Merge d110fc6ce8f39eec160600cc210eb743e2d7cdcc into 041cf68cd63acd9c4c2d57492a0a0590396c27de

This commit is contained in:
jonesmarvin8 2026-07-17 07:10:04 +02:00 committed by GitHub
commit 6cd866873f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
26 changed files with 49 additions and 49 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -628,7 +628,7 @@ async fn prove_init_with_commitment_root(
let npk = NullifierPublicKey::from(&nsk);
let vpk = ViewingPublicKey::from_bytes(vec![4_u8; 1184]).unwrap();
let recipient_account_id = AccountId::for_regular_private_account(&npk, &vpk, 0);
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id);
let (output, _) = execute_and_prove(
vec![sender_pre, recipient],
@ -637,7 +637,7 @@ async fn prove_init_with_commitment_root(
})?,
vec![
InputAccountIdentity::Public,
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk,
random_seed: [0; 32],
npk,

View File

@ -272,7 +272,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction {
let recipient_npk = NullifierPublicKey::from(&recipient_nsk);
let recipient_pre = AccountWithMetadata::new(
Account::default(),
false,
true,
AccountId::for_regular_private_account(&recipient_npk, &recipient_vpk, 0),
);
@ -298,7 +298,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction {
membership_proof: proof,
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_vpk,
random_seed: [0; 32],
npk: recipient_npk,

View File

@ -117,7 +117,7 @@ pub fn compute_circuit_output(
new_nonce,
);
}
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk,
random_seed,
npk,
@ -133,8 +133,8 @@ pub fn compute_circuit_output(
"Found new private account with non default values",
);
assert!(
!pre_state.is_authorized,
"Found new private account marked as authorized."
pre_state.is_authorized,
"Found new private account marked as unauthorized."
);
let new_nullifier = (

View File

@ -48,7 +48,7 @@ pub enum InputAccountIdentity {
},
/// Init of a standalone private account the caller does not own (e.g. a recipient who
/// doesn't yet exist on chain). No `nsk`, no membership proof.
PrivateUnauthorized {
PrivateForeignInit {
vpk: ViewingPublicKey,
random_seed: [u8; 32],
npk: NullifierPublicKey,
@ -125,7 +125,7 @@ impl InputAccountIdentity {
Self::Public
| Self::PrivateAuthorizedInit { .. }
| Self::PrivateAuthorizedUpdate { .. }
| Self::PrivateUnauthorized { .. } => None,
| Self::PrivateForeignInit { .. } => None,
}
}
}

