feat: adding tags to encrypted logs

noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr

@@ -1,9 +1,9 @@
 use dep::protocol_types::{
     address::AztecAddress,
     constants::{GENERATOR_INDEX__SYMMETRIC_KEY, PRIVATE_LOG_SIZE_IN_BYTES},
-    hash::poseidon2_hash_with_separator,
+    hash::{poseidon2_hash, poseidon2_hash_with_separator},
     point::Point,
-    public_keys::OvpkM,
+    public_keys::{AddressPoint, OvpkM},
     scalar::Scalar,
 };
 use std::{
@@ -13,10 +13,10 @@ use std::{
 
 use crate::{
     encrypted_logs::header::EncryptedLogHeader,
-    keys::point_to_symmetric_key::point_to_symmetric_key, oracle::random::random,
+    keys::point_to_symmetric_key::point_to_symmetric_key,
+    oracle::{notes::{get_app_tagging_secret, increment_app_tagging_secret}, random::random},
     utils::point::point_to_bytes,
 };
-use protocol_types::public_keys::AddressPoint;
 
 pub comptime global PRIVATE_LOG_OVERHEAD_IN_BYTES: u32 = 304;
 
@@ -125,8 +125,16 @@ fn compute_encrypted_log<let P: u32, let M: u32>(
     let mut encrypted_bytes = [0; M];
     let mut offset = 0;
 
-    // @todo We ignore the tags for now
-    // incoming_tag
+    let tagging_secret = unsafe { get_app_tagging_secret(sender, recipient) };
+
+    unsafe { increment_app_tagging_secret(sender, recipient); };
+
+    let tag = tagging_secret.compute_tag();
+    let tag_bytes: [u8; 32] = tag.to_be_bytes();
+
+    for i in 0..32 {
+        encrypted_bytes[offset + i] = tag_bytes[i];
+    }
     offset += 32;
 
     // eph_pk
@@ -324,6 +332,14 @@ mod test {
             0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
         );
 
