@aztec/stdlib 5.0.0-nightly.20260701 → 5.0.0-nightly.20260702

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dest/block/l2_block_source.d.ts +22 -2
  2. package/dest/block/l2_block_source.d.ts.map +1 -1
  3. package/dest/block/l2_block_source.js +10 -0
  4. package/dest/block/l2_block_stream/event_driven_l2_block_stream.d.ts +39 -0
  5. package/dest/block/l2_block_stream/event_driven_l2_block_stream.d.ts.map +1 -0
  6. package/dest/block/l2_block_stream/event_driven_l2_block_stream.js +165 -0
  7. package/dest/block/l2_block_stream/index.d.ts +2 -1
  8. package/dest/block/l2_block_stream/index.d.ts.map +1 -1
  9. package/dest/block/l2_block_stream/index.js +1 -0
  10. package/dest/block/l2_block_stream/interfaces.d.ts +16 -2
  11. package/dest/block/l2_block_stream/interfaces.d.ts.map +1 -1
  12. package/dest/block/l2_block_stream/interfaces.js +25 -1
  13. package/dest/block/l2_block_stream/l2_block_stream.d.ts +21 -35
  14. package/dest/block/l2_block_stream/l2_block_stream.d.ts.map +1 -1
  15. package/dest/block/l2_block_stream/l2_block_stream.js +5 -30
  16. package/dest/contract/contract_address.d.ts +3 -2
  17. package/dest/contract/contract_address.d.ts.map +1 -1
  18. package/dest/contract/partial_address.d.ts +9 -3
  19. package/dest/contract/partial_address.d.ts.map +1 -1
  20. package/dest/contract/partial_address.js +8 -2
  21. package/dest/interfaces/proving-job.d.ts +70 -70
  22. package/dest/keys/derivation.d.ts +31 -1
  23. package/dest/keys/derivation.d.ts.map +1 -1
  24. package/dest/keys/derivation.js +19 -11
  25. package/dest/logs/app_tagging_secret.d.ts +11 -8
  26. package/dest/logs/app_tagging_secret.d.ts.map +1 -1
  27. package/dest/logs/app_tagging_secret.js +14 -14
  28. package/dest/logs/shared_secret_derivation.d.ts +14 -7
  29. package/dest/logs/shared_secret_derivation.d.ts.map +1 -1
  30. package/dest/logs/shared_secret_derivation.js +16 -8
  31. package/package.json +8 -8
  32. package/src/block/l2_block_source.ts +41 -0
  33. package/src/block/l2_block_stream/event_driven_l2_block_stream.ts +207 -0
  34. package/src/block/l2_block_stream/index.ts +1 -0
  35. package/src/block/l2_block_stream/interfaces.ts +35 -1
  36. package/src/block/l2_block_stream/l2_block_stream.ts +35 -62
  37. package/src/contract/contract_address.ts +2 -1
  38. package/src/contract/partial_address.ts +8 -2
  39. package/src/keys/derivation.ts +38 -9
  40. package/src/logs/app_tagging_secret.ts +14 -10
  41. package/src/logs/shared_secret_derivation.ts +17 -10
@@ -1,7 +1,13 @@
1
1
  import type { Fr } from '@aztec/foundation/curves/bn254';
2
2
 
3
3
  /**
4
- * A type which along with public key forms a preimage of a contract address. See the link below for more details
5
- * https://github.com/AztecProtocol/aztec-packages/blob/master/docs/docs/concepts/foundation/accounts/keys.md#addresses-partial-addresses-and-public-keys
4
+ * The contract-side preimage of an Aztec address, i.e. the commitment to a specific contract instance.
5
+ *
6
+ * A partial address commits to a contract's code and initialization
7
+ * (`hash(contract_class_id, salted_initialization_hash)`) but not to its keys. Combined with an account's `PublicKeys`,
8
+ * it fully determines the address: `address = (hash(public_keys_hash, partial_address) * G + Ivpk_m).x`. Two accounts
9
+ * therefore share an address only if they share both their public keys and their partial address.
10
+ *
11
+ * See `computePartialAddress` for the derivation.
6
12
  */
7
13
  export type PartialAddress = Fr;
@@ -96,22 +96,51 @@ export function derivePublicKeyFromSecretKey(secretKey: Fq): Promise<PublicKey>
96
96
  return Grumpkin.mul(Grumpkin.generator, secretKey);
97
97
  }
98
98
 
