feat: implement encryption to an address point and decryption from an…

… address secret (#9272)

Resolves #9326, #8966, #8969

This PR finally implements the new address scheme in encryption and
decryption. We encrypt with the address's point, and decrypt with
preaddress + ivsk (addressSecret).

Some nomenclature before we start:
The old address (h in Mike's presentation; hash(partialAddress,
publicKeysHash)) -> preAddress
The secret corresponding to the address point -> addressSecret

The flow generally works by taking a secret, and deriving a valid point
from it.

We then store the x-coordinate of this point as the address. We do this
even though we know that this x-coordinate has two valid y-coordinates
(a positive and negative one), but we do not store any information about
the sign in the address.

Even still, we can support secrets that get computed into a positive and
a negative y coordinate.

To do this, whenever we recompute the y-coordinate to recover the point
from the x-coordinate, we make sure to encrypt to the positive point
only. i.e. if we solve for y with x, and we get a negative coordinate,
we subtract it from the Field modulus to get a positive one.

But if you think "hey, we can't do that, our secret corresponds to a
negative y-coordinate", you would be right. In order to address this, we
as the owner of the secret, can recompute our full point as we know all
of the information that can derive this point. Thus we know what sign
our "true" y-coordinate is. In this case, if our y-coordinate is
negative, all we need to do is negate our secret (Field modulus minus
secret) to derive the secret for point containing the negated negative
(and now positive) y-coordinate.

You can see that this above process is being done, with the the
encryption taking place in `payload.nr`, and that the decryption taking
place in `note_processor.ts`.

Outstanding work:
The interface of `getEvents` in pxe_service should be investigated. With
these changes it works... but it's unnecessarily disgusting I think.

The interface of the encryption api in `payload.nr` is extremely jank,
but this pr is getting pretty big, so it will be handled imminently in
#9390.

Look through the rest of the tests, think about replacing arbitrary
addresses with "valid" ones.

Remove any excess code relating to needing the ivpk in both ts and nr

Docs and migration notes. As this change is pretty big I think it would
be good to go through this also later / with someone on the devrel team
to make sure the docs are comprehensively updated.

More of this stack doesn't show up on the graphite comment here:
<img width="1415" alt="image"
src="https://github.com/user-attachments/assets/4570a071-29ad-4148-9e7b-60c2fc978324">

noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr

@@ -29,11 +29,17 @@ pub fn compute_encrypted_log<let P: u32, let M: u32>(
 
     let header = EncryptedLogHeader::new(contract_address);
 
-    let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ivpk);
+    let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, recipient);
     let outgoing_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk);
-    let incoming_body_ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, ivpk);
-    let outgoing_body_ciphertext: [u8; 144] =
-        compute_outgoing_body_ciphertext(recipient, ivpk, fr_to_fq(ovsk_app), eph_sk, eph_pk);
+    let incoming_body_ciphertext =
+        compute_incoming_body_ciphertext(plaintext, eph_sk, IvpkM { inner: recipient.to_point() });
+    let outgoing_body_ciphertext: [u8; 144] = compute_outgoing_body_ciphertext(
+        recipient,
+        IvpkM { inner: recipient.to_point() },
+        fr_to_fq(ovsk_app),
+        eph_sk,
+        eph_pk,
+    );
 
     let mut encrypted_bytes: [u8; M] = [0; M];
     // @todo We ignore the tags for now
@@ -171,18 +177,19 @@ mod test {
         let contract_address = AztecAddress::from_field(
             0x10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e04,
         );
-        let ovsk_app = 0x03a6513d6def49f41d20373d2cec894c23e7492794b08fc50c0e8a1bd2512612;
+        let ovsk_app = 0x191ac5e29bbc8f80f29ed06b75eaf30c036ed7952d844833860c527077c8c3b4;
         let ovpk_m = OvpkM {
             inner: Point {
-                x: 0x1961448682803198631f299340e4206bb12809d4bebbf012b30f59af73ba1a15,
-                y: 0x133674060c3925142aceb4f1dcd9f9137d0217d37ff8729ee5ceaa6e2790353d,
+                x: 0x07f696b8b233de2c1935e43c793399586f532da5ff7c0356636a75acb862e964,
+                y: 0x156e8a3e42bfca3663936ba98c7fd26386a14657c23b5f5146f1a94b6c465154,
                 is_infinite: false,
             },
         };
+
         let ivpk_m = IvpkM {
             inner: Point {
-                x: 0x260cd3904f6df16e974c29944fdc839e40fb5cf293f03df2eb370851d3a527bc,
-                y: 0x0eef2964fe6640e84c82b5d2915892409b38e9e25d39f68dd79edb725c55387f,
+                x: 0x18dd22d6a4032eefe3a7a55703f583396596235f7c186e450c92981186ee7404,
+                y: 0x2e49e00996565114016a1a478309842ecbaf930fb716c3f498e7e10370631d75,
                 is_infinite: false,
             },
         };
@@ -200,7 +207,7 @@ mod test {
         let _ = OracleMock::mock("getRandomField").returns(eph_sk);
 
