diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index c29c281..18064c6 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -10,10 +10,10 @@ TO COMPLETE TO COMPLETE -[ ] Change ... -[ ] Add ... -[ ] Fix ... -[ ] ... +- [ ] Change ... +- [ ] Add ... +- [ ] Fix ... +- [ ] ... ## ๐Ÿงช How to Test @@ -37,7 +37,7 @@ TO COMPLETE IF APPLICABLE *Mark only completed items. A complete PR should have all boxes ticked.* -[ ] Complete PR description -[ ] Implement the core functionality -[ ] Add/update tests -[ ] Add/update documentation and inline comments +- [ ] Complete PR description +- [ ] Implement the core functionality +- [ ] Add/update tests +- [ ] Add/update documentation and inline comments diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6ebfca7..f3644cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,6 +22,9 @@ jobs: steps: - uses: actions/checkout@v3 + - name: Install system dependencies + run: sudo apt-get update && sudo apt-get install -y build-essential clang libclang-dev libssl-dev pkg-config + - name: Install active toolchain run: rustup install diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..6dc622d --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,23 @@ +name: Deploy Sequencer + +on: + workflow_dispatch: + +jobs: + deploy: + runs-on: ubuntu-latest + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Deploy to server + uses: appleboy/ssh-action@v1.2.4 + with: + host: ${{ secrets.DEPLOY_SSH_HOST }} + username: ${{ secrets.DEPLOY_SSH_USERNAME }} + key: ${{ secrets.DEPLOY_SSH_KEY }} + envs: GITHUB_ACTOR + script_path: ci_scripts/deploy.sh diff --git a/Cargo.toml b/Cargo.toml index dd24d98..9b773b8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,8 +50,9 @@ borsh = "1.5.7" base58 = "0.2.0" itertools = "0.14.0" -rocksdb = { version = "0.21.0", default-features = false, features = [ +rocksdb = { version = "0.24.0", default-features = false, features = [ "snappy", + "bindgen-runtime", ] } [workspace.dependencies.rand] diff --git a/README.md b/README.md index ff596b8..cb8628d 100644 --- a/README.md +++ b/README.md @@ -69,16 +69,14 @@ Install build dependencies - On Linux Ubuntu / Debian ```sh -apt install build-essential clang libssl-dev pkg-config +apt install build-essential clang libclang-dev libssl-dev pkg-config ``` Fedora ```sh -sudo dnf install clang openssl-devel pkgconf llvm +sudo dnf install clang clang-devel openssl-devel pkgconf ``` -> **Note for Fedora 41+ users:** GCC 14+ has stricter C++ standard library headers that cause build failures with the bundled RocksDB. You must set `CXXFLAGS="-include cstdint"` when running cargo commands. See the [Run tests](#run-tests) section for examples. - - On Mac ```sh xcode-select --install @@ -110,9 +108,6 @@ The NSSA repository includes both unit and integration test suites. ```bash # RISC0_DEV_MODE=1 is used to skip proof generation and reduce test runtime overhead RISC0_DEV_MODE=1 cargo test --release - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RISC0_DEV_MODE=1 cargo test --release ``` ### Integration tests @@ -122,9 +117,6 @@ export NSSA_WALLET_HOME_DIR=$(pwd)/integration_tests/configs/debug/wallet/ cd integration_tests # RISC0_DEV_MODE=1 skips proof generation; RUST_LOG=info enables runtime logs RUST_LOG=info RISC0_DEV_MODE=1 cargo run $(pwd)/configs/debug all - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RUST_LOG=info RISC0_DEV_MODE=1 cargo run $(pwd)/configs/debug all ``` # Run the sequencer @@ -134,9 +126,6 @@ The sequencer can be run locally: ```bash cd sequencer_runner RUST_LOG=info cargo run --release configs/debug - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" RUST_LOG=info cargo run --release configs/debug ``` If everything went well you should see an output similar to this: @@ -162,9 +151,6 @@ This repository includes a CLI for interacting with the Nescience sequencer. To ```bash cargo install --path wallet --force - -# On Fedora 41+ (GCC 14+), prefix with CXXFLAGS to fix RocksDB build: -CXXFLAGS="-include cstdint" cargo install --path wallet --force ``` Run `wallet help` to check everything went well. diff --git a/ci_scripts/deploy.sh b/ci_scripts/deploy.sh new file mode 100644 index 0000000..7615df0 --- /dev/null +++ b/ci_scripts/deploy.