diff --git a/artifacts/program_methods/amm.bin b/artifacts/program_methods/amm.bin index df267d12..20ed177d 100644 Binary files a/artifacts/program_methods/amm.bin and b/artifacts/program_methods/amm.bin differ diff --git a/artifacts/program_methods/associated_token_account.bin b/artifacts/program_methods/associated_token_account.bin index 6e7a3ce6..744f6118 100644 Binary files a/artifacts/program_methods/associated_token_account.bin and b/artifacts/program_methods/associated_token_account.bin differ diff --git a/artifacts/program_methods/authenticated_transfer.bin b/artifacts/program_methods/authenticated_transfer.bin index 68c06d1c..3c33edbc 100644 Binary files a/artifacts/program_methods/authenticated_transfer.bin and b/artifacts/program_methods/authenticated_transfer.bin differ diff --git a/artifacts/program_methods/bridge.bin b/artifacts/program_methods/bridge.bin index 6eb93a11..44a89552 100644 Binary files a/artifacts/program_methods/bridge.bin and b/artifacts/program_methods/bridge.bin differ diff --git a/artifacts/program_methods/clock.bin b/artifacts/program_methods/clock.bin index 7ddfb193..ab748b27 100644 Binary files a/artifacts/program_methods/clock.bin and b/artifacts/program_methods/clock.bin differ diff --git a/artifacts/program_methods/faucet.bin b/artifacts/program_methods/faucet.bin index 006220a5..4eff9244 100644 Binary files a/artifacts/program_methods/faucet.bin and b/artifacts/program_methods/faucet.bin differ diff --git a/artifacts/program_methods/pinata.bin b/artifacts/program_methods/pinata.bin index 2fedd069..6e1e996b 100644 Binary files a/artifacts/program_methods/pinata.bin and b/artifacts/program_methods/pinata.bin differ diff --git a/artifacts/program_methods/pinata_token.bin b/artifacts/program_methods/pinata_token.bin index 4411a3c0..da3245fb 100644 Binary files a/artifacts/program_methods/pinata_token.bin and b/artifacts/program_methods/pinata_token.bin differ diff --git a/artifacts/program_methods/privacy_preserving_circuit.bin b/artifacts/program_methods/privacy_preserving_circuit.bin index 256f8fc2..add125e4 100644 Binary files a/artifacts/program_methods/privacy_preserving_circuit.bin and b/artifacts/program_methods/privacy_preserving_circuit.bin differ diff --git a/artifacts/program_methods/token.bin b/artifacts/program_methods/token.bin index 14baf4eb..cdbb6cb9 100644 Binary files a/artifacts/program_methods/token.bin and b/artifacts/program_methods/token.bin differ diff --git a/artifacts/program_methods/vault.bin b/artifacts/program_methods/vault.bin index 9d97a376..c4aa37fe 100644 Binary files a/artifacts/program_methods/vault.bin and b/artifacts/program_methods/vault.bin differ diff --git a/artifacts/test_program_methods/auth_asserting_noop.bin b/artifacts/test_program_methods/auth_asserting_noop.bin index b3694096..f3e0d15d 100644 Binary files a/artifacts/test_program_methods/auth_asserting_noop.bin and b/artifacts/test_program_methods/auth_asserting_noop.bin differ diff --git a/artifacts/test_program_methods/auth_transfer_proxy.bin b/artifacts/test_program_methods/auth_transfer_proxy.bin index d7f4c6fe..c006b371 100644 Binary files a/artifacts/test_program_methods/auth_transfer_proxy.bin and b/artifacts/test_program_methods/auth_transfer_proxy.bin differ diff --git a/artifacts/test_program_methods/burner.bin b/artifacts/test_program_methods/burner.bin index 692a8433..39ad7164 100644 Binary files a/artifacts/test_program_methods/burner.bin and b/artifacts/test_program_methods/burner.bin differ diff --git a/artifacts/test_program_methods/chain_caller.bin b/artifacts/test_program_methods/chain_caller.bin index f4262dab..84edab39 100644 Binary files a/artifacts/test_program_methods/chain_caller.bin and b/artifacts/test_program_methods/chain_caller.bin differ diff --git a/artifacts/test_program_methods/changer_claimer.bin b/artifacts/test_program_methods/changer_claimer.bin index 2acfd6ce..35fa3103 100644 Binary files a/artifacts/test_program_methods/changer_claimer.bin and b/artifacts/test_program_methods/changer_claimer.bin differ diff --git a/artifacts/test_program_methods/claimer.bin b/artifacts/test_program_methods/claimer.bin index ffc41cda..779c8f3e 100644 Binary files a/artifacts/test_program_methods/claimer.bin and b/artifacts/test_program_methods/claimer.bin differ diff --git a/artifacts/test_program_methods/clock_chain_caller.bin b/artifacts/test_program_methods/clock_chain_caller.bin index e0310830..81d40bf7 100644 Binary files a/artifacts/test_program_methods/clock_chain_caller.bin and b/artifacts/test_program_methods/clock_chain_caller.bin differ diff --git a/artifacts/test_program_methods/data_changer.bin b/artifacts/test_program_methods/data_changer.bin index 4a00f11b..43315b8d 100644 Binary files a/artifacts/test_program_methods/data_changer.bin and b/artifacts/test_program_methods/data_changer.bin differ diff --git a/artifacts/test_program_methods/extra_output.bin b/artifacts/test_program_methods/extra_output.bin index 4482e28e..11184eb8 100644 Binary files a/artifacts/test_program_methods/extra_output.bin