141 Commits

Author SHA1 Message Date
Artem Gureev
38395886e6 refactor(circuit): drop stale comment refs 2026-06-30 16:37:18 +04:00
Artem Gureev
71867a4d57 refactor(lee_core): make PrivateAddressPlaintext have a vpk lifetime 2026-06-30 16:36:45 +04:00
Artem Gureev
9393a64b66 refactor(circuit): drop the position map 2026-06-30 16:25:30 +04:00
Artem Gureev
2cee0b3861 refactor(circuit): use PrivateAddressPlaintext in-guest 2026-06-30 15:15:01 +04:00
Marvin Jones
6155bd9a37 fix(encryption): rename os_random to random_seed and fix ESK derivation in tests
Rename os_random field to random_seed per review feedback. Fix tests
that constructed SharedSecretKey with a hardcoded EphemeralSecretKey
instead of deriving it via EphemeralSecretKey::new.
2026-06-29 09:10:43 -04:00
Marvin Jones
060a83879b feat(encryption): derive esk from account state, remove chacha20poly1305 logic
Introduce EphemeralSecretKey as a proper struct with EphemeralSecretKey::new()
that derives esk from SHA256("/LEE/v0.3/esk/" || account_id || os_random || nonce).
Rename witness field from esk to os_random. Simplify encapsulate_deterministic
to accept pre-derived EphemeralSecretKey directly.
2026-06-29 09:10:43 -04:00
agureev
ecc5c3fc79 doc: add comment regarding view_tag computation 2026-06-24 21:41:59 +04:00
agureev
526f9ccb32 feat(ppc)!: introduce protocol-level changes for vpk binding
BREAKING:

Before: The epk and the vpk of the receiver were not bound to the ss
that was directly fed to the circuit.

After: The ss, epk, tag fields are removed as explicit arguments
per-account and instead replaced by supplying a vpk, esk per
account. The ss, epk, tag all constructed in-circuit. Account ID
generation now uses vpk as additional argument.

Mitigation: Change Account ID generation to include the vpk, change
proving inputs.
2026-06-23 15:46:23 +04:00
Daniil Polyakov
e9e30ff019 feat(sequencer): implement bridge withdraw flow 2026-06-16 22:10:11 +03:00
agureev
3e7bfa32a9 feat(privacy_preserving_circuit): push encryption data in-guest 2026-06-10 22:08:33 +04:00
Daniil Polyakov
7f5590907f feat(sequencer): make bridge deposits fault-tolerant 2026-06-04 15:17:56 +03:00
Sergio Chouhy
4bcffafe27 refactor!: rename nssa crate to lee
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
  `"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
2026-06-01 17:11:42 -03:00
Daniil Polyakov
d86e02139f chore(faucet): add genesis prefix to instruction names 2026-05-29 20:05:38 +03:00
Daniil Polyakov
9b8955daf5 feat(sequencer, programs): implement deposit operation for bridge 2026-05-29 20:01:24 +03:00
Sergio Chouhy
48da4b5119 fix!: protocol fixes
BREAKING CHANGE
  - Nonce init (PrivateAuthorizedInit): the initial nonce for PrivateAuthorizedInit accounts was incorrectly computed. Privacy preserving circuit code changed, as well as its id.
  - Authorization bidirectional check: programs must now set is_authorized = true for every authorized account in pre-states, not just avoid marking unauthorized ones as authorized.
  - Authorization in chained calls: authorized-account set is now the union across the call chain instead of being reset at each hop.
2026-05-29 02:08:14 -03:00
Sergio Chouhy
3c6d623c49 feat!: Add new path for externally provided seed to the circuit.
BREAKING CHANGE: add identity variants to the circuit and change semantics for `Claim::Authorized` for private PDAs
2026-05-21 11:22:31 -03:00
Sergio Chouhy
57173cc140 make authorization propagate transitively through chain calls in the circuit like in the public execution 2026-05-15 17:24:24 -03:00
Sergio Chouhy
2ae9e4da7f add tests and fix mechanism 2026-05-15 00:43:45 -03:00
Daniil Polyakov
ee5a98fc48 refactor: use faucet program to manage faucet account 2026-05-15 01:34:07 +03:00
Daniil Polyakov
9075f30f19 refactor: use system faucet and vaults to supply accounts from genesis
Co-authored-by: Copilot <copilot@github.com>
2026-05-15 01:34:01 +03:00
Daniil Polyakov
5f207a3f02 feat: move initial accounts data into genesis 2026-05-15 01:33:50 +03:00
moudyellaz
7679c50ea8 fix(privacy_preserving_circuit): lint 2026-05-14 23:07:15 +02:00
moudyellaz
3c8ff78319 merge: resolve conflicts with main 2026-05-14 18:40:49 +02:00
Sergio Chouhy
1ec145e7da assert equality on duplicate insert 2026-05-11 16:46:18 -03:00
Sergio Chouhy
e9c0aa0858 handle comments 2026-05-08 21:41:48 -03:00
moudyellaz
3772046a39 refactor(privacy_preserving_circuit): extract execution_state module
Refs: #454
2026-05-08 17:30:55 +02:00
moudyellaz
01eb4a58b8 fix(privacy_preserving_circuit): satisfy CI lints and refresh artifact for #454
Refs: #454
2026-05-07 21:23:35 +02:00
moudyellaz
bda50f1d2f refactor(privacy_preserving_circuit): extract output module
Refs: #454
2026-05-07 16:54:57 +02:00
Sergio Chouhy
f722d257a3 fmt 2026-05-07 01:41:35 -03:00
moudyellaz
ce3229f74f refactor(privacy_preserving_circuit)!: scaffold bin-dir layout
BREAKING-CHANGE: PRIVACY_PRESERVING_CIRCUIT_ID changes (one-time). In-flight proofs against the old guest become invalid.
Refs: #454
2026-05-06 19:10:05 +02:00
Sergio Chouhy
fb4ddb055a Merge branch 'main' into schouhy/diversify-private-pdas-by-identifier 2026-05-06 00:22:58 -03:00
Sergio Chouhy
1599fc655c add tests 2026-05-05 21:17:15 -03:00
Sergio Chouhy
11949e9fa1 use privateaccountkind in storage and fix circuit 2026-05-04 21:40:30 -03:00
Sergio Chouhy
95afb2065d use privateaccuontkind in privacy circuit 2026-05-04 18:07:56 -03:00
Sergio Chouhy
dd4670ab2f encrypt privateaccountkind instead of identifier 2026-05-01 01:21:48 -03:00
Sergio Chouhy
0eb128e515 minor refactor 2026-05-01 00:45:51 -03:00
Sergio Chouhy
8d9fa1224e remove fixed identifier for pdas 2026-05-01 00:26:38 -03:00
Sergio Chouhy
fb48c82717 add identifier to private pda formula 2026-05-01 00:06:23 -03:00
Moudy
8a8bac8b69 ci: address fmt-rs, lint, and unit-tests failures from the merge 2026-04-30 22:16:26 +02:00
Moudy
8517906025 Merge branch 'main' into moudy/feat-strong-type-circuit-input 2026-04-30 20:17:47 +02:00
Moudy
98da9b26cc fix: address PR review feedback
- Rename PrivacyPreservingCircuitInputAccount to InputAccountIdentity (drop the PrivacyPreservingCircuit prefix; add Identity suffix)
- Rename PrivacyPreservingCircuitInput.accounts to account_identities
- Rename AccountManager.accounts() to account_identities() and loop variables to account_identity
- Drop legacy mask-1/2/3 references from variant doc comments and guest comments
- Remove the explanatory comments about deleted parallel-vec tests; moved to the PR description
- Rebake privacy_preserving_circuit and test program artifacts
2026-04-30 15:46:36 +02:00
Moudy
55a4a1d83b ci: fix fmt-rs, deny advisory, and rebake artifacts 2026-04-29 08:54:19 +02:00
Moudy
f7349656c7 refactor: strong-type PrivacyPreservingCircuitInput with per-account enum 2026-04-29 07:37:30 +02:00
Sergio Chouhy
924b30650c change pda reserved identifier 2026-04-27 18:45:19 -03:00
Sergio Chouhy
e09cb6284e enforce reserved identifier for private pda 2026-04-24 18:00:54 -03:00
Sergio Chouhy
52992a124a fix identifier for pda 2026-04-24 17:04:40 -03:00
Sergio Chouhy
7c45b5af3c Merge branch 'main' into schouhy/generalize-npk-to-multiple-accounts 2026-04-24 01:04:55 -03:00
Moudy
e5b77a27d5 refactor: localize private_pda_npk_by_position and extract authorization helper
Addresses the following review comments from @Arjentix:

