Skip to main content

miden_standards/
auth_method.rs

1use alloc::collections::BTreeSet;
2use alloc::vec::Vec;
3
4use miden_protocol::account::auth::{AuthScheme, PublicKeyCommitment};
5use miden_protocol::note::NoteScriptRoot;
6use miden_protocol::transaction::TransactionScriptRoot;
7
8/// Defines standard authentication methods supported by account auth components.
9#[derive(Debug, Clone, PartialEq, Eq)]
10pub enum AuthMethod {
11    /// A minimal authentication method that provides no cryptographic authentication.
12    ///
13    /// It only increments the nonce if the account state has actually changed during transaction
14    /// execution, avoiding unnecessary nonce increments for transactions that don't modify the
15    /// account state.
16    NoAuth,
17    /// A single-key authentication method which relies on either ECDSA or Falcon512Poseidon2
18    /// signatures.
19    SingleSig {
20        approver: (PublicKeyCommitment, AuthScheme),
21    },
22    /// A multi-signature authentication method using either ECDSA or Falcon512Poseidon2 signatures.
23    ///
24    /// Requires a threshold number of signatures from the provided public keys.
25    Multisig {
26        threshold: u32,
27        approvers: Vec<(PublicKeyCommitment, AuthScheme)>,
28    },
29    /// An authentication method intended for network-owned accounts.
30    ///
31    /// It restricts the account to consuming only notes whose script roots are in
32    /// `allowed_script_roots` (which must be non-empty), and to executing only transaction scripts
33    /// whose roots are in `allowed_tx_script_roots`. An empty `allowed_tx_script_roots` permits no
34    /// transaction scripts.
35    NetworkAccount {
36        allowed_script_roots: BTreeSet<NoteScriptRoot>,
37        allowed_tx_script_roots: BTreeSet<TransactionScriptRoot>,
38    },
39    /// A non-standard authentication method.
40    Unknown,
41}
42
43impl AuthMethod {
44    /// Returns all public key commitments associated with this authentication method.
45    ///
46    /// For unknown methods, an empty vector is returned.
47    pub fn get_public_key_commitments(&self) -> Vec<PublicKeyCommitment> {
48        match self {
49            AuthMethod::NoAuth => Vec::new(),
50            AuthMethod::SingleSig { approver: (pub_key, _) } => vec![*pub_key],
51            AuthMethod::Multisig { approvers, .. } => {
52                approvers.iter().map(|(pub_key, _)| *pub_key).collect()
53            },
54            AuthMethod::NetworkAccount { .. } => Vec::new(),
55            AuthMethod::Unknown => Vec::new(),
56        }
57    }
58}