lssa/nssa/src/privacy_preserving_transaction/circuit.rs

use std::collections::HashMap;

use borsh::{BorshDeserialize, BorshSerialize};
use nssa_core::{
    MembershipProof, NullifierPublicKey, NullifierSecretKey, PrivacyPreservingCircuitInput,
    PrivacyPreservingCircuitOutput, SharedSecretKey,
    account::AccountWithMetadata,
    program::{InstructionData, ProgramId, ProgramOutput},
};
use risc0_zkvm::{ExecutorEnv, InnerReceipt, Receipt, default_prover};

use crate::{
    error::NssaError,
    program::Program,
    program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID},
    state::MAX_NUMBER_CHAINED_CALLS,
};

/// Proof of the privacy preserving execution circuit
#[derive(Debug, Clone, PartialEq, Eq, BorshSerialize, BorshDeserialize)]
pub struct Proof(pub(crate) Vec<u8>);

#[derive(Clone)]
pub struct ProgramWithDependencies {
    pub program: Program,
    // TODO: avoid having a copy of the bytecode of each dependency.
    pub dependencies: HashMap<ProgramId, Program>,
}

impl ProgramWithDependencies {
    pub fn new(program: Program, dependencies: HashMap<ProgramId, Program>) -> Self {
        Self {
            program,
            dependencies,
        }
    }
}

impl From<Program> for ProgramWithDependencies {
    fn from(program: Program) -> Self {
        ProgramWithDependencies::new(program, HashMap::new())
    }
}

/// Generates a proof of the execution of a NSSA program inside the privacy preserving execution
/// circuit
#[expect(clippy::too_many_arguments, reason = "TODO: fix later")]
pub fn execute_and_prove(
    pre_states: &[AccountWithMetadata],
    instruction_data: &InstructionData,
    visibility_mask: &[u8],
    private_account_nonces: &[u128],
    private_account_keys: &[(NullifierPublicKey, SharedSecretKey)],
    private_account_nsks: &[NullifierSecretKey],
    private_account_membership_proofs: &[Option<MembershipProof>],
    program_with_dependencies: &ProgramWithDependencies,
) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> {
    let mut program = &program_with_dependencies.program;
    let dependencies = &program_with_dependencies.dependencies;
    let mut instruction_data = instruction_data.clone();
    let mut pre_states = pre_states.to_vec();
    let mut env_builder = ExecutorEnv::builder();
    let mut program_outputs = Vec::new();

    for _i in 0..MAX_NUMBER_CHAINED_CALLS {
        let inner_receipt = execute_and_prove_program(program, &pre_states, &instruction_data)?;

        let program_output: ProgramOutput = inner_receipt
            .journal
            .decode()
            .map_err(|e| NssaError::ProgramOutputDeserializationError(e.to_string()))?;

        // TODO: remove clone
        program_outputs.push(program_output.clone());

        // Prove circuit.
        env_builder.add_assumption(inner_receipt);

        // TODO: Remove when multi-chain calls are supported in the circuit
        assert!(program_output.chained_calls.len() <= 1);
        // TODO: Modify when multi-chain calls are supported in the circuit
        if let Some(next_call) = program_output.chained_calls.first() {
            program = dependencies
                .get(&next_call.program_id)
                .ok_or(NssaError::InvalidProgramBehavior)?;
            instruction_data = next_call.instruction_data.clone();
            // Build post states with metadata for next call
            let mut post_states_with_metadata = Vec::new();
            for (pre, post) in program_output
                .pre_states
                .iter()
                .zip(program_output.post_states)
            {
                let mut post_with_metadata = pre.clone();
                post_with_metadata.account = post.account().clone();
                post_states_with_metadata.push(post_with_metadata);
            }

            pre_states = next_call.pre_states.clone();
        } else {
            break;
        }
    }

