replace npk for account id in commitment and init nullifier formulas

2026-04-16 16:13:41 +00:00 · 2026-04-14 23:45:34 -03:00 · 2026-04-14 23:45:34 -03:00 · a4af8da13b
commit a4af8da13b
parent 12b8c0ad31
43 changed files with 148 additions and 97 deletions
--- a/artifacts/program_methods/amm.bin
+++ b/artifacts/program_methods/amm.bin
--- a/artifacts/program_methods/associated_token_account.bin
+++ b/artifacts/program_methods/associated_token_account.bin
--- a/artifacts/program_methods/authenticated_transfer.bin
+++ b/artifacts/program_methods/authenticated_transfer.bin
--- a/artifacts/program_methods/clock.bin
+++ b/artifacts/program_methods/clock.bin
--- a/artifacts/program_methods/pinata.bin
+++ b/artifacts/program_methods/pinata.bin
--- a/artifacts/program_methods/pinata_token.bin
+++ b/artifacts/program_methods/pinata_token.bin
--- a/artifacts/program_methods/privacy_preserving_circuit.bin
+++ b/artifacts/program_methods/privacy_preserving_circuit.bin
--- a/artifacts/program_methods/token.bin
+++ b/artifacts/program_methods/token.bin
--- a/artifacts/test_program_methods/burner.bin
+++ b/artifacts/test_program_methods/burner.bin
--- a/artifacts/test_program_methods/chain_caller.bin
+++ b/artifacts/test_program_methods/chain_caller.bin
--- a/artifacts/test_program_methods/changer_claimer.bin
+++ b/artifacts/test_program_methods/changer_claimer.bin
--- a/artifacts/test_program_methods/claimer.bin
+++ b/artifacts/test_program_methods/claimer.bin
--- a/artifacts/test_program_methods/clock_chain_caller.bin
+++ b/artifacts/test_program_methods/clock_chain_caller.bin
--- a/artifacts/test_program_methods/data_changer.bin
+++ b/artifacts/test_program_methods/data_changer.bin
--- a/artifacts/test_program_methods/extra_output.bin
+++ b/artifacts/test_program_methods/extra_output.bin
--- a/artifacts/test_program_methods/flash_swap_callback.bin
+++ b/artifacts/test_program_methods/flash_swap_callback.bin
--- a/artifacts/test_program_methods/flash_swap_initiator.bin
+++ b/artifacts/test_program_methods/flash_swap_initiator.bin
--- a/artifacts/test_program_methods/malicious_authorization_changer.bin
+++ b/artifacts/test_program_methods/malicious_authorization_changer.bin
--- a/artifacts/test_program_methods/malicious_caller_program_id.bin
+++ b/artifacts/test_program_methods/malicious_caller_program_id.bin
--- a/artifacts/test_program_methods/malicious_self_program_id.bin
+++ b/artifacts/test_program_methods/malicious_self_program_id.bin
--- a/artifacts/test_program_methods/minter.bin
+++ b/artifacts/test_program_methods/minter.bin
--- a/artifacts/test_program_methods/missing_output.bin
+++ b/artifacts/test_program_methods/missing_output.bin
--- a/artifacts/test_program_methods/modified_transfer.bin
+++ b/artifacts/test_program_methods/modified_transfer.bin
--- a/artifacts/test_program_methods/nonce_changer.bin
+++ b/artifacts/test_program_methods/nonce_changer.bin
--- a/artifacts/test_program_methods/noop.bin
+++ b/artifacts/test_program_methods/noop.bin
--- a/artifacts/test_program_methods/pinata_cooldown.bin
+++ b/artifacts/test_program_methods/pinata_cooldown.bin
--- a/artifacts/test_program_methods/program_owner_changer.bin
+++ b/artifacts/test_program_methods/program_owner_changer.bin
--- a/artifacts/test_program_methods/simple_balance_transfer.bin
+++ b/artifacts/test_program_methods/simple_balance_transfer.bin
--- a/artifacts/test_program_methods/time_locked_transfer.bin
+++ b/artifacts/test_program_methods/time_locked_transfer.bin
--- a/artifacts/test_program_methods/validity_window.bin
+++ b/artifacts/test_program_methods/validity_window.bin
--- a/artifacts/test_program_methods/validity_window_chain_caller.bin
+++ b/artifacts/test_program_methods/validity_window_chain_caller.bin
--- a/indexer/core/src/lib.rs
+++ b/indexer/core/src/lib.rs
@ -63,6 +63,7 @@ impl IndexerCore {
                    .iter()
                    .map(|init_comm_data| {
                        let npk = &init_comm_data.npk;
+                        let account_id = nssa::AccountId::from((npk, 0));

                        let mut acc = init_comm_data.account.clone();

@ -70,8 +71,8 @@ impl IndexerCore {
                            nssa::program::Program::authenticated_transfer_program().id();

