28 Commits

Author SHA1 Message Date
Artem Gureev
8c7f3764a5 feat(circuit): use dummy_inputs in ppc 2026-07-03 20:17:36 +04:00
Artem Gureev
35df009837 feat(lee): add for_dummy nullifier and commitment derivations 2026-07-03 20:17:36 +04:00
Artem Gureev
3ec074095d feat(lee): add dummy account type for function-privacy padding 2026-07-03 20:17:34 +04:00
Artem Gureev
640d4f6502 feat(circuit): supply a view_tag on private-account updates 2026-07-03 10:17:30 +04:00
Artem Gureev
859ffd3900 Merge origin/artem/change-wallet-balance-fetch into artem/user-view-tag
Brings the nullifier-based wallet balance fetch (NullifierIndex,
sync_updates_via_nullifiers) onto the vpk-binding base, so account
updates are found by nullifier rather than only by view tag.

Conflict resolutions (semantic):
- wallet/lib.rs: keep vpk-binding's for_private_account(npk, vpk, kind);
  add theirs' nsk into the 4-tuple consumed by index.track().
- wallet/storage/key_chain.rs: keep theirs' private_account/private_accounts
  split (the iterator is reused by the nullifier index) and restore the vpk
  in the derivation; adapt 4 pre-vpk call sites (for_private_account 2->3 arg,
  AccountId::from((npk,id)) -> (npk,vpk,id)).
- artifacts/*: took ours; regenerate with `just build-artifacts`.
2026-07-02 18:40:13 +00:00
agureev
8e084e22d1 Merge remote-tracking branch 'origin/dev' into artem/viewing-key-binding 2026-07-02 20:04:30 +04:00
agureev
296afdc4a3 Merge remote-tracking branch 'origin/dev' into artem/change-wallet-balance-fetch 2026-07-01 21:12:14 +04:00
Artem Gureev
6283f5e3ee refactor(state_machine): derive Default for ValidityWindow 2026-07-01 19:16:44 +04:00
jonesmarvin8
072ea3b066
refactor(lee::state_machine): clean up long functions and files (#535)
* refactor(lee): split large modules into directories and extract tests

Split state.rs, program.rs, circuit.rs, validated_state_diff.rs,
merkle_tree, and core/program.rs into module directories with separate
test files. State tests are further split into themed files (genesis,
authenticated_transfer, circuit, claiming, etc.). Extract
authenticate_public_transaction_signers helper in validated_state_diff
to remove duplicated authentication logic.

* chore: rebuild artifacts
2026-07-01 11:11:08 -04:00
jonesmarvin8
f8d859394b
refactor(privacy_preserving_circuit): introduce helper functions to shorten long functions (#545)
* refactor(privacy_preserving_circuit): extract functions for readability

* refactor(privacy_preserving_circuit): address PR review comments

Bundle shared handle_* arguments into PrivateOutputHandler struct in
output.rs and fix misplaced docstring on resolve_external_seed in
execution_state.rs.

* feat: update commitment mechanism for new private account (#546)

* refactor(privacy_preserving_circuit): extract functions for readability

* feat: update commitment mechanism for new private accounts

Allow init accounts to optionally use a real membership proof for
DUMMY_COMMITMENT instead of hardcoding DUMMY_COMMITMENT_HASH as the
CommitmentSetDigest. The wallet fetches the proof from the sequencer
and passes it through the circuit.

* fix: address clippy lints and fix integration test visibility

* add tests

* refactor: removed duplicated code

* refactor: simplify init nullifier mechanism

Replace Option<MembershipProof> with Option<CommitmentSetDigest> on init
variants (PrivateAuthorizedInit, PrivateUnauthorized, PrivatePdaInit).
The circuit now receives the commitment tree root directly instead of
recomputing it from a Merkle proof.

