mirror of
https://github.com/logos-blockchain/logos-execution-zone.git
synced 2026-07-01 03:19:29 +00:00
refactor(lee): state-machine to use PrivateAddressPlaintext
This commit is contained in:
parent
2cee0b3861
commit
7370f78226
@ -180,7 +180,9 @@ mod tests {
|
||||
use lee_core::{
|
||||
Commitment, DUMMY_COMMITMENT_HASH, EncryptionScheme, EphemeralSecretKey, Nullifier,
|
||||
PrivacyPreservingCircuitOutput, SharedSecretKey,
|
||||
account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
|
||||
account::{
|
||||
Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data,
|
||||
},
|
||||
program::{PdaSeed, PrivateAccountKind},
|
||||
};
|
||||
|
||||
@ -236,7 +238,8 @@ mod tests {
|
||||
);
|
||||
|
||||
let recipient_account_id =
|
||||
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id();
|
||||
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
|
||||
|
||||
let balance_to_move: u128 = 37;
|
||||
@ -316,14 +319,15 @@ mod tests {
|
||||
data: Data::default(),
|
||||
},
|
||||
true,
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let commitment_sender = Commitment::new(&sender_account_id, &sender_pre.account);
|
||||
|
||||
let recipient_account_id =
|
||||
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id();
|
||||
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
|
||||
let balance_to_move: u128 = 37;
|
||||
|
||||
@ -429,7 +433,7 @@ mod tests {
|
||||
let pre = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
AccountId::for_regular_private_account(&account_keys.npk(), &account_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let validity_window_chain_caller = Program::validity_window_chain_caller();
|
||||
@ -473,8 +477,8 @@ mod tests {
|
||||
let npk = keys.npk();
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
let identifier: u128 = 99;
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier);
|
||||
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let init_nonce = Nonce::private_account_nonce_init(&account_id);
|
||||
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &init_nonce);
|
||||
let shared_secret = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
|
||||
@ -517,7 +521,8 @@ mod tests {
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
|
||||
// PDA (new, private PDA)
|
||||
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0);
|
||||
let pda_id =
|
||||
PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed);
|
||||
let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id);
|
||||
|
||||
let auth_id = auth_transfer.id();
|
||||
@ -556,7 +561,8 @@ mod tests {
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
|
||||
// PDA (new, private PDA)
|
||||
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0);
|
||||
let pda_id =
|
||||
PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed);
|
||||
let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id);
|
||||
|
||||
// Recipient (public)
|
||||
@ -624,7 +630,8 @@ mod tests {
|
||||
|
||||
// Recipient: shared private account (new, unauthorized)
|
||||
let shared_account_id =
|
||||
AccountId::from((&shared_npk, &shared_keys.vpk(), shared_identifier));
|
||||
PrivateAddressPlaintext::new(shared_npk, shared_keys.vpk(), shared_identifier)
|
||||
.account_id();
|
||||
let recipient = AccountWithMetadata::new(Account::default(), false, shared_account_id);
|
||||
|
||||
let balance_to_move: u128 = 100;
|
||||
@ -662,7 +669,7 @@ mod tests {
|
||||
let keys = test_private_account_keys_1();
|
||||
let identifier: u128 = 99;
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
|
||||
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
|
||||
let nonce = Nonce::private_account_nonce_init(&account_id);
|
||||
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &nonce);
|
||||
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
|
||||
@ -696,7 +703,7 @@ mod tests {
|
||||
let keys = test_private_account_keys_1();
|
||||
let identifier: u128 = 99;
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
|
||||
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
|
||||
let pre = AccountWithMetadata::new(Account::default(), true, account_id);
|
||||
|
||||
let (output, _) = execute_and_prove(
|
||||
@ -742,7 +749,7 @@ mod tests {
|
||||
let identifier: u128 = 99;
|
||||
// create an account id with one set of viewing keys
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
|
||||
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
|
||||
let pre = AccountWithMetadata::new(Account::default(), true, account_id);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -771,7 +778,7 @@ mod tests {
