From fc16d412020d661c3009c2fdd7362d02d044d185 Mon Sep 17 00:00:00 2001 From: sklppy88 Date: Thu, 11 Jul 2024 14:33:16 +0000 Subject: [PATCH] init --- docs/docs/aztec/concepts/accounts/keys.md | 4 +- .../example-usage/encrypt-and-tag.md | 10 ++-- .../protocol-specs/addresses-and-keys/keys.md | 2 +- .../contract_tutorials/token_contract.md | 2 +- docs/src/katex-macros.js | 12 ++--- .../aztec/src/encrypted_logs/incoming_body.nr | 12 ++--- .../aztec/src/encrypted_logs/outgoing_body.nr | 22 ++++----- .../aztec/src/encrypted_logs/payload.nr | 46 +++++++------------ .../contracts/test_contract/src/main.nr | 4 +- .../encrypted_event_log_incoming_body.ts | 12 ++--- .../encrypted_log_incoming_body.ts | 18 ++++---- .../encrypted_note_log_incoming_body.ts | 12 ++--- .../encrypted_log_outgoing_body.test.ts | 12 ++--- .../l1_payload/encrypted_log_outgoing_body.ts | 8 ++-- .../src/logs/l1_payload/l1_payload.ts | 17 +++---- .../src/logs/l1_payload/tagged_log.test.ts | 8 ++-- .../circuits.js/src/keys/derivation.ts | 24 +--------- .../end-to-end/src/e2e_encryption.test.ts | 8 ++-- 18 files changed, 97 insertions(+), 136 deletions(-) diff --git a/docs/docs/aztec/concepts/accounts/keys.md b/docs/docs/aztec/concepts/accounts/keys.md index f4349689b58..457f0e4a510 100644 --- a/docs/docs/aztec/concepts/accounts/keys.md +++ b/docs/docs/aztec/concepts/accounts/keys.md @@ -91,12 +91,12 @@ Typically, `Npk_m` is stored in a note and later on, the note is nullified using Validity of `nsk_app` is verified by our [protocol kernel circuits](../../../protocol-specs/circuits/private-kernel-tail#verifying-and-splitting-ordered-data). ## Incoming viewing keys -The app-siloed version of public key (denoted `Ivpk_app`) is used to encrypt a note for a recipient and the corresponding secret key (`ivsk_app`) is used by recipient during decryption. +The public key (denoted `Ivpk`) is used to encrypt a note for a recipient and the corresponding secret key (`ivsk`) is used by the recipient during decryption. ## Outgoing viewing keys App-siloed versions of outgoing viewing keys are denoted `ovsk_app` and `Ovpk_app`. These keys are used to encrypt a note for a note sender which is necessary for reconstructing transaction history from on-chain data. -For example, during a token transfer, the token contract may dictate that the sender encrypts the note with value with the recipient's `Ivpk_app`, but also records the transfer with its own `Ovpk_app` for bookkeeping purposes. +For example, during a token transfer, the token contract may dictate that the sender encrypts the note with value with the recipient's `Ivpk`, but also records the transfer with its own `Ovpk_app` for bookkeeping purposes. If these keys were not used and a new device would be synched there would be no "direct" information available about notes that a user created for other people. ## Tagging keys diff --git a/docs/docs/protocol-specs/addresses-and-keys/example-usage/encrypt-and-tag.md b/docs/docs/protocol-specs/addresses-and-keys/example-usage/encrypt-and-tag.md index c25642d832f..c0b1b390fd7 100644 --- a/docs/docs/protocol-specs/addresses-and-keys/example-usage/encrypt-and-tag.md +++ b/docs/docs/protocol-specs/addresses-and-keys/example-usage/encrypt-and-tag.md @@ -15,9 +15,9 @@ $\ciphertextheader$ | $enc^{\Ivpkm}_{\hmencheader}$(app\_address) | Ciphertext h ||||| $\esk$ | $\stackrel{rand}{\leftarrow} \mathbb{F}$ | ephemeral secret key | $\Epkd$ | $\esk \cdot \Gd$ | (Diversified) Ephemeral public key | -$\sharedsecret_{app,enc}$ | $\esk \cdot \Ivpkappdstealth$ | Shared secret, for ciphertext encryption | +$\sharedsecret_{app,enc}$ | $\esk \cdot \Ivpkdstealth$ | Shared secret, for ciphertext encryption | $\happenc$ | h("?", $\sharedsecret_{app,enc}$) | Incoming data encryption key | -$\ciphertext$ | $enc^{\Ivpkappdstealth}_{\happenc}(\plaintext)$ | Ciphertext | +$\ciphertext$ | $enc^{\Ivpkdstealth}_{\happenc}(\plaintext)$ | Ciphertext | $\payload$ | [$\tagg_{m, i}^{Bob \rightarrow Alice}$, $\ciphertextheader$, $\ciphertext$, $\Epkdheader$, $\Epkd$] | Payload | @@ -33,10 +33,10 @@ $\sharedsecret_{m,header}$ | $\ivskm \cdot \Epkdheader$ | Shared secret, for enc $\hmencheader$ | h("?", $\sharedsecret_{m,header}$) | Incoming encryption key | app_address | $decrypt_{\hmencheader}^{\ivskm}(\ciphertextheader)$ | App address | |||| -$\ivskappstealth$ | See derivations above. Use the decrypted app_address. | App-specific incoming viewing secret key | -$\sharedsecret_{app, enc}$ | $\ivskappstealth \cdot \Epkd$ | Shared secret, for ciphertext encryption | +$\ivskstealth$ | See derivations above. Use the decrypted app_address. | Incoming viewing secret key | +$\sharedsecret_{app, enc}$ | $\ivskstealth \cdot \Epkd$ | Shared secret, for ciphertext encryption | $\happenc$ | h("?", $\sharedsecret_{app, enc}$) | Ciphertext encryption key | -$\plaintext$ | $decrypt_{\happenc}^{\ivskappstealth}(\ciphertext)$ | Plaintext | +$\plaintext$ | $decrypt_{\happenc}^{\ivskstealth}(\ciphertext)$ | Plaintext | ## Encrypt and tag an outgoing message diff --git a/docs/docs/protocol-specs/addresses-and-keys/keys.md b/docs/docs/protocol-specs/addresses-and-keys/keys.md index c083c574559..5cfdbf5884f 100644 --- a/docs/docs/protocol-specs/addresses-and-keys/keys.md +++ b/docs/docs/protocol-specs/addresses-and-keys/keys.md @@ -178,7 +178,7 @@ If an app developer thinks some of their users might wish to have the option to > Note: this key can be optionally shared with a trusted 3rd party, and they would not be able to derive the user's secret keys. > Note: knowledge of this key enables someone to identify when an emitted nullifier belongs to the user, and to identify which note hashes have been nullified. -> Note: knowledge of this key would not enable a 3rd party to view the contents of any notes; knowledge of the $\ivskapp$ / $\ovskapp$ would be needed for that. +> Note: knowledge of this key would not enable a 3rd party to view the contents of any notes; knowledge of the $\ivsk$ / $\ovskapp$ would be needed for that. > Note: this is intentionally not named as a "public" key, since it must not be shared with the wider public. $$ diff --git a/docs/docs/tutorials/contract_tutorials/token_contract.md b/docs/docs/tutorials/contract_tutorials/token_contract.md index ef83e6514e3..58e1c8db21b 100644 --- a/docs/docs/tutorials/contract_tutorials/token_contract.md +++ b/docs/docs/tutorials/contract_tutorials/token_contract.md @@ -463,7 +463,7 @@ Unconstrained functions are similar to `view` functions in Solidity in that they #### `balance_of_private` -A getter function for checking the private balance of the provided Aztec account. Note that the [Private Execution Environment (PXE)](https://github.com/AztecProtocol/aztec-packages/tree/#include_aztec_version/yarn-project/pxe) must have `ivsk_app` ([incoming viewing secret key](../../aztec/concepts/accounts/keys.md##incoming-viewing-keys)) in order to decrypt the notes. +A getter function for checking the private balance of the provided Aztec account. Note that the [Private Execution Environment (PXE)](https://github.com/AztecProtocol/aztec-packages/tree/#include_aztec_version/yarn-project/pxe) must have `ivsk` ([incoming viewing secret key](../../aztec/concepts/accounts/keys.md##incoming-viewing-keys)) in order to decrypt the notes. #include_code balance_of_private /noir-projects/noir-contracts/contracts/token_contract/src/main.nr rust diff --git a/docs/src/katex-macros.js b/docs/src/katex-macros.js index ee4e8d90738..5588ec61d54 100644 --- a/docs/src/katex-macros.js +++ b/docs/src/katex-macros.js @@ -18,14 +18,14 @@ module.exports = { "\\nskapp": "{\\color{red}{nsk_{app}}}", "\\tskapp": "{\\color{red}{tsk_{app}}}", - "\\ivskapp": "{\\color{red}{ivsk_{app}}}", + "\\ivsk": "{\\color{red}{ivsk}}", "\\ovskapp": "{\\color{red}{ovsk_{app}}}", "\\Nkapp": "{\\color{orange}{Nk_{app}}}", "\\Npkapp": "{\\color{green}{Npk_{app}}}", - "\\Ivpkapp": "{\\color{green}{Ivpk_{app}}}", + "\\Ivpk": "{\\color{green}{Ivpk_{app}}}", "\\happL": "{\\color{green}{h_{app}^L}}", "\\happn": "{\\color{green}{h_{app}^n}}", @@ -34,13 +34,13 @@ module.exports = { "\\d": "{\\color{green}{d}}", "\\Gd": "{\\color{green}{G_d}}", - "\\Ivpkappd": "{\\color{violet}{Ivpk_{app,d}}}", - "\\shareableIvpkappd": "{\\color{violet}{\\widetilde{Ivpk_{app,d}}}}", + "\\Ivpkd": "{\\color{violet}{Ivpk_{app,d}}}", + "\\shareableIvpkd": "{\\color{violet}{\\widetilde{Ivpk_{app,d}}}}", "\\Ivpkmd": "{\\color{violet}{Ivpk_{m,d}}}", "\\shareableIvpkmd": "{\\color{violet}{\\widetilde{Ivpk_{m,d}}}}", - "\\ivskappstealth": "{\\color{red}{ivsk_{app,stealth}}}", - "\\Ivpkappdstealth": "{\\color{violet}{Ivpk_{app,d,stealth}}}", + "\\ivskstealth": "{\\color{red}{ivsk_{stealth}}}", + "\\Ivpkdstealth": "{\\color{violet}{Ivpk_{app,d,stealth}}}", "\\Pkappdstealth": "{\\color{violet}{Pk_{app,d,stealth}}}", "\\ivskmstealth": "{\\color{red}{ivsk_{m,stealth}}}", "\\Ivpkmdstealth": "{\\color{violet}{Ivpk_{m,d,stealth}}}", diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr index 3caaaeb845f..d6a86136c9e 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr @@ -20,8 +20,8 @@ impl EncryptedLogIncomingBody { EncryptedLogIncomingBody { plaintext } } - pub fn compute_ciphertext(self, eph_sk: Scalar, ivpk_app: Point) -> [u8] { - let full_key = point_to_symmetric_key(eph_sk, ivpk_app); + pub fn compute_ciphertext(self, eph_sk: Scalar, ivpk: Point) -> [u8] { + let full_key = point_to_symmetric_key(eph_sk, ivpk); let mut sym_key = [0; 16]; let mut iv = [0; 16]; @@ -122,7 +122,7 @@ mod test { lo: 0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd, hi: 0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06 }; - let ivpk_app = Point { + let ivpk = Point { x: 0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186, y: 0x1e96887b117afca01c00468264f4f80b5bb16d94c1808a448595f115556e5c8e, is_infinite: false @@ -130,7 +130,7 @@ mod test { let body = EncryptedLogIncomingBody::from_note(note, storage_slot); - let ciphertext = body.compute_ciphertext(eph_sk, ivpk_app); + let ciphertext = body.compute_ciphertext(eph_sk, ivpk); let expected_note_body_ciphertext = [ 228, 9, 65, 81, 62, 59, 249, 207, 90, 196, 206, 72, 39, 199, 82, 196, 63, 127, 188, 251, 150, 188, 238, 205, 3, 86, 102, 164, 175, 12, 137, 158, 163, 111, 205, 10, 229, 230, 46, 202, 110, 107, 156, 180, 67, 192, 161, 201, 48, 153, 169, 1, 25, 182, 93, 39, 39, 207, 251, 218, 234, 147, 156, 13, 110, 180, 190, 199, 41, 6, 211, 203, 176, 110, 165, 186, 110, 127, 199, 22, 201, 149, 92, 249, 219, 68, 145, 68, 179, 29, 233, 34, 98, 123, 197, 234, 169, 53, 44, 14, 81, 60, 92, 27, 250, 134, 49, 248, 57, 119, 236, 118, 158, 