From 78e5b1d1aee6f8beea27ced53d846ede327626de Mon Sep 17 00:00:00 2001
From: agureev <artguril@proton.me>
Date: Mon, 22 Jun 2026 22:26:54 +0400
Subject: [PATCH] feat!: obfuscate note and cipher order by byte-sort

BREAKING:

Before: Commitments, nullifiers, and ciphers of an account ID I were
all bound to the same possition in their respective vectors.

After: Before writing to journal, the PPC sorts the commitments and
nullifiers by bytes and encrypted account data by ciphertext
comparissons.

Mitigation: Do not rely on the plaintext order to be preserved for
private accounts after proving
---
 .../guest/src/bin/privacy_preserving_circuit/output.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs b/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs
index 89fec367..6b3b139b 100644
--- a/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs
+++ b/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs
@@ -252,6 +252,16 @@ pub fn compute_circuit_output(
         }
     }
 
+    output
+        .new_commitments
+        .sort_unstable_by_key(Commitment::to_byte_array);
+    output
+        .new_nullifiers
+        .sort_unstable_by_key(|(nullifier, _)| nullifier.to_byte_array());
+    output
+        .encrypted_private_post_states
+        .sort_unstable_by(|a, b| a.ciphertext.as_bytes().cmp(b.ciphertext.as_bytes()));
+
     output
 }