@inco/lightning 0.9.0-devnet-test-10 → 0.10.0-devnet-2

package/src/lightning-parts/primitives/EListHandleGeneration.sol

@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {ETypes, EOps, HANDLE_VERSION, SEP_ELIST_OP_RESULT} from "../../Types.sol";
+import {HandleGeneration} from "./HandleGeneration.sol";
+import {EListHandleMetadata} from "./EListHandleMetadata.sol";
+
+/// @title EListHandleGeneration
+/// @notice Generates deterministic handles for encrypted list operations
+/// @dev Extends the base HandleGeneration with list-specific handle creation.
+///      List handles incorporate additional metadata:
+///      - List length (number of elements)
+///      - Element type (encrypted type of individual elements)
+///      - List marker (ETypes.List to identify as a list)
+///
+///      The handle is derived from:
+///      - The operation type (EOps.NewEList for list creation)
+///      - The packed input handles (for lists created from existing handles)
+contract EListHandleGeneration is HandleGeneration, EListHandleMetadata {
+
+    /// @notice Creates a handle for a list operation result
+    /// @dev Generates a deterministic handle by hashing the operation and inputs,
+    ///      then embedding list metadata (length, element type, list marker, version).
+    /// @param op The operation that produced this list (e.g., NewEList, Slice)
+    /// @param listType The encrypted type of individual list elements (euint8, euint64, etc.)
+    /// @param len The number of elements in the resulting list
+    /// @param packedInputs ABI-packed representation of the input handles
+    /// @return result The deterministic handle for this list
+    function createListResultHandle(EOps op, ETypes listType, uint16 len, bytes memory packedInputs)
+        internal
+        pure
+        returns (bytes32 result)
+    {
+        // Bind HANDLE_VERSION, listType (element type) and len into the preimage so the elist
+        // metadata stamped into bytes 27-29 is cryptographically committed, not just appended.
+        bytes32 baseHandle =
+            keccak256(abi.encodePacked(SEP_ELIST_OP_RESULT, HANDLE_VERSION, listType, len, op, packedInputs));
+        baseHandle = embedListLength(baseHandle, len);
+        baseHandle = embedListType(baseHandle, listType);
+        result = embedTypeVersion(baseHandle, ETypes.List);
+    }
+
+    /// @notice Creates a handle for a new list composed from individual encrypted handles
+    /// @dev This is the primary entry point for creating lists from existing encrypted values.
+    ///      The handle is deterministically derived from the input handles, ensuring the same
+    ///      inputs always produce the same list handle.
+    /// @param handles Array of encrypted value handles to combine into a list
+    /// @param listType The encrypted type of all elements (must be uniform)
+    /// @return newHandle The deterministic handle for the new list
+    function createListInputHandle(bytes32[] memory handles, ETypes listType)
+        internal
+        pure
+        returns (bytes32 newHandle)
+    {
+        newHandle = createListResultHandle(
+            EOps.NewEList,
+            listType,
+            uint16(handles.length),
+            abi.encodePacked(
+                //Since we're only dealing with handles, it should be sufficient to treat this operation as an operand on handles.
+                handles
+            )
+        );
+    }
+
+}

