Consolidation of Authentication Components#2390
Merged
PhilippGackstatter merged 70 commits into0xMiden:nextfrom Feb 24, 2026
Merged
Consolidation of Authentication Components#2390PhilippGackstatter merged 70 commits into0xMiden:nextfrom
PhilippGackstatter merged 70 commits into0xMiden:nextfrom
Conversation
Contributor
Author
|
@bobbinth Could you please review? |
Contributor
|
Will try to review in the next couple of days and I've also tagged @PhilippGackstatter and @mmagician for reviews. There seems to be some merge conflicts now - @onurinanc, could you resolve them when you get a chance? |
…iden#2448) * feat: add test make command without debug mode * chore: switch CI test to use `make testf` * chore: test bench building in debug mode * fix: unnecessary rebuilds * chore: revert fix in protocol and standards * chore: rename `make testf` to `make test-release` * Revert "chore: revert fix in protocol and standards" This reverts commit 3471c7b.
…ters (0xMiden#2420) The previous limit of 6 characters (48 bits) was unnecessarily restrictive compared to other blockchains (Solana: 10, Algorand: 8, Ethereum: unlimited). Since uppercase-only encoding (base-26) fits up to 12 characters within a single field element, the limit is increased to 12. Closes 0xMiden#2406 Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com>
* feat: implement P2ID and P2IDE note storage structures with validation * feat: enhance P2ID note storage with improved account ID handling and validation * feat: refine P2IDE note storage structure and improve field naming for clarity * feat: add P2idNoteStorage and P2ideNoteStorage to changelog * fix: update changelog to include P2idNoteStorage and P2ideNoteStorage pull request reference * feat: add tests for P2idNoteStorage and P2ideNoteStorage validation and decoding * refactor: simplify test code by consolidating vector initialization for P2idNoteStorage and P2ideNoteStorage * feat: add P2ideNoteStorage for improved note handling and update related tests * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: improve error handling in P2idNoteStorage and P2ideNoteStorage for invalid note storage * feat: enhance documentation for P2ideNote and P2ideNoteStorage structures * fix: reorder imports for consistency in test file * feat: implement P2ID and P2IDE note storage handling with improved error management * feat: refactor P2ID and P2IDE note recipient creation to use storage directly * refactor: simplify consumable height calculation and improve error message for P2IDE note storage validation * test: enhance error message assertions for note consumability static analysis * refactor: update error handling for P2ID and P2IDE note storage to use more descriptive messages * feat: update P2ID and P2IDE note storage to use dynamic item counts * feat: integrate P2idNoteStorage for recipient creation in P2ID tests * Apply suggestions from code review * Update crates/miden-testing/src/kernel_tests/tx/test_account_interface.rs --------- Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com>
onurinanc
force-pushed
the
onur-auth-consolidation
branch
from
94094b3 to
ef744bb
Compare
Contributor
Author
|
I believe it's ready to merge @PhilippGackstatter @bobbinth |
bobbinth
approved these changes
Feb 24, 2026
Contributor
bobbinth
left a comment
bobbinth
left a comment
There was a problem hiding this comment.
Looks good! Thank you! I left a bunch of comments inline - but most of them are nits and/or about naming things.
I'd probably make the most trivial changes in this PR and leave non-trivial changes for a follow-up PR (so that we could merge this PR sooner rather than later).
docs/src/account/components.md
Outdated
| name = "demo::owner_public_key" | ||
| description = "This is a typed value supplied at instantiation and interpreted as a Falcon public key" | ||
| type = "miden::standards::auth::falcon512_rpo::pub_key" | ||
| type = "miden::standards::auth::signature::pub_key" |
Contributor
There was a problem hiding this comment.
Here, and in other places, I wonder if it should be just miden::standards::auth::pub_key (i.e., public key used for authenticating transactions). Or do we think there could be something parallel to auth::signature that would also have pub_key?
| /// random number generator. | ||
| /// | ||
| /// Returns an error if the specified authentication scheme is not supported. | ||
| pub fn with_scheme_id_and_rng<R: Rng + CryptoRng>( |
Contributor
There was a problem hiding this comment.
I would rename this into with_scheme_and_rng().
| /// | ||
| /// Returns an error if the specified authentication scheme is not supported. | ||
| #[cfg(feature = "std")] | ||
| pub fn with_scheme_id(scheme: AuthScheme) -> Result<Self, AuthSchemeError> { |
Contributor
There was a problem hiding this comment.
Similar to the last comment, I'd rename this to just with_scheme().
Comment on lines
23
to
24
| pub_keys: Vec<PublicKeyCommitment>, | ||
| auth_schemes: Vec<AuthScheme>, |
Contributor
There was a problem hiding this comment.
Should we collapse these into a single field - e.g., approvers: Vec<(PublicKeyCommitment, AuthScheme)>?
