logos-blockchain/lssa
1
0
Fork 0
mirror of https://github.com/logos-blockchain/lssa.git synced 2026-01-02 13:23:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow private authorized uninitialized accounts

Browse Source
This commit is contained in:
Daniil Polyakov 2025-12-12 16:53:30 +03:00
parent ef97fade99
commit f729072fae
9 changed files with 317 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
integration_tests/src/test_suite_map.rs
View File

@ -1681,6 +1681,49 @@ pub fn prepare_function_map() -> HashMap<String, TestFunction> {
info!("Success!");
}
#[nssa_integration_test]
pub async fn test_authenticated_transfer_initialize_function_private() {
info!("########## test initialize private account for authenticated transfer ##########");
let command =
Command::Account(AccountSubcommand::New(NewSubcommand::Private { cci: None }));
let SubcommandReturnValue::RegisterAccount { account_id } =
wallet::cli::execute_subcommand(command).await.unwrap()
else {
panic!("Error creating account");
};
let command = Command::AuthTransfer(AuthTransferSubcommand::Init {
account_id: make_private_account_input_from_str(&account_id.to_string()),
});
wallet::cli::execute_subcommand(command).await.unwrap();
tokio::time::sleep(Duration::from_secs(TIME_TO_WAIT_FOR_BLOCK_SECONDS)).await;
info!("Checking correct execution");
let command = Command::Account(AccountSubcommand::SyncPrivate {});
wallet::cli::execute_subcommand(command).await.unwrap();
let wallet_config = fetch_config().await.unwrap();
let seq_client = SequencerClient::new(wallet_config.sequencer_addr.clone()).unwrap();
let wallet_storage = WalletCore::start_from_config_update_chain(wallet_config)
.await
.unwrap();
let new_commitment1 = wallet_storage
.get_private_account_commitment(&account_id)
.unwrap();
assert!(verify_commitment_is_in_state(new_commitment1, &seq_client).await);
let account = wallet_storage.get_account_private(&account_id).unwrap();
let expected_program_owner = Program::authenticated_transfer_program().id();
let expected_balance = 0;
assert_eq!(account.program_owner, expected_program_owner);
assert_eq!(account.balance, expected_balance);
assert!(account.data.is_empty());
}
#[nssa_integration_test]
pub async fn test_pinata_private_receiver() {
info!("########## test_pinata_private_receiver ##########");

2
integration_tests/src/tps_test_utils.rs
View File

@ -168,7 +168,7 @@ fn build_privacy_transaction() -> PrivacyPreservingTransaction {
(recipient_npk.clone(), recipient_ss),
],
&[sender_nsk],
&[proof],
&[Some(proof)],
&program.into(),
)
.unwrap();

13
nssa/core/src/circuit_io.rs
View File

@ -10,12 +10,23 @@ use crate::{
#[derive(Serialize, Deserialize)]
pub struct PrivacyPreservingCircuitInput {
/// Outputs of the program execution.
pub program_outputs: Vec<ProgramOutput>,
/// Visibility mask for accounts.
///
/// - `0` - public account
/// - `1` - private account with authentication
/// - `2` - private account without authentication
pub visibility_mask: Vec<u8>,
/// Nonces of private accounts.
pub private_account_nonces: Vec<Nonce>,
/// Public keys of private accounts.
pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>,
/// Nullifier secret keys for authorized private accounts.
pub private_account_nsks: Vec<NullifierSecretKey>,
pub private_account_membership_proofs: Vec<MembershipProof>,
/// Membership proofs for private accounts. Can be [`None`] for uninitialized accounts.
pub private_account_membership_proofs: Vec<Option<MembershipProof>>,
/// Program ID.
pub program_id: ProgramId,
}

