From 7370f782261656f96b4b9066e04dae640ced29c6 Mon Sep 17 00:00:00 2001 From: Artem Gureev Date: Tue, 30 Jun 2026 10:23:16 +0000 Subject: [PATCH] refactor(lee): state-machine to use PrivateAddressPlaintext --- .../privacy_preserving_transaction/circuit.rs | 49 +++--- .../privacy_preserving_transaction/message.rs | 9 +- lee/state_machine/src/state.rs | 163 +++++++++--------- lee/state_machine/src/validated_state_diff.rs | 15 +- 4 files changed, 127 insertions(+), 109 deletions(-) diff --git a/lee/state_machine/src/privacy_preserving_transaction/circuit.rs b/lee/state_machine/src/privacy_preserving_transaction/circuit.rs index 4f2597c4..8c6c0785 100644 --- a/lee/state_machine/src/privacy_preserving_transaction/circuit.rs +++ b/lee/state_machine/src/privacy_preserving_transaction/circuit.rs @@ -180,7 +180,9 @@ mod tests { use lee_core::{ Commitment, DUMMY_COMMITMENT_HASH, EncryptionScheme, EphemeralSecretKey, Nullifier, PrivacyPreservingCircuitOutput, SharedSecretKey, - account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data}, + account::{ + Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data, + }, program::{PdaSeed, PrivateAccountKind}, }; @@ -236,7 +238,8 @@ mod tests { ); let recipient_account_id = - AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(); let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id); let balance_to_move: u128 = 37; @@ -316,14 +319,15 @@ mod tests { data: Data::default(), }, true, - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let commitment_sender = Commitment::new(&sender_account_id, &sender_pre.account); let recipient_account_id = - AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(); let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id); let balance_to_move: u128 = 37; @@ -429,7 +433,7 @@ mod tests { let pre = AccountWithMetadata::new( Account::default(), false, - AccountId::for_regular_private_account(&account_keys.npk(), &account_keys.vpk(), 0), + PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(), ); let validity_window_chain_caller = Program::validity_window_chain_caller(); @@ -473,8 +477,8 @@ mod tests { let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); let identifier: u128 = 99; - let account_id = - AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier); + let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier) + .pda_account_id(&program.id(), &seed); let init_nonce = Nonce::private_account_nonce_init(&account_id); let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &init_nonce); let shared_secret = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; @@ -517,7 +521,8 @@ mod tests { let seed = PdaSeed::new([42; 32]); // PDA (new, private PDA) - let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0); + let pda_id = + PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed); let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id); let auth_id = auth_transfer.id(); @@ -556,7 +561,8 @@ mod tests { let seed = PdaSeed::new([42; 32]); // PDA (new, private PDA) - let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 0); + let pda_id = + PrivateAddressPlaintext::new(npk, keys.vpk(), 0).pda_account_id(&program.id(), &seed); let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_id); // Recipient (public) @@ -624,7 +630,8 @@ mod tests { // Recipient: shared private account (new, unauthorized) let shared_account_id = - AccountId::from((&shared_npk, &shared_keys.vpk(), shared_identifier)); + PrivateAddressPlaintext::new(shared_npk, shared_keys.vpk(), shared_identifier) + .account_id(); let recipient = AccountWithMetadata::new(Account::default(), false, shared_account_id); let balance_to_move: u128 = 100; @@ -662,7 +669,7 @@ mod tests { let keys = test_private_account_keys_1(); let identifier: u128 = 99; let account_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id(); let nonce = Nonce::private_account_nonce_init(&account_id); let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &nonce); let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; @@ -696,7 +703,7 @@ mod tests { let keys = test_private_account_keys_1(); let identifier: u128 = 99; let account_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id(); let pre = AccountWithMetadata::new(Account::default(), true, account_id); let (output, _) = execute_and_prove( @@ -742,7 +749,7 @@ mod tests { let identifier: u128 = 99; // create an account id with one set of viewing keys let