fix clippy errors from main merge

2026-06-03 23:59:32 +00:00 · 2026-05-29 20:23:34 -04:00 · 2026-05-29 20:23:34 -04:00 · 3296ff0266
commit 3296ff0266
parent 30822a8905
31 changed files with 57 additions and 42 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1619,9 +1619,15 @@ dependencies = [

 [[package]]
 name = "cmov"
+<<<<<<< HEAD
 version = "0.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
+=======
+version = "0.5.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c9ea0ac24bc397ab3c98583a3c9ba74fa56b09a4449bbe172b9b1ddb016027a"
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)

 [[package]]
 name = "cobs"
@ -2039,6 +2045,7 @@ dependencies = [
 name = "crypto_primitives_bench"
 version = "0.1.0"
 dependencies = [
+ "anyhow",
 "criterion",
 "key_protocol",
 <<<<<<< HEAD
@ -2046,9 +2053,15 @@ dependencies = [
 "rand 0.8.6",
 =======
 "nssa_core",
+<<<<<<< HEAD
 "serde",
 "serde_json",
 >>>>>>> 8492f995 (ci fixes)
+=======
+ "rand 0.8.5",
+ "serde",
+ "serde_json",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]

 [[package]]
@ -2209,7 +2222,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ccc2776f0c61eca1ca32528f85548abd1a4be8fb53d1b21c013e4f18da1e7090"
 dependencies = [
 "data-encoding",
- "syn 1.0.109",
+ "syn 2.0.117",
 ]

 [[package]]
@ -2363,7 +2376,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2"
 dependencies = [
 "block-buffer 0.12.0",
+<<<<<<< HEAD
 "crypto-common 0.2.2",
+=======
+ "crypto-common 0.2.1",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]

 [[package]]
@ -2713,7 +2730,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
 "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@ -4580,7 +4597,11 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01737161ba802849cfd486b5bd209d38ba4943494c249a8126005170c7621edd"
 dependencies = [
+<<<<<<< HEAD
 "crypto-common 0.2.2",
+=======
+ "crypto-common 0.2.1",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 "rand_core 0.10.1",
 ]

@ -4598,10 +4619,17 @@ dependencies = [
 "hmac-sha512",
 "itertools 0.14.0",
 "k256",
+<<<<<<< HEAD
 "lee",
 "lee_core",
 "ml-kem",
 "rand 0.8.6",
+=======
+ "ml-kem",
+ "nssa",
+ "nssa_core",
+ "rand 0.8.5",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 "serde",
 "sha2",
 "thiserror 2.0.18",
@ -7796,11 +7824,15 @@ dependencies = [
 "quinn-udp",
 "rustc-hash",
 "rustls",
+<<<<<<< HEAD
 <<<<<<< HEAD
 "socket2 0.6.4",
 =======
 "socket2 0.5.10",
 >>>>>>> 8492f995 (ci fixes)
+=======
+ "socket2 0.6.3",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 "thiserror 2.0.18",
 "tokio",
 "tracing",
@ -7837,6 +7869,7 @@ dependencies = [
 "cfg_aliases",
 "libc",
 "once_cell",
+<<<<<<< HEAD
 <<<<<<< HEAD
 "socket2 0.6.4",
 =======
@ -7844,6 +7877,11 @@ dependencies = [
 >>>>>>> 8492f995 (ci fixes)
 "tracing",
 "windows-sys 0.60.2",
+=======
+ "socket2 0.6.3",
+ "tracing",
+ "windows-sys 0.59.0",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]