Comment on lines
5
to
6
| /// Defines authentication methods available to standard and faucet accounts. | ||
| pub enum AuthMethod { |
Contributor
There was a problem hiding this comment.
nit: I'm not too sure about "to standard and faucet accounts" part. I think these methods are available to all accounts, no?
| const ERR_INVALID_SCHEME_ID_WORD = "invalid scheme ID word format expected three zero values followed by the scheme ID" | ||
|
|
||
| #! Authenticate a transaction using the Falcon signature scheme. | ||
| #! Authenticate a transaction using ECDSA signature scheme. |
Contributor
There was a problem hiding this comment.
I think this would authenticate not just with ECDSA - right? If so, I'd phrase it as authenticating using the scheme specified by scheme_id an list the currently supported schemes.
Comment on lines
140
to
+141
| /// The name of the component. | ||
| pub const NAME: &'static str = "miden::auth::ecdsa_k256_keccak_multisig"; | ||
| pub const NAME: &'static str = "miden::auth::multisig"; |
Contributor
There was a problem hiding this comment.
Should this not be miden::standards::auth::multisig?
Contributor
There was a problem hiding this comment.
I think we can do a sweep through all account components as part of #2399 to make sure the component names (and ideally library paths) are consistent.
Contributor
Author
There was a problem hiding this comment.
So, @PhilippGackstatter I keep it as it is since it's similar to what we have in the branch next?
Contributor
There was a problem hiding this comment.
That would be fine by me, since we have an issue that covers this.
Contributor
Author
There was a problem hiding this comment.
That would be fine by me, since we have an issue that covers this.
That’s what I meant to say, thank you, forgot to add "we have an issue that covers this".
|
|
||
| # Verify signature using scheme_id: | ||
| # 1 => ECDSA (ecdsa_k256_keccak) | ||
| # 2 => Falcon (rpo_falcon512) |
Contributor
There was a problem hiding this comment.
nit: here and in other places, we now say falcon512_rpo rather than rpo_falcon512.
|
|
||
| # Auth Scheme ID Structure | ||
| const ECDSA_K256_KECCAK_SCHEME_ID=1 | ||
| const RPO_FALCON_512_SCHEME_ID=2 |
| #! | ||
| #! Inputs: [key_index] | ||
| #! Outputs: [APPROVER_MAP_KEY] | ||
| proc create_approver_map_key(key_index: felt) -> BeWord |
Contributor
There was a problem hiding this comment.
nit: let's move this to a section for helper procedures so that it is not intermingled with public interface procedures.
Contributor
Author
|
All done! You can merge when you are ready @PhilippGackstatter @bobbinth |
PhilippGackstatter
approved these changes
Feb 24, 2026
Contributor
PhilippGackstatter
left a comment
PhilippGackstatter
left a comment
There was a problem hiding this comment.
Looks good! I'll merge it as-is and address the comments I left during the VM 0.21 migration, since I'll have to touch these parts anyway, so consider these reminders for myself.
Comment on lines
183
to
+189
| #! Inputs: [pub_key_slot_prefix, pub_key_slot_suffix, num_of_approvers, MSG] | ||
| #! Outputs: [num_verified_signatures, MSG] | ||
| @locals(16) | ||
| @locals(18) | ||
| pub proc verify_signatures | ||
| loc_store.SCHEME_ID_PREFIX_LOC | ||
| loc_store.SCHEME_ID_SUFFIX_LOC | ||
| # => [pub_key_slot_prefix, pub_key_slot_suffix, num_of_approvers, MSG] |
Contributor
There was a problem hiding this comment.
The procedure's signature is missing the APPROVER_SCHEME_ID_SLOT limbs.
Comment on lines
+267
to
+268
| loc_load.SCHEME_ID_SUFFIX_LOC loc_load.SCHEME_ID_PREFIX_LOC | ||
| # => [scheme_id_prefix_loc, scheme_id_suffix_loc, [0, 0, 0, i-1], PUB_KEY, MSG, MSG, i-1] |
Contributor
There was a problem hiding this comment.
I would name the locals here APPROVER_SCHEME_ID_SLOT_{PREFIX, SUFFIX} and APPROVER_PUBLIC_KEYS_SLOT_{PREFIX, SUFFIX} since that would be consistent with multisig.masm and make it clearer that these are slot IDs. scheme_id_prefix_loc suggests this local points itself to a "scheme ID" but it is actually a slot identifier.