account_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id(); let pre = AccountWithMetadata::new(Account::default(), true, account_id); let result = execute_and_prove( @@ -771,7 +778,7 @@ mod tests { let keys = test_private_account_keys_1(); let identifier: u128 = 99; let recipient_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id(); let init_nonce = Nonce::private_account_nonce_init(&recipient_id); let esk = EphemeralSecretKey::new(&recipient_id, &[0; 32], &init_nonce); let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; @@ -820,7 +827,7 @@ mod tests { let keys = test_private_account_keys_1(); let identifier: u128 = 99; let account_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), identifier).account_id(); let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk); let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &update_nonce); let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; @@ -873,8 +880,8 @@ mod tests { let seed = PdaSeed::new([42; 32]); let identifier: u128 = 99; let auth_transfer_id = auth_transfer.id(); - let pda_id = - AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier); + let pda_id = PrivateAddressPlaintext::new(npk, keys.vpk(), identifier) + .pda_account_id(&program.id(), &seed); let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk); let esk = EphemeralSecretKey::new(&pda_id, &[0; 32], &update_nonce); let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; @@ -930,7 +937,8 @@ mod tests { let keys = test_private_account_keys_1(); let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); - let account_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5); + let account_id = + PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed); let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let result = execute_and_prove( @@ -957,7 +965,8 @@ mod tests { let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); let auth_transfer_id = auth_transfer.id(); - let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), 5); + let pda_id = + PrivateAddressPlaintext::new(npk, keys.vpk(), 5).pda_account_id(&program.id(), &seed); let pda_account = Account { program_owner: auth_transfer_id, balance: 1, diff --git a/lee/state_machine/src/privacy_preserving_transaction/message.rs b/lee/state_machine/src/privacy_preserving_transaction/message.rs index 73e62021..72f15bf3 100644 --- a/lee/state_machine/src/privacy_preserving_transaction/message.rs +++ b/lee/state_machine/src/privacy_preserving_transaction/message.rs @@ -119,10 +119,12 @@ pub mod tests { let encrypted_private_post_states = Vec::new(); - let account_id2 = lee_core::account::AccountId::for_regular_private_account(&npk2, &vpk, 0); + let account_id2 = + lee_core::account::PrivateAddressPlaintext::new(npk2, vpk.clone(), 0).account_id(); let new_commitments = vec![Commitment::new(&account_id2, &account2)]; - let account_id1 = lee_core::account::AccountId::for_regular_private_account(&npk1, &vpk, 0); + let account_id1 = + lee_core::account::PrivateAddressPlaintext::new(npk1, vpk, 0).account_id(); let old_commitment = Commitment::new(&account_id1, &account1); let new_nullifiers = vec![( Nullifier::for_account_update(&old_commitment, &nsk1), @@ -198,7 +200,8 @@ pub mod tests { let npk = NullifierPublicKey::from(&[1; 32]); let vpk = ViewingPublicKey::from_seed(&[2_u8; 32], &[3_u8; 32]); let account = Account::default(); - let account_id = lee_core::account::AccountId::for_regular_private_account(&npk, &vpk, 0); + let account_id = + lee_core::account::PrivateAddressPlaintext::new(npk, vpk.clone(), 0).account_id(); let commitment = Commitment::new(&account_id, &account); let (shared_secret, epk) = SharedSecretKey::encapsulate_deterministic(&vpk, &EphemeralSecretKey([0_u8; 32])); diff --git a/lee/state_machine/src/state.rs b/lee/state_machine/src/state.rs index becb14ff..43353662 100644 --- a/lee/state_machine/src/state.rs +++ b/lee/state_machine/src/state.rs @@ -420,7 +420,9 @@ pub mod tests { use lee_core::{ BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey, NullifierSecretKey, Timestamp, - account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data}, + account::{ + Account, AccountId, AccountWithMetadata, Nonce, PrivateAddressPlaintext, data::Data, + }, encryption::ViewingPublicKey, program::{ BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId, @@ -517,7 +519,7 @@ pub mod tests { #[must_use] pub fn with_private_account(mut self, keys: &TestPrivateKeys, account: &Account) -> Self { - let account_id = AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), 0); + let account_id = PrivateAddressPlaintext::new(keys.npk(), keys.vpk(), 0).account_id(); let commitment = Commitment::new(&account_id, account); self.private_state.0.extend(&[commitment]); self @@ -729,8 +731,8 @@ pub mod tests { ..Account::default() }; - let account_id1 = AccountId::for_regular_private_account(&keys1.npk(), &keys1.vpk(), 0); - let account_id2 = AccountId::for_regular_private_account(&keys2.npk(), &keys2.vpk(), 0); + let account_id1 = PrivateAddressPlaintext::new(keys1.npk(), keys1.vpk(), 0).account_id(); + let account_id2 = PrivateAddressPlaintext::new(keys2.npk(), keys2.vpk(), 0).account_id(); let init_commitment1 = Commitment::new(&account_id1, &account); let init_commitment2 = Commitment::new(&account_id2, &account); @@ -1406,7 +1408,8 @@ pub mod tests { let recipient = AccountWithMetadata::new( Account::default(), false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let (output, proof) = circuit::execute_and_prove( @@ -1448,17 +1451,18 @@ pub mod tests { ) -> PrivacyPreservingTransaction { let program = Program::authenticated_transfer_program(); let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let sender_commitment = Commitment::new(&sender_account_id, sender_private_account); let sender_pre = AccountWithMetadata::new( sender_private_account.clone(), true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let recipient_pre = AccountWithMetadata::new( Account::default(), false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let (output, proof) = circuit::execute_and_prove( @@ -1504,12 +1508,12 @@ pub mod tests { ) -> PrivacyPreservingTransaction { let program = Program::authenticated_transfer_program(); let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let sender_commitment = Commitment::new(&sender_account_id, sender_private_account); let sender_pre = AccountWithMetadata::new( sender_private_account.clone(), true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let recipient_pre = AccountWithMetadata::new( state.get_account_by_id(*recipient_account_id), @@ -1615,9 +1619,10 @@ pub mod tests { ); let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let recipient_account_id = - AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(); let expected_new_commitment_1 = Commitment::new( &sender_account_id, &Account { @@ -1769,7 +1774,7 @@ pub mod tests { ); let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let expected_new_commitment = Commitment::new( &sender_account_id, &Account { @@ -2081,12 +2086,13 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account::default(), false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); // Setting the recipient nsk to authorize the sender. @@ -2129,7 +2135,7 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account { @@ -2138,7 +2144,8 @@ pub mod tests { ..Account::default() }, false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let result = execute_and_prove( @@ -2177,7 +2184,7 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account { @@ -2186,7 +2193,8 @@ pub mod tests { ..Account::default() }, false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let result = execute_and_prove( @@ -2225,7 +2233,7 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account { @@ -2234,7 +2242,8 @@ pub mod tests { ..Account::default() }, false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let result = execute_and_prove( @@ -2273,7 +2282,7 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account { @@ -2282,7 +2291,8 @@ pub mod tests { ..Account::default() }, false, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let result = execute_and_prove( @@ -2322,13 +2332,14 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let private_account_2 = AccountWithMetadata::new( Account::default(), // This should be set to false in normal circumstances true, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let result = execute_and_prove( @@ -2397,9 +2408,10 @@ pub mod tests { /// Happy path: a program claims a new private PDA via `Claim::Pda(seed)`. The circuit /// reads the npk for that `pre_state` from `private_account_keys` at the `pre_state`'s - /// position, derives `AccountId` via `AccountId::for_private_pda(program_id, seed, npk)`, and - /// asserts it equals the `pre_state`'s `account_id`. The equality both validates the