@aztec/stdlib 3.0.0-nightly.20251015 → 3.0.0-nightly.20251022

package/src/p2p/block_attestation.ts

@@ -1,5 +1,5 @@
 import { Buffer32 } from '@aztec/foundation/buffer';
-import { keccak256, recoverAddress } from '@aztec/foundation/crypto';
+import { keccak256, tryRecoverAddress } from '@aztec/foundation/crypto';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import { Signature } from '@aztec/foundation/eth-signature';
 import { Fr } from '@aztec/foundation/fields';
@@ -30,6 +30,7 @@ export class BlockAttestation extends Gossipable {
   static override p2pTopic = TopicType.block_attestation;
 
   private sender: EthAddress | undefined;
+  private proposer: EthAddress | undefined;
 
   constructor(
     /** The block number of the attestation. */
@@ -40,6 +41,9 @@ export class BlockAttestation extends Gossipable {
 
     /** The signature of the block attester */
     public readonly signature: Signature,
+
+    /** The signature from the block proposer */
+    public readonly proposerSignature: Signature,
   ) {
     super();
   }
@@ -50,8 +54,9 @@ export class BlockAttestation extends Gossipable {
         blockNumber: schemas.UInt32,
         payload: ConsensusPayload.schema,
         signature: Signature.schema,
+        proposerSignature: Signature.schema,
       })
-      .transform(obj => new BlockAttestation(obj.blockNumber, obj.payload, obj.signature));
+      .transform(obj => new BlockAttestation(obj.blockNumber, obj.payload, obj.signature, obj.proposerSignature));
   }
 
   override generateP2PMessageIdentifier(): Promise<Buffer32> {
@@ -68,41 +73,75 @@ export class BlockAttestation extends Gossipable {
 
   /**
    * Lazily evaluate and cache the signer of the attestation
-   * @returns The signer of the attestation
+   * @returns The signer of the attestation, or undefined if signature recovery fails
    */
-  getSender(): EthAddress {
+  getSender(): EthAddress | undefined {
     if (!this.sender) {
       // Recover the sender from the attestation
       const hashed = getHashedSignaturePayloadEthSignedMessage(this.payload, SignatureDomainSeparator.blockAttestation);
       // Cache the sender for later use
-      this.sender = recoverAddress(hashed, this.signature);
+      this.sender = tryRecoverAddress(hashed, this.signature);
     }
 
     return this.sender;
   }
 
+  /**
+   * Lazily evaluate and cache the proposer of the block
+   * @returns The proposer of the block
+   */
+  getProposer(): EthAddress {
+    if (!this.proposer) {
+      // Recover the proposer from the proposal signature
+      const hashed = getHashedSignaturePayloadEthSignedMessage(this.payload, SignatureDomainSeparator.blockProposal);
+      // Cache the proposer for later use
+      this.proposer = tryRecoverAddress(hashed, this.proposerSignature)!;
+    }
+
+    return this.proposer;
+  }
+
   getPayload(): Buffer {
     return this.payload.getPayloadToSign(SignatureDomainSeparator.blockAttestation);
   }
 
   toBuffer(): Buffer {
-    return serializeToBuffer([this.blockNumber, this.payload, this.signature]);
+    return serializeToBuffer([this.blockNumber, this.payload, this.signature, this.proposerSignature]);
   }
 
   static fromBuffer(buf: Buffer | BufferReader): BlockAttestation {
     const reader = BufferReader.asReader(buf);
-    return new BlockAttestation(reader.readNumber(), reader.readObject(ConsensusPayload), reader.readObject(Signature));
+    return new BlockAttestation(
+      reader.readNumber(),
+      reader.readObject(ConsensusPayload),
+      reader.readObject(Signature),
+      reader.readObject(Signature),
+    );
   }
 
   static empty(): BlockAttestation {
-    return new BlockAttestation(0, ConsensusPayload.empty(), Signature.empty());
+    return new BlockAttestation(0, ConsensusPayload.empty(), Signature.empty(), Signature.empty());
   }
 
   static random(): BlockAttestation {
-    return new BlockAttestation(Math.floor(Math.random() * 1000) + 1, ConsensusPayload.random(), Signature.random());
+    return new BlockAttestation(
+      Math.floor(Math.random() * 1000) + 1,
+      ConsensusPayload.random(),
+      Signature.random(),
+      Signature.random(),
+    );
   }
 
