From 311f628f68256df0a907d12aeadf2f45b4839812 Mon Sep 17 00:00:00 2001 From: sklppy88 Date: Thu, 24 Oct 2024 04:43:41 +0000 Subject: [PATCH] init --- .../encrypted_event_emission.nr | 2 +- .../encrypted_logs/encrypted_note_emission.nr | 3 +- .../aztec/src/encrypted_logs/payload.nr | 72 +++++++------------ .../crates/types/src/address/aztec_address.nr | 17 +++-- .../crates/types/src/public_keys.nr | 10 +++ .../l1_payload/encrypted_log_payload.test.ts | 45 ++++++++++++ .../src/protocol_contract_data.ts | 14 ++-- 7 files changed, 99 insertions(+), 64 deletions(-) diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr index 960313d961f..890567a8855 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_event_emission.nr @@ -22,7 +22,7 @@ where let contract_address: AztecAddress = context.this_address(); let plaintext = event.private_to_be_bytes(randomness); let encrypted_log: [u8; 416 + N * 32] = - compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext); + compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext); let log_hash = sha256_to_field(encrypted_log); (encrypted_log, log_hash) } diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr index 698da4ee6e7..aa692112420 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/encrypted_note_emission.nr @@ -30,7 +30,7 @@ where let plaintext = note.to_be_bytes(storage_slot); let encrypted_log: [u8; 416 + N * 32] = - compute_encrypted_log(contract_address, ovsk_app, ovpk, ivpk, recipient, plaintext); + compute_encrypted_log(contract_address, ovsk_app, ovpk, recipient, plaintext); let log_hash = sha256_to_field(encrypted_log); (note_hash_counter, encrypted_log, log_hash) @@ -122,7 +122,6 @@ pub fn encrypt_and_emit_partial_log( context.this_address(), ovsk_app, recipient_keys.ovpk_m, - recipient_keys.ivpk_m, recipient, log_plaintext, ); diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr index ed3e81bddb7..e8b922f182a 100644 --- a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr +++ b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr @@ -12,12 +12,12 @@ use crate::{ encrypted_logs::header::EncryptedLogHeader, keys::point_to_symmetric_key::point_to_symmetric_key, }; +use protocol_types::public_keys::AddressPoint; pub fn compute_encrypted_log( contract_address: AztecAddress, ovsk_app: Field, ovpk: OvpkM, - ivpk: IvpkM, recipient: AztecAddress, plaintext: [u8; P], ) -> [u8; M] { @@ -25,17 +25,13 @@ pub fn compute_encrypted_log( let header = EncryptedLogHeader::new(contract_address); - let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, recipient); + let incoming_header_ciphertext: [u8; 48] = + header.compute_ciphertext(eph_sk, recipient.to_address_point()); let outgoing_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk); let incoming_body_ciphertext = - compute_incoming_body_ciphertext(plaintext, eph_sk, IvpkM { inner: recipient.to_point() }); - let outgoing_body_ciphertext: [u8; 144] = compute_outgoing_body_ciphertext( - recipient, - IvpkM { inner: recipient.to_point() }, - fr_to_fq(ovsk_app), - eph_sk, - eph_pk, - ); + compute_incoming_body_ciphertext(plaintext, eph_sk, recipient.to_address_point()); + let outgoing_body_ciphertext: [u8; 144] = + compute_outgoing_body_ciphertext(recipient, fr_to_fq(ovsk_app), eph_sk, eph_pk); let mut encrypted_bytes: [u8; M] = [0; M]; // @todo We ignore the tags for now @@ -96,9 +92,9 @@ fn generate_ephemeral_key_pair() -> (Scalar, Point) { pub fn compute_incoming_body_ciphertext( plaintext: [u8; P], eph_sk: Scalar, - ivpk: IvpkM, + address_point: AddressPoint, ) -> [u8] { - let full_key = point_to_symmetric_key(eph_sk, ivpk.to_point()); + let full_key = point_to_symmetric_key(eph_sk, address_point.to_point()); let mut sym_key = [0; 16]; let