refactor: replace usage of GrumpkinPrivateKey with `EmbeddedCurveSc…

…alar` (#7384)
AztecProtocol · Jul 9, 2024 · a917198 · a917198
1 parent 5279695
commit a917198
Show file tree

Hide file tree

Showing 60 changed files with 251 additions and 310 deletions.
diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/header.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/header.nr
@@ -1,4 +1,4 @@
-use dep::protocol_types::{address::AztecAddress, grumpkin_private_key::GrumpkinPrivateKey, point::Point};
+use dep::protocol_types::{address::AztecAddress, scalar::Scalar, point::Point};
 
 use crate::keys::point_to_symmetric_key::point_to_symmetric_key;
 
@@ -13,7 +13,7 @@ impl EncryptedLogHeader {
         EncryptedLogHeader { address }
     }
 
-    fn compute_ciphertext(self, secret: GrumpkinPrivateKey, point: Point) -> [u8; 48] {
+    fn compute_ciphertext(self, secret: Scalar, point: Point) -> [u8; 48] {
         let full_key = point_to_symmetric_key(secret, point);
         let mut sym_key = [0; 16];
         let mut iv = [0; 16];
@@ -32,9 +32,9 @@ impl EncryptedLogHeader {
 fn test_encrypted_log_header() {
     let address = AztecAddress::from_field(0xdeadbeef);
     let header = EncryptedLogHeader::new(address);
-    let secret = GrumpkinPrivateKey::new(
-        0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
-        0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd
+    let secret = Scalar::new(
+        0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
+        0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06
     );
     let point = Point::new(
         0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186,

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/incoming_body.nr
@@ -1,6 +1,6 @@
 use crate::note::note_interface::NoteInterface;
 use crate::event::event_interface::EventInterface;
-use dep::protocol_types::{grumpkin_private_key::GrumpkinPrivateKey, point::Point};
+use dep::protocol_types::{scalar::Scalar, point::Point};
 
 use std::aes128::aes128_encrypt;
 use crate::keys::point_to_symmetric_key::point_to_symmetric_key;
@@ -20,7 +20,7 @@ impl<M> EncryptedLogIncomingBody<M> {
         EncryptedLogIncomingBody { plaintext }
     }
 
-    pub fn compute_ciphertext(self, eph_sk: GrumpkinPrivateKey, ivpk_app: Point) -> [u8] {
+    pub fn compute_ciphertext(self, eph_sk: Scalar, ivpk_app: Point) -> [u8] {
         let full_key = point_to_symmetric_key(eph_sk, ivpk_app);
         let mut sym_key = [0; 16];
         let mut iv = [0; 16];
@@ -37,8 +37,7 @@ mod test {
     use crate::encrypted_logs::incoming_body::EncryptedLogIncomingBody;
     use dep::protocol_types::{
         address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER,
-        grumpkin_private_key::GrumpkinPrivateKey, point::Point, traits::Serialize,
-        abis::event_selector::EventSelector
+        scalar::Scalar, point::Point, traits::Serialize, abis::event_selector::EventSelector
     };
 
     use crate::{
@@ -119,9 +118,9 @@ mod test {
 
         let storage_slot = 2;
 
-        let eph_sk = GrumpkinPrivateKey::new(
-            0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
-            0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd
+        let eph_sk = Scalar::new(
+            0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
+            0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06
         );
         let ivpk_app = Point::new(
             0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186,
@@ -218,9 +217,9 @@ mod test {
     fn test_encrypted_log_event_incoming_body() {
         let test_event = TestEvent { value0: 1, value1: 2, value2: 3 };
 
-        let eph_sk = GrumpkinPrivateKey::new(
-            0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
-            0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd
+        let eph_sk = Scalar::new(
+            0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
+            0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06
         );
 
         let ivpk_app = Point::new(

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/outgoing_body.nr
@@ -1,32 +1,31 @@
 use dep::protocol_types::{
-    address::AztecAddress, grumpkin_private_key::GrumpkinPrivateKey, point::Point,
-    constants::GENERATOR_INDEX__SYMMETRIC_KEY, hash::poseidon2_hash
+    address::AztecAddress, scalar::Scalar, point::Point, constants::GENERATOR_INDEX__SYMMETRIC_KEY,
+    hash::poseidon2_hash
 };
 
