diff --git a/nssa/core/src/account.rs b/nssa/core/src/account.rs index 688611e..1932de0 100644 --- a/nssa/core/src/account.rs +++ b/nssa/core/src/account.rs @@ -14,11 +14,13 @@ pub struct Account { pub nonce: Nonce, } +pub type FingerPrint = [u8; 32]; + #[derive(Serialize, Deserialize, Clone)] #[cfg_attr(any(feature = "host", test), derive(Debug, PartialEq, Eq))] pub struct AccountWithMetadata { pub account: Account, - pub is_authorized: bool, + pub fingerprint: FingerPrint, } #[cfg(test)] diff --git a/nssa/core/src/circuit_io.rs b/nssa/core/src/circuit_io.rs index e619b2d..da989f0 100644 --- a/nssa/core/src/circuit_io.rs +++ b/nssa/core/src/circuit_io.rs @@ -56,7 +56,7 @@ mod tests { data: b"test data".to_vec(), nonce: 18446744073709551614, }, - is_authorized: true, + fingerprint: [0; 32], }, AccountWithMetadata { account: Account { @@ -65,7 +65,7 @@ mod tests { data: b"test data".to_vec(), nonce: 9999999999999999999999, }, - is_authorized: false, + fingerprint: [1; 32], }, ], public_post_states: vec![Account { diff --git a/nssa/core/src/program.rs b/nssa/core/src/program.rs index d284bbc..aa2684e 100644 --- a/nssa/core/src/program.rs +++ b/nssa/core/src/program.rs @@ -1,4 +1,4 @@ -use crate::account::{Account, AccountWithMetadata}; +use crate::account::{Account, AccountWithMetadata, FingerPrint}; use risc0_zkvm::serde::Deserializer; use risc0_zkvm::{DeserializeOwned, guest::env}; use serde::{Deserialize, Serialize}; @@ -21,8 +21,9 @@ pub struct ProgramOutput { pub fn read_nssa_inputs() -> ProgramInput { let pre_states: Vec = env::read(); - let words: InstructionData = env::read(); - let instruction = T::deserialize(&mut Deserializer::new(words.as_ref())).unwrap(); + let instruction_words: InstructionData = env::read(); + let authorized_fingerprints: Vec = env::read(); + let instruction = T::deserialize(&mut Deserializer::new(instruction_words.as_ref())).unwrap(); ProgramInput { pre_states, instruction, diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index ed32f98..e681c78 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -1,7 +1,7 @@ use nssa_core::{ MembershipProof, NullifierPublicKey, NullifierSecretKey, PrivacyPreservingCircuitInput, PrivacyPreservingCircuitOutput, SharedSecretKey, - account::AccountWithMetadata, + account::{AccountWithMetadata, FingerPrint}, program::{InstructionData, ProgramOutput}, }; use risc0_zkvm::{ExecutorEnv, InnerReceipt, Receipt, default_prover}; @@ -72,10 +72,16 @@ fn execute_and_prove_program( program: &Program, pre_states: &[AccountWithMetadata], instruction_data: &InstructionData, + authorized_fingerprints: &[FingerPrint], ) -> Result { // Write inputs to the program let mut env_builder = ExecutorEnv::builder(); - Program::write_inputs(pre_states, instruction_data, &mut env_builder)?; + Program::write_inputs( + pre_states, + instruction_data, + authorized_fingerprints, + &mut env_builder, + )?; let env = env_builder.build().unwrap(); // Prove the program @@ -112,12 +118,12 @@ mod tests { balance: 100, ..Account::default() }, - is_authorized: true, + fingerprint: [0; 32], }; let recipient = AccountWithMetadata { account: Account::default(), - is_authorized: false, + fingerprint: [1; 32], }; let balance_to_move: u128 = 37; @@ -181,7 +187,7 @@ mod tests { nonce: 0xdeadbeef, ..Account::default() }, - is_authorized: true, + fingerprint: [0; 32], }; let sender_keys = test_private_account_keys_1(); let recipient_keys = test_private_account_keys_2(); @@ -189,7 +195,7 @@ mod tests { let recipient = AccountWithMetadata { account: Account::default(), - is_authorized: false, + fingerprint: [1; 32], }; let balance_to_move: u128 = 37; diff --git a/nssa/src/privacy_preserving_transaction/transaction.rs b/nssa/src/privacy_preserving_transaction/transaction.rs index 9aac54e..c782d01 100644 --- a/nssa/src/privacy_preserving_transaction/transaction.rs +++ b/nssa/src/privacy_preserving_transaction/transaction.rs @@ -92,7 +92,7 @@ impl PrivacyPreservingTransaction { .iter() .map(|address| AccountWithMetadata { account: state.get_account_by_address(address), - is_authorized: signer_addresses.contains(address), + fingerprint: *address.value(), }) .collect(); diff --git a/nssa/src/program.rs b/nssa/src/program.rs index 66358e9..a40fdf9 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -1,5 +1,5 @@ use nssa_core::{ - account::{Account, AccountWithMetadata}, + account::{Account, AccountWithMetadata, FingerPrint}, program::{InstructionData, ProgramId, ProgramOutput}, }; use program_methods::{AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID}; @@ -33,10 +33,11 @@ impl Program { &self, pre_states: &[AccountWithMetadata], instruction_data: &InstructionData, + authorized_fingerprints: &[FingerPrint] ) -> Result, NssaError> { // Write inputs to the program let mut env_builder = ExecutorEnv::builder(); - Self::write_inputs(pre_states, instruction_data, &mut env_builder)?; + Self::write_inputs(pre_states, instruction_data, authorized_fingerprints, &mut env_builder)?; let env = env_builder.build().unwrap(); // Execute the program (without proving) @@ -58,11 +59,13 @@ impl Program { pub(crate) fn write_inputs( pre_states: &[AccountWithMetadata], instruction_data: &[u32], + authorized_fingerprints: &[FingerPrint], env_builder: &mut ExecutorEnvBuilder, ) -> Result<(), NssaError> { let pre_states = pre_states.to_vec(); + let authorized_fingerprints = authorized_fingerprints.to_vec(); env_builder - .write(&(pre_states, instruction_data)) + .write(&(pre_states, instruction_data, authorized_fingerprints)) .map_err(|e| NssaError::ProgramWriteInputFailed(e.to_string()))?; Ok(()) } @@ -173,11 +176,11 @@ mod tests { balance: 77665544332211, ..Account::default() }, - is_authorized: false, + fingerprint: [0; 32] }; let recipient = AccountWithMetadata { account: Account::default(), - is_authorized: false, + fingerprint: [1; 32] }; let expected_sender_post = Account { @@ -189,7 +192,7 @@ mod tests { ..Account::default() }; let [sender_post, recipient_post] = program - .execute(&[sender, recipient], &instruction_data) + .execute(&[sender, recipient], &instruction_data, &[]) .unwrap() .try_into() .unwrap(); diff --git a/nssa/src/public_transaction/transaction.rs b/nssa/src/public_transaction/transaction.rs index 20b2729..bce7eaa 100644 --- a/nssa/src/public_transaction/transaction.rs +++ b/nssa/src/public_transaction/transaction.rs @@ -93,7 +93,7 @@ impl PublicTransaction { .iter() .map(|address| AccountWithMetadata { account: state.get_account_by_address(address), - is_authorized: signer_addresses.contains(address), + fingerprint: *address.value() }) .collect(); diff --git a/nssa/src/state.rs b/nssa/src/state.rs index f980370..5ed4252 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -778,14 +778,14 @@ pub mod tests { ) -> PrivacyPreservingTransaction { let sender = AccountWithMetadata { account: state.get_account_by_address(&sender_keys.address()), - is_authorized: true, + fingerprint: *sender_keys.address().value(), }; let sender_nonce = sender.account.nonce; let recipient = AccountWithMetadata { account: Account::default(), - is_authorized: false, + fingerprint: recipient_keys.npk().to_byte_array(), }; let esk = [3; 32]; @@ -827,11 +827,11 @@ pub mod tests { let sender_commitment = Commitment::new(&sender_keys.npk(), sender_private_account); let sender_pre = AccountWithMetadata { account: sender_private_account.clone(), - is_authorized: true, + fingerprint: sender_keys.npk().to_byte_array(), }; let recipient_pre = AccountWithMetadata { account: Account::default(), - is_authorized: false, + fingerprint: recipient_keys.npk().to_byte_array(), }; let esk_1 = [3; 32]; @@ -887,11 +887,11 @@ pub mod tests { let sender_commitment = Commitment::new(&sender_keys.npk(), sender_private_account); let sender_pre = AccountWithMetadata { account: sender_private_account.clone(), - is_authorized: true, + fingerprint: sender_keys.npk().to_byte_array(), }; let recipient_pre = AccountWithMetadata { account: state.get_account_by_address(recipient_address), - is_authorized: false, + fingerprint: *recipient_address.value(), }; let esk = [3; 32];