mut iv = [0; 16]; @@ -113,7 +109,6 @@ pub fn compute_incoming_body_ciphertext( /// be able to derive the key with which the incoming log can be decrypted. pub fn compute_outgoing_body_ciphertext( recipient: AztecAddress, - recipient_ivpk: IvpkM, ovsk_app: Scalar, eph_sk: Scalar, eph_pk: Point, @@ -126,7 +121,7 @@ pub fn compute_outgoing_body_ciphertext( let serialized_eph_sk_low: [u8; 32] = eph_sk.lo.to_be_bytes(); let address_bytes: [u8; 32] = recipient.to_field().to_be_bytes(); - let serialized_recipient_ivpk = point_to_bytes(recipient_ivpk.to_point()); + let serialized_recipient_ivpk = point_to_bytes(recipient.to_address_point().to_point()); for i in 0..32 { buffer[i] = serialized_eph_sk_high[i]; @@ -163,6 +158,7 @@ mod test { address::AztecAddress, public_keys::{OvpkM, IvpkM}, point::Point, scalar::Scalar, }; use std::test::OracleMock; + use protocol_types::public_keys::AddressPoint; #[test] unconstrained fn test_encrypted_log_matches_typescript() { @@ -203,16 +199,10 @@ mod test { 0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c, ); - let log: [u8; 448] = compute_encrypted_log( - contract_address, - ovsk_app, - ovpk_m, - ivpk_m, - recipient, - plaintext, - ); + let log: [u8; 448] = + compute_encrypted_log(contract_address, ovsk_app, ovpk_m, recipient, plaintext); - // The following value was generated by `tagged_log.test.ts` + // The following value was generated by `encrypted_log_payload.test.ts` // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data. let encrypted_log_from_typescript = [ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -249,7 +239,7 @@ mod test { lo: 0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd, hi: 0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06, }; - let ivpk = IvpkM { + let address_point = AddressPoint { inner: Point { x: 0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186, y: 0x1e96887b117afca01c00468264f4f80b5bb16d94c1808a448595f115556e5c8e, @@ -267,7 +257,7 @@ mod test { // `compute_incoming_body_ciphertext(...)` function then derives symmetric key from `eph_sk` and `ivpk` and encrypts // the note plaintext using AES-128. - let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, ivpk); + let ciphertext = compute_incoming_body_ciphertext(plaintext, eph_sk, address_point); // The following value was generated by `encrypted_note_log_incoming_body.test.ts`. // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data. @@ -297,39 +287,31 @@ mod test { lo: 0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe, hi: 0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb, }; - let recipient_ivsk = Scalar { - lo: 0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022, - hi: 0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31, - }; + let sender_ovsk_app = Scalar { lo: 0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444e, hi: 0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048b, }; let eph_pk = derive_public_key(eph_sk); - let recipient_ivpk = IvpkM { inner: derive_public_key(recipient_ivsk) }; - - let recipient = AztecAddress::from_field(0xdeadbeef); - - let ciphertext = compute_outgoing_body_ciphertext( - recipient, - recipient_ivpk, - sender_ovsk_app, - eph_sk, - eph_pk, + let recipient = AztecAddress::from_field( + 0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c, ); - // The following value was generated by `encrypted_log_outgoing_body.test.ts` + let ciphertext = + compute_outgoing_body_ciphertext(recipient, sender_ovsk_app, eph_sk, eph_pk); + + // The following value was generated by `encrypted_log_payload.test.ts` // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data. let outgoing_body_ciphertext_from_typescript = [ 127, 182, 227, 75, 192, 197, 