 use std::aes128::aes128_encrypt;
 
 use crate::keys::point_to_symmetric_key::point_to_symmetric_key;
 
 struct EncryptedLogOutgoingBody {
-    eph_sk: GrumpkinPrivateKey,
+    eph_sk: Scalar,
     recipient: AztecAddress,
     recipient_ivpk_app: Point,
 }
 
 impl EncryptedLogOutgoingBody {
-    pub fn new(eph_sk: GrumpkinPrivateKey, recipient: AztecAddress, recipient_ivpk_app: Point) -> Self {
+    pub fn new(eph_sk: Scalar, recipient: AztecAddress, recipient_ivpk_app: Point) -> Self {
         Self { eph_sk, recipient, recipient_ivpk_app }
     }
 
-    pub fn compute_ciphertext(self, ovsk_app: GrumpkinPrivateKey, eph_pk: Point) -> [u8; 176] {
+    pub fn compute_ciphertext(self, ovsk_app: Scalar, eph_pk: Point) -> [u8; 176] {
         // Again, we could compute `eph_pk` here, but we keep the interface more similar
         // and also make it easier to optimise it later as we just pass it along
 
         let mut buffer: [u8; 160] = [0; 160];
 
-        let serialized_eph_sk: [Field; 2] = self.eph_sk.serialize();
-        let serialized_eph_sk_high = serialized_eph_sk[0].to_be_bytes(32);
-        let serialized_eph_sk_low = serialized_eph_sk[1].to_be_bytes(32);
+        let serialized_eph_sk_high = self.eph_sk.hi.to_be_bytes(32);
+        let serialized_eph_sk_low = self.eph_sk.lo.to_be_bytes(32);
 
         let address_bytes = self.recipient.to_field().to_be_bytes(32);
         let serialized_recipient_ivpk_app = self.recipient_ivpk_app.serialize();
@@ -44,7 +43,7 @@ impl EncryptedLogOutgoingBody {
         // We compute the symmetric key using poseidon.
         let full_key: [u8; 32] = poseidon2_hash(
             [
-            ovsk_app.high, ovsk_app.low, eph_pk.x, eph_pk.y,
+            ovsk_app.hi, ovsk_app.lo, eph_pk.x, eph_pk.y,
             GENERATOR_INDEX__SYMMETRIC_KEY as Field
         ]
         ).to_be_bytes(32).as_array();
@@ -64,24 +63,24 @@ mod test {
     use crate::encrypted_logs::outgoing_body::EncryptedLogOutgoingBody;
     use dep::protocol_types::{
         address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER,
-        grumpkin_private_key::GrumpkinPrivateKey, point::Point, hash::poseidon2_hash
+        scalar::Scalar, point::Point, hash::poseidon2_hash
     };
 
     use crate::context::PrivateContext;
 
     #[test]
     fn test_encrypted_log_outgoing_body() {
-        let eph_sk = GrumpkinPrivateKey::new(
-            0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb,
-            0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe
+        let eph_sk = Scalar::new(
+            0x00000000000000000000000000000000d0d302ee245dfaf2807e604eec4715fe,
+            0x000000000000000000000000000000000f096b423017226a18461115fa8d34bb
         );
-        let recipient_ivsk_app = GrumpkinPrivateKey::new(
-            0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31,
-            0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022
+        let recipient_ivsk_app = Scalar::new(
+            0x000000000000000000000000000000004828f8f95676ebb481df163f87fd4022,
+            0x000000000000000000000000000000000f4d97c25d578f9348251a71ca17ae31
         );
-        let sender_ovsk_app = GrumpkinPrivateKey::new(
-            0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048b,
-            0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444e
+        let sender_ovsk_app = Scalar::new(
+            0x0000000000000000000000000000000074d2e28c6bc5176ac02cf7c7d36a444e,
+            0x00000000000000000000000000000000089c6887cb1446d86c64e81afc78048b
         );
 
         let eph_pk = eph_sk.derive_public_key();

diff --git a/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr b/noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr
@@ -1,5 +1,5 @@
 use dep::protocol_types::{
-    address::AztecAddress, grumpkin_private_key::GrumpkinPrivateKey, point::{Point, pub_key_to_bytes},
+    address::AztecAddress, scalar::Scalar, point::{Point, pub_key_to_bytes},
     constants::{GENERATOR_INDEX__IVSK_M, GENERATOR_INDEX__OVSK_M}, hash::poseidon2_hash
 };
 