claim - /// and binds the supplied npk to the `account_id`. + /// position, derives `AccountId` via `PrivateAddressPlaintext::new(npk, + /// ..).pda_account_id(program_id, seed)`, and asserts it equals the `pre_state`'s + /// `account_id`. The equality both validates the claim and binds the supplied npk to the + /// `account_id`. #[test] fn private_pda_claim_succeeds() { let program = Program::pda_claimer(); @@ -2407,8 +2419,8 @@ pub mod tests { let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); - let account_id = - AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX); + let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX) + .pda_account_id(&program.id(), &seed); let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let result = execute_and_prove( @@ -2433,7 +2445,8 @@ pub mod tests { } /// An npk is supplied that does not match the `pre_state`'s `account_id` under - /// `AccountId::for_private_pda(program, claim_seed, npk)`. The claim equality check rejects. + /// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(program, claim_seed)`. The claim + /// equality check rejects. #[test] fn private_pda_npk_mismatch_fails() { // `keys_a` produces the `pre_state`'s `account_id` (the registered pair), `keys_b` is @@ -2446,10 +2459,10 @@ pub mod tests { let seed = PdaSeed::new([42; 32]); // `account_id` is derived from `npk_a`, but `npk_b` is supplied for this pre_state. - // `AccountId::for_private_pda(program, seed, npk_b) != account_id`, so the claim check in - // the circuit must reject. - let account_id = - AccountId::for_private_pda(&program.id(), &seed, &npk_a, &keys_a.vpk(), u128::MAX); + // `PrivateAddressPlaintext::new(npk_b, ..).pda_account_id(program, seed) != account_id`, so + // the claim check in the circuit must reject. + let account_id = PrivateAddressPlaintext::new(npk_a, keys_a.vpk(), u128::MAX) + .pda_account_id(&program.id(), &seed); let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let result = execute_and_prove( @@ -2472,7 +2485,7 @@ pub mod tests { /// private PDA via `Claim::Pda(seed)`, then chains to a callee (`noop`) delegating the same /// seed via `ChainedCall.pda_seeds`. In the callee's step, the `pre_state`'s authorization /// is established via the private derivation - /// `AccountId::for_private_pda(delegator, seed, npk) == pre.account_id`. + /// `PrivateAddressPlaintext::new(npk, ..).pda_account_id(delegator, seed) == pre.account_id`. #[test] fn caller_pda_seeds_authorize_private_pda_for_callee() { let delegator = Program::private_pda_delegator(); @@ -2481,8 +2494,8 @@ pub mod tests { let npk = keys.npk(); let seed = PdaSeed::new([77; 32]); - let account_id = - AccountId::for_private_pda(&delegator.id(), &seed, &npk, &keys.vpk(), u128::MAX); + let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX) + .pda_account_id(&delegator.id(), &seed); let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let callee_id = callee.id(); @@ -2521,8 +2534,8 @@ pub mod tests { let claim_seed = PdaSeed::new([77; 32]); let wrong_delegated_seed = PdaSeed::new([88; 32]); - let account_id = - AccountId::for_private_pda(&delegator.id(), &claim_seed, &npk, &keys.vpk(), u128::MAX); + let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX) + .pda_account_id(&delegator.id(), &claim_seed); let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let callee_id = callee.id(); @@ -2560,20 +2573,10 @@ pub mod tests { let keys_b = test_private_account_keys_2(); let seed = PdaSeed::new([55; 32]); - let account_a = AccountId::for_private_pda( - &program.id(), - &seed, - &keys_a.npk(), - &keys_a.vpk(), - u128::MAX, - ); - let account_b = AccountId::for_private_pda( - &program.id(), - &seed, - &keys_b.npk(), - &keys_b.vpk(), - u128::MAX, - ); + let account_a = PrivateAddressPlaintext::new(keys_a.npk(), keys_a.vpk(), u128::MAX) + .pda_account_id(&program.id(), &seed); + let account_b = PrivateAddressPlaintext::new(keys_b.npk(), keys_b.vpk(), u128::MAX) + .pda_account_id(&program.id(), &seed); let pre_a = AccountWithMetadata::new(Account::default(), false, account_a); let pre_b = AccountWithMetadata::new(Account::default(), false, account_b); @@ -2617,8 +2620,8 @@ pub mod tests { // Simulate a previously-claimed private PDA: program_owner != DEFAULT, is_authorized = // true, account_id derived via the private formula. - let account_id = - AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), u128::MAX); + let account_id = PrivateAddressPlaintext::new(npk, keys.vpk(), u128::MAX) + .pda_account_id(&program.id(), &seed); let owned_pre_state = AccountWithMetadata::new( Account { program_owner: program.id(), @@ -2711,7 +2714,7 @@ pub mod tests { ..Account::default() }, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let result = execute_and_prove( @@ -3045,7 +3048,7 @@ pub mod tests { ..Account::default() }; let sender_account_id = - AccountId::for_regular_private_account(&sender_keys.npk(), &sender_keys.vpk(), 0); + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(); let sender_commitment = Commitment::new(&sender_account_id, &sender_private_account); let sender_init_nullifier = Nullifier::for_account_initialization(&sender_account_id); let mut state = V03State::new_with_genesis_accounts( @@ -3056,7 +3059,7 @@ pub mod tests { let sender_pre = AccountWithMetadata::new( sender_private_account, true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); let recipient_private_key = PrivateKey::try_new([2; 32]).unwrap(); let recipient_account_id = @@ -3129,7 +3132,7 @@ pub mod tests { ..Account::default() }, true, - (&from_keys.npk(), &from_keys.vpk(), 0), + PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id(), ); let to_account = AccountWithMetadata::new( Account { @@ -3137,13 +3140,13 @@ pub mod tests { ..Account::default() }, true, - (&to_keys.npk(), &to_keys.vpk(), 0), + PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id(), ); let from_account_id = - AccountId::for_regular_private_account(&from_keys.npk(), &from_keys.vpk(), 0); + PrivateAddressPlaintext::new(from_keys.npk(), from_keys.vpk(), 0).account_id(); let to_account_id = - AccountId::for_regular_private_account(&to_keys.npk(), &to_keys.vpk(), 0); + PrivateAddressPlaintext::new(to_keys.npk(), to_keys.vpk(), 0).account_id(); let from_commitment = Commitment::new(&from_account_id, &from_account.account); let to_commitment = Commitment::new(&to_account_id, &to_account.account); let from_init_nullifier = Nullifier::for_account_initialization(&from_account_id); @@ -3450,7 +3453,7 @@ pub mod tests { let authorized_account = AccountWithMetadata::new( Account::default(), true, - (&private_keys.npk(), &private_keys.vpk(), 0), + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(), ); let program = Program::authenticated_transfer_program(); @@ -3483,7 +3486,7 @@ pub mod tests { assert!(result.is_ok()); let account_id = - AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0); + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(); let nullifier = Nullifier::for_account_initialization(&account_id); assert!(state.private_state.1.contains(&nullifier)); } @@ -3500,7 +3503,7 @@ pub mod tests { let unauthorized_account = AccountWithMetadata::new( Account::default(), false, - (&private_keys.npk(), &private_keys.vpk(), 0), + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(), ); let program = Program::claimer(); @@ -3528,7 +3531,7 @@ pub mod tests { .unwrap(); let account_id = - AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0); + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(); let nullifier = Nullifier::for_account_initialization(&account_id); assert!(state.private_state.1.contains(&nullifier)); } @@ -3544,7 +3547,7 @@ pub mod tests { let authorized_account = AccountWithMetadata::new( Account::default(), true, - (&private_keys.npk(), &private_keys.vpk(), 0), + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(), ); let claimer_program = Program::claimer(); @@ -3581,7 +3584,7 @@ pub mod tests { // Verify the account is now initialized (nullifier exists) let account_id = - AccountId::for_regular_private_account(&private_keys.npk(), &private_keys.vpk(), 0); + PrivateAddressPlaintext::new(private_keys.npk(), private_keys.vpk(), 0).account_id(); let nullifier = Nullifier::for_account_initialization(&account_id); assert!