diff --git a/artifacts/lee/privacy_preserving_circuit/privacy_preserving_circuit.bin b/artifacts/lee/privacy_preserving_circuit/privacy_preserving_circuit.bin index f54520a8..2c7769d6 100644 Binary files a/artifacts/lee/privacy_preserving_circuit/privacy_preserving_circuit.bin and b/artifacts/lee/privacy_preserving_circuit/privacy_preserving_circuit.bin differ diff --git a/artifacts/lez/programs/amm.bin b/artifacts/lez/programs/amm.bin index ce19ce6f..1e197971 100644 Binary files a/artifacts/lez/programs/amm.bin and b/artifacts/lez/programs/amm.bin differ diff --git a/artifacts/lez/programs/associated_token_account.bin b/artifacts/lez/programs/associated_token_account.bin index f5b7b02a..276785b8 100644 Binary files a/artifacts/lez/programs/associated_token_account.bin and b/artifacts/lez/programs/associated_token_account.bin differ diff --git a/artifacts/lez/programs/authenticated_transfer.bin b/artifacts/lez/programs/authenticated_transfer.bin index 2b90722d..654bc647 100644 Binary files a/artifacts/lez/programs/authenticated_transfer.bin and b/artifacts/lez/programs/authenticated_transfer.bin differ diff --git a/artifacts/lez/programs/bridge.bin b/artifacts/lez/programs/bridge.bin index 3ac001d7..94f7dad5 100644 Binary files a/artifacts/lez/programs/bridge.bin and b/artifacts/lez/programs/bridge.bin differ diff --git a/artifacts/lez/programs/bridge_lock.bin b/artifacts/lez/programs/bridge_lock.bin index b0b68094..4475dc17 100644 Binary files a/artifacts/lez/programs/bridge_lock.bin and b/artifacts/lez/programs/bridge_lock.bin differ diff --git a/artifacts/lez/programs/cross_zone_inbox.bin b/artifacts/lez/programs/cross_zone_inbox.bin index 02af9294..4eb67af4 100644 Binary files a/artifacts/lez/programs/cross_zone_inbox.bin and b/artifacts/lez/programs/cross_zone_inbox.bin differ diff --git a/artifacts/lez/programs/cross_zone_outbox.bin b/artifacts/lez/programs/cross_zone_outbox.bin index a548a31e..fd291d06 100644 Binary files a/artifacts/lez/programs/cross_zone_outbox.bin and b/artifacts/lez/programs/cross_zone_outbox.bin differ diff --git a/artifacts/lez/programs/faucet.bin b/artifacts/lez/programs/faucet.bin index be4e884c..0b38de80 100644 Binary files a/artifacts/lez/programs/faucet.bin and b/artifacts/lez/programs/faucet.bin differ diff --git a/artifacts/lez/programs/pinata.bin b/artifacts/lez/programs/pinata.bin index d717d9d6..226d7d47 100644 Binary files a/artifacts/lez/programs/pinata.bin and b/artifacts/lez/programs/pinata.bin differ diff --git a/artifacts/lez/programs/pinata_token.bin b/artifacts/lez/programs/pinata_token.bin index cddd3eb1..f92be846 100644 Binary files a/artifacts/lez/programs/pinata_token.bin and b/artifacts/lez/programs/pinata_token.bin differ diff --git a/artifacts/lez/programs/ping_receiver.bin b/artifacts/lez/programs/ping_receiver.bin index 9463fa1c..a925dc08 100644 Binary files a/artifacts/lez/programs/ping_receiver.bin and b/artifacts/lez/programs/ping_receiver.bin differ diff --git a/artifacts/lez/programs/ping_sender.bin b/artifacts/lez/programs/ping_sender.bin index dfc27e67..cabee9ae 100644 Binary files a/artifacts/lez/programs/ping_sender.bin and b/artifacts/lez/programs/ping_sender.bin differ diff --git a/artifacts/lez/programs/token.bin b/artifacts/lez/programs/token.bin index b76eaadd..075675d0 100644 Binary files a/artifacts/lez/programs/token.bin and b/artifacts/lez/programs/token.bin differ diff --git a/artifacts/lez/programs/vault.bin b/artifacts/lez/programs/vault.bin index ae08f453..dc8ad9db 100644 Binary files a/artifacts/lez/programs/vault.bin and b/artifacts/lez/programs/vault.bin differ diff --git a/artifacts/lez/programs/wrapped_token.bin b/artifacts/lez/programs/wrapped_token.bin index dc9e3454..7473b7b2 100644 Binary files a/artifacts/lez/programs/wrapped_token.bin and