feat: re-enabling authwit, pub key constraints

docs/docs/misc/migration_notes.md

@@ -12,9 +12,22 @@ Aztec is in full-speed development. Literally every version breaks compatibility
 
 The type signature for `SharedMutable` changed from `SharedMutable<T, DELAY>` to `SharedMutable<T, INITIAL_DELAY>`. The behavior is the same as before, except the delay can now be changed after deployment by calling `schedule_delay_change`.
 
+### [Aztec.nr] get_public_key oracle replaced with get_ivpk_m
+
+When implementing changes according to a [new key scheme](https://yp-aztec.netlify.app/docs/addresses-and-keys/keys) we had to change oracles.
+What used to be called encryption public key is now master incoming viewing public key.
+
+```diff
+- use dep::aztec::oracles::get_public_key::get_public_key;
++ use dep::aztec::keys::getters::get_ivpk_m;
+
+- let encryption_pub_key = get_public_key(self.owner);
++ let ivpk_m = get_ivpk_m(context, self.owner);
+```
+
 ## 0.38.0
 
-### [Aztec.nr] Emmiting encrypted logs
+### [Aztec.nr] Emitting encrypted logs
 
 The `emit_encrypted_log` function is now a context method.
 

noir-projects/aztec-nr/address-note/src/address_note.nr

@@ -1,7 +1,8 @@
 use dep::aztec::{
+    keys::getters::get_ivpk_m,
     protocol_types::{address::AztecAddress, traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER},
     note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
-    oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
+    oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key},
     context::PrivateContext, hash::poseidon2_hash
 };
 
@@ -40,13 +41,13 @@ impl NoteInterface<ADDRESS_NOTE_LEN> for AddressNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         // docs:start:encrypted
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
         // docs:end:encrypted

noir-projects/aztec-nr/aztec/src/context/private_context.nr

@@ -286,7 +286,7 @@ impl PrivateContext {
         contract_address: AztecAddress,
         storage_slot: Field,
         note_type_id: Field,
-        encryption_pub_key: GrumpkinPoint,
+        ivpk_m: GrumpkinPoint,
         preimage: [Field; N]
     ) where [Field; N]: LensForEncryptedLog<N, M, L> {
         // TODO(1139): perform encryption in the circuit
@@ -296,7 +296,7 @@ impl PrivateContext {
             contract_address,
             storage_slot,
             note_type_id,
-            encryption_pub_key,
+            ivpk_m,
             preimage,
             counter
         );

noir-projects/aztec-nr/aztec/src/encrypted_logs/body.nr

@@ -67,7 +67,7 @@ mod test {
 
     use crate::{
         note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
-        oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
+        oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key},
         context::PrivateContext, hash::poseidon2_hash
     };
 

noir-projects/aztec-nr/aztec/src/keys/getters.nr

@@ -1,4 +1,7 @@
-use dep::protocol_types::{address::AztecAddress, constants::CANONICAL_KEY_REGISTRY_ADDRESS, grumpkin_point::GrumpkinPoint};
+use dep::protocol_types::{
+    address::{AztecAddress, PublicKeysHash}, constants::CANONICAL_KEY_REGISTRY_ADDRESS,
+    grumpkin_point::GrumpkinPoint
+};
 use crate::{
     context::PrivateContext, oracle::keys::get_public_keys_and_partial_address,
     state_vars::{
@@ -80,20 +83,15 @@ fn fetch_key_from_registry(
 fn fetch_and_constrain_keys(address: AztecAddress) -> [GrumpkinPoint; 4] {
     let (public_keys, partial_address) = get_public_keys_and_partial_address(address);
 
-    let nullifier_pub_key = public_keys[0];
-    let incoming_pub_key = public_keys[1];
-    let outgoing_pub_key = public_keys[2];
-    let tagging_pub_key = public_keys[3];
+    let npk_m = public_keys[0];
+    let ivpk_m = public_keys[1];
+    let ovpk_m = public_keys[2];
+    let tpk_m = public_keys[3];
 
