Integrates origin/main (per-program-crate refactor) and re-homes the cross-zone messaging feature onto it.
BREAKING CHANGE: Genesis state root changes. This registers six builtin programs
(cross_zone_outbox, cross_zone_inbox, ping_sender, ping_receiver, bridge_lock,
wrapped_token) and seeds their genesis accounts (the wrapped_token authorized
minter config, the per-zone inbox config, and optional bridge-lock holdings).
Building the new cores alongside the existing builtins also enables serde/alloc
for the shared programs build, regenerating every builtin program image id. All
nodes must upgrade together.
BREAKING CHANGE: registers the wrapped_token and bridge_lock builtin programs and seeds the wrapped_token config account at genesis, changing the genesis state.
* initialize pq encryption changes
* key agreement update
* add test and other fixes
* ci fixes
* fix unit tests
* updates from main and ci
* added updated specs for pq encryption
* addressing comments
* addressed comments
* fix clippy errors from main merge
* Rebased to main
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
`"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
BREAKING CHANGE
- Nonce init (PrivateAuthorizedInit): the initial nonce for PrivateAuthorizedInit accounts was incorrectly computed. Privacy preserving circuit code changed, as well as its id.
- Authorization bidirectional check: programs must now set is_authorized = true for every authorized account in pre-states, not just avoid marking unauthorized ones as authorized.
- Authorization in chained calls: authorized-account set is now the union across the call chain instead of being reset at each hop.