solana-labs · samkim-crypto · Nov 15, 2024 · Nov 11, 2024 · Nov 11, 2024 · Nov 11, 2024
diff --git a/token/cli/src/command.rs b/token/cli/src/command.rs
@@ -57,10 +57,13 @@ use {
             transfer_hook::TransferHook,
             BaseStateWithExtensions, ExtensionType, StateWithExtensionsOwned,
         },
-        solana_zk_sdk::encryption::{
-            auth_encryption::AeKey,
-            elgamal::{self, ElGamalKeypair},
-            pod::elgamal::PodElGamalPubkey,
+        solana_zk_sdk::{
+            encryption::{
+                auth_encryption::AeKey,
+                elgamal::{self, ElGamalKeypair},
+                pod::elgamal::PodElGamalPubkey,
+            },
+            zk_elgamal_proof_program::proof_data::ZkProofData,
         },
         state::{Account, AccountState, Mint},
     },
@@ -1623,6 +1626,17 @@ async fn command_transfer(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_lo
+                .try_extract_ciphertext(2)
+                .unwrap();
+            let transfer_amount_auditor_ciphertext_hi = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_hi
+                .try_extract_ciphertext(2)
+                .unwrap();
+
             // setup proofs
             let create_range_proof_context_signer = &[&range_proof_context_state_account];
             let create_equality_proof_context_signer = &[&equality_proof_context_state_account];
@@ -1670,6 +1684,8 @@ async fn command_transfer(
                     Some(&ciphertext_validity_proof_context_proof_account),
                     Some(&range_proof_context_proof_account),
                     transfer_balance,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     Some(transfer_account_info),
                     &args.sender_elgamal_keypair,
                     &args.sender_aes_key,

diff --git a/token/client/src/token.rs b/token/client/src/token.rs
@@ -51,7 +51,7 @@ use {
             encryption::{
                 auth_encryption::AeKey,
                 elgamal::{ElGamalCiphertext, ElGamalKeypair, ElGamalPubkey, ElGamalSecretKey},
-                pod::elgamal::PodElGamalPubkey,
+                pod::elgamal::{PodElGamalCiphertext, PodElGamalPubkey},
             },
             zk_elgamal_proof_program::{
                 self,
@@ -2201,6 +2201,8 @@ where
         ciphertext_validity_proof_account: Option<&ProofAccount>,
         range_proof_account: Option<&ProofAccount>,
         transfer_amount: u64,
+        transfer_amount_auditor_ciphertext_lo: Option<&PodElGamalCiphertext>,
+        transfer_amount_auditor_ciphertext_hi: Option<&PodElGamalCiphertext>,
         account_info: Option<TransferAccountInfo>,
         source_elgamal_keypair: &ElGamalKeypair,
         source_aes_key: &AeKey,
@@ -2261,6 +2263,33 @@ where
             )
         };
 
+        let (transfer_amount_auditor_ciphertext_lo, transfer_amount_auditor_ciphertext_hi) =
+            if let Some(proof_data) = ciphertext_validity_proof_data {
+                let transfer_amount_auditor_ciphertext_lo = proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                let transfer_amount_auditor_ciphertext_hi = proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                (
+                    transfer_amount_auditor_ciphertext_lo,
+                    transfer_amount_auditor_ciphertext_hi,
+                )
+            } else {
+                // the validity proof data is always generated unless
+                // `transfer_amount_auditor_ciphertext_lo` and
+                // `transfer_amount_auditor_ciphertext_hi` are `Some`, so it is
+                // safe to unwrap
+                (
+                    *transfer_amount_auditor_ciphertext_lo.unwrap(),
+                    *transfer_amount_auditor_ciphertext_hi.unwrap(),
+                )
+            };
+
         // cannot panic as long as either `proof_data` or `proof_account` is `Some(..)`,
         // which is guaranteed by the previous check
         let equality_proof_location = Self::confidential_transfer_create_proof_location(
@@ -2292,6 +2321,8 @@ where
             self.get_address(),
             destination_account,
             new_decryptable_available_balance.into(),
+            &transfer_amount_auditor_ciphertext_lo,
+            &transfer_amount_auditor_ciphertext_hi,
             source_authority,
             &multisig_signers,
             equality_proof_location,
@@ -2531,6 +2562,8 @@ where
         fee_ciphertext_validity_proof_account: Option<&ProofAccount>,
         range_proof_account: Option<&ProofAccount>,
         transfer_amount: u64,
+        transfer_amount_auditor_ciphertext_lo: Option<&PodElGamalCiphertext>,
+        transfer_amount_auditor_ciphertext_hi: Option<&PodElGamalCiphertext>,
         account_info: Option<TransferAccountInfo>,
         source_elgamal_keypair: &ElGamalKeypair,
         source_aes_key: &AeKey,
@@ -2615,6 +2648,33 @@ where
             )
         };
 