 [[package]]
@ -8754,7 +8792,7 @@ dependencies = [
 "errno",
 "libc",
 "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@ -9754,7 +9792,7 @@ dependencies = [
 "getrandom 0.4.2",
 "once_cell",
 "rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@ -11176,7 +11214,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
--- a/artifacts/program_methods/authenticated_transfer.bin
+++ b/artifacts/program_methods/authenticated_transfer.bin
--- a/artifacts/program_methods/bridge.bin
+++ b/artifacts/program_methods/bridge.bin
--- a/artifacts/program_methods/faucet.bin
+++ b/artifacts/program_methods/faucet.bin
--- a/artifacts/program_methods/pinata.bin
+++ b/artifacts/program_methods/pinata.bin
--- a/artifacts/program_methods/pinata_token.bin
+++ b/artifacts/program_methods/pinata_token.bin
--- a/artifacts/program_methods/privacy_preserving_circuit.bin
+++ b/artifacts/program_methods/privacy_preserving_circuit.bin
--- a/artifacts/program_methods/vault.bin
+++ b/artifacts/program_methods/vault.bin
--- a/artifacts/test_program_methods/auth_asserting_noop.bin
+++ b/artifacts/test_program_methods/auth_asserting_noop.bin
--- a/artifacts/test_program_methods/auth_transfer_proxy.bin
+++ b/artifacts/test_program_methods/auth_transfer_proxy.bin
--- a/artifacts/test_program_methods/changer_claimer.bin
+++ b/artifacts/test_program_methods/changer_claimer.bin
--- a/artifacts/test_program_methods/clock_chain_caller.bin
+++ b/artifacts/test_program_methods/clock_chain_caller.bin
--- a/artifacts/test_program_methods/data_changer.bin
+++ b/artifacts/test_program_methods/data_changer.bin
--- a/artifacts/test_program_methods/extra_output.bin
+++ b/artifacts/test_program_methods/extra_output.bin
--- a/artifacts/test_program_methods/faucet_chain_caller.bin
+++ b/artifacts/test_program_methods/faucet_chain_caller.bin
--- a/artifacts/test_program_methods/malicious_caller_program_id.bin
+++ b/artifacts/test_program_methods/malicious_caller_program_id.bin
--- a/artifacts/test_program_methods/malicious_injector.bin
+++ b/artifacts/test_program_methods/malicious_injector.bin
--- a/artifacts/test_program_methods/malicious_self_program_id.bin
+++ b/artifacts/test_program_methods/malicious_self_program_id.bin
--- a/artifacts/test_program_methods/noop.bin
+++ b/artifacts/test_program_methods/noop.bin
--- a/artifacts/test_program_methods/pda_claimer.bin
+++ b/artifacts/test_program_methods/pda_claimer.bin
--- a/artifacts/test_program_methods/pda_fund_spend_proxy.bin
+++ b/artifacts/test_program_methods/pda_fund_spend_proxy.bin
--- a/artifacts/test_program_methods/pda_spend_proxy.bin
+++ b/artifacts/test_program_methods/pda_spend_proxy.bin
--- a/artifacts/test_program_methods/private_pda_delegator.bin
+++ b/artifacts/test_program_methods/private_pda_delegator.bin
--- a/artifacts/test_program_methods/time_locked_transfer.bin
+++ b/artifacts/test_program_methods/time_locked_transfer.bin
--- a/artifacts/test_program_methods/two_pda_claimer.bin
+++ b/artifacts/test_program_methods/two_pda_claimer.bin
--- a/artifacts/test_program_methods/validity_window.bin
+++ b/artifacts/test_program_methods/validity_window.bin
--- a/artifacts/test_program_methods/validity_window_chain_caller.bin
+++ b/artifacts/test_program_methods/validity_window_chain_caller.bin
--- a/integration_tests/tests/auth_transfer/private.rs
+++ b/integration_tests/tests/auth_transfer/private.rs
@ -15,14 +15,6 @@ use lee_core::{
    encryption::{EphemeralPublicKey, ViewingPublicKey},
 };
 use log::info;
-<<<<<<< HEAD
-=======
-use nssa::{AccountId, program::Program};
-use nssa_core::{
-    NullifierPublicKey,
-    encryption::{MlKem768EncapsulationKey, ViewingPublicKey},
-};
->>>>>>> f4315d18 (addressed comments)
 use sequencer_service_rpc::RpcClient as _;
 use tokio::test;
 use wallet::{
@ -672,9 +664,9 @@ async fn ppt_cant_chain_call_faucet() -> Result<()> {
    let auth_transfer_program_id = Program::authenticated_transfer_program().id();
    let nsk: lee_core::NullifierSecretKey = [3; 32];
    let npk = NullifierPublicKey::from(&nsk);
-    let vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
+    let _vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
    let ssk = SharedSecretKey([55_u8; 32]);
-    let epk = EphemeralPublicKey(vec![55_u8; 1088]);
+    let _epk = EphemeralPublicKey(vec![55_u8; 1088]);
    let attacker_vault_id = {
        let seed = vault_core::compute_vault_seed(attacker_id);
        AccountId::for_private_pda(&vault_program_id, &seed, &npk, 1337)
--- a/integration_tests/tests/private_pda.rs
+++ b/integration_tests/tests/private_pda.rs
@ -64,9 +64,9 @@ async fn fund_private_pda(
    let sender_pre = AccountWithMetadata::new(sender_account.clone(), true, sender);
    let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_account_id);