54, 47, 168, 134, 233, 148, 251, 46, 86, 12, 73, 50, 238, 50, 31, 174, 27, 202, 110, 77, 161, 197, 244, 124, 17, 100, 143, 150, 232, 14, 156, 248, 43, 177, 16, 82, 244, 103, 88, 74, 84, 200, 15, 65, 187, 14, 163, 60, 91, 22, 104, 31, - 211, 190, 124, 121, 79, 92, 239, 65, 185, 106, 51, 178, 168, 137, 84, 43, 79, 158, 151, - 152, 83, 42, 170, 13, 106, 209, 254, 74, 39, 145, 73, 215, 17, 234, 196, 89, 30, 58, - 120, 127, 88, 69, 121, 61, 18, 206, 89, 118, 243, 238, 177, 71, 73, 47, 147, 4, 155, 25, - 173, 248, 206, 52, 17, 180, 122, 186, 106, 191, 252, 102, 197, 91, 16, 39, 94, 91, 224, - 30, 168, 177, 26, 144, 5, 124, 128, 6, + 211, 190, 124, 121, 79, 92, 238, 182, 194, 225, 34, 71, 67, 116, 27, 231, 68, 161, 147, + 94, 53, 195, 83, 237, 172, 52, 173, 229, 26, 234, 107, 43, 82, 68, 16, 105, 37, 125, + 117, 86, 133, 50, 21, 92, 74, 229, 105, 141, 83, 229, 255, 251, 21, 61, 234, 61, 168, + 221, 106, 231, 8, 73, 208, 60, 251, 46, 251, 228, 148, 144, 187, 195, 38, 18, 223, 153, + 8, 121, 178, 84, 237, 148, 254, 219, 59, 62, ]; assert_eq(outgoing_body_ciphertext_from_typescript, ciphertext); diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr b/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr index 6edbd0f973c..398131924b5 100644 --- a/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr +++ b/noir-projects/noir-protocol-circuits/crates/types/src/address/aztec_address.nr @@ -24,6 +24,7 @@ use std::{ ec::{sqrt, pow}, embedded_curve_ops::{fixed_base_scalar_mul as derive_public_key, EmbeddedCurveScalar}, }; +use crate::public_keys::AddressPoint; // Aztec address pub struct AztecAddress { @@ -66,8 +67,12 @@ impl Deserialize for AztecAddress { } } -impl ToPoint for AztecAddress { - fn to_point(self) -> Point { +impl AztecAddress { + pub fn zero() -> Self { + Self { inner: 0 } + } + + pub fn to_address_point(self) -> AddressPoint { // Calculate y^2 = x^3 - 17 let y_squared = pow(self.inner, 3) - 17; @@ -84,13 +89,7 @@ impl ToPoint for AztecAddress { y = (BN254_FR_MODULUS_DIV_2 + BN254_FR_MODULUS_DIV_2 + 1) - y; } - Point { x: self.inner, y, is_infinite: false } - } -} - -impl AztecAddress { - pub fn zero() -> Self { - Self { inner: 0 } + AddressPoint { inner: Point { x: self.inner, y, is_infinite: false } } } pub fn compute_preaddress( diff --git a/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr b/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr index 65bb1defab9..9b59d6df97d 100644 --- a/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr +++ b/noir-projects/noir-protocol-circuits/crates/types/src/public_keys.nr @@ -193,6 +193,16 @@ impl Deserialize for PublicKeys { } } +pub struct AddressPoint { + inner: Point, +} + +impl ToPoint for AddressPoint { + fn to_point(self) -> Point { + self.inner + } +} + #[test] unconstrained fn compute_public_keys_hash() { let keys = PublicKeys { diff --git a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts index 2003e253b2b..f53a8bf3071 100644 --- a/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts +++ b/yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts @@ -10,9 +10,12 @@ import { } from '@aztec/circuits.js'; import { randomBytes } from '@aztec/foundation/crypto'; import { Fr, GrumpkinScalar } from '@aztec/foundation/fields'; +import { serializeToBuffer } from '@aztec/foundation/serialize'; import { updateInlineTestData } from '@aztec/foundation/testing'; import { EncryptedLogPayload } from './encrypted_log_payload.js'; +import { encrypt } from './encryption_util.js'; +import { derivePoseidonAESSecret } from './shared_secret_derivation.js'; // placeholder value until tagging is implemented const PLACEHOLDER_TAG = new Fr(33); @@ -59,6 +62,48 @@ describe('EncryptedLogPayload', () => { }); }); + it('outgoing