    let circuit_input = PrivacyPreservingCircuitInput {
        program_outputs,
        visibility_mask: visibility_mask.to_vec(),
        private_account_nonces: private_account_nonces.to_vec(),
        private_account_keys: private_account_keys.to_vec(),
        private_account_nsks: private_account_nsks.to_vec(),
        private_account_membership_proofs: private_account_membership_proofs.to_vec(),
        program_id: program_with_dependencies.program.id(),
    };

    env_builder.write(&circuit_input).unwrap();
    let env = env_builder.build().unwrap();
    let prover = default_prover();
    let prove_info = prover
        .prove(env, PRIVACY_PRESERVING_CIRCUIT_ELF)
        .map_err(|e| NssaError::CircuitProvingError(e.to_string()))?;

    let proof = Proof(borsh::to_vec(&prove_info.receipt.inner)?);

    let circuit_output: PrivacyPreservingCircuitOutput = prove_info
        .receipt
        .journal
        .decode()
        .map_err(|e| NssaError::CircuitOutputDeserializationError(e.to_string()))?;

    Ok((circuit_output, proof))
}

fn execute_and_prove_program(
    program: &Program,
    pre_states: &[AccountWithMetadata],
    instruction_data: &InstructionData,
) -> Result<Receipt, NssaError> {
    // Write inputs to the program
    let mut env_builder = ExecutorEnv::builder();
    Program::write_inputs(pre_states, instruction_data, &mut env_builder)?;
    let env = env_builder.build().unwrap();

    // Prove the program
    let prover = default_prover();
    Ok(prover
        .prove(env, program.elf())
        .map_err(|e| NssaError::ProgramProveFailed(e.to_string()))?
        .receipt)
}

impl Proof {
    pub(crate) fn is_valid_for(&self, circuit_output: &PrivacyPreservingCircuitOutput) -> bool {
        let inner: InnerReceipt = borsh::from_slice(&self.0).unwrap();
        let receipt = Receipt::new(inner, circuit_output.to_bytes());
        receipt.verify(PRIVACY_PRESERVING_CIRCUIT_ID).is_ok()
    }
}

#[cfg(test)]
mod tests {
    use nssa_core::{
        Commitment, DUMMY_COMMITMENT_HASH, EncryptionScheme, Nullifier,
        account::{Account, AccountId, AccountWithMetadata, data::Data},
    };

    use super::*;
    use crate::{
        privacy_preserving_transaction::circuit::execute_and_prove,
        program::Program,
        state::{
            CommitmentSet,
            tests::{test_private_account_keys_1, test_private_account_keys_2},
        },
    };

    #[test]
    fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts() {
        let recipient_keys = test_private_account_keys_1();
        let program = Program::authenticated_transfer_program();
        let sender = AccountWithMetadata::new(
            Account {
                program_owner: program.id(),
                balance: 100,
                ..Account::default()
            },
            true,
            AccountId::new([0; 32]),
        );

        let recipient = AccountWithMetadata::new(
            Account::default(),
            false,
            AccountId::from(&recipient_keys.npk()),
        );

        let balance_to_move: u128 = 37;

        let expected_sender_post = Account {
            program_owner: program.id(),
            balance: 100 - balance_to_move,
            nonce: 0,
            data: Data::default(),
        };

        let expected_recipient_post = Account {
            program_owner: program.id(),
            balance: balance_to_move,
            nonce: 0xdeadbeef,
            data: Data::default(),
        };

        let expected_sender_pre = sender.clone();

        let esk = [3; 32];
        let shared_secret = SharedSecretKey::new(&esk, &recipient_keys.ivk());

        let (output, proof) = execute_and_prove(
            &[sender, recipient],
            &Program::serialize_instruction(balance_to_move).unwrap(),
            &[0, 2],
            &[0xdeadbeef],
            &[(recipient_keys.npk(), shared_secret.clone())],
            &[],
            &[None],
            &Program::authenticated_transfer_program().into(),
        )
        .unwrap();

        assert!(proof.is_valid_for(&output));

        let [sender_pre] = output.public_pre_states.try_into().unwrap();
        let [sender_post] = output.public_post_states.try_into().unwrap();
        assert_eq!(sender_pre, expected_sender_pre);
        assert_eq!(sender_post, expected_sender_post);
        assert_eq!(output.new_commitments.len(), 1);
        assert_eq!(output.new_nullifiers.len(), 1);
        assert_eq!(output.ciphertexts.len(), 1);

        let recipient_post = EncryptionScheme::decrypt(
            &output.ciphertexts[0],
            &shared_secret,
            &output.new_commitments[0],
            0,
        )
        .unwrap();
        assert_eq!(recipient_post, expected_recipient_post);
    }

