add auditor ciphertext to transfer instruction data

Author: samkim-crypto

token/client/src/token.rs

@@ -51,7 +51,7 @@ use {
             encryption::{
                 auth_encryption::AeKey,
                 elgamal::{ElGamalCiphertext, ElGamalKeypair, ElGamalPubkey, ElGamalSecretKey},
-                pod::elgamal::PodElGamalPubkey,
+                pod::elgamal::{PodElGamalCiphertext, PodElGamalPubkey},
             },
             zk_elgamal_proof_program::{
                 self,
@@ -2201,6 +2201,8 @@ where
         ciphertext_validity_proof_account: Option<&ProofAccount>,
         range_proof_account: Option<&ProofAccount>,
         transfer_amount: u64,
+        transfer_amount_auditor_ciphertext_lo: Option<&PodElGamalCiphertext>,
+        transfer_amount_auditor_ciphertext_hi: Option<&PodElGamalCiphertext>,
         account_info: Option<TransferAccountInfo>,
         source_elgamal_keypair: &ElGamalKeypair,
         source_aes_key: &AeKey,
@@ -2261,6 +2263,32 @@ where
             )
         };
 
+        let (transfer_amount_auditor_ciphertext_lo, transfer_amount_auditor_ciphertext_hi) =
+            if let Some(proof_data) = ciphertext_validity_proof_data {
+                let transfer_amount_auditor_ciphertext_lo = proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                let transfer_amount_auditor_ciphertext_hi = proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                (
+                    transfer_amount_auditor_ciphertext_lo,
+                    transfer_amount_auditor_ciphertext_hi,
+                )
+            } else {
+                // the validity proof data is always generated unless
+                // `transfer_amount_auditor_ciphertext_lo` and `transfer_amount_auditor_ciphertext_hi`
+                // are `Some`, so it is safe to unwrap
+                (
+                    *transfer_amount_auditor_ciphertext_lo.unwrap(),
+                    *transfer_amount_auditor_ciphertext_hi.unwrap(),
+                )
+            };
+
         // cannot panic as long as either `proof_data` or `proof_account` is `Some(..)`,
         // which is guaranteed by the previous check
         let equality_proof_location = Self::confidential_transfer_create_proof_location(
@@ -2292,6 +2320,8 @@ where
             self.get_address(),
             destination_account,
             new_decryptable_available_balance.into(),
+            &transfer_amount_auditor_ciphertext_lo.into(),
+            &transfer_amount_auditor_ciphertext_hi.into(),
             source_authority,
             &multisig_signers,
             equality_proof_location,
@@ -2531,6 +2561,8 @@ where
         fee_ciphertext_validity_proof_account: Option<&ProofAccount>,
         range_proof_account: Option<&ProofAccount>,
         transfer_amount: u64,
+        transfer_amount_auditor_ciphertext_lo: Option<&PodElGamalCiphertext>,
+        transfer_amount_auditor_ciphertext_hi: Option<&PodElGamalCiphertext>,
         account_info: Option<TransferAccountInfo>,
         source_elgamal_keypair: &ElGamalKeypair,
         source_aes_key: &AeKey,
@@ -2615,6 +2647,32 @@ where
             )
         };
 
+        let (transfer_amount_auditor_ciphertext_lo, transfer_amount_auditor_ciphertext_hi) =
+            if let Some(proof_data) = transfer_amount_ciphertext_validity_proof_data {
+                let transfer_amount_auditor_ciphertext_lo = proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                let transfer_amount_auditor_ciphertext_hi = proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                (
+                    transfer_amount_auditor_ciphertext_lo,
+                    transfer_amount_auditor_ciphertext_hi,
+                )
+            } else {
+                // the validity proof data is always generated unless
+                // `transfer_amount_auditor_ciphertext_lo` and `transfer_amount_auditor_ciphertext_hi`
+                // are `Some`, so it is safe to unwrap
+                (
+                    *transfer_amount_auditor_ciphertext_lo.unwrap(),
+                    *transfer_amount_auditor_ciphertext_hi.unwrap(),
+                )
+            };
+
         // cannot panic as long as either `proof_data` or `proof_account` is `Some(..)`,
         // which is guaranteed by the previous check
         let equality_proof_location = Self::confidential_transfer_create_proof_location(
@@ -2660,6 +2718,8 @@ where
             self.get_address(),
             destination_account,
             new_decryptable_available_balance.into(),
+            &transfer_amount_auditor_ciphertext_lo.into(),
+            &transfer_amount_auditor_ciphertext_hi.into(),
             source_authority,
             &multisig_signers,
             equality_proof_location,