-    let computed_address = AztecAddress::compute_from_public_keys_and_partial_address(
-        nullifier_pub_key,
-        incoming_pub_key,
-        outgoing_pub_key,
-        tagging_pub_key,
-        partial_address
-    );
+    let public_keys_hash = PublicKeysHash::compute(npk_m, ivpk_m, ovpk_m, tpk_m);
+    let computed_address = AztecAddress::compute(public_keys_hash, partial_address);
 
     assert(computed_address.eq(address));
 
-    [nullifier_pub_key, incoming_pub_key, outgoing_pub_key, tagging_pub_key]
+    [npk_m, ivpk_m, ovpk_m, tpk_m]
 }

noir-projects/aztec-nr/aztec/src/oracle.nr

@@ -10,7 +10,6 @@ mod get_l1_to_l2_membership_witness;
 mod get_nullifier_membership_witness;
 mod get_public_data_witness;
 mod get_membership_witness;
-mod get_public_key;
 mod keys;
 mod nullifier_key;
 mod get_sibling_path;

noir-projects/aztec-nr/aztec/src/oracle/keys.nr

@@ -1,7 +1,5 @@
 use dep::protocol_types::{address::{AztecAddress, PartialAddress}, grumpkin_point::GrumpkinPoint};
 
-use crate::hash::poseidon2_hash;
-
 #[oracle(getPublicKeysAndPartialAddress)]
 fn get_public_keys_and_partial_address_oracle(_address: AztecAddress) -> [Field; 9] {}
 

noir-projects/aztec-nr/aztec/src/oracle/logs.nr

@@ -17,15 +17,15 @@ unconstrained pub fn emit_encrypted_log<N, M>(
     contract_address: AztecAddress,
     storage_slot: Field,
     note_type_id: Field,
-    encryption_pub_key: GrumpkinPoint,
+    ivpk_m: GrumpkinPoint,
     preimage: [Field; N],
     counter: u32
 ) -> [Field; M] {
     emit_encrypted_log_oracle(
         contract_address,
         storage_slot,
         note_type_id,
-        encryption_pub_key,
+        ivpk_m,
         preimage,
         counter
     )

noir-projects/aztec-nr/value-note/src/utils.nr

@@ -1,6 +1,6 @@
 use dep::aztec::prelude::{AztecAddress, PrivateContext, PrivateSet, NoteGetterOptions};
 use dep::aztec::note::note_getter_options::SortOrder;
-use dep::aztec::oracle::get_public_key::get_public_key;
+use dep::aztec::keys::getters::get_ivpk_m;
 use crate::{filter::filter_notes_min_sum, value_note::{ValueNote, VALUE_NOTE_LEN}};
 
 // Sort the note values (0th field) in descending order.

noir-projects/aztec-nr/value-note/src/value_note.nr

@@ -1,7 +1,8 @@
 use dep::aztec::{
+    keys::getters::get_ivpk_m,
     protocol_types::{address::AztecAddress, traits::{Deserialize, Serialize}, constants::GENERATOR_INDEX__NOTE_NULLIFIER},
     note::{note_header::NoteHeader, note_interface::NoteInterface, utils::compute_note_hash_for_consumption},
-    oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
+    oracle::{unsafe_rand::unsafe_rand, nullifier_key::get_app_nullifier_secret_key},
     hash::poseidon2_hash, context::PrivateContext
 };
 
@@ -43,12 +44,12 @@ impl NoteInterface<VALUE_NOTE_LEN> for ValueNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
     }

noir-projects/noir-contracts/contracts/app_subscription_contract/src/main.nr

@@ -12,7 +12,7 @@ contract AppSubscription {
 
     use dep::aztec::protocol_types::traits::is_empty;
 