104, 82, 243, 98, 164, 60, 72, 74, 27, 177, 194, 221, 225, 193, 150, 67, 235, 205, 106, 150, 24, 126, 186, 220, 178, 199, 189, 113, 54, 181, 55, 46, 15, 236, 236, 9, 159, 5, 172, 237, 154, 110, 50, 241, 64, 92, 13, 37, 53, 20, 140, 42, 146, 229, 63, 97, 25, 159, 63, 235, 104, 68, 100 @@ -222,7 +222,7 @@ mod test { hi: 0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06 }; - let ivpk_app = Point { + let ivpk = Point { x: 0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186, y: 0x1e96887b117afca01c00468264f4f80b5bb16d94c1808a448595f115556e5c8e, is_infinite: false @@ -232,7 +232,7 @@ mod test { let body = EncryptedLogIncomingBody::from_event(test_event, randomness); - let ciphertext = body.compute_ciphertext(eph_sk, ivpk_app); + let ciphertext = body.compute_ciphertext(eph_sk, ivpk); let expected_event_body_ciphertext = [ 228, 9, 65, 81, 62, 59, 249, 207, 90, 196, 206, 72, 39, 199, 82, 196, 63, 127, 188, 251, 150, 188, 238, 205, 3, 86, 102, 164, 175, 12, 137, 158, 163, 111, 205, 10, 229, 230, 46, 202, 110, 107, 156, 180, 67, 192, 161, 201, 66, 122, 29, 35, 42, 33, 153, 216, 199, 208, 103, 207, 126, 153, 189, 136, 19, 220, 238, 15, 169, 29, 255, 11, 123, 107, 70, 192, 53, 40, 36, 93, 187, 32, 123, 136, 104, 23, 229, 245, 152, 90, 84, 2, 136, 112, 42, 27, 82, 214, 104, 14, 250, 48, 199, 245, 88, 22, 200, 77, 38, 51, 127, 56, 138, 255, 16, 46, 179, 129, 215, 185, 185, 116, 148, 16, 133, 62, 56, 180, 10, 132, 109, 77, 206, 199, 21, 167, 7, 163, 171, 158, 244, 23, 18, 121, 108, 42, 107, 7, 48, 84, 212, 104, 39, 16, 109, 7, 108, 129, 60, 80, 112, 241, 223, 140, 186, 158, 38, 74, 230, 213, 159, 175, 142, 228, 128, 160 diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr index d3cc68d1d4a..64379d6f5bc 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr @@ -9,12 +9,12 @@ use crate::keys::point_to_symmetric_key::point_to_symmetric_key; struct EncryptedLogOutgoingBody { eph_sk: Scalar, recipient: AztecAddress, - recipient_ivpk_app: Point, + recipient_ivpk: Point, } impl EncryptedLogOutgoingBody { - pub fn new(eph_sk: Scalar, recipient: AztecAddress, recipient_ivpk_app: Point) -> Self { - Self { eph_sk, recipient, recipient_ivpk_app } + pub fn new(eph_sk: Scalar, recipient: AztecAddress, recipient_ivpk: Point) -> Self { + Self { eph_sk, recipient, recipient_ivpk } } pub fn compute_ciphertext(self, ovsk_app: Scalar, eph_pk: Point) -> [u8; 176] { @@ -27,16 +27,16 @@ impl EncryptedLogOutgoingBody { let serialized_eph_sk_low = self.eph_sk.lo.to_be_bytes(32); let address_bytes = self.recipient.to_field().to_be_bytes(32); - let serialized_recipient_ivpk_app = self.recipient_ivpk_app.serialize(); - let serialized_recipient_ivpk_app_x = serialized_recipient_ivpk_app[0].to_be_bytes(32); - let serialized_recipient_ivpk_app_y = serialized_recipient_ivpk_app[1].to_be_bytes(32); + let serialized_recipient_ivpk = self.recipient_ivpk.serialize(); + let serialized_recipient_ivpk_x = serialized_recipient_ivpk[0].to_be_bytes(32); + let serialized_recipient_ivpk_y = serialized_recipient_ivpk[1].to_be_bytes(32); for i in 0..32 { buffer[i] = serialized_eph_sk_high[i]; buffer[i + 32] = serialized_eph_sk_low[i]; buffer[i + 64] = address_bytes[i]; - buffer[i + 96] = serialized_recipient_ivpk_app_x[i]; - buffer[i + 128] = serialized_recipient_ivpk_app_y[i]; + buffer[i + 96] = serialized_recipient_ivpk_x[i]; + buffer[i + 128] = serialized_recipient_ivpk_y[i]; } // We compute the symmetric key using poseidon. @@ -74,7 +74,7 @@ mod test { lo: 0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe, hi: 0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb }; - let recipient_ivsk_app = Scalar { + let recipient_ivsk = Scalar { lo: 0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022, hi: 0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31 }; @@ -84,11 +84,11 @@ mod test { }; let eph_pk = derive_public_key(eph_sk); - let recipient_ivpk_app = derive_public_key(recipient_ivsk_app); + let recipient_ivpk = derive_public_key(recipient_ivsk); let recipient = AztecAddress::from_field(0xdeadbeef); - let body = EncryptedLogOutgoingBody::new(eph_sk, recipient, recipient_ivpk_app); + let body = EncryptedLogOutgoingBody::new(eph_sk, recipient, recipient_ivpk); let ciphertext = body.compute_ciphertext(sender_ovsk_app, eph_pk); diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr index d2f2856fd6d..aaddb85dad0 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr @@ -28,14 +28,12 @@ pub fn compute_encrypted_event_log( let eph_sk: Scalar = fr_to_fq(unsafe_rand()); let eph_pk = derive_public_key(eph_sk); - let ivpk_app = compute_ivpk_app(ivpk, contract_address); - let header = EncryptedLogHeader::new(contract_address); let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ivpk); let outgoing_Header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk); - let incoming_body_ciphertext = EncryptedLogIncomingBody::from_event(event, randomness).compute_ciphertext(eph_sk, ivpk_app); - let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk); + let incoming_body_ciphertext = EncryptedLogIncomingBody::from_event(event, randomness).compute_ciphertext(eph_sk, ivpk); + let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk); let mut encrypted_bytes: [u8; OB] = [0; OB]; // @todo We ignore the tags for now @@ -83,14 +81,12 @@ pub fn