         let recipient = AztecAddress::from_field(
-            0x10ee41ee4b62703b16f61e03cb0d88c4b306a9eb4a6ceeb2aff13428541689a2,
+            0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
         );
 
         let log: [u8; 448] = compute_encrypted_log(
@@ -218,26 +225,26 @@ mod test {
             0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
             0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
             0, 0, 0, 0, 0, 0, 141, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235,
-            86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 126, 79,
-            51, 186, 47, 71, 253, 172, 99, 112, 241, 59, 197, 241, 107, 186, 232, 87, 187, 230, 171,
-            62, 228, 234, 42, 51, 145, 146, 238, 242, 42, 71, 206, 13, 244, 66, 111, 195, 20, 203,
-            98, 148, 204, 242, 145, 183, 156, 29, 141, 54, 44, 220, 194, 35, 229, 16, 32, 204, 211,
-            49, 142, 112, 82, 202, 116, 241, 254, 146, 42, 217, 20, 189, 70, 228, 182, 171, 205,
-            104, 27, 99, 171, 28, 91, 244, 21, 30, 130, 240, 5, 72, 174, 124, 97, 197, 157, 248,
-            193, 23, 193, 76, 46, 141, 144, 70, 211, 45, 67, 167, 218, 129, 140, 104, 190, 41, 110,
-            249, 209, 68, 106, 135, 164, 80, 235, 63, 101, 80, 32, 13, 38, 99, 145, 91, 11, 173,
-            151, 231, 247, 65, 153, 117, 229, 167, 64, 239, 182, 126, 235, 83, 4, 169, 8, 8, 160, 4,
-            235, 252, 21, 96, 84, 161, 69, 145, 145, 215, 254, 161, 117, 246, 198, 65, 89, 179, 194,
-            90, 19, 121, 12, 202, 114, 80, 195, 14, 60, 128, 105, 142, 100, 86, 90, 108, 157, 219,
-            22, 172, 20, 121, 195, 25, 159, 236, 2, 70, 75, 42, 37, 34, 2, 17, 149, 20, 176, 32, 18,
-            204, 56, 117, 121, 34, 15, 3, 88, 123, 64, 68, 74, 233, 63, 59, 131, 222, 194, 192, 167,
-            110, 217, 10, 128, 73, 129, 172, 61, 43, 12, 98, 165, 203, 191, 154, 161, 150, 4, 239,
-            95, 48, 60, 159, 33, 222, 142, 102, 73, 193, 236, 145, 197, 160, 216, 254, 113, 243, 25,
-            244, 251, 192, 222, 35, 7, 114, 101, 35, 152, 151, 112, 24, 32, 94, 138, 71, 160, 91,
-            68, 131, 217, 117, 140, 19, 147, 37, 197, 192, 21, 43, 172, 239, 239, 205, 15, 110, 76,
-            26, 211, 42, 117, 4, 15, 135, 145, 247, 37, 73, 84, 164, 149, 250, 35, 0, 205, 105, 178,
-            143, 104, 98, 100, 250, 193, 154, 136, 175, 177, 109, 225, 207, 252, 147, 250, 250, 189,
-            117, 147, 101, 230, 132,
+            86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 5, 119,
+            121, 10, 234, 188, 194, 216, 30, 200, 208, 201, 158, 127, 93, 43, 242, 241, 69, 32, 37,
+            220, 119, 122, 23, 132, 4, 248, 81, 217, 61, 232, 24, 146, 63, 133, 24, 120, 113, 217,
+            155, 223, 149, 214, 149, 239, 240, 169, 224, 155, 161, 81, 83, 252, 155, 77, 34, 75,
+            110, 30, 113, 223, 189, 202, 171, 6, 192, 157, 91, 60, 116, 155, 254, 190, 28, 4, 7,
+            236, 205, 4, 245, 27, 187, 89, 20, 38, 128, 200, 160, 145, 185, 127, 198, 203, 207, 97,
+            246, 194, 175, 155, 142, 188, 143, 120, 83, 122, 178, 63, 208, 197, 232, 24, 228, 212,
+            45, 69, 157, 38, 90, 219, 119, 194, 239, 130, 155, 246, 143, 135, 242, 196, 123, 71,
+            139, 181, 122, 231, 228, 26, 7, 100, 63, 101, 195, 83, 8, 61, 85, 123, 148, 227, 29,
+            164, 162, 161, 49, 39, 73, 141, 46, 179, 240, 52, 109, 165, 238, 210, 233, 188, 36, 90,
+            175, 2, 42, 149, 78, 208, 176, 145, 50, 180, 152, 245, 55, 112, 40, 153, 180, 78, 54,
+            102, 119, 98, 56, 235, 246, 51, 179, 86, 45, 127, 18, 77, 187, 168, 41, 24, 232, 113,
+            149, 138, 148, 33, 143, 215, 150, 188, 105, 131, 254, 236, 199, 206, 56, 44, 130, 134,
+            29, 99, 254, 69, 153, 146, 68, 234, 148, 148, 178, 38, 221, 182, 148, 178, 100, 13, 206,
+            0, 91, 71, 58, 207, 26, 227, 190, 21, 143, 85, 138, 209, 202, 34, 142, 159, 121, 61, 9,
+            57, 2, 48, 162, 89, 126, 14, 83, 173, 40, 247, 170, 154, 112, 12, 204, 48, 38, 7, 173,
+            108, 38, 234, 20, 16, 115, 91, 106, 140, 121, 63, 99, 23, 247, 0, 148, 9, 163, 145, 43,
+            21, 238, 47, 40, 204, 241, 124, 246, 201, 75, 114, 3, 1, 229, 197, 130, 109, 227, 158,
+            133, 188, 125, 179, 220, 51, 170, 121, 175, 202, 243, 37, 103, 13, 27, 53, 157, 8, 177,
+            11, 208, 120, 64, 211, 148, 201, 240, 56,
         ];
         assert_eq(encrypted_log_from_typescript, log);
     }