                        (
-                            nssa_core::Commitment::new(npk, &acc),
-                            nssa_core::Nullifier::for_account_initialization(npk),
+                            nssa_core::Commitment::new(&account_id, &acc),
+                            nssa_core::Nullifier::for_account_initialization(&account_id),
                        )
                    })
                    .collect()
--- a/nssa/core/src/circuit_io.rs
+++ b/nssa/core/src/circuit_io.rs
@ -1,7 +1,7 @@
 use serde::{Deserialize, Serialize};

 use crate::{
-    Commitment, CommitmentSetDigest, MembershipProof, Nullifier, NullifierPublicKey,
+    Commitment, CommitmentSetDigest, Identifier, MembershipProof, Nullifier, NullifierPublicKey,
    NullifierSecretKey, SharedSecretKey,
    account::{Account, AccountWithMetadata},
    encryption::Ciphertext,
@ -18,8 +18,8 @@ pub struct PrivacyPreservingCircuitInput {
    /// - `1` - private account with authentication
    /// - `2` - private account without authentication
    pub visibility_mask: Vec<u8>,
-    /// Public keys of private accounts.
-    pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>,
+    /// Public keys and identifiers of private accounts.
+    pub private_account_keys: Vec<(NullifierPublicKey, Identifier, SharedSecretKey)>,
    /// Nullifier secret keys for authorized private accounts.
    pub private_account_nsks: Vec<NullifierSecretKey>,
    /// Membership proofs for private accounts. Can be [`None`] for uninitialized accounts.
@ -56,7 +56,7 @@ mod tests {

    use super::*;
    use crate::{
-        Commitment, Nullifier, NullifierPublicKey,
+        Commitment, Nullifier,
        account::{Account, AccountId, AccountWithMetadata, Nonce},
    };

@ -93,12 +93,12 @@ mod tests {
            }],
            ciphertexts: vec![Ciphertext(vec![255, 255, 1, 1, 2, 2])],
            new_commitments: vec![Commitment::new(
-                &NullifierPublicKey::from(&[1; 32]),
+                &AccountId::new([1; 32]),
                &Account::default(),
            )],
            new_nullifiers: vec![(
                Nullifier::for_account_update(
-                    &Commitment::new(&NullifierPublicKey::from(&[2; 32]), &Account::default()),
+                    &Commitment::new(&AccountId::new([2; 32]), &Account::default()),
                    &[1; 32],
                ),
                [0xab; 32],
--- a/nssa/core/src/commitment.rs
+++ b/nssa/core/src/commitment.rs
@ -2,7 +2,7 @@ use borsh::{BorshDeserialize, BorshSerialize};
 use risc0_zkvm::sha::{Impl, Sha256 as _};
 use serde::{Deserialize, Serialize};

-use crate::{NullifierPublicKey, account::Account};
+use crate::account::{Account, AccountId};

 /// A commitment to all zero data.
 /// ```python
@ -49,16 +49,16 @@ impl std::fmt::Debug for Commitment {
 }

 impl Commitment {
-    /// Generates the commitment to a private account owned by user for npk:
-    /// SHA256( `Comm_DS` || npk || `program_owner` || balance || nonce || SHA256(data)).
+    /// Generates the commitment to a private account owned by user for account_id:
+    /// SHA256( `Comm_DS` || account_id || `program_owner` || balance || nonce || SHA256(data)).
    #[must_use]
-    pub fn new(npk: &NullifierPublicKey, account: &Account) -> Self {
+    pub fn new(account_id: &AccountId, account: &Account) -> Self {
        const COMMITMENT_PREFIX: &[u8; 32] =
            b"/LEE/v0.3/Commitment/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

        let mut bytes = Vec::new();
        bytes.extend_from_slice(COMMITMENT_PREFIX);
-        bytes.extend_from_slice(&npk.to_byte_array());
+        bytes.extend_from_slice(account_id.value());
        let account_bytes_with_hashed_data = {
            let mut this = Vec::new();
            for word in &account.program_owner {
@ -115,14 +115,14 @@ mod tests {
    use risc0_zkvm::sha::{Impl, Sha256 as _};

    use crate::{
-        Commitment, DUMMY_COMMITMENT, DUMMY_COMMITMENT_HASH, NullifierPublicKey, account::Account,
+        Commitment, DUMMY_COMMITMENT, DUMMY_COMMITMENT_HASH, account::{Account, AccountId},
    };

    #[test]
    fn nothing_up_my_sleeve_dummy_commitment() {
        let default_account = Account::default();
-        let npk_null = NullifierPublicKey([0; 32]);
-        let expected_dummy_commitment = Commitment::new(&npk_null, &default_account);
+        let account_id_null = AccountId::new([0; 32]);
+        let expected_dummy_commitment = Commitment::new(&account_id_null, &default_account);
        assert_eq!(DUMMY_COMMITMENT, expected_dummy_commitment);
    }

--- a/nssa/core/src/lib.rs
+++ b/nssa/core/src/lib.rs
@ -9,7 +9,7 @@ pub use commitment::{
    compute_digest_for_path,
 };
 pub use encryption::{EncryptionScheme, SharedSecretKey};
-pub use nullifier::{Nullifier, NullifierPublicKey, NullifierSecretKey};
+pub use nullifier::{Identifier, Nullifier, NullifierPublicKey, NullifierSecretKey};

 pub mod account;
 mod circuit_io;
--- a/nssa/core/src/nullifier.rs
+++ b/nssa/core/src/nullifier.rs
@ -91,10 +91,10 @@ impl Nullifier {