|
||||
let keys = test_private_account_keys_1();
|
||||
let identifier: u128 = 99;
|
||||
let recipient_id =
|
||||
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
|
||||
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
|
||||
let init_nonce = Nonce::private_account_nonce_init(&recipient_id);
|
||||
let esk = EphemeralSecretKey::new(&recipient_id, &[0; 32], &init_nonce);
|
||||
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
|
||||
@ -820,7 +827,7 @@ mod tests {
|
||||
let keys = test_private_account_keys_1();
|
||||
let identifier: u128 = 99;
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier);
|
||||
PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id();
|
||||
let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk);
|
||||
let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &update_nonce);
|
||||
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
|
||||
@ -873,8 +880,8 @@ mod tests {
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
let identifier: u128 = 99;
|
||||
let auth_transfer_id = auth_transfer.id();
|
||||
let pda_id =
|
||||
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier);
|
||||
let pda_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk);
|
||||
let esk = EphemeralSecretKey::new(&pda_id, &[0; 32], &update_nonce);
|
||||
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
|
||||
@ -930,7 +937,8 @@ mod tests {
|
||||
let keys = test_private_account_keys_1();
|
||||
let npk = keys.npk();
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
let account_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5);
|
||||
let account_id =
|
||||
PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed);
|
||||
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -957,7 +965,8 @@ mod tests {
|
||||
let npk = keys.npk();
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
let auth_transfer_id = auth_transfer.id();
|
||||
let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5);
|
||||
let pda_id =
|
||||
PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed);
|
||||
let pda_account = Account {
|
||||
program_owner: auth_transfer_id,
|
||||
balance: 1,
|
||||
|
||||
@ -119,10 +119,12 @@ pub mod tests {
|
||||
|
||||
let encrypted_private_post_states = Vec::new();
|
||||
|
||||
let account_id2 = lee_core::account::AccountId::for_regular_private_account(&npk2, &vpk, 0);
|
||||
let account_id2 =
|
||||
lee_core::account::PrivateAddressPlaintext::new(npk2, vpk.clone(), 0).account_id();
|
||||
let new_commitments = vec![Commitment::new(&account_id2, &account2)];
|
||||
|
||||
let account_id1 = lee_core::account::AccountId::for_regular_private_account(&npk1, &vpk, 0);
|
||||
let account_id1 =
|
||||
lee_core::account::PrivateAddressPlaintext::new(npk1, vpk, 0).account_id();
|
||||
let old_commitment = Commitment::new(&account_id1, &account1);
|
||||
let new_nullifiers = vec![(
|
||||
Nullifier::for_account_update(&old_commitment, &nsk1),
|
||||
@ -198,7 +200,8 @@ pub mod tests {
|
||||
let npk = NullifierPublicKey::from(&[1; 32]);
|
||||
let vpk = ViewingPublicKey::from_seed(&[2_u8; 32], &[3_u8; 32]);
|
||||
let account = Account::default();
|
||||
let account_id = lee_core::account::AccountId::for_regular_private_account(&npk, &vpk, 0);
|
||||
let account_id =
|
||||
lee_core::account::PrivateAddressPlaintext::new(npk, vpk.clone(), 0).account_id();
|
||||
let commitment = Commitment::new(&account_id, &account);
|
||||
let (shared_secret, epk) =
|
||||
SharedSecretKey::encapsulate_deterministic(&vpk, &EphemeralSecretKey([0_u8; 32]));
|
||||
|
||||
@ -420,7 +420,9 @@ pub mod tests {
|
||||
use lee_core::{
|
||||
BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey,
|
||||
NullifierSecretKey, Timestamp,
|
||||
account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
|
||||
account::{
|
||||
Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data,
|
||||
},
|
||||
encryption::ViewingPublicKey,
|
||||
program::{
|
||||
BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId,
|
||||
@ -517,7 +519,7 @@ pub mod tests {
|
||||
|
||||
#[must_use]
|
||||
pub fn with_private_account(mut self, keys: &TestPrivateKeys, account: &Account) -> Self {
|
||||
let account_id = AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), 0);
|
||||
let account_id = PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), 0).account_id();
|
||||
let commitment = Commitment::new(&account_id, account);
|
||||
self.private_state.0.extend(&[commitment]);
|
||||
self
|
||||
@ -729,8 +731,8 @@ pub mod tests {
|
||||