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +set -e + +# Base directory for deployment +LSSA_DIR="/home/arjentix/test_deploy/lssa" + +# Expect GITHUB_ACTOR to be passed as first argument or environment variable +GITHUB_ACTOR="${1:-${GITHUB_ACTOR:-unknown}}" + +# Function to log messages with timestamp +log_deploy() { + echo "[$(date '+%Y-%m-%d %H:%M:%S %Z')] $1" >> "${LSSA_DIR}/deploy.log" +} + +# Error handler +handle_error() { + echo "โœ— Deployment failed by: ${GITHUB_ACTOR}" + log_deploy "Deployment failed by: ${GITHUB_ACTOR}" + exit 1 +} + +find_sequencer_runner_pids() { + pgrep -f "sequencer_runner" | grep -v $$ +} + +# Set trap to catch any errors +trap 'handle_error' ERR + +# Log deployment info +log_deploy "Deployment initiated by: ${GITHUB_ACTOR}" + +# Navigate to code directory +if [ ! -d "${LSSA_DIR}/code" ]; then + mkdir -p "${LSSA_DIR}/code" +fi +cd "${LSSA_DIR}/code" + +# Stop current sequencer if running +if find_sequencer_runner_pids > /dev/null; then + echo "Stopping current sequencer..." + find_sequencer_runner_pids | xargs -r kill -SIGINT || true + sleep 2 + # Force kill if still running + find_sequencer_runner_pids | grep -v $$ | xargs -r kill -9 || true +fi + +# Clone or update repository +if [ -d ".git" ]; then + echo "Updating existing repository..." + git fetch origin + git checkout main + git reset --hard origin/main +else + echo "Cloning repository..." + git clone https://github.com/vacp2p/nescience-testnet.git . + git checkout main +fi + +# Build sequencer_runner and wallet in release mode +echo "Building sequencer_runner" +# That could be just `cargo build --release --bin sequencer_runner --bin wallet` +# but we have `no_docker` feature bug, see issue #179 +cd sequencer_runner +cargo build --release +cd ../wallet +cargo build --release +cd .. + +# Run sequencer_runner with config +echo "Starting sequencer_runner..." +export RUST_LOG=info +nohup ./target/release/sequencer_runner "${LSSA_DIR}/configs/sequencer" > "${LSSA_DIR}/sequencer.log" 2>&1 & + +# Wait 5 seconds and check health using wallet +sleep 5 +if ./target/release/wallet check-health; then + echo "โœ“ Sequencer started successfully and is healthy" + log_deploy "Deployment completed successfully by: ${GITHUB_ACTOR}" + exit 0 +else + echo "โœ— Sequencer failed health check" + tail -n 50 "${LSSA_DIR}/sequencer.log" + handle_error +fi diff --git a/integration_tests/src/test_suite_map.rs b/integration_tests/src/test_suite_map.rs index 8012e17..8e42640 100644 --- a/integration_tests/src/test_suite_map.rs +++ b/integration_tests/src/test_suite_map.rs @@ -1681,6 +1681,49 @@ pub fn prepare_function_map() -> HashMap { info!("Success!"); } + #[nssa_integration_test] + pub async fn test_authenticated_transfer_initialize_function_private() { + info!("########## test initialize private account for authenticated transfer ##########"); + let command = + Command::Account(AccountSubcommand::New(NewSubcommand::Private { cci: None })); + let SubcommandReturnValue::RegisterAccount { account_id } = + wallet::cli::execute_subcommand(command).await.unwrap() + else { + panic!("Error creating account"); + }; + + let command = Command::AuthTransfer(AuthTransferSubcommand::Init { + account_id: make_private_account_input_from_str(&account_id.to_string()), + }); + wallet::cli::execute_subcommand(command).await.unwrap(); + + tokio::time::sleep(Duration::from_secs(TIME_TO_WAIT_FOR_BLOCK_SECONDS)).await; + + info!("Checking correct execution"); + let command = Command::Account(AccountSubcommand::SyncPrivate {}); + wallet::cli::execute_subcommand(command).await.unwrap(); + + let wallet_config = fetch_config().await.unwrap(); + let seq_client = SequencerClient::new(wallet_config.sequencer_addr.clone()).unwrap(); + let wallet_storage = WalletCore::start_from_config_update_chain(wallet_config) + .await + .unwrap(); + + let new_commitment1 = wallet_storage + .get_private_account_commitment(&account_id) + .unwrap(); + assert!