feat: app siloing in new key store

AztecProtocol · Apr 12, 2024 · ea48a6a · ea48a6a
1 parent 1659214
commit ea48a6a
Show file tree

Hide file tree

Showing 3 changed files with 136 additions and 2 deletions.
diff --git a/yarn-project/circuit-types/src/keys/new_key_store.ts b/yarn-project/circuit-types/src/keys/new_key_store.ts
@@ -49,4 +49,41 @@ export interface NewKeyStore {
    * @returns A Promise that resolves to the master tagging key.
    */
   getMasterTaggingPublicKey(account: AztecAddress): Promise<PublicKey>;
+
+  /**
+   * Retrieves application nullifier secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application nullifier secret key for.
+   * @param app - The application address to retrieve the nullifier secret key for.
+   * @returns A Promise that resolves to the application nullifier secret key.
+   */
+  getAppNullifierSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
+
+  /**
+   * Retrieves application incoming viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application incoming viewing secret key for.
+   * @param app - The application address to retrieve the incoming viewing secret key for.
+   * @returns A Promise that resolves to the application incoming viewing secret key.
+   */
+  getAppIncomingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
+
+  /**
+   * Retrieves application outgoing viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application outgoing viewing secret key for.
+   * @param app - The application address to retrieve the outgoing viewing secret key for.
+   * @returns A Promise that resolves to the application outgoing viewing secret key.
+   */
+  getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
+
+  /**
+   * Retrieves application tagging secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application tagging secret key for.
+   * @param app - The application address to retrieve the tagging secret key for.
+   * @returns A Promise that resolves to the application tagging secret key.
+   * TODO: Not sure if this func will be needed. 💣💣💣 if not
+   */
+  getAppTaggingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
 }
diff --git a/yarn-project/key-store/src/new_test_key_store.test.ts b/yarn-project/key-store/src/new_test_key_store.test.ts
@@ -1,4 +1,4 @@
-import { Fr } from '@aztec/circuits.js';
+import { AztecAddress, Fr } from '@aztec/circuits.js';
 import { Grumpkin } from '@aztec/circuits.js/barretenberg';
 import { openTmpStore } from '@aztec/kv-store/utils';
 
@@ -37,5 +37,28 @@ describe('NewTestKeyStore', () => {
     expect(masterTaggingPublicKey.toString()).toMatchInlineSnapshot(
       `"0x1949d883bb8af455a71219d9753739772d01968f5921dc09fe5db2d5f3d782d51fe3f92bfffda9c265630ebaaa9a1ddfae27c2b821bcafa074f530d7f4f06b61"`,
     );
+
+    // Arbitrary app contract address
+    const appAddress = AztecAddress.fromBigInt(624n);
+
+    const appNullifierSecretKey = await keyStore.getAppNullifierSecretKey(accountAddress, appAddress);
+    expect(appNullifierSecretKey.toString()).toMatchInlineSnapshot(
+      `"0x17e6aa39fa3b496ab3253d366b60b21d40df6f4db145cc543896a07e81cdca57"`,
+    );
+
+    const appIncomingViewingSecretKey = await keyStore.getAppIncomingViewingSecretKey(accountAddress, appAddress);
+    expect(appIncomingViewingSecretKey.toString()).toMatchInlineSnapshot(
+      `"0x26802fcefb8c238ed5dc8e3e0eff8fc05f8feff9fa1dd1dc951f2bdf04fe279b"`,
+    );
+
+    const appOutgoingViewingSecretKey = await keyStore.getAppOutgoingViewingSecretKey(accountAddress, appAddress);
+    expect(appOutgoingViewingSecretKey.toString()).toMatchInlineSnapshot(
+      `"0x1e4aaa29289f2be15c05509478aa054be9cbe16d75dbb59bdfaefc3a2df88f0b"`,
+    );
+
+    const appTaggingSecretKey = await keyStore.getAppTaggingSecretKey(accountAddress, appAddress);
+    expect(appTaggingSecretKey.toString()).toMatchInlineSnapshot(
+      `"0x24051d8fddc0d49929a118edc68d04babe7175bd4cf0f25d83527e25c6dd591f"`,
+    );
   });
 });
diff --git a/yarn-project/key-store/src/new_test_key_store.ts b/yarn-project/key-store/src/new_test_key_store.ts
@@ -74,7 +74,12 @@ export class NewTestKeyStore implements NewKeyStore {
     const accountAddressFr = poseidonHash([partialAddress, publicKeysHash], GeneratorIndex.CONTRACT_ADDRESS_V1);
     const accountAddress = AztecAddress.fromField(accountAddressFr);
 