99
+ /**
100
+ * The six master secret keys that fully define an account's privacy keys.
101
+ */
102
+ export type MasterSecretKeys = {
103
+ masterNullifierHidingKey: GrumpkinScalar;
104
+ masterIncomingViewingSecretKey: GrumpkinScalar;
105
+ masterOutgoingViewingSecretKey: GrumpkinScalar;
106
+ masterTaggingSecretKey: GrumpkinScalar;
107
+ masterMessageSigningSecretKey: GrumpkinScalar;
108
+ masterFallbackSecretKey: GrumpkinScalar;
109
+ };
110
+
99
111
  /**
100
112
  * Computes secret and public keys and public keys hash from a secret key.
101
113
  * @param secretKey - The secret key to derive keys from.
102
114
  * @returns The derived keys.
103
115
  */
104
- export async function deriveKeys(secretKey: Fr) {
116
+ export function deriveKeys(secretKey: Fr) {
105
117
  // First we derive master secret/hiding keys - we use sha512 here because this derivation will never take place
106
118
  // in a circuit
107
- const masterNullifierHidingKey = deriveMasterNullifierHidingKey(secretKey);
108
- const masterIncomingViewingSecretKey = deriveMasterIncomingViewingSecretKey(secretKey);
109
- const masterOutgoingViewingSecretKey = deriveMasterOutgoingViewingSecretKey(secretKey);
110
- const masterTaggingSecretKey = sha512ToGrumpkinScalar([secretKey, DomainSeparator.TSK_M]);
111
- const masterMessageSigningSecretKey = deriveMasterMessageSigningSecretKey(secretKey);
112
- const masterFallbackSecretKey = deriveMasterFallbackSecretKey(secretKey);
113
-
114
- // Then we derive master public keys
119
+ return deriveKeysFromMasterSecretKeys({
120
+ masterNullifierHidingKey: deriveMasterNullifierHidingKey(secretKey),
121
+ masterIncomingViewingSecretKey: deriveMasterIncomingViewingSecretKey(secretKey),
122
+ masterOutgoingViewingSecretKey: deriveMasterOutgoingViewingSecretKey(secretKey),
123
+ masterTaggingSecretKey: sha512ToGrumpkinScalar([secretKey, DomainSeparator.TSK_M]),
124
+ masterMessageSigningSecretKey: deriveMasterMessageSigningSecretKey(secretKey),
125
+ masterFallbackSecretKey: deriveMasterFallbackSecretKey(secretKey),
126
+ });
127
+ }
128
+
129
+ /**
130
+ * Derives the master public keys and the {@link PublicKeys} struct from a set of master secret keys.
131
+ * @param secretKeys - The master secret keys to derive public keys from.
132
+ * @returns The provided secret keys alongside the derived public keys.
133
+ */
134
+ export async function deriveKeysFromMasterSecretKeys(secretKeys: MasterSecretKeys) {
135
+ const {
136
+ masterNullifierHidingKey,
137
+ masterIncomingViewingSecretKey,
138
+ masterOutgoingViewingSecretKey,
139
+ masterTaggingSecretKey,
140
+ masterMessageSigningSecretKey,
141
+ masterFallbackSecretKey,
142
+ } = secretKeys;
143
+
115
144
  const masterNullifierPublicKey = await derivePublicKeyFromSecretKey(masterNullifierHidingKey);
116
145
  const masterIncomingViewingPublicKey = await derivePublicKeyFromSecretKey(masterIncomingViewingSecretKey);
117
146
  const masterOutgoingViewingPublicKey = await derivePublicKeyFromSecretKey(masterOutgoingViewingSecretKey);
@@ -9,6 +9,7 @@ import { AztecAddress } from '../aztec-address/index.js';
9
9
  import type { CompleteAddress } from '../contract/complete_address.js';
10
10
  import { computeAddressSecret, computePreaddress } from '../keys/derivation.js';
11
11
  import { AppTaggingSecretKind } from './app_tagging_secret_kind.js';
12
+ import { appSiloEcdhSharedSecretPoint } from './shared_secret_derivation.js';
12
13
 
13
14
  const AppTaggingSecretKindSchema = z.union([
14
15
  z.literal(AppTaggingSecretKind.UNCONSTRAINED),
@@ -32,32 +33,35 @@ export class AppTaggingSecret {
32
33
  /**
33
34
  * Derives an app-siloed, recipient-directional tagging secret from a shared tagging secret point.
34
35
  *
36
+ * App-silos the point via {@link appSiloEcdhSharedSecretPoint}, then directs the result to `recipient`:
37
+ * `h([s_app, recipient])`. The directional step stops a symmetric shared secret (ECDH against an address, or an
38
+ * arbitrary registered point) from colliding bidirectionally, so two parties never share a tag sequence.
39
+ *
35
40
  * The point is obtained either via {@link computeSharedTaggingSecret} (an ECDH key exchange against a sender) or
36
- * registered directly as a pre-shared secret. Each secret point yields a distinct tagging secret per (app, recipient)
37
- * pair.
41
+ * registered directly as a pre-shared secret.
38
42
  *
39
43
  * @param taggingSecretPoint - The shared tagging secret point (ECDH output, or a directly registered pre-shared secret)
40
44
  * @param app - Contract address to silo the secret to
41
45
  * @param recipient - Recipient of the log. Defines the "direction of the secret".
42
46
  * @returns The secret that can be used along with an index to compute a tag to be included in a log.
43
47
  */
44
- static async compute(
48
+ static async computeDirectional(
45
49
  taggingSecretPoint: Point,
46
50
  app: AztecAddress,
47
51
  recipient: AztecAddress,
48
52
  ): Promise<AppTaggingSecret> {
49
- const appTaggingSecret = await poseidon2Hash([taggingSecretPoint.x, taggingSecretPoint.y, app]);
50
- const directionalAppTaggingSecret = await poseidon2Hash([appTaggingSecret, recipient]);
53
+ const appSiloedSecret = await appSiloEcdhSharedSecretPoint(taggingSecretPoint, app);
54
+ const directionalAppTaggingSecret = await poseidon2Hash([appSiloedSecret, recipient]);
51
55
 