noir-projects/aztec-nr/aztec/src/keys/getters/mod.nr

@@ -28,7 +28,7 @@ pub fn get_public_keys(account: AztecAddress) -> PublicKeys {
         unsafe { get_public_keys_and_partial_address(account) };
     assert_eq(
         account,
-        AztecAddress::compute(hinted_canonical_public_keys.hash(), partial_address),
+        AztecAddress::compute(hinted_canonical_public_keys, partial_address),
         "Invalid public keys hint for address",
     );
 

noir-projects/aztec-nr/aztec/src/keys/getters/test.nr

@@ -18,8 +18,43 @@ unconstrained fn test_get_public_keys_unknown() {
 
     // Instead of querying for some unknown account, which would result in the oracle erroring out, we mock a bad oracle
     // response to check that the circuit properly checks the address derivation.
+    let mut random_keys_and_partial_address = [0; KEY_ORACLE_RESPONSE_LENGTH];
+    // We use randomly generated points on the curve, and a random partial address to ensure that
+    // this combination does not derive the address and we should see the assertion fail.
+    // npk_m
+    random_keys_and_partial_address[0] =
+        0x292364b852c6c6f01472951e76a39cbcf074591fd0e063a81965e7b51ad868a5;
+    random_keys_and_partial_address[1] =
+        0x0a687b46cdc9238f1c311f126aaaa4acbd7a737bff2efd7aeabdb8d805843a27;
+    random_keys_and_partial_address[2] =
+        0x0000000000000000000000000000000000000000000000000000000000000000;
+    // ivpk_m
+    random_keys_and_partial_address[3] =
+        0x173c5229a00c5425255680dd6edc27e278c48883991f348fe6985de43b4ec25f;
+    random_keys_and_partial_address[4] =
+        0x1698608e23b5f6c2f43c49a559108bb64e2247b8fc2da842296a416817f40b7f;
+    random_keys_and_partial_address[5] =
+        0x0000000000000000000000000000000000000000000000000000000000000000;
+    // ovpk_m
+    random_keys_and_partial_address[6] =
+        0x1bad2f7d1ad960a1bd0fe4d2c8d17f5ab4a86ef8b103e0a9e7f67ec0d3b4795e;
+    random_keys_and_partial_address[7] =
+        0x206db87110abbecc9fbaef2c865189d94ef2c106202f734ee4eba9257fd28bf1;
+    random_keys_and_partial_address[8] =
+        0x0000000000000000000000000000000000000000000000000000000000000000;
+    // tpk_m
+    random_keys_and_partial_address[9] =
+        0x05e3bd9cfe6b47daa139613619cf7d7fd8bb0112b6f2908caa6d9b536ed948ed;
+    random_keys_and_partial_address[10] =
+        0x051066f877c9df47552d02e7dc32127ff4edefc8498e813bca1cbd3f5d1be429;
+    random_keys_and_partial_address[11] =
+        0x0000000000000000000000000000000000000000000000000000000000000000;
+    // partial address
+    random_keys_and_partial_address[12] =
+        0x236703e2cb00a182e024e98e9f759231b556d25ff19f98896cebb69e9e678cc9;
+
     let _ = OracleMock::mock("getPublicKeysAndPartialAddress")
-        .returns([0; KEY_ORACLE_RESPONSE_LENGTH])
+        .returns(random_keys_and_partial_address.serialize())
