refactor: tagging related cleanup

Author: benesjan

yarn-project/pxe/src/contract_function_simulator/indexed_tagging_secret.ts

@@ -0,0 +1,6 @@
+import type { Fr } from '@aztec/foundation/fields';
+
+export type IndexedTaggingSecret = {
+  directionalAppTaggingSecret: Fr;
+  index: number;
+};

yarn-project/pxe/src/contract_function_simulator/pxe_oracle_interface.test.ts

@@ -15,9 +15,8 @@ import type { CompleteAddress, ContractInstance } from '@aztec/stdlib/contract';
 import { computeUniqueNoteHash, siloNoteHash, siloNullifier, siloPrivateLog } from '@aztec/stdlib/hash';
 import { type AztecNode, MAX_RPC_LEN } from '@aztec/stdlib/interfaces/client';
 import type { KeyValidationRequest } from '@aztec/stdlib/kernel';
-import { computeAddressSecret, computeAppTaggingSecret } from '@aztec/stdlib/keys';
+import { computeAddressSecret } from '@aztec/stdlib/keys';
 import {
-  IndexedTaggingSecret,
   PendingTaggedLog,
   PrivateLogWithTxData,
   PublicLog,
@@ -47,7 +46,14 @@ import { LogRetrievalRequest } from './noir-structs/log_retrieval_request.js';
 import { LogRetrievalResponse } from './noir-structs/log_retrieval_response.js';
 import { NoteValidationRequest } from './noir-structs/note_validation_request.js';
 import type { ProxiedNode } from './proxied_node.js';
-import { WINDOW_HALF_SIZE, getIndexedTaggingSecretsForTheWindow, getInitialIndexesMap } from './tagging_utils.js';
+import {
+  WINDOW_HALF_SIZE,
+  computeDirectionalAppTaggingSecret,
+  computeSiloedTag,
+  computeTag,
+  getIndexedTaggingSecretsForTheWindow,
+  getInitialIndexesMap,
+} from './tagging_utils.js';
 
 /**
  * A data layer that provides and stores information needed for simulating/proving a transaction.
@@ -276,33 +282,37 @@ export class PXEOracleInterface implements ExecutionDataProvider {
   ): Promise<Fr> {
     await this.syncTaggedLogsAsSender(contractAddress, sender, recipient);
 
-    const appTaggingSecret = await this.#calculateAppTaggingSecret(contractAddress, sender, recipient);
-    const [index] = await this.taggingDataProvider.getTaggingSecretsIndexesAsSender([appTaggingSecret], sender);
+    const directionalAppTaggingSecret = await this.#calculateDirectionalAppTaggingSecret(
+      contractAddress,
+      sender,
+      recipient,
+    );
+    const [index] = await this.taggingDataProvider.getTaggingSecretsIndexesAsSender([directionalAppTaggingSecret]);
 
     // Increment the index for next time
     const contractName = await this.contractDataProvider.getDebugContractName(contractAddress);
     this.log.debug(`Incrementing app tagging secret at ${contractName}(${contractAddress})`, {
-      appTaggingSecret,
+      directionalAppTaggingSecret,
       sender,
       recipient,
       contractName,
       contractAddress,
     });
 
-    await this.taggingDataProvider.setTaggingSecretsIndexesAsSender(
-      [new IndexedTaggingSecret(appTaggingSecret, index + 1)],
-      sender,
-    );
+    await this.taggingDataProvider.setTaggingSecretIndexAsSender(directionalAppTaggingSecret, index + 1);
 
     // Compute and return the tag using the current index
-    const indexedTaggingSecret = new IndexedTaggingSecret(appTaggingSecret, index);
-    return indexedTaggingSecret.computeTag(recipient);
+    return computeTag(directionalAppTaggingSecret, index);
   }
 
-  async #calculateAppTaggingSecret(contractAddress: AztecAddress, sender: AztecAddress, recipient: AztecAddress) {
+  async #calculateDirectionalAppTaggingSecret(
+    contractAddress: AztecAddress,
+    sender: AztecAddress,
+    recipient: AztecAddress,
+  ) {
     const senderCompleteAddress = await this.getCompleteAddress(sender);
     const senderIvsk = await this.keyStore.getMasterIncomingViewingSecretKey(sender);
-    return computeAppTaggingSecret(senderCompleteAddress, senderIvsk, recipient, contractAddress);
+    return computeDirectionalAppTaggingSecret(senderCompleteAddress, senderIvsk, recipient, contractAddress, recipient);
   }
 