- "I think we can move this into `derive_from_outputs()`"
  (on the position → npk map construction in main())
  I moved the construction inside ExecutionState::derive_from_outputs
  and stored the map as a field of ExecutionState. derive_from_outputs
  now takes `private_account_keys` directly and builds the map as part
  of state initialization. main() no longer owns the intermediate
  structure. validate_and_sync_states reads the npk through
  self.private_pda_npk_by_position.

- "Let's move this whole `is_authorized` computation into a separate
  function. This became really bulky"
  I extracted the caller-seeds resolution, family-binding recording,
  and is_authorized computation into a free function
  `resolve_authorization_and_record_bindings`. It takes the three
  field borrows it needs (`&mut pda_family_binding`, `&mut
  private_pda_bound_positions`, `&private_pda_npk_by_position`), same
  shape as `assert_family_binding`. A method would have conflicted
  with the `&mut self.post_states` borrow held by the Occupied match
  arm; the free function lets rustc split-borrow the self fields.
2026-04-22 15:55:35 +02:00
Sergio Chouhy
670527c2f1 Merge branch 'main' into schouhy/generalize-npk-to-multiple-accounts 2026-04-21 18:53:24 -03:00
Moudy
0183eac5cc refactor: unify PDA AccountId construction via AccountId::for_{public,private}_pda
Addresses the following review comment:

- "I think this should be a constructor `AccountId::for_private_pda`.
  Consider also removing the existing `impl From<(ProgramId, Seed)> for
  AccountId` for public pdas in favor of a `AccountId::for_public_pda`
  to have a unified way of constructing pdas"

I replaced `impl From<(&ProgramId, &PdaSeed)> for AccountId` with
`AccountId::for_public_pda(program_id: &ProgramId, seed: &PdaSeed) ->
Self` and replaced the free function `private_pda_account_id(...)`
with `AccountId::for_private_pda(program_id: &ProgramId, seed:
&PdaSeed, npk: &NullifierPublicKey) -> Self`. Both live in an inherent
`impl AccountId` block in nssa/core/src/program.rs next to the PDA
derivation logic. Migrated all call sites across nssa/core,
nssa/src/state.rs, nssa/src/validated_state_diff.rs,
program_methods/guest/src/bin/privacy_preserving_circuit.rs,
programs/amm/core, programs/associated_token_account/core, the example
tail-call binary, and the ATA tutorial doc. Test function names that
referenced the old free function were also renamed
(private_pda_account_id_* to for_private_pda_*).
2026-04-21 12:35:19 +02:00