Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
- [BREAKING] Moved asset callback flag from asset vault key to account ID, making it immutable ([#3167](https://github.com/0xMiden/protocol/pull/3167)).
- [BREAKING] Added `@account_procedure` attribute to mark which procedures should be included in the account component interface ([#3171](https://github.com/0xMiden/protocol/pull/3171)).
- Documented that the `ecdsa_k256_keccak` authentication scheme discloses the signer's public key and signature at proving time via precompile calldata ([#3178](https://github.com/0xMiden/protocol/pull/3178)).
- Optimized the multisig auth component MASM (unconditional loop entry where the counter is guaranteed non-zero, single-step `scheme_id` extraction in `get_signer_at`, and a stack read instead of a local reload in `update_signers_and_threshold`), and documented that growing the signer set does not re-scale existing per-procedure threshold overrides ([#3211](https://github.com/0xMiden/protocol/pull/3211)).
- Renamed the `Authority` config value slot, expressed the authority kind as a MASM `enum Authority : u8`, and enforced the canonical config-word encoding on read ([#3209](https://github.com/0xMiden/protocol/pull/3209)).
- Unified procedure ordering and document sender-based access control's authentication assumption in the `ownable2step` and `rbac` access control modules ([#3205](https://github.com/0xMiden/protocol/pull/3205)).
- [BREAKING] Updated `BlockHeader` to support multiple validator keys and added `ValidatorKeys` and `BlockSignatures` types ([#3174](https://github.com/0xMiden/protocol/pull/3174)).
Expand All @@ -96,6 +97,7 @@
- [BREAKING] Fixed batch ID being serialized/deserialized and potentially not matching the serialized transaction headers ([#3061](https://github.com/0xMiden/protocol/pull/3061)).
- Simplified the `ownable2step` ownership transitions ([#3170](https://github.com/0xMiden/protocol/pull/3170)).
- Fixed `note_script_allowlist::assert_all_input_notes_allowed` and `tx_script_allowlist::assert_tx_script_allowed` to read the allowlist from the transaction's initial storage state via `active_account::get_initial_map_item` ([#3182](https://github.com/0xMiden/protocol/pull/3182)).
- Fixed `set_procedure_threshold` now asserts `PROC_ROOT` is one of the account's procedures (`ERR_PROC_ROOT_NOT_IN_ACCOUNT`) before storing an override, and corrected the inaccurate `assert_new_tx`, `update_signers_and_threshold`, and `get_signer_at` stack-layout and advice-map comments ([#3211](https://github.com/0xMiden/protocol/pull/3211)).

## v0.15.2 (2026-06-05)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,6 @@ pub proc auth_tx_guarded_multisig(salt: word)
exec.guardian::verify_signature
# => [TX_SUMMARY_COMMITMENT]

exec.multisig::assert_new_tx
exec.multisig::record_and_assert_new_tx
# => []
end
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ pub proc auth_tx_multisig(salt: word)
exec.multisig::auth_tx
# => [TX_SUMMARY_COMMITMENT]

exec.multisig::assert_new_tx
exec.multisig::record_and_assert_new_tx
# => []
end
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ pub proc auth_tx_multisig_smart(salt: word)
exec.multisig_smart::auth_tx
# => [TX_SUMMARY_COMMITMENT]

exec.multisig::assert_new_tx
exec.multisig::record_and_assert_new_tx
# => []
end
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ const ALLOWED_TX_SCRIPTS_SLOT = word("miden::standards::auth::network_account::a
#! If both checks pass, the nonce is incremented when the account state changed or the account is
#! new, matching the behavior of the NoAuth and SingleSig components.
#!
#! Inputs: [pad(16)]
#! Inputs: [AUTH_ARGS, pad(12)]
#! Outputs: [pad(16)]
#!
#! Invocation: call
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ use miden::core::word
#! This avoids unnecessary nonce increments for transactions that don't modify
#! the account state.
#!
#! Inputs: [pad(16)]
#! Inputs: [AUTH_ARGS, pad(12)]
#! Outputs: [pad(16)]
#!
#! Invocation: call
@auth_script
pub proc auth_no_auth
Comment thread
PhilippGackstatter marked this conversation as resolved.
# check if the account state has changed by comparing initial and final commitments
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,13 @@ pub proc auth_tx(auth_args: word)
# ---------------------------------------------------------------------------------------------