compute_encrypted_note_log( let eph_sk: Scalar = fr_to_fq(unsafe_rand()); let eph_pk = derive_public_key(eph_sk); - let ivpk_app = compute_ivpk_app(ivpk, contract_address); - let header = EncryptedLogHeader::new(contract_address); let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ivpk); let outgoing_Header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk); - let incoming_body_ciphertext = EncryptedLogIncomingBody::from_note(note, storage_slot).compute_ciphertext(eph_sk, ivpk_app); - let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk); + let incoming_body_ciphertext = EncryptedLogIncomingBody::from_note(note, storage_slot).compute_ciphertext(eph_sk, ivpk); + let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk); let mut encrypted_bytes: [u8; M] = [0; M]; // @todo We ignore the tags for now @@ -144,26 +140,6 @@ fn fr_to_fq(r: Field) -> Scalar { Scalar { lo, hi } } -fn compute_ivpk_app(ivpk: Point, contract_address: AztecAddress) -> Point { - // It is useless to compute this, it brings no value to derive fully. - // Issue(#6955) - ivpk - /* - // @todo Just setting infinite to false, but it should be checked. - // for example user could define ivpk = infinity using the registry - assert((ivpk.x != 0) & (ivpk.y != 0), "ivpk is infinite"); - - let i = fr_to_fq(poseidon2_hash([contract_address.to_field(), ivpk.x, ivpk.y, GENERATOR_INDEX__IVSK_M])); - let I = derive_public_key(i); - - let embed_I = Point { x: I.x, y: I.y, is_infinite: false }; - let embed_ivpk = Point { x: ivpk.x, y: ivpk.y, is_infinite: false }; - - let embed_result = embedded_curve_add(embed_I, embed_ivpk); - - Point { x: embed_result.x, embed_result.y)*/ -} - mod test { use crate::{ encrypted_logs::payload::compute_encrypted_note_log, @@ -194,10 +170,20 @@ mod test { let eph_sk = 0x1358d15019d4639393d62b97e1588c095957ce74a1c32d6ec7d62fe6705d9538; OracleMock::mock("getRandomField").returns(eph_sk); - let log: [u8; 512] = compute_encrypted_note_log(contract_address, storage_slot, ovsk_app, ovpk_m, ivpk_m, note); + let recipient = AztecAddress::from_field(0x10ee41ee4b62703b16f61e03cb0d88c4b306a9eb4a6ceeb2aff13428541689a2); + + let log: [u8; 512] = compute_encrypted_note_log( + contract_address, + storage_slot, + ovsk_app, + ovpk_m, + ivpk_m, + recipient, + note + ); let expected_encrypted_note_log = [ - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 17, 160, 52, 217, 22, 191, 84, 175, 25, 133, 53, 220, 2, 251, 32, 105, 198, 147, 24, 131, 202, 112, 149, 136, 66, 205, 254, 3, 134, 195, 101, 73, 212, 19, 232, 42, 39, 191, 165, 183, 8, 7, 18, 118, 74, 69, 91, 146, 69, 16, 184, 101, 144, 48, 25, 190, 254, 181, 223, 24, 183, 175, 118, 159, 176, 135, 62, 255, 169, 124, 170, 3, 92, 81, 122, 107, 65, 125, 95, 97, 110, 198, 200, 74, 147, 217, 93, 23, 227, 84, 59, 15, 75, 108, 122, 49, 230, 228, 246, 207, 173, 7, 60, 16, 74, 236, 201, 102, 237, 48, 179, 223, 191, 223, 248, 78, 167, 61, 203, 25, 114, 223, 58, 60, 180, 255, 116, 170, 136, 173, 178, 40, 2, 125, 229, 20, 220, 82, 28, 191, 147, 133, 137, 1, 45, 243, 229, 140, 115, 165, 150, 154, 96, 22, 120, 223, 237, 213, 182, 252, 192, 8, 132, 43, 21, 56, 243, 116, 144, 182, 75, 16, 30, 222, 222, 60, 205, 147, 214, 53, 41, 62, 53, 16, 147, 117, 72, 169, 220, 125, 208, 210, 12, 186, 204, 143, 114, 50, 101, 80, 157, 55, 73, 11, 125, 27, 236, 202, 2, 242, 81, 153, 206, 165, 215, 215, 116, 50, 93, 177, 236, 240, 26, 164, 68, 160, 91, 136, 250, 39, 177, 22, 37, 38, 82, 248, 55, 125, 108, 38, 234, 209, 151, 69, 187, 150, 105, 120, 187, 236, 212, 161, 78, 22, 6, 231, 229, 110, 248, 35, 22, 254, 17, 32, 191, 75, 35, 252, 227, 111, 46, 146, 52, 21, 171, 105, 20, 112, 233, 143, 177, 99, 185, 193, 164, 246, 192, 62, 234, 175, 198, 157, 31, 230, 233, 237, 26, 65, 24, 65, 72, 220, 247, 223, 61, 75, 246, 144, 94, 99, 132, 235, 149, 93, 3, 115, 131, 132, 250, 238, 138, 194, 233, 144, 156, 140, 1, 42, 44, 12, 214, 94, 137, 130, 56, 105, 149, 124, 81, 178, 1, 73, 79, 156, 26, 65, 163, 18, 152, 116, 138, 128, 158, 63, 151, 205, 151, 73, 68, 173, 220, 126, 213, 72, 112, 237, 15, 235, 178, 217, 122, 146, 224, 89, 213, 217, 34, 172, 4, 164, 40, 102, 220, 174, 222, 250, 221, 149, 238, 174, 97, 65, 183, 255, 168, 139, 67, 122, 124, 41, 89, 147, 255, 109, 57, 197, 150, 174, 186, 221, 50, 19, 216, 14, 100, 176 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55, 111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 17, 160, 52, 217, 22, 191, 84, 175, 25, 133, 53, 220, 2, 251, 32, 105, 198, 147, 24, 131, 202, 112, 149, 136, 66, 205, 254, 3, 134, 195, 101, 73, 212, 19, 232, 42, 39, 191, 165, 183, 8, 7, 18, 118, 74, 69, 91, 146, 69, 16, 184, 101, 144, 48, 25, 190, 254, 181, 223, 24, 183, 175, 118, 159, 176, 135, 62, 255, 169, 124, 170, 3, 92, 81, 122, 107, 65, 125, 95, 97, 110, 198, 200, 74, 147, 217, 93, 23, 227, 84, 59, 15, 75, 108, 122, 49, 230, 228, 246, 207, 173, 7, 60, 16, 74, 236, 201, 102, 237, 48, 179, 223, 191, 223, 248, 78, 167, 61, 203, 25, 114, 223, 58, 60, 180, 255, 116, 170, 136, 173, 178, 40, 2, 125, 229, 20, 220, 82, 28, 191, 147, 133, 137, 1, 45, 243, 229, 140, 115, 165, 150, 154, 96, 22, 120, 223, 237, 213, 182, 252, 192, 8, 132, 43, 21, 56, 243, 116, 144, 182, 75, 16, 30, 222, 222, 60, 205, 147, 214, 53, 41, 62, 53, 16, 147, 117, 72, 169, 220, 125, 208, 210, 45, 65, 233, 40, 87, 88, 140, 237, 200, 161, 