AztecProtocol · nventuro · Mar 4, 2026 · Mar 4, 2026
@@ -4,10 +4,12 @@ use crate::protocol::{
     hash::poseidon2_hash_with_separator,
     point::Point,
     public_keys::AddressPoint,
+    traits::ToField,
 };
 
 use crate::{
     keys::{ecdh_shared_secret::derive_ecdh_shared_secret, ephemeral::generate_positive_ephemeral_key_pair},
+    logging::aztecnr_warn_log_format,
     messages::{
         encoding::{
             EPH_PK_X_SIZE_IN_FIELDS, HEADER_CIPHERTEXT_SIZE_IN_BYTES, MESSAGE_CIPHERTEXT_LEN, MESSAGE_PLAINTEXT_LEN,
@@ -254,7 +256,13 @@ impl MessageEncryption for AES128 {
             eph_sk,
             recipient
                 .to_address_point()
-                .unwrap_or(
+                .unwrap_or_else(|| {
+                    aztecnr_warn_log_format!(
+                        "Attempted to encrypt message for an invalid recipient ({0})",
+                    )(
+                        [recipient.to_field()],
+                    );
+
                     // Safety: if the recipient is an invalid address, then it is not possible to encrypt a message for
                     // them because we cannot establish a shared secret. This is never expected to occur during normal
                     // operation. However, it is technically possible for us to receive an invalid address, and we must
@@ -265,8 +273,10 @@ impl MessageEncryption for AES128 {
                     // random valid address. The sender is free to choose this address and hence shared secret, but
                     // this has no security implications as they already know not only the full plaintext but also the
                     // ephemeral private key anyway.
-                    unsafe { random_address_point() },
-                )
+                    unsafe {
+                        random_address_point()
+                    }
+                })
                 .inner,
         );
         // TODO: also use this shared secret for deriving note randomness.