..Account::default()
|
||||
};
|
||||
|
||||
let account_id1 = AccountId::for_regular_private_account(&keys1.npk(), &keys1.vpk(), 0);
|
||||
let account_id2 = AccountId::for_regular_private_account(&keys2.npk(), &keys2.vpk(), 0);
|
||||
let account_id1 = PrivateAddressPlaintext::new(keys1.npk(), keys1.vpk(), 0).account_id();
|
||||
let account_id2 = PrivateAddressPlaintext::new(keys2.npk(), keys2.vpk(), 0).account_id();
|
||||
|
||||
let init_commitment1 = Commitment::new(&account_id1, &account);
|
||||
let init_commitment2 = Commitment::new(&account_id2, &account);
|
||||
@ -1406,7 +1408,8 @@ pub mod tests {
|
||||
let recipient = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let (output, proof) = circuit::execute_and_prove(
|
||||
@ -1448,17 +1451,18 @@ pub mod tests {
|
||||
) -> PrivacyPreservingTransaction {
|
||||
let program = Program::authenticated_transfer_program();
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
|
||||
let sender_pre = AccountWithMetadata::new(
|
||||
sender_private_account.clone(),
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let recipient_pre = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let (output, proof) = circuit::execute_and_prove(
|
||||
@ -1504,12 +1508,12 @@ pub mod tests {
|
||||
) -> PrivacyPreservingTransaction {
|
||||
let program = Program::authenticated_transfer_program();
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
|
||||
let sender_pre = AccountWithMetadata::new(
|
||||
sender_private_account.clone(),
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let recipient_pre = AccountWithMetadata::new(
|
||||
state.get_account_by_id(*recipient_account_id),
|
||||
@ -1615,9 +1619,10 @@ pub mod tests {
|
||||
);
|
||||
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let recipient_account_id =
|
||||
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id();
|
||||
let expected_new_commitment_1 = Commitment::new(
|
||||
&sender_account_id,
|
||||
&Account {
|
||||
@ -1769,7 +1774,7 @@ pub mod tests {
|
||||
);
|
||||
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let expected_new_commitment = Commitment::new(
|
||||
&sender_account_id,
|
||||
&Account {
|
||||
@ -2081,12 +2086,13 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
// Setting the recipient nsk to authorize the sender.
|
||||
@ -2129,7 +2135,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account {
|
||||
@ -2138,7 +2144,8 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2177,7 +2184,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account {
|
||||
@ -2186,7 +2193,8 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2225,7 +2233,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account {
|
||||
@ -2234,7 +2242,8 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2273,7 +2282,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account {
|
||||
@ -2282,7 +2291,8 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
false,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2322,13 +2332,14 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let private_account_2 = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
// This should be set to false in normal circumstances
|
||||
true,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2397,9 +2408,10 @@ pub mod tests {
|
||||
|
||||
/// Happy path: a program claims a new private PDA via `Claim::Pda(seed)`. The circuit
|
||||
/// reads the npk for that `pre_state` from `private_account_keys` at the `pre_state`'s
|
||||
/// position, derives `AccountId` via `AccountId::for_private_pda(program_id, seed, npk)`, and
|
||||
/// asserts it equals the `pre_state`'s `account_id`. The equality both validates the claim
|
||||
/// and binds the supplied npk to the `account_id`.
|
||||
/// position, derives `AccountId` via `PrivateAddressPlaintext::new(npk,
|
||||
/// ..).pda_account_id(program_id, seed)`, and asserts it equals the `pre_state`'s
|
||||
/// `account_id`. The equality both validates the claim and binds the supplied npk to the
|
||||
/// `account_id`.
|
||||
#[test]
|
||||
fn private_pda_claim_succeeds() {
|
||||
let program = Program::pda_claimer();
|
||||
@ -2407,8 +2419,8 @@ pub mod tests {
|
||||
let npk = keys.npk();
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX);
|
||||
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2433,7 +2445,8 @@ pub mod tests {
|
||||
}
|
||||
|
||||
/// An npk is supplied that does not match the `pre_state`'s `account_id` under
|
||||
/// `AccountId::for_private_pda(program, claim_seed, npk)`. The claim equality check rejects.