ciphertest matches Noir', () => { + const ephSk = GrumpkinScalar.fromHighLow( + new Fr(0x000000000000000000000000000000000f096b423017226a18461115fa8d34bbn), + new Fr(0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fen), + ); + + const senderOvskApp = GrumpkinScalar.fromHighLow( + new Fr(0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048bn), + new Fr(0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444en), + ); + + const ephPk = derivePublicKeyFromSecretKey(ephSk); + + const recipient = AztecAddress.fromBigInt(0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70cn); + + const outgoingBodyPlaintext = serializeToBuffer( + ephSk.hi, + ephSk.lo, + recipient, + computePoint(recipient).toCompressedBuffer(), + ); + const outgoingBodyCiphertext = encrypt( + outgoingBodyPlaintext, + senderOvskApp, + ephPk, + derivePoseidonAESSecret, + ).toString('hex'); + + expect(outgoingBodyCiphertext).toMatchInlineSnapshot( + `"7fb6e34bc0c5362fa886e994fb2e560c4932ee321fae1bca6e4da1c5f47c11648f96e80e9cf82bb11052f467584a54c80f41bb0ea33c5b16681fd3be7c794f5ceeb6c2e1224743741be744a1935e35c353edac34ade51aea6b2b52441069257d75568532155c4ae5698d53e5fffb153dea3da8dd6ae70849d03cfb2efbe49490bbc32612df990879b254ed94fedb3b3e"`, + ); + + const byteArrayString = `[${outgoingBodyCiphertext.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`; + + // Run with AZTEC_GENERATE_TEST_DATA=1 to update noir test data + updateInlineTestData( + 'noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr', + 'outgoing_body_ciphertext_from_typescript', + byteArrayString, + ); + }); + it('encrypted tagged log matches Noir', () => { // All the values in this test were arbitrarily set and copied over to `payload.nr` const contract = AztecAddress.fromString('0x10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e04'); diff --git a/yarn-project/protocol-contracts/src/protocol_contract_data.ts b/yarn-project/protocol-contracts/src/protocol_contract_data.ts index 48ce95ad950..4096a51b165 100644 --- a/yarn-project/protocol-contracts/src/protocol_contract_data.ts +++ b/yarn-project/protocol-contracts/src/protocol_contract_data.ts @@ -50,14 +50,14 @@ export const ProtocolContractAddress: Record }; export const ProtocolContractLeaf = { - AuthRegistry: Fr.fromString('0x087d102766af335cf7654eb5d946dccf114d0eb1e86dc788cbc10d87e1c84fd0'), - ContractInstanceDeployer: Fr.fromString('0x10141a7093a1050d38fc0467c6c81ca7beb158ef47095145ce4edd52be7ef661'), - ContractClassRegisterer: Fr.fromString('0x074de3b4ee658fd695a1be6c4f9f10fe3042b948955436e0e20c31c7027cfaef'), - MultiCallEntrypoint: Fr.fromString('0x19bc0ab26e84d8b2551cb3c83000a5da0f6958056fcaa91f63c14c35e266ef0d'), - FeeJuice: Fr.fromString('0x033a034d778d077970ae6108253a4971e37af6bd163d80b3be184c5838045eda'), - Router: Fr.fromString('0x24eed1db8f33a2db1611412c16157a28a57c7bef4794844c4ef228d538438ac8'), + AuthRegistry: Fr.fromString('0x25287d474d84b6ecb5d4f5e90b8efe5969a35ddb9d605077e5df17dac0f2aa58'), + ContractInstanceDeployer: Fr.fromString('0x1b92794557c9c6694ede81d4ea8909f786fe37ec51018d673f9ed6d8df09fcb2'), + ContractClassRegisterer: Fr.fromString('0x034af167c41eeb46cb695f9fc56824b3339b23aa670ebfef7bf5d3c8dd5c13d4'), + MultiCallEntrypoint: Fr.fromString('0x009d1fc8ca80534c2de293ce6eedc71cc145e0562fd1af0826c734c77b1543a5'), + FeeJuice: Fr.fromString('0x07c4d7db5027bcdb7b71a60186a5e137d22bd8412d11fee0676d070c68d0f7ee'), + Router: Fr.fromString('0x12df324157fddc5be72e52e527416e3f7c70240deab1c953613d904232e1eb78'), }; export const protocolContractTreeRoot = Fr.fromString( - '0x1299197d756a2e86830d877cb2c5c71ab20aa4f97726fc7ccd2d468ce20d81a6', + '0x04180f14bbf7d65ec020746102a118a58c4aa4016cdd85a41614fc4d972607cf', );