23 Commits

Author SHA1 Message Date
Artem Gureev
6fa05fa847 feat(lee_core): change private pda id derivation
Private PDA ID generation now folds the underlying accound ID generated
2026-06-30 22:20:22 +04:00
Artem Gureev
9a4e539f55 refactor(circuit): remove optimistic pda id derivation 2026-06-30 18:09:34 +04:00
Artem Gureev
327f44fce3 refactor(circuit): borrow account_identities 2026-06-30 16:38:10 +04:00
Artem Gureev
84df5252c0 refactor(circuit): move address derivation out of a loop 2026-06-30 16:37:26 +04:00
Artem Gureev
38395886e6 refactor(circuit): drop stale comment refs 2026-06-30 16:37:18 +04:00
Artem Gureev
71867a4d57 refactor(lee_core): make PrivateAddressPlaintext have a vpk lifetime 2026-06-30 16:36:45 +04:00
Artem Gureev
9393a64b66 refactor(circuit): drop the position map 2026-06-30 16:25:30 +04:00
Artem Gureev
2cee0b3861 refactor(circuit): use PrivateAddressPlaintext in-guest 2026-06-30 15:15:01 +04:00
Marvin Jones
6155bd9a37 fix(encryption): rename os_random to random_seed and fix ESK derivation in tests
Rename os_random field to random_seed per review feedback. Fix tests
that constructed SharedSecretKey with a hardcoded EphemeralSecretKey
instead of deriving it via EphemeralSecretKey::new.
2026-06-29 09:10:43 -04:00
Marvin Jones
060a83879b feat(encryption): derive esk from account state, remove chacha20poly1305 logic
Introduce EphemeralSecretKey as a proper struct with EphemeralSecretKey::new()
that derives esk from SHA256("/LEE/v0.3/esk/" || account_id || os_random || nonce).
Rename witness field from esk to os_random. Simplify encapsulate_deterministic
to accept pre-derived EphemeralSecretKey directly.
2026-06-29 09:10:43 -04:00
agureev
ecc5c3fc79 doc: add comment regarding view_tag computation 2026-06-24 21:41:59 +04:00
agureev
526f9ccb32 feat(ppc)!: introduce protocol-level changes for vpk binding
BREAKING:

Before: The epk and the vpk of the receiver were not bound to the ss
that was directly fed to the circuit.

After: The ss, epk, tag fields are removed as explicit arguments
per-account and instead replaced by supplying a vpk, esk per
account. The ss, epk, tag all constructed in-circuit. Account ID
generation now uses vpk as additional argument.

Mitigation: Change Account ID generation to include the vpk, change
proving inputs.
2026-06-23 15:46:23 +04:00
agureev
3e7bfa32a9 feat(privacy_preserving_circuit): push encryption data in-guest 2026-06-10 22:08:33 +04:00
Sergio Chouhy
4bcffafe27 refactor!: rename nssa crate to lee
BREAKING CHANGE:
- Crate `nssa` renamed to `lee`; update `Cargo.toml` dependencies from `nssa = { workspace = true }` to `lee = { workspace = true }`.
- Crate `nssa_core` renamed to `lee_core`; update similarly.
- Crate `key_protocol` moved under `lee`; update `Cargo.toml` dependencies from `key_protocol = { workspace = true }` to `lee_key_protocol = { workspace = true }`.
- Type `NSSATransaction` (in `common`) renamed to `LeeTransaction`.
- Error type `nssa::error::NssaError` renamed to `lee::error::LeeError`.
- Error type `nssa_core::error::NssaCoreError` renamed to `lee_core::error::LeeCoreError`.
- All `use nssa::` and `use nssa_core::` import paths must be updated to `use lee::` and `use lee_core::` respectively.
- Guest programs must replace `write_nssa_outputs` with `write_lee_outputs`.
- The sequencer RocksDB column family for the chain state was renamed. Existing databases are incompatible and must be wiped before running the new version.
- Domain separators updated: `"NSSA_seed"` → `"LEE_seed"` (key derivation), `"NSSA/v0.2/KDF-SHA256/"` → `"LEE/v0.2/KDF-SHA256/"` (encryption KDF), `"/NSSA/v0.2/AccountId/PDA/"` →
  `"/LEE/v0.2/AccountId/PDA/"` (public PDA address derivation). All previously derived keys, encrypted outputs, and public PDA addresses are invalidated.
2026-06-01 17:11:42 -03:00
Sergio Chouhy
48da4b5119 fix!: protocol fixes
BREAKING CHANGE
  - Nonce init (PrivateAuthorizedInit): the initial nonce for PrivateAuthorizedInit accounts was incorrectly computed. Privacy preserving circuit code changed, as well as its id.
  - Authorization bidirectional check: programs must now set is_authorized = true for every authorized account in pre-states, not just avoid marking unauthorized ones as authorized.
  - Authorization in chained calls: authorized-account set is now the union across the call chain instead of being reset at each hop.
2026-05-29 02:08:14 -03:00
Sergio Chouhy
3c6d623c49 feat!: Add new path for externally provided seed to the circuit.
BREAKING CHANGE: add identity variants to the circuit and change semantics for `Claim::Authorized` for private PDAs
2026-05-21 11:22:31 -03:00
Sergio Chouhy
57173cc140 make authorization propagate transitively through chain calls in the circuit like in the public execution 2026-05-15 17:24:24 -03:00
moudyellaz
7679c50ea8 fix(privacy_preserving_circuit): lint 2026-05-14 23:07:15 +02:00
moudyellaz
3c8ff78319 merge: resolve conflicts with main 2026-05-14 18:40:49 +02:00
moudyellaz
3772046a39 refactor(privacy_preserving_circuit): extract execution_state module
Refs: #454
2026-05-08 17:30:55 +02:00
moudyellaz
01eb4a58b8 fix(privacy_preserving_circuit): satisfy CI lints and refresh artifact for #454
Refs: #454
2026-05-07 21:23:35 +02:00
moudyellaz
bda50f1d2f refactor(privacy_preserving_circuit): extract output module
Refs: #454
2026-05-07 16:54:57 +02:00
moudyellaz
ce3229f74f refactor(privacy_preserving_circuit)!: scaffold bin-dir layout
BREAKING-CHANGE: PRIVACY_PRESERVING_CIRCUIT_ID changes (one-time). In-flight proofs against the old guest become invalid.
Refs: #454
2026-05-06 19:10:05 +02:00