-    use dep::aztec::{context::Context, oracle::get_public_key::get_public_key};
+    use dep::aztec::{context::Context, keys::getters::get_ivpk_m};
     use dep::authwit::{account::AccountActions, auth_witness::get_auth_witness, auth::assert_current_call_valid_authwit};
 
     use crate::subscription_note::{SubscriptionNote, SUBSCRIPTION_NOTE_LEN};

noir-projects/noir-contracts/contracts/app_subscription_contract/src/subscription_note.nr

@@ -1,8 +1,8 @@
 use dep::aztec::prelude::{AztecAddress, PrivateContext, NoteHeader, NoteInterface};
 use dep::aztec::{
-    protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER,
+    keys::getters::get_ivpk_m, protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER,
     note::utils::compute_note_hash_for_consumption, hash::poseidon2_hash,
-    oracle::{nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key}
+    oracle::{nullifier_key::get_app_nullifier_secret_key}
 };
 
 global SUBSCRIPTION_NOTE_LEN: Field = 3;
@@ -39,12 +39,12 @@ impl NoteInterface<SUBSCRIPTION_NOTE_LEN> for SubscriptionNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
     }

noir-projects/noir-contracts/contracts/docs_example_contract/src/types/card_note.nr

@@ -1,8 +1,8 @@
 use dep::aztec::prelude::{AztecAddress, NoteInterface, NoteHeader, PrivateContext};
 use dep::aztec::{
-    note::{utils::compute_note_hash_for_consumption},
-    oracle::{nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
-    hash::poseidon2_hash, protocol_types::{traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER}
+    keys::getters::get_ivpk_m, note::{utils::compute_note_hash_for_consumption},
+    oracle::nullifier_key::get_app_nullifier_secret_key, hash::poseidon2_hash,
+    protocol_types::{traits::Empty, constants::GENERATOR_INDEX__NOTE_NULLIFIER}
 };
 
 // Shows how to create a custom note
@@ -47,12 +47,12 @@ impl NoteInterface<CARD_NOTE_LEN> for CardNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
     }

noir-projects/noir-contracts/contracts/ecdsa_account_contract/src/ecdsa_public_key_note.nr

@@ -1,9 +1,9 @@
 use dep::aztec::prelude::{AztecAddress, FunctionSelector, NoteHeader, NoteInterface, NoteGetterOptions, PrivateContext};
 
 use dep::aztec::{
-    note::utils::compute_note_hash_for_consumption,
-    oracle::{nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
-    hash::poseidon2_hash, protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER
+    keys::getters::get_ivpk_m, note::utils::compute_note_hash_for_consumption,
+    oracle::nullifier_key::get_app_nullifier_secret_key, hash::poseidon2_hash,
+    protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER
 };
 
 global ECDSA_PUBLIC_KEY_NOTE_LEN: Field = 5;
@@ -85,12 +85,12 @@ impl NoteInterface<ECDSA_PUBLIC_KEY_NOTE_LEN> for EcdsaPublicKeyNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
     }

noir-projects/noir-contracts/contracts/ecdsa_account_contract/src/main.nr

@@ -8,7 +8,7 @@ contract EcdsaAccount {
     use dep::aztec::protocol_types::abis::call_context::CallContext;
     use dep::std;
 
-    use dep::aztec::{context::{PublicContext, Context}, oracle::get_public_key::get_public_key};
+    use dep::aztec::context::Context;
     use dep::authwit::{
         entrypoint::{app::AppPayload, fee::FeePayload}, account::AccountActions,
         auth_witness::get_auth_witness

noir-projects/noir-contracts/contracts/escrow_contract/src/main.nr

@@ -2,7 +2,7 @@
 contract Escrow {
     use dep::aztec::prelude::{AztecAddress, EthAddress, FunctionSelector, NoteHeader, PrivateContext, PrivateImmutable};
 