token/program-2022-test/tests/confidential_transfer.rs

@@ -1321,6 +1321,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     None,
                     transfer_amount,
                     None,
+                    None,
+                    None,
                     source_elgamal_keypair,
                     source_aes_key,
                     destination_elgamal_pubkey,
@@ -1350,6 +1352,17 @@ async fn confidential_transfer_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_lo
+                .try_extract_ciphertext(2)
+                .unwrap();
+            let transfer_amount_auditor_ciphertext_hi = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_hi
+                .try_extract_ciphertext(2)
+                .unwrap();
+
             let equality_proof_record_account = Keypair::new();
             let ciphertext_validity_proof_record_account = Keypair::new();
             let range_proof_record_account = Keypair::new();
@@ -1418,6 +1431,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     Some(&ciphertext_validity_proof_account),
                     Some(&range_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -1480,6 +1495,17 @@ async fn confidential_transfer_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_lo
+                .try_extract_ciphertext(2)
+                .unwrap();
+            let transfer_amount_auditor_ciphertext_hi = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_hi
+                .try_extract_ciphertext(2)
+                .unwrap();
+
             let equality_proof_context_account = Keypair::new();
             let ciphertext_validity_proof_context_account = Keypair::new();
             let range_proof_context_account = Keypair::new();
@@ -1542,6 +1568,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     Some(&ciphertext_validity_proof_context_proof_account),
                     Some(&range_proof_context_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -1872,6 +1900,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     None,
                     transfer_amount,
                     None,
+                    None,
+                    None,
                     source_elgamal_keypair,
                     source_aes_key,
                     destination_elgamal_pubkey,
@@ -1909,6 +1939,19 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+            let transfer_amount_auditor_ciphertext_hi =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+
             let equality_proof_record_account = Keypair::new();
             let transfer_amount_ciphertext_validity_proof_record_account = Keypair::new();
             let fee_sigma_proof_record_account = Keypair::new();
@@ -2013,6 +2056,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     Some(&fee_ciphertext_validity_proof_account),
                     Some(&range_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -2103,6 +2148,19 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+            let transfer_amount_auditor_ciphertext_hi =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+
             let equality_proof_context_account = Keypair::new();
             let transfer_amount_ciphertext_validity_proof_context_account = Keypair::new();
             let percentage_with_cap_proof_context_account = Keypair::new();
@@ -2200,6 +2258,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     Some(&fee_ciphertext_validity_proof_context_proof_account),
                     Some(&range_proof_context_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,

token/program-2022-test/tests/confidential_transfer_fee.rs

@@ -690,6 +690,8 @@ async fn confidential_transfer_withdraw_withheld_tokens_from_mint_with_option(
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),
@@ -1016,6 +1018,8 @@ async fn confidential_transfer_withdraw_withheld_tokens_from_accounts_with_optio
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),
@@ -1155,6 +1159,8 @@ async fn confidential_transfer_harvest_withheld_tokens_to_mint() {
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),

token/program-2022-test/tests/transfer_hook.rs

@@ -1004,6 +1004,8 @@ async fn success_confidential_transfer() {
             None,
             amount,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),

