Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
sklppy88 committed Oct 24, 2024
1 parent c0ccd34 commit fe8d894
Show file tree
Hide file tree
Showing 7 changed files with 99 additions and 64 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ where
let contract_address: AztecAddress = context.this_address();
let plaintext = event.private_to_be_bytes(randomness);
let encrypted_log: [u8; 416 + N * 32] =
compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext);
let log_hash = sha256_to_field(encrypted_log);
(encrypted_log, log_hash)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ where

let plaintext = note.to_be_bytes(storage_slot);
let encrypted_log: [u8; 416 + N * 32] =
compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext);
let log_hash = sha256_to_field(encrypted_log);

(note_hash_counter, encrypted_log, log_hash)
Expand Down Expand Up @@ -122,7 +122,6 @@ pub fn encrypt_and_emit_partial_log<let M: u32>(
context.this_address(),
ovsk_app,
recipient_keys.ovpk_m,
recipient_keys.ivpk_m,
recipient,
log_plaintext,
);
Expand Down
72 changes: 27 additions & 45 deletions noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
Original file line number Diff line number Diff line change
Expand Up @@ -12,30 +12,26 @@ use crate::{
encrypted_logs::header::EncryptedLogHeader,
keys::point_to_symmetric_key::point_to_symmetric_key,
};
use protocol_types::public_keys::AddressPoint;

pub fn compute_encrypted_log<let P: u32, let M: u32>(
contract_address: AztecAddress,
ovsk_app: Field,
ovpk: OvpkM,
ivpk: IvpkM,
recipient: AztecAddress,
plaintext: [u8; P],
) -> [u8; M] {
let (eph_sk, eph_pk) = generate_ephemeral_key_pair();

let header = EncryptedLogHeader::new(contract_address);

let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, recipient);
let incoming_header_ciphertext: [u8; 48] =
header.compute_ciphertext(eph_sk, recipient.to_address_point());
let outgoing_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk);
let incoming_body_ciphertext =
compute_incoming_body_ciphertext(plaintext, eph_sk, IvpkM { inner: recipient.to_point() });
let outgoing_body_ciphertext: [u8; 144] = compute_outgoing_body_ciphertext(
recipient,
IvpkM { inner: recipient.to_point() },
fr_to_fq(ovsk_app),
eph_sk,
eph_pk,
);
compute_incoming_body_ciphertext(plaintext, eph_sk, recipient.to_address_point());
let outgoing_body_ciphertext: [u8; 144] =
compute_outgoing_body_ciphertext(recipient, fr_to_fq(ovsk_app), eph_sk, eph_pk);

let mut encrypted_bytes: [u8; M] = [0; M];
// @todo We ignore the tags for now
Expand Down Expand Up @@ -96,9 +92,9 @@ fn generate_ephemeral_key_pair() -> (Scalar, Point) {
pub fn compute_incoming_body_ciphertext<let P: u32>(
plaintext: [u8; P],
eph_sk: Scalar,
ivpk: IvpkM,
address_point: AddressPoint,
) -> [u8] {
let full_key = point_to_symmetric_key(eph_sk, ivpk.to_point());
let full_key = point_to_symmetric_key(eph_sk, address_point.to_point());
let mut sym_key = [0; 16];
let mut iv = [0; 16];

Expand All @@ -113,7 +109,6 @@ pub fn compute_incoming_body_ciphertext<let P: u32>(
/// be able to derive the key with which the incoming log can be decrypted.
pub fn compute_outgoing_body_ciphertext(
recipient: AztecAddress,
recipient_ivpk: IvpkM,
ovsk_app: Scalar,
eph_sk: Scalar,
eph_pk: Point,
Expand All @@ -126,7 +121,7 @@ pub fn compute_outgoing_body_ciphertext(
let serialized_eph_sk_low: [u8; 32] = eph_sk.lo.to_be_bytes();

let address_bytes: [u8; 32] = recipient.to_field().to_be_bytes();
let serialized_recipient_ivpk = point_to_bytes(recipient_ivpk.to_point());
let serialized_recipient_ivpk = point_to_bytes(recipient.to_address_point().to_point());

for i in 0..32 {
buffer[i] = serialized_eph_sk_high[i];
Expand Down Expand Up @@ -163,6 +158,7 @@ mod test {
address::AztecAddress, public_keys::{OvpkM, IvpkM}, point::Point, scalar::Scalar,
};
use std::test::OracleMock;
use protocol_types::public_keys::AddressPoint;

#[test]
unconstrained fn test_encrypted_log_matches_typescript() {
Expand Down Expand Up @@ -203,16 +199,10 @@ mod test {
0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
);

let log: [u8; 448] = compute_encrypted_log(
contract_address,
ovsk_app,
ovpk_m,
ivpk_m,
recipient,
plaintext,
);
let log: [u8; 448] =
compute_encrypted_log(contract_address, ovsk_app, ovpk_m, recipient, plaintext);