    #[test]
    fn prove_privacy_preserving_execution_circuit_fully_private() {
        let program = Program::authenticated_transfer_program();
        let sender_keys = test_private_account_keys_1();
        let recipient_keys = test_private_account_keys_2();

        let sender_pre = AccountWithMetadata::new(
            Account {
                balance: 100,
                nonce: 0xdeadbeef,
                program_owner: program.id(),
                data: Data::default(),
            },
            true,
            AccountId::from(&sender_keys.npk()),
        );
        let commitment_sender = Commitment::new(&sender_keys.npk(), &sender_pre.account);

        let recipient = AccountWithMetadata::new(
            Account::default(),
            false,
            AccountId::from(&recipient_keys.npk()),
        );
        let balance_to_move: u128 = 37;

        let mut commitment_set = CommitmentSet::with_capacity(2);
        commitment_set.extend(std::slice::from_ref(&commitment_sender));

        let expected_new_nullifiers = vec![
            (
                Nullifier::for_account_update(&commitment_sender, &sender_keys.nsk),
                commitment_set.digest(),
            ),
            (
                Nullifier::for_account_initialization(&recipient_keys.npk()),
                DUMMY_COMMITMENT_HASH,
            ),
        ];

        let program = Program::authenticated_transfer_program();

        let expected_private_account_1 = Account {
            program_owner: program.id(),
            balance: 100 - balance_to_move,
            nonce: 0xdeadbeef1,
            ..Default::default()
        };
        let expected_private_account_2 = Account {
            program_owner: program.id(),
            balance: balance_to_move,
            nonce: 0xdeadbeef2,
            ..Default::default()
        };
        let expected_new_commitments = vec![
            Commitment::new(&sender_keys.npk(), &expected_private_account_1),
            Commitment::new(&recipient_keys.npk(), &expected_private_account_2),
        ];

        let esk_1 = [3; 32];
        let shared_secret_1 = SharedSecretKey::new(&esk_1, &sender_keys.ivk());

        let esk_2 = [5; 32];
        let shared_secret_2 = SharedSecretKey::new(&esk_2, &recipient_keys.ivk());

        let (output, proof) = execute_and_prove(
            &[sender_pre.clone(), recipient],
            &Program::serialize_instruction(balance_to_move).unwrap(),
            &[1, 2],
            &[0xdeadbeef1, 0xdeadbeef2],
            &[
                (sender_keys.npk(), shared_secret_1.clone()),
                (recipient_keys.npk(), shared_secret_2.clone()),
            ],
            &[sender_keys.nsk],
            &[commitment_set.get_proof_for(&commitment_sender), None],
            &program.into(),
        )
        .unwrap();

        assert!(proof.is_valid_for(&output));
        assert!(output.public_pre_states.is_empty());
        assert!(output.public_post_states.is_empty());
        assert_eq!(output.new_commitments, expected_new_commitments);
        assert_eq!(output.new_nullifiers, expected_new_nullifiers);
        assert_eq!(output.ciphertexts.len(), 2);

        let sender_post = EncryptionScheme::decrypt(
            &output.ciphertexts[0],
            &shared_secret_1,
            &expected_new_commitments[0],
            0,
        )
        .unwrap();
        assert_eq!(sender_post, expected_private_account_1);

        let recipient_post = EncryptionScheme::decrypt(
            &output.ciphertexts[1],
            &shared_secret_2,
            &expected_new_commitments[1],
            1,
        )
        .unwrap();
        assert_eq!(recipient_post, expected_private_account_2);
    }
}
add test wip 2025-11-20 01:40:05 -03:00			`use std::collections::HashMap;`