9, 86, 82, 128, 191, 51, 4, 195, 243, 100, 102, 240, 54, 129, 176, 116, 139, 73, 27, 98, 222, 1, 117, 99, 178, 51, 207, 67, 29, 83, 104, 231, 49, 137, 217, 247, 111, 172, 245, 198, 171, 123, 57, 41, 203, 219, 177, 135, 227, 2, 189, 205, 150, 238, 81, 1, 202, 202, 244, 139, 194, 123, 195, 148, 255, 169, 226, 43, 234, 31, 252, 105, 35, 2, 91, 12, 19, 26, 134, 114, 184, 210, 92, 191, 188, 7, 172, 232, 163, 189, 38, 199, 56, 251, 225, 202, 249, 17, 117, 132, 162, 113, 61, 75, 246, 144, 94, 99, 132, 235, 149, 93, 3, 115, 131, 132, 250, 238, 138, 194, 233, 144, 156, 140, 1, 42, 44, 12, 214, 94, 137, 130, 56, 105, 149, 124, 81, 178, 1, 73, 79, 156, 26, 65, 163, 18, 152, 116, 138, 128, 158, 63, 151, 205, 151, 73, 68, 173, 220, 126, 213, 72, 112, 237, 15, 235, 178, 217, 122, 146, 224, 89, 213, 217, 34, 172, 4, 164, 40, 102, 220, 174, 222, 250, 221, 149, 238, 174, 97, 65, 183, 255, 168, 139, 67, 122, 124, 41, 89, 147, 255, 109, 57, 197, 150, 174, 186, 221, 50, 19, 216, 14, 100, 176 ]; for i in 0..expected_encrypted_note_log.len() { assert_eq(log[i], expected_encrypted_note_log[i]); diff --git a/noir-projects/noir-contracts/contracts/test_contract/src/main.nr b/noir-projects/noir-contracts/contracts/test_contract/src/main.nr index e2f6bdf9764..948dbd27896 100644 --- a/noir-projects/noir-contracts/contracts/test_contract/src/main.nr +++ b/noir-projects/noir-contracts/contracts/test_contract/src/main.nr @@ -427,11 +427,11 @@ contract Test { fn compute_outgoing_log_body_ciphertext( eph_sk: Scalar, recipient: AztecAddress, - recipient_ivpk_app: Point, + recipient_ivpk: Point, ovsk_app: Scalar ) -> [u8; 176] { let eph_pk = derive_public_key(eph_sk); - EncryptedLogOutgoingBody::new(eph_sk, recipient, recipient_ivpk_app).compute_ciphertext(ovsk_app, eph_pk) + EncryptedLogOutgoingBody::new(eph_sk, recipient, recipient_ivpk).compute_ciphertext(ovsk_app, eph_pk) } #[aztec(public)] diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_event_log_incoming_body.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_event_log_incoming_body.ts index 0574f1e0b9a..549d454ae11 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_event_log_incoming_body.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_event_log_incoming_body.ts @@ -41,20 +41,20 @@ export class EncryptedEventLogIncomingBody extends EncryptedLogIncomingBody { * Decrypts a log body * * @param ciphertext - The ciphertext buffer - * @param ivskAppOrEphSk - The private key matching the public key used in encryption (the viewing key secret or) - * @param ephPkOrIvpkApp - The public key generated with the ephemeral secret key used in encryption + * @param ivskOrEphSk - The private key matching the public key used in encryption (the viewing secret key or ephemeral secret key) + * @param ephPkOrIvpk - The public key generated with the ephemeral secret key used in encryption * - * The "odd" input stems from ivskApp * ephPk == ivpkApp * ephSk producing the same value. + * The "odd" input stems from ivsk * ephPk == ivpk * ephSk producing the same value. * This is used to allow for the same decryption function to be used by both the sender and the recipient. * * @returns The decrypted log body */ public static fromCiphertext( ciphertext: Buffer | bigint[], - ivskAppOrEphSk: GrumpkinScalar, - ephPkOrIvpkApp: PublicKey, + ivskOrEphSk: GrumpkinScalar, + ephPkOrIvpk: PublicKey, ): EncryptedEventLogIncomingBody { - const buffer = super.fromCiphertextToBuffer(ciphertext, ivskAppOrEphSk, ephPkOrIvpkApp); + const buffer = super.fromCiphertextToBuffer(ciphertext, ivskOrEphSk, ephPkOrIvpk); return EncryptedEventLogIncomingBody.fromBuffer(buffer); } } diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_log_incoming_body.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_log_incoming_body.ts index 300ee0dd879..587530882c0 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_log_incoming_body.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_log_incoming_body.ts @@ -10,22 +10,22 @@ export abstract class EncryptedLogIncomingBody { * Decrypts a log body * * @param ciphertext - The ciphertext buffer - * @param ivskAppOrEphSk - The private key matching the public key used in encryption (the viewing key secret or) - * @param ephPkOrIvpkApp - The public key generated with the ephemeral secret key used in encryption + * @param ivskOrEphSk - The private key matching the public key used in encryption (the viewing secret key or ephemeral secret key) + * @param ephPkOrIvpk - The public key generated with the ephemeral secret key used in encryption * - * The "odd" input stems from ivskApp * ephPk == ivpkApp * ephSk producing the same value. + * The "odd" input stems from ivsk * ephPk == ivpk * ephSk producing the same value. * This is used to allow for the same decryption function to be used by both the sender and the recipient. * * @returns The decrypted log body as a buffer */ protected static fromCiphertextToBuffer( ciphertext: Buffer | bigint[], - ivskAppOrEphSk: GrumpkinScalar, - ephPkOrIvpkApp: PublicKey, + ivskOrEphSk: GrumpkinScalar, + ephPkOrIvpk: PublicKey, ): Buffer { const input = Buffer.isBuffer(ciphertext) ? ciphertext : Buffer.from(ciphertext.map((x: bigint) => Number(x))); - const aesSecret = deriveAESSecret(ivskAppOrEphSk, ephPkOrIvpkApp); + const aesSecret = deriveAESSecret(ivskOrEphSk, ephPkOrIvpk); const key = aesSecret.subarray(0, 16); const iv = aesSecret.subarray(16, 32); @@ -37,12 +37,12 @@ export abstract class EncryptedLogIncomingBody { * Encrypts a log body * * @param ephSk - The ephemeral secret key - * @param ivpkApp - The application scoped incoming viewing key for the recipient of this log + * @param ivpk - The application scoped incoming viewing key for the recipient of this log * * @returns The ciphertext of the encrypted log body */ - public computeCiphertext(ephSk: GrumpkinScalar, ivpkApp: PublicKey) { - const aesSecret = deriveAESSecret(ephSk, ivpkApp); + public computeCiphertext(ephSk: GrumpkinScalar, ivpk: PublicKey) { + const aesSecret = deriveAESSecret(ephSk, ivpk); const key = aesSecret.subarray(0, 16); const iv = aesSecret.subarray(16, 32); diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_note_log_incoming_body.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_note_log_incoming_body.ts index ffcb15f6de5..344b84105ee 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_note_log_incoming_body.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_incoming_body/encrypted_note_log_incoming_body.ts @@ -43,20 +43,20 @@ export class EncryptedNoteLogIncomingBody extends EncryptedLogIncomingBody { * Decrypts a log body * * @param ciphertext - The ciphertext buffer - * @param ivskAppOrEphSk - The private key matching the public key used in encryption (the viewing key secret or) - * @param ephPkOrIvpkApp - The public key generated with the ephemeral secret key used in encryption + * @param ivskOrEphSk - The private key matching the public key used in encryption (the viewing secret key or ephemeral secret key) + * @param ephPkOrIvpk - The public key generated with the ephemeral secret key used in encryption * - * The "odd" input stems from ivskApp * ephPk == ivpkApp * ephSk producing the same value. + * The "odd" input stems from ivsk * ephPk == ivpk * ephSk producing the same value. * This is used to allow for the same decryption function to be used by both the sender and the recipient. * * @returns The decrypted log body */ public static fromCiphertext( ciphertext: Buffer | bigint[], - ivskAppOrEphSk: GrumpkinScalar, - ephPkOrIvpkApp: PublicKey, + ivskOrEphSk: GrumpkinScalar, + ephPkOrIvpk: PublicKey, ): EncryptedNoteLogIncomingBody { - const buffer = super.fromCiphertextToBuffer(ciphertext, ivskAppOrEphSk, ephPkOrIvpkApp); + const buffer = super.fromCiphertextToBuffer(ciphertext, ivskOrEphSk, ephPkOrIvpk); return EncryptedNoteLogIncomingBody.fromBuffer(buffer); } } diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.test.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.test.ts index 5f7a35079e5..e4de515d00b 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.test.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.test.ts @@ -13,15 +13,15 @@ describe('encrypt log outgoing body', () => { it('encrypt and decrypt a log outgoing body', () => { const ephSk = GrumpkinScalar.random(); - const recipientIvskApp = GrumpkinScalar.random(); + const recipientIvsk = GrumpkinScalar.random(); const senderOvskApp = GrumpkinScalar.random(); const ephPk = grumpkin.mul(Grumpkin.generator, ephSk); - const recipientIvpkApp = grumpkin.mul(Grumpkin.generator, recipientIvskApp); + const recipientIvpk = grumpkin.mul(Grumpkin.generator, recipientIvsk); const recipientAddress = AztecAddress.random(); - const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpkApp); + const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpk); const encrypted = body.computeCiphertext(senderOvskApp, ephPk); @@ -32,15 +32,15 @@ describe('encrypt log outgoing body', () => { it('encrypt a log outgoing body, generate input for noir test', () => { const ephSk = new GrumpkinScalar(0x0f096b423017226a18461115fa8d34bbd0d302ee245dfaf2807e604eec4715fen); - const recipientIvskApp = new GrumpkinScalar(0x0f4d97c25d578f9348251a71ca17ae314828f8f95676ebb481df163f87fd4022n); + const recipientIvsk = new GrumpkinScalar(0x0f4d97c25d578f9348251a71ca17ae314828f8f95676ebb481df163f87fd4022n); const senderOvskApp = new GrumpkinScalar(0x089c6887cb1446d86c64e81afc78048b74d2e28c6bc5176ac02cf7c7d36a444en); const ephPk = grumpkin.mul(Grumpkin.generator, ephSk); - const recipientIvpkApp = grumpkin.mul(Grumpkin.generator, recipientIvskApp); + const recipientIvpk = grumpkin.mul(Grumpkin.generator, recipientIvsk); const recipientAddress = AztecAddress.fromBigInt(BigInt('0xdeadbeef')); - const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpkApp); + const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpk); const encrypted = body.computeCiphertext(senderOvskApp, ephPk); diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.ts index bbc3b8b5375..4d0b48b8bb3 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_outgoing_body.ts @@ -4,7 +4,7 @@ import { poseidon2Hash } from '@aztec/foundation/crypto'; import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize'; export class EncryptedLogOutgoingBody { - constructor(public ephSk: GrumpkinScalar, public recipient: AztecAddress, public recipientIvpkApp: PublicKey) {} + constructor(public ephSk: GrumpkinScalar, public recipient: AztecAddress, public recipientIvpk: PublicKey) {} /** * Serializes the log body @@ -14,7 +14,7 @@ export class EncryptedLogOutgoingBody { public toBuffer(): Buffer { // The serialization of Fq is [high, low] check `grumpkin_private_key.nr` const ephSkBytes = serializeToBuffer([this.ephSk.hi, this.ephSk.lo]); - return serializeToBuffer(ephSkBytes, this.recipient, this.recipientIvpkApp); + return serializeToBuffer(ephSkBytes, this.recipient, this.recipientIvpk); } /** @@ -29,9 +29,9 @@ export class EncryptedLogOutgoingBody { const low = reader.readObject(Fr); const ephSk = GrumpkinScalar.fromHighLow(high, low); const recipient = reader.readObject(AztecAddress); - const recipientIvpkApp = reader.readObject(Point); // PublicKey = Point + const recipientIvpk = reader.readObject(Point); // PublicKey = Point - return new EncryptedLogOutgoingBody(ephSk, recipient, recipientIvpkApp); + return new EncryptedLogOutgoingBody(ephSk, recipient, recipientIvpk); } /** diff --git a/yarn-project/circuit-types/src/logs/l1_payload/l1_payload.ts b/yarn-project/circuit-types/src/logs/l1_payload/l1_payload.ts index 97043f37576..26def7fedd4 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/l1_payload.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/l1_payload.ts @@ -3,8 +3,6 @@ import { type GrumpkinScalar, type KeyValidationRequest, type PublicKey, - computeIvpkApp, - computeIvskApp, computeOvskApp, derivePublicKeyFromSecretKey, } from '@aztec/circuits.js'; @@ -64,11 +62,9 @@ export abstract class L1Payload { const incomingHeaderCiphertext = header.computeCiphertext(ephSk, ivpk); const outgoingHeaderCiphertext = header.computeCiphertext(ephSk, ovKeys.pkM); - const ivpkApp = computeIvpkApp(ivpk, contractAddress); + const incomingBodyCiphertext = incomingBody.computeCiphertext(ephSk, ivpk); - const incomingBodyCiphertext = incomingBody.computeCiphertext(ephSk, ivpkApp); - - const outgoingBodyCiphertext = new EncryptedLogOutgoingBody(ephSk, recipient, ivpkApp).computeCiphertext( + const outgoingBodyCiphertext = new EncryptedLogOutgoingBody(ephSk, recipient, ivpk).computeCiphertext( ovKeys.skAppAsGrumpkinScalar, ephPk, ); @@ -97,7 +93,7 @@ export abstract class L1Payload { protected static _decryptAsIncoming( data: Buffer, ivsk: GrumpkinScalar, - fromCiphertext: (incomingBodySlice: Buffer, ivskApp: GrumpkinScalar, ephPk: Point) => T, + fromCiphertext: (incomingBodySlice: Buffer, ivsk: GrumpkinScalar, ephPk: Point) => T, ): [AztecAddress, T] { const reader = BufferReader.asReader(data); @@ -112,8 +108,7 @@ export abstract class L1Payload { // The incoming can be of variable size, so we read until the end const incomingBodySlice = reader.readToEnd(); - const ivskApp = computeIvskApp(ivsk, incomingHeader.address); - const incomingBody = fromCiphertext(incomingBodySlice, ivskApp, ephPk); + const incomingBody = fromCiphertext(incomingBodySlice, ivsk, ephPk); return [incomingHeader.address, incomingBody]; } @@ -134,7 +129,7 @@ export abstract class L1Payload { protected static _decryptAsOutgoing( data: Buffer, ovsk: GrumpkinScalar, - fromCiphertext: (incomingBodySlice: Buffer, ivskApp: GrumpkinScalar, ephPk: Point) => T, + fromCiphertext: (incomingBodySlice: Buffer, ivsk: GrumpkinScalar, ephPk: Point) => T, ): [AztecAddress, T] { const reader = BufferReader.asReader(data); @@ -150,7 +145,7 @@ export abstract class L1Payload { // The incoming can be of variable size, so we read until the end const incomingBodySlice = reader.readToEnd(); - const incomingBody = fromCiphertext(incomingBodySlice, outgoingBody.ephSk, outgoingBody.recipientIvpkApp); + const incomingBody = fromCiphertext(incomingBodySlice, outgoingBody.ephSk, outgoingBody.recipientIvpk); return [outgoingHeader.address, incomingBody]; } diff --git a/yarn-project/circuit-types/src/logs/l1_payload/tagged_log.test.ts b/yarn-project/circuit-types/src/logs/l1_payload/tagged_log.test.ts index d2906eed6c2..d2dc9f3f57a 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/tagged_log.test.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/tagged_log.test.ts @@ -71,8 +71,10 @@ describe('L1 Note Payload', () => { const ephSk = new GrumpkinScalar(0x1358d15019d4639393d62b97e1588c095957ce74a1c32d6ec7d62fe6705d9538n); - // TODO: (#7177) This value needs to be populated! - const recipientAddress = AztecAddress.ZERO; + const recipientAddress = AztecAddress.fromString( + '0x10ee41ee4b62703b16f61e03cb0d88c4b306a9eb4a6ceeb2aff13428541689a2', + ); + const ivpk = derivePublicKeyFromSecretKey(ivskM); const taggedLog = new TaggedLog(payload, new Fr(0), new Fr(0)); @@ -80,7 +82,7 @@ describe('L1 Note Payload', () => { const encrypted = taggedLog.encrypt(ephSk, recipientAddress, ivpk, ovKeys).toString('hex'); expect(encrypted).toMatchInlineSnapshot( - `"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d460c0e434d846ec1ea286e4090eb56376ff27bddc1aacae1d856549f701fa711a034d916bf54af198535dc02fb2069c6931883ca70958842cdfe0386c36549d413e82a27bfa5b7080712764a455b924510b865903019befeb5df18b7af769fb0873effa97caa035c517a6b417d5f616ec6c84a93d95d17e3543b0f4b6c7a31e6e4f6cfad073c104aecc966ed30b3dfbfdff84ea73dcb1972df3a3cb4ff74aa88adb228027de514dc521cbf938589012df3e58c73a5969a601678dfedd5b6fcc008842b1538f37490b64b101edede3ccd93d635293e3510937548a9dc7dd0d20cbacc8f723265509d37490b7d1becca02f25199cea5d7d774325db1ecf01aa444a05b88fa27b116252652f8377d6c26ead19745bb966978bbecd4a14e1606e7e56ef82316fe1120bf4b23fce36f2e923415ab691470e98fb163b9c1a4f6c03eeaafc69