lssa-zkvm-testing/risc0-selective-privacy-poc/examples/private_execution.rs

use core::{
    account::Account,
    bytes_to_words,
    types::{Address, AuthenticationPath},
    visibility::AccountVisibility,
};
use nssa::program::TransferMultipleProgram;
use sparse_merkle_tree::SparseMerkleTree;

/// A private execution of the TransferMultiple function.
/// This actually "burns" a sender private account and "mints" two new private accounts:
/// one for the recipient with the transferred balance, and another owned by the sender with the remaining balance.
fn main() {
    // Setup commitment tree, simulating a current chain state that has a private account already
    // committed to the commitment tree.
    let sender_private_key = [1, 2, 3, 4, 4, 3, 2, 1];
    let sender = {
        // Creating this here but it is supposed to be already in the private possesion of the user
        let mut account = Account::new_from_private_key(sender_private_key);
        account.balance = 150;
        account
    };
    let commitment_tree = SparseMerkleTree::new([sender.commitment()].into_iter().collect());

    // Get the root of the commitment tree and the authentication path of the commitment of the private account.
    let root = bytes_to_words(&commitment_tree.root());
    let auth_path: Vec<[u32; 8]> = commitment_tree
        .get_authentication_path_for_value(sender.commitment())
        .iter()
        .map(bytes_to_words)
        .collect();
    let auth_path: AuthenticationPath = auth_path.try_into().unwrap();

    // These are the new private account being minted by this private execution.
    // (the `receiver_address` would be <Npk> in UTXO's terminology)
    let receiver_address_1 = [99; 8];
    let receiver_1 = new_default_account(receiver_address_1);
    let receiver_address_2 = [100; 8];
    let receiver_2 = new_default_account(receiver_address_2);

    // Setup input account visibilites. All accounts are private for this execution.
    let visibilities = vec![
        AccountVisibility::Private(Some((sender_private_key, auth_path))),
        AccountVisibility::Private(None),
        AccountVisibility::Private(None),
    ];

    // Set the balances to be sent to the two receiver addresses.
    // This means, the execution will remove 70 tokens from the sender
    // and send 30 to the first receiver and 40 to the second.
    let balance_to_move = vec![30, 40];

    // Execute and prove the outer program for the TransferMultipleProgram.
    // This is executed off-chain by the sender.
    let (receipt, _) = nssa::execute_offchain::<TransferMultipleProgram>(
        &[sender, receiver_1, receiver_2],
        balance_to_move,
        &visibilities,
        root,
    )
    .unwrap();

    // Verify the proof
    assert!(nssa::verify_privacy_execution(receipt).is_ok());
    println!("OK!");
}