    /// Computes a nullifier for an account initialization.
    #[must_use]
-    pub fn for_account_initialization(npk: &NullifierPublicKey) -> Self {
+    pub fn for_account_initialization(account_id: &AccountId) -> Self {
        const INIT_PREFIX: &[u8; 32] = b"/LEE/v0.3/Nullifier/Initialize/\x00";
        let mut bytes = INIT_PREFIX.to_vec();
-        bytes.extend_from_slice(&npk.to_byte_array());
+        bytes.extend_from_slice(account_id.value());
        Self(Impl::hash_bytes(&bytes).as_bytes().try_into().unwrap())
    }
 }
@ -117,7 +117,7 @@ mod tests {

    #[test]
    fn constructor_for_account_initialization() {
-        let npk = NullifierPublicKey([
+        let account_id = AccountId::new([
            112, 188, 193, 129, 150, 55, 228, 67, 88, 168, 29, 151, 5, 92, 23, 190, 17, 162, 164,
            255, 29, 105, 42, 186, 43, 11, 157, 168, 132, 225, 17, 163,
        ]);
@ -125,7 +125,7 @@ mod tests {
            149, 59, 95, 181, 2, 194, 20, 143, 72, 233, 104, 243, 59, 70, 67, 243, 110, 77, 109,
            132, 139, 111, 51, 125, 128, 92, 107, 46, 252, 4, 20, 149,
        ]);
-        let nullifier = Nullifier::for_account_initialization(&npk);
+        let nullifier = Nullifier::for_account_initialization(&account_id);
        assert_eq!(nullifier, expected_nullifier);
    }

--- a/nssa/src/privacy_preserving_transaction/circuit.rs
+++ b/nssa/src/privacy_preserving_transaction/circuit.rs
@ -2,8 +2,8 @@ use std::collections::{HashMap, VecDeque};

 use borsh::{BorshDeserialize, BorshSerialize};
 use nssa_core::{
-    MembershipProof, NullifierPublicKey, NullifierSecretKey, PrivacyPreservingCircuitInput,
-    PrivacyPreservingCircuitOutput, SharedSecretKey,
+    Identifier, MembershipProof, NullifierPublicKey, NullifierSecretKey,
+    PrivacyPreservingCircuitInput, PrivacyPreservingCircuitOutput, SharedSecretKey,
    account::AccountWithMetadata,
    program::{ChainedCall, InstructionData, ProgramId, ProgramOutput},
 };
@ -68,7 +68,7 @@ pub fn execute_and_prove(
    pre_states: Vec<AccountWithMetadata>,
    instruction_data: InstructionData,
    visibility_mask: Vec<u8>,
-    private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>,
+    private_account_keys: Vec<(NullifierPublicKey, Identifier, SharedSecretKey)>,
    private_account_nsks: Vec<NullifierSecretKey>,
    private_account_membership_proofs: Vec<Option<MembershipProof>>,
    program_with_dependencies: &ProgramWithDependencies,
@ -242,7 +242,7 @@ mod tests {
            vec![sender, recipient],
            Program::serialize_instruction(balance_to_move).unwrap(),
            vec![0, 2],
-            vec![(recipient_keys.npk(), shared_secret)],
+            vec![(recipient_keys.npk(), 0, shared_secret)],
            vec![],
            vec![None],
            &Program::authenticated_transfer_program().into(),
@ -286,7 +286,8 @@ mod tests {
            true,
            AccountId::from((&sender_keys.npk(), 0)),
        );
-        let commitment_sender = Commitment::new(&sender_keys.npk(), &sender_pre.account);
+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
+        let commitment_sender = Commitment::new(&sender_account_id, &sender_pre.account);

        let recipient = AccountWithMetadata::new(
            Account::default(),
@ -298,13 +299,14 @@ mod tests {
        let mut commitment_set = CommitmentSet::with_capacity(2);
        commitment_set.extend(std::slice::from_ref(&commitment_sender));

+        let recipient_account_id = AccountId::from((&recipient_keys.npk(), 0));
        let expected_new_nullifiers = vec![
            (
                Nullifier::for_account_update(&commitment_sender, &sender_keys.nsk),
                commitment_set.digest(),
            ),
            (
-                Nullifier::for_account_initialization(&recipient_keys.npk()),
+                Nullifier::for_account_initialization(&recipient_account_id),
                DUMMY_COMMITMENT_HASH,
            ),
        ];
@ -324,8 +326,8 @@ mod tests {
            ..Default::default()
        };
        let expected_new_commitments = vec![
-            Commitment::new(&sender_keys.npk(), &expected_private_account_1),
-            Commitment::new(&recipient_keys.npk(), &expected_private_account_2),
+            Commitment::new(&sender_account_id, &expected_private_account_1),
+            Commitment::new(&recipient_account_id, &expected_private_account_2),
        ];

