Merge branch 'main' into Pravdyvy/various-updates

ci_scripts/test-ubuntu.sh

@@ -4,7 +4,7 @@ curl -L https://risczero.com/install | bash
 /home/runner/.risc0/bin/rzup install 
 source env.sh
 
-RISC0_DEV_MODE=1 cargo test --release
+RISC0_DEV_MODE=1 cargo test --release --features no_docker
 
 cd integration_tests
 export NSSA_WALLET_HOME_DIR=$(pwd)/configs/debug/wallet/

common/src/rpc_primitives/requests.rs

@@ -1,8 +1,11 @@
+use std::collections::HashMap;
+
 use crate::parse_request;
 
 use super::errors::RpcParseError;
 use super::parser::RpcRequest;
 use super::parser::parse_params;
+use nssa_core::program::ProgramId;
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 
@@ -58,6 +61,9 @@ pub struct GetProofForCommitmentRequest {
     pub commitment: nssa_core::Commitment,
 }
 
+#[derive(Serialize, Deserialize, Debug)]
+pub struct GetProgramIdsRequest {}
+
 parse_request!(HelloRequest);
 parse_request!(RegisterAccountRequest);
 parse_request!(SendTxRequest);
@@ -70,6 +76,7 @@ parse_request!(GetTransactionByHashRequest);
 parse_request!(GetAccountsNoncesRequest);
 parse_request!(GetProofForCommitmentRequest);
 parse_request!(GetAccountRequest);
+parse_request!(GetProgramIdsRequest);
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct HelloResponse {
@@ -126,3 +133,8 @@ pub struct GetAccountResponse {
 pub struct GetProofForCommitmentResponse {
     pub membership_proof: Option<nssa_core::MembershipProof>,
 }
+
+#[derive(Serialize, Deserialize, Debug)]
+pub struct GetProgramIdsResponse {
+    pub program_ids: HashMap<String, ProgramId>,
+}

common/src/sequencer_client/mod.rs

@@ -1,16 +1,20 @@
+use std::collections::HashMap;
+
 use super::rpc_primitives::requests::{
     GetAccountBalanceRequest, GetAccountBalanceResponse, GetBlockDataRequest, GetBlockDataResponse,
     GetGenesisIdRequest, GetGenesisIdResponse, GetInitialTestnetAccountsRequest,
 };
 use anyhow::Result;
 use json::{SendTxRequest, SendTxResponse, SequencerRpcRequest, SequencerRpcResponse};
+use nssa_core::program::ProgramId;
 use reqwest::Client;
 use serde_json::Value;
 
 use crate::rpc_primitives::requests::{
     GetAccountRequest, GetAccountResponse, GetAccountsNoncesRequest, GetAccountsNoncesResponse,
-    GetLastBlockRequest, GetLastBlockResponse, GetProofForCommitmentRequest,
-    GetProofForCommitmentResponse, GetTransactionByHashRequest, GetTransactionByHashResponse,
+    GetLastBlockRequest, GetLastBlockResponse, GetProgramIdsRequest, GetProgramIdsResponse,
+    GetProofForCommitmentRequest, GetProofForCommitmentResponse, GetTransactionByHashRequest,
+    GetTransactionByHashResponse,
 };
 use crate::sequencer_client::json::AccountInitialData;
 use crate::transaction::{EncodedTransaction, NSSATransaction};
@@ -250,4 +254,24 @@ impl SequencerClient {
 
         Ok(resp_deser)
     }
+
+    // Get Ids of the programs used by the node
+    pub async fn get_program_ids(
+        &self,
+    ) -> Result<HashMap<String, ProgramId>, SequencerClientError> {
+        let acc_req = GetProgramIdsRequest {};
+
+        let req = serde_json::to_value(acc_req).unwrap();
+
+        let resp = self
+            .call_method_with_payload("get_program_ids", req)
+            .await
+            .unwrap();
+
+        let resp_deser = serde_json::from_value::<GetProgramIdsResponse>(resp)
+            .unwrap()
+            .program_ids;
+
+        Ok(resp_deser)
+    }
 }

common/src/transaction.rs

@@ -1,11 +1,8 @@
 use borsh::{BorshDeserialize, BorshSerialize};
-use generic_array::GenericArray;
 use k256::ecdsa::{Signature, SigningKey, VerifyingKey};
 use log::info;
 use serde::{Deserialize, Serialize};
 