         .times(1);
     let _ = get_public_keys(account.address);
 }

noir-projects/aztec-nr/aztec/src/utils/point.nr

@@ -1,6 +1,6 @@
 use dep::protocol_types::point::Point;
 
-// I am storing the modulus divided by 2 plus 1 here because full modulus would throw "String literal too large" error
+// I am storing the modulus minus 1 divided by 2 here because full modulus would throw "String literal too large" error
 // Full modulus is 21888242871839275222246405745257275088548364400416034343698204186575808495617
 global BN254_FR_MODULUS_DIV_2: Field =
     10944121435919637611123202872628637544274182200208017171849102093287904247808;

noir-projects/noir-contracts/contracts/contract_instance_deployer_contract/src/main.nr

@@ -98,7 +98,7 @@ contract ContractInstanceDeployer {
         let partial_address =
             PartialAddress::compute(contract_class_id, salt, initialization_hash, deployer);
 
-        let address = AztecAddress::compute(public_keys.hash(), partial_address);
+        let address = AztecAddress::compute(public_keys, partial_address);
 
         // Emit the address as a nullifier to be able to prove that this instance has been (not) deployed
         context.push_nullifier(address.to_field());

noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/util.nr

@@ -13,5 +13,5 @@ pub fn recover_address(message_hash: Field, witness: AuthWitness) -> AztecAddres
     );
     assert(verification == true);
 
-    AztecAddress::compute(witness.keys.hash(), witness.partial_address)
+    AztecAddress::compute(witness.keys, witness.partial_address)
 }

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/components/private_call_data_validator/validate_contract_address.nr

@@ -22,7 +22,7 @@ pub fn validate_contract_address(
         private_call_data.contract_class_artifact_hash,
         private_call_data.contract_class_public_bytecode_commitment,
         private_call_data.salted_initialization_hash,
-        private_call_data.public_keys.hash(),
+        private_call_data.public_keys,
     );
 
     let protocol_contract_index = contract_address.to_field();

noir-projects/noir-protocol-circuits/crates/private-kernel-lib/src/tests/private_call_data_validator_builder/validate_contract_address.nr

@@ -1,5 +1,8 @@
 use crate::tests::private_call_data_validator_builder::PrivateCallDataValidatorBuilder;
 use dep::types::address::AztecAddress;
+use std::embedded_curve_ops::{
+    EmbeddedCurvePoint, EmbeddedCurveScalar, fixed_base_scalar_mul as derive_public_key,
+};
 
 impl PrivateCallDataValidatorBuilder {
     pub fn new_with_regular_contract() -> Self {
@@ -71,8 +74,8 @@ fn validate_contract_address_incorrect_partial_address_preimage_fails() {
 fn validate_contract_address_incorrect_address_preimage_fails() {
     let mut builder = PrivateCallDataValidatorBuilder::new_with_regular_contract();
 
