Skip to content

Confidential assets v1.1: New decryption algorithms & contract changes#822

Draft
alinush wants to merge 21 commits intomainfrom
alin/confidential-assets-v1.1
Draft

Confidential assets v1.1: New decryption algorithms & contract changes#822
alinush wants to merge 21 commits intomainfrom
alin/confidential-assets-v1.1

Conversation

@alinush
Copy link
Contributor

@alinush alinush commented Feb 3, 2026
edited
Loading

Description

  • Implemented BSGS in TypeScript; too slow (> 1s to decrypt a single 32-bit value)
  • Replaced [BL12] discrete log algorithm with a new TBSGS-k32 algorithm; see this PR

Test Plan

  • Re-use unit tests
  • Re-run e2e tests manually

Related Links

See alinush.org/confidential-assets for resources.

Checklist

  • Have you ran pnpm fmt?
  • Have you updated the CHANGELOG.md?

@alinush alinush force-pushed the alin/confidential-assets-v1.1 branch from 40e31af to a92b819 Compare February 10, 2026 00:40
@alinush alinush force-pushed the alin/confidential-assets-v1.1 branch 4 times, most recently from c1e6bb0 to 90ef6bb Compare March 2, 2026 18:01
alinush added 12 commits March 2, 2026 12:02
@alinush
add README and TODO
3881977
@alinush
fix decryption time benchmarks
df15471
@alinush
add BSGS TS benches
3e377cd
@alinush
add unified WASM
4946d97
@alinush
catching up with WIP 8: breaking changes to on-chain structs
e2b97c0
@alinush
catch up with WIP 12: rewrite key rotation proof, generic sigma frame…
13990e8 
…work

Key rotation — migrate to generic sigma protocol framework:
The old ConfidentialKeyRotation had a bespoke Fiat-Shamir construction that did not
match the Move verifier in sigma_protocol_key_rotation.move, and proved the wrong
statement (re-encrypting the full balance under the new key, requiring a range proof).
The new implementation uses sigmaProtocol.ts (sigmaProtocolProve/Verify) whose
Fiat-Shamir matches the Move verifier byte-for-byte via BCS.
create() and authorizeKeyRotation() are now synchronous.

Rename ConfidentialKeyRotationResult -> KeyRotationProof: the flat sigmaProtoComm /
sigmaProtoResp fields are now a nested proof: SigmaProtocolProof sub-field.

Eliminate duplicate view-function implementations in ConfidentialAsset:
getAssetAuditorEncryptionKey and hasUserRegistered were re-implementing logic already
in ConfidentialAssetTransactionBuilder and viewFunctions.ts, with stale Move function
names (get_auditor, has_confidential_asset_store). Both now delegate to the canonical
implementations.

rotateEncryptionKey: fix missing freeze when pending balance is already zero. The
on-chain entry function requires incoming transfers to be paused; the condition is now
pendingBalance() > 0 || !isFrozen.

Misc: remove SIGMA_PROOF_KEY_ROTATION_SIZE, unused numberToBytesLE and MODULE_NAME imports.
@alinush
replace freeze with pause
4156b07
@alinush
remove legacy sigma protocol code
15861be
@alinush
rename rotate_encryption_key* funcs
de51e42
@alinush
keep up with Move refactoring of entry function interface and proof s…
9b78abf 
…tructs
@alinush
[e2e-tested] add global auditor
1448a4f
@alinush
do not start localnet automatically for confidential assets (TODO: fo…
cca4eaa 
…r now; remove later)
@alinush alinush force-pushed the alin/confidential-assets-v1.1 branch from 90ef6bb to cca4eaa Compare March 2, 2026 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alinush