(state.private_state.1.contains(&nullifier)); @@ -3671,7 +3674,7 @@ pub mod tests { let private_account = AccountWithMetadata::new( Account::default(), true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); // Don't change data (None) and don't claim (false) let instruction: (Option>, bool) = (None, false); @@ -3700,7 +3703,7 @@ pub mod tests { let private_account = AccountWithMetadata::new( Account::default(), true, - (&sender_keys.npk(), &sender_keys.vpk(), 0), + PrivateAddressPlaintext::new(sender_keys.npk(), sender_keys.vpk(), 0).account_id(), ); // Change data but don't claim (false) - should fail let new_data = vec![1, 2, 3, 4, 5]; @@ -3743,11 +3746,13 @@ pub mod tests { let recipient_account = AccountWithMetadata::new( Account::default(), true, - (&recipient_keys.npk(), &recipient_keys.vpk(), 0), + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(), ); let recipient_account_id = - AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); + PrivateAddressPlaintext::new(recipient_keys.npk(), recipient_keys.vpk(), 0) + .account_id(); let recipient_commitment = Commitment::new(&recipient_account_id, &recipient_account.account); let recipient_init_nullifier = Nullifier::for_account_initialization(&recipient_account_id); @@ -3916,7 +3921,7 @@ pub mod tests { let pre = AccountWithMetadata::new( Account::default(), false, - (&account_keys.npk(), &account_keys.vpk(), 0), + PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(), ); let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs(); let tx = { @@ -3981,7 +3986,7 @@ pub mod tests { let pre = AccountWithMetadata::new( Account::default(), false, - (&account_keys.npk(), &account_keys.vpk(), 0), + PrivateAddressPlaintext::new(account_keys.npk(), account_keys.vpk(), 0).account_id(), ); let mut state = V03State::new_with_genesis_accounts(&[], vec![], 0).with_test_programs(); let tx = { @@ -4512,10 +4517,10 @@ pub mod tests { ProgramWithDependencies::new(proxy, [(auth_transfer_id, auth_transfer.clone())].into()); let funder_id = funder_keys.account_id(); - let alice_pda_0_id = - AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 0); - let alice_pda_1_id = - AccountId::for_private_pda(&proxy_id, &seed, &alice_npk, &alice_keys.vpk(), 1); + let alice_pda_0_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 0) + .pda_account_id(&proxy_id, &seed); + let alice_pda_1_id = PrivateAddressPlaintext::new(alice_npk, alice_keys.vpk(), 1) + .pda_account_id(&proxy_id, &seed); let recipient_id = test_public_account_keys_2().account_id(); let recipient_signing_key = test_public_account_keys_2().signing_key; diff --git a/lee/state_machine/src/validated_state_diff.rs b/lee/state_machine/src/validated_state_diff.rs index 1953d93a..7befe5d9 100644 --- a/lee/state_machine/src/validated_state_diff.rs +++ b/lee/state_machine/src/validated_state_diff.rs @@ -511,7 +511,7 @@ fn n_unique(data: &[T]) -> usize { #[cfg(test)] mod tests { - use lee_core::account::{AccountId, Nonce}; + use lee_core::account::{AccountId, Nonce, PrivateAddressPlaintext}; use crate::{ PrivateKey, PublicKey, V03State, @@ -603,7 +603,7 @@ mod tests { // Attacker controls a private account. let attacker_keys = test_private_account_keys_1(); let attacker_id = - AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0); + PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id(); let victim_id = AccountId::new([20_u8; 32]); let recipient_id = AccountId::new([42_u8; 32]); @@ -709,9 +709,10 @@ mod tests { /// There are two routes, both closed: /// /// - **mask=1 (`PrivateAuthorizedUpdate`)**: the circuit derives `account_id = - /// AccountId::for_regular_private_account(&npk_from(nsk), identifier)` and asserts it matches - /// `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the attacker - /// does not have. `execute_and_prove` panics inside the ZKVM and no proof is produced. + /// PrivateAddressPlaintext::new(npk_from(nsk), vpk, identifier).account_id()` and asserts it + /// matches `pre_state.account_id`. Passing this check requires the victim's `nsk`, which the + /// attacker does not have. `execute_and_prove` panics inside the ZKVM and no proof is + /// produced. /// /// - **mask=0 (`Public`)**: the circuit places the account in `public_pre_states` and /// `execute_and_prove` succeeds. The host-side validator then reconstructs @@ -754,12 +755,12 @@ mod tests { // Attacker controls a private account. let attacker_keys = test_private_account_keys_1(); let attacker_id = - AccountId::for_regular_private_account(&attacker_keys.npk(), &attacker_keys.vpk(), 0); + PrivateAddressPlaintext::new(attacker_keys.npk(), attacker_keys.vpk(), 0).account_id(); // Victim is a private account — not registered in public chain state. let victim_keys = test_private_account_keys_2(); let victim_id = - AccountId::for_regular_private_account(&victim_keys.npk(), &victim_keys.vpk(), 0); + PrivateAddressPlaintext::new(victim_keys.npk(), victim_keys.vpk(), 0).account_id(); let victim_balance = 5_000_u128; let recipient_id = AccountId::new([42_u8; 32]);