        let esk_1 = [3; 32];
@ -339,8 +341,8 @@ mod tests {
            Program::serialize_instruction(balance_to_move).unwrap(),
            vec![1, 2],
            vec![
-                (sender_keys.npk(), shared_secret_1),
-                (recipient_keys.npk(), shared_secret_2),
+                (sender_keys.npk(), 0, shared_secret_1),
+                (recipient_keys.npk(), 0, shared_secret_2),
            ],
            vec![sender_keys.nsk],
            vec![commitment_set.get_proof_for(&commitment_sender), None],
@ -407,7 +409,7 @@ mod tests {
            vec![pre],
            instruction,
            vec![2],
-            vec![(account_keys.npk(), shared_secret)],
+            vec![(account_keys.npk(), 0, shared_secret)],
            vec![],
            vec![None],
            &program_with_deps,
--- a/nssa/src/privacy_preserving_transaction/message.rs
+++ b/nssa/src/privacy_preserving_transaction/message.rs
@ -154,9 +154,11 @@ pub mod tests {

        let encrypted_private_post_states = Vec::new();

-        let new_commitments = vec![Commitment::new(&npk2, &account2)];
+        let account_id2 = nssa_core::account::AccountId::from((&npk2, 0));
+        let new_commitments = vec![Commitment::new(&account_id2, &account2)];

-        let old_commitment = Commitment::new(&npk1, &account1);
+        let account_id1 = nssa_core::account::AccountId::from((&npk1, 0));
+        let old_commitment = Commitment::new(&account_id1, &account1);
        let new_nullifiers = vec![(
            Nullifier::for_account_update(&old_commitment, &nsk1),
            [0; 32],
@ -179,7 +181,8 @@ pub mod tests {
        let npk = NullifierPublicKey::from(&[1; 32]);
        let vpk = ViewingPublicKey::from_scalar([2; 32]);
        let account = Account::default();
-        let commitment = Commitment::new(&npk, &account);
+        let account_id = nssa_core::account::AccountId::from((&npk, 0));
+        let commitment = Commitment::new(&account_id, &account);
        let esk = [3; 32];
        let shared_secret = SharedSecretKey::new(&esk, &vpk);
        let epk = EphemeralPublicKey::from_scalar(esk);
--- a/nssa/src/state.rs
+++ b/nssa/src/state.rs
@ -456,7 +456,8 @@ pub mod tests {

        #[must_use]
        pub fn with_private_account(mut self, keys: &TestPrivateKeys, account: &Account) -> Self {
-            let commitment = Commitment::new(&keys.npk(), account);
+            let account_id = AccountId::from((&keys.npk(), 0));
+            let commitment = Commitment::new(&account_id, account);
            self.private_state.0.extend(&[commitment]);
            self
        }
@ -614,13 +615,13 @@ pub mod tests {
            ..Account::default()
        };

-        let npk1 = keys1.npk();
-        let npk2 = keys2.npk();
+        let account_id1 = AccountId::from((&keys1.npk(), 0));
+        let account_id2 = AccountId::from((&keys2.npk(), 0));

-        let init_commitment1 = Commitment::new(&npk1, &account);
-        let init_commitment2 = Commitment::new(&npk2, &account);
-        let init_nullifier1 = Nullifier::for_account_initialization(&npk1);
-        let init_nullifier2 = Nullifier::for_account_initialization(&npk2);
+        let init_commitment1 = Commitment::new(&account_id1, &account);
+        let init_commitment2 = Commitment::new(&account_id2, &account);
+        let init_nullifier1 = Nullifier::for_account_initialization(&account_id1);
+        let init_nullifier2 = Nullifier::for_account_initialization(&account_id2);

        let initial_private_accounts = vec![
            (init_commitment1, init_nullifier1),
@ -1222,7 +1223,7 @@ pub mod tests {
            vec![sender, recipient],
            Program::serialize_instruction(balance_to_move).unwrap(),
            vec![0, 2],
-            vec![(recipient_keys.npk(), shared_secret)],
+            vec![(recipient_keys.npk(), 0, shared_secret)],
            vec![],
            vec![None],
            &Program::authenticated_transfer_program().into(),
@ -1249,7 +1250,8 @@ pub mod tests {
        state: &V03State,
    ) -> PrivacyPreservingTransaction {
        let program = Program::authenticated_transfer_program();
-        let sender_commitment = Commitment::new(&sender_keys.npk(), sender_private_account);
+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
+        let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
        let sender_pre =
            AccountWithMetadata::new(sender_private_account.clone(), true, (&sender_keys.npk(), 0));
        let recipient_pre =
@ -1268,8 +1270,8 @@ pub mod tests {
            Program::serialize_instruction(balance_to_move).unwrap(),
            vec![1, 2],
            vec![
-                (sender_keys.npk(), shared_secret_1),
-                (recipient_keys.npk(), shared_secret_2),
+                (sender_keys.npk(), 0, shared_secret_1),
+                (recipient_keys.npk(), 0, shared_secret_2),
            ],
            vec![sender_keys.nsk],
            vec![state.get_proof_for_commitment(&sender_commitment), None],
@ -1301,7 +1303,8 @@ pub mod tests {
        state: &V03State,
    ) -> PrivacyPreservingTransaction {
        let program = Program::authenticated_transfer_program();
-        let sender_commitment = Commitment::new(&sender_keys.npk(), sender_private_account);
+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
+        let sender_commitment = Commitment::new(&sender_account_id, sender_private_account);
        let sender_pre =
            AccountWithMetadata::new(sender_private_account.clone(), true, (&sender_keys.npk(), 0));
        let recipient_pre = AccountWithMetadata::new(
@ -1318,7 +1321,7 @@ pub mod tests {
            vec![sender_pre, recipient_pre],
            Program::serialize_instruction(balance_to_move).unwrap(),
            vec![1, 0],
-            vec![(sender_keys.npk(), shared_secret)],
+            vec![(sender_keys.npk(), 0, shared_secret)],
            vec![sender_keys.nsk],
            vec![state.get_proof_for_commitment(&sender_commitment)],
            &program.into(),
@ -1405,8 +1408,10 @@ pub mod tests {
            &state,
        );