mmagician
added a commit
that referenced
this pull request
Feb 25, 2026
* feat: add p2id::new MASM constructor for creating P2ID notes (#2381) * feat: add p2id::new MASM constructor for creating P2ID notes This adds a new `p2id::new` procedure to the P2ID note MASM code that makes it easy to create P2ID notes from MASM transaction scripts. The procedure: - Takes target_id_prefix, target_id_suffix, tag, note_type, SERIAL_NUM - Handles writing note storage to memory in the expected layout - Uses procref.main to obtain the note script root - Builds the recipient and creates the note - Returns the note index This allows MASM code to create P2ID notes without manually handling the note storage layout or hardcoding script roots. Closes #2280 * refactor: move inline comments to doc comment in p2id::new * refactor: simplify local store instructions in p2id::new --------- Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> * fix: u64 limb ordering in `note_tag::create_custom_account_target` (#2441) * Execute FPI with one `syscall` (#2408) * refactor: rework kernel proc invocations during FPI * test: update FPI tests to check the new memory * chore: tiny comment fix * refactor: compress bookkeeping section, move upcoming pointers before stack * refactor: organize the prefix/suffix ordering * refactor: move api helpers to tx, move zero ID check to exec_foreign_proc, import constants * refactor: make tx_exec_foreign_proc to be invoked with dynexec * refactor: store 16th element instead of 1st * refactor: add ID validation, update doc comments, rename tx_prepare_fpi_call * refactor: update doc comments, update constant name * test: create test to check all 16 FP input values, fix bug * test: assert the forieign procedure outputs * refactor: reset foreign data after FPI, move foregin account validation --------- Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com> * chore: reorder account ID and nonce memory and advice layout (#2442) * chore: reorder account ID limbs in advice inputs * chore: rename native account ID -> global account ID * chore: reorder fee parameter word * chore: implement SequentialCommit for `AccountHeader` * chore: add changelog * fix: docs * chore: store global account ID individually instead of in word * chore: introduce `account_id::create_key` * chore: move `account_id::create_key` to `account::create_id_key` * chore: add missing import * feat: add `make test-release` command running without debug mode (#2448) * feat: add test make command without debug mode * chore: switch CI test to use `make testf` * chore: test bench building in debug mode * fix: unnecessary rebuilds * chore: revert fix in protocol and standards * chore: rename `make testf` to `make test-release` * Revert "chore: revert fix in protocol and standards" This reverts commit 3471c7b. * feat: increase `TokenSymbol` max length from 6 to 12 uppercase characters (#2420) The previous limit of 6 characters (48 bits) was unnecessarily restrictive compared to other blockchains (Solana: 10, Algorand: 8, Ethereum: unlimited). Since uppercase-only encoding (base-26) fits up to 12 characters within a single field element, the limit is increased to 12. Closes #2406 Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> * chore: Remove BlockSigner trait (#2447) * feat: account builder helper for schema commitment (#2419) * Add `P2idNoteStorage` and `P2ideNoteStorage` (#2389) * feat: implement P2ID and P2IDE note storage structures with validation * feat: enhance P2ID note storage with improved account ID handling and validation * feat: refine P2IDE note storage structure and improve field naming for clarity * feat: add P2idNoteStorage and P2ideNoteStorage to changelog * fix: update changelog to include P2idNoteStorage and P2ideNoteStorage pull request reference * feat: add tests for P2idNoteStorage and P2ideNoteStorage validation and decoding * refactor: simplify test code by consolidating vector initialization for P2idNoteStorage and P2ideNoteStorage * feat: add P2ideNoteStorage for improved note handling and update related tests * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: improve error handling in P2idNoteStorage and P2ideNoteStorage for invalid note storage * feat: enhance documentation for P2ideNote and P2ideNoteStorage structures * fix: reorder imports for consistency in test file * feat: implement P2ID and P2IDE note storage handling with improved error management * feat: refactor P2ID and P2IDE note recipient creation to use storage directly * refactor: simplify consumable height calculation and improve error message for P2IDE note storage validation * test: enhance error message assertions for note consumability static analysis * refactor: update error handling for P2ID and P2IDE note storage to use more descriptive messages * feat: update P2ID and P2IDE note storage to use dynamic item counts * feat: integrate P2idNoteStorage for recipient creation in P2ID tests * Apply suggestions from code review * Update crates/miden-testing/src/kernel_tests/tx/test_account_interface.rs --------- Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> * feat: add `DEFAULT_TAG` constant to `note_tag` MASM module (#2482) * feat: add DEFAULT_TAG constant to note_tag MASM module Add a public DEFAULT_TAG = 0 constant to the note_tag standards module. This is the default note tag value for notes that rely on attachments rather than tags for targeting. Co-authored-by: marti <marti@hungrycats.studio> * docs: add changelog entry for DEFAULT_TAG constant (#2482) Co-authored-by: mmagician <8402446+mmagician@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> * fix: batch test assumes wrong input note order (#2485) Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com> * feat: add solidity-compat test for generating local claimAsset() param data (#2474) * feat: add solidity-compat test for generating local claimAsset() param data * refactor: rename solidity compat test files & claimAsset vector JSON files * refactor: rename testing methods & update test comments * Update crates/miden-testing/tests/agglayer/bridge_in.rs * Update crates/miden-testing/tests/agglayer/bridge_in.rs * refactor: address review nits from PR #2474 (#2489) * refactor: address review nits from PR #2474 - Add `ClaimDataSource::get_data()` method so the match is encapsulated in the enum rather than inlined in the test body - Extract `claim_data_from_vector()` helper to deduplicate the shared logic between `real_claim_data()` and `local_claim_data()` - Fix `.json.json` double-extension typo in `ClaimDataSource::Real` doc - Extract `_computeCanonicalZeros()` and `_generateLocalProof()` helpers in `SMTMerkleProofVectors.t.sol`, mirroring `ClaimAssetTestVectorsLocalTx`, and replace the inline loop with calls to these helpers Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor: address follow-up review comments on PR #2489 - Move `ClaimDataSource` into `test_utils.rs` so its `get_data()` method can select the right lazy static directly, removing the now-unnecessary `real_claim_data()` and `local_claim_data()` public helpers - Extract `_computeCanonicalZeros` and `_generateLocalProof` into a new `DepositContractTestHelpers` abstract contract; both `SMTMerkleProofVectors` and `ClaimAssetTestVectorsLocalTx` now inherit from it instead of each defining their own copies Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: avoid collisions in random numbers in batch test (#2492) * feat: add native asset claim amount as element in `NoteStorage` of `CLAIM` note (#2460) * feat: add native asset claim amount as element in NoteStorage of CLAIM note * feat: add output note assertion checks * refactor: rm debug statement * Update crates/miden-testing/tests/agglayer/bridge_in.rs Co-authored-by: Marti <marti@miden.team> * refactor: cleanup test & rm leftover comments * wip: consume P2ID by destination AccountId * feat: add solidity-compat test for generating local claimAsset() param data * feat: add solidity-compat test for generating local claimAsset() param data * feat: consume output P2ID note from CLAIM note * fix: taplo fmt * refactor: rename solidity compat test files & claimAsset vector JSON files * refactor: rename testing methods & update test comments * Update crates/miden-testing/tests/agglayer/bridge_in.rs * Update crates/miden-testing/tests/agglayer/bridge_in.rs * refactor: add warnings in comments & update TODO regarding u256 scaling * refactor: assert mock destination account ID matches claim data * fix: load amount BE-felt from mem --------- Co-authored-by: Marti <marti@miden.team> * feat: consolidate authentication components (#2390) * single sig * change AuthScheme, AuthSingleSig, AuthSingleSigAcl, AuthMultisig * fix cleanup_pubkey & update_signers_and_thresholds for multisig * add ERR_INVALID_SCHEME_ID message to standard errors * fmt * changelog * clippy fmt * fix documentation * change scheme_id for Falcon * add hybrid multisig tests * fmt * fix documentation * add threshold validations for key rotation * fix error standards * add helper procedures for multisig * fix tests * fix conflict * fix documentation * fmt * fix standards error format * fmt * rename miden_standars::AuthScheme -> miden_standards::AuthMethod * fix new p2id test * change u8 to AuthScheme in SingleSig and SingleSigAcl * refactor Multisig u8 -> AuthScheme * Execute FPI with one `syscall` (#2408) * refactor: rework kernel proc invocations during FPI * test: update FPI tests to check the new memory * chore: tiny comment fix * refactor: compress bookkeeping section, move upcoming pointers before stack * refactor: organize the prefix/suffix ordering * refactor: move api helpers to tx, move zero ID check to exec_foreign_proc, import constants * refactor: make tx_exec_foreign_proc to be invoked with dynexec * refactor: store 16th element instead of 1st * refactor: add ID validation, update doc comments, rename tx_prepare_fpi_call * refactor: update doc comments, update constant name * test: create test to check all 16 FP input values, fix bug * test: assert the forieign procedure outputs * refactor: reset foreign data after FPI, move foregin account validation --------- Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com> * chore: reorder account ID and nonce memory and advice layout (#2442) * chore: reorder account ID limbs in advice inputs * chore: rename native account ID -> global account ID * chore: reorder fee parameter word * chore: implement SequentialCommit for `AccountHeader` * chore: add changelog * fix: docs * chore: store global account ID individually instead of in word * chore: introduce `account_id::create_key` * chore: move `account_id::create_key` to `account::create_id_key` * chore: add missing import * merge conflicts * rename auth_tx * add constants to masm & fix locals * fix scheme_id constants to auth_scheme * fix masm comments & add error messages * fix storage slots comments * refactor APPROVER_SCHEME_ID_SLOT to [key_index, 0, 0, 0] => [scheme_id, 0, 0, 0] * fmt * clippy and std errors * fix documentation * fmt * fix documentation * apply masm suggestions * refactor type registry * fix scheme -> method naming * fix comments * add rstest and consolidate multisig tests * refactor and