package/src/lightning-parts/primitives/EListHandleMetadata.sol

@@ -0,0 +1,67 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {ETypes} from "../../Types.sol";
+import {IEListHandleMetadata} from "./interfaces/IEListHandleMetadata.sol";
+
+/// @title EListHandleMetadata
+/// @notice Utilities for embedding and extracting metadata from encrypted list handles
+/// @dev Encrypted lists have additional metadata compared to scalar handles:
+///      Handle structure (32 bytes / 256 bits):
+///      - Bytes 0-26: Handle-specific data (hash, counters, etc.)
+///      - Bytes 27-28: List length (uint16, max 65535 elements)
+///      - Byte 29: Element type (ETypes enum value for individual elements)
+///      - Byte 30: List type marker (identifies this as a list handle)
+///      - Byte 31: Handle version
+///
+///      This allows efficient extraction of list metadata without external calls.
+contract EListHandleMetadata is IEListHandleMetadata {
+
+    /// @notice Thrown when a handle contains an element type value outside the valid ETypes enum range.
+    /// @param raw The raw uint8 value extracted from the handle.
+    error InvalidListTypeValue(uint8 raw);
+
+    /// @notice Embeds the list length into a list handle
+    /// @dev Sets bytes 27-28 of the handle to the list length.
+    ///      Clears existing length bits before setting new value.
+    /// @param prehandle The 32-byte handle before length embedding
+    /// @param len The number of elements in the list (max 65535)
+    /// @return result The handle with embedded list length
+    function embedListLength(bytes32 prehandle, uint16 len) internal pure returns (bytes32 result) {
+        // 27 and 28 bits are used for the list length
+        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffff0000ffffff;
+        result = bytes32(uint256(result) | (uint256(len) << 24)); // append length
+    }
+
+    /// @notice Extracts the list length from a list handle
+    /// @dev Reads bytes 27-28 of the handle as a uint16
+    /// @param handle The encrypted list handle to inspect
+    /// @return The number of elements in the list
+    function lengthOf(bytes32 handle) public pure returns (uint16) {
+        return uint16(uint256(handle) >> 24);
+    }
+
+    /// @notice Embeds the element type into a list handle
+    /// @dev Sets byte 29 of the handle to the element type.
+    ///      This indicates the encrypted type of individual elements (euint8, euint64, etc.).
+    /// @param prehandle The 32-byte handle before type embedding
+    /// @param listType The encrypted type of list elements
+    /// @return result The handle with embedded element type
+    function embedListType(bytes32 prehandle, ETypes listType) internal pure returns (bytes32 result) {
+        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00ffff;
+        result = bytes32(uint256(result) | (uint256(listType) << 16)); // append element type
+    }
+
+    /// @notice Extracts the element type from a list handle
+    /// @dev Reads byte 29 of the handle and casts to ETypes enum.
+    ///      This is the type of individual elements, not the list container type.
+    ///      Reverts with InvalidListTypeValue if the raw byte exceeds the valid ETypes range.
+    /// @param handle The encrypted list handle to inspect
+    /// @return The encrypted type of list elements (ebool, euint160, euint256, etc.)
+    function listTypeOf(bytes32 handle) internal pure returns (ETypes) {
+        uint8 raw = uint8(uint256(handle) >> 16);
+        require(raw <= uint8(type(ETypes).max), InvalidListTypeValue(raw));
+        return ETypes(raw);
+    }
+
+}

package/src/lightning-parts/primitives/HandleGeneration.sol

@@ -1,7 +1,16 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {ETypes, EOps, EVM_HOST_CHAIN_PREFIX, HANDLE_INDEX} from "../../Types.sol";
+import {
+    ETypes,
+    EOps,
+    EVM_HOST_CHAIN_PREFIX,
+    HANDLE_INDEX,
+    HANDLE_VERSION,
+    SEP_INPUT_PREHANDLE,
+    SEP_INPUT_HANDLE,
+    SEP_OP_RESULT
+} from "../../Types.sol";
 import {HandleMetadata} from "./HandleMetadata.sol";
 import {IHandleGeneration} from "./interfaces/IHandleGeneration.sol";
 
@@ -24,7 +33,12 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         pure
         returns (bytes32 generatedHandle)
     {
-        generatedHandle = keccak256(abi.encodePacked(EOps.TrivialEncrypt, plaintextBytes));
+        // Trivial encrypt shares the op-result domain — uniqueness within the family is guaranteed
+        // by EOps.TrivialEncrypt's unique op byte, and the DS prefix prevents cross-family collisions.
+        // HANDLE_VERSION and handleType are folded into the preimage so the full handle is bound to
+        // its claimed metadata, not just stamped onto bytes 30/31 after the fact.
+        generatedHandle =
+            keccak256(abi.encodePacked(SEP_OP_RESULT, HANDLE_VERSION, handleType, EOps.TrivialEncrypt, plaintextBytes));
         generatedHandle = embedTypeVersion(generatedHandle, handleType);
     }
 