View File

@ -60,7 +60,7 @@ fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts()
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id);
let balance_to_move: u128 = 37;
@ -89,7 +89,7 @@ fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts()
Program::serialize_instruction(balance_to_move).unwrap(),
vec![
InputAccountIdentity::Public,
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -144,7 +144,7 @@ fn prove_privacy_preserving_execution_circuit_fully_private() {
let recipient_account_id =
AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0);
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id);
let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id);
let balance_to_move: u128 = 37;
let mut commitment_set = CommitmentSet::with_capacity(2);
@ -204,7 +204,7 @@ fn prove_privacy_preserving_execution_circuit_fully_private() {
.expect("sender's commitment must be in the set"),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -247,7 +247,7 @@ fn circuit_fails_when_chained_validity_windows_have_empty_intersection() {
let account_keys = test_private_account_keys_1();
let pre = AccountWithMetadata::new(
Account::default(),
false,
true,
AccountId::for_regular_private_account(&account_keys.npk(), &account_keys.vpk(), 0),
);
@ -271,7 +271,7 @@ fn circuit_fails_when_chained_validity_windows_have_empty_intersection() {
let result = execute_and_prove(
vec![pre],
instruction,
vec![InputAccountIdentity::PrivateUnauthorized {
vec![InputAccountIdentity::PrivateForeignInit {
vpk: account_keys.vpk(),
random_seed: [0; 32],
npk: account_keys.npk(),
@ -422,7 +422,7 @@ fn private_pda_withdraw() {
/// Shared regular private account: receives funds via `authenticated_transfer` directly,
/// no custom program needed. This demonstrates the non-PDA shared account flow where
/// keys are derived from GMS via `derive_keys_for_shared_account`. The shared account
/// uses the standard unauthorized private account path and works with auth-transfer's
/// uses the standard foreign private account path and works with auth-transfer's
/// transfer path like any other private account.
#[test]
fn shared_account_receives_via_simple_transfer() {
@ -443,9 +443,9 @@ fn shared_account_receives_via_simple_transfer() {
sender_id,
);
// Recipient: shared private account (new, unauthorized)
// Recipient: shared private account (new, foreign)
let shared_account_id = AccountId::from((&shared_npk, &shared_keys.vpk(), shared_identifier));
let recipient = AccountWithMetadata::new(Account::default(), false, shared_account_id);
let recipient = AccountWithMetadata::new(Account::default(), true, shared_account_id);
let balance_to_move: u128 = 100;
let instruction = Program::serialize_instruction(balance_to_move).unwrap();
@ -455,7 +455,7 @@ fn shared_account_receives_via_simple_transfer() {
instruction,
vec![
InputAccountIdentity::Public,
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: shared_keys.vpk(),
random_seed: [0; 32],
npk: shared_npk,
@ -507,10 +507,10 @@ fn private_authorized_init_encrypts_regular_kind_with_identifier() {
);
}
/// `PrivateUnauthorized` with a non-default identifier produces a ciphertext that decrypts
/// `PrivateForeignInit` with a non-default identifier produces a ciphertext that decrypts
/// to `PrivateAccountKind::Regular` carrying the correct identifier.
#[test]
fn private_unauthorized_init_encrypts_regular_kind_with_identifier() {
fn private_foreign_init_encrypts_regular_kind_with_identifier() {
let program = crate::test_methods::claimer();
let keys = test_private_account_keys_1();
let identifier: u128 = 99;
@ -521,12 +521,12 @@ fn private_unauthorized_init_encrypts_regular_kind_with_identifier() {
&Nonce::private_account_nonce_init(&recipient_id),
);
let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0;
let recipient = AccountWithMetadata::new(Account::default(), false, recipient_id);
let recipient = AccountWithMetadata::new(Account::default(), true, recipient_id);
let (output, _) = execute_and_prove(
vec![recipient],
Program::serialize_instruction(()).unwrap(),
vec![InputAccountIdentity::PrivateUnauthorized {
vec![InputAccountIdentity::PrivateForeignInit {
vpk: keys.vpk(),
random_seed: [0; 32],
npk: keys.npk(),

View File

@ -49,7 +49,7 @@ fn circuit_fails_if_invalid_auth_keys_are_provided() {
);
let private_account_2 = AccountWithMetadata::new(
Account::default(),
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -68,7 +68,7 @@ fn circuit_fails_if_invalid_auth_keys_are_provided() {
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -102,7 +102,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_balance_is_provid
balance: 1,
..Account::default()
},
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -117,7 +117,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_balance_is_provid
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -151,7 +151,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_program_owner_is_
program_owner: [0, 1, 2, 3, 4, 5, 6, 7],
..Account::default()
},
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -166,7 +166,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_program_owner_is_
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -200,7 +200,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_data_is_provided(
data: b"hola mundo".to_vec().try_into().unwrap(),
..Account::default()
},
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -215,7 +215,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_data_is_provided(
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -249,7 +249,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided
nonce: Nonce(0xdead_beef),
..Account::default()
},
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -264,7 +264,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -279,7 +279,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided
}
#[test]
fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_but_marked_as_authorized()
fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_but_marked_as_unauthorized()
{
let program = crate::test_methods::simple_balance_transfer();
let sender_keys = test_private_account_keys_1();
@ -295,8 +295,8 @@ fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_bu
);
let private_account_2 = AccountWithMetadata::new(
Account::default(),
// This should be set to false in normal circumstances
true,
// This should be set to true in normal circumstances
false,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -311,7 +311,7 @@ fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_bu
membership_proof: (0, vec![]),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -773,7 +773,7 @@ fn private_unauthorized_uninitialized_account_can_still_be_claimed() {
// remains allowed.
let unauthorized_account = AccountWithMetadata::new(
Account::default(),
false,
true,
(&private_keys.npk(), &private_keys.vpk(), 0),
);
@ -782,7 +782,7 @@ fn private_unauthorized_uninitialized_account_can_still_be_claimed() {
let (output, proof) = execute_and_prove(
vec![unauthorized_account],
Program::serialize_instruction(()).unwrap(),
vec![InputAccountIdentity::PrivateUnauthorized {
vec![InputAccountIdentity::PrivateForeignInit {
vpk: private_keys.vpk(),
random_seed: [0; 32],
npk: private_keys.npk(),