consolidate acl and multisig tests * refactor is_signer * simplify is_signer loop * fmt * feat: add `make test-release` command running without debug mode (#2448) * feat: add test make command without debug mode * chore: switch CI test to use `make testf` * chore: test bench building in debug mode * fix: unnecessary rebuilds * chore: revert fix in protocol and standards * chore: rename `make testf` to `make test-release` * Revert "chore: revert fix in protocol and standards" This reverts commit 3471c7b. * feat: increase `TokenSymbol` max length from 6 to 12 uppercase characters (#2420) The previous limit of 6 characters (48 bits) was unnecessarily restrictive compared to other blockchains (Solana: 10, Algorand: 8, Ethereum: unlimited). Since uppercase-only encoding (base-26) fits up to 12 characters within a single field element, the limit is increased to 12. Closes #2406 Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> * chore: Remove BlockSigner trait (#2447) * feat: account builder helper for schema commitment (#2419) * Add `P2idNoteStorage` and `P2ideNoteStorage` (#2389) * feat: implement P2ID and P2IDE note storage structures with validation * feat: enhance P2ID note storage with improved account ID handling and validation * feat: refine P2IDE note storage structure and improve field naming for clarity * feat: add P2idNoteStorage and P2ideNoteStorage to changelog * fix: update changelog to include P2idNoteStorage and P2ideNoteStorage pull request reference * feat: add tests for P2idNoteStorage and P2ideNoteStorage validation and decoding * refactor: simplify test code by consolidating vector initialization for P2idNoteStorage and P2ideNoteStorage * feat: add P2ideNoteStorage for improved note handling and update related tests * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: enhance NoteError handling with detailed messages for invalid note storage * feat: improve error handling in P2idNoteStorage and P2ideNoteStorage for invalid note storage * feat: enhance documentation for P2ideNote and P2ideNoteStorage structures * fix: reorder imports for consistency in test file * feat: implement P2ID and P2IDE note storage handling with improved error management * feat: refactor P2ID and P2IDE note recipient creation to use storage directly * refactor: simplify consumable height calculation and improve error message for P2IDE note storage validation * test: enhance error message assertions for note consumability static analysis * refactor: update error handling for P2ID and P2IDE note storage to use more descriptive messages * feat: update P2ID and P2IDE note storage to use dynamic item counts * feat: integrate P2idNoteStorage for recipient creation in P2ID tests * Apply suggestions from code review * Update crates/miden-testing/src/kernel_tests/tx/test_account_interface.rs --------- Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> * merge next * fmt * fix schema commitment storage error * fix comments * fix comments * fix naming * fmt * add approvers: Vec<(PublicKeyCommitment, AuthScheme)> --------- Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com> Co-authored-by: Andrey Khmuro <andrey@polygon.technology> Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> Co-authored-by: Farukest <abdullahfarukozden@gmail.com> Co-authored-by: Serge Radinovich <47865535+sergerad@users.noreply.github.com> Co-authored-by: igamigo <ignacio.amigo@lambdaclass.com> Co-authored-by: Nikhil Patil <nikhil876706@gmail.com> * feat(AggLayer): Sender (resp. consumer) validation on `CONFIG_AGG_BRIDGE` & `UPDATE_GER` (resp. `BURN`) notes * chore: tracking empty commit * feat(AggLayer): validate `CONFIG_AGG_BRIDGE` and `UPDATE_GER` note senders are authorized entities (#2479) * feat: validate CONFIG_AGG_BRIDGE and UPDATE_GER note senders Add sender validation to ensure only authorized entities can update bridge configuration or the global exit root. Two distinct roles are enforced: - **Bridge admin** (BRIDGE_ADMIN_SLOT): authorized to register faucets via CONFIG_AGG_BRIDGE notes - **Global exit root manager** (GER_MANAGER_SLOT): authorized to update the GER via UPDATE_GER notes Changes: - Add BRIDGE_ADMIN_SLOT and GER_MANAGER_SLOT storage slots to bridge account - Add assert_sender_is_bridge_admin account procedure in bridge_config - Add assert_sender_is_ger_manager account procedure in bridge_config - Export both procedures from the bridge component - CONFIG_AGG_BRIDGE calls assert_sender_is_bridge_admin - UPDATE_GER calls assert_sender_is_ger_manager - Update create_bridge_account to accept bridge_admin_id and ger_manager_id - Update all tests accordingly Closes #2450 Closes #2467 Co-authored-by: marti <marti@hungrycats.studio> * test: use distinct bridge_admin and ger_manager accounts in all tests Create separate wallet accounts for bridge admin and GER manager roles in every test, even when only one role is exercised. This makes the role distinction explicit and avoids accidentally relying on both roles sharing the same identity. Co-authored-by: marti <marti@hungrycats.studio> * lints * fix: order of stack comments; simplify ops --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * feat: create BURN note with NetworkAccountTarget attachment (#2481) * feat: create BURN note with NetworkAccountTarget attachment Replace NoteTag-based targeting with NetworkAccountTarget attachment for BURN notes created by bridge_out. The BURN note now uses: - A NetworkAccountTarget attachment to specify the faucet as target - A simple tag (0) instead of note_tag::create_account_target - set_attachment is called right after note creation, using