@@ -41,7 +55,7 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         bytes memory ciphertext,
         address user,
         address contractAddress,
-        int32 version,
+        uint16 version,
         ETypes inputType
     ) internal view returns (bytes32 generatedHandle) {
         return getInputHandle(ciphertext, address(this), user, contractAddress, version, inputType);
@@ -61,17 +75,24 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         address executorAddress,
         address user,
         address contractAddress,
-        int32 version,
+        uint16 version,
         ETypes inputType
     ) internal view returns (bytes32 generatedHandle) {
-        // Here we ensure that our hashing scheme is binary-compatible between IncoLightning and IncoFhevm, this helps
-        // keep client-side code consistent in its ciphertext, context => handle mappings
-        bytes32 ctIndexHash = keccak256(abi.encodePacked(keccak256(ciphertext), HANDLE_INDEX));
+        // Prehandle is a legacy concept inherited by an earlier design where we had a preflight system for uploading ciphertexts to an L1 before they could be used.
+        // This is no longer the case and prehandle was mainly kept for compatibility and consistency with the intrernal design docs.
+        // To avoid calling keccak256 twice and save gas the prehandle concept will be dropped in a future PR.
+        bytes32 ctIndexHash = keccak256(
+            // We don't encode the length of the ciphertext because it's the only variable length field which should prevent collisions.
+            abi.encodePacked(SEP_INPUT_PREHANDLE, keccak256(ciphertext), HANDLE_INDEX)
+        );
         bytes32 prehandle = embedIndexTypeVersion(ctIndexHash, inputType);
         // We must also propagate the handle metadata to the final handle
         generatedHandle = embedIndexTypeVersion(
             keccak256(
                 abi.encodePacked(
+                    SEP_INPUT_HANDLE,
+                    HANDLE_VERSION,
+                    inputType,
                     prehandle,
                     EVM_HOST_CHAIN_PREFIX,
                     block.chainid, // todo cache this
@@ -97,7 +118,9 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         pure
         returns (bytes32 generatedHandle)
     {
-        generatedHandle = embedTypeVersion(keccak256(abi.encodePacked(op, packedInputs)), returnType);
+        generatedHandle = embedTypeVersion(
+            keccak256(abi.encodePacked(SEP_OP_RESULT, HANDLE_VERSION, returnType, op, packedInputs)), returnType
+        );
     }
 
 }

package/src/lightning-parts/primitives/HandleMetadata.sol

@@ -12,6 +12,10 @@ import {HANDLE_VERSION, HANDLE_INDEX, ETypes} from "../../Types.sol";
 ///      - Byte 31: Handle version
 contract HandleMetadata {
 
+    /// @notice Thrown when a handle contains a type value outside the valid ETypes enum range.
+    /// @param raw The raw uint8 value extracted from the handle.
+    error InvalidTypeValue(uint8 raw);
+
     /// @notice Embeds the handle index, encrypted type, and protocol version into a prehandle
     /// @dev Used for input handles where the index distinguishes the source.
     ///      Clears bytes 29-31 of the prehandle, then sets:
@@ -46,11 +50,14 @@ contract HandleMetadata {
     }
 
     /// @notice Extracts the encrypted type from a handle
-    /// @dev Reads byte 30 of the handle and casts to ETypes enum
+    /// @dev Reads byte 30 of the handle and casts to ETypes enum.
+    ///      Reverts with InvalidTypeValue if the raw byte exceeds the valid ETypes range.
     /// @param handle The encrypted value handle to inspect
-    /// @return The encrypted type (ebool, euint8, euint16, etc.)
+    /// @return The encrypted type (ebool, euint160, euint256, etc.)
     function typeOf(bytes32 handle) internal pure returns (ETypes) {
-        return ETypes(uint8(uint256(handle) >> 8));
+        uint8 raw = uint8(uint256(handle) >> 8);
+        require(raw <= uint8(type(ETypes).max), InvalidTypeValue(raw));
+        return ETypes(raw);
     }
 
 }

package/src/lightning-parts/primitives/interfaces/IEListHandleMetadata.sol

@@ -0,0 +1,8 @@
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+interface IEListHandleMetadata {
+
+    function lengthOf(bytes32 handle) external pure returns (uint16);
+
+}

package/src/lightning-parts/primitives/test/SignatureVerifier.t.sol

@@ -17,7 +17,7 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
     // Helper function to create sorted signatures
     // Takes a digest and an array of private keys, generates signatures,
     // and returns them sorted by signer address in ascending order
-    function getSortedSignatures(bytes32 digest, uint256[] memory privKeys) internal returns (bytes[] memory) {
+    function getSortedSignatures(bytes32 digest, uint256[] memory privKeys) internal pure returns (bytes[] memory) {
         bytes[] memory signatures = new bytes[](privKeys.length);
         address[] memory signers = new address[](privKeys.length);
 

