From 355fe3842d60e17733cc0f43a6e54b0ee5b5ce13 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Mon, 11 May 2026 19:38:18 -0300 Subject: [PATCH] rename program --- ...pda_proxy.bin => pda_fund_spend_proxy.bin} | Bin integration_tests/src/lib.rs | 2 +- integration_tests/tests/private_pda.rs | 10 +-- .../src/key_management/group_key_holder.rs | 3 +- .../privacy_preserving_transaction/circuit.rs | 4 +- nssa/src/program.rs | 8 +- nssa/src/state.rs | 2 +- .../guest/src/bin/pda_fund_spend_proxy.rs | 70 ++++++++++++++++++ wallet/src/privacy_preserving_tx.rs | 8 +- 9 files changed, 91 insertions(+), 16 deletions(-) rename artifacts/test_program_methods/{auth_transfer_pda_proxy.bin => pda_fund_spend_proxy.bin} (100%) create mode 100644 test_program_methods/guest/src/bin/pda_fund_spend_proxy.rs diff --git a/artifacts/test_program_methods/auth_transfer_pda_proxy.bin b/artifacts/test_program_methods/pda_fund_spend_proxy.bin similarity index 100% rename from artifacts/test_program_methods/auth_transfer_pda_proxy.bin rename to artifacts/test_program_methods/pda_fund_spend_proxy.bin diff --git a/integration_tests/src/lib.rs b/integration_tests/src/lib.rs index 3126be31..7abd0897 100644 --- a/integration_tests/src/lib.rs +++ b/integration_tests/src/lib.rs @@ -29,7 +29,7 @@ pub mod test_context_ffi; pub const TIME_TO_WAIT_FOR_BLOCK_SECONDS: u64 = 12; pub const NSSA_PROGRAM_FOR_TEST_DATA_CHANGER: &str = "data_changer.bin"; pub const NSSA_PROGRAM_FOR_TEST_NOOP: &str = "noop.bin"; -pub const NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY: &str = "auth_transfer_pda_proxy.bin"; +pub const NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY: &str = "pda_fund_spend_proxy.bin"; const BEDROCK_SERVICE_WITH_OPEN_PORT: &str = "logos-blockchain-node-0"; const BEDROCK_SERVICE_PORT: u16 = 18080; diff --git a/integration_tests/tests/private_pda.rs b/integration_tests/tests/private_pda.rs index 99d6a460..518239e7 100644 --- a/integration_tests/tests/private_pda.rs +++ b/integration_tests/tests/private_pda.rs @@ -7,7 +7,7 @@ use std::{path::PathBuf, time::Duration}; use anyhow::{Context as _, Result}; use integration_tests::{ - NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY, TIME_TO_WAIT_FOR_BLOCK_SECONDS, TestContext, + NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY, TIME_TO_WAIT_FOR_BLOCK_SECONDS, TestContext, verify_commitment_is_in_state, }; use log::info; @@ -55,7 +55,7 @@ async fn fund_private_pda( }, ], Program::serialize_instruction((seed, amount, auth_transfer_id, true)) - .context("failed to serialize auth_transfer_pda_proxy fund instruction")?, + .context("failed to serialize pda_fund_spend_proxy fund instruction")?, proxy_program, ) .await @@ -91,7 +91,7 @@ async fn spend_private_pda( }, ], Program::serialize_instruction((seed, amount, auth_transfer_id, false)) - .context("failed to serialize auth_transfer_pda_proxy instruction")?, + .context("failed to serialize pda_fund_spend_proxy instruction")?, spend_program, ) .await @@ -126,9 +126,9 @@ async fn private_pda_family_members_receive_and_spend() -> Result<()> { let proxy = { let path = PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("../artifacts/test_program_methods") - .join(NSSA_PROGRAM_FOR_TEST_AUTH_TRANSFER_PDA_PROXY); + .join(NSSA_PROGRAM_FOR_TEST_PDA_FUND_SPEND_PROXY); Program::new(std::fs::read(&path).with_context(|| format!("reading {path:?}"))?) - .context("invalid auth_transfer_pda_proxy binary")? + .context("invalid pda_fund_spend_proxy binary")? }; let auth_transfer = Program::authenticated_transfer_program(); let proxy_id = proxy.id(); diff --git a/key_protocol/src/key_management/group_key_holder.rs b/key_protocol/src/key_management/group_key_holder.rs index b07ab93c..8bc9ed13 100644 --- a/key_protocol/src/key_management/group_key_holder.rs +++ b/key_protocol/src/key_management/group_key_holder.rs @@ -347,7 +347,8 @@ mod tests { ]); // AccountId is derived from (program_id, seed, npk), so it changes when npk changes. // We verify npk is pinned, and AccountId is deterministically derived from it. - let expected_account_id = AccountId::for_private_pda(&program_id, &seed, &expected_npk, u128::MAX); + let expected_account_id = + AccountId::for_private_pda(&program_id, &seed, &expected_npk, u128::MAX); assert_eq!(npk, expected_npk); assert_eq!