// The following value was generated by `tagged_log.test.ts`
// The following value was generated by `encrypted_log_payload.test.ts`
// --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
let encrypted_log_from_typescript = [
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
Expand Down Expand Up @@ -249,7 +239,7 @@ mod test {
lo: 0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
hi: 0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
};
let ivpk = IvpkM {
let address_point = AddressPoint {
inner: Point {
x: 0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186,
y: 0x1e96887b117afca01c00468264f4f80b5bb16d94c1808a448595f115556e5c8e,
Expand All @@ -267,7 +257,7 @@ mod test {

// `compute_incoming_body_ciphertext(...)` function then derives symmetric key from `eph_sk` and `ivpk` and encrypts
// the note plaintext using AES-128.
let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, ivpk);
let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, address_point);

// The following value was generated by `encrypted_note_log_incoming_body.test.ts`.
// --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
Expand Down Expand Up @@ -297,39 +287,31 @@ mod test {
lo: 0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe,
hi: 0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb,
};
let recipient_ivsk = Scalar {
lo: 0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022,
hi: 0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31,
};

let sender_ovsk_app = Scalar {
lo: 0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444e,
hi: 0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048b,
};

let eph_pk = derive_public_key(eph_sk);
let recipient_ivpk = IvpkM { inner: derive_public_key(recipient_ivsk) };

let recipient = AztecAddress::from_field(0xdeadbeef);

let ciphertext = compute_outgoing_body_ciphertext(
recipient,
recipient_ivpk,
sender_ovsk_app,
eph_sk,
eph_pk,
let recipient = AztecAddress::from_field(
0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
);

// The following value was generated by `encrypted_log_outgoing_body.test.ts`
let ciphertext =
compute_outgoing_body_ciphertext(recipient, sender_ovsk_app, eph_sk, eph_pk);

// The following value was generated by `encrypted_log_payload.test.ts`
// --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
let outgoing_body_ciphertext_from_typescript = [
127, 182, 227, 75, 192, 197, 54, 47, 168, 134, 233, 148, 251, 46, 86, 12, 73, 50, 238,
50, 31, 174, 27, 202, 110, 77, 161, 197, 244, 124, 17, 100, 143, 150, 232, 14, 156, 248,
43, 177, 16, 82, 244, 103, 88, 74, 84, 200, 15, 65, 187, 14, 163, 60, 91, 22, 104, 31,
211, 190, 124, 121, 79, 92, 239, 65, 185, 106, 51, 178, 168, 137, 84, 43, 79, 158, 151,
152, 83, 42, 170, 13, 106, 209, 254, 74, 39, 145, 73, 215, 17, 234, 196, 89, 30, 58,
120, 127, 88, 69, 121, 61, 18, 206, 89, 118, 243, 238, 177, 71, 73, 47, 147, 4, 155, 25,
173, 248, 206, 52, 17, 180, 122, 186, 106, 191, 252, 102, 197, 91, 16, 39, 94, 91, 224,
30, 168, 177, 26, 144, 5, 124, 128, 6,
211, 190, 124, 121, 79, 92, 238, 182, 194, 225, 34, 71, 67, 116, 27, 231, 68, 161, 147,
94, 53, 195, 83, 237, 172, 52, 173, 229, 26, 234, 107, 43, 82, 68, 16, 105, 37, 125,
117, 86, 133, 50, 21, 92, 74, 229, 105, 141, 83, 229, 255, 251, 21, 61, 234, 61, 168,
221, 106, 231, 8, 73, 208, 60, 251, 46, 251, 228, 148, 144, 187, 195, 38, 18, 223, 153,
8, 121, 178, 84, 237, 148, 254, 219, 59, 62,
];

assert_eq(outgoing_body_ciphertext_from_typescript, ciphertext);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ use std::{
ec::{sqrt, pow},
embedded_curve_ops::{fixed_base_scalar_mul as derive_public_key, EmbeddedCurveScalar},
};
use crate::public_keys::AddressPoint;

// Aztec address
pub struct AztecAddress {
Expand Down Expand Up @@ -66,8 +67,12 @@ impl Deserialize<AZTEC_ADDRESS_LENGTH> for AztecAddress {
}
}

impl ToPoint for AztecAddress {
fn to_point(self) -> Point {
impl AztecAddress {
pub fn zero() -> Self {
Self { inner: 0 }
}

pub fn to_address_point(self) -> AddressPoint {
// Calculate y^2 = x^3 - 17
let y_squared = pow(self.inner, 3) - 17;

Expand All @@ -84,13 +89,7 @@ impl ToPoint for AztecAddress {
y = (BN254_FR_MODULUS_DIV_2 + BN254_FR_MODULUS_DIV_2 + 1) - y;
}

Point { x: self.inner, y, is_infinite: false }
}
}

impl AztecAddress {
pub fn zero() -> Self {
Self { inner: 0 }
AddressPoint { inner: Point { x: self.inner, y, is_infinite: false } }
}

pub fn compute_preaddress(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,16 @@ impl Deserialize<PUBLIC_KEYS_LENGTH> for PublicKeys {
}
}

pub struct AddressPoint {
inner: Point,
}

impl ToPoint for AddressPoint {
fn to_point(self) -> Point {
self.inner
}
}

#[test]
unconstrained fn compute_public_keys_hash() {
let keys = PublicKeys {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,12 @@ import {
} from '@aztec/circuits.js';
import { randomBytes } from '@aztec/foundation/crypto';
import { Fr, GrumpkinScalar } from '@aztec/foundation/fields';
import { serializeToBuffer } from '@aztec/foundation/serialize';
import { updateInlineTestData } from '@aztec/foundation/testing';

import { EncryptedLogPayload } from './encrypted_log_payload.js';
import { encrypt } from './encryption_util.js';
import { derivePoseidonAESSecret } from './shared_secret_derivation.js';