-use sha2::digest::typenum::{B0, B1};
-use sha2::digest::typenum::{UInt, UTerm};
 use sha2::{Digest, digest::FixedOutput};
 
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -29,7 +26,6 @@ impl From<nssa::PrivacyPreservingTransaction> for NSSATransaction {
 use crate::TreeHashType;
 
 pub type CipherText = Vec<u8>;
-pub type Nonce = GenericArray<u8, UInt<UInt<UInt<UInt<UTerm, B1>, B1>, B0>, B0>>;
 pub type Tag = u8;
 
 #[derive(

integration_tests/Cargo.toml

@@ -36,3 +36,4 @@ path = "../common"
 
 [dependencies.nssa]
 path = "../nssa"
+features = ["no_docker"]

integration_tests/src/lib.rs

@@ -1402,6 +1402,36 @@ pub async fn test_pinata() {
     info!("Success!");
 }
 
+pub async fn test_authenticated_transfer_initialize_function() {
+    info!("test initialize account for authenticated transfer");
+    let command = Command::AuthenticatedTransferInitializePublicAccount {};
+
+    let SubcommandReturnValue::RegisterAccount { addr } =
+        wallet::execute_subcommand(command).await.unwrap()
+    else {
+        panic!("Error creating account");
+    };
+
+    info!("Checking correct execution");
+    let wallet_config = fetch_config().await.unwrap();
+    let seq_client = SequencerClient::new(wallet_config.sequencer_addr.clone()).unwrap();
+    let account = seq_client
+        .get_account(addr.to_string())
+        .await
+        .unwrap()
+        .account;
+
+    let expected_program_owner = Program::authenticated_transfer_program().id();
+    let expected_nonce = 1;
+    let expected_balance = 0;
+
+    assert_eq!(account.program_owner, expected_program_owner);
+    assert_eq!(account.balance, expected_balance);
+    assert_eq!(account.nonce, expected_nonce);
+    assert!(account.data.is_empty());
+    info!("Success!");
+}
+
 pub async fn test_pinata_private_receiver() {
     info!("test_pinata_private_receiver");
     let pinata_addr = "cafe".repeat(16);
@@ -1606,6 +1636,9 @@ pub async fn main_tests_runner() -> Result<()> {
         "test_pinata" => {
             test_cleanup_wrap!(home_dir, test_pinata);
         }
+        "test_authenticated_transfer_initialize_function" => {
+            test_cleanup_wrap!(home_dir, test_authenticated_transfer_initialize_function);
+        }
         "test_pinata_private_receiver" => {
             test_cleanup_wrap!(home_dir, test_pinata_private_receiver);
         }
@@ -1634,6 +1667,7 @@ pub async fn main_tests_runner() -> Result<()> {
             test_cleanup_wrap!(home_dir, test_success_move_to_another_account);
             test_cleanup_wrap!(home_dir, test_success);
             test_cleanup_wrap!(home_dir, test_failure);
+            test_cleanup_wrap!(home_dir, test_get_account);
             test_cleanup_wrap!(home_dir, test_success_two_transactions);
             test_cleanup_wrap!(home_dir, test_success_token_program);
             test_cleanup_wrap!(
@@ -1660,9 +1694,12 @@ pub async fn main_tests_runner() -> Result<()> {
                 home_dir,
                 test_success_private_transfer_to_another_owned_account_claiming_path
             );
+            test_cleanup_wrap!(home_dir, test_success_token_program_shielded_owned);
             test_cleanup_wrap!(home_dir, test_pinata);
+            test_cleanup_wrap!(home_dir, test_authenticated_transfer_initialize_function);
             test_cleanup_wrap!(home_dir, test_pinata_private_receiver);
             test_cleanup_wrap!(home_dir, test_success_token_program_private_owned);
+            test_cleanup_wrap!(home_dir, test_success_token_program_deshielded_owned);
             test_cleanup_wrap!(home_dir, test_success_token_program_private_claiming_path);
             test_cleanup_wrap!(home_dir, test_pinata_private_receiver_new_account);
             test_cleanup_wrap!(