+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
+        let recipient_account_id = AccountId::from((&recipient_keys.npk(), 0));
        let expected_new_commitment_1 = Commitment::new(
-            &sender_keys.npk(),
+            &sender_account_id,
            &Account {
                program_owner: Program::authenticated_transfer_program().id(),
                nonce: sender_nonce.private_account_nonce_increment(&sender_keys.nsk),
@ -1415,12 +1420,12 @@ pub mod tests {
            },
        );

-        let sender_pre_commitment = Commitment::new(&sender_keys.npk(), &sender_private_account);
+        let sender_pre_commitment = Commitment::new(&sender_account_id, &sender_private_account);
        let expected_new_nullifier =
            Nullifier::for_account_update(&sender_pre_commitment, &sender_keys.nsk);

        let expected_new_commitment_2 = Commitment::new(
-            &recipient_keys.npk(),
+            &recipient_account_id,
            &Account {
                program_owner: Program::authenticated_transfer_program().id(),
                nonce: Nonce::private_account_nonce_init(&recipient_keys.npk()),
@ -1482,8 +1487,9 @@ pub mod tests {
            &state,
        );

+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
        let expected_new_commitment = Commitment::new(
-            &sender_keys.npk(),
+            &sender_account_id,
            &Account {
                program_owner: Program::authenticated_transfer_program().id(),
                nonce: sender_nonce.private_account_nonce_increment(&sender_keys.nsk),
@ -1492,7 +1498,7 @@ pub mod tests {
            },
        );

-        let sender_pre_commitment = Commitment::new(&sender_keys.npk(), &sender_private_account);
+        let sender_pre_commitment = Commitment::new(&sender_account_id, &sender_private_account);
        let expected_new_nullifier =
            Nullifier::for_account_update(&sender_pre_commitment, &sender_keys.nsk);

@ -1836,10 +1842,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -1870,6 +1878,7 @@ pub mod tests {
        // Setting only one key for an execution with two private accounts.
        let private_account_keys = [(
            sender_keys.npk(),
+            0,
            SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
        )];
        let result = execute_and_prove(
@ -1911,10 +1920,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -1952,10 +1963,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -1988,11 +2001,13 @@ pub mod tests {
            // First private account is the sender
            (
                sender_keys.npk(),
+                0,
                SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
            ),
            // Second private account is the recipient
            (
                recipient_keys.npk(),
+                0,
                SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
            ),
        ];
@ -2046,10 +2061,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2092,10 +2109,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2138,10 +2157,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2184,10 +2205,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2228,10 +2251,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2296,10 +2321,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2333,14 +2360,17 @@ pub mod tests {
        let private_account_keys = [
            (
                sender_keys.npk(),
+                0,
                SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
            ),
            (
                recipient_keys.npk(),
+                0,
                SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
            ),
            (
                sender_keys.npk(),
+                0,
                SharedSecretKey::new(&[57; 32], &sender_keys.vpk()),
            ),
        ];
@ -2386,10 +2416,12 @@ pub mod tests {
            vec![
                (
                    sender_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[55; 32], &sender_keys.vpk()),
                ),
                (
                    recipient_keys.npk(),
+                    0,
                    SharedSecretKey::new(&[56; 32], &recipient_keys.vpk()),
                ),
            ],
@ -2480,8 +2512,8 @@ pub mod tests {
            Program::serialize_instruction(100_u128).unwrap(),
            visibility_mask.to_vec(),
            vec![
-                (sender_keys.npk(), shared_secret),
-                (sender_keys.npk(), shared_secret),
+                (sender_keys.npk(), 0, shared_secret),
+                (sender_keys.npk(), 0, shared_secret),
            ],
            private_account_nsks.to_vec(),
            private_account_membership_proofs.to_vec(),
@ -2795,8 +2827,9 @@ pub mod tests {
            balance: 100,
            ..Account::default()
        };
-        let sender_commitment = Commitment::new(&sender_keys.npk(), &sender_private_account);
-        let sender_init_nullifier = Nullifier::for_account_initialization(&sender_keys.npk());
+        let sender_account_id = AccountId::from((&sender_keys.npk(), 0));
+        let sender_commitment = Commitment::new(&sender_account_id, &sender_private_account);
+        let sender_init_nullifier = Nullifier::for_account_initialization(&sender_account_id);
        let mut state = V03State::new_with_genesis_accounts(
            &[],
            vec![(sender_commitment.clone(), sender_init_nullifier)],
@ -2816,7 +2849,7 @@ pub mod tests {
            vec![sender_pre, recipient_pre],
            Program::serialize_instruction(37_u128).unwrap(),
            vec![1, 0],
-            vec![(sender_keys.npk(), shared_secret)],
+            vec![(sender_keys.npk(), 0, shared_secret)],
            vec![sender_keys.nsk],
            vec![state.get_proof_for_commitment(&sender_commitment)],
            &program.into(),
@ -2879,10 +2912,12 @@ pub mod tests {
            (&to_keys.npk(), 0),
        );