   getSize(): number {
-    return 4 /* blockNumber */ + this.payload.getSize() + this.signature.getSize();
+    return 4 /* blockNumber */ + this.payload.getSize() + this.signature.getSize() + this.proposerSignature.getSize();
+  }
+
+  toInspect() {
+    return {
+      blockNumber: this.blockNumber,
+      payload: this.payload.toInspect(),
+      signature: this.signature.toString(),
+      proposerSignature: this.proposerSignature.toString(),
+    };
   }
 }

package/src/p2p/block_proposal.ts

@@ -1,5 +1,5 @@
 import { Buffer32 } from '@aztec/foundation/buffer';
-import { keccak256, recoverAddress } from '@aztec/foundation/crypto';
+import { keccak256, tryRecoverAddress } from '@aztec/foundation/crypto';
 import type { EthAddress } from '@aztec/foundation/eth-address';
 import { Signature } from '@aztec/foundation/eth-signature';
 import { Fr } from '@aztec/foundation/fields';
@@ -100,12 +100,13 @@ export class BlockProposal extends Gossipable {
 
   /**Get Sender
    * Lazily evaluate the sender of the proposal; result is cached
+   * @returns The sender address, or undefined if signature recovery fails
    */
-  getSender() {
+  getSender(): EthAddress | undefined {
     if (!this.sender) {
       const hashed = getHashedSignaturePayloadEthSignedMessage(this.payload, SignatureDomainSeparator.blockProposal);
       // Cache the sender for later use
-      this.sender = recoverAddress(hashed, this.signature);
+      this.sender = tryRecoverAddress(hashed, this.signature);
     }
 
     return this.sender;

package/src/tests/mocks.ts

@@ -246,6 +246,8 @@ export const randomDeployedContract = async () => {
 
 export interface MakeConsensusPayloadOptions {
   signer?: Secp256k1Signer;
+  attesterSigner?: Secp256k1Signer;
+  proposerSigner?: Secp256k1Signer;
   header?: L2BlockHeader;
   archive?: Fr;
   stateReference?: StateReference;
@@ -294,21 +296,58 @@ export const makeBlockProposal = (options?: MakeConsensusPayloadOptions): BlockP
 
 // TODO(https://github.com/AztecProtocol/aztec-packages/issues/8028)
 export const makeBlockAttestation = (options?: MakeConsensusPayloadOptions): BlockAttestation => {
-  const { blockNumber, payload, signature } = makeAndSignConsensusPayload(
-    SignatureDomainSeparator.blockAttestation,
-    options,
-  );
-  return new BlockAttestation(blockNumber, payload, signature);
+  const header = options?.header ?? makeL2BlockHeader(1);
+  const {
+    signer,
+    attesterSigner = signer ?? Secp256k1Signer.random(),
+    proposerSigner = signer ?? Secp256k1Signer.random(),
+    archive = Fr.random(),
+    stateReference = header.state,
+  } = options ?? {};
+
+  const payload = ConsensusPayload.fromFields({
+    header: header.toCheckpointHeader(),
+    archive,
+    stateReference,
+  });
+
+  // Sign as attester
+  const attestationHash = getHashedSignaturePayloadEthSignedMessage(payload, SignatureDomainSeparator.blockAttestation);
+  const attestationSignature = attesterSigner.sign(attestationHash);
+
+  // Sign as proposer
+  const proposalHash = getHashedSignaturePayloadEthSignedMessage(payload, SignatureDomainSeparator.blockProposal);
+  const proposerSignature = proposerSigner.sign(proposalHash);
+
+  return new BlockAttestation(header.globalVariables.blockNumber, payload, attestationSignature, proposerSignature);
 };
 
-export const makeBlockAttestationFromBlock = (block: L2Block, signer?: Secp256k1Signer): BlockAttestation => {
-  return makeBlockAttestation({
-    signer,
-    header: block.header,
-    archive: block.archive.root,
-    stateReference: block.header.state,
-    txHashes: block.body.txEffects.map(tx => tx.txHash),
+export const makeBlockAttestationFromBlock = (
+  block: L2Block,
+  attesterSigner?: Secp256k1Signer,
+  proposerSigner?: Secp256k1Signer,
+): BlockAttestation => {
+  const header = block.header;
+  const archive = block.archive.root;
+  const stateReference = block.header.state;
+
+  const payload = ConsensusPayload.fromFields({
+    header: header.toCheckpointHeader(),
+    archive,
+    stateReference,
   });
+
+  // Sign as attester
+  const attestationHash = getHashedSignaturePayloadEthSignedMessage(payload, SignatureDomainSeparator.blockAttestation);
+  const attestationSigner = attesterSigner ?? Secp256k1Signer.random();
+  const attestationSignature = attestationSigner.sign(attestationHash);
+
+  // Sign as proposer
+  const proposalHash = getHashedSignaturePayloadEthSignedMessage(payload, SignatureDomainSeparator.blockProposal);
+  const proposalSignerToUse = proposerSigner ?? Secp256k1Signer.random();
+  const proposerSignature = proposalSignerToUse.sign(proposalHash);
+
+  return new BlockAttestation(header.globalVariables.blockNumber, payload, attestationSignature, proposerSignature);
 };
 