|
||||
/// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(program, claim_seed)`. The claim
|
||||
/// equality check rejects.
|
||||
#[test]
|
||||
fn private_pda_npk_mismatch_fails() {
|
||||
// `keys_a` produces the `pre_state`'s `account_id` (the registered pair), `keys_b` is
|
||||
@ -2446,10 +2459,10 @@ pub mod tests {
|
||||
let seed = PdaSeed::new([42; 32]);
|
||||
|
||||
// `account_id` is derived from `npk_a`, but `npk_b` is supplied for this pre_state.
|
||||
// `AccountId::for_private_pda(program, seed, npk_b) != account_id`, so the claim check in
|
||||
// the circuit must reject.
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&program.id(), &seed, &npk_a, &keys_a.vpk(), u128::MAX);
|
||||
// `PrivateAddressPlaintext::new(npk_b, ..).pda_account_id(program, seed) != account_id`, so
|
||||
// the claim check in the circuit must reject.
|
||||
let account_id = PrivateAddressPlaintext::new(npk_a, keys_a.vpk(), u128::MAX)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -2472,7 +2485,7 @@ pub mod tests {
|
||||
/// private PDA via `Claim::Pda(seed)`, then chains to a callee (`noop`) delegating the same
|
||||
/// seed via `ChainedCall.pda_seeds`. In the callee's step, the `pre_state`'s authorization
|
||||
/// is established via the private derivation
|
||||
/// `AccountId::for_private_pda(delegator, seed, npk) == pre.account_id`.
|
||||
/// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(delegator, seed) == pre.account_id`.
|
||||
#[test]
|
||||
fn caller_pda_seeds_authorize_private_pda_for_callee() {
|
||||
let delegator = Program::private_pda_delegator();
|
||||
@ -2481,8 +2494,8 @@ pub mod tests {
|
||||
let npk = keys.npk();
|
||||
let seed = PdaSeed::new([77; 32]);
|
||||
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&delegator.id(), &seed, &npk, &keys.vpk(), u128::MAX);
|
||||
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
|
||||
.pda_account_id(&delegator.id(), &seed);
|
||||
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
|
||||
|
||||
let callee_id = callee.id();
|
||||
@ -2521,8 +2534,8 @@ pub mod tests {
|
||||
let claim_seed = PdaSeed::new([77; 32]);
|
||||
let wrong_delegated_seed = PdaSeed::new([88; 32]);
|
||||
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&delegator.id(), &claim_seed, &npk, &keys.vpk(), u128::MAX);
|
||||
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
|
||||
.pda_account_id(&delegator.id(), &claim_seed);
|
||||
let pre_state = AccountWithMetadata::new(Account::default(), false, account_id);
|
||||
|
||||
let callee_id = callee.id();
|
||||
@ -2560,20 +2573,10 @@ pub mod tests {
|
||||
let keys_b = test_private_account_keys_2();
|
||||
let seed = PdaSeed::new([55; 32]);
|
||||
|
||||
let account_a = AccountId::for_private_pda(
|
||||
&program.id(),
|
||||
&seed,
|
||||
&keys_a.npk(),
|
||||
&keys_a.vpk(),
|
||||
u128::MAX,
|
||||
);
|
||||
let account_b = AccountId::for_private_pda(
|
||||
&program.id(),
|
||||
&seed,
|
||||
&keys_b.npk(),
|
||||
&keys_b.vpk(),
|
||||
u128::MAX,
|
||||
);
|
||||
let account_a = PrivateAddressPlaintext::new(keys_a.npk(), keys_a.vpk(), u128::MAX)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let account_b = PrivateAddressPlaintext::new(keys_b.npk(), keys_b.vpk(), u128::MAX)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
|
||||
let pre_a = AccountWithMetadata::new(Account::default(), false, account_a);
|
||||
let pre_b = AccountWithMetadata::new(Account::default(), false, account_b);
|
||||
@ -2617,8 +2620,8 @@ pub mod tests {
|
||||
|
||||
// Simulate a previously-claimed private PDA: program_owner != DEFAULT, is_authorized =
|
||||
// true, account_id derived via the private formula.