nssa/Cargo.toml

@@ -7,7 +7,7 @@ edition = "2024"
 thiserror = "2.0.12"
 risc0-zkvm = { version = "3.0.3", features = ['std'] }
 nssa-core = { path = "core", features = ["host"] }
-program-methods = { path = "program_methods" }
+program-methods = { path = "program_methods", optional = true }
 serde = "1.0.219"
 sha2 = "0.10.9"
 secp256k1 = "0.31.1"
@@ -15,9 +15,14 @@ rand = "0.8"
 borsh = "1.5.7"
 hex = "0.4.3"
 
+[build-dependencies]
+risc0-build = "3.0.3"
+risc0-binfmt = "3.0.2"
+
 [dev-dependencies]
 test-program-methods = { path = "test_program_methods" }
 hex-literal = "1.0.0"
 
 [features]
 default = []
+no_docker = ["program-methods"]

nssa/build.rs

@@ -0,0 +1,63 @@
+fn main() {
+    if cfg!(feature = "no_docker") {
+        println!("cargo:warning=NO_DOCKER feature enabled – deterministic build skipped");
+        return;
+    }
+
+    build_deterministic().expect("Deterministic build failed");
+}
+
+fn build_deterministic() -> Result<(), Box<dyn std::error::Error>> {
+    use std::{env, fs, path::PathBuf, process::Command};
+
+    let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR")?);
+    let out_dir = PathBuf::from(env::var("OUT_DIR")?);
+    let mod_dir = out_dir.join("program_methods");
+    let mod_file = mod_dir.join("mod.rs");
+
+    println!("cargo:rerun-if-changed=program_methods/guest/src");
+    println!("cargo:rerun-if-changed=program_methods/guest/Cargo.toml");
+
+    let guest_manifest = manifest_dir.join("program_methods/guest/Cargo.toml");
+
+    let status = Command::new("cargo")
+        .args(["risczero", "build", "--manifest-path"])
+        .arg(&guest_manifest)
+        .status()?;
+    if !status.success() {
+        return Err("Risc0 deterministic build failed".into());
+    }
+
+    let target_dir =
+        manifest_dir.join("program_methods/guest/target/riscv32im-risc0-zkvm-elf/docker/");
+
+    let bins = fs::read_dir(&target_dir)?
+        .filter_map(Result::ok)
+        .filter(|e| e.path().extension().is_some_and(|ext| ext == "bin"))
+        .collect::<Vec<_>>();
+
+    if bins.is_empty() {
+        return Err(format!("No .bin files found in {:?}", target_dir).into());
+    }
+
+    fs::create_dir_all(&mod_dir)?;
+    let mut src = String::new();
+    for entry in bins {
+        let path = entry.path();
+        let name = path.file_stem().unwrap().to_string_lossy();
+        let bytecode = fs::read(&path)?;
+        let image_id: [u32; 8] = risc0_binfmt::compute_image_id(&bytecode)?.into();
+        src.push_str(&format!(
+            "pub const {}_ELF: &[u8] = include_bytes!(r#\"{}\"#);\n\
+             pub const {}_ID: [u32; 8] = {:?};\n",
+            name.to_uppercase(),
+            path.display(),
+            name.to_uppercase(),
+            image_id
+        ));
+    }
+    fs::write(&mod_file, src)?;
+    println!("cargo:warning=Generated module at {}", mod_file.display());
+
+    Ok(())
+}

nssa/program_methods/guest/src/bin/authenticated_transfer.rs

@@ -1,21 +1,30 @@
-use nssa_core::program::{ProgramInput, read_nssa_inputs, write_nssa_outputs};
+use nssa_core::{
+    account::{Account, AccountWithMetadata},
+    program::{ProgramInput, read_nssa_inputs, write_nssa_outputs},
+};
 