43
nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
View File

@ -163,29 +163,44 @@ fn main() {
// Private account with authentication
let nsk = private_nsks_iter.next().expect("Missing nsk");
let membership_proof = private_membership_proofs_iter
.next()
.expect("Missing membership proof");
// Verify the nullifier public key
let expected_npk = NullifierPublicKey::from(nsk);
if &expected_npk != npk {
panic!("Nullifier public key mismatch");
}
// Compute commitment set digest associated with provided auth path
let commitment_pre = Commitment::new(npk, &pre_states[i].account);
let set_digest = compute_digest_for_path(&commitment_pre, membership_proof);
// Check pre_state authorization
if !pre_states[i].is_authorized {
panic!("Pre-state not authorized");
}
// Compute update nullifier
let nullifier = Nullifier::for_account_update(&commitment_pre, nsk);
let membership_proof_opt = private_membership_proofs_iter
.next()
.expect("Missing membership proof");
let (nullifier, set_digest) = membership_proof_opt
.as_ref()
.map(|membership_proof| {
// Compute commitment set digest associated with provided auth path
let commitment_pre = Commitment::new(npk, &pre_states[i].account);
let set_digest =
compute_digest_for_path(&commitment_pre, membership_proof);
// Compute update nullifier
let nullifier = Nullifier::for_account_update(&commitment_pre, nsk);
(nullifier, set_digest)
})
.unwrap_or_else(|| {
if pre_states[i].account != Account::default() {
panic!("Found new private account with non default values.");
}
// Compute initialization nullifier
let nullifier = Nullifier::for_account_initialization(npk);
(nullifier, DUMMY_COMMITMENT_HASH)
});
new_nullifiers.push((nullifier, set_digest));
} else {
// Private account without authentication
if pre_states[i].account != Account::default() {
panic!("Found new private account with non default values.");
}
@ -194,7 +209,13 @@ fn main() {
panic!("Found new private account marked as authorized.");
}
// Compute initialization nullifier
let membership_proof_opt = private_membership_proofs_iter
.next()
.expect("Missing membership proof");
assert!(
membership_proof_opt.is_none(),
"Membership proof must be None for unauthorized accounts"
);
let nullifier = Nullifier::for_account_initialization(npk);
new_nullifiers.push((nullifier, DUMMY_COMMITMENT_HASH));
}

6
nssa/src/privacy_preserving_transaction/circuit.rs
View File

@ -52,7 +52,7 @@ pub fn execute_and_prove(
private_account_nonces: &[u128],
private_account_keys: &[(NullifierPublicKey, SharedSecretKey)],
private_account_nsks: &[NullifierSecretKey],
private_account_membership_proofs: &[MembershipProof],
private_account_membership_proofs: &[Option<MembershipProof>],
program_with_dependencies: &ProgramWithDependencies,
) -> Result<(PrivacyPreservingCircuitOutput, Proof), NssaError> {
let mut program = &program_with_dependencies.program;
@ -221,7 +221,7 @@ mod tests {
&[0xdeadbeef],
&[(recipient_keys.npk(), shared_secret.clone())],
&[],
&[],
&[None],
&Program::authenticated_transfer_program().into(),
)
.unwrap();
@ -320,7 +320,7 @@ mod tests {
(recipient_keys.npk(), shared_secret_2.clone()),
],
&[sender_keys.nsk],
&[commitment_set.get_proof_for(&commitment_sender).unwrap()],
&[commitment_set.get_proof_for(&commitment_sender), None],
&program.into(),
)
.unwrap();

9
nssa/src/program.rs
View File

@ -222,6 +222,15 @@ mod tests {
}
}
pub fn noop() -> Self {
use test_program_methods::{NOOP_ELF, NOOP_ID};
Program {
id: NOOP_ID,
elf: NOOP_ELF.to_vec(),
}
}
pub fn modified_transfer_program() -> Self {
use test_program_methods::MODIFIED_TRANSFER_ELF;
// This unwrap won't panic since the `MODIFIED_TRANSFER_ELF` comes from risc0 build of

