Skip to main content

miden_standards/account/auth/
singlesig.rs

1use miden_protocol::Word;
2use miden_protocol::account::auth::{AuthScheme, PublicKey};
3use miden_protocol::account::component::{
4    AccountComponentCode,
5    AccountComponentMetadata,
6    SchemaType,
7    StorageSchema,
8    StorageSlotSchema,
9};
10use miden_protocol::account::{
11    AccountComponent,
12    AccountComponentName,
13    StorageSlot,
14    StorageSlotName,
15};
16use miden_protocol::crypto::dsa::{ecdsa_k256_keccak, falcon512_poseidon2};
17use miden_protocol::utils::sync::LazyLock;
18
19use super::Approver;
20use crate::account::account_component_code;
21
22account_component_code!(SINGLESIG_CODE, "miden-standards-auth-singlesig.masp");
23
24// CONSTANTS
25// ================================================================================================
26
27static PUBKEY_SLOT_NAME: LazyLock<StorageSlotName> = LazyLock::new(|| {
28    StorageSlotName::new("miden::standards::auth::singlesig::pub_key")
29        .expect("storage slot name should be valid")
30});
31
32static SCHEME_ID_SLOT_NAME: LazyLock<StorageSlotName> = LazyLock::new(|| {
33    StorageSlotName::new("miden::standards::auth::singlesig::scheme")
34        .expect("storage slot name should be valid")
35});
36
37/// An [`AccountComponent`] implementing the signature scheme for authentication
38/// of transactions.
39///
40/// This component exports `auth_tx`, which loads the public key and signature scheme id from
41/// storage and delegates transaction authentication to
42/// `miden::standards::auth::signature::authenticate_transaction`.
43///
44/// When linking against this component, the `miden::standards` library must be available to the
45/// assembler (which also implies availability of `miden::protocol`). This is the case when using
46/// [`CodeBuilder`][builder].
47///
48/// [builder]: crate::code_builder::CodeBuilder
49pub struct AuthSingleSig {
50    approver: Approver,
51}
52
53impl AuthSingleSig {
54    /// The name of the component.
55    pub const NAME: &'static str = "miden::standards::components::auth::singlesig";
56
57    /// Returns the canonical [`AccountComponentName`] of this component.
58    pub const fn name() -> AccountComponentName {
59        AccountComponentName::from_static_str(Self::NAME)
60    }
61
62    /// Returns the [`AccountComponentCode`] of this component.
63    pub fn code() -> &'static AccountComponentCode {
64        &SINGLESIG_CODE
65    }
66
67    /// Creates a new [`AuthSingleSig`] component with the given approver.
68    pub fn new(approver: Approver) -> Self {
69        Self { approver }
70    }
71
72    /// Creates a new [`AuthSingleSig`] component using the Falcon512Poseidon2 signature scheme.
73    ///
74    /// The public key commitment is derived from the provided Falcon512 public key.
75    pub fn falcon512_poseidon2(pub_key: falcon512_poseidon2::PublicKey) -> Self {
76        Self {
77            approver: Approver::new(pub_key.into(), AuthScheme::Falcon512Poseidon2),
78        }
79    }
80
81    /// Creates a new [`AuthSingleSig`] component using the EcdsaK256Keccak signature scheme.
82    ///
83    /// The public key commitment is derived from the provided ECDSA K256 public key.
84    ///
85    /// Note: this scheme discloses the signer's public key and signature at proving time and
86    /// therefore does not provide public-key privacy. See
87    /// [`AuthScheme::EcdsaK256Keccak`][scheme] for details, and prefer
88    /// [`falcon512_poseidon2`](Self::falcon512_poseidon2) if signer-key privacy is required.
89    ///
90    /// [scheme]: miden_protocol::account::auth::AuthScheme::EcdsaK256Keccak
91    pub fn ecdsa_k256_keccak(pub_key: ecdsa_k256_keccak::PublicKey) -> Self {
92        Self {
93            approver: Approver::new(pub_key.into(), AuthScheme::EcdsaK256Keccak),
94        }
95    }
96
97    /// Creates a new [`AuthSingleSig`] component from a [`PublicKey`].
98    ///
99    /// The authentication scheme and public key commitment are derived from the provided key.
100    pub fn from_public_key(pub_key: PublicKey) -> Self {
101        Self {
102            approver: Approver::new(pub_key.to_commitment(), pub_key.auth_scheme()),
103        }
104    }
105
106    /// Returns the approver of this component.
107    pub fn approver(&self) -> Approver {
108        self.approver
109    }
110
111    /// Returns the [`StorageSlotName`] where the public key is stored.
112    pub fn public_key_slot() -> &'static StorageSlotName {
113        &PUBKEY_SLOT_NAME
114    }
115
116    // Returns the [`StorageSlotName`] where the scheme ID is stored.
117    pub fn scheme_id_slot() -> &'static StorageSlotName {
118        &SCHEME_ID_SLOT_NAME
119    }
120
121    /// Returns the storage slot schema for the public key slot.
122    pub fn public_key_slot_schema() -> (StorageSlotName, StorageSlotSchema) {
123        (
124            Self::public_key_slot().clone(),
125            StorageSlotSchema::value("Public key commitment", SchemaType::pub_key()),
126        )
127    }
128    /// Returns the storage slot schema for the scheme ID slot.
129    pub fn auth_scheme_slot_schema() -> (StorageSlotName, StorageSlotSchema) {
130        (
131            Self::scheme_id_slot().clone(),
132            StorageSlotSchema::value("Scheme ID", SchemaType::auth_scheme()),
133        )
134    }
135
136    /// Returns the [`AccountComponentMetadata`] for this component.
137    pub fn component_metadata() -> AccountComponentMetadata {
138        let storage_schema = StorageSchema::new(vec![
139            Self::public_key_slot_schema(),
140            Self::auth_scheme_slot_schema(),
141        ])
142        .expect("storage schema should be valid");
143
144        AccountComponentMetadata::new(Self::NAME)
145            .with_description(
146                "Authentication component using ECDSA K256 Keccak or Falcon512 Poseidon2 signature scheme",
147            )
148            .with_storage_schema(storage_schema)
149    }
150}
151
152impl From<AuthSingleSig> for AccountComponent {
153    fn from(basic_signature: AuthSingleSig) -> Self {
154        let metadata = AuthSingleSig::component_metadata();
155
156        let storage_slots = vec![
157            StorageSlot::with_value(
158                AuthSingleSig::public_key_slot().clone(),
159                basic_signature.approver.pub_key().into(),
160            ),
161            StorageSlot::with_value(
162                AuthSingleSig::scheme_id_slot().clone(),
163                Word::from([basic_signature.approver.auth_scheme().as_u8(), 0, 0, 0]),
164            ),
165        ];
166
167        AccountComponent::new(AuthSingleSig::code().clone(), storage_slots, metadata).expect(
168            "singlesig component should satisfy the requirements of a valid account component",
169        )
170    }
171}