feat: add nullifying key to Token Note

noir-projects/aztec-nr/aztec/src/context/private_context.nr

@@ -3,14 +3,13 @@ use crate::{
     messaging::process_l1_to_l2_message,
     hash::{hash_args_array, ArgsHasher, compute_encrypted_log_hash, compute_unencrypted_log_hash},
     oracle::{
-    arguments, returns, call_private_function::call_private_function_internal,
+    arguments, returns, call_private_function::call_private_function_internal, header::get_header_at,
+    logs::emit_encrypted_log, logs_traits::{LensForEncryptedLog, ToBytesForUnencryptedLog},
+    nullifier_key::{get_nullifier_keys, get_nullifier_keys_with_npk_m_h, NullifierKeys},
     enqueue_public_function_call::{
     enqueue_public_function_call_internal, set_public_teardown_function_call_internal,
     parse_public_call_stack_item_from_oracle
-},
-    header::get_header_at, logs::emit_encrypted_log,
-    logs_traits::{LensForEncryptedLog, ToBytesForUnencryptedLog},
-    nullifier_key::{get_nullifier_keys, NullifierKeys}
+}
 }
 };
 use dep::protocol_types::{
@@ -29,8 +28,10 @@ use dep::protocol_types::{
     MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL, MAX_ENCRYPTED_LOGS_PER_CALL,
     MAX_UNENCRYPTED_LOGS_PER_CALL
 },
-    grumpkin_point::GrumpkinPoint, header::Header, messaging::l2_to_l1_message::L2ToL1Message,
-    traits::{is_empty, Deserialize, Empty}
+    contrakt::{storage_read::StorageRead, storage_update_request::StorageUpdateRequest},
+    grumpkin_private_key::GrumpkinPrivateKey, grumpkin_point::GrumpkinPoint, header::Header,
+    messaging::l2_to_l1_message::L2ToL1Message, utils::reader::Reader,
+    traits::{is_empty, Deserialize, Empty}, hash::poseidon2_hash
 };
 
 // When finished, one can call .finish() to convert back to the abi
@@ -220,6 +221,31 @@ impl PrivateContext {
         keys.app_nullifier_secret_key
     }
 
+    // TODO: (#6176) Replace request_app_nullifier_secret_key above with this once we no longer get app nullifier secret key with address
+    pub fn request_nsk_app_with_npk_m_h(&mut self, master_public_nullifying_key_hash: Field) -> Field {
+        let keys = if self.nullifier_key.is_none() {
+            let keys = get_nullifier_keys_with_npk_m_h(master_public_nullifying_key_hash);
+            let request = NullifierKeyValidationRequest {
+                master_nullifier_public_key: keys.master_nullifier_public_key,
+                app_nullifier_secret_key: keys.app_nullifier_secret_key
+            };
+            self.nullifier_key_validation_requests.push(request);
+            self.nullifier_key = Option::some(keys);
+            keys
+        } else {
+            let keys = self.nullifier_key.unwrap_unchecked();
+            // If MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL is larger than 1, need to update the way the key pair is cached.
+            assert(MAX_NULLIFIER_KEY_VALIDATION_REQUESTS_PER_CALL == 1);
+            keys
+        };
+
+        // We have to check if the key that was requested or cached corresponds to the one we request for
+        assert_eq(
+            poseidon2_hash(keys.master_nullifier_public_key.serialize()), master_public_nullifying_key_hash
+        );
+        keys.app_nullifier_secret_key
+    }
+
     // docs:start:context_message_portal
     pub fn message_portal(&mut self, recipient: EthAddress, content: Field) {
         // docs:end:context_message_portal

noir-projects/aztec-nr/aztec/src/keys/getters.nr

@@ -1,4 +1,7 @@
-use dep::protocol_types::{address::AztecAddress, constants::CANONICAL_KEY_REGISTRY_ADDRESS, grumpkin_point::GrumpkinPoint};
+use dep::protocol_types::{
+    address::AztecAddress, constants::CANONICAL_KEY_REGISTRY_ADDRESS, grumpkin_point::GrumpkinPoint,
+    hash::poseidon2_hash
+};
 use crate::{
     context::PrivateContext, oracle::keys::get_public_keys_and_partial_address,
     state_vars::{
@@ -22,6 +25,10 @@ pub fn get_npk_m(context: &mut PrivateContext, address: AztecAddress) -> Grumpki
     get_master_key(context, address, NULLIFIER_INDEX)
 }
 