token/program-2022/src/extension/confidential_transfer/instruction.rs

@@ -619,6 +619,12 @@ pub struct TransferInstructionData {
     /// The new source decryptable balance if the transfer succeeds
     #[cfg_attr(feature = "serde-traits", serde(with = "aeciphertext_fromstr"))]
     pub new_source_decryptable_available_balance: DecryptableBalance,
+    /// The transfer amount encrypted under the auditor ElGamal public key
+    #[cfg_attr(feature = "serde-traits", serde(with = "elgamalciphertext_fromstr"))]
+    pub transfer_amount_auditor_ciphertext_lo: PodElGamalCiphertext,
+    /// The transfer amount encrypted under the auditor ElGamal public key
+    #[cfg_attr(feature = "serde-traits", serde(with = "elgamalciphertext_fromstr"))]
+    pub transfer_amount_auditor_ciphertext_hi: PodElGamalCiphertext,
     /// Relative location of the
     /// `ProofInstruction::VerifyCiphertextCommitmentEquality` instruction
     /// to the `Transfer` instruction in the transaction. If the offset is
@@ -658,6 +664,12 @@ pub struct TransferWithFeeInstructionData {
     /// The new source decryptable balance if the transfer succeeds
     #[cfg_attr(feature = "serde-traits", serde(with = "aeciphertext_fromstr"))]
     pub new_source_decryptable_available_balance: DecryptableBalance,
+    /// The transfer amount encrypted under the auditor ElGamal public key
+    #[cfg_attr(feature = "serde-traits", serde(with = "elgamalciphertext_fromstr"))]
+    pub transfer_amount_auditor_ciphertext_lo: PodElGamalCiphertext,
+    /// The transfer amount encrypted under the auditor ElGamal public key
+    #[cfg_attr(feature = "serde-traits", serde(with = "elgamalciphertext_fromstr"))]
+    pub transfer_amount_auditor_ciphertext_hi: PodElGamalCiphertext,
     /// Relative location of the
     /// `ProofInstruction::VerifyCiphertextCommitmentEquality` instruction
     /// to the `TransferWithFee` instruction in the transaction. If the offset
@@ -1151,6 +1163,8 @@ pub fn inner_transfer(
     mint: &Pubkey,
     destination_token_account: &Pubkey,
     new_source_decryptable_available_balance: DecryptableBalance,
+    transfer_amount_auditor_ciphertext_lo: &PodElGamalCiphertext,
+    transfer_amount_auditor_ciphertext_hi: &PodElGamalCiphertext,
     authority: &Pubkey,
     multisig_signers: &[&Pubkey],
     equality_proof_data_location: ProofLocation<CiphertextCommitmentEqualityProofData>,
@@ -1231,6 +1245,8 @@ pub fn inner_transfer(
         ConfidentialTransferInstruction::Transfer,
         &TransferInstructionData {
             new_source_decryptable_available_balance,
+            transfer_amount_auditor_ciphertext_lo: *transfer_amount_auditor_ciphertext_lo,
+            transfer_amount_auditor_ciphertext_hi: *transfer_amount_auditor_ciphertext_hi,
             equality_proof_instruction_offset,
             ciphertext_validity_proof_instruction_offset,
             range_proof_instruction_offset,
@@ -1246,6 +1262,8 @@ pub fn transfer(
     mint: &Pubkey,
     destination_token_account: &Pubkey,
     new_source_decryptable_available_balance: DecryptableBalance,
+    transfer_amount_auditor_ciphertext_lo: &PodElGamalCiphertext,
+    transfer_amount_auditor_ciphertext_hi: &PodElGamalCiphertext,
     authority: &Pubkey,
     multisig_signers: &[&Pubkey],
     equality_proof_data_location: ProofLocation<CiphertextCommitmentEqualityProofData>,
@@ -1260,6 +1278,8 @@ pub fn transfer(
         mint,
         destination_token_account,
         new_source_decryptable_available_balance,
+        transfer_amount_auditor_ciphertext_lo,
+        transfer_amount_auditor_ciphertext_hi,
         authority,
         multisig_signers,
         equality_proof_data_location,
@@ -1484,6 +1504,8 @@ pub fn inner_transfer_with_fee(
     mint: &Pubkey,
     destination_token_account: &Pubkey,
     new_source_decryptable_available_balance: DecryptableBalance,
+    transfer_amount_auditor_ciphertext_lo: &PodElGamalCiphertext,
+    transfer_amount_auditor_ciphertext_hi: &PodElGamalCiphertext,
     authority: &Pubkey,
     multisig_signers: &[&Pubkey],
     equality_proof_data_location: ProofLocation<CiphertextCommitmentEqualityProofData>,
@@ -1597,6 +1619,8 @@ pub fn inner_transfer_with_fee(
         ConfidentialTransferInstruction::TransferWithFee,
         &TransferWithFeeInstructionData {
             new_source_decryptable_available_balance,
+            transfer_amount_auditor_ciphertext_lo: *transfer_amount_auditor_ciphertext_lo,
+            transfer_amount_auditor_ciphertext_hi: *transfer_amount_auditor_ciphertext_hi,
             equality_proof_instruction_offset,
             transfer_amount_ciphertext_validity_proof_instruction_offset,
             fee_sigma_proof_instruction_offset,
@@ -1614,6 +1638,8 @@ pub fn transfer_with_fee(
     mint: &Pubkey,
     destination_token_account: &Pubkey,
     new_source_decryptable_available_balance: DecryptableBalance,
+    transfer_amount_auditor_ciphertext_lo: &PodElGamalCiphertext,
+    transfer_amount_auditor_ciphertext_hi: &PodElGamalCiphertext,
     authority: &Pubkey,
     multisig_signers: &[&Pubkey],
     equality_proof_data_location: ProofLocation<CiphertextCommitmentEqualityProofData>,
@@ -1632,6 +1658,8 @@ pub fn transfer_with_fee(
         mint,
         destination_token_account,
         new_source_decryptable_available_balance,
+        transfer_amount_auditor_ciphertext_lo,
+        transfer_amount_auditor_ciphertext_hi,
         authority,
         multisig_signers,
         equality_proof_data_location,