-    let eph_holder = EphemeralKeyHolder::new(&npk);
-    let ssk = eph_holder.calculate_shared_secret_sender(&vpk);
-    let epk = eph_holder.generate_ephemeral_public_key();
+    let eph_holder = EphemeralKeyHolder::new(&vpk);
+    let ssk = eph_holder.calculate_shared_secret_sender();
+    let epk = eph_holder.ephemeral_public_key().clone();

    let instruction = Program::serialize_instruction(AuthTransferInstruction::Transfer { amount })
        .context("failed to serialize auth_transfer instruction")?;
--- a/lee/state_machine/src/state.rs
+++ b/lee/state_machine/src/state.rs
@ -421,7 +421,7 @@ pub mod tests {
        BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey,
        NullifierSecretKey, SharedSecretKey, Timestamp,
        account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
-        encryption::ViewingPublicKey,
+        encryption::{EphemeralPublicKey, ViewingPublicKey},
        program::{
            BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId,
            TimestampValidityWindow, WrappedBalanceSum,
@ -4672,7 +4672,7 @@ pub mod tests {
        };
        let commitment_pda_1_after_spend =
            Commitment::new(&alice_pda_1_id, &alice_pda_1_account_after_spend);
-        let alice_shared_1_refund = SharedSecretKey::new([12; 32], &alice_keys.vpk());
+        let alice_shared_1_refund = SharedSecretKey([12; 32]);
        {
            let recipient_account = state.get_account_by_id(recipient_id);
            let recipient_nonce = recipient_account.nonce;
@ -4708,7 +4708,7 @@ pub mod tests {
                vec![(
                    alice_npk,
                    alice_keys.vpk(),
-                    EphemeralPublicKey::from_scalar([12; 32]),
+                    EphemeralPublicKey(vec![12_u8; 1088]),
                )],
                output,
            )
--- a/tools/crypto_primitives_bench/benches/primitives.rs
+++ b/tools/crypto_primitives_bench/benches/primitives.rs
@ -3,7 +3,7 @@
 //! Measures:
 //! - `KeyChain::new_os_random` (mnemonic → SSK → NSK/VSK + public keys)
 //! - `KeyChain::new_mnemonic` (same, but mnemonic exposed)
-//! - `SharedSecretKey::new` (Diffie-Hellman shared key derivation, the per-recipient cost)
+//! - `SharedSecretKey::encapsulate` (ML-KEM-768 encapsulation, the per-recipient cost)
 //! - `EncryptionScheme::encrypt` / `decrypt` (Account note encryption)

 use std::time::Duration;
@ -13,10 +13,8 @@ use key_protocol::key_management::KeyChain;
 use lee_core::{
    Commitment, EncryptionScheme, SharedSecretKey,
    account::{Account, AccountId},
-    encryption::{EphemeralPublicKey, EphemeralSecretKey},
    program::PrivateAccountKind,
 };
-use rand::{RngCore as _, rngs::OsRng};

 fn bench_keychain(c: &mut Criterion) {
    let mut g = c.benchmark_group("keychain");
@ -37,34 +35,22 @@ fn bench_shared_secret_key(c: &mut Criterion) {

    let mut g = c.benchmark_group("shared_secret_key");
    g.sample_size(50).noise_threshold(0.05);
-    g.bench_function("sender_dh", |b| {
-        b.iter(|| {
-            let mut bytes = [0_u8; 32];
-            OsRng.fill_bytes(&mut bytes);
-            let esk: EphemeralSecretKey = bytes;
-            let _epk = EphemeralPublicKey::from(&esk);
-            SharedSecretKey::new(esk, &vpk)
-        });
+    g.bench_function("sender_encapsulate", |b| {
+        b.iter(|| SharedSecretKey::encapsulate(&vpk));
    });
    g.finish();
 }

 fn bench_encryption(c: &mut Criterion) {
    // One-time setup: a fixed Account/Commitment and a SharedSecretKey to bench
-    // encrypt/decrypt over a representative note. ESK gen is excluded from the
-    // measured loop (covered by the SharedSecretKey bench above).
+    // encrypt/decrypt over a representative note. Encapsulation cost is covered
+    // by the SharedSecretKey bench above.
    let recipient_kc = KeyChain::new_os_random();
-    let vpk = recipient_kc.viewing_public_key;
    let npk = recipient_kc.nullifier_public_key;
    let account = Account::default();
    let account_id = AccountId::for_regular_private_account(&npk, 0);
    let commitment = Commitment::new(&account_id, &account);
-    let shared = {
-        let mut bytes = [0_u8; 32];
-        OsRng.fill_bytes(&mut bytes);
-        let esk: EphemeralSecretKey = bytes;
-        SharedSecretKey::new(esk, &vpk)
-    };
+    let (shared, _epk) = SharedSecretKey::encapsulate(&recipient_kc.viewing_public_key);
    let kind = PrivateAccountKind::Regular(0_u128);
    let output_index: u32 = 0;

@ -73,7 +59,6 @@ fn bench_encryption(c: &mut Criterion) {
    g.bench_function("encrypt", |b| {
        b.iter(|| EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index));
    });
-    // One ciphertext for the decrypt bench (encrypt is deterministic given inputs).
    let ct = EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index);
    g.bench_function("decrypt", |b| {
        b.iter(|| EncryptionScheme::decrypt(&ct, &shared, &commitment, output_index));