 export async function randomPublishedL2Block(

package/src/tx/private_execution_result.ts

@@ -10,7 +10,7 @@ import { PrivateCircuitPublicInputs } from '../kernel/private_circuit_public_inp
 import type { IsEmpty } from '../kernel/utils/interfaces.js';
 import { sortByCounter } from '../kernel/utils/order_and_comparison.js';
 import { ContractClassLog, ContractClassLogFields } from '../logs/contract_class_log.js';
-import { type IndexedTaggingSecret, IndexedTaggingSecretSchema } from '../logs/indexed_tagging_secret.js';
+import { type PreTag, PreTagSchema } from '../logs/pre_tag.js';
 import { Note } from '../note/note.js';
 import { type ZodFor, mapSchema, schemas } from '../schemas/index.js';
 import type { UInt32 } from '../types/index.js';
@@ -136,8 +136,8 @@ export class PrivateCallExecutionResult {
     public returnValues: Fr[],
     /** The offchain effects emitted during execution of this function call via the `emit_offchain_effect` oracle. */
     public offchainEffects: { data: Fr[] }[],
-    /** The tagging indexes incremented by this execution along with the directional app tagging secrets. */
-    public indexedTaggingSecrets: IndexedTaggingSecret[],
+    /** The pre tags used in this tx to compute tags for private logs */
+    public preTags: PreTag[],
     /** The nested executions. */
     public nestedExecutionResults: PrivateCallExecutionResult[],
     /**
@@ -161,7 +161,7 @@ export class PrivateCallExecutionResult {
         noteHashNullifierCounterMap: mapSchema(z.coerce.number(), z.number()),
         returnValues: z.array(schemas.Fr),
         offchainEffects: z.array(z.object({ data: z.array(schemas.Fr) })),
-        indexedTaggingSecrets: z.array(IndexedTaggingSecretSchema),
+        preTags: z.array(PreTagSchema),
         nestedExecutionResults: z.array(z.lazy(() => PrivateCallExecutionResult.schema)),
         contractClassLogs: z.array(CountedContractClassLog.schema),
       })
@@ -179,7 +179,7 @@ export class PrivateCallExecutionResult {
       fields.noteHashNullifierCounterMap,
       fields.returnValues,
       fields.offchainEffects,
-      fields.indexedTaggingSecrets,
+      fields.preTags,
       fields.nestedExecutionResults,
       fields.contractClassLogs,
     );

package/src/tx/tx.ts

@@ -161,6 +161,16 @@ export class Tx extends Gossipable {
     );
   }
 
+  /**
+   * Validates that the tx hash matches the computed hash from the tx data.
+   * This should be called when deserializing a tx from an untrusted source.
+   * @returns true if the hash is valid, false otherwise
+   */
+  async validateTxHash(): Promise<boolean> {
+    const expectedHash = await Tx.computeTxHash(this);
+    return this.txHash.equals(expectedHash);
+  }
+
   /**
    * Gets public logs emitted by this tx.
    * @param logsSource - An instance of `L2LogsSource` which can be used to obtain the logs.

package/src/versioning/versioning.ts

@@ -117,11 +117,16 @@ export function validatePartialComponentVersionsMatch(
 /** Returns a Koa middleware that injects the versioning info as headers. */
 export function getVersioningMiddleware(versions: Partial<ComponentsVersions>) {
   return async (ctx: Koa.Context, next: () => Promise<void>) => {
-    await next();
-    for (const key in versions) {
-      const value = versions[key as keyof ComponentsVersions];
-      if (value !== undefined) {
-        ctx.set(`x-aztec-${key}`, value.toString());
+    try {
+      await next();
+    } finally {
+      // Always add version headers, even if there was an error
+      // This allows the client to detect version mismatches before processing other errors
+      for (const key in versions) {
+        const value = versions[key as keyof ComponentsVersions];
+        if (value !== undefined) {
+          ctx.set(`x-aztec-${key}`, value.toString());
+        }
       }
     }
   };