   /**
@@ -317,7 +327,7 @@ export class PXEOracleInterface implements ExecutionDataProvider {
   async #getIndexedTaggingSecretsForSenders(
     contractAddress: AztecAddress,
     recipient: AztecAddress,
-  ): Promise<IndexedTaggingSecret[]> {
+  ): Promise<{ directionalAppTaggingSecret: Fr; index: number }[]> {
     const recipientCompleteAddress = await this.getCompleteAddress(recipient);
     const recipientIvsk = await this.keyStore.getMasterIncomingViewingSecretKey(recipient);
 
@@ -327,13 +337,26 @@ export class PXEOracleInterface implements ExecutionDataProvider {
       ...(await this.taggingDataProvider.getSenderAddresses()),
       ...(await this.keyStore.getAccounts()),
     ].filter((address, index, self) => index === self.findIndex(otherAddress => otherAddress.equals(address)));
-    const appTaggingSecrets = await Promise.all(
-      senders.map(contact =>
-        computeAppTaggingSecret(recipientCompleteAddress, recipientIvsk, contact, contractAddress),
-      ),
+    const directionalAppTaggingSecrets = await Promise.all(
+      senders.map(contact => {
+        return computeDirectionalAppTaggingSecret(
+          recipientCompleteAddress,
+          recipientIvsk,
+          contact,
+          contractAddress,
+          recipient,
+        );
+      }),
     );
-    const indexes = await this.taggingDataProvider.getTaggingSecretsIndexesAsRecipient(appTaggingSecrets, recipient);
-    return appTaggingSecrets.map((secret, i) => new IndexedTaggingSecret(secret, indexes[i]));
+    const indexes = await this.taggingDataProvider.getTaggingSecretsIndexesAsRecipient(directionalAppTaggingSecrets);
+    if (indexes.length !== directionalAppTaggingSecrets.length) {
+      throw new Error('Indexes and directional app tagging secrets have different lengths');
+    }
+
+    return directionalAppTaggingSecrets.map((secret, i) => ({
+      directionalAppTaggingSecret: secret,
+      index: indexes[i],
+    }));
   }
 
   /**
@@ -349,8 +372,13 @@ export class PXEOracleInterface implements ExecutionDataProvider {
     sender: AztecAddress,
     recipient: AztecAddress,
   ): Promise<void> {
-    const appTaggingSecret = await this.#calculateAppTaggingSecret(contractAddress, sender, recipient);
-    const [oldIndex] = await this.taggingDataProvider.getTaggingSecretsIndexesAsSender([appTaggingSecret], sender);
+    const directionalAppTaggingSecret = await this.#calculateDirectionalAppTaggingSecret(
+      contractAddress,
+      sender,
+      recipient,
+    );
+
+    const [oldIndex] = await this.taggingDataProvider.getTaggingSecretsIndexesAsSender([directionalAppTaggingSecret]);
 
     // This algorithm works such that:
     // 1. If we find minimum consecutive empty logs in a window of logs we set the index to the index of the last log
@@ -364,8 +392,7 @@ export class PXEOracleInterface implements ExecutionDataProvider {
     do {
       // We compute the tags for the current window of indexes
       const currentTags = await timesParallel(WINDOW_SIZE, i => {
-        const indexedAppTaggingSecret = new IndexedTaggingSecret(appTaggingSecret, currentIndex + i);
-        return indexedAppTaggingSecret.computeSiloedTag(recipient, contractAddress);
+        return computeSiloedTag(directionalAppTaggingSecret, currentIndex + i, contractAddress);
       });
 
       // We fetch the logs for the tags
@@ -388,14 +415,11 @@ export class PXEOracleInterface implements ExecutionDataProvider {
 
     const contractName = await this.contractDataProvider.getDebugContractName(contractAddress);
     if (currentIndex !== oldIndex) {
-      await this.taggingDataProvider.setTaggingSecretsIndexesAsSender(
-        [new IndexedTaggingSecret(appTaggingSecret, currentIndex)],
-        sender,
-      );
+      await this.taggingDataProvider.setTaggingSecretIndexAsSender(directionalAppTaggingSecret, currentIndex);
 
       this.log.debug(`Syncing logs for sender ${sender} at contract ${contractName}(${contractAddress})`, {
         sender,
-        secret: appTaggingSecret,
+        secret: directionalAppTaggingSecret,
         index: currentIndex,
         contractName,
         contractAddress,
@@ -445,7 +469,7 @@ export class PXEOracleInterface implements ExecutionDataProvider {
       // some logs. For these reasons, we have to look both back and ahead of the stored index.
       let secretsAndWindows = secrets.map(secret => {
         return {
-          appTaggingSecret: secret.appTaggingSecret,
+          directionalAppTaggingSecret: secret.directionalAppTaggingSecret,
           leftMostIndex: Math.max(0, secret.index - WINDOW_HALF_SIZE),
           rightMostIndex: secret.index + WINDOW_HALF_SIZE,
         };
@@ -460,7 +484,9 @@ export class PXEOracleInterface implements ExecutionDataProvider {
       while (secretsAndWindows.length > 0) {
         const secretsForTheWholeWindow = getIndexedTaggingSecretsForTheWindow(secretsAndWindows);
         const tagsForTheWholeWindow = await Promise.all(
-          secretsForTheWholeWindow.map(secret => secret.computeSiloedTag(recipient, contractAddress)),
+          secretsForTheWholeWindow.map(secret =>
+            computeSiloedTag(secret.directionalAppTaggingSecret, secret.index, contractAddress),
+          ),
         );
 