+        let (transfer_amount_auditor_ciphertext_lo, transfer_amount_auditor_ciphertext_hi) =
+            if let Some(proof_data) = transfer_amount_ciphertext_validity_proof_data {
+                let transfer_amount_auditor_ciphertext_lo = proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                let transfer_amount_auditor_ciphertext_hi = proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .map_err(|_| TokenError::ProofGeneration)?;
+                (
+                    transfer_amount_auditor_ciphertext_lo,
+                    transfer_amount_auditor_ciphertext_hi,
+                )
+            } else {
+                // the validity proof data is always generated unless
+                // `transfer_amount_auditor_ciphertext_lo` and
+                // `transfer_amount_auditor_ciphertext_hi` are `Some`, so it is
+                // safe to unwrap
+                (
+                    *transfer_amount_auditor_ciphertext_lo.unwrap(),
+                    *transfer_amount_auditor_ciphertext_hi.unwrap(),
+                )
+            };
+
         // cannot panic as long as either `proof_data` or `proof_account` is `Some(..)`,
         // which is guaranteed by the previous check
         let equality_proof_location = Self::confidential_transfer_create_proof_location(
@@ -2660,6 +2720,8 @@ where
             self.get_address(),
             destination_account,
             new_decryptable_available_balance.into(),
+            &transfer_amount_auditor_ciphertext_lo,
+            &transfer_amount_auditor_ciphertext_hi,
             source_authority,
             &multisig_signers,
             equality_proof_location,

diff --git a/token/program-2022-test/tests/confidential_transfer.rs b/token/program-2022-test/tests/confidential_transfer.rs
@@ -1321,6 +1321,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     None,
                     transfer_amount,
                     None,
+                    None,
+                    None,
                     source_elgamal_keypair,
                     source_aes_key,
                     destination_elgamal_pubkey,
@@ -1350,6 +1352,17 @@ async fn confidential_transfer_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_lo
+                .try_extract_ciphertext(2)
+                .unwrap();
+            let transfer_amount_auditor_ciphertext_hi = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_hi
+                .try_extract_ciphertext(2)
+                .unwrap();
+
             let equality_proof_record_account = Keypair::new();
             let ciphertext_validity_proof_record_account = Keypair::new();
             let range_proof_record_account = Keypair::new();
@@ -1418,6 +1431,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     Some(&ciphertext_validity_proof_account),
                     Some(&range_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -1480,6 +1495,17 @@ async fn confidential_transfer_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_lo
+                .try_extract_ciphertext(2)
+                .unwrap();
+            let transfer_amount_auditor_ciphertext_hi = ciphertext_validity_proof_data
+                .context_data()
+                .grouped_ciphertext_hi
+                .try_extract_ciphertext(2)
+                .unwrap();
+
             let equality_proof_context_account = Keypair::new();
             let ciphertext_validity_proof_context_account = Keypair::new();
             let range_proof_context_account = Keypair::new();
@@ -1542,6 +1568,8 @@ async fn confidential_transfer_with_option<S: Signers>(
                     Some(&ciphertext_validity_proof_context_proof_account),
                     Some(&range_proof_context_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -1872,6 +1900,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     None,
                     transfer_amount,
                     None,
+                    None,
+                    None,
                     source_elgamal_keypair,
                     source_aes_key,
                     destination_elgamal_pubkey,
@@ -1909,6 +1939,19 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+            let transfer_amount_auditor_ciphertext_hi =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+
             let equality_proof_record_account = Keypair::new();
             let transfer_amount_ciphertext_validity_proof_record_account = Keypair::new();
             let fee_sigma_proof_record_account = Keypair::new();
@@ -2013,6 +2056,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     Some(&fee_ciphertext_validity_proof_account),
                     Some(&range_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,
@@ -2103,6 +2148,19 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                 )
                 .unwrap();
 
+            let transfer_amount_auditor_ciphertext_lo =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_lo
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+            let transfer_amount_auditor_ciphertext_hi =
+                transfer_amount_ciphertext_validity_proof_data
+                    .context_data()
+                    .grouped_ciphertext_hi
+                    .try_extract_ciphertext(2)
+                    .unwrap();
+
             let equality_proof_context_account = Keypair::new();
             let transfer_amount_ciphertext_validity_proof_context_account = Keypair::new();
             let percentage_with_cap_proof_context_account = Keypair::new();
@@ -2200,6 +2258,8 @@ async fn confidential_transfer_with_fee_with_option<S: Signers>(
                     Some(&fee_ciphertext_validity_proof_context_proof_account),
                     Some(&range_proof_context_proof_account),
                     transfer_amount,
+                    Some(&transfer_amount_auditor_ciphertext_lo),
+                    Some(&transfer_amount_auditor_ciphertext_hi),
                     None,
                     source_elgamal_keypair,
                     source_aes_key,

diff --git a/token/program-2022-test/tests/confidential_transfer_fee.rs b/token/program-2022-test/tests/confidential_transfer_fee.rs
@@ -690,6 +690,8 @@ async fn confidential_transfer_withdraw_withheld_tokens_from_mint_with_option(
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),
@@ -1016,6 +1018,8 @@ async fn confidential_transfer_withdraw_withheld_tokens_from_accounts_with_optio
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),
@@ -1155,6 +1159,8 @@ async fn confidential_transfer_harvest_withheld_tokens_to_mint() {
             None,
             100,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),

diff --git a/token/program-2022-test/tests/transfer_hook.rs b/token/program-2022-test/tests/transfer_hook.rs
@@ -1004,6 +1004,8 @@ async fn success_confidential_transfer() {
             None,
             amount,
             None,
+            None,
+            None,
             &alice_meta.elgamal_keypair,
             &alice_meta.aes_key,
             bob_meta.elgamal_keypair.pubkey(),
-Original file line number
+Diff line change
@@ Expand Up / @@ -1004,6 +1004,8 @@ async fn success_confidential_transfer() { @@
                 None,
                 amount,
                 None,
+                None,
+                None,
                 &alice_meta.elgamal_keypair,
                 &alice_meta.aes_key,
                 bob_meta.elgamal_keypair.pubkey(),
@@ Expand Down @@