-
Notifications
You must be signed in to change notification settings - Fork 615
feat!: include init_hash in private initialization nullifier to prevent privacy leak #21427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 5 commits
ccf588d
a2fbebd
1da03e2
4b43487
b1f6cb7
c334c70
9214abe
8f489a6
a952c76
a81ba82
47bd11b
8118c88
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,6 +9,23 @@ Aztec is in active development. Each version may introduce breaking changes that | |
|
|
||
| ## TBD | ||
|
|
||
| ### Private initialization nullifier now includes `init_hash` | ||
|
|
||
| The private initialization nullifier is no longer derived from just the contract address. It is now computed as a Poseidon2 hash of `[address, init_hash]` using a dedicated domain separator. This prevents observers from determining whether a fully private contract has been initialized by simply knowing its address. | ||
|
|
||
| Note that `Wallet.getContractMetadata` now returns `isContractInitialized: false` when the wallet does not have the contract instance registered, since `init_hash` is needed to compute the nullifier. Previously, this check worked for any address. | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Shouldn't it instead fail, as it can't know?
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think that we shouldn't fail, I think we should change it so that now we have this too |
||
|
|
||
| If you use `assert_contract_was_initialized_by` or `assert_contract_was_not_initialized_by` from `aztec::history::deployment`, these now require an additional `init_hash: Field` parameter: | ||
|
|
||
| ```diff | ||
| + let instance = get_contract_instance(contract_address); | ||
| assert_contract_was_initialized_by( | ||
| block_header, | ||
| contract_address, | ||
| + instance.initialization_hash, | ||
| ); | ||
| ``` | ||
|
|
||
| ### Two separate init nullifiers for private and public | ||
|
|
||
| Contract initialization now emits two separate nullifiers instead of one: a **private init nullifier** and a **public init nullifier**. Each nullifier gates its respective execution domain: | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just updating some docs