(verify_commitment_is_in_state(new_commitment1, &seq_client).await); + + let account = wallet_storage.get_account_private(&account_id).unwrap(); + + let expected_program_owner = Program::authenticated_transfer_program().id(); + let expected_balance = 0; + + assert_eq!(account.program_owner, expected_program_owner); + assert_eq!(account.balance, expected_balance); + assert!(account.data.is_empty()); + } + #[nssa_integration_test] pub async fn test_pinata_private_receiver() { info!("########## test_pinata_private_receiver ##########"); diff --git a/integration_tests/src/tps_test_utils.rs b/integration_tests/src/tps_test_utils.rs index 6f597e2..154253c 100644 --- a/integration_tests/src/tps_test_utils.rs +++ b/integration_tests/src/tps_test_utils.rs @@ -167,7 +167,8 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction { (sender_npk.clone(), sender_ss), (recipient_npk.clone(), recipient_ss), ], - &[(sender_nsk, proof)], + &[sender_nsk], + &[Some(proof)], &program.into(), ) .unwrap(); diff --git a/nssa/core/src/circuit_io.rs b/nssa/core/src/circuit_io.rs index 848fe3e..dedcf78 100644 --- a/nssa/core/src/circuit_io.rs +++ b/nssa/core/src/circuit_io.rs @@ -10,11 +10,23 @@ use crate::{ #[derive(Serialize, Deserialize)] pub struct PrivacyPreservingCircuitInput { + /// Outputs of the program execution. pub program_outputs: Vec, + /// Visibility mask for accounts. + /// + /// - `0` - public account + /// - `1` - private account with authentication + /// - `2` - private account without authentication pub visibility_mask: Vec, + /// Nonces of private accounts. pub private_account_nonces: Vec, + /// Public keys of private accounts. pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>, - pub private_account_auth: Vec<(NullifierSecretKey, MembershipProof)>, + /// Nullifier secret keys for authorized private accounts. + pub private_account_nsks: Vec, + /// Membership proofs for private accounts. Can be [`None`] for uninitialized accounts. + pub private_account_membership_proofs: Vec>, + /// Program ID. pub program_id: ProgramId, } diff --git a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs index fe02d06..8a13173 100644 --- a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs +++ b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs @@ -17,7 +17,7 @@ fn initialize_account(pre_state: AccountWithMetadata) -> AccountPostState { // Continue only if the owner authorized this operation if !is_authorized { - panic!("Invalid input"); + panic!("Account must be authorized"); } account_to_claim @@ -31,12 +31,12 @@ fn transfer( ) -> Vec { // Continue only if the sender has authorized this operation if !sender.is_authorized { - panic!("Invalid input"); + panic!("Sender must be authorized"); } // Continue only if the sender has enough balance if sender.account.balance < balance_to_move { - panic!("Invalid input"); + panic!("Sender has insufficient balance"); } // Create accounts post states, with updated balances diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs index 29162db..8d1688a 100644 --- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs +++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs @@ -16,7 +16,8 @@ fn main() { visibility_mask, private_account_nonces, private_account_keys, - private_account_auth, + private_account_nsks, + private_account_membership_proofs, mut program_id, } = env::read(); @@ -63,7 +64,8 @@ fn main() { for (i, program_output) in program_outputs.iter().enumerate() { let mut program_output = program_output.clone(); - // Check that `program_output` is consistent with the execution of the corresponding program. + // Check that `program_output` is consistent with the execution of the corresponding + // program. let program_output_words = &to_vec(&program_output).expect("program_output must be serializable"); env::verify(program_id, program_output_words) @@ -131,7 +133,8 @@ fn main() { let mut private_nonces_iter = private_account_nonces.iter(); let mut private_keys_iter = private_account_keys.iter(); - let