+        let _ = OracleMock::mock("getAppTaggingSecret").returns([
+            69420,
+            0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70c,
+            1337,
+        ]);
+
+        let _ = OracleMock::mock("incrementAppTaggingSecret");
+
         let log = compute_private_log_payload(
             contract_address,
             ovsk_app,
@@ -336,36 +352,37 @@ mod test {
         // The following value was generated by `encrypted_log_payload.test.ts`
         // --> Run the test with AZTEC_GENERATE_TEST_DATA=1 flag to update test data.
         let encrypted_log_from_typescript = [
-            0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-            0, 0, 0, 141, 70, 12, 14, 67, 77, 132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55,
-            111, 242, 123, 221, 193, 170, 202, 225, 216, 86, 84, 159, 112, 31, 167, 5, 119, 121, 10,
-            234, 188, 194, 216, 30, 200, 208, 201, 158, 127, 93, 43, 242, 241, 69, 32, 37, 220, 119,
-            122, 23, 132, 4, 248, 81, 217, 61, 232, 24, 146, 63, 133, 24, 120, 113, 217, 155, 223,
-            149, 214, 149, 239, 240, 169, 224, 155, 161, 81, 83, 252, 155, 77, 34, 75, 110, 30, 113,
-            223, 189, 202, 171, 6, 192, 157, 91, 60, 116, 155, 254, 190, 28, 4, 7, 236, 205, 4, 245,
-            27, 187, 89, 20, 38, 128, 200, 160, 145, 185, 127, 198, 203, 207, 97, 246, 194, 175,
-            155, 142, 188, 143, 120, 83, 122, 178, 63, 208, 197, 232, 24, 228, 212, 45, 69, 157, 38,
-            90, 219, 119, 194, 239, 130, 155, 246, 143, 135, 242, 196, 123, 71, 139, 181, 122, 231,
-            228, 26, 7, 100, 63, 101, 195, 83, 8, 61, 85, 123, 148, 227, 29, 164, 162, 161, 49, 39,
-            73, 141, 46, 179, 240, 52, 109, 165, 238, 210, 233, 188, 36, 90, 175, 2, 42, 149, 78,
-            208, 176, 145, 50, 180, 152, 245, 55, 112, 40, 153, 180, 78, 54, 102, 119, 98, 56, 235,
-            246, 51, 179, 86, 45, 127, 18, 77, 187, 168, 41, 24, 232, 113, 149, 138, 148, 33, 143,
-            215, 150, 188, 105, 131, 254, 236, 199, 206, 56, 44, 130, 134, 29, 99, 254, 69, 153,
-            146, 68, 234, 148, 148, 178, 38, 221, 182, 103, 252, 139, 7, 246, 132, 29, 232, 78, 102,
-            126, 28, 136, 8, 219, 180, 162, 14, 62, 71, 118, 40, 147, 93, 87, 188, 231, 32, 93, 56,
-            193, 194, 197, 120, 153, 164, 139, 114, 18, 149, 2, 226, 19, 170, 250, 249, 128, 56,
-            236, 93, 14, 101, 115, 20, 173, 73, 192, 53, 229, 7, 23, 59, 11, 176, 9, 147, 175, 168,
-            206, 48, 127, 126, 76, 51, 211, 66, 232, 16, 132, 243, 14, 196, 181, 118, 12, 71, 236,
-            250, 253, 71, 249, 122, 30, 23, 23, 19, 89, 47, 193, 69, 240, 164, 34, 128, 110, 13,
-            133, 198, 7, 165, 14, 31, 239, 210, 146, 78, 67, 86, 32, 159, 244, 214, 246, 121, 246,
-            233, 252, 20, 131, 221, 28, 146, 222, 119, 222, 162, 250, 252, 189, 18, 147, 12, 142,
-            177, 222, 178, 122, 248, 113, 197, 40, 199, 152, 251, 91, 81, 243, 25, 156, 241, 141,
-            60, 12, 99, 103, 169, 97, 32, 112, 37, 244, 255, 126, 46, 114, 226, 113, 223, 249, 27,
-            3, 31, 41, 233, 28, 8, 23, 84, 99, 25, 186, 65, 33, 9, 35, 74, 16, 52, 169, 48, 161,
-            134, 233, 242, 136, 39, 162, 105, 205, 43, 253, 183, 36, 138, 186, 87, 31, 7, 248, 125,
-            227, 193, 172, 155, 98, 33, 61, 186, 158, 241, 192, 23, 28, 186, 100, 222, 174, 19, 64,
