BREAKING:
Before: The epk and the vpk of the receiver were not bound to the ss
that was directly fed to the circuit.
After: The ss, epk, tag fields are removed as explicit arguments
per-account and instead replaced by supplying a vpk, esk per
account. The ss, epk, tag all constructed in-circuit. Account ID
generation now uses vpk as additional argument.
Mitigation: Change Account ID generation to include the vpk, change
proving inputs.
* initialize pq encryption changes
* key agreement update
* add test and other fixes
* ci fixes
* fix unit tests
* updates from main and ci
* added updated specs for pq encryption
* addressing comments
* addressed comments
* fix clippy errors from main merge
* Rebased to main
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
`"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