View File

@ -269,7 +269,7 @@ fn shielded_balance_transfer_for_tests(
let recipient = AccountWithMetadata::new(
Account::default(),
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -278,7 +278,7 @@ fn shielded_balance_transfer_for_tests(
Program::serialize_instruction(balance_to_move).unwrap(),
vec![
InputAccountIdentity::Public,
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),
@ -319,7 +319,7 @@ fn private_balance_transfer_for_tests(
);
let recipient_pre = AccountWithMetadata::new(
Account::default(),
false,
true,
(&recipient_keys.npk(), &recipient_keys.vpk(), 0),
);
@ -336,7 +336,7 @@ fn private_balance_transfer_for_tests(
.expect("sender's commitment must be in state"),
identifier: 0,
},
InputAccountIdentity::PrivateUnauthorized {
InputAccountIdentity::PrivateForeignInit {
vpk: recipient_keys.vpk(),
random_seed: [0; 32],
npk: recipient_keys.npk(),

View File

@ -126,7 +126,7 @@ fn validity_window_works_in_privacy_preserving_transactions(
let account_keys = test_private_account_keys_1();
let pre = AccountWithMetadata::new(
Account::default(),
false,
true,
(&account_keys.npk(), &account_keys.vpk(), 0),
);
let mut state = V03State::new().with_test_programs();
@ -138,7 +138,7 @@ fn validity_window_works_in_privacy_preserving_transactions(
let (output, proof) = crate::privacy_preserving_transaction::circuit::execute_and_prove(
vec![pre],
Program::serialize_instruction(instruction).unwrap(),
vec![InputAccountIdentity::PrivateUnauthorized {
vec![InputAccountIdentity::PrivateForeignInit {
vpk: account_keys.vpk(),
random_seed: [0; 32],
npk: account_keys.npk(),
@ -191,7 +191,7 @@ fn timestamp_validity_window_works_in_privacy_preserving_transactions(
let account_keys = test_private_account_keys_1();
let pre = AccountWithMetadata::new(
Account::default(),
false,
true,
(&account_keys.npk(), &account_keys.vpk(), 0),
);
let mut state = V03State::new().with_test_programs();
@ -203,7 +203,7 @@ fn timestamp_validity_window_works_in_privacy_preserving_transactions(
let (output, proof) = crate::privacy_preserving_transaction::circuit::execute_and_prove(
vec![pre],
Program::serialize_instruction(instruction).unwrap(),
vec![InputAccountIdentity::PrivateUnauthorized {
vec![InputAccountIdentity::PrivateForeignInit {
vpk: account_keys.vpk(),
random_seed: [0; 32],
npk: account_keys.npk(),

View File

@ -263,7 +263,7 @@ impl AccountManager {
identifier,
} => {
let acc = lee_core::account::Account::default();
let auth_acc = AccountWithMetadata::new(acc, false, (&npk, &vpk, identifier));
let auth_acc = AccountWithMetadata::new(acc, true, (&npk, &vpk, identifier));
let mut random_seed: [u8; 32] = [0; 32];
OsRng.fill_bytes(&mut random_seed);
let pre = AccountPreparedData {
@ -442,7 +442,7 @@ impl AccountManager {
identifier: pre.identifier,
commitment_root: self.dummy_commitment_root,
},
(None, _) => InputAccountIdentity::PrivateUnauthorized {
(None, _) => InputAccountIdentity::PrivateForeignInit {
vpk: pre.vpk.clone(),
random_seed: pre.random_seed,
npk: pre.npk,