[program] Re-order confidential mint burn ciphertexts to dest/src, supply, then auditor

[samkim-crypto]

Problem

Auditor ciphertexts for the confidential mint and burn amounts were added to instruction data in solana-labs/solana-program-library#7480. In the processor logic for confidential mint and burn, the auditor ciphertext that is included in the instruction data should be checked whether it corresponds to the auditor ciphertext in the proof data.

Currently, the wrong component of the grouped ciphertext is checked. A grouped ElGamal ciphertext for the confidential mint and confidential burn amounts have the second component correspond to the "auditor" component. However, the third component that corresponds to the confidential "supply" is checked for consistency instead.

Summary of Changes

A simple fix is to just update the processor logic to check the consistency of the second component of the ciphertexts. However, as suggested in #128, I swapped the order of the auditor and supply ciphertext components in the proof data as suggested in #128. This way, the auditor ciphertext component is always third in grouped ciphertexts in confidential transfer, confidential transfer with fee, and confidential mint burn extensions, which could prevent confusion.

Fixes #128.

[joncinque]

Sorry if this is wrong, but shouldn't you then be using the ciphertexts at position 1 in

token-2022/program/src/extension/confidential_mint_burn/processor.rs

Lines 394 to 405 in 3fac5c5

	mint_burn_extension.confidential_supply = ciphertext_arithmetic::subtract_with_lo_hi(
	&current_supply,
	&proof_context
	.burn_amount_ciphertext_lo
	.try_extract_ciphertext(2)
	.map_err(|_| ProgramError::InvalidAccountData)?,
	&proof_context
	.burn_amount_ciphertext_hi
	.try_extract_ciphertext(2)
	.map_err(|_| ProgramError::InvalidAccountData)?,
	)
	.ok_or(TokenError::CiphertextArithmeticFailed)?;

and

token-2022/program/src/extension/confidential_mint_burn/processor.rs

Lines 259 to 270 in 3fac5c5

	mint_burn_extension.confidential_supply = ciphertext_arithmetic::add_with_lo_hi(
	&current_supply,
	&proof_context
	.mint_amount_ciphertext_lo
	.try_extract_ciphertext(2)
	.map_err(|_| ProgramError::InvalidAccountData)?,
	&proof_context
	.mint_amount_ciphertext_hi
	.try_extract_ciphertext(2)
	.map_err(|_| ProgramError::InvalidAccountData)?,
	)
	.ok_or(TokenError::CiphertextArithmeticFailed)?;

?

[samkim-crypto]

Oh no! I missed this part. Thanks for the catch 🙏 !

I think the problem is that the current tests do not check whether the current supply is updated correctly. I will update the tests to account for this...

[samkim-crypto]

I fixed the supply update and I added the relevant checks in the tests!

[joncinque]

Looks great!