fix: privacy-preserving test 2025-11-19 09:00:32 +02:00			`use borsh::{BorshDeserialize, BorshSerialize};`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`use nssa_core::{`
fmt and clippy 2025-08-27 16:24:20 -03:00			`MembershipProof, NullifierPublicKey, NullifierSecretKey, PrivacyPreservingCircuitInput,`
			`PrivacyPreservingCircuitOutput, SharedSecretKey,`
fmt, clippy 2025-09-11 15:49:54 -03:00			`account::AccountWithMetadata,`
add test wip 2025-11-20 01:40:05 -03:00			`program::{InstructionData, ProgramId, ProgramOutput},`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`};`
			`use risc0_zkvm::{ExecutorEnv, InnerReceipt, Receipt, default_prover};`

feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`use crate::{`
			`error::NssaError,`
			`program::Program,`
			`program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID},`
Merge branch 'main' into schouhy/implement-privacy-preserving-tail-calls 2025-11-26 16:37:04 -03:00			`state::MAX_NUMBER_CHAINED_CALLS,`
feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`};`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
add program_id check 2025-08-27 18:23:56 -03:00			`/// Proof of the privacy preserving execution circuit`
fix: privacy-preserving test 2025-11-19 09:00:32 +02:00			`#[derive(Debug, Clone, PartialEq, Eq, BorshSerialize, BorshDeserialize)]`
fix: commnets fix cleanup 2025-09-12 15:06:49 +03:00			`pub struct Proof(pub(crate) Vec<u8>);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
Merge branch 'main' into schouhy/implement-privacy-preserving-tail-calls 2025-12-09 22:27:38 -03:00			`#[derive(Clone)]`
small refactor 2025-11-22 16:39:34 -03:00			`pub struct ProgramWithDependencies {`
			`pub program: Program,`
nit 2025-11-22 18:39:02 -03:00			`// TODO: avoid having a copy of the bytecode of each dependency.`
small refactor 2025-11-22 16:39:34 -03:00			`pub dependencies: HashMap<ProgramId, Program>,`
			`}`

			`impl ProgramWithDependencies {`
			`pub fn new(program: Program, dependencies: HashMap<ProgramId, Program>) -> Self {`
			`Self {`
			`program,`
			`dependencies,`
			`}`
			`}`
			`}`

			`impl From<Program> for ProgramWithDependencies {`
			`fn from(program: Program) -> Self {`
			`ProgramWithDependencies::new(program, HashMap::new())`
			`}`
			`}`

add program_id check 2025-08-27 18:23:56 -03:00			`/// Generates a proof of the execution of a NSSA program inside the privacy preserving execution`
			`/// circuit`
feat: unzip init proofs from nsk 2025-11-14 01:28:34 -03:00			`#[expect(clippy::too_many_arguments, reason = "TODO: fix later")]`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`pub fn execute_and_prove(`
			`pre_states: &[AccountWithMetadata],`
			`instruction_data: &InstructionData,`
			`visibility_mask: &[u8],`
			`private_account_nonces: &[u128],`
add program_id check 2025-08-27 18:23:56 -03:00			`private_account_keys: &[(NullifierPublicKey, SharedSecretKey)],`
feat: unzip init proofs from nsk 2025-11-14 01:28:34 -03:00			`private_account_nsks: &[NullifierSecretKey],`
feat: allow private authorized uninitialized accounts 2025-12-12 16:53:30 +03:00			`private_account_membership_proofs: &[Option<MembershipProof>],`
wip 2025-11-20 19:25:56 -03:00			`program_with_dependencies: &ProgramWithDependencies,`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> {`
wip 2025-11-20 19:25:56 -03:00			`let mut program = &program_with_dependencies.program;`
			`let dependencies = &program_with_dependencies.dependencies;`
add test wip 2025-11-20 01:40:05 -03:00			`let mut instruction_data = instruction_data.clone();`
			`let mut pre_states = pre_states.to_vec();`
wip 2025-11-06 19:35:47 -03:00			`let mut env_builder = ExecutorEnv::builder();`
			`let mut program_outputs = Vec::new();`
add instruction to the program output 2025-11-18 01:38:47 -03:00
wip 2025-11-06 19:35:47 -03:00			`for _i in 0..MAX_NUMBER_CHAINED_CALLS {`
fmt, clippy 2025-11-22 16:39:56 -03:00			`let inner_receipt = execute_and_prove_program(program, &pre_states, &instruction_data)?;`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
wip 2025-11-06 19:35:47 -03:00			`let program_output: ProgramOutput = inner_receipt`
			`.journal`
			`.decode()`
			`.map_err(\|e\| NssaError::ProgramOutputDeserializationError(e.to_string()))?;`