mut private_auth_iter = private_account_auth.iter(); + let mut private_nsks_iter = private_account_nsks.iter(); + let mut private_membership_proofs_iter = private_account_membership_proofs.iter(); let mut output_index = 0; for i in 0..n_accounts { @@ -158,8 +161,7 @@ fn main() { if visibility_mask[i] == 1 { // Private account with authentication - let (nsk, membership_proof) = - private_auth_iter.next().expect("Missing private auth"); + let nsk = private_nsks_iter.next().expect("Missing nsk"); // Verify the nullifier public key let expected_npk = NullifierPublicKey::from(nsk); @@ -167,19 +169,38 @@ fn main() { panic!("Nullifier public key mismatch"); } - // Compute commitment set digest associated with provided auth path - let commitment_pre = Commitment::new(npk, &pre_states[i].account); - let set_digest = compute_digest_for_path(&commitment_pre, membership_proof); - // Check pre_state authorization if !pre_states[i].is_authorized { panic!("Pre-state not authorized"); } - // Compute update nullifier - let nullifier = Nullifier::for_account_update(&commitment_pre, nsk); + let membership_proof_opt = private_membership_proofs_iter + .next() + .expect("Missing membership proof"); + let (nullifier, set_digest) = membership_proof_opt + .as_ref() + .map(|membership_proof| { + // Compute commitment set digest associated with provided auth path + let commitment_pre = Commitment::new(npk, &pre_states[i].account); + let set_digest = + compute_digest_for_path(&commitment_pre, membership_proof); + + // Compute update nullifier + let nullifier = Nullifier::for_account_update(&commitment_pre, nsk); + (nullifier, set_digest) + }) + .unwrap_or_else(|| { + if pre_states[i].account != Account::default() { + panic!("Found new private account with non default values."); + } + + // Compute initialization nullifier + let nullifier = Nullifier::for_account_initialization(npk); + (nullifier, DUMMY_COMMITMENT_HASH) + }); new_nullifiers.push((nullifier, set_digest)); } else { + // Private account without authentication if pre_states[i].account != Account::default() { panic!("Found new private account with non default values."); } @@ -188,7 +209,13 @@ fn main() { panic!("Found new private account marked as authorized."); } - // Compute initialization nullifier + let membership_proof_opt = private_membership_proofs_iter + .next() + .expect("Missing membership proof"); + assert!( + membership_proof_opt.is_none(), + "Membership proof must be None for unauthorized accounts" + ); let nullifier = Nullifier::for_account_initialization(npk); new_nullifiers.push((nullifier, DUMMY_COMMITMENT_HASH)); } @@ -223,15 +250,19 @@ fn main() { } if private_nonces_iter.next().is_some() { - panic!("Too many nonces."); + panic!("Too many nonces"); } if private_keys_iter.next().is_some() { - panic!("Too many private account keys."); + panic!("Too many private account keys"); } - if private_auth_iter.next().is_some() { - panic!("Too many private account authentication keys."); + if private_nsks_iter.next().is_some() { + panic!("Too many private account authentication keys"); + } + + if private_membership_proofs_iter.next().is_some() { + panic!("Too many private account membership proofs"); } let output = PrivacyPreservingCircuitOutput { diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index 95933a3..c698b1b 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -44,13 +44,15 @@ impl From for ProgramWithDependencies { /// Generates a proof of the execution of a NSSA program inside the privacy preserving execution /// circuit +#[expect(clippy::too_many_arguments, reason = "TODO: fix later")] pub fn execute_and_prove( pre_states: &[AccountWithMetadata], instruction_data: &InstructionData, visibility_mask: &[u8], private_account_nonces: &[u128], private_account_keys: &[(NullifierPublicKey, SharedSecretKey)], - private_account_auth: &[(NullifierSecretKey, MembershipProof)], + private_account_nsks: &[NullifierSecretKey], + private_account_membership_proofs: &[Option], program_with_dependencies: &ProgramWithDependencies, ) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> { let