-        let from_commitment = Commitment::new(&from_keys.npk(), &from_account.account);
-        let to_commitment = Commitment::new(&to_keys.npk(), &to_account.account);
-        let from_init_nullifier = Nullifier::for_account_initialization(&from_keys.npk());
-        let to_init_nullifier = Nullifier::for_account_initialization(&to_keys.npk());
+        let from_account_id = AccountId::from((&from_keys.npk(), 0));
+        let to_account_id = AccountId::from((&to_keys.npk(), 0));
+        let from_commitment = Commitment::new(&from_account_id, &from_account.account);
+        let to_commitment = Commitment::new(&to_account_id, &to_account.account);
+        let from_init_nullifier = Nullifier::for_account_initialization(&from_account_id);
+        let to_init_nullifier = Nullifier::for_account_initialization(&to_account_id);
        let mut state = V03State::new_with_genesis_accounts(
            &[],
            vec![
@ -2921,21 +2956,21 @@ pub mod tests {
            nonce: from_new_nonce,
            ..from_account.account.clone()
        };
-        let from_expected_commitment = Commitment::new(&from_keys.npk(), &from_expected_post);
+        let from_expected_commitment = Commitment::new(&from_account_id, &from_expected_post);

        let to_expected_post = Account {
            balance: u128::from(number_of_calls) * amount,
            nonce: to_new_nonce,
            ..to_account.account.clone()
        };
-        let to_expected_commitment = Commitment::new(&to_keys.npk(), &to_expected_post);
+        let to_expected_commitment = Commitment::new(&to_account_id, &to_expected_post);

        // Act
        let (output, proof) = execute_and_prove(
            vec![to_account, from_account],
            Program::serialize_instruction(instruction).unwrap(),
            vec![1, 1],
-            vec![(from_keys.npk(), to_ss), (to_keys.npk(), from_ss)],
+            vec![(from_keys.npk(), 0, to_ss), (to_keys.npk(), 0, from_ss)],
            vec![from_keys.nsk, to_keys.nsk],
            vec![
                state.get_proof_for_commitment(&from_commitment),
@ -3183,7 +3218,7 @@ pub mod tests {
            vec![authorized_account],
            Program::serialize_instruction(balance).unwrap(),
            vec![1],
-            vec![(private_keys.npk(), shared_secret)],
+            vec![(private_keys.npk(), 0, shared_secret)],
            vec![private_keys.nsk],
            vec![None],
            &program.into(),
@ -3205,7 +3240,8 @@ pub mod tests {
        let result = state.transition_from_privacy_preserving_transaction(&tx, 1, 0);
        assert!(result.is_ok());

-        let nullifier = Nullifier::for_account_initialization(&private_keys.npk());
+        let account_id = AccountId::from((&private_keys.npk(), 0));
+        let nullifier = Nullifier::for_account_initialization(&account_id);
        assert!(state.private_state.1.contains(&nullifier));
    }

@ -3230,7 +3266,7 @@ pub mod tests {
            vec![unauthorized_account],
            Program::serialize_instruction(0_u128).unwrap(),
            vec![2],
-            vec![(private_keys.npk(), shared_secret)],
+            vec![(private_keys.npk(), 0, shared_secret)],
            vec![],
            vec![None],
            &program.into(),
@ -3252,7 +3288,8 @@ pub mod tests {
            .transition_from_privacy_preserving_transaction(&tx, 1, 0)
            .unwrap();

-        let nullifier = Nullifier::for_account_initialization(&private_keys.npk());
+        let account_id = AccountId::from((&private_keys.npk(), 0));
+        let nullifier = Nullifier::for_account_initialization(&account_id);
        assert!(state.private_state.1.contains(&nullifier));
    }

@ -3281,7 +3318,7 @@ pub mod tests {
            vec![authorized_account.clone()],
            Program::serialize_instruction(balance).unwrap(),
            vec![1],
-            vec![(private_keys.npk(), shared_secret)],
+            vec![(private_keys.npk(), 0, shared_secret)],
            vec![private_keys.nsk],
            vec![None],
            &claimer_program.into(),
@ -3307,7 +3344,8 @@ pub mod tests {
        );

        // Verify the account is now initialized (nullifier exists)
-        let nullifier = Nullifier::for_account_initialization(&private_keys.npk());
+        let account_id = AccountId::from((&private_keys.npk(), 0));
+        let nullifier = Nullifier::for_account_initialization(&account_id);
        assert!(state.private_state.1.contains(&nullifier));