* refactor: use CommitmentSetDigest directly instead of Option for init commitment root

Address PR #546 review feedback: the circuit now accepts CommitmentSetDigest
directly on init variants (PrivateAuthorizedInit, PrivateUnauthorized,
PrivatePdaInit), with callers providing DUMMY_COMMITMENT_HASH as the default.
Also fixes duplicate resolve_external_seed from rebase and rebuilds artifacts.

* style: run cargo +nightly fmt
2026-07-01 10:14:32 -04:00
jonesmarvin8
3b3857594f
refactor(lee::key_protocol) - cleaned up duplicated logic (#532)
* Clean up key protocol

* added test for helper function

* address comment

* chore: apply nightly fmt
2026-07-01 10:11:08 -04:00
Marvin Jones
6155bd9a37 fix(encryption): rename os_random to random_seed and fix ESK derivation in tests
Rename os_random field to random_seed per review feedback. Fix tests
that constructed SharedSecretKey with a hardcoded EphemeralSecretKey
instead of deriving it via EphemeralSecretKey::new.
2026-06-29 09:10:43 -04:00
Marvin Jones
060a83879b feat(encryption): derive esk from account state, remove chacha20poly1305 logic
Introduce EphemeralSecretKey as a proper struct with EphemeralSecretKey::new()
that derives esk from SHA256("/LEE/v0.3/esk/" || account_id || os_random || nonce).
Rename witness field from esk to os_random. Simplify encapsulate_deterministic
to accept pre-derived EphemeralSecretKey directly.
2026-06-29 09:10:43 -04:00
agureev
a815b50275 doc: update encapsulation documentation 2026-06-24 21:34:59 +04:00
agureev
b31fe5e4a7 refactor: change message_hash to esk for encapsulation 2026-06-24 21:24:12 +04:00
agureev
01accb788c feat: add prefix to the ML KEM kdf 2026-06-24 21:17:43 +04:00
agureev
f2778ea5d0 test: regenerate hardcoded values 2026-06-23 18:02:48 +04:00
agureev
090c368c14 tests: test and flow updates 2026-06-23 15:51:58 +04:00
agureev
526f9ccb32 feat(ppc)!: introduce protocol-level changes for vpk binding
BREAKING:

Before: The epk and the vpk of the receiver were not bound to the ss
that was directly fed to the circuit.

After: The ss, epk, tag fields are removed as explicit arguments
per-account and instead replaced by supplying a vpk, esk per
account. The ss, epk, tag all constructed in-circuit. Account ID
generation now uses vpk as additional argument.

Mitigation: Change Account ID generation to include the vpk, change
proving inputs.
2026-06-23 15:46:23 +04:00
agureev
10066be8e3 feat: optimize encryption computation by using slices 2026-06-23 14:54:24 +04:00
agureev
2fd8c1b157 refactor: expose ML KEM and esk in-guest 2026-06-23 14:54:03 +04:00
Daniil Polyakov
d6e68a52ca feat(state): forbid private bridge withdrawals 2026-06-16 22:10:11 +03:00
agureev
31f1268365 refactor: use exlicit ViewTag type 2026-06-11 16:33:13 +04:00
agureev
64b3113ac9 chore: lint changes 2026-06-11 16:04:49 +04:00
agureev
70efcdc59d feat(lee): push full encryption data to circuit output 2026-06-10 22:06:42 +04:00
agureev
6c9ee8896a feat(lee): make EncryptedAccountData guest-availiable
Likewise moves the epk definition outside of host-gated module
2026-06-10 21:59:55 +04:00
jonesmarvin8
2104f71e39
feat(key-protocol/nssa)!: PQ resistance primitives for vsk/vpk for shared key agreement (#474)
* initialize pq encryption changes

* key agreement update

* add test and other fixes

* ci fixes

* fix unit tests

* updates from main and ci

* added updated specs for pq encryption

* addressing comments

* addressed comments

* fix clippy errors from main merge

* Rebased to main
2026-06-03 14:40:06 -04:00
Sergio Chouhy
4bcffafe27 refactor!: rename nssa crate to lee
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
  `"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
2026-06-01 17:11:42 -03:00