add program_id check

2026-01-03 22:03:06 +00:00 · 2025-08-27 18:23:56 -03:00 · 2025-08-27 18:23:56 -03:00 · 87577726ec
commit 87577726ec
parent 5bd45b685f
3 changed files with 12 additions and 17 deletions
--- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
+++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
@ -9,6 +9,8 @@ use nssa_core::{
    PrivacyPreservingCircuitInput, PrivacyPreservingCircuitOutput,
 };

+const AUTHENTICATED_TRANSFER_PROGRAM_ID: [u32; 8] = [4009390658, 295818534, 2287042879, 2991817555, 298425691, 3426172222, 3671663086, 1858988641];
+
 fn main() {
    let PrivacyPreservingCircuitInput {
        program_output,
@ -19,8 +21,9 @@ fn main() {
        program_id,
    } = env::read();

-    // TODO: Check that `program_execution_proof` is one of the allowed built-in programs
-    // assert!(BUILTIN_PROGRAM_IDS.contains(executing_program_id));
+    // Check that `program_execution_proof` is one of the allowed built-in programs
+    // TODO: Adapt when more builtin programs are added
+    assert_eq!(program_id, AUTHENTICATED_TRANSFER_PROGRAM_ID);

    // Check that `program_output` is consistent with the execution of the corresponding program.
    env::verify(program_id, &to_vec(&program_output).unwrap()).unwrap();
@ -75,7 +78,7 @@ fn main() {
                    let (nsk, membership_proof) =
                        private_auth_iter.next().expect("Missing private auth");

-                    // Verify Npk
+                    // Verify the nullifier public key
                    let expected_npk = NullifierPublicKey::from(nsk);
                    if &expected_npk != npk {
                        panic!("Nullifier public key mismatch");
--- a/nssa/src/privacy_preserving_transaction/circuit.rs
+++ b/nssa/src/privacy_preserving_transaction/circuit.rs
@ -10,6 +10,7 @@ use crate::{error::NssaError, program::Program};

 use program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID};

+/// Proof of the privacy preserving execution circuit
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub struct Proof(Vec<u8>);

@ -21,17 +22,14 @@ impl Proof {
    }
 }

+/// Generates a proof of the execution of a NSSA program inside the privacy preserving execution
+/// circuit
 pub fn execute_and_prove(
    pre_states: &[AccountWithMetadata],
    instruction_data: &InstructionData,
    visibility_mask: &[u8],
    private_account_nonces: &[u128],
-    private_account_keys: &[(
-        NullifierPublicKey,
-        SharedSecretKey,
-        // IncomingViewingPublicKey,
-        // EphemeralSecretKey,
-    )],
+    private_account_keys: &[(NullifierPublicKey, SharedSecretKey)],
    private_account_auth: &[(NullifierSecretKey, MembershipProof)],
    program: &Program,
 ) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> {
--- a/nssa/src/program.rs
+++ b/nssa/src/program.rs
@ -3,10 +3,7 @@ use nssa_core::{
    program::{InstructionData, ProgramId, ProgramOutput},
 };
 use program_methods::{AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID};
-use risc0_zkvm::{
-    ExecutorEnv, ExecutorEnvBuilder, default_executor,
-    serde::to_vec,
-};
+use risc0_zkvm::{ExecutorEnv, ExecutorEnvBuilder, default_executor, serde::to_vec};
 use serde::Serialize;

 use crate::error::NssaError;
@ -49,9 +46,7 @@ impl Program {
            .map_err(|e| NssaError::ProgramExecutionFailed(e.to_string()))?;

        // Get outputs
-        let ProgramOutput {
-            post_states, ..
-        } = session_info
+        let ProgramOutput { post_states, .. } = session_info
            .journal
            .decode()
            .map_err(|e| NssaError::ProgramExecutionFailed(e.to_string()))?;
@ -83,7 +78,6 @@ impl Program {
 #[cfg(test)]
 mod tests {
    use nssa_core::account::{Account, AccountWithMetadata};
-    

    use crate::program::Program;