init

AztecProtocol · Oct 24, 2024 · 18c87f9 · 18c87f9
1 parent 15127de
commit 18c87f9
Show file tree

Hide file tree

Showing 6 changed files with 92 additions and 57 deletions.
diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr
@@ -22,7 +22,7 @@ where
     let contract_address: AztecAddress = context.this_address();
     let plaintext = event.private_to_be_bytes(randomness);
     let encrypted_log: [u8; 416 + N * 32] =
-        compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
+        compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext);
     let log_hash = sha256_to_field(encrypted_log);
     (encrypted_log, log_hash)
 }

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr
@@ -30,7 +30,7 @@ where
 
     let plaintext = note.to_be_bytes(storage_slot);
     let encrypted_log: [u8; 416 + N * 32] =
-        compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext);
+        compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext);
     let log_hash = sha256_to_field(encrypted_log);
 
     (note_hash_counter, encrypted_log, log_hash)
@@ -122,7 +122,6 @@ pub fn encrypt_and_emit_partial_log<let M: u32>(
         context.this_address(),
         ovsk_app,
         recipient_keys.ovpk_m,
-        recipient_keys.ivpk_m,
         recipient,
         log_plaintext,
     );

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
@@ -12,30 +12,26 @@ use crate::{
     encrypted_logs::header::EncryptedLogHeader,
     keys::point_to_symmetric_key::point_to_symmetric_key,
 };
+use protocol_types::public_keys::AddressPoint;
 
 pub fn compute_encrypted_log<let P: u32, let M: u32>(
     contract_address: AztecAddress,
     ovsk_app: Field,
     ovpk: OvpkM,
-    ivpk: IvpkM,
     recipient: AztecAddress,
     plaintext: [u8; P],
 ) -> [u8; M] {
     let (eph_sk, eph_pk) = generate_ephemeral_key_pair();
 
     let header = EncryptedLogHeader::new(contract_address);
 
-    let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, recipient);
+    let incoming_header_ciphertext: [u8; 48] =
+        header.compute_ciphertext(eph_sk, recipient.to_address_point());
     let outgoing_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk);
     let incoming_body_ciphertext =
-        compute_incoming_body_ciphertext(plaintext, eph_sk, IvpkM { inner: recipient.to_point() });
-    let outgoing_body_ciphertext: [u8; 144] = compute_outgoing_body_ciphertext(
-        recipient,
-        IvpkM { inner: recipient.to_point() },
-        fr_to_fq(ovsk_app),
-        eph_sk,
-        eph_pk,
-    );
+        compute_incoming_body_ciphertext(plaintext, eph_sk, recipient.to_address_point());
+    let outgoing_body_ciphertext: [u8; 144] =
+        compute_outgoing_body_ciphertext(recipient, fr_to_fq(ovsk_app), eph_sk, eph_pk);
 
     let mut encrypted_bytes: [u8; M] = [0; M];
     // @todo We ignore the tags for now
@@ -96,9 +92,9 @@ fn generate_ephemeral_key_pair() -> (Scalar, Point) {
 pub fn compute_incoming_body_ciphertext<let P: u32>(
     plaintext: [u8; P],
     eph_sk: Scalar,
-    ivpk: IvpkM,
+    address_point: AddressPoint,
 ) -> [u8] {
-    let full_key = point_to_symmetric_key(eph_sk, ivpk.to_point());
+    let full_key = point_to_symmetric_key(eph_sk, address_point.to_point());
     let mut sym_key = [0; 16];
     let mut iv = [0; 16];
 
@@ -113,7 +109,6 @@ pub fn compute_incoming_body_ciphertext<let P: u32>(
 /// be able to derive the key with which the incoming log can be decrypted.
 pub fn compute_outgoing_body_ciphertext(
     recipient: AztecAddress,
-    recipient_ivpk: IvpkM,
     ovsk_app: Scalar,
     eph_sk: Scalar,
     eph_pk: Point,
@@ -126,7 +121,7 @@ pub fn compute_outgoing_body_ciphertext(
     let serialized_eph_sk_low: [u8; 32] = eph_sk.lo.to_be_bytes();
 
     let address_bytes: [u8; 32] = recipient.to_field().to_be_bytes();
-    let serialized_recipient_ivpk = point_to_bytes(recipient_ivpk.to_point());
+    let serialized_recipient_ivpk = point_to_bytes(recipient.to_address_point().to_point());
 
     for i in 0..32 {
         buffer[i] = serialized_eph_sk_high[i];
@@ -163,6 +158,7 @@ mod test {
         address::AztecAddress, public_keys::{OvpkM, IvpkM}, point::Point, scalar::Scalar,
     };
     use std::test::OracleMock;
+    use protocol_types::public_keys::AddressPoint;
 