-            224, 113, 251, 143, 45, 152, 81, 67, 116, 16, 95, 189, 83, 31, 124, 39, 155, 142, 66, 0,
-            120, 197, 221, 161, 62, 75, 192, 255, 186, 200, 10, 135, 7,
+            14, 156, 255, 195, 221, 215, 70, 175, 251, 2, 65, 13, 143, 10, 130, 62, 137, 147, 151,
+            133, 188, 200, 232, 142, 228, 243, 202, 224, 94, 115, 124, 54, 141, 70, 12, 14, 67, 77,
+            132, 110, 193, 234, 40, 110, 64, 144, 235, 86, 55, 111, 242, 123, 221, 193, 170, 202,
+            225, 216, 86, 84, 159, 112, 31, 167, 5, 119, 121, 10, 234, 188, 194, 216, 30, 200, 208,
+            201, 158, 127, 93, 43, 242, 241, 69, 32, 37, 220, 119, 122, 23, 132, 4, 248, 81, 217,
+            61, 232, 24, 146, 63, 133, 24, 120, 113, 217, 155, 223, 149, 214, 149, 239, 240, 169,
+            224, 155, 161, 81, 83, 252, 155, 77, 34, 75, 110, 30, 113, 223, 189, 202, 171, 6, 192,
+            157, 91, 60, 116, 155, 254, 190, 28, 4, 7, 236, 205, 4, 245, 27, 187, 89, 20, 38, 128,
+            200, 160, 145, 185, 127, 198, 203, 207, 97, 246, 194, 175, 155, 142, 188, 143, 120, 83,
+            122, 178, 63, 208, 197, 232, 24, 228, 212, 45, 69, 157, 38, 90, 219, 119, 194, 239, 130,
+            155, 246, 143, 135, 242, 196, 123, 71, 139, 181, 122, 231, 228, 26, 7, 100, 63, 101,
+            195, 83, 8, 61, 85, 123, 148, 227, 29, 164, 162, 161, 49, 39, 73, 141, 46, 179, 240, 52,
+            109, 165, 238, 210, 233, 188, 36, 90, 175, 2, 42, 149, 78, 208, 176, 145, 50, 180, 152,
+            245, 55, 112, 40, 153, 180, 78, 54, 102, 119, 98, 56, 235, 246, 51, 179, 86, 45, 127,
+            18, 77, 187, 168, 41, 24, 232, 113, 149, 138, 148, 33, 143, 215, 150, 188, 105, 131,
+            254, 236, 199, 206, 56, 44, 130, 134, 29, 99, 254, 69, 153, 146, 68, 234, 148, 148, 178,
+            38, 221, 182, 103, 252, 139, 7, 246, 132, 29, 232, 78, 102, 126, 28, 136, 8, 219, 180,
+            162, 14, 62, 71, 118, 40, 147, 93, 87, 188, 231, 32, 93, 56, 193, 194, 197, 120, 153,
+            164, 139, 114, 18, 149, 2, 226, 19, 170, 250, 249, 128, 56, 236, 93, 14, 101, 115, 20,
+            173, 73, 192, 53, 229, 7, 23, 59, 11, 176, 9, 147, 175, 168, 206, 48, 127, 126, 76, 51,
+            211, 66, 232, 16, 132, 243, 14, 196, 181, 118, 12, 71, 236, 250, 253, 71, 249, 122, 30,
+            23, 23, 19, 89, 47, 193, 69, 240, 164, 34, 128, 110, 13, 133, 198, 7, 165, 14, 31, 239,
+            210, 146, 78, 67, 86, 32, 159, 244, 214, 246, 121, 246, 233, 252, 20, 131, 221, 28, 146,
+            222, 119, 222, 162, 250, 252, 189, 18, 147, 12, 142, 177, 222, 178, 122, 248, 113, 197,
+            40, 199, 152, 251, 91, 81, 243, 25, 156, 241, 141, 60, 12, 99, 103, 169, 97, 32, 112,
+            37, 244, 255, 126, 46, 114, 226, 113, 223, 249, 27, 3, 31, 41, 233, 28, 8, 23, 84, 99,
+            25, 186, 65, 33, 9, 35, 74, 16, 52, 169, 48, 161, 134, 233, 242, 136, 39, 162, 105, 205,
+            43, 253, 183, 36, 138, 186, 87, 31, 7, 248, 125, 227, 193, 172, 155, 98, 33, 61, 186,
+            158, 241, 192, 23, 28, 186, 100, 222, 174, 19, 64, 224, 113, 251, 143, 45, 152, 81, 67,
+            116, 16, 95, 189, 83, 31, 124, 39, 155, 142, 66, 0, 120, 197, 221, 161, 62, 75, 192,
+            255, 186, 200, 10, 135, 7,
         ];
         assert_eq(encrypted_log_from_typescript, log);
     }