@@ -24,7 +24,7 @@ pub fn compute_encrypted_event_log<Event, NB, MB, OB>(
     event: Event
 ) -> [u8; OB] where Event: EventInterface<NB, MB> {
     // @todo Need to draw randomness from the full domain of Fq not only Fr
-    let eph_sk: GrumpkinPrivateKey = fr_to_private_key(unsafe_rand());
+    let eph_sk: Scalar = fr_to_fq(unsafe_rand());
     let eph_pk = eph_sk.derive_public_key();
 
     // TODO: (#7177) This value needs to be populated!
@@ -37,7 +37,7 @@ pub fn compute_encrypted_event_log<Event, NB, MB, OB>(
     let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ivpk);
     let outgoing_Header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk);
     let incoming_body_ciphertext = EncryptedLogIncomingBody::from_event(event, randomness).compute_ciphertext(eph_sk, ivpk_app);
-    let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_private_key(ovsk_app), eph_pk);
+    let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk);
 
     let mut encrypted_bytes: [u8; OB] = [0; OB];
     // @todo We ignore the tags for now 
@@ -81,7 +81,7 @@ pub fn compute_encrypted_note_log<Note, N, NB, M>(
     note: Note
 ) -> [u8; M] where Note: NoteInterface<N, NB> {
     // @todo Need to draw randomness from the full domain of Fq not only Fr
-    let eph_sk: GrumpkinPrivateKey = fr_to_private_key(unsafe_rand());
+    let eph_sk: Scalar = fr_to_fq(unsafe_rand());
     let eph_pk = eph_sk.derive_public_key();
 
     // TODO: (#7177) This value needs to be populated!
@@ -94,7 +94,7 @@ pub fn compute_encrypted_note_log<Note, N, NB, M>(
     let incoming_header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ivpk);
     let outgoing_Header_ciphertext: [u8; 48] = header.compute_ciphertext(eph_sk, ovpk);
     let incoming_body_ciphertext = EncryptedLogIncomingBody::from_note(note, storage_slot).compute_ciphertext(eph_sk, ivpk_app);
-    let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_private_key(ovsk_app), eph_pk);
+    let outgoing_body_ciphertext: [u8; 176] = EncryptedLogOutgoingBody::new(eph_sk, recipient, ivpk_app).compute_ciphertext(fr_to_fq(ovsk_app), eph_pk);
 
     let mut encrypted_bytes: [u8; M] = [0; M];
     // @todo We ignore the tags for now 
@@ -129,7 +129,9 @@ pub fn compute_encrypted_note_log<Note, N, NB, M>(
     encrypted_bytes
 }
 
-fn fr_to_private_key(r: Field) -> GrumpkinPrivateKey {
+/// Converts a base field elememt to scalar field element.
+/// This is fine because modulus of the base field is smaller than the modulus of the scalar field.
+fn fr_to_fq(r: Field) -> Scalar {
     let r_bytes = r.to_be_bytes(32);
 
     let mut high_bytes = [0; 32];
@@ -143,7 +145,7 @@ fn fr_to_private_key(r: Field) -> GrumpkinPrivateKey {
     let low = bytes32_to_field(low_bytes);
     let high = bytes32_to_field(high_bytes);
 
-    GrumpkinPrivateKey::new(high, low)
+    Scalar::new(low, high)
 }
 
 fn compute_ivpk_app(ivpk: Point, contract_address: AztecAddress) -> Point {
@@ -155,7 +157,7 @@ fn compute_ivpk_app(ivpk: Point, contract_address: AztecAddress) -> Point {
     // for example user could define ivpk = infinity using the registry
     assert((ivpk.x != 0) & (ivpk.y != 0), "ivpk is infinite");
 