         // We store the new largest indexes we find in the iteration in the following map to later on construct
@@ -492,17 +518,18 @@ export class PXEOracleInterface implements ExecutionDataProvider {
             // We retrieve the indexed tagging secret corresponding to the log as I need that to evaluate whether
             // a new largest index have been found.
             const secretCorrespondingToLog = secretsForTheWholeWindow[logIndex];
-            const initialIndex = initialIndexesMap[secretCorrespondingToLog.appTaggingSecret.toString()];
+            const initialIndex = initialIndexesMap[secretCorrespondingToLog.directionalAppTaggingSecret.toString()];
 
             if (
               secretCorrespondingToLog.index >= initialIndex &&
-              (newLargestIndexMapForIteration[secretCorrespondingToLog.appTaggingSecret.toString()] === undefined ||
+              (newLargestIndexMapForIteration[secretCorrespondingToLog.directionalAppTaggingSecret.toString()] ===
+                undefined ||
                 secretCorrespondingToLog.index >=
-                  newLargestIndexMapForIteration[secretCorrespondingToLog.appTaggingSecret.toString()])
+                  newLargestIndexMapForIteration[secretCorrespondingToLog.directionalAppTaggingSecret.toString()])
             ) {
               // We have found a new largest index so we store it for later processing (storing it in the db + fetching
               // the difference of the window sets of current and the next iteration)
-              newLargestIndexMapForIteration[secretCorrespondingToLog.appTaggingSecret.toString()] =
+              newLargestIndexMapForIteration[secretCorrespondingToLog.directionalAppTaggingSecret.toString()] =
                 secretCorrespondingToLog.index + 1;
 
               this.log.debug(
@@ -518,21 +545,23 @@ export class PXEOracleInterface implements ExecutionDataProvider {
         // for. Note that it's very unlikely that a new log from the current window would appear between the iterations
         // so we fetch the logs only for the difference of the window sets.
         const newSecretsAndWindows = [];
-        for (const [appTaggingSecret, newIndex] of Object.entries(newLargestIndexMapForIteration)) {
-          const secret = secrets.find(secret => secret.appTaggingSecret.toString() === appTaggingSecret);
+        for (const [directionalAppTaggingSecret, newIndex] of Object.entries(newLargestIndexMapForIteration)) {
+          const secret = secrets.find(
+            secret => secret.directionalAppTaggingSecret.toString() === directionalAppTaggingSecret,
+          );
           if (secret) {
             newSecretsAndWindows.push({
-              appTaggingSecret: secret.appTaggingSecret,
+              directionalAppTaggingSecret: secret.directionalAppTaggingSecret,
               // We set the left most index to the new index to avoid fetching the same logs again
               leftMostIndex: newIndex,
               rightMostIndex: newIndex + WINDOW_HALF_SIZE,
             });
 
             // We store the new largest index in the map to later store it in the db.
-            newLargestIndexMapToStore[appTaggingSecret] = newIndex;
+            newLargestIndexMapToStore[directionalAppTaggingSecret] = newIndex;
           } else {
             throw new Error(
-              `Secret not found for appTaggingSecret ${appTaggingSecret}. This is a bug as it should never happen!`,
+              `Secret not found for directionalAppTaggingSecret ${directionalAppTaggingSecret}. This is a bug as it should never happen!`,
             );
           }
         }
@@ -543,10 +572,10 @@ export class PXEOracleInterface implements ExecutionDataProvider {
 
       // At this point we have processed all the logs for the recipient so we store the new largest indexes in the db.
       await this.taggingDataProvider.setTaggingSecretsIndexesAsRecipient(
-        Object.entries(newLargestIndexMapToStore).map(
-          ([appTaggingSecret, index]) => new IndexedTaggingSecret(Fr.fromHexString(appTaggingSecret), index),
-        ),
-        recipient,
+        Object.entries(newLargestIndexMapToStore).map(([directionalAppTaggingSecret, index]) => ({
+          directionalAppTaggingSecret: Fr.fromHexString(directionalAppTaggingSecret),
+          index,
+        })),
       );
     }
   }

yarn-project/pxe/src/contract_function_simulator/pxe_oracle_interface.ts

@@ -1,32 +1,71 @@
-import type { Fr } from '@aztec/foundation/fields';
-import { IndexedTaggingSecret } from '@aztec/stdlib/logs';
+import { Grumpkin, poseidon2Hash } from '@aztec/foundation/crypto';
+import type { Fq, Fr } from '@aztec/foundation/fields';
+import type { AztecAddress } from '@aztec/stdlib/aztec-address';
+import type { CompleteAddress } from '@aztec/stdlib/contract';
+import { computeAddressSecret, computePreaddress } from '@aztec/stdlib/keys';
 