a dup'd note_idx so no local is needed to save it Changes: - bridge_out.masm: use network_account_target::new + output_note::set_attachment instead of note_tag::create_account_target - bridge_out test: verify attachment target instead of NoteTag Closes #2470 Co-authored-by: marti <marti@hungrycats.studio> * refactor: use DEFAULT_TAG constant and set_attachment in create_burn_note Replace the local BURN_NOTE_TAG constant with the DEFAULT_TAG constant from the note_tag standards module (re-declared locally since MASM does not support cross-module constant references in push). Save attachment_scheme and attachment_kind to locals and use set_attachment instead of set_word_attachment. Co-authored-by: marti <marti@hungrycats.studio> * Apply suggestions from code review Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> * Apply suggestion from @partylikeits1983 Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> * feat(standards): add NoteExecutionHint constants to MASM standards Add `note/execution_hint.masm` under the standards library exposing the four NoteExecutionHint variants as public constants: - NONE = 0 - ALWAYS = 1 - AFTER_BLOCK = 2 (tag bits only; payload must be composed at runtime) - ON_BLOCK_SLOT = 3 (tag bits only; payload must be composed at runtime) These mirror the `NONE_TAG` / `ALWAYS_TAG` / `AFTER_BLOCK_TAG` / `ON_BLOCK_SLOT_TAG` internal constants from the Rust `NoteExecutionHint` implementation and allow MASM callers to reference them via `use miden::standards::note::execution_hint::ALWAYS` (etc.) rather than duplicating magic numbers locally. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(agglayer): import ALWAYS execution hint from standards library Replace the locally-defined `EXECUTION_HINT_ALWAYS = 1` constants with the canonical `ALWAYS` constant from `miden::standards::note::execution_hint`. - `bridge_out.masm`: add `use miden::standards::note::execution_hint::ALWAYS`, drop local const, update `push.EXECUTION_HINT_ALWAYS` → `push.ALWAYS` - `agglayer_faucet.masm`: drop dead `EXECUTION_HINT_ALWAYS = 1` (was defined but never referenced in the file) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: lowercase `.expect()` messages in agglayer code (#2491) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(Agglayer): restructure `asm` directory and split out agglayer lib from bridge & faucet components libs * feat: add native asset claim amount as element in NoteStorage of CLAIM note * feat: add output note assertion checks * refactor: rm debug statement * Update crates/miden-testing/tests/agglayer/bridge_in.rs Co-authored-by: Marti <marti@miden.team> * refactor: cleanup test & rm leftover comments * empty commit * Agglayer: restructure the `asm` directory: clear split between library, components, notes (#2471) * refactor: restructure miden-agglayer asm directory with per-component libraries Restructure the agglayer asm directory to follow the miden-standards pattern, addressing the security vulnerability where all component library functions returned the same unified library, causing bridge accounts to expose faucet procedures and vice versa. Changes: - Move asm/bridge/ files to asm/agglayer/bridge/ subdirectory - Rename agglayer_faucet.masm to asm/agglayer/faucet/mod.masm - Create thin component wrappers in asm/components/ (bridge.masm, faucet.masm) that pub use only relevant procedures - Update build.rs to compile main library from asm/agglayer/, then compile per-component libraries from asm/components/ - Update lib.rs with per-component LazyLock libraries so bridge_*_library() returns the bridge component library and faucet_library() returns the faucet component library - Update all MASM namespace references (miden::agglayer::X to miden::agglayer::bridge::X, agglayer_faucet to faucet) - Update Rust test files with new namespace paths Closes #2294 Co-authored-by: marti <marti@hungrycats.studio> * fix: address CI failures (rustfmt and changelog) - Fix rustfmt line length issue in mmr_frontier.rs test strings - Add CHANGELOG.md entry for the asm directory restructuring Co-authored-by: marti <marti@hungrycats.studio> * refactor: consolidate component library API - Remove bridge_out_library, bridge_in_library, local_exit_tree_library aliases; keep a single agglayer_bridge_library() - Remove faucet_library alias; keep a single agglayer_faucet_library() - Replace separate bridge_out_component/bridge_in_component/ local_exit_tree_component with a single bridge_component() - Remove bridge_out_with_local_exit_tree_component convenience function - Consolidate create_bridge_account_builder to use one bridge_component with all storage slots combined Co-authored-by: marti <marti@hungrycats.studio> * refactor: move update_ger to bridge_config and shared modules to common/ - Move update_ger procedure from bridge_in.masm to bridge_config.masm, since it is a bridge configuration operation alongside register_faucet - Move utils.masm, asset_conversion.masm, eth_address.masm from agglayer/bridge/ to agglayer/common/ since they are shared between bridge and faucet modules - Update all MASM use statements and Rust test strings to reflect the new module paths (bridge::utils -> common::utils, etc.) - Update component wrapper and note script references accordingly Co-authored-by: marti <marti@hungrycats.studio> * refactor: move bridge_in-specific procs out of crypto_utils Move procedures that are only called from bridge_in.masm out of the shared crypto_utils.masm module: - get_leaf_value: loads leaf data from advice map, delegates to compute_leaf_value - compute_ger: computes GER from mainnet/rollup