        // Prepare new state of account
@ -3326,7 +3364,7 @@ pub mod tests {
            vec![account_metadata],
            Program::serialize_instruction(()).unwrap(),
            vec![1],
-            vec![(private_keys.npk(), shared_secret2)],
+            vec![(private_keys.npk(), 0, shared_secret2)],
            vec![private_keys.nsk],
            vec![None],
            &noop_program.into(),
@ -3397,6 +3435,7 @@ pub mod tests {
            vec![1],
            vec![(
                sender_keys.npk(),
+                0,
                SharedSecretKey::new(&[3; 32], &sender_keys.vpk()),
            )],
            vec![sender_keys.nsk],
@ -3424,6 +3463,7 @@ pub mod tests {
            vec![1],
            vec![(
                sender_keys.npk(),
+                0,
                SharedSecretKey::new(&[3; 32], &sender_keys.vpk()),
            )],
            vec![sender_keys.nsk],
@ -3455,9 +3495,10 @@ pub mod tests {
        let recipient_account =
            AccountWithMetadata::new(Account::default(), true, (&recipient_keys.npk(), 0));

+        let recipient_account_id = AccountId::from((&recipient_keys.npk(), 0));
        let recipient_commitment =
-            Commitment::new(&recipient_keys.npk(), &recipient_account.account);
-        let recipient_init_nullifier = Nullifier::for_account_initialization(&recipient_keys.npk());
+            Commitment::new(&recipient_account_id, &recipient_account.account);
+        let recipient_init_nullifier = Nullifier::for_account_initialization(&recipient_account_id);
        let state = V03State::new_with_genesis_accounts(
            &[(sender_account.account_id, sender_account.account.balance)],
            vec![(recipient_commitment.clone(), recipient_init_nullifier)],
@ -3480,7 +3521,7 @@ pub mod tests {
            vec![sender_account, recipient_account],
            Program::serialize_instruction(instruction).unwrap(),
            vec![0, 1],
-            vec![(recipient_keys.npk(), recipient)],
+            vec![(recipient_keys.npk(), 0, recipient)],
            vec![recipient_keys.nsk],
            vec![state.get_proof_for_commitment(&recipient_commitment)],
            &program_with_deps,
@ -3630,7 +3671,7 @@ pub mod tests {
                vec![pre],
                Program::serialize_instruction(instruction).unwrap(),
                vec![2],
-                vec![(account_keys.npk(), shared_secret)],
+                vec![(account_keys.npk(), 0, shared_secret)],
                vec![],
                vec![None],
                &validity_window_program.into(),
@ -3699,7 +3740,7 @@ pub mod tests {
                vec![pre],
                Program::serialize_instruction(instruction).unwrap(),
                vec![2],
-                vec![(account_keys.npk(), shared_secret)],
+                vec![(account_keys.npk(), 0, shared_secret)],
                vec![],
                vec![None],
                &validity_window_program.into(),
--- a/program_methods/guest/src/bin/privacy_preserving_circuit.rs
+++ b/program_methods/guest/src/bin/privacy_preserving_circuit.rs
@ -4,9 +4,9 @@ use std::{
 };

 use nssa_core::{
-    Commitment, CommitmentSetDigest, DUMMY_COMMITMENT_HASH, EncryptionScheme, MembershipProof,
-    Nullifier, NullifierPublicKey, NullifierSecretKey, PrivacyPreservingCircuitInput,
-    PrivacyPreservingCircuitOutput, SharedSecretKey,
+    Commitment, CommitmentSetDigest, DUMMY_COMMITMENT_HASH, EncryptionScheme, Identifier,
+    MembershipProof, Nullifier, NullifierPublicKey, NullifierSecretKey,
+    PrivacyPreservingCircuitInput, PrivacyPreservingCircuitOutput, SharedSecretKey,
    account::{Account, AccountId, AccountWithMetadata, Nonce},
    compute_digest_for_path,
    program::{
@ -302,7 +302,7 @@ impl ExecutionState {
 fn compute_circuit_output(
    execution_state: ExecutionState,
    visibility_mask: &[u8],
-    private_account_keys: &[(NullifierPublicKey, SharedSecretKey)],
+    private_account_keys: &[(NullifierPublicKey, Identifier, SharedSecretKey)],
    private_account_nsks: &[NullifierSecretKey],
    private_account_membership_proofs: &[Option<MembershipProof>],
 ) -> PrivacyPreservingCircuitOutput {
@ -338,12 +338,14 @@ fn compute_circuit_output(
                output.public_post_states.push(post_state);
            }
            1 | 2 => {
-                let Some((npk, shared_secret)) = private_keys_iter.next() else {
+                let Some((npk, identifier, shared_secret)) = private_keys_iter.next() else {
                    panic!("Missing private account key");
                };

+                let account_id = AccountId::from((npk, *identifier));
+
                assert_eq!(
-                    AccountId::from((npk, 0)),
+                    account_id,
                    pre_state.account_id,
                    "AccountId mismatch"
                );
@ -375,7 +377,7 @@ fn compute_circuit_output(
                    let new_nullifier = compute_nullifier_and_set_digest(
                        membership_proof_opt.as_ref(),
                        &pre_state.account,
-                        npk,
+                        &account_id,
                        nsk,
                    );