-    builder.private_call.public_keys.ivpk_m.inner.x =
-        builder.private_call.public_keys.ivpk_m.inner.x + 1;
+    builder.private_call.public_keys.ivpk_m.inner =
+        derive_public_key(EmbeddedCurveScalar::from_field(69));
 
     builder.validate();
 }

noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr

@@ -1,17 +1,28 @@
 use crate::{
     abis::function_selector::FunctionSelector,
+    public_keys::{ToPoint, PublicKeys, NpkM, IvpkM, OvpkM, TpkM},
     address::{
         partial_address::PartialAddress, public_keys_hash::PublicKeysHash,
         salted_initialization_hash::SaltedInitializationHash,
     },
-    constants::{AZTEC_ADDRESS_LENGTH, FUNCTION_TREE_HEIGHT, GENERATOR_INDEX__CONTRACT_ADDRESS_V1},
-    contract_class_id::ContractClassId,
+    constants::{
+        AZTEC_ADDRESS_LENGTH, FUNCTION_TREE_HEIGHT, GENERATOR_INDEX__PUBLIC_KEYS_HASH,
+        GENERATOR_INDEX__CONTRACT_ADDRESS_V1, MAX_FIELD_VALUE,
+    }, contract_class_id::ContractClassId,
     hash::{poseidon2_hash_with_separator, private_functions_root_from_siblings},
     merkle_tree::membership::MembershipWitness,
     traits::{Deserialize, Empty, FromField, Serialize, ToField},
     utils,
 };
 
+// We do below because `use crate::point::Point;` does not work
+use dep::std::embedded_curve_ops::EmbeddedCurvePoint as Point;
+
+use std::{
+    ec::{sqrt, pow},
+    embedded_curve_ops::{fixed_base_scalar_mul as derive_public_key, EmbeddedCurveScalar},
+};
+
 // Aztec address
 pub struct AztecAddress {
     inner: Field,
@@ -53,16 +64,53 @@ impl Deserialize<AZTEC_ADDRESS_LENGTH> for AztecAddress {
     }
 }
 
+impl ToPoint for AztecAddress {
+    fn to_point(self) -> Point {
+        // We compute the address point by taking our address, setting it to x, and then solving for y in the
+        // equation which defines our bn curve:
+        // y^2 = x^3 - 17; x = address
+        let x = self.inner;
+        let y_squared = pow(x, 3) - 17;
+
+        // TODO (#8970): Handle cases where we cannot recover a point from an address
+        let mut y = sqrt(y_squared);
+
+        // If we get a negative y coordinate (any y where y > MAX_FIELD_VALUE / 2), we pin it to the
+        // positive one (any value where y <= MAX_FIELD_VALUE / 2) by subtracting it from the Field modulus
+        // note: The field modulus is MAX_FIELD_VALUE + 1
+        if (!(y.lt(MAX_FIELD_VALUE / 2) | y.eq(MAX_FIELD_VALUE / 2))) {
+            y = (MAX_FIELD_VALUE + 1) - y;
+        }
+
+        Point { x: self.inner, y, is_infinite: false }
+    }
+}
+
 impl AztecAddress {
     pub fn zero() -> Self {
         Self { inner: 0 }
     }
 
-    pub fn compute(pub_keys_hash: PublicKeysHash, partial_address: PartialAddress) -> AztecAddress {
-        AztecAddress::from_field(poseidon2_hash_with_separator(
-            [pub_keys_hash.to_field(), partial_address.to_field()],
+    pub fn compute(public_keys: PublicKeys, partial_address: PartialAddress) -> AztecAddress {
+        let public_keys_hash = public_keys.hash();
+
+        let pre_address = poseidon2_hash_with_separator(
+            [public_keys_hash.to_field(), partial_address.to_field()],
             GENERATOR_INDEX__CONTRACT_ADDRESS_V1,
-        ))
+        );
+
+        let address_point = derive_public_key(EmbeddedCurveScalar::from_field(pre_address)).add(
+            public_keys.ivpk_m.to_point(),
+        );
+
+        // Note that our address is only the x-coordinate of the full address_point. This is okay because when people want to encrypt something and send it to us
+        // they can recover our full point using the x-coordinate (our address itself). To do this, they recompute the y-coordinate according to the equation y^2 = x^3 - 17.
+        // When they do this, they may get a positive y-coordinate (a value that is less than or equal to MAX_FIELD_VALUE / 2) or
+        // a negative y-coordinate (a value that is more than MAX_FIELD_VALUE), and we cannot dictate which one they get and hence the recovered point may sometimes be different than the one
+        // our secrect can decrypt. Regardless though, they should and will always encrypt using point with the positive y-coordinate by convention.
+        // This ensures that everyone encrypts to the same point given an arbitrary x-coordinate (address). This is allowed because even though our original point may not have a positive y-coordinate,
+        // with our original secret, we will be able to derive the secret to the point with the flipped (and now positive) y-coordinate that everyone encrypts to.
+        AztecAddress::from_field(address_point.x)
     }
 