			`// TODO: remove clone`
			`program_outputs.push(program_output.clone());`

			`// Prove circuit.`
			`env_builder.add_assumption(inner_receipt);`

Merge branch 'main' into schouhy/implement-privacy-preserving-tail-calls 2025-12-09 22:27:38 -03:00			`// TODO: Remove when multi-chain calls are supported in the circuit`
			`assert!(program_output.chained_calls.len() <= 1);`
			`// TODO: Modify when multi-chain calls are supported in the circuit`
			`if let Some(next_call) = program_output.chained_calls.first() {`
wip 2025-11-20 19:25:56 -03:00			`program = dependencies`
			`.get(&next_call.program_id)`
			`.ok_or(NssaError::InvalidProgramBehavior)?;`
add test wip 2025-11-20 01:40:05 -03:00			`instruction_data = next_call.instruction_data.clone();`
			`// Build post states with metadata for next call`
			`let mut post_states_with_metadata = Vec::new();`
			`for (pre, post) in program_output`
			`.pre_states`
			`.iter()`
			`.zip(program_output.post_states)`
			`{`
			`let mut post_with_metadata = pre.clone();`
Merge branch 'main' into schouhy/implement-privacy-preserving-tail-calls 2025-12-09 22:27:38 -03:00			`post_with_metadata.account = post.account().clone();`
add test wip 2025-11-20 01:40:05 -03:00			`post_states_with_metadata.push(post_with_metadata);`
			`}`

Merge branch 'main' into schouhy/implement-privacy-preserving-tail-calls 2025-12-09 22:27:38 -03:00			`pre_states = next_call.pre_states.clone();`
add test wip 2025-11-20 01:40:05 -03:00			`} else {`
wip 2025-11-06 19:35:47 -03:00			`break;`
			`}`
			`}`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
			`let circuit_input = PrivacyPreservingCircuitInput {`
wip 2025-11-06 19:35:47 -03:00			`program_outputs,`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`visibility_mask: visibility_mask.to_vec(),`
			`private_account_nonces: private_account_nonces.to_vec(),`
			`private_account_keys: private_account_keys.to_vec(),`
feat: unzip init proofs from nsk 2025-11-14 01:28:34 -03:00			`private_account_nsks: private_account_nsks.to_vec(),`
			`private_account_membership_proofs: private_account_membership_proofs.to_vec(),`
wip 2025-11-20 19:25:56 -03:00			`program_id: program_with_dependencies.program.id(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`};`

			`env_builder.write(&circuit_input).unwrap();`
			`let env = env_builder.build().unwrap();`
			`let prover = default_prover();`
fix circuit and add test 2025-09-02 12:38:31 -03:00			`let prove_info = prover`
			`.prove(env, PRIVACY_PRESERVING_CIRCUIT_ELF)`
			`.map_err(\|e\| NssaError::CircuitProvingError(e.to_string()))?;`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
			`let proof = Proof(borsh::to_vec(&prove_info.receipt.inner)?);`