+pub fn get_npk_m_h(context: &mut PrivateContext, address: AztecAddress) -> Field {
+    poseidon2_hash(get_master_key(context, address, NULLIFIER_INDEX).serialize())
+}
+
 pub fn get_ivpk_m(context: &mut PrivateContext, address: AztecAddress) -> GrumpkinPoint {
     get_master_key(context, address, INCOMING_INDEX)
 }

noir-projects/aztec-nr/aztec/src/oracle/get_public_key.nr

@@ -18,3 +18,25 @@ pub fn get_public_key(address: AztecAddress) -> GrumpkinPoint {
 
     pub_key
 }
+
+// TODO(#5901 -> #5834): This should be refactored, would be most effective to do it after new encrypted log scheme, as well as key store pxe separation.
+#[oracle(getPublicKeyAndPartialAddressWithNpkMH)]
+fn get_public_key_and_partial_address_with_npk_m_h_oracle(master_nullifier_public_key_hash: Field) -> [Field; 3] {}
+
+unconstrained fn get_public_key_and_partial_address_with_npk_m_h_internal(master_nullifier_public_key_hash: Field) -> [Field; 3] {
+    get_public_key_and_partial_address_with_npk_m_h_oracle(master_nullifier_public_key_hash)
+}
+
+// TODO (#5901): This is used when we emit encrypted logs and will be changed.
+// TODO (#6178): This function should not be contraining things here.
+pub fn get_public_key_with_npk_m_h(master_nullifier_public_key_hash: Field) -> GrumpkinPoint {
+    let result = get_public_key_and_partial_address_with_npk_m_h_internal(master_nullifier_public_key_hash);
+    let pub_key = GrumpkinPoint::new(result[0], result[1]);
+    let partial_address = PartialAddress::from_field(result[2]);
+
+    // TODO(#5830): disabling the following constraint until we update the oracle according to the new key scheme
+    // let calculated_address = AztecAddress::compute(PublicKeysHash::compute(pub_key), partial_address);
+    // assert(calculated_address.eq(address));
+
+    pub_key
+}

noir-projects/aztec-nr/aztec/src/oracle/nullifier_key.nr

@@ -2,6 +2,7 @@ use dep::protocol_types::{address::AztecAddress, grumpkin_point::GrumpkinPoint,
 
 // Nullifier keys pertaining to a specific account
 struct NullifierKeys {
+    // TODO (#6176): Replace get_nullifier_keys above with this once we no longer get nullifier keys with address
     account: AztecAddress,
     master_nullifier_public_key: GrumpkinPoint,
     app_nullifier_secret_key: Field,
@@ -26,3 +27,26 @@ pub fn get_nullifier_keys(account: AztecAddress) -> NullifierKeys {
 pub fn get_app_nullifier_secret_key(account: AztecAddress) -> Field {
     get_nullifier_keys_internal(account).app_nullifier_secret_key
 }
+
+// TODO (#6176): Replace get_nullifier_keys above with this once we no longer get nullifier keys with address
+#[oracle(getNullifierKeysWithNpkMH)]
+fn get_nullifier_keys_with_npk_m_h_oracle(_master_nullifier_public_key_hash: Field) -> [Field; 3] {}
+
+unconstrained fn get_nullifier_keys_with_npk_m_h_internal(master_nullifier_public_key_hash: Field) -> NullifierKeys {
+    let result = get_nullifier_keys_with_npk_m_h_oracle(master_nullifier_public_key_hash);
+    NullifierKeys {
+        account: AztecAddress::zero(),
+        master_nullifier_public_key: GrumpkinPoint { x: result[0], y: result[1] },
+        app_nullifier_secret_key: result[2]
+    }
+}
+
+// We get the full struct Nullifier Keys here
+pub fn get_nullifier_keys_with_npk_m_h(master_nullifier_public_key_hash: Field) -> NullifierKeys {
+    get_nullifier_keys_with_npk_m_h_internal(master_nullifier_public_key_hash)
+}
+
+// We are only getting the app_nullifier_secret_key here
+pub fn get_nsk_app_with_npk_m_h(master_nullifier_public_key_hash: Field) -> Field {
+    get_nullifier_keys_with_npk_m_h_internal(master_nullifier_public_key_hash).app_nullifier_secret_key
+}