fn new_default_account(address: Address) -> Account {
    Account::new(address, 0)
}
rename crates 2025-07-17 10:10:39 -03:00			`use core::{`
refactor 2025-07-16 15:37:49 -03:00			`account::Account,`
			`bytes_to_words,`
clippy 2025-07-19 19:12:56 -03:00			`types::{Address, AuthenticationPath},`
rename input visibility to account visibility 2025-07-19 17:02:26 -03:00			`visibility::AccountVisibility,`
make commitment a u32 value for the POC 2025-07-15 09:21:55 -03:00			`};`
add tansfer multiple program 2025-07-17 11:07:18 -03:00			`use nssa::program::TransferMultipleProgram;`
sequencer wip 2025-07-17 12:46:57 -03:00			`use sparse_merkle_tree::SparseMerkleTree;`
add public pre and post states to the output of the outer program 2025-07-15 08:07:27 -03:00
add docs 2025-07-18 17:10:33 -03:00			`/// A private execution of the TransferMultiple function.`
add comments 2025-07-11 19:35:54 -03:00			`/// This actually "burns" a sender private account and "mints" two new private accounts:`
minor changes 2025-07-11 19:44:43 -03:00			`/// one for the recipient with the transferred balance, and another owned by the sender with the remaining balance.`
moved examples to examples dir 2025-07-16 17:25:03 -03:00			`fn main() {`
add docs 2025-07-18 17:10:33 -03:00			`// Setup commitment tree, simulating a current chain state that has a private account already`
			`// committed to the commitment tree.`
name types 2025-07-15 09:26:34 -03:00			`let sender_private_key = [1, 2, 3, 4, 4, 3, 2, 1];`
minor changes 2025-07-11 19:44:43 -03:00			`let sender = {`
add docs 2025-07-18 17:10:33 -03:00			`// Creating this here but it is supposed to be already in the private possesion of the user`
refactor 2025-07-18 15:56:41 -03:00			`let mut account = Account::new_from_private_key(sender_private_key);`
minor changes 2025-07-11 19:44:43 -03:00			`account.balance = 150;`
			`account`
			`};`
dummy 2025-07-15 13:08:13 -03:00			`let commitment_tree = SparseMerkleTree::new([sender.commitment()].into_iter().collect());`
add docs 2025-07-18 17:10:33 -03:00
			`// Get the root of the commitment tree and the authentication path of the commitment of the private account.`
add implementation of is_in_tree 2025-07-15 13:54:59 -03:00			`let root = bytes_to_words(&commitment_tree.root());`
			`let auth_path: Vec<[u32; 8]> = commitment_tree`
			`.get_authentication_path_for_value(sender.commitment())`
			`.iter()`
			`.map(bytes_to_words)`
			`.collect();`
			`let auth_path: AuthenticationPath = auth_path.try_into().unwrap();`
add variable number of inputs/outputs with visibility 2025-07-14 19:25:41 -03:00
add docs 2025-07-18 17:10:33 -03:00			`// These are the new private account being minted by this private execution.`
			// (the `receiver_address` would be <Npk> in UTXO's terminology)
add tansfer multiple program 2025-07-17 11:07:18 -03:00			`let receiver_address_1 = [99; 8];`
add docs 2025-07-18 17:10:33 -03:00			`let receiver_1 = new_default_account(receiver_address_1);`
add tansfer multiple program 2025-07-17 11:07:18 -03:00			`let receiver_address_2 = [100; 8];`
add docs 2025-07-18 17:10:33 -03:00			`let receiver_2 = new_default_account(receiver_address_2);`
add comments 2025-07-11 19:35:54 -03:00
rename input visibility to account visibility 2025-07-19 17:02:26 -03:00			`// Setup input account visibilites. All accounts are private for this execution.`
add variable number of inputs/outputs with visibility 2025-07-14 19:25:41 -03:00			`let visibilities = vec![`
rename input visibility to account visibility 2025-07-19 17:02:26 -03:00			`AccountVisibility::Private(Some((sender_private_key, auth_path))),`
			`AccountVisibility::Private(None),`
			`AccountVisibility::Private(None),`
add variable number of inputs/outputs with visibility 2025-07-14 19:25:41 -03:00			`];`
rename 2025-07-17 09:43:44 -03:00
add docs 2025-07-18 17:10:33 -03:00			`// Set the balances to be sent to the two receiver addresses.`
			`// This means, the execution will remove 70 tokens from the sender`
			`// and send 30 to the first receiver and 40 to the second.`
			`let balance_to_move = vec![30, 40];`

			`// Execute and prove the outer program for the TransferMultipleProgram.`
minor changes 2025-07-18 20:34:07 -03:00			`// This is executed off-chain by the sender.`
			`let (receipt, _) = nssa::execute_offchain::<TransferMultipleProgram>(`
add tansfer multiple program 2025-07-17 11:07:18 -03:00			`&[sender, receiver_1, receiver_2],`
add docs 2025-07-18 17:10:33 -03:00			`balance_to_move,`
generalize code to prove any privacy execution 2025-07-16 17:01:50 -03:00			`&visibilities,`
			`root,`
			`)`
			`.unwrap();`
refactor 2025-07-11 19:21:06 -03:00
add docs 2025-07-18 17:10:33 -03:00			`// Verify the proof`
refactor 2025-07-19 18:08:57 -03:00			`assert!(nssa::verify_privacy_execution(receipt).is_ok());`
add docs 2025-07-18 17:10:33 -03:00			`println!("OK!");`
			`}`
add verification function 2025-07-17 09:20:03 -03:00
add docs 2025-07-18 17:10:33 -03:00			`fn new_default_account(address: Address) -> Account {`
			`Account::new(address, 0)`
refactor 2025-07-11 19:21:06 -03:00			`}`