     pub fn compute_from_private_function(
@@ -72,7 +120,7 @@ impl AztecAddress {
         contract_class_artifact_hash: Field,
         contract_class_public_bytecode_commitment: Field,
         salted_initialization_hash: SaltedInitializationHash,
-        public_keys_hash: PublicKeysHash,
+        public_keys: PublicKeys,
     ) -> Self {
         let private_functions_root = private_functions_root_from_siblings(
             function_selector,
@@ -93,7 +141,7 @@ impl AztecAddress {
             salted_initialization_hash,
         );
 
-        AztecAddress::compute(public_keys_hash, partial_address)
+        AztecAddress::compute(public_keys, partial_address)
     }
 
     pub fn is_zero(self) -> bool {
@@ -111,14 +159,49 @@ impl AztecAddress {
 }
 
 #[test]
-fn compute_address_from_partial_and_pub_keys_hash() {
-    let pub_keys_hash = PublicKeysHash::from_field(1);
-    let partial_address = PartialAddress::from_field(2);
-
-    let address = AztecAddress::compute(pub_keys_hash, partial_address);
-    let expected_computed_address_from_partial_and_pubkey =
-        0x23ce9be3fa3c846b0f9245cc796902e731d04f086e8a42473bb29e405fc98075;
-    assert(address.to_field() == expected_computed_address_from_partial_and_pubkey);
+fn compute_address_from_partial_and_pub_keys() {
+    let public_keys = PublicKeys {
+        npk_m: NpkM {
+            inner: Point {
+                x: 0x22f7fcddfa3ce3e8f0cc8e82d7b94cdd740afa3e77f8e4a63ea78a239432dcab,
+                y: 0x0471657de2b6216ade6c506d28fbc22ba8b8ed95c871ad9f3e3984e90d9723a7,
+                is_infinite: false,
+            },
+        },
+        ivpk_m: IvpkM {
+            inner: Point {
+                x: 0x111223493147f6785514b1c195bb37a2589f22a6596d30bb2bb145fdc9ca8f1e,
+                y: 0x273bbffd678edce8fe30e0deafc4f66d58357c06fd4a820285294b9746c3be95,
+                is_infinite: false,
+            },
+        },
+        ovpk_m: OvpkM {
+            inner: Point {
+                x: 0x09115c96e962322ffed6522f57194627136b8d03ac7469109707f5e44190c484,
+                y: 0x0c49773308a13d740a7f0d4f0e6163b02c5a408b6f965856b6a491002d073d5b,
+                is_infinite: false,
+            },
+        },
+        tpk_m: TpkM {
+            inner: Point {
+                x: 0x00d3d81beb009873eb7116327cf47c612d5758ef083d4fda78e9b63980b2a762,
+                y: 0x2f567d22d2b02fe1f4ad42db9d58a36afd1983e7e2909d1cab61cafedad6193a,
+                is_infinite: false,
+            },
+        },
+    };
+
+    let partial_address = PartialAddress::from_field(
+        0x0a7c585381b10f4666044266a02405bf6e01fa564c8517d4ad5823493abd31de,
+    );
+
+    let address = AztecAddress::compute(public_keys, partial_address);
+
+    // The following value was generated by `derivation.test.ts`.
+    // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
+    let expected_computed_address_from_partial_and_pubkeys =
+        0x24e4646f58b9fbe7d38e317db8d5636c423fbbdfbe119fc190fe9c64747e0c62;
+    assert(address.to_field() == expected_computed_address_from_partial_and_pubkeys);
 }
 
 #[test]

noir-projects/noir-protocol-circuits/crates/types/src/contract_instance.nr

@@ -84,7 +84,7 @@ impl Hash for ContractInstance {
 impl ContractInstance {
     fn to_address(self) -> AztecAddress {
         AztecAddress::compute(
-            self.public_keys.hash(),
+            self.public_keys,
             PartialAddress::compute(
                 self.contract_class_id,
                 self.salt,