215
nssa/src/state.rs
View File

@ -868,7 +868,7 @@ pub mod tests {
&[0xdeadbeef],
&[(recipient_keys.npk(), shared_secret)],
&[],
&[],
&[None],
&Program::authenticated_transfer_program().into(),
)
.unwrap();
@ -918,7 +918,7 @@ pub mod tests {
(recipient_keys.npk(), shared_secret_2),
],
&[sender_keys.nsk],
&[state.get_proof_for_commitment(&sender_commitment).unwrap()],
&[state.get_proof_for_commitment(&sender_commitment), None],
&program.into(),
)
.unwrap();
@ -968,7 +968,7 @@ pub mod tests {
&[new_nonce],
&[(sender_keys.npk(), shared_secret)],
&[sender_keys.nsk],
&[state.get_proof_for_commitment(&sender_commitment).unwrap()],
&[state.get_proof_for_commitment(&sender_commitment)],
&program.into(),
)
.unwrap();
@ -1498,7 +1498,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1533,7 +1533,49 @@ pub mod tests {
&[0xdeadbeef1, 0xdeadbeef2],
&private_account_keys,
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
assert!(matches!(result, Err(NssaError::CircuitProvingError(_))));
}
#[test]
fn test_circuit_fails_if_insufficient_commitment_proofs_are_provided() {
let program = Program::simple_balance_transfer();
let sender_keys = test_private_account_keys_1();
let recipient_keys = test_private_account_keys_2();
let private_account_1 = AccountWithMetadata::new(
Account {
program_owner: program.id(),
balance: 100,
..Account::default()
},
true,
&sender_keys.npk(),
);
let private_account_2 =
AccountWithMetadata::new(Account::default(), false, &recipient_keys.npk());
// Setting no second commitment proof.
let private_account_membership_proofs = [Some((0, vec![]))];
let result = execute_and_prove(
&[private_account_1, private_account_2],
&Program::serialize_instruction(10u128).unwrap(),
&[1, 2],
&[0xdeadbeef1, 0xdeadbeef2],
&[
(
sender_keys.npk(),
SharedSecretKey::new(&[55; 32], &sender_keys.ivk()),
),
(
recipient_keys.npk(),
SharedSecretKey::new(&[56; 32], &recipient_keys.ivk()),
),
],
&[sender_keys.nsk],
&private_account_membership_proofs,
&program.into(),
);
@ -1616,7 +1658,7 @@ pub mod tests {
// This should be set to the sender private account in
// a normal circumstance. The recipient can't authorize this.
let private_account_nsks = [recipient_keys.nsk];
let private_account_membership_proofs = [(0, vec![])];
let private_account_membership_proofs = [Some((0, vec![]))];
let result = execute_and_prove(
&[private_account_1, private_account_2],
&Program::serialize_instruction(10u128).unwrap(),
@ -1671,7 +1713,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1719,7 +1761,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1766,7 +1808,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1813,7 +1855,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1858,7 +1900,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1931,7 +1973,7 @@ pub mod tests {
),
],
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -1978,7 +2020,7 @@ pub mod tests {
&[0xdeadbeef1, 0xdeadbeef2],
&private_account_keys,
&[sender_keys.nsk],
&[(0, vec![])],
&[Some((0, vec![]))],
&program.into(),
);
@ -2006,7 +2048,7 @@ pub mod tests {
// private account (visibility mask equal to 1 means that auth keys are expected).
let visibility_mask = [1, 2];
let private_account_nsks = [sender_keys.nsk, recipient_keys.nsk];
let private_account_membership_proofs = [(0, vec![]), (1, vec![])];
let private_account_membership_proofs = [Some((0, vec![])), Some((1, vec![]))];
let result = execute_and_prove(
&[private_account_1, private_account_2],
&Program::serialize_instruction(10u128).unwrap(),
@ -2101,7 +2143,7 @@ pub mod tests {
let visibility_mask = [1, 1];
let private_account_nsks = [sender_keys.nsk, sender_keys.nsk];
let private_account_membership_proofs = [(1, vec![]), (1, vec![])];
let private_account_membership_proofs = [Some((1, vec![])), Some((1, vec![]))];
let shared_secret = SharedSecretKey::new(&[55; 32], &sender_keys.ivk());
let result = execute_and_prove(
&[private_account_1.clone(), private_account_1],
@ -2416,8 +2458,8 @@ pub mod tests {
&[(from_keys.npk(), to_ss), (to_keys.npk(), from_ss)],
&[from_keys.nsk, to_keys.nsk],
&[
state.get_proof_for_commitment(&from_commitment).unwrap(),
state.get_proof_for_commitment(&to_commitment).unwrap(),
state.get_proof_for_commitment(&from_commitment),
state.get_proof_for_commitment(&to_commitment),
],
&program_with_deps,
)
@ -2624,4 +2666,143 @@ pub mod tests {
assert!(expected_sender_post == sender_post);
assert!(expected_recipient_post == recipient_post);
}
#[test]
fn test_private_authorized_uninitialized_account() {
let mut state = V02State::new_with_genesis_accounts(&[], &[]);
// Set up keys for the authorized private account
let private_keys = test_private_account_keys_1();
// Create an authorized private account with default values (new account being initialized)
let authorized_account =
AccountWithMetadata::new(Account::default(), true, &private_keys.npk());
let program = Program::authenticated_transfer_program();
// Set up parameters for the new account
let esk = [3; 32];
let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk());
let epk = EphemeralPublicKey::from_scalar(esk);
// Balance to initialize the account with (0 for a new account)
let balance: u128 = 0;
let nonce = 0xdeadbeef1;
// Execute and prove the circuit with the authorized account but no commitment proof
let (output, proof) = execute_and_prove(
std::slice::from_ref(&authorized_account),
&Program::serialize_instruction(balance).unwrap(),
&[1],
&[nonce],
&[(private_keys.npk(), shared_secret)],
&[private_keys.nsk],
&[None],
&program.into(),
)
.unwrap();
// Create message from circuit output
let message = Message::try_from_circuit_output(
vec![],
vec![],
vec![(private_keys.npk(), private_keys.ivk(), epk)],
output,
)
.unwrap();
let witness_set = WitnessSet::for_message(&message, proof, &[]);
let tx = PrivacyPreservingTransaction::new(message, witness_set);
let result = state.transition_from_privacy_preserving_transaction(&tx);
assert!(result.is_ok());
let nullifier = Nullifier::for_account_initialization(&private_keys.npk());
assert!(state.private_state.1.contains(&nullifier));
}
#[test]
fn test_private_account_claimed_then_used_without_init_flag_should_fail() {
let mut state = V02State::new_with_genesis_accounts(&[], &[]).with_test_programs();
// Set up keys for the private account
let private_keys = test_private_account_keys_1();
// Step 1: Create a new private account with authorization
let authorized_account =
AccountWithMetadata::new(Account::default(), true, &private_keys.npk());
let claimer_program = Program::claimer();
// Set up parameters for claiming the new account
let esk = [3; 32];
let shared_secret = SharedSecretKey::new(&esk, &private_keys.ivk());
let epk = EphemeralPublicKey::from_scalar(esk);
let balance: u128 = 0;
let nonce = 0xdeadbeef1;
// Step 2: Execute claimer program to claim the account with authentication
let (output, proof) = execute_and_prove(
std::slice::from_ref(&authorized_account),
&Program::serialize_instruction(balance).unwrap(),
&[1],
&[nonce],
&[(private_keys.npk(), shared_secret)],
&[private_keys.nsk],
&[None],
&claimer_program.into(),
)
.unwrap();
let message = Message::try_from_circuit_output(
vec![],
vec![],
vec![(private_keys.npk(), private_keys.ivk(), epk)],
output,
)
.unwrap();
let witness_set = WitnessSet::for_message(&message, proof, &[]);
let tx = PrivacyPreservingTransaction::new(message, witness_set);
// Claim should succeed
assert!(
state
.transition_from_privacy_preserving_transaction(&tx)
.is_ok()
);
// Verify the account is now initialized (nullifier exists)
let nullifier = Nullifier::for_account_initialization(&private_keys.npk());
assert!(state.private_state.1.contains(&nullifier));
// Prepare new state of account
let account_metadata = {
let mut acc = authorized_account.clone();
acc.account.program_owner = Program::claimer().id();
acc
};
let noop_program = Program::noop();
let esk2 = [4; 32];
let shared_secret2 = SharedSecretKey::new(&esk2, &private_keys.ivk());
let nonce2 = 0xdeadbeef2;
// Step 3: Try to execute noop program with authentication but without initialization
let res = execute_and_prove(
std::slice::from_ref(&account_metadata),
&Program::serialize_instruction(()).unwrap(),
&[1],
&[nonce2],
&[(private_keys.npk(), shared_secret2)],
&[private_keys.nsk],
&[None],
&noop_program.into(),
);
assert!(matches!(res, Err(NssaError::CircuitProvingError(_))));
}
}

12
nssa/test_program_methods/guest/src/bin/noop.rs Normal file
View File

@ -0,0 +1,12 @@
use nssa_core::program::{read_nssa_inputs, write_nssa_outputs, ProgramInput, AccountPostState};
type Instruction = ();
fn main() {
let (ProgramInput { pre_states, .. }, instruction_words) = read_nssa_inputs::<Instruction>();
let post_states = pre_states.iter().map(|account| {
AccountPostState::new(account.account.clone())
}).collect();
write_nssa_outputs(instruction_words, pre_states, post_states);
}

16
wallet/src/privacy_preserving_tx.rs
View File

@ -143,11 +143,11 @@ impl AccountManager {
.collect()
}
pub fn private_account_membership_proofs(&self) -> Vec<MembershipProof> {
pub fn private_account_membership_proofs(&self) -> Vec<Option<MembershipProof>> {
self.states
.iter()
.filter_map(|state| match state {
State::Private(pre) => pre.proof.clone(),
State::Private(pre) => Some(pre.proof.clone()),
_ => None,
})
.collect()
@ -195,7 +195,7 @@ async fn private_acc_preparation(
return Err(ExecutionFailureKind::KeyNotFoundError);
};
let mut nsk = Some(from_keys.private_key_holder.nullifier_secret_key);
let nsk = from_keys.private_key_holder.nullifier_secret_key;
let from_npk = from_keys.nullifer_public_key;
let from_ipk = from_keys.incoming_viewing_public_key;
@ -206,14 +206,12 @@ async fn private_acc_preparation(
.await
.unwrap();
if proof.is_none() {
nsk = None;
}
let sender_pre = AccountWithMetadata::new(from_acc.clone(), proof.is_some(), &from_npk);
// TODO: Technically we could allow unauthorized owned accounts, but currently we don't have
// support from that in the wallet.
let sender_pre = AccountWithMetadata::new(from_acc.clone(), true, &from_npk);
Ok(AccountPreparedData {
nsk,
nsk: Some(nsk),
npk: from_npk,
ipk: from_ipk,
pre_state: sender_pre,