mut program = &program_with_dependencies.program; @@ -105,7 +107,8 @@ pub fn execute_and_prove( visibility_mask: visibility_mask.to_vec(), private_account_nonces: private_account_nonces.to_vec(), private_account_keys: private_account_keys.to_vec(), - private_account_auth: private_account_auth.to_vec(), + private_account_nsks: private_account_nsks.to_vec(), + private_account_membership_proofs: private_account_membership_proofs.to_vec(), program_id: program_with_dependencies.program.id(), }; @@ -218,6 +221,7 @@ mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret.clone())], &[], + &[None], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -315,10 +319,8 @@ mod tests { (sender_keys.npk(), shared_secret_1.clone()), (recipient_keys.npk(), shared_secret_2.clone()), ], - &[( - sender_keys.nsk, - commitment_set.get_proof_for(&commitment_sender).unwrap(), - )], + &[sender_keys.nsk], + &[commitment_set.get_proof_for(&commitment_sender), None], &program.into(), ) .unwrap(); diff --git a/nssa/src/program.rs b/nssa/src/program.rs index 9ce5046..69cb02c 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -226,6 +226,15 @@ mod tests { } } + pub fn noop() -> Self { + use test_program_methods::{NOOP_ELF, NOOP_ID}; + + Program { + id: NOOP_ID, + elf: NOOP_ELF.to_vec(), + } + } + pub fn modified_transfer_program() -> Self { use test_program_methods::MODIFIED_TRANSFER_ELF; // This unwrap won't panic since the `MODIFIED_TRANSFER_ELF` comes from risc0 build of diff --git a/nssa/src/state.rs b/nssa/src/state.rs index eeb7a95..589512e 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -869,6 +869,7 @@ pub mod tests { &[0xdeadbeef], &[(recipient_keys.npk(), shared_secret)], &[], + &[None], &Program::authenticated_transfer_program().into(), ) .unwrap(); @@ -917,10 +918,8 @@ pub mod tests { (sender_keys.npk(), shared_secret_1), (recipient_keys.npk(), shared_secret_2), ], - &[( - sender_keys.nsk, - state.get_proof_for_commitment(&sender_commitment).unwrap(), - )], + &[sender_keys.nsk], + &[state.get_proof_for_commitment(&sender_commitment), None], &program.into(), ) .unwrap(); @@ -969,10 +968,8 @@ pub mod tests { &[1, 0], &[new_nonce], &[(sender_keys.npk(), shared_secret)], - &[( - sender_keys.nsk, - state.get_proof_for_commitment(&sender_commitment).unwrap(), - )], + &[sender_keys.nsk], + &[state.get_proof_for_commitment(&sender_commitment)], &program.into(), ) .unwrap(); @@ -1186,6 +1183,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1212,6 +1210,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1238,6 +1237,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1264,6 +1264,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1292,6 +1293,7 @@ pub mod tests { &[], &[], &[], + &[], &program.to_owned().into(), ); @@ -1318,6 +1320,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1353,6 +1356,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1379,6 +1383,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1414,6 +1419,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1451,6 +1457,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1491,7 +1498,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1525,7 +1533,50 @@ pub mod tests { &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], + &program.into(), + ); + + assert!(matches!(result, Err(NssaError::CircuitProvingError(_)))); + } + + #[test] + fn test_circuit_fails_if_insufficient_commitment_proofs_are_provided() { + let program = Program::simple_balance_transfer(); + let sender_keys = test_private_account_keys_1(); + let recipient_keys = test_private_account_keys_2(); + let private_account_1 = AccountWithMetadata::new( + Account { + program_owner: program.id(), + balance: 100, + ..Account::default() + }, + true, + &sender_keys.npk(), + ); + let private_account_2 = + AccountWithMetadata::new(Account::default(), false, &recipient_keys.npk()); + + // Setting no second commitment proof. + let private_account_membership_proofs = [Some((0, vec![]))]; + let result = execute_and_prove( + &[private_account_1, private_account_2], + &Program::serialize_instruction(10u128).unwrap(), + &[1, 2], + &[0xdeadbeef1, 0xdeadbeef2], + &[ + ( + sender_keys.npk(), + SharedSecretKey::new(&[55; 32], &sender_keys.ivk()), + ), + ( + recipient_keys.npk(), + SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), + ), + ], + &[sender_keys.nsk], + &private_account_membership_proofs, &program.into(), ); @@ -1550,7 +1601,7 @@ pub mod tests { AccountWithMetadata::new(Account::default(), false, &recipient_keys.npk()); // Setting no auth key for an execution with one non default private accounts. - let private_account_auth = []; + let private_account_nsks = []; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -1566,7 +1617,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &private_account_auth, + &private_account_nsks, + &[], &program.into(), ); @@ -1602,19 +1654,20 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ]; - let private_account_auth = [ - // Setting the recipient key to authorize the sender. - // This should be set to the sender private account in - // a normal circumstance. The recipient can't authorize this. - (recipient_keys.nsk, (0, vec![])), - ]; + + // Setting the recipient key to authorize the sender. + // This should be set to the sender private account in + // a normal circumstance. The recipient can't authorize this. + let private_account_nsks = [recipient_keys.nsk]; + let private_account_membership_proofs = [Some((0, vec![]))]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -1660,7 +1713,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1707,7 +1761,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1753,7 +1808,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1799,7 +1855,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1843,7 +1900,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1873,6 +1931,7 @@ pub mod tests { &[], &[], &[], + &[], &program.into(), ); @@ -1914,7 +1973,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1960,7 +2020,8 @@ pub mod tests { &[1, 2], &[0xdeadbeef1, 0xdeadbeef2], &private_account_keys, - &[(sender_keys.nsk, (0, vec![]))], + &[sender_keys.nsk], + &[Some((0, vec![]))], &program.into(), ); @@ -1987,10 +2048,8 @@ pub mod tests { // Setting two private account keys for a circuit execution with only one non default // private account (visibility mask equal to 1 means that auth keys are expected). let visibility_mask = [1, 2]; - let private_account_auth = [ - (sender_keys.nsk, (0, vec![])), - (recipient_keys.nsk, (1, vec![])), - ]; + let private_account_nsks = [sender_keys.nsk, recipient_keys.nsk]; + let private_account_membership_proofs = [Some((0, vec![])), Some((1, vec![]))]; let result = execute_and_prove( &[private_account_1, private_account_2], &Program::serialize_instruction(10u128).unwrap(), @@ -2006,7 +2065,8 @@ pub mod tests { SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()), ), ], - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -2083,10 +2143,8 @@ pub mod tests { ); let visibility_mask = [1, 1]; - let private_account_auth = [ - (sender_keys.nsk, (1, vec![])), - (sender_keys.nsk, (1, vec![])), - ]; + let private_account_nsks = [sender_keys.nsk, sender_keys.nsk]; + let private_account_membership_proofs = [Some((1, vec![])), Some((1, vec![]))]; let shared_secret = SharedSecretKey::new(&[55; 32], &sender_keys.ivk()); let result = execute_and_prove( &[private_account_1.clone(), private_account_1], @@ -2097,7 +2155,8 @@ pub mod tests { (sender_keys.npk(), shared_secret.clone()), (sender_keys.npk(), shared_secret), ], - &private_account_auth, + &private_account_nsks, + &private_account_membership_proofs, &program.into(), ); @@ -4015,15 +4074,10 @@ pub mod tests { &[1, 1], &[from_new_nonce, to_new_nonce], &[(from_keys.npk(), to_ss), (to_keys.npk(), from_ss)], + &[from_keys.nsk, to_keys.nsk], &[ - ( - from_keys.nsk, - state.get_proof_for_commitment(&from_commitment).unwrap(), - ), - ( - to_keys.nsk, - state.get_proof_for_commitment(&to_commitment).unwrap(), - ), + state.get_proof_for_commitment(&from_commitment), + state.get_proof_for_commitment(&to_commitment), ], &program_with_deps, ) @@ -4230,4 +4284,143 @@ pub mod tests { assert_eq!