|
||||
let account_id =
|
||||
AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX);
|
||||
let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX)
|
||||
.pda_account_id(&program.id(), &seed);
|
||||
let owned_pre_state = AccountWithMetadata::new(
|
||||
Account {
|
||||
program_owner: program.id(),
|
||||
@ -2711,7 +2714,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let result = execute_and_prove(
|
||||
@ -3045,7 +3048,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
};
|
||||
let sender_account_id =
|
||||
AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id();
|
||||
let sender_commitment = Commitment::new(&sender_account_id, &sender_private_account);
|
||||
let sender_init_nullifier = Nullifier::for_account_initialization(&sender_account_id);
|
||||
let mut state = V03State::new_with_genesis_accounts(
|
||||
@ -3056,7 +3059,7 @@ pub mod tests {
|
||||
let sender_pre = AccountWithMetadata::new(
|
||||
sender_private_account,
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let recipient_private_key = PrivateKey::try_new([2; 32]).unwrap();
|
||||
let recipient_account_id =
|
||||
@ -3129,7 +3132,7 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&from_keys.npk(), &from_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let to_account = AccountWithMetadata::new(
|
||||
Account {
|
||||
@ -3137,13 +3140,13 @@ pub mod tests {
|
||||
..Account::default()
|
||||
},
|
||||
true,
|
||||
(&to_keys.npk(), &to_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let from_account_id =
|
||||
AccountId::for_regular_private_account(&from_keys.npk(), &from_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id();
|
||||
let to_account_id =
|
||||
AccountId::for_regular_private_account(&to_keys.npk(), &to_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id();
|
||||
let from_commitment = Commitment::new(&from_account_id, &from_account.account);
|
||||
let to_commitment = Commitment::new(&to_account_id, &to_account.account);
|
||||
let from_init_nullifier = Nullifier::for_account_initialization(&from_account_id);
|
||||
@ -3450,7 +3453,7 @@ pub mod tests {
|
||||
let authorized_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
true,
|
||||
(&private_keys.npk(), &private_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let program = Program::authenticated_transfer_program();
|
||||
@ -3483,7 +3486,7 @@ pub mod tests {
|
||||
assert!(result.is_ok());
|
||||
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
|
||||
let nullifier = Nullifier::for_account_initialization(&account_id);
|
||||
assert!(state.private_state.1.contains(&nullifier));
|
||||
}
|
||||
@ -3500,7 +3503,7 @@ pub mod tests {
|
||||
let unauthorized_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&private_keys.npk(), &private_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let program = Program::claimer();
|
||||
@ -3528,7 +3531,7 @@ pub mod tests {
|
||||
.unwrap();
|
||||
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
|
||||
let nullifier = Nullifier::for_account_initialization(&account_id);
|
||||
assert!(state.private_state.1.contains(&nullifier));
|
||||
}
|
||||
@ -3544,7 +3547,7 @@ pub mod tests {
|
||||
let authorized_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
true,
|
||||
(&private_keys.npk(), &private_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
|
||||
let claimer_program = Program::claimer();
|
||||
@ -3581,7 +3584,7 @@ pub mod tests {
|
||||
|
||||
// Verify the account is now initialized (nullifier exists)
|
||||
let account_id =
|
||||
AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id();
|
||||
let nullifier = Nullifier::for_account_initialization(&account_id);
|
||||
assert!(state.private_state.1.contains(&nullifier));
|
||||
|
||||
@ -3671,7 +3674,7 @@ pub mod tests {
|
||||
let private_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
// Don't change data (None) and don't claim (false)
|
||||
let instruction: (Option<Vec<u8>>, bool) = (None, false);
|
||||
@ -3700,7 +3703,7 @@ pub mod tests {
|
||||
let private_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
true,
|
||||
(&sender_keys.npk(), &sender_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
// Change data but don't claim (false) - should fail
|
||||