d1fe6e9ed1a41184148dcf7df3d4bf6905e6384eb955d03738384faee8ac2e9909c8c012a2c0cd65e89823869957c51b201494f9c1a41a31298748a809e3f97cd974944addc7ed54870ed0febb2d97a92e059d5d922ac04a42866dcaedefadd95eeae6141b7ffa88b437a7c295993ff6d39c596aebadd3213d80e64b0"`, + `"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d460c0e434d846ec1ea286e4090eb56376ff27bddc1aacae1d856549f701fa711a034d916bf54af198535dc02fb2069c6931883ca70958842cdfe0386c36549d413e82a27bfa5b7080712764a455b924510b865903019befeb5df18b7af769fb0873effa97caa035c517a6b417d5f616ec6c84a93d95d17e3543b0f4b6c7a31e6e4f6cfad073c104aecc966ed30b3dfbfdff84ea73dcb1972df3a3cb4ff74aa88adb228027de514dc521cbf938589012df3e58c73a5969a601678dfedd5b6fcc008842b1538f37490b64b101edede3ccd93d635293e3510937548a9dc7dd0d22d41e92857588cedc8a109565280bf3304c3f36466f03681b0748b491b62de017563b233cf431d5368e73189d9f76facf5c6ab7b3929cbdbb187e302bdcd96ee5101cacaf48bc27bc394ffa9e22bea1ffc6923025b0c131a8672b8d25cbfbc07ace8a3bd26c738fbe1caf9117584a2713d4bf6905e6384eb955d03738384faee8ac2e9909c8c012a2c0cd65e89823869957c51b201494f9c1a41a31298748a809e3f97cd974944addc7ed54870ed0febb2d97a92e059d5d922ac04a42866dcaedefadd95eeae6141b7ffa88b437a7c295993ff6d39c596aebadd3213d80e64b0"`, ); const byteArrayString = `[${encrypted.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`; diff --git a/yarn-project/circuits.js/src/keys/derivation.ts b/yarn-project/circuits.js/src/keys/derivation.ts index 34934e248a8..a0d41dbd2f9 100644 --- a/yarn-project/circuits.js/src/keys/derivation.ts +++ b/yarn-project/circuits.js/src/keys/derivation.ts @@ -1,16 +1,13 @@ import { AztecAddress } from '@aztec/foundation/aztec-address'; import { poseidon2Hash, sha512ToGrumpkinScalar } from '@aztec/foundation/crypto'; -import { Fq, type Fr, GrumpkinScalar } from '@aztec/foundation/fields'; +import { type Fq, type Fr, GrumpkinScalar } from '@aztec/foundation/fields'; import { Grumpkin } from '../barretenberg/crypto/grumpkin/index.js'; import { GeneratorIndex } from '../constants.gen.js'; -import { type PublicKey } from '../types/public_key.js'; import { PublicKeys } from '../types/public_keys.js'; import { type KeyPrefix } from './key_types.js'; import { getKeyGenerator } from './utils.js'; -const curve = new Grumpkin(); - export function computeAppNullifierSecretKey(masterNullifierSecretKey: GrumpkinScalar, app: AztecAddress): Fr { return computeAppSecretKey(masterNullifierSecretKey, app, 'n'); // 'n' is the key prefix for nullifier secret key } @@ -20,25 +17,6 @@ export function computeAppSecretKey(skM: GrumpkinScalar, app: AztecAddress, keyP return poseidon2Hash([skM.hi, skM.lo, app, generator]); } -export function computeIvpkApp(ivpk: PublicKey, address: AztecAddress) { - return ivpk; - // Computing the siloed key is actually useless because we can derive the master key from it - // Issue(#6955) - const I = Fq.fromBuffer(poseidon2Hash([address.toField(), ivpk.x, ivpk.y, GeneratorIndex.IVSK_M]).toBuffer()); - return curve.add(curve.mul(Grumpkin.generator, I), ivpk); -} - -export function computeIvskApp(ivsk: GrumpkinScalar, address: AztecAddress) { - return ivsk; - // Computing the siloed key is actually useless because we can derive the master key from it - // Issue(#6955) - const ivpk = curve.mul(Grumpkin.generator, ivsk); - // Here we are intentionally converting Fr (output of poseidon) to Fq. This is fine even though a distribution of - // P = s * G will not be uniform because 2 * (q - r) / q is small. - const I = Fq.fromBuffer(poseidon2Hash([address.toField(), ivpk.x, ivpk.y, GeneratorIndex.IVSK_M]).toBuffer()); - return new Fq((I.toBigInt() + ivsk.toBigInt()) % Fq.MODULUS); -} - export function computeOvskApp(ovsk: GrumpkinScalar, app: AztecAddress) { const ovskAppFr = computeAppSecretKey(ovsk, app, 'ov'); // 'ov' is the key prefix for outgoing viewing key // Here we are intentionally converting Fr (output of poseidon) to Fq. This is fine even though a distribution of diff --git a/yarn-project/end-to-end/src/e2e_encryption.test.ts b/yarn-project/end-to-end/src/e2e_encryption.test.ts index a06c934eebe..afa5751e0d6 100644 --- a/yarn-project/end-to-end/src/e2e_encryption.test.ts +++ b/yarn-project/end-to-end/src/e2e_encryption.test.ts @@ -113,18 +113,18 @@ describe('e2e_encryption', () => { it('encrypts log outgoing body', async () => { const ephSk = GrumpkinScalar.random(); - const recipientIvskApp = GrumpkinScalar.random(); + const recipientIvsk = GrumpkinScalar.random(); const senderOvskApp = GrumpkinScalar.random(); const ephPk = grumpkin.mul(Grumpkin.generator, ephSk); - const recipientIvpkApp = grumpkin.mul(Grumpkin.generator, recipientIvskApp); + const recipientIvpk = grumpkin.mul(Grumpkin.generator, recipientIvsk); const recipientAddress = AztecAddress.fromBigInt(BigInt('0xdeadbeef')); - const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpkApp); + const body = new EncryptedLogOutgoingBody(ephSk, recipientAddress, recipientIvpk); const encrypted = await contract.methods - .compute_outgoing_log_body_ciphertext(ephSk, recipientAddress, recipientIvpkApp.toNoirStruct(), senderOvskApp) + .compute_outgoing_log_body_ciphertext(ephSk, recipientAddress, recipientIvpk.toNoirStruct(), senderOvskApp) .simulate(); expect(Buffer.from(encrypted.map((x: bigint) => Number(x)))).toEqual(body.computeCiphertext(senderOvskApp, ephPk));