(expected_sender_post, sender_post); assert_eq!(expected_recipient_post, recipient_post); } + + #[test] + fn test_private_authorized_uninitialized_account() { + let mut state = V02State::new_with_genesis_accounts(&[], &[]); + + // Set up keys for the authorized private account + let private_keys = test_private_account_keys_1(); + + // Create an authorized private account with default values (new account being initialized) + let authorized_account = + AccountWithMetadata::new(Account::default(), true, &private_keys.npk()); + + let program = Program::authenticated_transfer_program(); + + // Set up parameters for the new account + let esk = [3; 32]; + let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk()); + let epk = EphemeralPublicKey::from_scalar(esk); + + // Balance to initialize the account with (0 for a new account) + let balance: u128 = 0; + + let nonce = 0xdeadbeef1; + + // Execute and prove the circuit with the authorized account but no commitment proof + let (output, proof) = execute_and_prove( + std::slice::from_ref(&authorized_account), + &Program::serialize_instruction(balance).unwrap(), + &[1], + &[nonce], + &[(private_keys.npk(), shared_secret)], + &[private_keys.nsk], + &[None], + &program.into(), + ) + .unwrap(); + + // Create message from circuit output + let message = Message::try_from_circuit_output( + vec![], + vec![], + vec![(private_keys.npk(), private_keys.ivk(), epk)], + output, + ) + .unwrap(); + + let witness_set = WitnessSet::for_message(&message, proof, &[]); + + let tx = PrivacyPreservingTransaction::new(message, witness_set); + let result = state.transition_from_privacy_preserving_transaction(&tx); + assert!(result.is_ok()); + + let nullifier = Nullifier::for_account_initialization(&private_keys.npk()); + assert!(state.private_state.1.contains(&nullifier)); + } + + #[test] + fn test_private_account_claimed_then_used_without_init_flag_should_fail() { + let mut state = V02State::new_with_genesis_accounts(&[], &[]).with_test_programs(); + + // Set up keys for the private account + let private_keys = test_private_account_keys_1(); + + // Step 1: Create a new private account with authorization + let authorized_account = + AccountWithMetadata::new(Account::default(), true, &private_keys.npk()); + + let claimer_program = Program::claimer(); + + // Set up parameters for claiming the new account + let esk = [3; 32]; + let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk()); + let epk = EphemeralPublicKey::from_scalar(esk); + + let balance: u128 = 0; + let nonce = 0xdeadbeef1; + + // Step 2: Execute claimer program to claim the account with authentication + let (output, proof) = execute_and_prove( + std::slice::from_ref(&authorized_account), + &Program::serialize_instruction(balance).unwrap(), + &[1], + &[nonce], + &[(private_keys.npk(), shared_secret)], + &[private_keys.nsk], + &[None], + &claimer_program.into(), + ) + .unwrap(); + + let message = Message::try_from_circuit_output( + vec![], + vec![], + vec![(private_keys.npk(), private_keys.ivk(), epk)], + output, + ) + .unwrap(); + + let witness_set = WitnessSet::for_message(&message, proof, &[]); + let tx = PrivacyPreservingTransaction::new(message, witness_set); + + // Claim should succeed + assert!( + state + .transition_from_privacy_preserving_transaction(&tx) + .is_ok() + ); + + // Verify the account is now initialized (nullifier exists) + let nullifier = Nullifier::for_account_initialization(&private_keys.npk()); + assert!(state.private_state.1.contains(&nullifier)); + + // Prepare new state of account + let account_metadata = { + let mut acc = authorized_account.clone(); + acc.account.program_owner = Program::claimer().id(); + acc + }; + + let noop_program = Program::noop(); + let esk2 = [4; 32]; + let shared_secret2 = SharedSecretKey::new(&esk2, &private_keys.ivk()); + + let nonce2 = 0xdeadbeef2; + + // Step 3: Try to execute noop program with authentication but without initialization + let res = execute_and_prove( + std::slice::from_ref(&account_metadata), + &Program::serialize_instruction(()).unwrap(), + &[1], + &[nonce2], + &[(private_keys.npk(), shared_secret2)], + &[private_keys.nsk], + &[None], + &noop_program.into(), + ); + + assert!(matches!(res, Err(NssaError::CircuitProvingError(_)))); + } } diff --git a/nssa/test_program_methods/guest/src/bin/noop.rs b/nssa/test_program_methods/guest/src/bin/noop.rs new file mode 100644 index 0000000..fb02389 --- /dev/null +++ b/nssa/test_program_methods/guest/src/bin/noop.rs @@ -0,0 +1,12 @@ +use nssa_core::program::{read_nssa_inputs, write_nssa_outputs, ProgramInput, AccountPostState}; + +type Instruction = (); + +fn main() { + let (ProgramInput { pre_states, .. }, instruction_words) = read_nssa_inputs::(); + + let post_states = pre_states.iter().map(|account| { + AccountPostState::new(account.account.clone()) + }).collect(); + write_nssa_outputs(instruction_words, pre_states, post_states); +} diff --git a/wallet/src/lib.rs b/wallet/src/lib.rs index bc28311..237b2f2 100644 --- a/wallet/src/lib.rs +++ b/wallet/src/lib.rs @@ -283,6 +283,7 @@ impl WalletCore { .map(|keys| (keys.npk.clone(), keys.ssk.clone())) .collect::>(), &acc_manager.private_account_auth(), + &acc_manager.private_account_membership_proofs(), &program.to_owned().into(), ) .unwrap(); @@ -303,7 +304,7 @@ impl WalletCore { nssa::privacy_preserving_transaction::witness_set::WitnessSet::for_message( &message, proof, - &acc_manager.witness_signing_keys(), + &acc_manager.public_account_auth(), ); let tx = PrivacyPreservingTransaction::new(message, witness_set); diff --git a/wallet/src/pinata_interactions.rs b/wallet/src/pinata_interactions.rs index 65a67b7..5804768 100644 --- a/wallet/src/pinata_interactions.rs +++ b/wallet/src/pinata_interactions.rs @@ -58,7 +58,8 @@ impl WalletCore { &[0, 1], &produce_random_nonces(1), &[(winner_npk.clone(), shared_secret_winner.clone())], - &[(winner_nsk.unwrap(), winner_proof)], + &[(winner_nsk.unwrap())], + &[winner_proof], &program.into(), ) .unwrap(); @@ -125,6 +126,7 @@ impl WalletCore { &produce_random_nonces(1), &[(winner_npk.clone(), shared_secret_winner.clone())], &[], + &[] &program.into(), ) .unwrap(); diff --git a/wallet/src/privacy_preserving_tx.rs b/wallet/src/privacy_preserving_tx.rs index e79bbac..3bd0c4c 100644 --- a/wallet/src/privacy_preserving_tx.rs +++ b/wallet/src/privacy_preserving_tx.rs @@ -133,11 +133,21 @@ impl AccountManager { .collect() } - pub fn private_account_auth(&self) -> Vec<(NullifierSecretKey, MembershipProof)> { + pub fn private_account_auth(&self) -> Vec { self.states .iter() .filter_map(|state| match state { - State::Private(pre) => Some((pre.nsk?, pre.proof.clone()?)), + State::Private(pre) => pre.nsk, + _ => None, + }) + .collect() + } + + pub fn private_account_membership_proofs(&self) -> Vec> { + self.states + .iter() + .filter_map(|state| match state { + State::Private(pre) => Some(pre.proof.clone()), _ => None, }) .collect() @@ -153,7 +163,7 @@ impl AccountManager { .collect() } - pub fn witness_signing_keys(&self) -> Vec<&PrivateKey> { + pub fn public_account_auth(&self) -> Vec<&PrivateKey> { self.states .iter() .filter_map(|state| match state { @@ -185,7 +195,7 @@ async fn private_acc_preparation( return Err(ExecutionFailureKind::KeyNotFoundError); }; - let mut nsk = Some(from_keys.private_key_holder.nullifier_secret_key); + let nsk = from_keys.private_key_holder.nullifier_secret_key; let from_npk = from_keys.nullifer_public_key; let from_ipk = from_keys.incoming_viewing_public_key; @@ -196,14 +206,12 @@ async fn private_acc_preparation( .await .unwrap(); - if proof.is_none() { - nsk = None; - } - - let sender_pre = AccountWithMetadata::new(from_acc.clone(), proof.is_some(), &from_npk); + // TODO: Technically we could allow unauthorized owned accounts, but currently we don't have + // support from that in the wallet. + let sender_pre = AccountWithMetadata::new(from_acc.clone(), true, &from_npk); Ok(AccountPreparedData { - nsk, + nsk: Some(nsk), npk: from_npk, ipk: from_ipk, pre_state: sender_pre,