Add an ability to add blinding key to IssuanceInputConstraints

KyrylR · KyrylR · commit 04b0774aa07b · 2026-02-06T11:16:09.000+02:00
diff --git a/crates/contracts/src/sdk/finance/options/creation_option.rs b/crates/contracts/src/sdk/finance/options/creation_option.rs
@@ -165,6 +165,7 @@ pub fn build_option_creation(
                     reissuance_destination: Some((
                         options_taproot_pubkey_gen.address.script_pubkey(),
                         1,
+                        None,
                     )),
                 },
                 IssuanceInputConstraints {
@@ -173,6 +174,7 @@ pub fn build_option_creation(
                     reissuance_destination: Some((
                         options_taproot_pubkey_gen.address.script_pubkey(),
                         1,
+                        None,
                     )),
                 },
             ],
diff --git a/crates/contracts/src/sdk/issuance_validation/mod.rs b/crates/contracts/src/sdk/issuance_validation/mod.rs
@@ -1,7 +1,7 @@
 use std::collections::HashSet;
 
 use simplicityhl::elements::confidential::Value as ConfidentialValue;
-use simplicityhl::elements::secp256k1_zkp::ZERO_TWEAK;
+use simplicityhl::elements::secp256k1_zkp::{SECP256K1, SecretKey, ZERO_TWEAK};
 use simplicityhl::elements::{AssetId, Script, Transaction};
 
 /// Constraints for verifying an issuance transaction.
@@ -20,11 +20,19 @@ pub struct IssuanceInputConstraints {
     /// Index into `tx.input`.
     pub input_idx: usize,
 
-    /// Destination and amount for the issued asset.
-    pub issuance_destination: Option<(Script, u64)>,
-
-    /// Destination and amount for the reissuance token.
-    pub reissuance_destination: Option<(Script, u64)>,
+    /// Destination, amount, and optional blinding key for the issued asset.
+    ///
+    /// The tuple is `(script, amount, blinding_key)`. When `blinding_key` is `Some`,
+    /// confidential outputs are unblinded using it; if unblinding succeeds and the asset
+    /// matches, the output is accounted for, otherwise it is skipped.
+    pub issuance_destination: Option<(Script, u64, Option<SecretKey>)>,
+
+    /// Destination, amount, and optional blinding key for the reissuance token.
+    ///
+    /// The tuple is `(script, amount, blinding_key)`. When `blinding_key` is `Some`,
+    /// confidential outputs are unblinded using it; if unblinding succeeds and the asset
+    /// matches, the output is accounted for, otherwise it is skipped.
+    pub reissuance_destination: Option<(Script, u64, Option<SecretKey>)>,
 }
 
 #[derive(thiserror::Error, Debug, PartialEq, Eq)]
@@ -105,8 +113,12 @@ pub enum IssuanceVerificationError {
 ///
 /// ## Confidentiality policy
 ///
-/// - Outputs whose **asset is confidential** are ignored during verification (this verifier makes
-///   no claims about what may be hidden in confidential-asset outputs).
+/// - Each destination tuple carries an optional blinding key (the third element). When set,
+///   confidential outputs are unblinded using the key. If unblinding succeeds and the asset
+///   matches, the output is accounted for. If unblinding fails, the output is silently skipped.
+/// - When no blinding key is provided for a destination, outputs whose **asset is confidential**
+///   are ignored during verification (this verifier makes no claims about what may be hidden in
+///   confidential-asset outputs).
 /// - For constrained assets, any output with an **explicit matching asset** but a **non-explicit
 ///   value** fails verification (cannot check exact amounts).
 ///
@@ -241,13 +253,13 @@ fn verify_constrained_asset(
     tx: &Transaction,
     asset_id: AssetId,
     minted_amount: u64,
-    destination: Option<&(Script, u64)>,
+    destination: Option<&(Script, u64, Option<SecretKey>)>,
     input_idx: usize,
     kind: MintedConstraintKind,
 ) -> Result<(), IssuanceVerificationError> {
-    let (dest_script, expected_amount) = match destination {
-        Some((s, amt)) => (Some(s), *amt),
-        None => (None, 0),
+    let (dest_script, expected_amount, blinder) = match destination {
+        Some((s, amt, blinder)) => (Some(s), *amt, Option::from(blinder)),
+        None => (None, 0, None),
     };
 
     if minted_amount != expected_amount {
@@ -271,19 +283,20 @@ fn verify_constrained_asset(
         });
     }
 