b/artifacts/lez/programs/wrapped_token.bin differ diff --git a/integration_tests/tests/auth_transfer/private.rs b/integration_tests/tests/auth_transfer/private.rs index ddea3ab8..b0b9bf7d 100644 --- a/integration_tests/tests/auth_transfer/private.rs +++ b/integration_tests/tests/auth_transfer/private.rs @@ -628,7 +628,7 @@ async fn prove_init_with_commitment_root( let npk = NullifierPublicKey::from(&nsk); let vpk = ViewingPublicKey::from_bytes(vec![4_u8; 1184]).unwrap(); let recipient_account_id = AccountId::for_regular_private_account(&npk, &vpk, 0); - let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id); + let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id); let (output, _) = execute_and_prove( vec![sender_pre, recipient], @@ -637,7 +637,7 @@ async fn prove_init_with_commitment_root( })?, vec![ InputAccountIdentity::Public, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk, random_seed: [0; 32], npk, diff --git a/integration_tests/tests/tps.rs b/integration_tests/tests/tps.rs index 71fb132b..78a28558 100644 --- a/integration_tests/tests/tps.rs +++ b/integration_tests/tests/tps.rs @@ -272,7 +272,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { let recipient_npk = NullifierPublicKey::from(&recipient_nsk); let recipient_pre = AccountWithMetadata::new( Account::default(), - false, + true, AccountId::for_regular_private_account(&recipient_npk, &recipient_vpk, 0), ); @@ -298,7 +298,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { membership_proof: proof, identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_vpk, random_seed: [0; 32], npk: recipient_npk, diff --git a/lee/privacy_preserving_circuit/src/output.rs b/lee/privacy_preserving_circuit/src/output.rs index c9543e05..8fae795f 100644 --- a/lee/privacy_preserving_circuit/src/output.rs +++ b/lee/privacy_preserving_circuit/src/output.rs @@ -117,7 +117,7 @@ pub fn compute_circuit_output( new_nonce, ); } - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk, random_seed, npk, @@ -133,8 +133,8 @@ pub fn compute_circuit_output( "Found new private account with non default values", ); assert!( - !pre_state.is_authorized, - "Found new private account marked as authorized." + pre_state.is_authorized, + "Found new private account marked as unauthorized." ); let new_nullifier = ( diff --git a/lee/state_machine/core/src/circuit_io.rs b/lee/state_machine/core/src/circuit_io.rs index d441ff19..1cac1df6 100644 --- a/lee/state_machine/core/src/circuit_io.rs +++ b/lee/state_machine/core/src/circuit_io.rs @@ -48,7 +48,7 @@ pub enum InputAccountIdentity { }, /// Init of a standalone private account the caller does not own (e.g. a recipient who /// doesn't yet exist on chain). No `nsk`, no membership proof. - PrivateUnauthorized { + PrivateForeignInit { vpk: ViewingPublicKey, random_seed: [u8; 32], npk: NullifierPublicKey, @@ -125,7 +125,7 @@ impl InputAccountIdentity { Self::Public | Self::PrivateAuthorizedInit { .. } | Self::PrivateAuthorizedUpdate { .. } - | Self::PrivateUnauthorized { .. } => None, + | Self::PrivateForeignInit { .. } => None, } } } diff --git a/lee/state_machine/src/privacy_preserving_transaction/circuit/tests.rs b/lee/state_machine/src/privacy_preserving_transaction/circuit/tests.rs index 005a9230..34f3cede 100644 --- a/lee/state_machine/src/privacy_preserving_transaction/circuit/tests.rs +++ b/lee/state_machine/src/privacy_preserving_transaction/circuit/tests.rs @@ -60,7 +60,7 @@ fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts() let recipient_account_id = AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); - let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id); + let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id); let balance_to_move: u128 = 37; @@ -89,7 +89,7 @@ fn