package/src/lightning-parts/test/Elist.t.sol

@@ -0,0 +1,218 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {IncoTest} from "../../test/IncoTest.sol";
+import {ElistTester} from "../../test/EListTester.sol";
+import {ETypes, ListTooLong, elist, typeBitSize} from "../../Types.sol";
+import {inco} from "../../Lib.sol";
+import {FEE, BIT_FEE, Fee} from "../Fee.sol";
+import {EList, MAX_LIST_LENGTH} from "../EList.sol";
+import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
+import {stdError} from "forge-std/StdError.sol";
+
+contract ElistFeeTester is EList {
+
+    constructor() VerifierAddressGetter(address(0)) {}
+
+}
+
+contract TestEList is IncoTest {
+
+    ElistTester tester;
+    ElistFeeTester feeTester;
+
+    function setUp() public virtual override {
+        super.setUp();
+        tester = new ElistTester(inco);
+        vm.deal(address(tester), 100 ether);
+        vm.deal(address(this), 100 ether);
+        feeTester = new ElistFeeTester();
+        vm.deal(address(feeTester), 100 ether);
+    }
+
+    function _listRange(uint16 start, uint16 end, ETypes listType) internal returns (elist) {
+        return inco.listRange{value: uint256(end - start) * typeBitSize(listType) * BIT_FEE}(start, end, listType);
+    }
+
+    function _listAppend(elist list, bytes32 value) internal returns (elist) {
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        return inco.listAppend{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, value
+        );
+    }
+
+    function _listInsert(elist list, bytes32 idx, bytes32 val) internal returns (elist) {
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        return inco.listInsert{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, idx, val
+        );
+    }
+
+    function _listConcat(elist a, elist b) internal returns (elist) {
+        uint256 bitsA = uint256(inco.lengthOf(elist.unwrap(a))) * typeBitSize(ETypes.Uint256);
+        uint256 bitsB = uint256(inco.lengthOf(elist.unwrap(b))) * typeBitSize(ETypes.Uint256);
+        return inco.listConcat{value: (bitsA + bitsB) * BIT_FEE}(a, b);
+    }
+
+    function _newEList(bytes32[] memory handles, ETypes listType) internal returns (elist) {
+        return inco.newEList{value: uint256(handles.length) * typeBitSize(listType) * BIT_FEE}(handles, listType);
+    }
+
+    function testNewElistFromInputs() public {
+        createList();
+        // todo test read the created list
+    }
+
+    function testListAppend() public {
+        createList();
+        bytes memory ctValue = fakePrepareEuint256Ciphertext(40, address(this), address(tester));
+        tester.listAppend(ctValue);
+    }
+
+    function createList() internal returns (elist list) {
+        bytes[] memory inputs = new bytes[](3);
+        inputs[0] = fakePrepareEuint256Ciphertext(10, address(this), address(tester));
+        inputs[1] = fakePrepareEuint256Ciphertext(20, address(this), address(tester));
+        inputs[2] = fakePrepareEuint256Ciphertext(30, address(this), address(tester));
+        list = tester.newEList(inputs, ETypes.Uint256, address(this));
+    }
+
+    function testRevertsOnBadFeeAmount() public {
+        // Construct a handle with length=1, type=Uint256 so fee = 1 * 256 * BIT_FEE
+        elist nonZeroList = elist.wrap(bytes32((uint256(1) << 24) | (uint256(uint8(ETypes.Uint256)) << 16)));
+        uint256 correctFee = 256 * BIT_FEE;
+
+        // should fail if no fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        feeTester.listShuffle(nonZeroList);
+
+        // should fail if not enough fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        feeTester.listShuffle{value: correctFee - 1}(nonZeroList);
+
+        // should fail if too much fee
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        feeTester.listShuffle{value: correctFee + 1}(nonZeroList);
+
+        // newEList(inputs): uses payingElistFee, so 3 * 256 * BIT_FEE needed, sending less
+        vm.expectRevert(Fee.FeeNotPaid.selector);
+        bytes[] memory inputs = new bytes[](3);
+        feeTester.newEList{value: 3 * 256 * BIT_FEE - 1}(inputs, ETypes.Uint256, address(this));
+    }
+
+    function testListAppend_SucceedsAtMaxLength() public {
+        elist almostMaxList = _listRange(0, MAX_LIST_LENGTH - 1, ETypes.Uint256);
+
+        bytes32 validHandle = inco.listGet(almostMaxList, 0);
+
+        elist result = _listAppend(almostMaxList, validHandle);
+        assert(elist.unwrap(result) != bytes32(0));
+    }
+