package/src/zkpassport/index.ts

@@ -5,15 +5,21 @@ import { BufferReader, serializeToBuffer } from '@aztec/foundation/serialize';
 import { withoutHexPrefix } from '@aztec/foundation/string';
 
 export type ViemZkPassportProofParams = {
-  vkeyHash: `0x${string}`;
-  proof: `0x${string}`;
-  publicInputs: `0x${string}`[];
-  committedInputs: `0x${string}`;
-  committedInputCounts: bigint[];
-  validityPeriodInSeconds: bigint;
-  domain: string;
-  scope: string;
-  devMode: boolean;
+  proofVerificationData: {
+    vkeyHash: `0x${string}`;
+    proof: `0x${string}`;
+    publicInputs: `0x${string}`[];
+  };
+  commitments: {
+    committedInputs: `0x${string}`;
+    committedInputCounts: bigint[];
+  };
+  serviceConfig: {
+    validityPeriodInSeconds: bigint;
+    domain: string;
+    scope: string;
+    devMode: boolean;
+  };
 };
 
 // NOTE: Must match the ZkPassportProofParams struct in the zkpassport verifier contract
@@ -64,7 +70,7 @@ export class ZkPassportProofParams {
       publicInputs,
       committedInputs,
       committedInputCounts,
-      BigInt(100 * 60 * 60 * 24),
+      BigInt(7 * 24 * 60 * 60), // 7 days
       'sequencer.alpha-testnet.aztec.network',
       'personhood',
     );
@@ -87,29 +93,35 @@ export class ZkPassportProofParams {
 
   static fromViem(params: ViemZkPassportProofParams) {
     return new ZkPassportProofParams(
-      params.devMode,
-      Buffer32.fromString(params.vkeyHash),
-      Buffer.from(withoutHexPrefix(params.proof), 'hex'),
-      params.publicInputs.map(input => Fr.fromString(input)),
-      Buffer.from(withoutHexPrefix(params.committedInputs), 'hex'),
-      params.committedInputCounts,
-      params.validityPeriodInSeconds,
-      params.domain,
-      params.scope,
+      params.serviceConfig.devMode,
+      Buffer32.fromString(params.proofVerificationData.vkeyHash),
+      Buffer.from(withoutHexPrefix(params.proofVerificationData.proof), 'hex'),
+      params.proofVerificationData.publicInputs.map(input => Fr.fromString(input)),
+      Buffer.from(withoutHexPrefix(params.commitments.committedInputs), 'hex'),
+      params.commitments.committedInputCounts,
+      params.serviceConfig.validityPeriodInSeconds,
+      params.serviceConfig.domain,
+      params.serviceConfig.scope,
     );
   }
 
   toViem(): ViemZkPassportProofParams {
     return {
-      devMode: this.devMode,
-      vkeyHash: this.vkeyHash.toString(),
-      proof: `0x${this.proof.toString('hex')}`,
-      publicInputs: this.publicInputs.map(input => input.toString()),
-      committedInputs: `0x${this.committedInputs.toString('hex')}`,
-      committedInputCounts: this.committedInputCounts,
-      validityPeriodInSeconds: this.validityPeriodInSeconds,
-      domain: this.domain,
-      scope: this.scope,
+      serviceConfig: {
+        devMode: this.devMode,
+        validityPeriodInSeconds: this.validityPeriodInSeconds,
+        domain: this.domain,
+        scope: this.scope,
+      },
+      proofVerificationData: {
+        vkeyHash: this.vkeyHash.toString(),
+        proof: `0x${this.proof.toString('hex')}`,
+        publicInputs: this.publicInputs.map(input => input.toString()),
+      },
+      commitments: {
+        committedInputs: `0x${this.committedInputs.toString('hex')}`,
+        committedInputCounts: this.committedInputCounts,
+      },
     };
   }
 }

package/dest/logs/indexed_tagging_secret.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"indexed_tagging_secret.d.ts","sourceRoot":"","sources":["../../src/logs/indexed_tagging_secret.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,KAAK,2BAA2B,EAEjC,MAAM,qCAAqC,CAAC;AAE7C;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,MAAM,EAAE,2BAA2B,CAAC;IACpC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;EAGrC,CAAC"}