exit roots - verify_merkle_proof: verifies a Keccak-based Merkle proof - calculate_root: private helper for verify_merkle_proof crypto_utils.masm now only contains compute_leaf_value and pack_leaf_data, which are genuinely shared between bridge_in and bridge_out. Co-authored-by: marti <marti@hungrycats.studio> * refactor: deduplicate storage slot constants into bridge_config Move GER and faucet registry storage management into bridge_config.masm to eliminate duplicate constant definitions: - Move assert_valid_ger from bridge_in to bridge_config as a pub proc, so GER_STORAGE_SLOT and GER_KNOWN_FLAG are defined only in bridge_config - Add assert_faucet_registered to bridge_config as a pub proc, so FAUCET_REGISTRY_SLOT is defined only in bridge_config - bridge_in now calls bridge_config::assert_valid_ger - bridge_out now calls bridge_config::assert_faucet_registered instead of inlining the registry lookup Co-authored-by: marti <marti@hungrycats.studio> * refactor: rename crypto_utils to leaf_utils The module now only contains compute_leaf_value and pack_leaf_data, so leaf_utils better describes its purpose. Co-authored-by: marti <marti@hungrycats.studio> * chore: remove unused local exit tree mod * chore: remove getters from interface * refactor: move verify_merkle_proof test to bridge_in module Move solidity_verify_merkle_proof_compatibility test and its helper from leaf_utils.rs to bridge_in.rs, since verify_merkle_proof now lives in bridge_in. Drop the 'test_' prefix from the name. Co-authored-by: marti <marti@hungrycats.studio> * refactor: standardize file organization across all agglayer MASM files Apply consistent section ordering to all MASM files: 1. Imports (use statements, alphabetized) 2. Type aliases 3. Errors 4. Constants (grouped: storage slots, memory pointers, data offsets, local memory offsets, data sizes, flags/other) 5. Public interface (pub proc) 6. Helper procedures (private proc) Files reorganized: - bridge_config.masm: separate storage slots from flags, errors first - bridge_in.masm: group memory pointers, local offsets, data sizes - bridge_out.masm: group LET storage slots, memory pointers, leaf data offsets, local memory offsets, and other constants into labeled blocks - common/eth_address.masm: errors before constants, public interface before helper procs - common/asset_conversion.masm: errors before constants - faucet/mod.masm: group storage slots, memory pointers, local memory offsets, data sizes, and note constants; public interface before helpers Co-authored-by: marti <marti@hungrycats.studio> * Apply suggestions from code review dont need such verbosity * chore: remove dead code; make functions private * chore: use ZERO instead of Felt::new(0) --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> * refactor(agglayer): encapsulate faucet and bridge in structs (#2478) * refactor: restructure miden-agglayer asm directory with per-component libraries Restructure the agglayer asm directory to follow the miden-standards pattern, addressing the security vulnerability where all component library functions returned the same unified library, causing bridge accounts to expose faucet procedures and vice versa. Changes: - Move asm/bridge/ files to asm/agglayer/bridge/ subdirectory - Rename agglayer_faucet.masm to asm/agglayer/faucet/mod.masm - Create thin component wrappers in asm/components/ (bridge.masm, faucet.masm) that pub use only relevant procedures - Update build.rs to compile main library from asm/agglayer/, then compile per-component libraries from asm/components/ - Update lib.rs with per-component LazyLock libraries so bridge_*_library() returns the bridge component library and faucet_library() returns the faucet component library - Update all MASM namespace references (miden::agglayer::X to miden::agglayer::bridge::X, agglayer_faucet to faucet) - Update Rust test files with new namespace paths Closes #2294 Co-authored-by: marti <marti@hungrycats.studio> * fix: address CI failures (rustfmt and changelog) - Fix rustfmt line length issue in mmr_frontier.rs test strings - Add CHANGELOG.md entry for the asm directory restructuring Co-authored-by: marti <marti@hungrycats.studio> * refactor: consolidate component library API - Remove bridge_out_library, bridge_in_library, local_exit_tree_library aliases; keep a single agglayer_bridge_library() - Remove faucet_library alias; keep a single agglayer_faucet_library() - Replace separate bridge_out_component/bridge_in_component/ local_exit_tree_component with a single bridge_component() - Remove bridge_out_with_local_exit_tree_component convenience function - Consolidate create_bridge_account_builder to use one bridge_component with all storage slots combined Co-authored-by: marti <marti@hungrycats.studio> * refactor: move update_ger to bridge_config and shared modules to common/ - Move update_ger procedure from bridge_in.masm to bridge_config.masm, since it is a bridge configuration operation alongside register_faucet - Move utils.masm, asset_conversion.masm, eth_address.masm from agglayer/bridge/ to agglayer/common/ since they are shared between bridge and faucet modules - Update all MASM use statements and Rust test strings to reflect the new module paths (bridge::utils -> common::utils, etc.) - Update component wrapper and note script references accordingly Co-authored-by: marti <marti@hungrycats.studio> * refactor: move bridge_in-specific procs out of crypto_utils Move procedures that are only called from bridge_in.masm out of the shared crypto_utils.masm module: - get_leaf_value: loads leaf data from advice map, delegates to