52
56
  return new AppTaggingSecret(directionalAppTaggingSecret, app);
53
57
  }
54
58
 
55
59
  /**
56
- * Derives the unconstrained tagging secret for `(externalAddress, recipient, app)` by performing the ECDH key
57
- * exchange against `externalAddress` and then siloing and directing the result. Returns undefined if
58
- * `externalAddress` is not a valid address.
60
+ * Derives the tagging secret for `(externalAddress, recipient, app)` by performing an ECDH key exchange against
61
+ * `externalAddress` to obtain the shared point, then siloing and directing it via {@link computeDirectional}.
62
+ * Returns undefined if `externalAddress` is not a valid address.
59
63
  */
60
- static async computeUnconstrained(
64
+ static async computeViaEcdh(
61
65
  localAddress: CompleteAddress,
62
66
  localIvsk: Fq,
63
67
  externalAddress: AztecAddress,
@@ -69,7 +73,7 @@ export class AppTaggingSecret {
69
73
  return undefined;
70
74
  }
71
75
 
72
- return AppTaggingSecret.compute(taggingSecretPoint, app, recipient);
76
+ return AppTaggingSecret.computeDirectional(taggingSecretPoint, app, recipient);
73
77
  }
74
78
 
75
79
  toString(): string {
@@ -2,16 +2,14 @@ import { DomainSeparator } from '@aztec/constants';
2
2
  import { Grumpkin } from '@aztec/foundation/crypto/grumpkin';
3
3
  import { poseidon2HashWithSeparator } from '@aztec/foundation/crypto/poseidon';
4
4
  import type { Fr } from '@aztec/foundation/curves/bn254';
5
- import type { GrumpkinScalar } from '@aztec/foundation/curves/grumpkin';
5
+ import type { GrumpkinScalar, Point } from '@aztec/foundation/curves/grumpkin';
6
6
 
7
7
  import type { AztecAddress } from '../aztec-address/index.js';
8
8
  import type { PublicKey } from '../keys/public_key.js';
9
9
 
10
10
  /**
11
- * Derives an app-siloed ECDH shared secret.
12
- *
13
- * Computes the raw ECDH shared secret `S = secretKey * publicKey`, then app-silos it:
14
- * `s_app = h(DOM_SEP__APP_SILOED_ECDH_SHARED_SECRET, S.x, S.y, contractAddress)`
11
+ * Derives an app-siloed ECDH shared secret from keys: ECDHs `S = secretKey * publicKey`, then app-silos it via
12
+ * {@link appSiloEcdhSharedSecretPoint}.
15
13
  *
16
14
  * @param secretKey - The secret key used to derive shared secret.
17
15
  * @param publicKey - The public key used to derive shared secret.
@@ -19,7 +17,7 @@ import type { PublicKey } from '../keys/public_key.js';
19
17
  * @returns The app-siloed shared secret as a Field.
20
18
  * @throws If the publicKey is zero.
21
19
  */
22
- export async function deriveAppSiloedSharedSecret(
20
+ export async function appSiloEcdhSharedSecret(
23
21
  secretKey: GrumpkinScalar,
24
22
  publicKey: PublicKey,
25
23
  contractAddress: AztecAddress,
@@ -30,8 +28,17 @@ export async function deriveAppSiloedSharedSecret(
30
28
  );
31
29
  }
32
30
  const rawSharedSecret = await Grumpkin.mul(publicKey, secretKey);
33
- return poseidon2HashWithSeparator(
34
- [rawSharedSecret.x, rawSharedSecret.y, contractAddress],
35
- DomainSeparator.APP_SILOED_ECDH_SHARED_SECRET,
36
- );
31
+ return appSiloEcdhSharedSecretPoint(rawSharedSecret, contractAddress);
32
+ }
33
+
34
+ /**
35
+ * App-silos a shared secret point: `s_app = h(DOM_SEP__APP_SILOED_ECDH_SHARED_SECRET, S.x, S.y, app)`.
36
+ *
37
+ * Mirrors `compute_app_siloed_shared_secret` in aztec-nr.
38
+ *
39
+ * @param point - The raw shared secret point `S`.
40
+ * @param app - The contract address to silo to.
41
+ */
42
+ export function appSiloEcdhSharedSecretPoint(point: Point, app: AztecAddress): Promise<Fr> {
43
+ return poseidon2HashWithSeparator([point.x, point.y, app], DomainSeparator.APP_SILOED_ECDH_SHARED_SECRET);
37
44
  }