and b/artifacts/test_program_methods/extra_output.bin differ diff --git a/artifacts/test_program_methods/faucet_chain_caller.bin b/artifacts/test_program_methods/faucet_chain_caller.bin index aace5211..f21b34a9 100644 Binary files a/artifacts/test_program_methods/faucet_chain_caller.bin and b/artifacts/test_program_methods/faucet_chain_caller.bin differ diff --git a/artifacts/test_program_methods/flash_swap_callback.bin b/artifacts/test_program_methods/flash_swap_callback.bin index 881c045c..6b385b60 100644 Binary files a/artifacts/test_program_methods/flash_swap_callback.bin and b/artifacts/test_program_methods/flash_swap_callback.bin differ diff --git a/artifacts/test_program_methods/flash_swap_initiator.bin b/artifacts/test_program_methods/flash_swap_initiator.bin index dab0807d..e3e5de26 100644 Binary files a/artifacts/test_program_methods/flash_swap_initiator.bin and b/artifacts/test_program_methods/flash_swap_initiator.bin differ diff --git a/artifacts/test_program_methods/malicious_authorization_changer.bin b/artifacts/test_program_methods/malicious_authorization_changer.bin index 2421f254..0266685f 100644 Binary files a/artifacts/test_program_methods/malicious_authorization_changer.bin and b/artifacts/test_program_methods/malicious_authorization_changer.bin differ diff --git a/artifacts/test_program_methods/malicious_caller_program_id.bin b/artifacts/test_program_methods/malicious_caller_program_id.bin index 8889a8bb..b05291c1 100644 Binary files a/artifacts/test_program_methods/malicious_caller_program_id.bin and b/artifacts/test_program_methods/malicious_caller_program_id.bin differ diff --git a/artifacts/test_program_methods/malicious_injector.bin b/artifacts/test_program_methods/malicious_injector.bin index 54c9bbd1..19f24c1a 100644 Binary files a/artifacts/test_program_methods/malicious_injector.bin and b/artifacts/test_program_methods/malicious_injector.bin differ diff --git a/artifacts/test_program_methods/malicious_launderer.bin b/artifacts/test_program_methods/malicious_launderer.bin index e1740d2d..3bab4954 100644 Binary files a/artifacts/test_program_methods/malicious_launderer.bin and b/artifacts/test_program_methods/malicious_launderer.bin differ diff --git a/artifacts/test_program_methods/malicious_self_program_id.bin b/artifacts/test_program_methods/malicious_self_program_id.bin index ddb6a012..96a7317d 100644 Binary files a/artifacts/test_program_methods/malicious_self_program_id.bin and b/artifacts/test_program_methods/malicious_self_program_id.bin differ diff --git a/artifacts/test_program_methods/minter.bin b/artifacts/test_program_methods/minter.bin index fd96b143..6325db38 100644 Binary files a/artifacts/test_program_methods/minter.bin and b/artifacts/test_program_methods/minter.bin differ diff --git a/artifacts/test_program_methods/missing_output.bin b/artifacts/test_program_methods/missing_output.bin index 67febaf9..469801f7 100644 Binary files a/artifacts/test_program_methods/missing_output.bin and b/artifacts/test_program_methods/missing_output.bin differ diff --git a/artifacts/test_program_methods/modified_transfer.bin b/artifacts/test_program_methods/modified_transfer.bin index af1029d1..6bc1b6be 100644 Binary files a/artifacts/test_program_methods/modified_transfer.bin and b/artifacts/test_program_methods/modified_transfer.bin differ diff --git a/artifacts/test_program_methods/nonce_changer.bin b/artifacts/test_program_methods/nonce_changer.bin index 5b6e1ce1..bfb7b191 100644 Binary files a/artifacts/test_program_methods/nonce_changer.bin and b/artifacts/test_program_methods/nonce_changer.bin differ diff --git a/artifacts/test_program_methods/noop.bin b/artifacts/test_program_methods/noop.bin index 9955e3b2..3eb580e8 100644 Binary files a/artifacts/test_program_methods/noop.bin and b/artifacts/test_program_methods/noop.bin differ diff --git a/artifacts/test_program_methods/pda_claimer.bin b/artifacts/test_program_methods/pda_claimer.bin index 8a8590b9..00351970 100644 Binary files a/artifacts/test_program_methods/pda_claimer.bin and b/artifacts/test_program_methods/pda_claimer.bin differ diff --git a/artifacts/test_program_methods/pda_spend_proxy.bin b/artifacts/test_program_methods/pda_spend_proxy.bin index 8458344a..2a2df3ab 100644 Binary files a/artifacts/test_program_methods/pda_spend_proxy.bin and b/artifacts/test_program_methods/pda_spend_proxy.bin differ diff --git a/artifacts/test_program_methods/pinata_cooldown.bin b/artifacts/test_program_methods/pinata_cooldown.bin index 4e6b953f..63fff798 100644 Binary files a/artifacts/test_program_methods/pinata_cooldown.bin and b/artifacts/test_program_methods/pinata_cooldown.bin differ diff --git a/artifacts/test_program_methods/private_pda_delegator.bin b/artifacts/test_program_methods/private_pda_delegator.bin index 175dc697..fdd29371 100644 Binary files a/artifacts/test_program_methods/private_pda_delegator.bin and b/artifacts/test_program_methods/private_pda_delegator.bin differ diff --git a/artifacts/test_program_methods/program_owner_changer.bin