-    verify_asset_destination(tx, asset_id, expected_amount, dest_script)
+    verify_asset_destination(tx, asset_id, expected_amount, dest_script, blinder)
 }
 
 fn verify_asset_destination(
     tx: &Transaction,
     asset_id: AssetId,
     expected_amount: u64,
     destination_script: Option<&Script>,
+    blinding_key: Option<&SecretKey>,
 ) -> Result<(), IssuanceVerificationError> {
     let mut sum_to_destination = 0u64;
 
     for (vout, output) in tx.output.iter().enumerate() {
-        match output.asset.explicit() {
+        let resolved = match output.asset.explicit() {
             Some(out_asset) if out_asset == asset_id => {
                 let Some(value) = output.value.explicit() else {
                     return Err(
@@ -293,24 +306,30 @@ fn verify_asset_destination(
                         },
                     );
                 };
+                Some(value)
+            }
+            _ => blinding_key
+                .and_then(|key| output.unblind(SECP256K1, *key).ok())
+                .filter(|secrets| secrets.asset == asset_id)
+                .map(|secrets| secrets.value),
+        };
 
-                let Some(dest_script) = destination_script else {
-                    return Err(IssuanceVerificationError::AssetAppearsInUnexpectedOutput {
-                        vout,
-                        asset_id,
-                    });
-                };
-
-                if output.script_pubkey != *dest_script {
-                    return Err(IssuanceVerificationError::AssetAppearsInUnexpectedOutput {
-                        vout,
-                        asset_id,
-                    });
-                }
+        if let Some(value) = resolved {
+            let Some(dest_script) = destination_script else {
+                return Err(IssuanceVerificationError::AssetAppearsInUnexpectedOutput {
+                    vout,
+                    asset_id,
+                });
+            };
 
-                sum_to_destination = sum_to_destination.saturating_add(value);
+            if output.script_pubkey != *dest_script {
+                return Err(IssuanceVerificationError::AssetAppearsInUnexpectedOutput {
+                    vout,
+                    asset_id,
+                });
             }
-            _ => {}
+
+            sum_to_destination = sum_to_destination.saturating_add(value);
         }
     }
 
@@ -435,10 +454,10 @@ mod tests {
         let constraints = IssuanceTxConstraints {
             inputs: vec![IssuanceInputConstraints {
                 input_idx: 0,
-                issuance_destination: Some((issue_script, 50)),
-                reissuance_destination: Some((token_script, 1)),
+                issuance_destination: Some((issue_script, 50, None)),
+                reissuance_destination: Some((token_script, 1, None)),
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert_eq!(verify_issuance(&tx, &constraints), Ok(()));
@@ -464,10 +483,10 @@ mod tests {
         let constraints = IssuanceTxConstraints {
             inputs: vec![IssuanceInputConstraints {
                 input_idx: 0,
-                issuance_destination: Some((issue_script, 10)),
-                reissuance_destination: Some((token_script, 1)),
+                issuance_destination: Some((issue_script, 10, None)),
+                reissuance_destination: Some((token_script, 1, None)),
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert!(matches!(
@@ -495,10 +514,10 @@ mod tests {
         let constraints = IssuanceTxConstraints {
             inputs: vec![IssuanceInputConstraints {
                 input_idx: 0,
-                issuance_destination: Some((issue_script, 10)),
-                reissuance_destination: Some((token_script, 1)),
+                issuance_destination: Some((issue_script, 10, None)),
+                reissuance_destination: Some((token_script, 1, None)),
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert!(matches!(
@@ -527,9 +546,9 @@ mod tests {
             inputs: vec![IssuanceInputConstraints {
                 input_idx: 0,
                 issuance_destination: None,
-                reissuance_destination: Some((token_script, 1)),
+                reissuance_destination: Some((token_script, 1, None)),
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert!(matches!(
@@ -547,7 +566,7 @@ mod tests {
                 issuance_destination: None,
                 reissuance_destination: None,
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert_eq!(
@@ -577,10 +596,10 @@ mod tests {
         let constraints_strict = IssuanceTxConstraints {
             inputs: vec![IssuanceInputConstraints {
                 input_idx: 0,
-                issuance_destination: Some((issue_script, 10)),
-                reissuance_destination: Some((token_script, 1)),
+                issuance_destination: Some((issue_script, 10, None)),
+                reissuance_destination: Some((token_script, 1, None)),
             }],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         assert_eq!(
@@ -621,15 +640,15 @@ mod tests {
                 IssuanceInputConstraints {
                     input_idx: 0,
                     issuance_destination: None,
-                    reissuance_destination: Some((taproot_gen.address.script_pubkey(), 1)),
+                    reissuance_destination: Some((taproot_gen.address.script_pubkey(), 1, None)),
                 },
                 IssuanceInputConstraints {
                     input_idx: 1,
                     issuance_destination: None,
-                    reissuance_destination: Some((taproot_gen.address.script_pubkey(), 1)),
+                    reissuance_destination: Some((taproot_gen.address.script_pubkey(), 1, None)),
                 },
             ],
-            allow_unconstrained_issuances: false,
+            ..Default::default()
         };
 