     #[test]
     unconstrained fn test_encrypted_log_matches_typescript() {
@@ -203,16 +199,10 @@ mod test {
             0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
         );
 
-        let log: [u8; 448] = compute_encrypted_log(
-            contract_address,
-            ovsk_app,
-            ovpk_m,
-            ivpk_m,
-            recipient,
-            plaintext,
-        );
+        let log: [u8; 448] =
+            compute_encrypted_log(contract_address, ovsk_app, ovpk_m, recipient, plaintext);
 
-        // The following value was generated by `tagged_log.test.ts`
+        // The following value was generated by `encrypted_log_payload.test.ts`
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
         let encrypted_log_from_typescript = [
             0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@@ -249,7 +239,7 @@ mod test {
             lo: 0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
             hi: 0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
         };
-        let ivpk = IvpkM {
+        let address_point = AddressPoint {
             inner: Point {
                 x: 0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186,
                 y: 0x1e96887b117afca01c00468264f4f80b5bb16d94c1808a448595f115556e5c8e,
@@ -267,7 +257,7 @@ mod test {
 
         // `compute_incoming_body_ciphertext(...)` function then derives symmetric key from `eph_sk` and `ivpk` and encrypts
         // the note plaintext using AES-128.
-        let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, ivpk);
+        let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, address_point);
 
         // The following value was generated by `encrypted_note_log_incoming_body.test.ts`.
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
@@ -297,39 +287,31 @@ mod test {
             lo: 0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe,
             hi: 0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb,
         };
-        let recipient_ivsk = Scalar {
-            lo: 0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022,
-            hi: 0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31,
-        };
+
         let sender_ovsk_app = Scalar {
             lo: 0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444e,
             hi: 0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048b,
         };
 
         let eph_pk = derive_public_key(eph_sk);
-        let recipient_ivpk = IvpkM { inner: derive_public_key(recipient_ivsk) };
-
-        let recipient = AztecAddress::from_field(0xdeadbeef);
-
-        let ciphertext = compute_outgoing_body_ciphertext(
-            recipient,
-            recipient_ivpk,
-            sender_ovsk_app,
-            eph_sk,
-            eph_pk,
+        let recipient = AztecAddress::from_field(
+            0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
         );
 
-        // The following value was generated by `encrypted_log_outgoing_body.test.ts`
+        let ciphertext =
+            compute_outgoing_body_ciphertext(recipient, sender_ovsk_app, eph_sk, eph_pk);
+
+        // The following value was generated by `encrypted_log_payload.test.ts`
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
         let outgoing_body_ciphertext_from_typescript = [
             127, 182, 227, 75, 192, 197, 54, 47, 168, 134, 233, 148, 251, 46, 86, 12, 73, 50, 238,
             50, 31, 174, 27, 202, 110, 77, 161, 197, 244, 124, 17, 100, 143, 150, 232, 14, 156, 248,
             43, 177, 16, 82, 244, 103, 88, 74, 84, 200, 15, 65, 187, 14, 163, 60, 91, 22, 104, 31,
-            211, 190, 124, 121, 79, 92, 239, 65, 185, 106, 51, 178, 168, 137, 84, 43, 79, 158, 151,
-            152, 83, 42, 170, 13, 106, 209, 254, 74, 39, 145, 73, 215, 17, 234, 196, 89, 30, 58,
-            120, 127, 88, 69, 121, 61, 18, 206, 89, 118, 243, 238, 177, 71, 73, 47, 147, 4, 155, 25,
-            173, 248, 206, 52, 17, 180, 122, 186, 106, 191, 252, 102, 197, 91, 16, 39, 94, 91, 224,
-            30, 168, 177, 26, 144, 5, 124, 128, 6,
+            211, 190, 124, 121, 79, 92, 238, 182, 194, 225, 34, 71, 67, 116, 27, 231, 68, 161, 147,
+            94, 53, 195, 83, 237, 172, 52, 173, 229, 26, 234, 107, 43, 82, 68, 16, 105, 37, 125,
+            117, 86, 133, 50, 21, 92, 74, 229, 105, 141, 83, 229, 255, 251, 21, 61, 234, 61, 168,
+            221, 106, 231, 8, 73, 208, 60, 251, 46, 251, 228, 148, 144, 187, 195, 38, 18, 223, 153,
+            8, 121, 178, 84, 237, 148, 254, 219, 59, 62,
         ];
 
         assert_eq(outgoing_body_ciphertext_from_typescript, ciphertext);

diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr b/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr
@@ -24,6 +24,7 @@ use std::{
     ec::{sqrt, pow},
     embedded_curve_ops::{fixed_base_scalar_mul as derive_public_key, EmbeddedCurveScalar},
 };
+use crate::public_keys::AddressPoint;
 