-/// A transfer of balance program.
-/// To be used both in public and private contexts.
-fn main() {
-    // Read input accounts.
-    // It is expected to receive only two accounts: [sender_account, receiver_account]
-    let ProgramInput {
-        pre_states,
-        instruction: balance_to_move,
-    } = read_nssa_inputs();
+/// Initializes a default account under the ownership of this program.
+/// This is achieved by a noop.
+fn initialize_account(pre_state: AccountWithMetadata) {
+    let account_to_claim = pre_state.account.clone();
+    let is_authorized = pre_state.is_authorized;
 
-    // Continue only if input_accounts is an array of two elements
-    let [sender, receiver] = match pre_states.try_into() {
-        Ok(array) => array,
-        Err(_) => return,
-    };
+    // Continue only if the account to claim has default values
+    if account_to_claim != Account::default() {
+        return;
+    }
 
+    // Continue only if the owner authorized this operation
+    if !is_authorized {
+        return;
+    }
+
+    // Noop will result in account being claimed for this program
+    write_nssa_outputs(vec![pre_state], vec![account_to_claim]);
+}
+
+/// Transfers `balance_to_move` native balance from `sender` to `recipient`.
+fn transfer(sender: AccountWithMetadata, recipient: AccountWithMetadata, balance_to_move: u128) {
     // Continue only if the sender has authorized this operation
     if !sender.is_authorized {
         return;
@@ -28,10 +37,27 @@ fn main() {
 
     // Create accounts post states, with updated balances
     let mut sender_post = sender.account.clone();
-    let mut receiver_post = receiver.account.clone();
+    let mut recipient_post = recipient.account.clone();
     sender_post.balance -= balance_to_move;
-    receiver_post.balance += balance_to_move;
+    recipient_post.balance += balance_to_move;
 
-    write_nssa_outputs(vec![sender, receiver], vec![sender_post, receiver_post]);
+    write_nssa_outputs(vec![sender, recipient], vec![sender_post, recipient_post]);
 }
 
+/// A transfer of balance program.
+/// To be used both in public and private contexts.
+fn main() {
+    // Read input accounts.
+    let ProgramInput {
+        pre_states,
+        instruction: balance_to_move,
+    } = read_nssa_inputs();
+
+    match (pre_states.as_slice(), balance_to_move) {
+        ([account_to_claim], 0) => initialize_account(account_to_claim.clone()),
+        ([sender, recipient], balance_to_move) => {
+            transfer(sender.clone(), recipient.clone(), balance_to_move)
+        }
+        _ => panic!("invalid params"),
+    }
+}

nssa/src/lib.rs

@@ -1,3 +1,12 @@
+#[cfg(not(feature = "no_docker"))]
+pub mod program_methods {
+    include!(concat!(env!("OUT_DIR"), "/program_methods/mod.rs"));
+}
+
+#[cfg(feature = "no_docker")]
+#[allow(clippy::single_component_path_imports)]
+use program_methods;
+
 pub mod encoding;
 pub mod error;
 mod merkle_tree;
@@ -12,6 +21,7 @@ pub use nssa_core::address::Address;
 pub use privacy_preserving_transaction::{
     PrivacyPreservingTransaction, circuit::execute_and_prove,
 };
+pub use program_methods::PRIVACY_PRESERVING_CIRCUIT_ID;
 pub use public_transaction::PublicTransaction;
 pub use signature::PrivateKey;
 pub use signature::PublicKey;

nssa/src/privacy_preserving_transaction/circuit.rs

@@ -8,7 +8,7 @@ use risc0_zkvm::{ExecutorEnv, InnerReceipt, Receipt, default_prover};
 
 use crate::{error::NssaError, program::Program};
 
-use program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID};
+use crate::program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID};
 