-    let i = fr_to_private_key(poseidon2_hash([contract_address.to_field(), ivpk.x, ivpk.y, GENERATOR_INDEX__IVSK_M]));
+    let i = fr_to_fq(poseidon2_hash([contract_address.to_field(), ivpk.x, ivpk.y, GENERATOR_INDEX__IVSK_M]));
     let I = i.derive_public_key();
 
     let embed_I = Point { x: I.x, y: I.y, is_infinite: false };

diff --git a/noir-projects/aztec-nr/aztec/src/keys/point_to_symmetric_key.nr b/noir-projects/aztec-nr/aztec/src/keys/point_to_symmetric_key.nr
@@ -1,16 +1,13 @@
 use dep::protocol_types::{
-    constants::GENERATOR_INDEX__SYMMETRIC_KEY, grumpkin_private_key::GrumpkinPrivateKey,
-    point::{Point, pub_key_to_bytes}, utils::arr_copy_slice
+    constants::GENERATOR_INDEX__SYMMETRIC_KEY, scalar::Scalar, point::{Point, pub_key_to_bytes},
+    utils::arr_copy_slice
 };
-use std::{hash::sha256, embedded_curve_ops::{EmbeddedCurveScalar, multi_scalar_mul}};
+use std::{hash::sha256, embedded_curve_ops::multi_scalar_mul};
 
 // TODO(#5726): This function is called deriveAESSecret in TS. I don't like point_to_symmetric_key name much since
 // point is not the only input of the function. Unify naming with TS once we have a better name.
-pub fn point_to_symmetric_key(secret: GrumpkinPrivateKey, point: Point) -> [u8; 32] {
-    let shared_secret_fields = multi_scalar_mul(
-        [Point { x: point.x, y: point.y, is_infinite: false }],
-        [EmbeddedCurveScalar { lo: secret.low, hi: secret.high }]
-    );
+pub fn point_to_symmetric_key(secret: Scalar, point: Point) -> [u8; 32] {
+    let shared_secret_fields = multi_scalar_mul([point], [secret]);
     // TODO(https://github.com/AztecProtocol/aztec-packages/issues/6061): make the func return Point struct directly
     let shared_secret = pub_key_to_bytes(Point::new(shared_secret_fields[0], shared_secret_fields[1], false));
     let mut shared_secret_bytes_with_separator = [0 as u8; 65];
@@ -22,9 +19,9 @@ pub fn point_to_symmetric_key(secret: GrumpkinPrivateKey, point: Point) -> [u8;
 #[test]
 fn check_point_to_symmetric_key() {
     // Value taken from "derive shared secret" test in encrypt_buffer.test.ts
-    let secret = GrumpkinPrivateKey::new(
-        0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06,
-        0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd
+    let secret = Scalar::new(
+        0x00000000000000000000000000000000649e7ca01d9de27b21624098b897babd,
+        0x0000000000000000000000000000000023b3127c127b1f29a7adff5cccf8fb06
     );
     let point = Point::new(
         0x2688431c705a5ff3e6c6f2573c9e3ba1c1026d2251d0dbbf2d810aa53fd1d186,

diff --git a/noir-projects/noir-contracts/contracts/avm_test_contract/src/main.nr b/noir-projects/noir-contracts/contracts/avm_test_contract/src/main.nr
@@ -24,11 +24,11 @@ contract AvmTest {
     global big_field_136_bits: Field = 0x991234567890abcdef1234567890abcdef;
 
     // Libs
-    use std::embedded_curve_ops::{EmbeddedCurveScalar, multi_scalar_mul};
+    use std::embedded_curve_ops::multi_scalar_mul;
     use dep::aztec::protocol_types::constants::CONTRACT_INSTANCE_LENGTH;
     use dep::aztec::prelude::{Map, Deserialize};
     use dep::aztec::state_vars::PublicMutable;
-    use dep::aztec::protocol_types::{address::{AztecAddress, EthAddress}, constants::L1_TO_L2_MESSAGE_LENGTH, point::Point};
+    use dep::aztec::protocol_types::{address::{AztecAddress, EthAddress}, constants::L1_TO_L2_MESSAGE_LENGTH, point::Point, scalar::Scalar};
     use dep::aztec::oracle::get_contract_instance::{get_contract_instance_avm, get_contract_instance_internal_avm};
     use dep::aztec::protocol_types::abis::function_selector::FunctionSelector;
     use dep::aztec::context::gas::GasOpts;
@@ -147,8 +147,8 @@ contract AvmTest {
     #[aztec(public)]
     fn variable_base_msm() -> [Field; 3] {
         let g = Point { x: 1, y: 17631683881184975370165255887551781615748388533673675138860, is_infinite: false };
-        let scalar = EmbeddedCurveScalar { lo: 3, hi: 0 };
-        let scalar2 = EmbeddedCurveScalar { lo: 20, hi: 0 };
+        let scalar = Scalar { lo: 3, hi: 0 };
+        let scalar2 = Scalar { lo: 20, hi: 0 };
         let triple_g = multi_scalar_mul([g, g], [scalar, scalar2]);
         triple_g
     }

