = Commitment::new(&sender_account_id, &sender_private_account);
let sender_init_nullifier = Nullifier::for_account_initialization(&sender_account_id);
let mut state = V03State::new_with_genesis_accounts(
@ -3056,7 +3059,7 @@ pub mod tests {
let sender_pre = AccountWithMetadata::new(
sender_private_account,
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
let recipient_private_key = PrivateKey::try_new([2; 32]).unwrap();
let recipient_account_id =
@ -3129,7 +3132,7 @@ pub mod tests {
..Account::default()
},
true,
(&from_keys.npk(), &from_keys.vpk(), 0),
PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id(),
);
let to_account = AccountWithMetadata::new(
Account {
@ -3137,13 +3140,13 @@ pub mod tests {
..Account::default()
},
true,
(&to_keys.npk(), &to_keys.vpk(), 0),
PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id(),
);
let from_account_id =
AccountId::for_regular_private_account(&from_keys.npk(), &from_keys.vpk(), 0);
PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id();
let to_account_id =
AccountId::for_regular_private_account(&to_keys.npk(), &to_keys.vpk(), 0);
PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id();
let from_commitment = Commitment::new(&from_account_id, &from_account.account);
let to_commitment = Commitment::new(&to_account_id, &to_account.account);
let from_init_nullifier = Nullifier::for_account_initialization(&from_account_id);
@ -3450,7 +3453,7 @@ pub mod tests {
let authorized_account = AccountWithMetadata::new(
Account::default(),
true,
(&private_keys.npk(), &private_keys.vpk(), 0),
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
);
let program = Program::authenticated_transfer_program();
@ -3483,7 +3486,7 @@ pub mod tests {
assert!(result.is_ok());
let account_id =
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
let nullifier = Nullifier::for_account_initialization(&account_id);
assert!(state.private_state.1.contains(&nullifier));
}
@ -3500,7 +3503,7 @@ pub mod tests {
let unauthorized_account = AccountWithMetadata::new(
Account::default(),
false,
(&private_keys.npk(), &private_keys.vpk(), 0),
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
);
let program = Program::claimer();
@ -3528,7 +3531,7 @@ pub mod tests {
.unwrap();
let account_id =
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
let nullifier = Nullifier::for_account_initialization(&account_id);
assert!(state.private_state.1.contains(&nullifier));
}
@ -3544,7 +3547,7 @@ pub mod tests {
let authorized_account = AccountWithMetadata::new(
Account::default(),
true,
(&private_keys.npk(), &private_keys.vpk(), 0),
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
);
let claimer_program = Program::claimer();
@ -3581,7 +3584,7 @@ pub mod tests {
// Verify the account is now initialized (nullifier exists)
let account_id =
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
let nullifier = Nullifier::for_account_initialization(&account_id);
assert!(state.private_state.1.contains(&nullifier));
@ -3671,7 +3674,7 @@ pub mod tests {
let private_account = AccountWithMetadata::new(
Account::default(),
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
// Don't change data (None) and don't claim (false)
let instruction: (Option<Vec<u8>>, bool) = (None, false);
@ -3700,7 +3703,7 @@ pub mod tests {
let private_account = AccountWithMetadata::new(
Account::default(),
true,
(&sender_keys.npk(), &sender_keys.vpk(), 0),
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
);
// Change data but don't claim (false) - should fail
let new_data = vec![1, 2, 3, 4, 5];
@ -3743,11 +3746,13 @@ pub mod tests {
let recipient_account = AccountWithMetadata::new(
Account::default(),
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id(),
);
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
.account_id();
let recipient_commitment =
Commitment::new(&recipient_account_id, &recipient_account.account);
let recipient_init_nullifier = Nullifier::for_account_initialization(&recipient_account_id);
@ -3916,7 +3921,7 @@ pub mod tests {
let pre = AccountWithMetadata::new(
Account::default(),
false,
(&account_keys.npk(), &account_keys.vpk(), 0),
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
);
let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs();
let tx = {
@ -3981,7 +3986,7 @@ pub mod tests {
let pre = AccountWithMetadata::new(
Account::default(),
false,
(&account_keys.npk(), &account_keys.vpk(), 0),
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
);
let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs();
let tx = {
@ -4512,10 +4517,10 @@ pub mod tests {
ProgramWithDependencies::new(proxy, [(auth_transfer_id, auth_transfer.clone())].into());
let funder_id = funder_keys.account_id();
let alice_pda_0_id =
AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 0);
let alice_pda_1_id =
AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 1);
let alice_pda_0_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 0)
.pda_account_id(&proxy_id, &seed);
let alice_pda_1_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 1)
.pda_account_id(&proxy_id, &seed);
let recipient_id = test_public_account_keys_2().account_id();
let recipient_signing_key = test_public_account_keys_2().signing_key;

View File

@ -511,7 +511,7 @@ fn n_unique<T: Eq + Hash>(data: &[T]) -> usize {
#[cfg(test)]
mod tests {
use lee_core::account::{AccountId, Nonce};
use lee_core::account::{AccountId, Nonce, PrivateAddressPlaintext};
use crate::{
PrivateKey, PublicKey, V03State,
@ -603,7 +603,7 @@ mod tests {
// Attacker controls a private account.
let attacker_keys = test_private_account_keys_1();
let attacker_id =
AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0);
PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id();
let victim_id = AccountId::new([20_u8; 32]);
let recipient_id = AccountId::new([42_u8; 32]);
@ -709,9 +709,10 @@ mod tests {
/// There are two routes, both closed:
///
/// - **mask=1 (`PrivateAuthorizedUpdate`)**: the circuit derives `account_id =
/// AccountId::for_regular_private_account(&npk_from(nsk), identifier)` and asserts it matches
/// `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the attacker
/// does not have. `execute_and_prove` panics inside the ZKVM and no proof is produced.
/// PrivateAddressPlaintext::new(npk_from(nsk), vpk, identifier).account_id()` and asserts it
/// matches `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the
/// attacker does not have. `execute_and_prove` panics inside the ZKVM and no proof is
/// produced.
///
/// - **mask=0 (`Public`)**: the circuit places the account in `public_pre_states` and
/// `execute_and_prove` succeeds. The host-side validator then reconstructs
@ -754,12 +755,12 @@ mod tests {
// Attacker controls a private account.
let attacker_keys = test_private_account_keys_1();
let attacker_id =
AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0);
PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id();
// Victim is a private account — not registered in public chain state.
let victim_keys = test_private_account_keys_2();
let victim_id =
AccountId::for_regular_private_account(&victim_keys.npk(), &victim_keys.vpk(), 0);
PrivateAddressPlaintext::new(victim_keys.npk(), victim_keys.vpk(), 0).account_id();
let victim_balance = 5_000_u128;
let recipient_id = AccountId::new([42_u8; 32]);