push.PUBLIC_KEY_SLOT[0..2] exec.active_account::get_initial_item
# => [PUB_KEY, pad(16)]
# => [PK_COMM, pad(16)]

push.SCHEME_ID_SLOT[0..2] exec.active_account::get_initial_item
# => [scheme_id, 0, 0, 0, PUB_KEY, pad(16)]
# => [scheme_id, 0, 0, 0, PK_COMM, pad(16)]

movdn.7 drop drop drop
# => [PUB_KEY, scheme_id, pad(16)]
# => [PK_COMM, scheme_id, pad(16)]

exec.signature::authenticate_transaction
# => [pad(16)]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,14 @@ pub proc auth_tx_acl(auth_args: word)
if.true
# Fetch public key from storage.
push.PUBLIC_KEY_SLOT[0..2] exec.active_account::get_initial_item
# => [PUB_KEY, pad(16)]
# => [PK_COMM, pad(16)]

# Fetch scheme_id from storage
push.SCHEME_ID_SLOT[0..2] exec.active_account::get_initial_item
# => [[scheme_id, 0, 0, 0], PUB_KEY, pad(16)]
# => [[scheme_id, 0, 0, 0], PK_COMM, pad(16)]

movdn.7 drop drop drop
# => [PUB_KEY, scheme_id, pad(16)]
# => [PK_COMM, scheme_id, pad(16)]

exec.signature::authenticate_transaction
else
Expand Down
10 changes: 5 additions & 5 deletions crates/miden-standards/asm/standards/auth/guardian.masm
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ pub proc update_guardian_public_key(new_guardian_scheme_id: felt, new_guardian_p
# => [GUARDIAN_MAP_KEY, NEW_GUARDIAN_PUBLIC_KEY]

push.GUARDIAN_PUBLIC_KEYS_SLOT[0..2]
# => [guardian_pubkeys_slot_prefix, guardian_pubkeys_slot_suffix,
# => [guardian_pubkeys_slot_suffix, guardian_pubkeys_slot_prefix,
# GUARDIAN_MAP_KEY, NEW_GUARDIAN_PUBLIC_KEY]

exec.native_account::set_map_item
Expand All @@ -97,7 +97,7 @@ pub proc update_guardian_public_key(new_guardian_scheme_id: felt, new_guardian_p
# => [GUARDIAN_MAP_KEY, NEW_GUARDIAN_SCHEME_ID_WORD]

push.GUARDIAN_SCHEME_ID_SLOT[0..2]
# => [guardian_scheme_slot_prefix, guardian_scheme_slot_suffix,
# => [guardian_scheme_slot_suffix, guardian_scheme_slot_prefix,
# GUARDIAN_MAP_KEY, NEW_GUARDIAN_SCHEME_ID_WORD]

exec.native_account::set_map_item
Expand Down Expand Up @@ -140,11 +140,11 @@ pub proc verify_signature(msg: word)
# => [1, MSG]

push.GUARDIAN_PUBLIC_KEYS_SLOT[0..2]
# => [guardian_pubkeys_slot_prefix, guardian_pubkeys_slot_suffix, 1, MSG]
# => [guardian_pubkeys_slot_suffix, guardian_pubkeys_slot_prefix, 1, MSG]

push.GUARDIAN_SCHEME_ID_SLOT[0..2]
# => [guardian_scheme_slot_prefix, guardian_scheme_slot_suffix,
# guardian_pubkeys_slot_prefix, guardian_pubkeys_slot_suffix, 1, MSG]
# => [guardian_scheme_slot_suffix, guardian_scheme_slot_prefix,
# guardian_pubkeys_slot_suffix, guardian_pubkeys_slot_prefix, 1, MSG]

exec.signature::verify_signatures
# => [num_verified_signatures, MSG]
Expand Down
Loading
Loading