+    function testListInsert_SucceedsAtMaxLength() public {
+        elist almostMaxList = _listRange(0, MAX_LIST_LENGTH - 1, ETypes.Uint256);
+
+        // Get valid handles from the list (listGet returns handles with transient permissions)
+        bytes32 validIndex = inco.listGet(almostMaxList, 0);
+        bytes32 validValue = inco.listGet(almostMaxList, 1);
+
+        elist result = _listInsert(almostMaxList, validIndex, validValue);
+        assert(elist.unwrap(result) != bytes32(0));
+    }
+
+    function testListConcat_SucceedsAtMaxLength() public {
+        uint16 half = MAX_LIST_LENGTH / 2;
+        uint16 otherHalf = MAX_LIST_LENGTH - half;
+        elist list1 = _listRange(0, half, ETypes.Uint256);
+        elist list2 = _listRange(0, otherHalf, ETypes.Uint256);
+
+        // Should succeed
+        elist combined = _listConcat(list1, list2);
+        assert(elist.unwrap(combined) != bytes32(0));
+    }
+
+    function testListRange_SucceedsAtMaxLength() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH, ETypes.Uint256);
+        assert(elist.unwrap(maxList) != bytes32(0));
+    }
+
+    // ==================== Overflow Tests ====================
+    // These tests verify that exceeding MAX_LIST_LENGTH reverts appropriately.
+    // Operations use uint16 arithmetic which auto-reverts on overflow in Solidity 0.8+.
+
+    function testListAppend_RevertsOnOverflow() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH, ETypes.Uint256);
+
+        bytes32 validHandle = inco.listGet(maxList, 0);
+
+        // Appending to a max-length list should revert with arithmetic overflow
+        // Fee: (65535*256 + 256) * BIT_FEE = 65536*32*FEE
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listAppend{value: (uint256(MAX_LIST_LENGTH) * typeBits + typeBits) * BIT_FEE}(maxList, validHandle);
+    }
+
+    function testListInsert_RevertsOnOverflow() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH, ETypes.Uint256);
+
+        bytes32 validIndex = inco.listGet(maxList, 0);
+        bytes32 validValue = inco.listGet(maxList, 1);
+
+        // Inserting into a max-length list should revert with arithmetic overflow
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listInsert{value: (uint256(MAX_LIST_LENGTH) * typeBits + typeBits) * BIT_FEE}(
+            maxList, validIndex, validValue
+        );
+    }
+
+    function testListConcat_RevertsOnOverflow() public {
+        uint16 half = MAX_LIST_LENGTH / 2 + 1;
+        elist list1 = _listRange(0, half, ETypes.Uint256);
+        elist list2 = _listRange(0, half, ETypes.Uint256);
+
+        // Concatenating should revert with arithmetic overflow
+        uint256 bitsPerList = uint256(half) * typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listConcat{value: (bitsPerList + bitsPerList) * BIT_FEE}(list1, list2);
+    }
+
+    function testNewEList_RevertsOnTooManyHandles() public {
+        uint256 tooMany = uint256(MAX_LIST_LENGTH) + 1;
+        bytes32[] memory handles = new bytes32[](tooMany);
+
+        // Fee check runs before length check, so we must pay the required fee
+        uint256 requiredFee = tooMany * typeBitSize(ETypes.Uint256) * BIT_FEE;
+
+        // Should revert with ListTooLong error
+        vm.expectRevert(abi.encodeWithSelector(ListTooLong.selector, uint32(tooMany), MAX_LIST_LENGTH));
+        inco.newEList{value: requiredFee}(handles, ETypes.Uint256);
+    }
+
+    function testNewEList_RevertsOnTooManyInputs() public {
+        uint256 tooMany = uint256(MAX_LIST_LENGTH) + 1;
+        bytes[] memory inputs = new bytes[](tooMany);
+
+        // Fee check runs before length check, so we must pay the required fee
+        uint256 requiredFee = tooMany * typeBitSize(ETypes.Uint256) * BIT_FEE;
+
+        // Should revert with ListTooLong error
+        vm.expectRevert(abi.encodeWithSelector(ListTooLong.selector, uint32(tooMany), MAX_LIST_LENGTH));
+        inco.newEList{value: requiredFee}(inputs, ETypes.Uint256, address(this));
+    }
+
+    function testNewEListFromHandles() public {
+        elist sourceList = _listRange(0, 3, ETypes.Uint256);
+
+        // Extract handles from the source list
+        bytes32[] memory handles = new bytes32[](3);
+        handles[0] = inco.listGet(sourceList, 0);
+        handles[1] = inco.listGet(sourceList, 1);
+        handles[2] = inco.listGet(sourceList, 2);
+
+        // Create a new list from these handles
+        elist newList = _newEList(handles, ETypes.Uint256);
+        assert(elist.unwrap(newList) != bytes32(0));
+    }
+
+}