@ -405,7 +407,7 @@ fn compute_circuit_output(
                        "Membership proof must be None for unauthorized accounts"
                    );

-                    let nullifier = Nullifier::for_account_initialization(npk);
+                    let nullifier = Nullifier::for_account_initialization(&account_id);

                    let new_nonce = Nonce::private_account_nonce_init(npk);

@ -418,7 +420,7 @@ fn compute_circuit_output(
                post_with_updated_nonce.nonce = new_nonce;

                // Compute commitment
-                let commitment_post = Commitment::new(npk, &post_with_updated_nonce);
+                let commitment_post = Commitment::new(&account_id, &post_with_updated_nonce);

                // Encrypt and push post state
                let encrypted_account = EncryptionScheme::encrypt(
@ -459,7 +461,7 @@ fn compute_circuit_output(
 fn compute_nullifier_and_set_digest(
    membership_proof_opt: Option<&MembershipProof>,
    pre_account: &Account,
-    npk: &NullifierPublicKey,
+    account_id: &AccountId,
    nsk: &NullifierSecretKey,
 ) -> (Nullifier, CommitmentSetDigest) {
    membership_proof_opt.as_ref().map_or_else(
@ -471,12 +473,12 @@ fn compute_nullifier_and_set_digest(
            );

            // Compute initialization nullifier
-            let nullifier = Nullifier::for_account_initialization(npk);
+            let nullifier = Nullifier::for_account_initialization(account_id);
            (nullifier, DUMMY_COMMITMENT_HASH)
        },
        |membership_proof| {
            // Compute commitment set digest associated with provided auth path
-            let commitment_pre = Commitment::new(npk, pre_account);
+            let commitment_pre = Commitment::new(account_id, pre_account);
            let set_digest = compute_digest_for_path(&commitment_pre, membership_proof);

            // Compute update nullifier
--- a/sequencer/core/src/lib.rs
+++ b/sequencer/core/src/lib.rs
@ -110,6 +110,7 @@ impl<BC: BlockSettlementClientTrait, IC: IndexerClientTrait> SequencerCore<BC, I
                    .iter()
                    .map(|init_comm_data| {
                        let npk = &init_comm_data.npk;
+                        let account_id = nssa::AccountId::from((npk, 0));

                        let mut acc = init_comm_data.account.clone();

@ -117,8 +118,8 @@ impl<BC: BlockSettlementClientTrait, IC: IndexerClientTrait> SequencerCore<BC, I
                            nssa::program::Program::authenticated_transfer_program().id();

                        (
-                            nssa_core::Commitment::new(npk, &acc),
-                            nssa_core::Nullifier::for_account_initialization(npk),
+                            nssa_core::Commitment::new(&account_id, &acc),
+                            nssa_core::Nullifier::for_account_initialization(&account_id),
                        )
                    })
                    .collect()
@ -1110,7 +1111,7 @@ mod tests {
            vec![AccountWithMetadata::new(Account::default(), true, (&npk, 0))],
            Program::serialize_instruction(0_u128).unwrap(),
            vec![1],
-            vec![(npk.clone(), shared_secret)],
+            vec![(npk.clone(), 0, shared_secret)],
            vec![nsk],
            vec![None],
            &Program::authenticated_transfer_program().into(),
--- a/testnet_initial_state/src/lib.rs
+++ b/testnet_initial_state/src/lib.rs
@ -201,14 +201,15 @@ pub fn initial_state() -> V03State {
            .iter()
            .map(|init_comm_data| {
                let npk = &init_comm_data.npk;
+                let account_id = nssa::AccountId::from((npk, 0));

                let mut acc = init_comm_data.account.clone();

                acc.program_owner = nssa::program::Program::authenticated_transfer_program().id();

                (
-                    nssa_core::Commitment::new(npk, &acc),
-                    nssa_core::Nullifier::for_account_initialization(npk),
+                    nssa_core::Commitment::new(&account_id, &acc),
+                    nssa_core::Nullifier::for_account_initialization(&account_id),
                )
            })
            .collect();
--- a/wallet/src/lib.rs
+++ b/wallet/src/lib.rs
@ -300,8 +300,8 @@ impl WalletCore {

    #[must_use]
    pub fn get_private_account_commitment(&self, account_id: AccountId) -> Option<Commitment> {
-        let (keys, account) = self.storage.user_data.get_private_account(account_id)?;
-        Some(Commitment::new(&keys.nullifier_public_key, account))
+        let (_keys, account) = self.storage.user_data.get_private_account(account_id)?;
+        Some(Commitment::new(&account_id, account))
    }

    /// Poll transactions.
@ -393,7 +393,7 @@ impl WalletCore {
            acc_manager.visibility_mask().to_vec(),
            private_account_keys
                .iter()
-                .map(|keys| (keys.npk.clone(), keys.ssk))
+                .map(|keys| (keys.npk.clone(), 0, keys.ssk))
                .collect::<Vec<_>>(),
            acc_manager.private_account_auth(),
            acc_manager.private_account_membership_proofs(),