			`let circuit_output: PrivacyPreservingCircuitOutput = prove_info`
			`.receipt`
			`.journal`
			`.decode()`
			`.map_err(\|e\| NssaError::CircuitOutputDeserializationError(e.to_string()))?;`

			`Ok((circuit_output, proof))`
			`}`

			`fn execute_and_prove_program(`
			`program: &Program,`
			`pre_states: &[AccountWithMetadata],`
			`instruction_data: &InstructionData,`
			`) -> Result<Receipt, NssaError> {`
			`// Write inputs to the program`
			`let mut env_builder = ExecutorEnv::builder();`
wip 2025-09-10 18:56:34 -03:00			`Program::write_inputs(pre_states, instruction_data, &mut env_builder)?;`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`let env = env_builder.build().unwrap();`

			`// Prove the program`
			`let prover = default_prover();`
			`Ok(prover`
			`.prove(env, program.elf())`
			`.map_err(\|e\| NssaError::ProgramProveFailed(e.to_string()))?`
			`.receipt)`
			`}`

fix: comments fix 2025-09-15 10:39:57 +03:00			`impl Proof {`
			`pub(crate) fn is_valid_for(&self, circuit_output: &PrivacyPreservingCircuitOutput) -> bool {`
			`let inner: InnerReceipt = borsh::from_slice(&self.0).unwrap();`
			`let receipt = Receipt::new(inner, circuit_output.to_bytes());`
			`receipt.verify(PRIVACY_PRESERVING_CIRCUIT_ID).is_ok()`
			`}`
			`}`

refactor circuit module into file 2025-08-22 08:32:05 -03:00			`#[cfg(test)]`
			`mod tests {`
			`use nssa_core::{`
add nullifier for private account initialization 2025-10-03 20:44:29 -03:00			`Commitment, DUMMY_COMMITMENT_HASH, EncryptionScheme, Nullifier,`
feat: introduce account data size limit 2025-12-05 02:17:09 +03:00			`account::{Account, AccountId, AccountWithMetadata, data::Data},`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`};`

feat: enhance rustfmt config 2025-11-26 00:27:20 +03:00			`use super::*;`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`use crate::{`
fmt and clippy 2025-08-27 16:24:20 -03:00			`privacy_preserving_transaction::circuit::execute_and_prove,`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`program::Program,`
minor refactor 2025-08-22 13:42:37 -03:00			`state::{`
			`CommitmentSet,`
			`tests::{test_private_account_keys_1, test_private_account_keys_2},`
			`},`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`};`

			`#[test]`
			`fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts() {`
wip 2025-09-10 18:56:34 -03:00			`let recipient_keys = test_private_account_keys_1();`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00			`let program = Program::authenticated_transfer_program();`
refactor 2025-09-11 16:37:28 -03:00			`let sender = AccountWithMetadata::new(`
			`Account {`
fix tests 2025-09-02 12:56:01 -03:00			`program_owner: program.id(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`balance: 100,`
			`..Account::default()`
			`},`
refactor 2025-09-11 16:37:28 -03:00			`true,`
rename fingerprint to account_id 2025-09-12 09:18:40 -03:00			`AccountId::new([0; 32]),`
refactor 2025-09-11 16:37:28 -03:00			`);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
refactor 2025-09-11 16:37:28 -03:00			`let recipient = AccountWithMetadata::new(`
			`Account::default(),`
			`false,`
rename fingerprint to account_id 2025-09-12 09:18:40 -03:00			`AccountId::from(&recipient_keys.npk()),`
refactor 2025-09-11 16:37:28 -03:00			`);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00
			`let balance_to_move: u128 = 37;`

			`let expected_sender_post = Account {`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00			`program_owner: program.id(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`balance: 100 - balance_to_move,`
nonce code shifting 2025-12-11 08:59:28 -05:00			`nonce: 0,`
feat: introduce account data size limit 2025-12-05 02:17:09 +03:00			`data: Data::default(),`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00			`};`

			`let expected_recipient_post = Account {`
			`program_owner: program.id(),`
			`balance: balance_to_move,`
			`nonce: 0xdeadbeef,`
feat: introduce account data size limit 2025-12-05 02:17:09 +03:00			`data: Data::default(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`};`