b/artifacts/test_program_methods/program_owner_changer.bin index 53fcca3e..abfe681e 100644 Binary files a/artifacts/test_program_methods/program_owner_changer.bin and b/artifacts/test_program_methods/program_owner_changer.bin differ diff --git a/artifacts/test_program_methods/simple_balance_transfer.bin b/artifacts/test_program_methods/simple_balance_transfer.bin index ee7165d6..84282f5b 100644 Binary files a/artifacts/test_program_methods/simple_balance_transfer.bin and b/artifacts/test_program_methods/simple_balance_transfer.bin differ diff --git a/artifacts/test_program_methods/time_locked_transfer.bin b/artifacts/test_program_methods/time_locked_transfer.bin index 89e8cb69..a8435780 100644 Binary files a/artifacts/test_program_methods/time_locked_transfer.bin and b/artifacts/test_program_methods/time_locked_transfer.bin differ diff --git a/artifacts/test_program_methods/two_pda_claimer.bin b/artifacts/test_program_methods/two_pda_claimer.bin index 54a3744e..23585f3e 100644 Binary files a/artifacts/test_program_methods/two_pda_claimer.bin and b/artifacts/test_program_methods/two_pda_claimer.bin differ diff --git a/artifacts/test_program_methods/validity_window.bin b/artifacts/test_program_methods/validity_window.bin index 615934f3..5c9e3246 100644 Binary files a/artifacts/test_program_methods/validity_window.bin and b/artifacts/test_program_methods/validity_window.bin differ diff --git a/artifacts/test_program_methods/validity_window_chain_caller.bin b/artifacts/test_program_methods/validity_window_chain_caller.bin index dc7a51f3..16a897bc 100644 Binary files a/artifacts/test_program_methods/validity_window_chain_caller.bin and b/artifacts/test_program_methods/validity_window_chain_caller.bin differ diff --git a/integration_tests/tests/auth_transfer/private.rs b/integration_tests/tests/auth_transfer/private.rs index a48bb212..a862e334 100644 --- a/integration_tests/tests/auth_transfer/private.rs +++ b/integration_tests/tests/auth_transfer/private.rs @@ -710,7 +710,7 @@ async fn ppt_cant_chain_call_faucet() -> Result<()> { InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaInit { vpk, - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: 1337, seed: None, diff --git a/integration_tests/tests/private_pda.rs b/integration_tests/tests/private_pda.rs index 90ddb45a..e605ceee 100644 --- a/integration_tests/tests/private_pda.rs +++ b/integration_tests/tests/private_pda.rs @@ -71,7 +71,7 @@ async fn fund_private_pda( InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaInit { vpk, - os_random: [0; 32], + random_seed: [0; 32], npk, identifier, seed: Some((seed, authority_program_id)), diff --git a/integration_tests/tests/tps.rs b/integration_tests/tests/tps.rs index 56facd39..78116c49 100644 --- a/integration_tests/tests/tps.rs +++ b/integration_tests/tests/tps.rs @@ -293,14 +293,14 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_vpk, - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_nsk, membership_proof: proof, identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_vpk, - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_npk, identifier: 0, }, diff --git a/lee/state_machine/core/src/circuit_io.rs b/lee/state_machine/core/src/circuit_io.rs index 625247e0..9bead310 100644 --- a/lee/state_machine/core/src/circuit_io.rs +++ b/lee/state_machine/core/src/circuit_io.rs @@ -32,7 +32,7 @@ pub enum InputAccountIdentity { /// and matched against `pre_state.account_id`. PrivateAuthorizedInit { vpk: ViewingPublicKey, - os_random: [u8; 32], + random_seed: [u8; 32], nsk: NullifierSecretKey, identifier: Identifier, }, @@ -40,7 +40,7 @@ pub enum InputAccountIdentity { /// membership proof. PrivateAuthorizedUpdate { vpk: ViewingPublicKey, - os_random: [u8; 32], + random_seed: [u8; 32], nsk: NullifierSecretKey, membership_proof: MembershipProof, identifier: Identifier, @@ -49,7 +49,7 @@ pub enum InputAccountIdentity { /// doesn't yet exist on chain). No `nsk`, no membership proof. PrivateUnauthorized { vpk: ViewingPublicKey, - os_random: [u8; 32], + random_seed: [u8; 32], npk: NullifierPublicKey, identifier: Identifier, }, @@ -59,7 +59,7 @@ pub enum InputAccountIdentity { /// as the 4th input. PrivatePdaInit { vpk: ViewingPublicKey, - os_random: [u8; 32], + random_seed: [u8; 32], npk: NullifierPublicKey, identifier: Identifier, /// When `Some((seed, authority_program_id))`, the circuit binds this position via the @@ -75,7 +75,7 @@ pub enum InputAccountIdentity { /// previously-seen authorization in a chained call. PrivatePdaUpdate { vpk: ViewingPublicKey, - os_random: [u8; 32], + random_seed: [u8; 32], nsk: NullifierSecretKey, membership_proof: MembershipProof, identifier: Identifier, diff --git a/lee/state_machine/core/src/encryption/mod.rs b/lee/state_machine/core/src/encryption/mod.rs index 0d7ccd11..be0dbd19 100644 --- a/lee/state_machine/core/src/encryption/mod.rs +++ b/lee/state_machine/core/src/encryption/mod.rs @@ -19,19 +19,19 @@ impl EphemeralSecretKey { /// Derives an ephemeral secret key from OS randomness