diff --git a/noir-projects/noir-contracts/contracts/private_token_contract/src/types/token_note.nr b/noir-projects/noir-contracts/contracts/private_token_contract/src/types/token_note.nr
@@ -1,11 +1,11 @@
 use dep::aztec::{
     prelude::{AztecAddress, NoteHeader, NoteInterface, PrivateContext},
-    protocol_types::{constants::GENERATOR_INDEX__NOTE_NULLIFIER, point::Point, hash::poseidon2_hash},
+    protocol_types::{constants::GENERATOR_INDEX__NOTE_NULLIFIER, point::Point, scalar::Scalar, hash::poseidon2_hash},
     note::utils::compute_note_hash_for_consumption, oracle::unsafe_rand::unsafe_rand,
     keys::getters::get_nsk_app, note::note_getter_options::PropertySelector
 };
 use dep::std::field::bn254::decompose;
-use dep::std::embedded_curve_ops::{EmbeddedCurveScalar, multi_scalar_mul, fixed_base_scalar_mul};
+use dep::std::embedded_curve_ops::multi_scalar_mul;
 
 trait OwnedNote {
     fn new(amount: U128, owner_npk_m_hash: Field) -> Self;
@@ -80,15 +80,15 @@ impl NoteInterface<TOKEN_NOTE_LEN, TOKEN_NOTE_BYTES_LEN> for TokenNote {
         // by leveraging homomorphism.
         multi_scalar_mul(
             [G1, G1, G1],
-            [EmbeddedCurveScalar {
+            [Scalar {
                 lo: self.amount.to_integer(),
                 hi: 0
             },
-            EmbeddedCurveScalar {
+            Scalar {
                 lo: npk_lo,
                 hi: npk_hi
             },
-            EmbeddedCurveScalar {
+            Scalar {
                 lo: random_lo,
                 hi: random_hi,
             }]
@@ -204,11 +204,11 @@ impl PrivatelyRefundable for TokenNote {
         // 2. Now that we have correct representationsn of fee payer and randomness we can compute `G ^ (fee_payer_npk + randomness)`
         let incomplete_fee_payer_point = multi_scalar_mul(
             [G1, G1],
-            [EmbeddedCurveScalar {
+            [Scalar {
                 lo: fee_payer_npk_m_hash_lo,
                 hi: fee_payer_npk_m_hash_hi
             },
-            EmbeddedCurveScalar {
+            Scalar {
                 lo: fee_payer_randomness_lo,
                 hi: fee_payer_randomness_hi
             }]
@@ -223,15 +223,15 @@ impl PrivatelyRefundable for TokenNote {
         // 4. We compute `G ^ (user_npk_m_hash + funded_amount + randomness)`
         let incomplete_user_point = multi_scalar_mul(
             [G1, G1, G1],
-            [EmbeddedCurveScalar {
+            [Scalar {
                 lo: user_lo,
                 hi: user_hi
             },
-            EmbeddedCurveScalar {
+            Scalar {
                 lo: funded_amount_lo,
                 hi: funded_amount_hi
             },
-            EmbeddedCurveScalar {
+            Scalar {
                 lo: user_randomness_lo,
                 hi: user_randomness_hi
             }]
@@ -256,7 +256,7 @@ impl PrivatelyRefundable for TokenNote {
         // 2. We compute the fee point as `G ^ transaction_fee`
         let fee_point_raw = multi_scalar_mul(
             [G1],
-            [EmbeddedCurveScalar {
+            [Scalar {
                 lo: transaction_fee_lo,
                 hi: transaction_fee_hi,
             }]