let new_data = vec![1, 2, 3, 4, 5];
|
||||
@ -3743,11 +3746,13 @@ pub mod tests {
|
||||
let recipient_account = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
true,
|
||||
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id(),
|
||||
);
|
||||
|
||||
let recipient_account_id =
|
||||
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0)
|
||||
.account_id();
|
||||
let recipient_commitment =
|
||||
Commitment::new(&recipient_account_id, &recipient_account.account);
|
||||
let recipient_init_nullifier = Nullifier::for_account_initialization(&recipient_account_id);
|
||||
@ -3916,7 +3921,7 @@ pub mod tests {
|
||||
let pre = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&account_keys.npk(), &account_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs();
|
||||
let tx = {
|
||||
@ -3981,7 +3986,7 @@ pub mod tests {
|
||||
let pre = AccountWithMetadata::new(
|
||||
Account::default(),
|
||||
false,
|
||||
(&account_keys.npk(), &account_keys.vpk(), 0),
|
||||
PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(),
|
||||
);
|
||||
let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs();
|
||||
let tx = {
|
||||
@ -4512,10 +4517,10 @@ pub mod tests {
|
||||
ProgramWithDependencies::new(proxy, [(auth_transfer_id, auth_transfer.clone())].into());
|
||||
|
||||
let funder_id = funder_keys.account_id();
|
||||
let alice_pda_0_id =
|
||||
AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 0);
|
||||
let alice_pda_1_id =
|
||||
AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 1);
|
||||
let alice_pda_0_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 0)
|
||||
.pda_account_id(&proxy_id, &seed);
|
||||
let alice_pda_1_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 1)
|
||||
.pda_account_id(&proxy_id, &seed);
|
||||
let recipient_id = test_public_account_keys_2().account_id();
|
||||
let recipient_signing_key = test_public_account_keys_2().signing_key;
|
||||
|
||||
|
||||
@ -511,7 +511,7 @@ fn n_unique<T: Eq + Hash>(data: &[T]) -> usize {
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use lee_core::account::{AccountId, Nonce};
|
||||
use lee_core::account::{AccountId, Nonce, PrivateAddressPlaintext};
|
||||
|
||||
use crate::{
|
||||
PrivateKey, PublicKey, V03State,
|
||||
@ -603,7 +603,7 @@ mod tests {
|
||||
// Attacker controls a private account.
|
||||
let attacker_keys = test_private_account_keys_1();
|
||||
let attacker_id =
|
||||
AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id();
|
||||
|
||||
let victim_id = AccountId::new([20_u8; 32]);
|
||||
let recipient_id = AccountId::new([42_u8; 32]);
|
||||
@ -709,9 +709,10 @@ mod tests {
|
||||
/// There are two routes, both closed:
|
||||
///
|
||||
/// - **mask=1 (`PrivateAuthorizedUpdate`)**: the circuit derives `account_id =
|
||||
/// AccountId::for_regular_private_account(&npk_from(nsk), identifier)` and asserts it matches
|
||||
/// `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the attacker
|
||||
/// does not have. `execute_and_prove` panics inside the ZKVM and no proof is produced.
|
||||
/// PrivateAddressPlaintext::new(npk_from(nsk), vpk, identifier).account_id()` and asserts it
|
||||
/// matches `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the
|
||||
/// attacker does not have. `execute_and_prove` panics inside the ZKVM and no proof is
|
||||
/// produced.
|
||||
///
|
||||
/// - **mask=0 (`Public`)**: the circuit places the account in `public_pre_states` and
|
||||
/// `execute_and_prove` succeeds. The host-side validator then reconstructs
|
||||
@ -754,12 +755,12 @@ mod tests {
|
||||
// Attacker controls a private account.
|
||||
let attacker_keys = test_private_account_keys_1();
|
||||
let attacker_id =
|
||||
AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id();
|
||||
|
||||
// Victim is a private account — not registered in public chain state.
|
||||
let victim_keys = test_private_account_keys_2();
|
||||
let victim_id =
|
||||
AccountId::for_regular_private_account(&victim_keys.npk(), &victim_keys.vpk(), 0);
|
||||
PrivateAddressPlaintext::new(victim_keys.npk(), victim_keys.vpk(), 0).account_id();
|
||||
let victim_balance = 5_000_u128;
|
||||
|
||||
let recipient_id = AccountId::new([42_u8; 32]);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user