From 87577726ec816f226364a17531f7084b0a866b74 Mon Sep 17 00:00:00 2001 From: Sergio Chouhy Date: Wed, 27 Aug 2025 18:23:56 -0300 Subject: [PATCH] add program_id check --- .../guest/src/bin/privacy_preserving_circuit.rs | 9 ++++++--- nssa/src/privacy_preserving_transaction/circuit.rs | 10 ++++------ nssa/src/program.rs | 10 ++-------- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs index b21cfde..a07fdd7 100644 --- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs +++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs @@ -9,6 +9,8 @@ use nssa_core::{ PrivacyPreservingCircuitInput, PrivacyPreservingCircuitOutput, }; +const AUTHENTICATED_TRANSFER_PROGRAM_ID: [u32; 8] = [4009390658, 295818534, 2287042879, 2991817555, 298425691, 3426172222, 3671663086, 1858988641]; + fn main() { let PrivacyPreservingCircuitInput { program_output, @@ -19,8 +21,9 @@ fn main() { program_id, } = env::read(); - // TODO: Check that `program_execution_proof` is one of the allowed built-in programs - // assert!(BUILTIN_PROGRAM_IDS.contains(executing_program_id)); + // Check that `program_execution_proof` is one of the allowed built-in programs + // TODO: Adapt when more builtin programs are added + assert_eq!(program_id, AUTHENTICATED_TRANSFER_PROGRAM_ID); // Check that `program_output` is consistent with the execution of the corresponding program. env::verify(program_id, &to_vec(&program_output).unwrap()).unwrap(); @@ -75,7 +78,7 @@ fn main() { let (nsk, membership_proof) = private_auth_iter.next().expect("Missing private auth"); - // Verify Npk + // Verify the nullifier public key let expected_npk = NullifierPublicKey::from(nsk); if &expected_npk != npk { panic!("Nullifier public key mismatch"); diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index 687e214..ed32f98 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -10,6 +10,7 @@ use crate::{error::NssaError, program::Program}; use program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID}; +/// Proof of the privacy preserving execution circuit #[derive(Debug, Clone, PartialEq, Eq)] pub struct Proof(Vec); @@ -21,17 +22,14 @@ impl Proof { } } +/// Generates a proof of the execution of a NSSA program inside the privacy preserving execution +/// circuit pub fn execute_and_prove( pre_states: &[AccountWithMetadata], instruction_data: &InstructionData, visibility_mask: &[u8], private_account_nonces: &[u128], - private_account_keys: &[( - NullifierPublicKey, - SharedSecretKey, - // IncomingViewingPublicKey, - // EphemeralSecretKey, - )], + private_account_keys: &[(NullifierPublicKey, SharedSecretKey)], private_account_auth: &[(NullifierSecretKey, MembershipProof)], program: &Program, ) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> { diff --git a/nssa/src/program.rs b/nssa/src/program.rs index d504313..66358e9 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -3,10 +3,7 @@ use nssa_core::{ program::{InstructionData, ProgramId, ProgramOutput}, }; use program_methods::{AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID}; -use risc0_zkvm::{ - ExecutorEnv, ExecutorEnvBuilder, default_executor, - serde::to_vec, -}; +use risc0_zkvm::{ExecutorEnv, ExecutorEnvBuilder, default_executor, serde::to_vec}; use serde::Serialize; use crate::error::NssaError; @@ -49,9 +46,7 @@ impl Program { .map_err(|e| NssaError::ProgramExecutionFailed(e.to_string()))?; // Get outputs - let ProgramOutput { - post_states, .. - } = session_info + let ProgramOutput { post_states, .. } = session_info .journal .decode() .map_err(|e| NssaError::ProgramExecutionFailed(e.to_string()))?; @@ -83,7 +78,6 @@ impl Program { #[cfg(test)] mod tests { use nssa_core::account::{Account, AccountWithMetadata}; - use crate::program::Program;