compute_leaf_value - compute_ger: computes GER from mainnet/rollup exit roots - verify_merkle_proof: verifies a Keccak-based Merkle proof - calculate_root: private helper for verify_merkle_proof crypto_utils.masm now only contains compute_leaf_value and pack_leaf_data, which are genuinely shared between bridge_in and bridge_out. Co-authored-by: marti <marti@hungrycats.studio> * refactor: deduplicate storage slot constants into bridge_config Move GER and faucet registry storage management into bridge_config.masm to eliminate duplicate constant definitions: - Move assert_valid_ger from bridge_in to bridge_config as a pub proc, so GER_STORAGE_SLOT and GER_KNOWN_FLAG are defined only in bridge_config - Add assert_faucet_registered to bridge_config as a pub proc, so FAUCET_REGISTRY_SLOT is defined only in bridge_config - bridge_in now calls bridge_config::assert_valid_ger - bridge_out now calls bridge_config::assert_faucet_registered instead of inlining the registry lookup Co-authored-by: marti <marti@hungrycats.studio> * refactor: rename crypto_utils to leaf_utils The module now only contains compute_leaf_value and pack_leaf_data, so leaf_utils better describes its purpose. Co-authored-by: marti <marti@hungrycats.studio> * chore: remove unused local exit tree mod * chore: remove getters from interface * refactor: move verify_merkle_proof test to bridge_in module Move solidity_verify_merkle_proof_compatibility test and its helper from leaf_utils.rs to bridge_in.rs, since verify_merkle_proof now lives in bridge_in. Drop the 'test_' prefix from the name. Co-authored-by: marti <marti@hungrycats.studio> * refactor: standardize file organization across all agglayer MASM files Apply consistent section ordering to all MASM files: 1. Imports (use statements, alphabetized) 2. Type aliases 3. Errors 4. Constants (grouped: storage slots, memory pointers, data offsets, local memory offsets, data sizes, flags/other) 5. Public interface (pub proc) 6. Helper procedures (private proc) Files reorganized: - bridge_config.masm: separate storage slots from flags, errors first - bridge_in.masm: group memory pointers, local offsets, data sizes - bridge_out.masm: group LET storage slots, memory pointers, leaf data offsets, local memory offsets, and other constants into labeled blocks - common/eth_address.masm: errors before constants, public interface before helper procs - common/asset_conversion.masm: errors before constants - faucet/mod.masm: group storage slots, memory pointers, local memory offsets, data sizes, and note constants; public interface before helpers Co-authored-by: marti <marti@hungrycats.studio> * Apply suggestions from code review dont need such verbosity * chore: remove dead code; make functions private * chore: use ZERO instead of Felt::new(0) * refactor(agglayer): encapsulate faucet and bridge in structs, make helpers private - Add AggLayerBridge and AggLayerFaucet structs with new() and From for AccountComponent - Use TokenMetadata for faucet metadata slot instead of hardcoded layout - Make internal helpers private: agglayer_bridge_library, agglayer_faucet_library, create_agglayer_faucet_component, create_bridge_account_builder, create_agglayer_faucet_builder Closes #2371 Co-authored-by: marti <marti@hungrycats.studio> * lint * chore: slot name getters; improve struct docs * chore: use slot getters in tests * Update crates/miden-agglayer/src/lib.rs Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> --------- Co-authored-by: riemann <aleqvids@gmail.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> * refactor: wrap `verify_u128_*` in `verify_u256_*` procedure (#2504) Co-authored-by: Marti <marti@miden.team> * docs: update SPEC.md for resolved issues and current bridge design * docs: address review comments on SPEC.md - Update baseline to "to-be-tagged v0.14-alpha" - Add explanation for why native claim amount is verified (avoids expensive U256 division inside the VM) - Simplify addr output notation to addr(5) https://claude.ai/code/session_01UDgsAS2j2CFrTLsDoLiSUN --------- Co-authored-by: Farukest <abdullahfarukozden@gmail.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> Co-authored-by: Philipp Gackstatter <PhilippGackstatter@users.noreply.github.com> Co-authored-by: Andrey Khmuro <andrey@polygon.technology> Co-authored-by: Bobbin Threadbare <43513081+bobbinth@users.noreply.github.com> Co-authored-by: Serge Radinovich <47865535+sergerad@users.noreply.github.com> Co-authored-by: igamigo <ignacio.amigo@lambdaclass.com> Co-authored-by: Nikhil Patil <nikhil876706@gmail.com> Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: onurinanc <e191322@metu.edu.tr> Co-authored-by: riemann <aleqvids@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adresses #2143
Currently, scheme_id: 0 is used for Falcon, and scheme_id: 1 for ECDSA. However, it might be more appropriate to use scheme_id: 1 and scheme_id: 2 instead. The main reason is that within update_signers_and_thresholds, we also use 0 when scheme_id is zeroed, which makes the logic ambiguous and semantically incorrect. Changing the scheme IDs would help avoid this overlap and make the intent clearer.
At the moment, this PR does not include Hybrid Multisig tests, but they are planned to be added. A proper hybrid multisig test should allow a single multisig account to use different public key types, choosing between ECDSA and RPO Falcon 512 signers within the same account.
Finally, we are currently using BasicAuth { scheme_id: 0/1 }. From a usability and clarity perspective, it might be better to expose more explicit auth types instead of a generic BasicAuth, such as: