From fd7421624970c2e09b7f264b490042f2b6718711 Mon Sep 17 00:00:00 2001
From: Sergio Chouhy <sergio.chouhy@gmail.com>
Date: Tue, 26 Aug 2025 14:14:08 -0300
Subject: [PATCH] add commit to kdf

---
 nssa/core/src/lib.rs                          | 48 ++++---------------
 .../src/bin/privacy_preserving_circuit.rs     |  4 +-
 .../privacy_preserving_transaction/circuit.rs | 21 ++++++--
 .../privacy_preserving_transaction/message.rs |  3 +-
 4 files changed, 29 insertions(+), 47 deletions(-)

diff --git a/nssa/core/src/lib.rs b/nssa/core/src/lib.rs
index aec9ab9..89dbeac 100644
--- a/nssa/core/src/lib.rs
+++ b/nssa/core/src/lib.rs
@@ -71,15 +71,10 @@ impl Ciphertext {
         self,
         shared_secret: &[u8; 32],
         npk: &NullifierPublicKey,
+        commitment: &Commitment,
         output_index: u32,
     ) -> Option<Account> {
-        let key = Self::kdf(
-            &shared_secret,
-            npk,
-            // &ipk,
-            // &commitment.to_byte_array(),
-            output_index,
-        );
+        let key = Self::kdf(&shared_secret, npk, commitment, output_index);
         let mut cipher = ChaCha20::new(&key.into(), &[0; 12].into());
         let mut buffer = self.0;
 
@@ -92,31 +87,22 @@ impl Ciphertext {
         account: &Account,
         shared_secret: &[u8; 32],
         npk: &NullifierPublicKey,
-        // ipk: &IncomingViewingPublicKey,
+        commitment: &Commitment,
         output_index: u32,
     ) -> Self {
         let mut buffer = account.to_bytes().to_vec();
 
-        let key = Self::kdf(
-            shared_secret,
-            npk,
-            // ipk,
-            // &commitment.to_byte_array(),
-            output_index,
-        );
+        let key = Self::kdf(shared_secret, npk, commitment, output_index);
         let mut cipher = ChaCha20::new(&key.into(), &[0; 12].into());
         cipher.apply_keystream(&mut buffer);
 
-        // let view_tag = Self::view_tag(&npk, &ipk);
         Self(buffer)
     }
 
     pub fn kdf(
         ss_bytes: &[u8; 32],
         npk: &NullifierPublicKey,
-        // epk: &EphemeralPublicKey,
-        // ipk: &IncomingViewingPublicKey,
-        // commitment: &[u8; 32],
+        commitment: &Commitment,
         output_index: u32,
     ) -> [u8; 32] {
         let mut bytes = Vec::new();
@@ -124,9 +110,7 @@ impl Ciphertext {
         bytes.extend_from_slice(b"NSSA/v0.1/KDF-SHA256");
         bytes.extend_from_slice(ss_bytes);
         bytes.extend_from_slice(&npk.to_byte_array());
-        // bytes.extend_from_slice(&epk.0[..]);
-        // bytes.extend_from_slice(&ipk.0[..]);
-        // bytes.extend_from_slice(&commitment[..]);
+        bytes.extend_from_slice(&commitment.to_byte_array());
         bytes.extend_from_slice(&output_index.to_le_bytes());
 
         Impl::hash_bytes(&bytes).as_bytes().try_into().unwrap()
@@ -141,12 +125,6 @@ impl Ciphertext {
         let mut ciphertext = vec![0; ciphertext_lenght as usize];
         cursor.read_exact(&mut ciphertext)?;
 
-        // let mut epk_bytes = vec![0; 33];
-        // cursor.read_exact(&mut epk_bytes)?;
-        //
-        // let mut tag_bytes = [0; 1];
-        // cursor.read_exact(&mut tag_bytes)?;
-
         Ok(Self(ciphertext))
     }
 }
@@ -157,8 +135,6 @@ impl Ciphertext {
         let ciphertext_length: u32 = self.0.len() as u32;
         bytes.extend_from_slice(&ciphertext_length.to_le_bytes());
         bytes.extend_from_slice(&self.0);
-        // bytes.extend_from_slice(&self.epk.0);
-        // bytes.push(self.view_tag);
 
         bytes
     }
@@ -169,12 +145,7 @@ pub struct PrivacyPreservingCircuitInput {
     pub program_output: ProgramOutput,
     pub visibility_mask: Vec<u8>,
     pub private_account_nonces: Vec<Nonce>,
-    pub private_account_keys: Vec<(
-        NullifierPublicKey,
-        SharedSecretKey,
-        // IncomingViewingPublicKey,
-        // EphemeralSecretKey,
-    )>,
+    pub private_account_keys: Vec<(NullifierPublicKey, SharedSecretKey)>,
     pub private_account_auth: Vec<(NullifierSecretKey, MembershipProof)>,
     pub program_id: ProgramId,
 }
@@ -236,10 +207,7 @@ mod tests {
                 data: b"post state data".to_vec(),
                 nonce: 18446744073709551615,
             }],
-            ciphertexts: vec![
-                Ciphertext(vec![255, 255, 1, 1, 2, 2]), // epk: EphemeralPublicKey::from_scalar([123; 32]),
-                                                        // view_tag: 1,
-            ],
+            ciphertexts: vec![Ciphertext(vec![255, 255, 1, 1, 2, 2])],
             new_commitments: vec![Commitment::new(
                 &NullifierPublicKey::from(&[1; 32]),
                 &Account::default(),
diff --git a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
index cda5053..fb4a41b 100644
--- a/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
+++ b/nssa/program_methods/guest/src/bin/privacy_preserving_circuit.rs
@@ -119,10 +119,8 @@ fn main() {
                 let encrypted_account = Ciphertext::new(
                     &post_with_updated_values,
                     shared_secret,
-                    // &commitment_post,
-                    // esk,
                     Npk,
-                    // Ipk,
+                    &commitment_post,
                     output_index,
                 );
 
diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs
index 38407ce..49dd8f3 100644
--- a/nssa/src/privacy_preserving_transaction/circuit.rs
+++ b/nssa/src/privacy_preserving_transaction/circuit.rs
@@ -180,7 +180,12 @@ mod tests {
 
         let recipient_post = output.ciphertexts[0]
             .clone()
-            .decrypt(&shared_secret, &recipient_keys.npk(), 0)
+            .decrypt(
+                &shared_secret,
+                &recipient_keys.npk(),
+                &output.new_commitments[0],
+                0,
+            )
             .unwrap();
         assert_eq!(recipient_post, expected_recipient_post);
     }
@@ -268,13 +273,23 @@ mod tests {
 
         let sender_post = output.ciphertexts[0]
             .clone()
-            .decrypt(&shared_secret_1, &sender_keys.npk(), 0)
+            .decrypt(
+                &shared_secret_1,
+                &sender_keys.npk(),
+                &expected_new_commitments[0],
+                0,
+            )
             .unwrap();
         assert_eq!(sender_post, expected_private_account_1);
 
         let recipient_post = output.ciphertexts[1]
             .clone()
-            .decrypt(&shared_secret_2, &recipient_keys.npk(), 1)
+            .decrypt(
+                &shared_secret_2,
+                &recipient_keys.npk(),
+                &expected_new_commitments[1],
+                1,
+            )
             .unwrap();
         assert_eq!(recipient_post, expected_private_account_2);
     }
diff --git a/nssa/src/privacy_preserving_transaction/message.rs b/nssa/src/privacy_preserving_transaction/message.rs
index 245297f..a56ed7d 100644
--- a/nssa/src/privacy_preserving_transaction/message.rs
+++ b/nssa/src/privacy_preserving_transaction/message.rs
@@ -52,10 +52,11 @@ impl EncryptedAccountData {
         isk: &[u8; 32],
         epk: &EphemeralPublicKey,
         npk: &NullifierPublicKey,
+        commitment: &Commitment,
         output_index: u32,
     ) -> Option<Account> {
         let shared_secret = Self::compute_shared_secret(isk, &epk);
-        self.ciphertext.decrypt(&shared_secret, npk, output_index)
+        self.ciphertext.decrypt(&shared_secret, npk, commitment, output_index)
     }
 
     pub fn compute_shared_secret(scalar: &[u8; 32], point: &Secp256k1Point) -> SharedSecretKey {