 /// Proof of the privacy preserving execution circuit
 #[derive(Debug, Clone, PartialEq, Eq)]

nssa/src/program.rs

@@ -1,11 +1,11 @@
+use crate::program_methods::{
+    AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID, PINATA_ELF, PINATA_ID, TOKEN_ELF,
+    TOKEN_ID,
+};
 use nssa_core::{
     account::{Account, AccountWithMetadata},
     program::{InstructionData, ProgramId, ProgramOutput},
 };
-use program_methods::{
-    AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID, PINATA_ELF, PINATA_ID, TOKEN_ELF,
-    TOKEN_ID,
-};
 use risc0_zkvm::{ExecutorEnv, ExecutorEnvBuilder, default_executor, serde::to_vec};
 use serde::Serialize;
 

sequencer_rpc/src/process.rs

@@ -1,6 +1,8 @@
+use std::collections::HashMap;
+
 use actix_web::Error as HttpError;
 use base64::{Engine, engine::general_purpose};
-use nssa;
+use nssa::{self, program::Program};
 use sequencer_core::config::AccountInitialData;
 use serde_json::Value;
 
@@ -14,9 +16,9 @@ use common::{
         requests::{
             GetAccountBalanceRequest, GetAccountBalanceResponse, GetAccountRequest,
             GetAccountResponse, GetAccountsNoncesRequest, GetAccountsNoncesResponse,
-            GetInitialTestnetAccountsRequest, GetProofForCommitmentRequest,
-            GetProofForCommitmentResponse, GetTransactionByHashRequest,
-            GetTransactionByHashResponse,
+            GetInitialTestnetAccountsRequest, GetProgramIdsRequest, GetProgramIdsResponse,
+            GetProofForCommitmentRequest, GetProofForCommitmentResponse,
+            GetTransactionByHashRequest, GetTransactionByHashResponse,
         },
     },
     transaction::EncodedTransaction,
@@ -40,6 +42,7 @@ pub const GET_TRANSACTION_BY_HASH: &str = "get_transaction_by_hash";
 pub const GET_ACCOUNTS_NONCES: &str = "get_accounts_nonces";
 pub const GET_ACCOUNT: &str = "get_account";
 pub const GET_PROOF_FOR_COMMITMENT: &str = "get_proof_for_commitment";
+pub const GET_PROGRAM_IDS: &str = "get_program_ids";
 
 pub const HELLO_FROM_SEQUENCER: &str = "HELLO_FROM_SEQUENCER";
 
@@ -267,6 +270,24 @@ impl JsonHandler {
         respond(helperstruct)
     }
 
+    async fn process_get_program_ids(&self, request: Request) -> Result<Value, RpcErr> {
+        let _get_proof_req = GetProgramIdsRequest::parse(Some(request.params))?;
+
+        let mut program_ids = HashMap::new();
+        program_ids.insert(
+            "authenticated_transfer".to_string(),
+            Program::authenticated_transfer_program().id(),
+        );
+        program_ids.insert("token".to_string(), Program::token().id());
+        program_ids.insert("pinata".to_string(), Program::pinata().id());
+        program_ids.insert(
+            "privacy_preserving_circuit".to_string(),
+            nssa::PRIVACY_PRESERVING_CIRCUIT_ID,
+        );
+        let helperstruct = GetProgramIdsResponse { program_ids };
+        respond(helperstruct)
+    }
+
     pub async fn process_request_internal(&self, request: Request) -> Result<Value, RpcErr> {
         match request.method.as_ref() {
             HELLO => self.process_temp_hello(request).await,
@@ -280,6 +301,7 @@ impl JsonHandler {
             GET_ACCOUNT => self.process_get_account(request).await,
             GET_TRANSACTION_BY_HASH => self.process_get_transaction_by_hash(request).await,
             GET_PROOF_FOR_COMMITMENT => self.process_get_proof_by_commitment(request).await,
+            GET_PROGRAM_IDS => self.process_get_program_ids(request).await,
             _ => Err(RpcErr(RpcError::method_not_found(request.method))),
         }
     }

wallet/src/lib.rs

@@ -11,7 +11,10 @@ use anyhow::Result;
 use chain_storage::WalletChainStore;
 use config::WalletConfig;
 use log::info;
-use nssa::{Account, Address, privacy_preserving_transaction::message::EncryptedAccountData};
+use nssa::{
+    Account, Address, privacy_preserving_transaction::message::EncryptedAccountData,
+    program::Program,
+};
 
 use clap::{Parser, Subcommand};
 use nssa_core::{Commitment, MembershipProof};
@@ -202,6 +205,10 @@ pub enum Command {
     ///Token command
     #[command(subcommand)]
     TokenProgram(TokenProgramSubcommand),
+    AuthenticatedTransferInitializePublicAccount {},
+    // Check the wallet can connect to the node and builtin local programs
+    // match the remote versions
+    CheckHealth {},
 }
 