-    // We store the keys in the database
+    // We store all the public and secret keys in the database
+    await this.#keys.set(`${accountAddress.toString()}-nsk_m`, masterNullifierSecretKey.toBuffer());
+    await this.#keys.set(`${accountAddress.toString()}-ivsk_m`, masterIncomingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${accountAddress.toString()}-ovsk_m`, masterOutgoingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${accountAddress.toString()}-tsk_m`, masterTaggingSecretKey.toBuffer());
+
     await this.#keys.set(`${accountAddress.toString()}-npk_m`, masterNullifierPublicKey.toBuffer());
     await this.#keys.set(`${accountAddress.toString()}-ivpk_m`, masterIncomingViewingPublicKey.toBuffer());
     await this.#keys.set(`${accountAddress.toString()}-ovpk_m`, masterOutgoingViewingPublicKey.toBuffer());
@@ -139,4 +144,73 @@ export class NewTestKeyStore implements NewKeyStore {
     }
     return Promise.resolve(Point.fromBuffer(masterTaggingPublicKeyBuffer));
   }
+
+  /**
+   * Retrieves application nullifier secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application nullifier secret key for.
+   * @param app - The application address to retrieve the nullifier secret key for.
+   * @returns A Promise that resolves to the application nullifier secret key.
+   */
+  public getAppNullifierSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterNullifierSecretKeyBuffer = this.#keys.get(`${account.toString()}-nsk_m`);
+    if (!masterNullifierSecretKeyBuffer) {
+      throw new Error(`Account ${account.toString()} does not exist.`);
+    }
+    const masterNullifierSecretKey = Fr.fromBuffer(masterNullifierSecretKeyBuffer);
+
+    return Promise.resolve(poseidonHash([masterNullifierSecretKey, app], GeneratorIndex.NSK_M));
+  }
+
+  /**
+   * Retrieves application incoming viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application incoming viewing secret key for.
+   * @param app - The application address to retrieve the incoming viewing secret key for.
+   * @returns A Promise that resolves to the application incoming viewing secret key.
+   */
+  public getAppIncomingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterIncomingViewingSecretKeyBuffer = this.#keys.get(`${account.toString()}-ivsk_m`);
+    if (!masterIncomingViewingSecretKeyBuffer) {
+      throw new Error(`Account ${account.toString()} does not exist.`);
+    }
+    const masterIncomingViewingSecretKey = Fr.fromBuffer(masterIncomingViewingSecretKeyBuffer);
+
+    return Promise.resolve(poseidonHash([masterIncomingViewingSecretKey, app], GeneratorIndex.IVSK_M));
+  }
+
+  /**
+   * Retrieves application outgoing viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application outgoing viewing secret key for.
+   * @param app - The application address to retrieve the outgoing viewing secret key for.
+   * @returns A Promise that resolves to the application outgoing viewing secret key.
+   */
+  public getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterOutgoingViewingSecretKeyBuffer = this.#keys.get(`${account.toString()}-ovsk_m`);
+    if (!masterOutgoingViewingSecretKeyBuffer) {
+      throw new Error(`Account ${account.toString()} does not exist.`);
+    }
+    const masterOutgoingViewingSecretKey = Fr.fromBuffer(masterOutgoingViewingSecretKeyBuffer);
+
+    return Promise.resolve(poseidonHash([masterOutgoingViewingSecretKey, app], GeneratorIndex.OVSK_M));
+  }
+
+  /**
+   * Retrieves application tagging secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application tagging secret key for.
+   * @param app - The application address to retrieve the tagging secret key for.
+   * @returns A Promise that resolves to the application tagging secret key.
+   * TODO: Not sure if this func will be needed. 💣💣💣 if not
+   */
+  public getAppTaggingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterTaggingSecretKeyBuffer = this.#keys.get(`${account.toString()}-tsk_m`);
+    if (!masterTaggingSecretKeyBuffer) {
+      throw new Error(`Account ${account.toString()} does not exist.`);
+    }
+    const masterTaggingSecretKey = Fr.fromBuffer(masterTaggingSecretKeyBuffer);
+
+    return Promise.resolve(poseidonHash([masterTaggingSecretKey, app], GeneratorIndex.TSK_M));
+  }
 }