 // Aztec address
 pub struct AztecAddress {
@@ -66,8 +67,12 @@ impl Deserialize<AZTEC_ADDRESS_LENGTH> for AztecAddress {
     }
 }
 
-impl ToPoint for AztecAddress {
-    fn to_point(self) -> Point {
+impl AztecAddress {
+    pub fn zero() -> Self {
+        Self { inner: 0 }
+    }
+
+    pub fn to_address_point(self) -> AddressPoint {
         // Calculate y^2 = x^3 - 17
         let y_squared = pow(self.inner, 3) - 17;
 
@@ -84,13 +89,7 @@ impl ToPoint for AztecAddress {
             y = (BN254_FR_MODULUS_DIV_2 + BN254_FR_MODULUS_DIV_2 + 1) - y;
         }
 
-        Point { x: self.inner, y, is_infinite: false }
-    }
-}
-
-impl AztecAddress {
-    pub fn zero() -> Self {
-        Self { inner: 0 }
+        AddressPoint { inner: Point { x: self.inner, y, is_infinite: false } }
     }
 
     pub fn compute_preaddress(

diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr b/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr
@@ -193,6 +193,16 @@ impl Deserialize<PUBLIC_KEYS_LENGTH> for PublicKeys {
     }
 }
 
+pub struct AddressPoint {
+    inner: Point,
+}
+
+impl ToPoint for AddressPoint {
+    fn to_point(self) -> Point {
+        self.inner
+    }
+}
+
 #[test]
 unconstrained fn compute_public_keys_hash() {
     let keys = PublicKeys {

diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts
@@ -10,9 +10,12 @@ import {
 } from '@aztec/circuits.js';
 import { randomBytes } from '@aztec/foundation/crypto';
 import { Fr, GrumpkinScalar } from '@aztec/foundation/fields';
+import { serializeToBuffer } from '@aztec/foundation/serialize';
 import { updateInlineTestData } from '@aztec/foundation/testing';
 
 import { EncryptedLogPayload } from './encrypted_log_payload.js';
+import { encrypt } from './encryption_util.js';
+import { derivePoseidonAESSecret } from './shared_secret_derivation.js';
 
 // placeholder value until tagging is implemented
 const PLACEHOLDER_TAG = new Fr(33);
@@ -59,6 +62,48 @@ describe('EncryptedLogPayload', () => {
     });
   });
 
+  it('outgoing ciphertest matches Noir', () => {
+    const ephSk = GrumpkinScalar.fromHighLow(
+      new Fr(0x000000000000000000000000000000000f096b423017226a18461115fa8d34bbn),
+      new Fr(0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fen),
+    );
+
+    const senderOvskApp = GrumpkinScalar.fromHighLow(
+      new Fr(0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048bn),
+      new Fr(0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444en),
+    );
+
+    const ephPk = derivePublicKeyFromSecretKey(ephSk);
+
+    const recipient = AztecAddress.fromBigInt(0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70cn);
+
+    const outgoingBodyPlaintext = serializeToBuffer(
+      ephSk.hi,
+      ephSk.lo,
+      recipient,
+      computePoint(recipient).toCompressedBuffer(),
+    );
+    const outgoingBodyCiphertext = encrypt(
+      outgoingBodyPlaintext,
+      senderOvskApp,
+      ephPk,
+      derivePoseidonAESSecret,
+    ).toString('hex');
+
+    expect(outgoingBodyCiphertext).toMatchInlineSnapshot(
+      `"7fb6e34bc0c5362fa886e994fb2e560c4932ee321fae1bca6e4da1c5f47c11648f96e80e9cf82bb11052f467584a54c80f41bb0ea33c5b16681fd3be7c794f5ceeb6c2e1224743741be744a1935e35c353edac34ade51aea6b2b52441069257d75568532155c4ae5698d53e5fffb153dea3da8dd6ae70849d03cfb2efbe49490bbc32612df990879b254ed94fedb3b3e"`,
+    );
+
+    const byteArrayString = `[${outgoingBodyCiphertext.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`;
+
+    // Run with AZTEC_GENERATE_TEST_DATA=1 to update noir test data
+    updateInlineTestData(
+      'noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr',
+      'outgoing_body_ciphertext_from_typescript',
+      byteArrayString,
+    );
+  });
+
   it('encrypted tagged log matches Noir', () => {
     // All the values in this test were arbitrarily set and copied over to `payload.nr`
     const contract = AztecAddress.fromString('0x10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e04');