prove_privacy_preserving_execution_circuit_public_and_private_pre_accounts() Program::serialize_instruction(balance_to_move).unwrap(), vec![ InputAccountIdentity::Public, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -144,7 +144,7 @@ fn prove_privacy_preserving_execution_circuit_fully_private() { let recipient_account_id = AccountId::for_regular_private_account(&recipient_keys.npk(), &recipient_keys.vpk(), 0); - let recipient = AccountWithMetadata::new(Account::default(), false, recipient_account_id); + let recipient = AccountWithMetadata::new(Account::default(), true, recipient_account_id); let balance_to_move: u128 = 37; let mut commitment_set = CommitmentSet::with_capacity(2); @@ -204,7 +204,7 @@ fn prove_privacy_preserving_execution_circuit_fully_private() { .expect("sender's commitment must be in the set"), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -247,7 +247,7 @@ fn circuit_fails_when_chained_validity_windows_have_empty_intersection() { let account_keys = test_private_account_keys_1(); let pre = AccountWithMetadata::new( Account::default(), - false, + true, AccountId::for_regular_private_account(&account_keys.npk(), &account_keys.vpk(), 0), ); @@ -271,7 +271,7 @@ fn circuit_fails_when_chained_validity_windows_have_empty_intersection() { let result = execute_and_prove( vec![pre], instruction, - vec![InputAccountIdentity::PrivateUnauthorized { + vec![InputAccountIdentity::PrivateForeignInit { vpk: account_keys.vpk(), random_seed: [0; 32], npk: account_keys.npk(), @@ -422,7 +422,7 @@ fn private_pda_withdraw() { /// Shared regular private account: receives funds via `authenticated_transfer` directly, /// no custom program needed. This demonstrates the non-PDA shared account flow where /// keys are derived from GMS via `derive_keys_for_shared_account`. The shared account -/// uses the standard unauthorized private account path and works with auth-transfer's +/// uses the standard foreign private account path and works with auth-transfer's /// transfer path like any other private account. #[test] fn shared_account_receives_via_simple_transfer() { @@ -443,9 +443,9 @@ fn shared_account_receives_via_simple_transfer() { sender_id, ); - // Recipient: shared private account (new, unauthorized) + // Recipient: shared private account (new, foreign) let shared_account_id = AccountId::from((&shared_npk, &shared_keys.vpk(), shared_identifier)); - let recipient = AccountWithMetadata::new(Account::default(), false, shared_account_id); + let recipient = AccountWithMetadata::new(Account::default(), true, shared_account_id); let balance_to_move: u128 = 100; let instruction = Program::serialize_instruction(balance_to_move).unwrap(); @@ -455,7 +455,7 @@ fn shared_account_receives_via_simple_transfer() { instruction, vec![ InputAccountIdentity::Public, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: shared_keys.vpk(), random_seed: [0; 32], npk: shared_npk, @@ -507,10 +507,10 @@ fn private_authorized_init_encrypts_regular_kind_with_identifier() { ); } -/// `PrivateUnauthorized` with a non-default identifier produces a ciphertext that decrypts +/// `PrivateForeignInit` with a non-default identifier produces a ciphertext that decrypts /// to `PrivateAccountKind::Regular` carrying the correct identifier. #[test] -fn private_unauthorized_init_encrypts_regular_kind_with_identifier() { +fn private_foreign_init_encrypts_regular_kind_with_identifier() { let program = crate::test_methods::claimer(); let keys = test_private_account_keys_1(); let identifier: u128 = 99; @@ -521,12 +521,12 @@ fn private_unauthorized_init_encrypts_regular_kind_with_identifier() { &Nonce::private_account_nonce_init(&recipient_id), ); let ssk = SharedSecretKey::encapsulate_deterministic(&keys.vpk(), &esk).0; - let recipient = AccountWithMetadata::new(Account::default(), false, recipient_id); + let recipient = AccountWithMetadata::new(Account::default(), true, recipient_id); let (output, _) = execute_and_prove( vec![recipient], Program::serialize_instruction(()).unwrap(), - vec![InputAccountIdentity::PrivateUnauthorized { + vec![InputAccountIdentity::PrivateForeignInit { vpk: keys.vpk(), random_seed: [0; 32], npk: keys.npk(), diff --git a/lee/state_machine/src/state/tests/circuit.rs b/lee/state_machine/src/state/tests/circuit.rs index c13a7370..160b033c 100644 --- a/lee/state_machine/src/state/tests/circuit.rs +++ b/lee/state_machine/src/state/tests/circuit.rs @@ -49,7 +49,7 @@ fn circuit_fails_if_invalid_auth_keys_are_provided() { ); let private_account_2 = AccountWithMetadata::new( Account::default(), - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -68,7 +68,7 @@ fn circuit_fails_if_invalid_auth_keys_are_provided() { membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -102,7 +102,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_balance_is_provid balance: 1, ..Account::default() }, - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -117,7 +117,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_balance_is_provid membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -151,7 +151,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_program_owner_is_ program_owner: [0, 1, 2, 3, 4, 5, 6, 7], ..Account::default() }, - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -166,7 +166,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_program_owner_is_ membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -200,7 +200,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_data_is_provided( data: b"hola mundo".to_vec().try_into().unwrap(), ..Account::default() }, - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -215,7 +215,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_data_is_provided( membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -249,7 +249,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided nonce: Nonce(0xdead_beef), ..Account::default() }, - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -264,7 +264,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -279,7 +279,7 @@ fn circuit_should_fail_if_new_private_account_with_non_default_nonce_is_provided } #[test] -fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_but_marked_as_authorized() +fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_but_marked_as_unauthorized() { let program = crate::test_methods::simple_balance_transfer(); let sender_keys = test_private_account_keys_1(); @@ -295,8 +295,8 @@ fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_bu ); let private_account_2 = AccountWithMetadata::new( Account::default(), - // This should be set to false in normal circumstances - true, + // This should be set to true in normal circumstances + false, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -311,7 +311,7 @@ fn circuit_should_fail_if_new_private_account_is_provided_with_default_values_bu membership_proof: (0, vec![]), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -773,7 +773,7 @@ fn private_unauthorized_uninitialized_account_can_still_be_claimed() { // remains allowed. let unauthorized_account = AccountWithMetadata::new( Account::default(), - false, + true, (&private_keys.npk(), &private_keys.vpk(), 0), ); @@ -782,7 +782,7 @@ fn private_unauthorized_uninitialized_account_can_still_be_claimed() { let (output, proof) = execute_and_prove( vec![unauthorized_account], Program::serialize_instruction(()).unwrap(), - vec![InputAccountIdentity::PrivateUnauthorized { + vec![InputAccountIdentity::PrivateForeignInit { vpk: private_keys.vpk(), random_seed: [0; 32], npk: private_keys.npk(), diff --git a/lee/state_machine/src/state/tests/mod.rs b/lee/state_machine/src/state/tests/mod.rs index 55a99ead..76a8db7d 100644 --- a/lee/state_machine/src/state/tests/mod.rs +++ b/lee/state_machine/src/state/tests/mod.rs @@ -269,7 +269,7 @@ fn shielded_balance_transfer_for_tests( let recipient = AccountWithMetadata::new( Account::default(), - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -278,7 +278,7 @@ fn shielded_balance_transfer_for_tests( Program::serialize_instruction(balance_to_move).unwrap(), vec![ InputAccountIdentity::Public, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), @@ -319,7 +319,7 @@ fn private_balance_transfer_for_tests( ); let recipient_pre = AccountWithMetadata::new( Account::default(), - false, + true, (&recipient_keys.npk(), &recipient_keys.vpk(), 0), ); @@ -336,7 +336,7 @@ fn private_balance_transfer_for_tests( .expect("sender's commitment must be in state"), identifier: 0, }, - InputAccountIdentity::PrivateUnauthorized { + InputAccountIdentity::PrivateForeignInit { vpk: recipient_keys.vpk(), random_seed: [0; 32], npk: recipient_keys.npk(), diff --git a/lee/state_machine/src/state/tests/validity_window.rs b/lee/state_machine/src/state/tests/validity_window.rs index 12e7c229..7e314bc2 100644 --- a/lee/state_machine/src/state/tests/validity_window.rs +++ b/lee/state_machine/src/state/tests/validity_window.rs @@ -126,7 +126,7 @@ fn validity_window_works_in_privacy_preserving_transactions( let account_keys = test_private_account_keys_1(); let pre = AccountWithMetadata::new( Account::default(), - false, + true, (&account_keys.npk(), &account_keys.vpk(), 0), ); let mut state = V03State::new().with_test_programs(); @@ -138,7 +138,7 @@ fn validity_window_works_in_privacy_preserving_transactions( let (output, proof) = crate::privacy_preserving_transaction::circuit::execute_and_prove( vec![pre], Program::serialize_instruction(instruction).unwrap(), - vec![InputAccountIdentity::PrivateUnauthorized { + vec![InputAccountIdentity::PrivateForeignInit { vpk: account_keys.vpk(), random_seed: [0; 32], npk: account_keys.npk(), @@ -191,7 +191,7 @@ fn timestamp_validity_window_works_in_privacy_preserving_transactions( let account_keys = test_private_account_keys_1(); let pre = AccountWithMetadata::new( Account::default(), - false, + true, (&account_keys.npk(), &account_keys.vpk(), 0), ); let mut state = V03State::new().with_test_programs(); @@ -203,7 +203,7 @@ fn timestamp_validity_window_works_in_privacy_preserving_transactions( let (output, proof) = crate::privacy_preserving_transaction::circuit::execute_and_prove( vec![pre], Program::serialize_instruction(instruction).unwrap(), - vec![InputAccountIdentity::PrivateUnauthorized { + vec![InputAccountIdentity::PrivateForeignInit { vpk: account_keys.vpk(), random_seed: [0; 32], npk: account_keys.npk(), diff --git a/lez/wallet/src/account_manager.rs b/lez/wallet/src/account_manager.rs index 824a994d..0c3f4c49 100644 --- a/lez/wallet/src/account_manager.rs +++ b/lez/wallet/src/account_manager.rs @@ -263,7 +263,7 @@ impl AccountManager { identifier, } => { let acc = lee_core::account::Account::default(); - let auth_acc = AccountWithMetadata::new(acc, false, (&npk, &vpk, identifier)); + let auth_acc = AccountWithMetadata::new(acc, true, (&npk, &vpk, identifier)); let mut random_seed: [u8; 32] = [0; 32]; OsRng.fill_bytes(&mut random_seed); let pre = AccountPreparedData { @@ -442,7 +442,7 @@ impl AccountManager { identifier: pre.identifier, commitment_root: self.dummy_commitment_root, }, - (None, _) => InputAccountIdentity::PrivateUnauthorized { + (None, _) => InputAccountIdentity::PrivateForeignInit { vpk: pre.vpk.clone(), random_seed: pre.random_seed, npk: pre.npk, diff --git a/test_fixtures/fixtures/prebuilt_sequencer_db.dump b/test_fixtures/fixtures/prebuilt_sequencer_db.dump index 2aa0c51f..08cc4d29 100644 Binary files a/test_fixtures/fixtures/prebuilt_sequencer_db.dump and b/test_fixtures/fixtures/prebuilt_sequencer_db.dump differ