noir-projects/noir-contracts/contracts/child_contract/src/main.nr

@@ -63,7 +63,7 @@ contract Child {
             &mut context,
             owner_ovpk_m,
             owner,
-            context.msg_sender(),
+            owner,
         ));
         new_value
     }

noir-projects/noir-contracts/contracts/counter_contract/src/main.nr

@@ -38,7 +38,7 @@ contract Counter {
             );
         }
         let counters = storage.counters;
-        counters.at(owner).add(1, owner, outgoing_viewer, context.msg_sender());
+        counters.at(owner).add(1, owner, outgoing_viewer, outgoing_viewer);
     }
     // docs:end:increment
     // docs:start:get_counter

noir-projects/noir-contracts/contracts/stateful_test_contract/src/main.nr

@@ -45,7 +45,7 @@ contract StatefulTest {
     fn create_note(owner: AztecAddress, outgoing_viewer: AztecAddress, value: Field) {
         if (value != 0) {
             let loc = storage.notes.at(owner);
-            increment(loc, value, owner, outgoing_viewer, context.msg_sender());
+            increment(loc, value, owner, outgoing_viewer, outgoing_viewer);
         }
     }
 
@@ -54,7 +54,7 @@ contract StatefulTest {
     fn create_note_no_init_check(owner: AztecAddress, outgoing_viewer: AztecAddress, value: Field) {
         if (value != 0) {
             let loc = storage.notes.at(owner);
-            increment(loc, value, owner, outgoing_viewer, context.msg_sender());
+            increment(loc, value, owner, outgoing_viewer, outgoing_viewer);
         }
     }
 

noir-projects/noir-contracts/contracts/static_child_contract/src/main.nr

@@ -71,7 +71,7 @@ contract StaticChild {
             &mut context,
             outgoing_viewer_ovpk_m,
             owner,
-            context.msg_sender(),
+            outgoing_viewer,
         ));
         new_value
     }

noir-projects/noir-contracts/contracts/test_contract/src/main.nr

@@ -109,7 +109,7 @@ contract Test {
             &mut context,
             outgoing_viewer_ovpk_m,
             owner,
-            context.msg_sender(),
+            outgoing_viewer,
         ));
     }
 
@@ -346,7 +346,7 @@ contract Test {
             &mut context,
             msg_sender_ovpk_m,
             owner,
-            context.msg_sender(),
+            outgoing_viewer,
         ));
         storage_slot += 1;
         Test::at(context.this_address())

noir-projects/noir-protocol-circuits/crates/types/src/indexed_tagging_secret.nr

@@ -1,5 +1,5 @@
 use crate::traits::{Deserialize, Serialize};
-use super::address::aztec_address::AztecAddress;
+use super::{address::aztec_address::AztecAddress, hash::poseidon2_hash};
 use std::meta::derive;
 
 pub global INDEXED_TAGGING_SECRET_LENGTH: u32 = 3;
@@ -10,3 +10,11 @@ pub struct IndexedTaggingSecret {
     recipient: AztecAddress,
     index: u32,
 }
+
+impl IndexedTaggingSecret {
+    pub fn compute_tag(self) -> Field {
+        poseidon2_hash(
+            [self.secret, self.recipient.to_field(), self.index as Field],
+        )
+    }
+}

yarn-project/circuit-types/src/logs/l1_payload/encrypted_log_payload.test.ts

@@ -1,6 +1,7 @@
 import {
   AztecAddress,
   CompleteAddress,
+  IndexedTaggingSecret,
   KeyValidationRequest,
   PRIVATE_LOG_SIZE_IN_BYTES,
   computeAddressSecret,
@@ -112,7 +113,23 @@ describe('EncryptedLogPayload', () => {
       '00000001301640ceea758391b2e161c92c0513f129020f4125256afdae2646ce31099f5c10f48cd9eff7ae5b209c557c70de2e657ee79166868676b787e9417e19260e040fe46be583b71f4ab5b70c2657ff1d05cccf1d292a9369628d1a194f944e659900001027',
       'hex',
     );
-    const log = new EncryptedLogPayload(new Fr(0), contract, plaintext);
+
+    // We set a random secret, as it is simply the result of an oracle call, and we are not actually computing this in nr.
+    const logTag = new IndexedTaggingSecret(
+      new Fr(69420),
+      AztecAddress.fromBigInt(0x25afb798ea6d0b8c1618e50fdeafa463059415013d3b7c75d46abf5e242be70cn),
+      1337,
+    ).computeTag();
+    const tagString = logTag.toString().slice(2);
+
+    let byteArrayString = `[${tagString.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`;
+    updateInlineTestData(
+      'noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr',
+      'tag_from_typescript',
+      byteArrayString,
+    );
+
+    const log = new EncryptedLogPayload(logTag, contract, plaintext);
 