noir-projects/noir-contracts/contracts/token_contract/src/types/balances_map.nr

@@ -4,8 +4,8 @@ use dep::aztec::prelude::{
 };
 use dep::aztec::{
     context::{PublicContext, Context}, hash::pedersen_hash,
-    protocol_types::constants::MAX_NOTE_HASH_READ_REQUESTS_PER_CALL,
-    note::{note_getter::view_notes, note_getter_options::SortOrder}
+    protocol_types::{constants::MAX_NOTE_HASH_READ_REQUESTS_PER_CALL, hash::poseidon2_hash},
+    note::{note_getter::view_notes, note_getter_options::SortOrder}, keys::getters::get_npk_m_h
 };
 use crate::types::token_note::{TokenNote, OwnedNote};
 
@@ -60,7 +60,10 @@ impl<T> BalancesMap<T> {
         owner: AztecAddress,
         addend: U128
     ) where T: NoteInterface<T_SERIALIZED_LEN> + OwnedNote {
-        let mut addend_note = T::new(addend, owner);
+        // We fetch the nullifier public key hash in the registry / from our PXE
+        let owner_npk_m_h = get_npk_m_h(self.map.context.private.unwrap(), owner);
+
+        let mut addend_note = T::new(addend, owner_npk_m_h);
 
         // docs:start:insert
         self.map.at(owner).insert(&mut addend_note, true);

noir-projects/noir-contracts/contracts/token_contract/src/types/token_note.nr

@@ -2,34 +2,36 @@ use dep::aztec::{
     prelude::{AztecAddress, NoteHeader, NoteInterface, PrivateContext},
     protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER,
     note::utils::compute_note_hash_for_consumption, hash::poseidon2_hash,
-    oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key}
+    oracle::{
+    unsafe_rand::unsafe_rand, nullifier_key::get_nsk_app_with_npk_m_h,
+    get_public_key::get_public_key_with_npk_m_h
+}
 };
 
 trait OwnedNote {
-    fn new(amount: U128, owner: AztecAddress) -> Self;
+    fn new(amount: U128, owner_npk_m_h: Field) -> Self;
     fn get_amount(self) -> U128;
-    fn get_owner(self) -> AztecAddress;
+    fn get_owner_npk_m_h(self) -> Field;
 }
 
 global TOKEN_NOTE_LEN: Field = 3; // 3 plus a header.
 
 #[aztec(note)]
 struct TokenNote {
-    // the amount of tokens in the note
+    // The amount of tokens in the note
     amount: U128,
-    // the provider of secrets for the nullifier. The owner (recipient) to ensure that the note 
-    // can be privately spent. When nullifier secret and encryption private key is same 
-    // we can simply use the owner for this one.
-    owner: AztecAddress,
-    // randomness of the note to hide contents.
+    // The nullifying public key hash of the person who owns the note. 
+    // This is used with the app_nullifier_secret_key to ensure that the note can be privately spent.
+    owner_npk_m_h: Field,
+    // Randomness of the note to hide its contents
     randomness: Field,
 }
 
 impl NoteInterface<TOKEN_NOTE_LEN> for TokenNote {
     // docs:start:nullifier
     fn compute_nullifier(self, context: &mut PrivateContext) -> Field {
         let note_hash_for_nullify = compute_note_hash_for_consumption(self);
-        let secret = context.request_app_nullifier_secret_key(self.owner);
+        let secret = context.request_nsk_app_with_npk_m_h(self.owner_npk_m_h);
         poseidon2_hash([
             note_hash_for_nullify,
             secret,
@@ -40,7 +42,7 @@ impl NoteInterface<TOKEN_NOTE_LEN> for TokenNote {
 