 // Half the size of the window we slide over the tagging secret indexes.
 export const WINDOW_HALF_SIZE = 10;
 
 export function getIndexedTaggingSecretsForTheWindow(
-  secretsAndWindows: { appTaggingSecret: Fr; leftMostIndex: number; rightMostIndex: number }[],
-): IndexedTaggingSecret[] {
-  const secrets: IndexedTaggingSecret[] = [];
+  secretsAndWindows: { directionalAppTaggingSecret: Fr; leftMostIndex: number; rightMostIndex: number }[],
+): { directionalAppTaggingSecret: Fr; index: number }[] {
+  const secrets: { directionalAppTaggingSecret: Fr; index: number }[] = [];
   for (const secretAndWindow of secretsAndWindows) {
     for (let i = secretAndWindow.leftMostIndex; i <= secretAndWindow.rightMostIndex; i++) {
-      secrets.push(new IndexedTaggingSecret(secretAndWindow.appTaggingSecret, i));
+      secrets.push({ directionalAppTaggingSecret: secretAndWindow.directionalAppTaggingSecret, index: i });
     }
   }
   return secrets;
 }
 
 /**
- * Creates a map from app tagging secret to initial index.
+ * Creates a map from directional app tagging secret to initial index.
  * @param indexedTaggingSecrets - The indexed tagging secrets to get the initial indexes from.
- * @returns The map from app tagging secret to initial index.
+ * @returns The map from directional app tagging secret to initial index.
  */
-export function getInitialIndexesMap(indexedTaggingSecrets: IndexedTaggingSecret[]): { [k: string]: number } {
+export function getInitialIndexesMap(indexedTaggingSecrets: { directionalAppTaggingSecret: Fr; index: number }[]): {
+  [k: string]: number;
+} {
   const initialIndexes: { [k: string]: number } = {};
 
   for (const indexedTaggingSecret of indexedTaggingSecrets) {
-    initialIndexes[indexedTaggingSecret.appTaggingSecret.toString()] = indexedTaggingSecret.index;
+    initialIndexes[indexedTaggingSecret.directionalAppTaggingSecret.toString()] = indexedTaggingSecret.index;
   }
 
   return initialIndexes;
 }
+
+// Returns shared tagging secret computed with Diffie-Hellman key exchange.
+async function computeTaggingSecretPoint(knownAddress: CompleteAddress, ivsk: Fq, externalAddress: AztecAddress) {
+  const knownPreaddress = await computePreaddress(await knownAddress.publicKeys.hash(), knownAddress.partialAddress);
+  // TODO: #8970 - Computation of address point from x coordinate might fail
+  const externalAddressPoint = await externalAddress.toAddressPoint();
+  const curve = new Grumpkin();
+  // Given A (known complete address) -> B (external address) and h == preaddress
+  // Compute shared secret as S = (h_A + ivsk_A) * Addr_Point_B
+
+  // Beware! h_a + ivsk_a (also known as the address secret) can lead to an address point with a negative y-coordinate, since there's two possible candidates
+  // computeAddressSecret takes care of selecting the one that leads to a positive y-coordinate, which is the only valid address point
+  return curve.mul(externalAddressPoint, await computeAddressSecret(knownPreaddress, ivsk));
+}
+
+export async function computeDirectionalAppTaggingSecret(
+  knownAddress: CompleteAddress,
+  ivsk: Fq,
+  externalAddress: AztecAddress,
+  app: AztecAddress,
+  recipient: AztecAddress,
+) {
+  const taggingSecretPoint = await computeTaggingSecretPoint(knownAddress, ivsk, externalAddress);
+  const appTaggingSecret = await poseidon2Hash([taggingSecretPoint.x, taggingSecretPoint.y, app]);
+  return poseidon2Hash([appTaggingSecret, recipient]);
+}
+
+export function computeTag(directionalAppTaggingSecret: Fr, index: number) {
+  return poseidon2Hash([directionalAppTaggingSecret, index]);
+}
+
+export async function computeSiloedTag(directionalAppTaggingSecret: Fr, index: number, app: AztecAddress) {
+  return poseidon2Hash([app, await computeTag(directionalAppTaggingSecret, index)]);
+}