(account_id, expected_account_id); diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index fe306caa..09e37664 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -730,7 +730,7 @@ mod tests { /// to `PrivateAccountKind::Pda` carrying the correct `(program_id, seed, identifier)`. #[test] fn private_pda_update_encrypts_pda_kind_with_identifier() { - let program = Program::auth_transfer_pda_proxy(); + let program = Program::pda_fund_spend_proxy(); let auth_transfer = Program::authenticated_transfer_program(); let keys = test_private_account_keys_1(); let npk = keys.npk(); @@ -811,7 +811,7 @@ mod tests { #[test] fn private_pda_update_identifier_mismatch_fails() { - let program = Program::auth_transfer_pda_proxy(); + let program = Program::pda_fund_spend_proxy(); let auth_transfer = Program::authenticated_transfer_program(); let keys = test_private_account_keys_1(); let npk = keys.npk(); diff --git a/nssa/src/program.rs b/nssa/src/program.rs index 9c94cdd5..059aa5ca 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -333,12 +333,12 @@ mod tests { } #[must_use] - pub fn auth_transfer_pda_proxy() -> Self { - use test_program_methods::{AUTH_TRANSFER_PDA_PROXY_ELF, AUTH_TRANSFER_PDA_PROXY_ID}; + pub fn pda_fund_spend_proxy() -> Self { + use test_program_methods::{PDA_FUND_SPEND_PROXY_ELF, PDA_FUND_SPEND_PROXY_ID}; Self { - id: AUTH_TRANSFER_PDA_PROXY_ID, - elf: AUTH_TRANSFER_PDA_PROXY_ELF.to_vec(), + id: PDA_FUND_SPEND_PROXY_ID, + elf: PDA_FUND_SPEND_PROXY_ELF.to_vec(), } } diff --git a/nssa/src/state.rs b/nssa/src/state.rs index a7819583..8cf1d68e 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -4307,7 +4307,7 @@ pub mod tests { let alice_keys = test_private_account_keys_1(); let alice_npk = alice_keys.npk(); - let proxy = Program::auth_transfer_pda_proxy(); + let proxy = Program::pda_fund_spend_proxy(); let auth_transfer = Program::authenticated_transfer_program(); let proxy_id = proxy.id(); let auth_transfer_id = auth_transfer.id(); diff --git a/test_program_methods/guest/src/bin/pda_fund_spend_proxy.rs b/test_program_methods/guest/src/bin/pda_fund_spend_proxy.rs new file mode 100644 index 00000000..c02261f9 --- /dev/null +++ b/test_program_methods/guest/src/bin/pda_fund_spend_proxy.rs @@ -0,0 +1,70 @@ +use nssa_core::{ + account::AccountWithMetadata, + program::{ + AccountPostState, ChainedCall, PdaSeed, ProgramId, ProgramInput, ProgramOutput, + read_nssa_inputs, + }, +}; +use risc0_zkvm::serde::to_vec; + +/// Proxy for interacting with private PDAs via `auth_transfer`. +/// +/// The `is_fund` flag selects the operating mode: +/// +/// - `false` (Spend): `pre_states = [pda (authorized), recipient]`. Debits the PDA. The PDA-to-npk +/// binding is established via `pda_seeds` in the chained call to `auth_transfer`. +/// +/// - `true` (Fund): `pre_states = [sender (authorized), pda (foreign/uninitialized)]`. Credits the +/// PDA. A direct call to `auth_transfer` cannot bind the PDA because `auth_transfer` uses +/// `Claim::Authorized`, not `Claim::Pda`. Routing through this proxy establishes the binding via +/// `pda_seeds` in the chained call. +type Instruction = (PdaSeed, u128, ProgramId, bool); + +fn main() { + let ( + ProgramInput { + self_program_id, + caller_program_id, + pre_states, + instruction: (seed, amount, auth_transfer_id, is_fund), + }, + instruction_words, + ) = read_nssa_inputs::(); + + let Ok([first, second]) = <[_; 2]>::try_from(pre_states) else { + return; + }; + + assert!(first.is_authorized, "first pre_state must be authorized"); + + let chained_pre_states = if is_fund { + let pda_authorized = AccountWithMetadata { + account: second.account.clone(), + account_id: second.account_id, + is_authorized: true, + }; + vec![first.clone(), pda_authorized] + } else { + vec![first.clone(), second.clone()] + }; + + let first_post = AccountPostState::new(first.account.clone()); + let second_post = AccountPostState::new(second.account.clone()); + + let chained_call = ChainedCall { + program_id: auth_transfer_id, + instruction_data: to_vec(&amount).unwrap(), + pre_states: chained_pre_states, + pda_seeds: vec![seed], + }; + + ProgramOutput::new( + self_program_id, + caller_program_id, + instruction_words, + vec![first, second], + vec![first_post, second_post], + ) + .with_chained_calls(vec![chained_call]) + .write(); +} diff --git a/wallet/src/privacy_preserving_tx.rs b/wallet/src/privacy_preserving_tx.rs index 89b5383d..9cb7a775 100644 --- a/wallet/src/privacy_preserving_tx.rs +++ b/wallet/src/privacy_preserving_tx.rs @@ -341,8 +341,12 @@ async fn private_acc_preparation( .shared_private_account(&account_id) .ok_or(ExecutionFailureKind::KeyNotFoundError)?; - let pda_seed = entry.pda_seed.ok_or(ExecutionFailureKind::KeyNotFoundError)?; - let program_id = entry.pda_program_id.ok_or(ExecutionFailureKind::KeyNotFoundError)?; + let pda_seed = entry + .pda_seed + .ok_or(ExecutionFailureKind::KeyNotFoundError)?; + let program_id = entry + .pda_program_id + .ok_or(ExecutionFailureKind::KeyNotFoundError)?; let holder = wallet .storage