     fn compute_nullifier_without_context(self) -> Field {
         let note_hash_for_nullify = compute_note_hash_for_consumption(self);
-        let secret = get_app_nullifier_secret_key(self.owner);
+        let secret = get_nsk_app_with_npk_m_h(self.owner_npk_m_h);
         poseidon2_hash([
             note_hash_for_nullify,
             secret,
@@ -51,8 +53,9 @@ impl NoteInterface<TOKEN_NOTE_LEN> for TokenNote {
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
       // We only bother inserting the note if non-empty to save funds on gas.
+      // TODO: (#5901) This will be changed a lot, as it should use the updated encrypted log format
       if !(self.amount == U128::from_integer(0)) {
-          let encryption_pub_key = get_public_key(self.owner);
+          let encryption_pub_key = get_public_key_with_npk_m_h(self.owner_npk_m_h);
           context.emit_encrypted_log(
               (*context).this_address(),
               slot,
@@ -65,10 +68,10 @@ impl NoteInterface<TOKEN_NOTE_LEN> for TokenNote {
 }
 
 impl OwnedNote for TokenNote {
-    fn new(amount: U128, owner: AztecAddress) -> Self {
+    fn new(amount: U128, owner_npk_m_h: Field) -> Self {
         Self {
             amount,
-            owner,
+            owner_npk_m_h,
             randomness: unsafe_rand(),
             header: NoteHeader::empty(),
         }
@@ -78,7 +81,7 @@ impl OwnedNote for TokenNote {
         self.amount
     }
 
-    fn get_owner(self) -> AztecAddress {
-        self.owner
+    fn get_owner_npk_m_h(self) -> Field {
+        self.owner_npk_m_h
     }
 }

yarn-project/aztec.js/src/wallet/base_wallet.ts

@@ -15,7 +15,13 @@ import {
   type TxHash,
   type TxReceipt,
 } from '@aztec/circuit-types';
-import { type AztecAddress, type CompleteAddress, type Fr, type PartialAddress } from '@aztec/circuits.js';
+import {
+  type AztecAddress,
+  type CompleteAddress,
+  type Fr,
+  type PartialAddress,
+  type PublicKeys,
+} from '@aztec/circuits.js';
 import { type ContractArtifact } from '@aztec/foundation/abi';
 import { type ContractClassWithId, type ContractInstanceWithAddress } from '@aztec/types/contracts';
 import { type NodeInfo } from '@aztec/types/interfaces';
@@ -83,6 +89,9 @@ export abstract class BaseWallet implements Wallet {
   getRegisteredAccountPublicKeysHash(address: AztecAddress): Promise<Fr | undefined> {
     return this.pxe.getRegisteredAccountPublicKeysHash(address);
   }
+  getRegisteredAccountPublicKeys(address: AztecAddress): Promise<PublicKeys | undefined> {
+    return this.pxe.getRegisteredAccountPublicKeys(address);
+  }
   getRecipients(): Promise<CompleteAddress[]> {
     return this.pxe.getRecipients();
   }

yarn-project/circuit-types/src/interfaces/pxe.ts

@@ -1,4 +1,10 @@
-import { type AztecAddress, type CompleteAddress, type Fr, type PartialAddress, type Point } from '@aztec/circuits.js';
+import {
+  type AztecAddress,
+  type CompleteAddress,
+  type Fr,
+  type PartialAddress,
+  type PublicKeys,
+} from '@aztec/circuits.js';
 import { type ContractArtifact } from '@aztec/foundation/abi';
 import { type ContractClassWithId, type ContractInstanceWithAddress } from '@aztec/types/contracts';
 import { type NodeInfo } from '@aztec/types/interfaces';
@@ -68,13 +74,14 @@ export interface PXE {
    * in order to be able to encrypt data for this recipient.
    *
    * @param recipient - The complete address of the recipient
+   * @param publicKeys - The public keys of the recipient (see #5834)
    * @remarks Called recipient because we can only send notes to this account and not receive them via this PXE Service.
    * This is because we don't have the associated private key and for this reason we can't decrypt
    * the recipient's notes. We can send notes to this account because we can encrypt them with the recipient's
    * public key.
    */
   // TODO: #5834: Nuke publicKeys optional parameter after `CompleteAddress` refactor.
-  registerRecipient(recipient: CompleteAddress, publicKeys?: Point[]): Promise<void>;
+  registerRecipient(recipient: CompleteAddress, publicKeys?: PublicKeys): Promise<void>;
 
