diff --git a/noir-projects/aztec-nr/aztec/src/messages/encryption/aes128.nr b/noir-projects/aztec-nr/aztec/src/messages/encryption/aes128.nr index 41997e71c00f..e2e372daa886 100644 --- a/noir-projects/aztec-nr/aztec/src/messages/encryption/aes128.nr +++ b/noir-projects/aztec-nr/aztec/src/messages/encryption/aes128.nr @@ -4,10 +4,12 @@ use crate::protocol::{ hash::poseidon2_hash_with_separator, point::Point, public_keys::AddressPoint, + traits::ToField, }; use crate::{ keys::{ecdh_shared_secret::derive_ecdh_shared_secret, ephemeral::generate_positive_ephemeral_key_pair}, + logging::aztecnr_warn_log_format, messages::{ encoding::{ EPH_PK_X_SIZE_IN_FIELDS, HEADER_CIPHERTEXT_SIZE_IN_BYTES, MESSAGE_CIPHERTEXT_LEN, MESSAGE_PLAINTEXT_LEN, @@ -254,7 +256,13 @@ impl MessageEncryption for AES128 { eph_sk, recipient .to_address_point() - .unwrap_or( + .unwrap_or_else(|| { + aztecnr_warn_log_format!( + "Attempted to encrypt message for an invalid recipient ({0})", + )( + [recipient.to_field()], + ); + // Safety: if the recipient is an invalid address, then it is not possible to encrypt a message for // them because we cannot establish a shared secret. This is never expected to occur during normal // operation. However, it is technically possible for us to receive an invalid address, and we must @@ -265,8 +273,10 @@ impl MessageEncryption for AES128 { // random valid address. The sender is free to choose this address and hence shared secret, but // this has no security implications as they already know not only the full plaintext but also the // ephemeral private key anyway. - unsafe { random_address_point() }, - ) + unsafe { + random_address_point() + } + }) .inner, ); // TODO: also use this shared secret for deriving note randomness.