			`let expected_sender_pre = sender.clone();`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00
			`let esk = [3; 32];`
file refactor 2025-08-26 14:53:02 -03:00			`let shared_secret = SharedSecretKey::new(&esk, &recipient_keys.ivk());`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`let (output, proof) = execute_and_prove(`
			`&[sender, recipient],`
			`&Program::serialize_instruction(balance_to_move).unwrap(),`
			`&[0, 2],`
			`&[0xdeadbeef],`
file refactor 2025-08-26 14:53:02 -03:00			`&[(recipient_keys.npk(), shared_secret.clone())],`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`&[],`
feat: allow private authorized uninitialized accounts 2025-12-12 16:53:30 +03:00			`&[None],`
wip 2025-11-20 19:25:56 -03:00			`&Program::authenticated_transfer_program().into(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`)`
			`.unwrap();`

			`assert!(proof.is_valid_for(&output));`

			`let [sender_pre] = output.public_pre_states.try_into().unwrap();`
			`let [sender_post] = output.public_post_states.try_into().unwrap();`
			`assert_eq!(sender_pre, expected_sender_pre);`
			`assert_eq!(sender_post, expected_sender_post);`
			`assert_eq!(output.new_commitments.len(), 1);`
add nullifier for private account initialization 2025-10-03 20:44:29 -03:00			`assert_eq!(output.new_nullifiers.len(), 1);`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00			`assert_eq!(output.ciphertexts.len(), 1);`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00
file refactor 2025-08-26 14:53:02 -03:00			`let recipient_post = EncryptionScheme::decrypt(`
			`&output.ciphertexts[0],`
			`&shared_secret,`
			`&output.new_commitments[0],`
			`0,`
			`)`
			`.unwrap();`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00			`assert_eq!(recipient_post, expected_recipient_post);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`}`

			`#[test]`
			`fn prove_privacy_preserving_execution_circuit_fully_private() {`
fix tests 2025-09-02 12:56:01 -03:00			`let program = Program::authenticated_transfer_program();`
wip 2025-09-10 18:56:34 -03:00			`let sender_keys = test_private_account_keys_1();`
			`let recipient_keys = test_private_account_keys_2();`

refactor 2025-09-11 16:37:28 -03:00			`let sender_pre = AccountWithMetadata::new(`
			`Account {`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`balance: 100,`
			`nonce: 0xdeadbeef,`
fix tests 2025-09-02 12:56:01 -03:00			`program_owner: program.id(),`
feat: introduce account data size limit 2025-12-05 02:17:09 +03:00			`data: Data::default(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`},`
refactor 2025-09-11 16:37:28 -03:00			`true,`
rename fingerprint to account_id 2025-09-12 09:18:40 -03:00			`AccountId::from(&sender_keys.npk()),`
refactor 2025-09-11 16:37:28 -03:00			`);`
minor refactor 2025-08-22 13:42:37 -03:00			`let commitment_sender = Commitment::new(&sender_keys.npk(), &sender_pre.account);`
refactor mt 2025-08-25 07:44:56 -03:00
refactor 2025-09-11 16:37:28 -03:00			`let recipient = AccountWithMetadata::new(`
			`Account::default(),`
			`false,`
rename fingerprint to account_id 2025-09-12 09:18:40 -03:00			`AccountId::from(&recipient_keys.npk()),`
refactor 2025-09-11 16:37:28 -03:00			`);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`let balance_to_move: u128 = 37;`

add root history 2025-08-25 09:22:59 -03:00			`let mut commitment_set = CommitmentSet::with_capacity(2);`
fmt and clippy 2025-08-27 16:24:20 -03:00			`commitment_set.extend(std::slice::from_ref(&commitment_sender));`
add root history 2025-08-25 09:22:59 -03:00
add nullifier for private account initialization 2025-10-03 20:44:29 -03:00			`let expected_new_nullifiers = vec![`
			`(`
			`Nullifier::for_account_update(&commitment_sender, &sender_keys.nsk),`
			`commitment_set.digest(),`
			`),`
			`(`
			`Nullifier::for_account_initialization(&recipient_keys.npk()),`
			`DUMMY_COMMITMENT_HASH,`
			`),`
			`];`
refactor mt 2025-08-25 07:44:56 -03:00
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`let program = Program::authenticated_transfer_program();`