     const ovskM = new GrumpkinScalar(0x1d7f6b3c491e99f32aad05c433301f3a2b4ed68de661ff8255d275ff94de6fc4n);
     const ovKeys = getKeyValidationRequest(ovskM, contract);
@@ -138,11 +155,11 @@ describe('EncryptedLogPayload', () => {
 
     const encryptedStr = encrypted.toString('hex');
     expect(encryptedStr).toMatchInlineSnapshot(
-      `"00000000000000000000000000000000000000000000000000000000000000008d460c0e434d846ec1ea286e4090eb56376ff27bddc1aacae1d856549f701fa70577790aeabcc2d81ec8d0c99e7f5d2bf2f1452025dc777a178404f851d93de818923f85187871d99bdf95d695eff0a9e09ba15153fc9b4d224b6e1e71dfbdcaab06c09d5b3c749bfebe1c0407eccd04f51bbb59142680c8a091b97fc6cbcf61f6c2af9b8ebc8f78537ab23fd0c5e818e4d42d459d265adb77c2ef829bf68f87f2c47b478bb57ae7e41a07643f65c353083d557b94e31da4a2a13127498d2eb3f0346da5eed2e9bc245aaf022a954ed0b09132b498f537702899b44e3666776238ebf633b3562d7f124dbba82918e871958a94218fd796bc6983feecc7ce382c82861d63fe45999244ea9494b226ddb667fc8b07f6841de84e667e1c8808dbb4a20e3e477628935d57bce7205d38c1c2c57899a48b72129502e213aafaf98038ec5d0e657314ad49c035e507173b0bb00993afa8ce307f7e4c33d342e81084f30ec4b5760c47ecfafd47f97a1e171713592fc145f0a422806e0d85c607a50e1fefd2924e4356209ff4d6f679f6e9fc1483dd1c92de77dea2fafcbd12930c8eb1deb27af871c528c798fb5b51f3199cf18d3c0c6367a961207025f4ff7e2e72e271dff91b031f29e91c0817546319ba412109234a1034a930a186e9f28827a269cd2bfdb7248aba571f07f87de3c1ac9b62213dba9ef1c0171cba64deae1340e071fb8f2d98514374105fbd531f7c279b8e420078c5dda13e4bc0ffbac80a8707"`,
+      `"0e9cffc3ddd746affb02410d8f0a823e89939785bcc8e88ee4f3cae05e737c368d460c0e434d846ec1ea286e4090eb56376ff27bddc1aacae1d856549f701fa70577790aeabcc2d81ec8d0c99e7f5d2bf2f1452025dc777a178404f851d93de818923f85187871d99bdf95d695eff0a9e09ba15153fc9b4d224b6e1e71dfbdcaab06c09d5b3c749bfebe1c0407eccd04f51bbb59142680c8a091b97fc6cbcf61f6c2af9b8ebc8f78537ab23fd0c5e818e4d42d459d265adb77c2ef829bf68f87f2c47b478bb57ae7e41a07643f65c353083d557b94e31da4a2a13127498d2eb3f0346da5eed2e9bc245aaf022a954ed0b09132b498f537702899b44e3666776238ebf633b3562d7f124dbba82918e871958a94218fd796bc6983feecc7ce382c82861d63fe45999244ea9494b226ddb667fc8b07f6841de84e667e1c8808dbb4a20e3e477628935d57bce7205d38c1c2c57899a48b72129502e213aafaf98038ec5d0e657314ad49c035e507173b0bb00993afa8ce307f7e4c33d342e81084f30ec4b5760c47ecfafd47f97a1e171713592fc145f0a422806e0d85c607a50e1fefd2924e4356209ff4d6f679f6e9fc1483dd1c92de77dea2fafcbd12930c8eb1deb27af871c528c798fb5b51f3199cf18d3c0c6367a961207025f4ff7e2e72e271dff91b031f29e91c0817546319ba412109234a1034a930a186e9f28827a269cd2bfdb7248aba571f07f87de3c1ac9b62213dba9ef1c0171cba64deae1340e071fb8f2d98514374105fbd531f7c279b8e420078c5dda13e4bc0ffbac80a8707"`,
     );
 