and account-specific values. /// /// For updates, `nonce` carries `nsk`-derived entropy, making `esk` strong even - /// with a compromised RNG. For inits, `nonce` is deterministic, so `os_random` + /// with a compromised RNG. For inits, `nonce` is deterministic, so `random_seed` /// is the sole entropy source. #[must_use] pub fn new( account_id: &crate::account::AccountId, - os_random: &[u8; 32], + random_seed: &[u8; 32], nonce: &crate::account::Nonce, ) -> Self { const PREFIX: &[u8; 14] = b"/LEE/v0.3/esk/"; let mut input = [0_u8; 14 + 32 + 32 + 16]; input[0..14].copy_from_slice(PREFIX); input[14..46].copy_from_slice(account_id.value()); - input[46..78].copy_from_slice(os_random); + input[46..78].copy_from_slice(random_seed); input[78..94].copy_from_slice(&nonce.0.to_le_bytes()); Self(Impl::hash_bytes(&input).as_bytes().try_into().unwrap()) } @@ -264,24 +264,24 @@ mod tests { #[test] fn esk_is_deterministic() { let account_id = AccountId::new([1_u8; 32]); - let os_random = [2_u8; 32]; + let random_seed = [2_u8; 32]; let nonce = crate::account::Nonce(42); - let esk1 = EphemeralSecretKey::new(&account_id, &os_random, &nonce); - let esk2 = EphemeralSecretKey::new(&account_id, &os_random, &nonce); + let esk1 = EphemeralSecretKey::new(&account_id, &random_seed, &nonce); + let esk2 = EphemeralSecretKey::new(&account_id, &random_seed, &nonce); assert_eq!(esk1.0, esk2.0); } #[test] fn esk_differs_for_different_account_id() { - let os_random = [2_u8; 32]; + let random_seed = [2_u8; 32]; let nonce = crate::account::Nonce(42); - let esk_a = EphemeralSecretKey::new(&AccountId::new([0_u8; 32]), &os_random, &nonce); - let esk_b = EphemeralSecretKey::new(&AccountId::new([1_u8; 32]), &os_random, &nonce); + let esk_a = EphemeralSecretKey::new(&AccountId::new([0_u8; 32]), &random_seed, &nonce); + let esk_b = EphemeralSecretKey::new(&AccountId::new([1_u8; 32]), &random_seed, &nonce); assert_ne!(esk_a.0, esk_b.0); } #[test] - fn esk_differs_for_different_os_random() { + fn esk_differs_for_different_random_seed() { let account_id = AccountId::new([1_u8; 32]); let nonce = crate::account::Nonce(42); let esk_a = EphemeralSecretKey::new(&account_id, &[0_u8; 32], &nonce); @@ -292,9 +292,9 @@ mod tests { #[test] fn esk_differs_for_different_nonce() { let account_id = AccountId::new([1_u8; 32]); - let os_random = [2_u8; 32]; - let esk_a = EphemeralSecretKey::new(&account_id, &os_random, &crate::account::Nonce(0)); - let esk_b = EphemeralSecretKey::new(&account_id, &os_random, &crate::account::Nonce(1)); + let random_seed = [2_u8; 32]; + let esk_a = EphemeralSecretKey::new(&account_id, &random_seed, &crate::account::Nonce(0)); + let esk_b = EphemeralSecretKey::new(&account_id, &random_seed, &crate::account::Nonce(1)); assert_ne!(esk_a.0, esk_b.0); } } diff --git a/lee/state_machine/core/src/encryption/shared_key_derivation.rs b/lee/state_machine/core/src/encryption/shared_key_derivation.rs index 6e51fc67..a339a282 100644 --- a/lee/state_machine/core/src/encryption/shared_key_derivation.rs +++ b/lee/state_machine/core/src/encryption/shared_key_derivation.rs @@ -83,7 +83,7 @@ impl SharedSecretKey { /// Deterministically encapsulate a shared secret toward `ek` using a /// pre-derived `esk` as the ML-KEM encapsulation randomness. /// - /// The `esk` must be derived via `derive_esk(account_id, os_random, nonce)` + /// The `esk` must be derived via `derive_esk(account_id, random_seed, nonce)` /// which binds it to the account and incorporates OS entropy. #[must_use] pub fn encapsulate_deterministic( diff --git a/lee/state_machine/src/privacy_preserving_transaction/circuit.rs b/lee/state_machine/src/privacy_preserving_transaction/circuit.rs index 29f2cc95..4f2597c4 100644 --- a/lee/state_machine/src/privacy_preserving_transaction/circuit.rs +++ b/lee/state_machine/src/privacy_preserving_transaction/circuit.rs @@ -257,11 +257,10 @@ mod tests { let expected_sender_pre = sender.clone(); - let shared_secret = SharedSecretKey::encapsulate_deterministic( - &recipient_keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; + let init_nonce = Nonce::private_account_nonce_init(&recipient_account_id); + let esk = EphemeralSecretKey::new(&recipient_account_id, &[0; 32], &init_nonce); + let shared_secret = + SharedSecretKey::encapsulate_deterministic(&recipient_keys.vpk(), &esk).0; let (output, proof) = execute_and_prove( vec![sender, recipient], @@ -273,7 +272,7 @@ mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -360,17 +359,16 @@ mod tests { Commitment::new(&recipient_account_id, &expected_private_account_2), ]; - let shared_secret_1 = SharedSecretKey::encapsulate_deterministic( - &sender_keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; + let sender_new_nonce = sender_nonce.private_account_nonce_increment(&sender_keys.nsk); + let sender_esk = EphemeralSecretKey::new(&sender_account_id, &[0; 32], &sender_new_nonce); + let shared_secret_1 = + SharedSecretKey::encapsulate_deterministic(&sender_keys.vpk(), &sender_esk).0; - let shared_secret_2 = SharedSecretKey::encapsulate_deterministic( - &recipient_keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; + let recipient_init_nonce = Nonce::private_account_nonce_init(&recipient_account_id); + let recipient_esk = + EphemeralSecretKey::new(&recipient_account_id, &[0; 32], &recipient_init_nonce); + let shared_secret_2 = + SharedSecretKey::encapsulate_deterministic(&recipient_keys.vpk(), &recipient_esk).0; let (output, proof) = execute_and_prove( vec![sender_pre, recipient], @@ -381,7 +379,7 @@ mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: commitment_set .get_proof_for(&commitment_sender) @@ -390,7 +388,7 @@ mod tests { }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -456,7 +454,7 @@ mod tests { instruction, vec![InputAccountIdentity::PrivateUnauthorized { vpk: account_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: account_keys.npk(), identifier: 0, }], @@ -475,14 +473,12 @@ mod tests { let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); let identifier: u128 = 99; - let shared_secret = SharedSecretKey::encapsulate_deterministic( - &keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; - let account_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier); + let init_nonce = Nonce::private_account_nonce_init(&account_id); + let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &init_nonce); + let shared_secret = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; + let pre_state = AccountWithMetadata::new(Account::default(), false, account_id); let (output, _proof) = execute_and_prove( @@ -490,7 +486,7 @@ mod tests { Program::serialize_instruction(seed).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier, seed: None, @@ -536,7 +532,7 @@ mod tests { instruction, vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: 0, seed: None, @@ -588,7 +584,7 @@ mod tests { vec![ InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: 0, seed: None, @@ -645,7 +641,7 @@ mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivateUnauthorized { vpk: shared_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: shared_npk, identifier: shared_identifier, }, @@ -665,13 +661,11 @@ mod tests { let program = Program::authenticated_transfer_program(); let keys = test_private_account_keys_1(); let identifier: u128 = 99; - let ssk = SharedSecretKey::encapsulate_deterministic( - &keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; let account_id = AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + let nonce = Nonce::private_account_nonce_init(&account_id); + let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &nonce); + let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; let pre = AccountWithMetadata::new(Account::default(), true, account_id); let (output, _) = execute_and_prove( @@ -680,7 +674,7 @@ mod tests { .unwrap(), vec![InputAccountIdentity::PrivateAuthorizedInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: keys.nsk, identifier, }], @@ -711,7 +705,7 @@ mod tests { .unwrap(), vec![InputAccountIdentity::PrivateAuthorizedInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: keys.nsk, identifier, }], @@ -758,7 +752,7 @@ mod tests { vec![InputAccountIdentity::PrivateAuthorizedInit { // use a different vpk vpk: foreign_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], // but the same nsk nsk: keys.nsk, identifier, @@ -776,11 +770,11 @@ mod tests { let program = Program::authenticated_transfer_program(); let keys = test_private_account_keys_1(); let identifier: u128 = 99; - let ssk = SharedSecretKey::encapsulate_deterministic( - &keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; + let recipient_id = + AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + let init_nonce = Nonce::private_account_nonce_init(&recipient_id); + let esk = EphemeralSecretKey::new(&recipient_id, &[0; 32], &init_nonce); + let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; let sender = AccountWithMetadata::new( Account { @@ -791,8 +785,6 @@ mod tests { true, AccountId::new([0; 32]), ); - let recipient_id = - AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); let recipient = AccountWithMetadata::new(Account::default(), false, recipient_id); let (output, _) = execute_and_prove( @@ -805,7 +797,7 @@ mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivateUnauthorized { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: keys.npk(), identifier, }, @@ -827,13 +819,11 @@ mod tests { let program = Program::authenticated_transfer_program(); let keys = test_private_account_keys_1(); let identifier: u128 = 99; - let ssk = SharedSecretKey::encapsulate_deterministic( - &keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; let account_id = AccountId::for_regular_private_account(&keys.npk(), &keys.vpk(), identifier); + let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk); + let esk = EphemeralSecretKey::new(&account_id, &[0; 32], &update_nonce); + let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; let account = Account { program_owner: program.id(), balance: 1, @@ -855,7 +845,7 @@ mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: keys.nsk, membership_proof: commitment_set.get_proof_for(&commitment).unwrap(), identifier, @@ -882,15 +872,12 @@ mod tests { let npk = keys.npk(); let seed = PdaSeed::new([42; 32]); let identifier: u128 = 99; - let ssk = SharedSecretKey::encapsulate_deterministic( - &keys.vpk(), - &EphemeralSecretKey([0_u8; 32]), - ) - .0; - let auth_transfer_id = auth_transfer.id(); let pda_id = AccountId::for_private_pda(&program.id(), &seed, &npk, &keys.vpk(), identifier); + let update_nonce = Nonce::default().private_account_nonce_increment(&keys.nsk); + let esk = EphemeralSecretKey::new(&pda_id, &[0; 32], &update_nonce); + let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; let pda_account = Account { program_owner: auth_transfer_id, balance: 1, @@ -915,7 +902,7 @@ mod tests { vec![ InputAccountIdentity::PrivatePdaUpdate { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: keys.nsk, membership_proof: commitment_set.get_proof_for(&pda_commitment).unwrap(), identifier, @@ -951,7 +938,7 @@ mod tests { Program::serialize_instruction(seed).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: 99, seed: None, @@ -993,7 +980,7 @@ mod tests { vec![ InputAccountIdentity::PrivatePdaUpdate { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: keys.nsk, membership_proof: commitment_set.get_proof_for(&pda_commitment).unwrap(), identifier: 99, diff --git a/lee/state_machine/src/state.rs b/lee/state_machine/src/state.rs index b428663b..becb14ff 100644 --- a/lee/state_machine/src/state.rs +++ b/lee/state_machine/src/state.rs @@ -1419,7 +1419,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -1470,7 +1470,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: state .get_proof_for_commitment(&sender_commitment) @@ -1479,7 +1479,7 @@ pub mod tests { }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -1526,7 +1526,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: state .get_proof_for_commitment(&sender_commitment) @@ -2099,14 +2099,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: recipient_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2147,14 +2147,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2195,14 +2195,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2243,14 +2243,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2291,14 +2291,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2337,14 +2337,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, }, InputAccountIdentity::PrivateUnauthorized { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: recipient_keys.npk(), identifier: 0, }, @@ -2383,7 +2383,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: u128::MAX, seed: None, @@ -2416,7 +2416,7 @@ pub mod tests { Program::serialize_instruction(seed).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: u128::MAX, seed: None, @@ -2457,7 +2457,7 @@ pub mod tests { Program::serialize_instruction(seed).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys_b.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: npk_b, identifier: u128::MAX, seed: None, @@ -2494,7 +2494,7 @@ pub mod tests { Program::serialize_instruction((seed, seed, callee_id)).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: u128::MAX, seed: None, @@ -2534,7 +2534,7 @@ pub mod tests { Program::serialize_instruction((claim_seed, wrong_delegated_seed, callee_id)).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: u128::MAX, seed: None, @@ -2584,14 +2584,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivatePdaInit { vpk: keys_a.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: keys_a.npk(), identifier: u128::MAX, seed: None, }, InputAccountIdentity::PrivatePdaInit { vpk: keys_b.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: keys_b.npk(), identifier: u128::MAX, seed: None, @@ -2633,7 +2633,7 @@ pub mod tests { Program::serialize_instruction(()).unwrap(), vec![InputAccountIdentity::PrivatePdaInit { vpk: keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk, identifier: u128::MAX, seed: None, @@ -2720,14 +2720,14 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (1, vec![]), identifier: 0, }, InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (1, vec![]), identifier: 0, @@ -3075,7 +3075,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: state .get_proof_for_commitment(&sender_commitment) @@ -3194,7 +3194,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: from_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: from_keys.nsk, membership_proof: state .get_proof_for_commitment(&from_commitment) @@ -3203,7 +3203,7 @@ pub mod tests { }, InputAccountIdentity::PrivateAuthorizedUpdate { vpk: to_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: to_keys.nsk, membership_proof: state .get_proof_for_commitment(&to_commitment) @@ -3465,7 +3465,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateAuthorizedInit { vpk: private_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: private_keys.nsk, identifier: 0, }], @@ -3510,7 +3510,7 @@ pub mod tests { Program::serialize_instruction(0_u128).unwrap(), vec![InputAccountIdentity::PrivateUnauthorized { vpk: private_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: private_keys.npk(), identifier: 0, }], @@ -3559,7 +3559,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateAuthorizedInit { vpk: private_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: private_keys.nsk, identifier: 0, }], @@ -3600,7 +3600,7 @@ pub mod tests { Program::serialize_instruction(()).unwrap(), vec![InputAccountIdentity::PrivateAuthorizedInit { vpk: private_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: private_keys.nsk, identifier: 0, }], @@ -3681,7 +3681,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, @@ -3711,7 +3711,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.nsk, membership_proof: (0, vec![]), identifier: 0, @@ -3773,7 +3773,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivateAuthorizedUpdate { vpk: recipient_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: recipient_keys.nsk, membership_proof: state .get_proof_for_commitment(&recipient_commitment) @@ -3929,7 +3929,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateUnauthorized { vpk: account_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: account_keys.npk(), identifier: 0, }], @@ -3994,7 +3994,7 @@ pub mod tests { Program::serialize_instruction(instruction).unwrap(), vec![InputAccountIdentity::PrivateUnauthorized { vpk: account_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: account_keys.npk(), identifier: 0, }], @@ -4549,7 +4549,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaInit { vpk: alice_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: alice_npk, identifier: 0, seed: Some((seed, proxy_id)), @@ -4586,7 +4586,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaInit { vpk: alice_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], npk: alice_npk, identifier: 1, seed: Some((seed, proxy_id)), @@ -4626,7 +4626,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivatePdaUpdate { vpk: alice_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: alice_keys.nsk, membership_proof: state .get_proof_for_commitment(&commitment_pda_0) @@ -4664,7 +4664,7 @@ pub mod tests { vec![ InputAccountIdentity::PrivatePdaUpdate { vpk: alice_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: alice_keys.nsk, membership_proof: state .get_proof_for_commitment(&commitment_pda_1) @@ -4721,7 +4721,7 @@ pub mod tests { InputAccountIdentity::Public, InputAccountIdentity::PrivatePdaUpdate { vpk: alice_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: alice_keys.nsk, membership_proof: state .get_proof_for_commitment(&commitment_pda_1_after_spend) diff --git a/lee/state_machine/src/validated_state_diff.rs b/lee/state_machine/src/validated_state_diff.rs index ad0591c7..1953d93a 100644 --- a/lee/state_machine/src/validated_state_diff.rs +++ b/lee/state_machine/src/validated_state_diff.rs @@ -660,7 +660,7 @@ mod tests { let account_identities = vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: attacker_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: attacker_keys.nsk, membership_proof, identifier: 0, @@ -817,7 +817,7 @@ mod tests { let account_identities = vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: attacker_keys.vpk(), - os_random: [0; 32], + random_seed: [0; 32], nsk: attacker_keys.nsk, membership_proof, identifier: 0, diff --git a/lez/sequencer/core/src/lib.rs b/lez/sequencer/core/src/lib.rs index 3509263b..e185b05f 100644 --- a/lez/sequencer/core/src/lib.rs +++ b/lez/sequencer/core/src/lib.rs @@ -1664,7 +1664,7 @@ mod tests { vec![ InputAccountIdentity::PrivateAuthorizedUpdate { vpk: sender_keys.viewing_public_key, - os_random: [0; 32], + random_seed: [0; 32], nsk: sender_keys.private_key_holder.nullifier_secret_key, membership_proof: state .get_proof_for_commitment(&sender_commitment) diff --git a/lez/wallet/src/account_manager.rs b/lez/wallet/src/account_manager.rs index ef2b51eb..f77d1062 100644 --- a/lez/wallet/src/account_manager.rs +++ b/lez/wallet/src/account_manager.rs @@ -262,8 +262,8 @@ impl AccountManager { } => { let acc = lee_core::account::Account::default(); let auth_acc = AccountWithMetadata::new(acc, false, (&npk, &vpk, identifier)); - let mut os_random: [u8; 32] = [0; 32]; - OsRng.fill_bytes(&mut os_random); + let mut random_seed: [u8; 32] = [0; 32]; + OsRng.fill_bytes(&mut random_seed); let pre = AccountPreparedData { nsk: None, npk, @@ -271,7 +271,7 @@ impl AccountManager { vpk, pre_state: auth_acc, proof: None, - os_random, + random_seed, is_pda: false, }; @@ -289,8 +289,8 @@ impl AccountManager { } => { let acc = lee_core::account::Account::default(); let auth_acc = AccountWithMetadata::new(acc, false, account_id); - let mut os_random: [u8; 32] = [0; 32]; - OsRng.fill_bytes(&mut os_random); + let mut random_seed: [u8; 32] = [0; 32]; + OsRng.fill_bytes(&mut random_seed); let pre = AccountPreparedData { nsk: None, npk, @@ -298,7 +298,7 @@ impl AccountManager { vpk, pre_state: auth_acc, proof: None, - os_random, + random_seed, is_pda: true, }; State::Private(pre) @@ -382,7 +382,7 @@ impl AccountManager { }; let esk = lee_core::EphemeralSecretKey::new( &pre.pre_state.account_id, - &pre.os_random, + &pre.random_seed, &nonce, ); PrivateAccountKeys { @@ -404,7 +404,7 @@ impl AccountManager { State::Private(pre) if pre.is_pda => match (pre.nsk, pre.proof.clone()) { (Some(nsk), Some(membership_proof)) => InputAccountIdentity::PrivatePdaUpdate { vpk: pre.vpk.clone(), - os_random: pre.os_random, + random_seed: pre.random_seed, nsk, membership_proof, identifier: pre.identifier, @@ -412,7 +412,7 @@ impl AccountManager { }, _ => InputAccountIdentity::PrivatePdaInit { vpk: pre.vpk.clone(), - os_random: pre.os_random, + random_seed: pre.random_seed, npk: pre.npk, identifier: pre.identifier, seed: None, @@ -422,7 +422,7 @@ impl AccountManager { (Some(nsk), Some(membership_proof)) => { InputAccountIdentity::PrivateAuthorizedUpdate { vpk: pre.vpk.clone(), - os_random: pre.os_random, + random_seed: pre.random_seed, nsk, membership_proof, identifier: pre.identifier, @@ -430,13 +430,13 @@ impl AccountManager { } (Some(nsk), None) => InputAccountIdentity::PrivateAuthorizedInit { vpk: pre.vpk.clone(), - os_random: pre.os_random, + random_seed: pre.random_seed, nsk, identifier: pre.identifier, }, (None, _) => InputAccountIdentity::PrivateUnauthorized { vpk: pre.vpk.clone(), - os_random: pre.os_random, + random_seed: pre.random_seed, npk: pre.npk, identifier: pre.identifier, }, @@ -513,7 +513,7 @@ struct AccountPreparedData { vpk: ViewingPublicKey, pre_state: AccountWithMetadata, proof: Option, - os_random: [u8; 32], + random_seed: [u8; 32], /// True when this account is a private PDA (owned or foreign). Used by `account_identities()` /// to select `PrivatePdaInit`/`PrivatePdaUpdate` rather than the standalone private variants. is_pda: bool, @@ -544,8 +544,8 @@ async fn private_key_tree_acc_preparation( // support from that in the wallet. let sender_pre = AccountWithMetadata::new(from_acc.account.clone(), true, account_id); - let mut os_random: [u8; 32] = [0; 32]; - OsRng.fill_bytes(&mut os_random); + let mut random_seed: [u8; 32] = [0; 32]; + OsRng.fill_bytes(&mut random_seed); Ok(AccountPreparedData { nsk: Some(nsk), @@ -554,7 +554,7 @@ async fn private_key_tree_acc_preparation( vpk: from_vpk, pre_state: sender_pre, proof, - os_random, + random_seed, is_pda, }) } @@ -582,8 +582,8 @@ async fn private_shared_acc_preparation( .await .unwrap_or(None); - let mut os_random: [u8; 32] = [0; 32]; - OsRng.fill_bytes(&mut os_random); + let mut random_seed: [u8; 32] = [0; 32]; + OsRng.fill_bytes(&mut random_seed); Ok(AccountPreparedData { nsk: Some(nsk), @@ -592,7 +592,7 @@ async fn private_shared_acc_preparation( vpk, pre_state, proof, - os_random, + random_seed, is_pda, }) } diff --git a/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs b/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs index a411a152..c799a1db 100644 --- a/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs +++ b/program_methods/guest/src/bin/privacy_preserving_circuit/output.rs @@ -42,7 +42,7 @@ pub fn compute_circuit_output( } InputAccountIdentity::PrivateAuthorizedInit { vpk, - os_random, + random_seed, nsk, identifier, } => { @@ -74,14 +74,14 @@ pub fn compute_circuit_output( &PrivateAccountKind::Regular(*identifier), &npk, vpk, - os_random, + random_seed, new_nullifier, new_nonce, ); } InputAccountIdentity::PrivateAuthorizedUpdate { vpk, - os_random, + random_seed, nsk, membership_proof, identifier, @@ -111,14 +111,14 @@ pub fn compute_circuit_output( &PrivateAccountKind::Regular(*identifier), &npk, vpk, - os_random, + random_seed, new_nullifier, new_nonce, ); } InputAccountIdentity::PrivateUnauthorized { vpk, - os_random, + random_seed, npk, identifier, } => { @@ -149,14 +149,14 @@ pub fn compute_circuit_output( &PrivateAccountKind::Regular(*identifier), npk, vpk, - os_random, + random_seed, new_nullifier, new_nonce, ); } InputAccountIdentity::PrivatePdaInit { vpk, - os_random, + random_seed, npk, identifier, seed: _, @@ -199,14 +199,14 @@ pub fn compute_circuit_output( }, npk, vpk, - os_random, + random_seed, new_nullifier, new_nonce, ); } InputAccountIdentity::PrivatePdaUpdate { vpk, - os_random, + random_seed, nsk, membership_proof, identifier, @@ -247,7 +247,7 @@ pub fn compute_circuit_output( }, &npk, vpk, - os_random, + random_seed, new_nullifier, new_nonce, ); @@ -270,7 +270,7 @@ fn emit_private_output( kind: &PrivateAccountKind, npk: &NullifierPublicKey, vpk: &ViewingPublicKey, - os_random: &[u8; 32], + random_seed: &[u8; 32], new_nullifier: (Nullifier, CommitmentSetDigest), new_nonce: Nonce, ) { @@ -281,7 +281,7 @@ fn emit_private_output( let commitment_post = Commitment::new(account_id, &post_with_updated_nonce); - let esk = EphemeralSecretKey::new(account_id, os_random, &new_nonce); + let esk = EphemeralSecretKey::new(account_id, random_seed, &new_nonce); let (shared_secret, epk) = SharedSecretKey::encapsulate_deterministic(vpk, &esk); // Currently the view tag is properlty generated for all accounts.