-    use dep::aztec::{context::{PublicContext, Context}, oracle::get_public_key::get_public_key};
+    use dep::aztec::context::{PublicContext, Context};
 
     use dep::address_note::address_note::AddressNote;
 

noir-projects/noir-contracts/contracts/key_registry_contract/src/main.nr

@@ -3,7 +3,7 @@ contract KeyRegistry {
 
     use dep::aztec::{
         state_vars::{SharedMutable, Map},
-        protocol_types::{grumpkin_point::GrumpkinPoint, address::{AztecAddress, PartialAddress}}
+        protocol_types::{grumpkin_point::GrumpkinPoint, address::{AztecAddress, PartialAddress, PublicKeysHash}}
     };
 
     global KEY_ROTATION_DELAY = 5;
@@ -54,13 +54,13 @@ contract KeyRegistry {
         outgoing_public_key: GrumpkinPoint,
         tagging_public_key: GrumpkinPoint
     ) {
-        let computed_address = AztecAddress::compute_from_public_keys_and_partial_address(
+        let public_keys_hash = PublicKeysHash::compute(
             nullifier_public_key,
             incoming_public_key,
             outgoing_public_key,
-            tagging_public_key,
-            partial_address
+            tagging_public_key
         );
+        let computed_address = AztecAddress::compute(public_keys_hash, partial_address);
 
         assert(computed_address.eq(address), "Computed address does not match supplied address");
 

noir-projects/noir-contracts/contracts/schnorr_account_contract/src/main.nr

@@ -7,7 +7,7 @@ contract SchnorrAccount {
 
     use dep::aztec::prelude::{AztecAddress, FunctionSelector, NoteHeader, PrivateContext, PrivateImmutable};
     use dep::aztec::state_vars::{Map, PublicMutable};
-    use dep::aztec::{context::Context, oracle::get_public_key::get_public_key};
+    use dep::aztec::context::Context;
     use dep::authwit::{
         entrypoint::{app::AppPayload, fee::FeePayload}, account::AccountActions,
         auth_witness::get_auth_witness

noir-projects/noir-contracts/contracts/schnorr_account_contract/src/public_key_note.nr

@@ -1,7 +1,7 @@
 use dep::aztec::prelude::{AztecAddress, NoteHeader, NoteInterface, PrivateContext};
 use dep::aztec::{
-    note::utils::compute_note_hash_for_consumption, hash::poseidon2_hash,
-    oracle::{nullifier_key::get_app_nullifier_secret_key, get_public_key::get_public_key},
+    keys::getters::get_ivpk_m, note::utils::compute_note_hash_for_consumption, hash::poseidon2_hash,
+    oracle::{nullifier_key::get_app_nullifier_secret_key},
     protocol_types::constants::GENERATOR_INDEX__NOTE_NULLIFIER
 };
 
@@ -39,12 +39,12 @@ impl NoteInterface<PUBLIC_KEY_NOTE_LEN> for PublicKeyNote {
 
     // Broadcasts the note as an encrypted log on L1.
     fn broadcast(self, context: &mut PrivateContext, slot: Field) {
-        let encryption_pub_key = get_public_key(self.owner);
+        let ivpk_m = get_ivpk_m(context, self.owner);
         context.emit_encrypted_log(
             (*context).this_address(),
             slot,
             Self::get_note_type_id(),
-            encryption_pub_key,
+            ivpk_m,
             self.serialize_content(),
         );
     }

noir-projects/noir-contracts/contracts/schnorr_single_key_account_contract/src/main.nr

@@ -6,7 +6,8 @@ contract SchnorrSingleKeyAccount {
 
     use dep::authwit::{entrypoint::{app::AppPayload, fee::FeePayload}, account::AccountActions};
 
-    use crate::{util::recover_address, auth_oracle::get_auth_witness};
+    // use crate::{util::recover_address, auth_oracle::get_auth_witness};
+    use crate::auth_oracle::get_auth_witness;
 
     global ACCOUNT_ACTIONS_STORAGE_SLOT = 1;