     // Run with AZTEC_GENERATE_TEST_DATA=1 to update noir test data
-    const byteArrayString = `[${encryptedStr.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`;
+    byteArrayString = `[${encryptedStr.match(/.{1,2}/g)!.map(byte => parseInt(byte, 16))}]`;
     updateInlineTestData(
       'noir-projects/aztec-nr/aztec/src/encrypted_logs/payload.nr',
       'encrypted_log_from_typescript',

yarn-project/circuits.js/src/structs/tagging_secret.ts

@@ -1,4 +1,5 @@
 import { AztecAddress } from '@aztec/foundation/aztec-address';
+import { poseidon2Hash } from '@aztec/foundation/crypto';
 import { Fr } from '@aztec/foundation/fields';
 
 export class TaggingSecret {
@@ -25,4 +26,8 @@ export class IndexedTaggingSecret extends TaggingSecret {
   static fromTaggingSecret(directionalSecret: TaggingSecret, index: number) {
     return new this(directionalSecret.secret, directionalSecret.recipient, index);
   }
+
+  computeTag() {
+    return poseidon2Hash([this.secret, this.recipient, this.index]);
+  }
 }

yarn-project/pxe/src/simulator_oracle/index.ts

@@ -333,9 +333,7 @@ export class SimulatorOracle implements DBOracle {
     const logs: EncryptedL2NoteLog[] = [];
     while (appTaggingSecrets.length > 0) {
       // 2. Compute tags using the secrets, recipient and index. Obtain logs for each tag (#9380)
-      const currentTags = appTaggingSecrets.map(({ secret, recipient, index }) =>
-        poseidon2Hash([secret, recipient, index]),
-      );
+      const currentTags = appTaggingSecrets.map(taggingSecret => taggingSecret.computeTag());
       const logsByTags = await this.aztecNode.getLogsByTags(currentTags);
       const newTaggingSecrets: IndexedTaggingSecret[] = [];
       logsByTags.forEach((logsByTag, index) => {

yarn-project/simulator/src/client/private_execution.test.ts

@@ -19,13 +19,15 @@ import {
   GeneratorIndex,
   type GrumpkinScalar,
   Header,
+  IndexedTaggingSecret,
   KeyValidationRequest,
   L1_TO_L2_MSG_TREE_HEIGHT,
   NOTE_HASH_TREE_HEIGHT,
   PUBLIC_DATA_TREE_HEIGHT,
   PUBLIC_DISPATCH_SELECTOR,
   PartialStateReference,
   StateReference,
+  TaggingSecret,
   TxContext,
   computeAppNullifierSecretKey,
   computeOvskApp,
@@ -257,6 +259,13 @@ describe('Private Execution test suite', () => {
       throw new Error(`Unknown address: ${address}. Recipient: ${recipient}, Owner: ${owner}`);
     });
 
+    oracle.getAppTaggingSecret.mockImplementation(
+      (_contractAddress: AztecAddress, _sender: AztecAddress, recipient: AztecAddress) => {
+        const directionalSecret = new TaggingSecret(Fr.random(), recipient);
+        return Promise.resolve(IndexedTaggingSecret.fromTaggingSecret(directionalSecret, 0));
+      },
+    );
+
     node = mock<AztecNode>();
     // eslint-disable-next-line @typescript-eslint/no-unused-vars
     node.getPublicStorageAt.mockImplementation((address: Fr, storageSlot: Fr, blockNumber: L2BlockNumber) => {