   /**
    * Retrieves the user accounts registered on this PXE Service.
@@ -100,6 +107,16 @@ export interface PXE {
    */
   getRegisteredAccountPublicKeysHash(address: AztecAddress): Promise<Fr | undefined>;
 
+  /**
+   * Retrieves the public keys of the account corresponding to the provided aztec address.
+   *
+   * @param address - The address of account.
+   * @returns The public keys of the requested account if found.
+   * TODO(#5834): refactor complete address and merge with getRegisteredAccount?
+   * This will change after the re enabling separation of keystore and pxe. We shouldn't need both this function and the above one
+   */
+  getRegisteredAccountPublicKeys(address: AztecAddress): Promise<PublicKeys | undefined>;
+
   /**
    * Retrieves the recipients added to this PXE Service.
    * @returns An array of recipients registered on this PXE Service.

yarn-project/circuit-types/src/keys/key_store.ts

@@ -32,12 +32,12 @@ export interface KeyStore {
   getAccounts(): Promise<AztecAddress[]>;
 
   /**
-   * Gets the master nullifier public key for a given account.
+   * Gets the master nullifier public key for a given account or master nullifier public key hash.
    * @throws If the account does not exist in the key store.
-   * @param account - The account address for which to retrieve the master nullifier public key.
+   * @param account or master nullifier public key hash - The account address or master nullifier public key hash for which to retrieve the master nullifier public key.
    * @returns The master nullifier public key for the account.
    */
-  getMasterNullifierPublicKey(account: AztecAddress): Promise<PublicKey>;
+  getMasterNullifierPublicKey(accountOrMasterNullifierPublicKeyHash: AztecAddress | Fr): Promise<PublicKey>;
 
   /**
    * Gets the master incoming viewing public key for a given account.
@@ -64,13 +64,13 @@ export interface KeyStore {
   getMasterTaggingPublicKey(account: AztecAddress): Promise<PublicKey>;
 
   /**
-   * Retrieves application nullifier secret key.
+   * Derives and returns the application nullifier secret key for a given account or master nullifier public key hash.
    * @throws If the account does not exist in the key store.
-   * @param account - The account to retrieve the application nullifier secret key for.
+   * @param account or master nullifier public key hash - The account address or master nullifier public key hash for which to retrieve the application nullifier secret key.
    * @param app - The application address to retrieve the nullifier secret key for.
    * @returns A Promise that resolves to the application nullifier secret key.
    */
-  getAppNullifierSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
+  getAppNullifierSecretKey(accountOrMasterNullifierPublicKeyHash: AztecAddress | Fr, app: AztecAddress): Promise<Fr>;
 
   /**
    * Retrieves application incoming viewing secret key.
@@ -118,13 +118,22 @@ export interface KeyStore {
    */
   getPublicKeysHash(account: AztecAddress): Promise<Fr>;
 
+  /**
+   * Gets the account address for a given master nullifier public key hash.
+   * @throws If the master nullifier public key hash does not exist in the key store.
+   * @param masterNullifierPublicKeyHash - The master nullifier public key hash for which to retrieve the address.
+   * @returns The address for the account.
+   */
+  getAccountAddressForMasterNullifierPublicKeyHash(masterNullifierPublicKeyHash: Fr): AztecAddress;
+
   /**
    * This is used to register a recipient / for storing public keys of an address
    * @param accountAddress - The account address to store keys for.
    * @param masterNullifierPublicKey - The stored master nullifier public key
    * @param masterIncomingViewingPublicKey - The stored incoming viewing public key
    * @param masterOutgoingViewingPublicKey - The stored outgoing viewing public key
    * @param masterTaggingPublicKey - The stored master tagging public key
+   * @remarks This also adds the master nullifier public key hash to the store for the recipient
    */
   // TODO(#5834): Move this function out of here. Key store should only be used for accounts, not recipients
   addPublicKeysForAccount(

yarn-project/circuits.js/src/types/public_key.ts

@@ -2,3 +2,10 @@ import { type Point } from '@aztec/foundation/fields';
 
 /** Represents a user public key. */
 export type PublicKey = Point;
+
+export type PublicKeys = {
+  masterNullifierPublicKey: Point;
+  masterIncomingViewingPublicKey: Point;
+  masterOutgoingViewingPublicKey: Point;
+  masterTaggingPublicKey: Point;
+};