feat!: include init_hash in private initialization nullifier (backport #21427)#21736
Merged
nchamo merged 4 commits intobackport-to-v4-next-stagingfrom Mar 18, 2026
Merged
Conversation
AztecBot
added
ci-draft
AztecBot
force-pushed
the
claudebox/da2e780cdbdce797-2
branch
from
b854e84 to
f55ecc8
Compare
Resolved conflicts in: - migration_notes.md: kept only init_hash migration note - constants_tests.nr: added DOM_SEP__PRIVATE_INITIALIZATION_NULLIFIER import, tester size <51, 45> - private_execution.test.ts: merged imports from both sides
AztecBot
force-pushed
the
claudebox/da2e780cdbdce797-2
branch
from
f55ecc8 to
6c9db81
Compare
…om private_execution.test.ts
…ts both counters)
nchamo
approved these changes
Mar 18, 2026
Collaborator
Author
Flakey Tests🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
AztecBot
added a commit
that referenced
this pull request
Mar 19, 2026
BEGIN_COMMIT_OVERRIDE feat: entrypoint replay protection (#21649) feat: guard BoundedVec oracle returns against dirty trailing storage (#21589) fix: add bounds when allocating arrays in deserialization (#21622) feat: implement manual Packable for structs with sub-Field members (#21576) fix(aztec-node): throw on existing nullifier in getLowNullifierMembershipWitness (#21472) fix: use trait dispatch for array Packable::unpack in card_game_contract (#21683) fix(p2p): penalize peers for errors during response reading (#21680) fix: update nullifier non-inclusion test expectations after early oracle throw (backport #21600) (#21615) fix(aztec-nr): fix OOB index with nonzero offset (#21613) fix(builder): persist contractsDB across blocks within a checkpoint (#21520) fix(stdlib): accept null return_type for void Noir functions (#21647) feat: gas estimations on send (#21646) fix(validator): process block proposals from own validator keys in HA setups (backport #21603) (#21659) fix(p2p): penalize peer on tx rejected by pool (#21677) fix(sequencer): fix checkpoint budget redistribution for multi-block slots (#21692) feat: sync cache invalidation oracle (backport #21459) (#21730) feat!: make AES128 decrypt oracle return Option (backport #21696) (#21735) feat!: include init_hash in private initialization nullifier (backport #21427) (#21736) fix(sequencer): extract gas and blob configs from valid requests only (A-677) (#21747) chore: backport #21744 — replace dead BOOTSTRAP_TO env var with bootstrap.sh build arg (#21748) refactor: revert remove assert_bounded_vec_trimmed (#21758) END_COMMIT_OVERRIDE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backport of #21427 to v4-next.
The private initialization nullifier was computed as just
address.to_field(). Anyone who knows a contract's address can compute this nullifier and check for its existence in the nullifier tree, revealing whether the contract has been initialized. This is a privacy leak for fully private contracts.The private initialization nullifier is now computed as
poseidon2_hash(address, init_hash)with a dedicated domain separator (DOM_SEP__PRIVATE_INITIALIZATION_NULLIFIER). Sinceinit_hashis not publicly available for fully private contracts, address knowledge alone is no longer sufficient to determine initialization status.Cherry-pick conflicts resolved
assert_contract_was_initialized_by_with_wrong_init_hash_failstest, updated error message for non-inclusion testDOM_SEP__PRIVATE_INITIALIZATION_NULLIFIERimport, updated tester size from<51, 44>to<51, 45>(excludedDOM_SEP__SINGLE_USE_CLAIM_NULLIFIERwhich doesn't exist on v4-next)AppendOnlyTreeSnapshot,PartialStateReference,StateReference+ added PR'srandomContractInstanceWithAddress,MerkleTreeId,NativeWorldStateService)ClaudeBox log: https://claudebox.work/s/da2e780cdbdce797?run=2