// placeholder value until tagging is implemented
const PLACEHOLDER_TAG = new Fr(33);
Expand Down Expand Up @@ -59,6 +62,48 @@ describe('EncryptedLogPayload', () => {
});
});

it('outgoing ciphertest matches Noir', () => {
const ephSk = GrumpkinScalar.fromHighLow(
new Fr(0x000000000000000000000000000000000f096b423017226a18461115fa8d34bbn),
new Fr(0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fen),
);

const senderOvskApp = GrumpkinScalar.fromHighLow(
new Fr(0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048bn),
new Fr(0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444en),
);

const ephPk = derivePublicKeyFromSecretKey(ephSk);

const recipient = AztecAddress.fromBigInt(0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70cn);

const outgoingBodyPlaintext = serializeToBuffer(
ephSk.hi,
ephSk.lo,
recipient,
computePoint(recipient).toCompressedBuffer(),
);
const outgoingBodyCiphertext = encrypt(
outgoingBodyPlaintext,
senderOvskApp,
ephPk,
derivePoseidonAESSecret,
).toString('hex');

expect(outgoingBodyCiphertext).toMatchInlineSnapshot(
`"7fb6e34bc0c5362fa886e994fb2e560c4932ee321fae1bca6e4da1c5f47c11648f96e80e9cf82bb11052f467584a54c80f41bb0ea33c5b16681fd3be7c794f5ceeb6c2e1224743741be744a1935e35c353edac34ade51aea6b2b52441069257d75568532155c4ae5698d53e5fffb153dea3da8dd6ae70849d03cfb2efbe49490bbc32612df990879b254ed94fedb3b3e"`,
);

const byteArrayString = `[${outgoingBodyCiphertext.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`;

// Run with AZTEC_GENERATE_TEST_DATA=1 to update noir test data
updateInlineTestData(
'noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr',
'outgoing_body_ciphertext_from_typescript',
byteArrayString,
);
});

it('encrypted tagged log matches Noir', () => {
// All the values in this test were arbitrarily set and copied over to `payload.nr`
const contract = AztecAddress.fromString('0x10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e04');
Expand Down
14 changes: 7 additions & 7 deletions yarn-project/protocol-contracts/src/protocol_contract_data.ts
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,14 @@ export const ProtocolContractAddress: Record<ProtocolContractName, AztecAddress>
};

export const ProtocolContractLeaf = {
AuthRegistry: Fr.fromString('0x087d102766af335cf7654eb5d946dccf114d0eb1e86dc788cbc10d87e1c84fd0'),
ContractInstanceDeployer: Fr.fromString('0x10141a7093a1050d38fc0467c6c81ca7beb158ef47095145ce4edd52be7ef661'),
ContractClassRegisterer: Fr.fromString('0x074de3b4ee658fd695a1be6c4f9f10fe3042b948955436e0e20c31c7027cfaef'),
MultiCallEntrypoint: Fr.fromString('0x19bc0ab26e84d8b2551cb3c83000a5da0f6958056fcaa91f63c14c35e266ef0d'),
FeeJuice: Fr.fromString('0x033a034d778d077970ae6108253a4971e37af6bd163d80b3be184c5838045eda'),
Router: Fr.fromString('0x24eed1db8f33a2db1611412c16157a28a57c7bef4794844c4ef228d538438ac8'),
AuthRegistry: Fr.fromString('0x25287d474d84b6ecb5d4f5e90b8efe5969a35ddb9d605077e5df17dac0f2aa58'),
ContractInstanceDeployer: Fr.fromString('0x1b92794557c9c6694ede81d4ea8909f786fe37ec51018d673f9ed6d8df09fcb2'),
ContractClassRegisterer: Fr.fromString('0x034af167c41eeb46cb695f9fc56824b3339b23aa670ebfef7bf5d3c8dd5c13d4'),
MultiCallEntrypoint: Fr.fromString('0x009d1fc8ca80534c2de293ce6eedc71cc145e0562fd1af0826c734c77b1543a5'),
FeeJuice: Fr.fromString('0x07c4d7db5027bcdb7b71a60186a5e137d22bd8412d11fee0676d070c68d0f7ee'),
Router: Fr.fromString('0x12df324157fddc5be72e52e527416e3f7c70240deab1c953613d904232e1eb78'),
};

export const protocolContractTreeRoot = Fr.fromString(
'0x1299197d756a2e86830d877cb2c5c71ab20aa4f97726fc7ccd2d468ce20d81a6',
'0x04180f14bbf7d65ec020746102a118a58c4aa4016cdd85a41614fc4d972607cf',
);

0 comments on commit fe8d894

Please sign in to comment.