package/src/lightning-parts/test/HandleMetadata.t.sol

@@ -22,6 +22,7 @@ import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
 import {FEE} from "../Fee.sol";
 import {HandleAlreadyExists} from "../../Errors.sol";
 import {ExternalHandleDoesNotMatchComputedHandle} from "../EncryptedInput.sol";
+import {IEncryptedInput} from "../interfaces/IEncryptedInput.sol";
 
 contract TestHandleMetadata is
     EIP712,
@@ -32,7 +33,9 @@ contract TestHandleMetadata is
     EncryptedInput
 {
 
-    constructor() EIP712("", "") VerifierAddressGetter(address(0)) {}
+    constructor() EIP712("", "") VerifierAddressGetter(address(0)) {
+        _setAcceptedVersion(2, true);
+    }
 
     function testTypeAssignment() public pure {
         bytes32 someHandle = bytes32(keccak256("someHandle"));
@@ -105,16 +108,16 @@ contract TestHandleMetadata is
     {
         // We need a single word here to get correct encoding
         bytes memory ciphertext = abi.encode(word);
+        uint16 version = 2; // version - X-Wing
         bytes32 handle = getInputHandle(
             ciphertext,
             address(this),
             user,
             contractAddress,
-            0,
-            /* unspecified */
+            version, // version - X-Wing
             inputType
         );
-        input = abi.encodePacked(int32(0), abi.encode(handle, ciphertext));
+        input = abi.encodePacked(uint32(version), abi.encode(handle, ciphertext));
     }
 
     // ============ Tests for HandleGeneration functions ============
@@ -155,6 +158,53 @@ contract TestHandleMetadata is
         return newInputNotPaying(input, user, inputType);
     }
 
+    function testNewInputUnwhitelistedVersion() public {
+        address self = address(this);
+        bytes32 ciphertextData = keccak256(abi.encodePacked("unwhitelisted_version"));
+        bytes memory ciphertext = abi.encode(ciphertextData);
+        uint16 unwhitelistedVersion = 0;
+        bytes32 handle =
+            getInputHandle(ciphertext, address(this), self, address(this), unwhitelistedVersion, ETypes.Uint256);
+        bytes memory badInput = abi.encodePacked(uint32(unwhitelistedVersion), abi.encode(handle, ciphertext));
+
+        vm.expectRevert(abi.encodeWithSelector(IEncryptedInput.InvalidInputVersion.selector, unwhitelistedVersion));
+        this.exposedNewInputNotPaying(badInput, self, ETypes.Uint256);
+    }
+
+    function testNewInputVersionAddedThenRemoved() public {
+        address self = address(this);
+        bytes32 ciphertextData = keccak256(abi.encodePacked("version_toggle"));
+        bytes memory ciphertext = abi.encode(ciphertextData);
+        uint16 version = 3;
+
+        bytes32 handle = getInputHandle(ciphertext, address(this), self, address(this), version, ETypes.Uint256);
+        bytes memory input = abi.encodePacked(uint32(version), abi.encode(handle, ciphertext));
+
+        // Version 3 is not accepted yet
+        vm.expectRevert(abi.encodeWithSelector(IEncryptedInput.InvalidInputVersion.selector, version));
+        this.exposedNewInputNotPaying(input, self, ETypes.Uint256);
+
+        // Whitelist version 3
+        _setAcceptedVersion(3, true);
+
+        // Now it should succeed
+        bytes32 resultHandle = this.exposedNewInputNotPaying(input, self, ETypes.Uint256);
+        assert(typeOf(resultHandle) == ETypes.Uint256);
+
+        // Remove version 3
+        _setAcceptedVersion(3, false);
+
+        // Use different ciphertext to avoid HandleAlreadyExists
+        bytes32 ciphertextData2 = keccak256(abi.encodePacked("version_toggle_2"));
+        bytes memory ciphertext2 = abi.encode(ciphertextData2);
+        bytes32 handle2 = getInputHandle(ciphertext2, address(this), self, address(this), version, ETypes.Uint256);
+        bytes memory input2 = abi.encodePacked(uint32(version), abi.encode(handle2, ciphertext2));
+
+        // Should revert again
+        vm.expectRevert(abi.encodeWithSelector(IEncryptedInput.InvalidInputVersion.selector, version));
+        this.exposedNewInputNotPaying(input2, self, ETypes.Uint256);
+    }
+
     function testNewInputNotPaying() public {
         address self = address(this);
         bytes32 ciphertextData = keccak256(abi.encodePacked("notpaying_ciphertext"));
@@ -172,10 +222,10 @@ contract TestHandleMetadata is
         returns (bytes memory input)
     {
         bytes memory ciphertext = abi.encode(word);
-        int32 version = 0; // unspecified
+        uint16 version = 2; // version - X-Wing
         // For external calls via this., msg.sender is address(this)
         bytes32 handle = getInputHandle(ciphertext, address(this), user, address(this), version, inputType);
-        input = abi.encodePacked(version, abi.encode(handle, ciphertext));
+        input = abi.encodePacked(uint32(version), abi.encode(handle, ciphertext));
     }
 