 ///To execute commands, env var NSSA_WALLET_HOME_DIR must be set into directory with config
@@ -247,6 +254,55 @@ pub async fn execute_subcommand(command: Command) -> Result<SubcommandReturnValu
                 .handle_subcommand(&mut wallet_core)
                 .await?
         }
+        Command::CheckHealth {} => {
+            let remote_program_ids = wallet_core
+                .sequencer_client
+                .get_program_ids()
+                .await
+                .expect("Error fetching program ids");
+            let Some(authenticated_transfer_id) = remote_program_ids.get("authenticated_transfer")
+            else {
+                panic!("Missing authenticated transfer ID from remote");
+            };
+            if authenticated_transfer_id != &Program::authenticated_transfer_program().id() {
+                panic!("Local ID for authenticated transfer program is different from remote");
+            }
+            let Some(token_id) = remote_program_ids.get("token") else {
+                panic!("Missing token program ID from remote");
+            };
+            if token_id != &Program::token().id() {
+                panic!("Local ID for token program is different from remote");
+            }
+            let Some(circuit_id) = remote_program_ids.get("privacy_preserving_circuit") else {
+                panic!("Missing privacy preserving circuit ID from remote");
+            };
+            if circuit_id != &nssa::PRIVACY_PRESERVING_CIRCUIT_ID {
+                panic!("Local ID for privacy preserving circuit is different from remote");
+            }
+
+            println!("✅All looks good!");
+
+            SubcommandReturnValue::Empty
+        }
+        Command::AuthenticatedTransferInitializePublicAccount {} => {
+            let addr = wallet_core.create_new_account_public();
+
+            println!("Generated new account with addr {addr}");
+
+            let path = wallet_core.store_persistent_accounts().await?;
+
+            println!("Stored persistent accounts at {path:#?}");
+
+            let res = wallet_core
+                .register_account_under_authenticated_transfers_programs(addr)
+                .await?;
+
+            println!("Results of tx send is {res:#?}");
+
+            let _transfer_tx = wallet_core.poll_native_token_transfer(res.tx_hash).await?;
+
+            SubcommandReturnValue::RegisterAccount { addr }
+        }
         Command::TokenProgram(token_subcommand) => {
             token_subcommand.handle_subcommand(&mut wallet_core).await?
         }

wallet/src/token_transfers/public.rs

@@ -42,4 +42,30 @@ impl WalletCore {
             Err(ExecutionFailureKind::InsufficientFundsError)
         }
     }
+
+    pub async fn register_account_under_authenticated_transfers_programs(
+        &self,
+        from: Address,
+    ) -> Result<SendTxResponse, ExecutionFailureKind> {
+        let Ok(nonces) = self.get_accounts_nonces(vec![from]).await else {
+            return Err(ExecutionFailureKind::SequencerError);
+        };
+
+        let instruction: u128 = 0;
+        let addresses = vec![from];
+        let program_id = Program::authenticated_transfer_program().id();
+        let message = Message::try_new(program_id, addresses, nonces, instruction).unwrap();
+
+        let signing_key = self.storage.user_data.get_pub_account_signing_key(&from);
+
+        let Some(signing_key) = signing_key else {
+            return Err(ExecutionFailureKind::KeyNotFoundError);
+        };
+
+        let witness_set = WitnessSet::for_message(&message, &[signing_key]);
+
+        let tx = PublicTransaction::new(message, witness_set);
+
+        Ok(self.sequencer_client.send_tx_public(tx).await?)
+    }
 }