			`let expected_private_account_1 = Account {`
			`program_owner: program.id(),`
			`balance: 100 - balance_to_move,`
			`nonce: 0xdeadbeef1,`
			`..Default::default()`
			`};`
			`let expected_private_account_2 = Account {`
			`program_owner: program.id(),`
			`balance: balance_to_move,`
			`nonce: 0xdeadbeef2,`
			`..Default::default()`
			`};`
			`let expected_new_commitments = vec![`
minor refactor 2025-08-22 13:42:37 -03:00			`Commitment::new(&sender_keys.npk(), &expected_private_account_1),`
			`Commitment::new(&recipient_keys.npk(), &expected_private_account_2),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`];`
refactor mt 2025-08-25 07:44:56 -03:00
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00			`let esk_1 = [3; 32];`
file refactor 2025-08-26 14:53:02 -03:00			`let shared_secret_1 = SharedSecretKey::new(&esk_1, &sender_keys.ivk());`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00
			`let esk_2 = [5; 32];`
file refactor 2025-08-26 14:53:02 -03:00			`let shared_secret_2 = SharedSecretKey::new(&esk_2, &recipient_keys.ivk());`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`let (output, proof) = execute_and_prove(`
minor refactor 2025-08-22 13:42:37 -03:00			`&[sender_pre.clone(), recipient],`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`&Program::serialize_instruction(balance_to_move).unwrap(),`
			`&[1, 2],`
			`&[0xdeadbeef1, 0xdeadbeef2],`
			`&[`
file refactor 2025-08-26 14:53:02 -03:00			`(sender_keys.npk(), shared_secret_1.clone()),`
			`(recipient_keys.npk(), shared_secret_2.clone()),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`],`
feat: unzip init proofs from nsk 2025-11-14 01:28:34 -03:00			`&[sender_keys.nsk],`
feat: allow private authorized uninitialized accounts 2025-12-12 16:53:30 +03:00			`&[commitment_set.get_proof_for(&commitment_sender), None],`
wip 2025-11-20 19:25:56 -03:00			`&program.into(),`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`)`
			`.unwrap();`

			`assert!(proof.is_valid_for(&output));`
			`assert!(output.public_pre_states.is_empty());`
			`assert!(output.public_post_states.is_empty());`
			`assert_eq!(output.new_commitments, expected_new_commitments);`
			`assert_eq!(output.new_nullifiers, expected_new_nullifiers);`
remove shared secrete derivation from r0 2025-08-25 14:51:46 -03:00			`assert_eq!(output.ciphertexts.len(), 2);`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00
file refactor 2025-08-26 14:53:02 -03:00			`let sender_post = EncryptionScheme::decrypt(`
			`&output.ciphertexts[0],`
			`&shared_secret_1,`
			`&expected_new_commitments[0],`
			`0,`
			`)`
			`.unwrap();`
add npk to kdf 2025-08-26 13:50:52 -03:00			`assert_eq!(sender_post, expected_private_account_1);`
implement encryption/decryption of private outputs 2025-08-22 14:59:57 -03:00
file refactor 2025-08-26 14:53:02 -03:00			`let recipient_post = EncryptionScheme::decrypt(`
			`&output.ciphertexts[1],`
			`&shared_secret_2,`
			`&expected_new_commitments[1],`
			`1,`
			`)`
			`.unwrap();`
add npk to kdf 2025-08-26 13:50:52 -03:00			`assert_eq!(recipient_post, expected_private_account_2);`
refactor circuit module into file 2025-08-22 08:32:05 -03:00			`}`
			`}`