     // ============ Tests for EncryptedInput error branches ============
@@ -184,7 +234,7 @@ contract TestHandleMetadata is
         address self = address(this);
         // Input less than 64 bytes should revert
         bytes memory shortInput = hex"deadbeef";
-        vm.expectRevert("Input too short, should be at least 68 bytes");
+        vm.expectRevert(abi.encodeWithSelector(IEncryptedInput.InputLengthTooShort.selector, shortInput.length));
         this.exposedNewInputNotPaying(shortInput, self, ETypes.Uint256);
     }
 
@@ -194,8 +244,8 @@ contract TestHandleMetadata is
         bytes memory ciphertext = abi.encode(ciphertextData);
         // Create input with wrong handle (just a random bytes32)
         bytes32 wrongHandle = bytes32(uint256(12345));
-        int32 version = 0; // unspecified
-        bytes memory badInput = abi.encodePacked(version, abi.encode(wrongHandle, ciphertext));
+        uint16 version = 2; // version - X-Wing
+        bytes memory badInput = abi.encodePacked(uint32(version), abi.encode(wrongHandle, ciphertext));
 
         // Compute the expected handle for the error message
         bytes32 expectedHandle = getInputHandle(ciphertext, address(this), self, address(this), version, ETypes.Uint256);
@@ -234,35 +284,35 @@ contract TestHandleMetadata is
     function testEBitAndTypeMismatch() public {
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
-        // Error: UnexpectedType(lhsType, typeToBitMask(rhsType))
-        // With lhs=Uint256, rhs=Bool: UnexpectedType(Uint256, typeToBitMask(Bool))
+        // Error: UnexpectedType(typeOf(rhs), typeToBitMask(lhsType))
+        // With lhs=Uint256, rhs=Bool: UnexpectedType(Bool, typeToBitMask(Uint256))
         vm.expectRevert(
             abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
             )
         );
         this.eBitAnd(euint256.unwrap(a), ebool.unwrap(b));
     }
 
-    /// @notice Test eBitOr with mismatched types (line 134)
+    /// @notice Test eBitOr with mismatched types
     function testEBitOrTypeMismatch() public {
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
         vm.expectRevert(
             abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
             )
         );
         this.eBitOr(euint256.unwrap(a), ebool.unwrap(b));
     }
 
-    /// @notice Test eBitXor with mismatched types (line 146)
+    /// @notice Test eBitXor with mismatched types
     function testEBitXorTypeMismatch() public {
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
         vm.expectRevert(
             abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.Bool)
+                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
             )
         );
         this.eBitXor(euint256.unwrap(a), ebool.unwrap(b));
@@ -276,13 +326,6 @@ contract TestHandleMetadata is
         this.eCast(euint256.unwrap(a), unsupportedType);
     }
 
-    /// @notice Test eRand with unsupported type (line 282)
-    function testERandUnsupportedType() public {
-        ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
-        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
-        this.eRand{value: FEE}(unsupportedType);
-    }
-
     /// @notice Test eRandBounded with unsupported type (line 291)
     function testERandBoundedUnsupportedType() public {
         euint256 bound = this.asEuint256(100);