         verify_issuance(&tx, &constraints).map_err(|e| format!("Verification failed: {e:?}"))?;
diff --git a/crates/contracts/src/sdk/storage/transfer_from_storage_address.rs b/crates/contracts/src/sdk/storage/transfer_from_storage_address.rs
@@ -69,7 +69,7 @@ pub fn transfer_asset_with_storage(
 
     if change_amount > 0 {
         pst.add_output(Output::new_explicit(
-            change_recipient_script.clone(),
+            change_recipient_script,
             change_amount,
             fee_asset_id,
             None,
diff --git a/crates/contracts/src/smt_storage/build_witness.rs b/crates/contracts/src/smt_storage/build_witness.rs
@@ -45,7 +45,7 @@ pub struct SMTWitness {
 
 impl SMTWitness {
     #[must_use]
-    pub fn new(
+    pub const fn new(
         key: &u256,
         leaf: &u256,
         path_bits: u8,
diff --git a/crates/contracts/src/smt_storage/mod.rs b/crates/contracts/src/smt_storage/mod.rs
@@ -351,7 +351,7 @@ mod smt_storage_tests {
         let outpoint0 = OutPoint::new(Txid::from_slice(&[0; 32])?, 0);
         pst.add_input(Input::from_prevout(outpoint0));
         pst.add_output(Output::new_explicit(
-            new_script_pubkey.clone(),
+            new_script_pubkey,
             0,
             AssetId::default(),
             None,
diff --git a/crates/contracts/src/smt_storage/smt.rs b/crates/contracts/src/smt_storage/smt.rs
@@ -22,16 +22,16 @@ enum TreeNode {
     /// The `hash` is typically calculated as `Hash(Left_Child_Hash || Right_Child_Hash)`.
     Branch {
         hash: u256,
-        left: Box<TreeNode>,
-        right: Box<TreeNode>,
+        left: Box<Self>,
+        right: Box<Self>,
     },
 }
 
 impl TreeNode {
-    pub fn get_hash(&self) -> u256 {
+    pub const fn get_hash(&self) -> u256 {
         match self {
-            TreeNode::Leaf { leaf_hash } => *leaf_hash,
-            TreeNode::Branch { hash, .. } => *hash,
+            Self::Leaf { leaf_hash } => *leaf_hash,
+            Self::Branch { hash, .. } => *hash,
         }
     }
 }
@@ -113,7 +113,7 @@ impl SparseMerkleTree {
     }
 
     /// Computes parent hash: `SHA256(left_child_hash || right_child_hash)`.
-    fn calculate_hash(left: &mut TreeNode, right: &mut TreeNode) -> u256 {
+    fn calculate_hash(left: &TreeNode, right: &TreeNode) -> u256 {
         let mut eng = sha256::Hash::engine();
         eng.input(&left.get_hash());
         eng.input(&right.get_hash());
diff --git a/crates/simplicityhl-core/src/tx_inclusion.rs b/crates/simplicityhl-core/src/tx_inclusion.rs
@@ -9,8 +9,9 @@ use simplicityhl::elements::{Block, TxMerkleNode, Txid};
 /// Merkle proof: (`transaction_index`, `sibling_hashes`)
 pub type MerkleProof = (usize, Vec<TxMerkleNode>);
 
-/// Constructs a Merkle inclusion proof (Merkle branch) for a transaction TXID
-/// in a block, using Bitcoin consensus Merkle tree construction rules
+/// Constructs a Merkle inclusion proof (Merkle branch).
+///
+/// For a transaction TXID in a block, using Bitcoin consensus Merkle tree construction rules
 /// (pairwise double-SHA256 hashing with odd-hash duplication).
 ///
 /// Liquid inherits the same Merkle tree semantics via the Elements codebase:
@@ -28,8 +29,9 @@ pub fn merkle_branch(tx: &Txid, block: &Block) -> Option<MerkleProof> {
     Some((tx_index, build_merkle_branch(tx_index, block)))
 }
 
-/// Verifies a Merkle inclusion proof (Merkle branch) for a transaction TXID
-/// against the given Merkle root using Bitcoin consensus Merkle tree rules
+/// Verifies a Merkle inclusion proof (Merkle branch).
+///
+/// For a transaction TXID against the given Merkle root using Bitcoin consensus Merkle tree rules
 /// (pairwise double-SHA256 hashing with left/right ordering).
 ///
 /// Liquid inherits the same Merkle tree semantics via the Elements codebase:
@@ -96,15 +98,14 @@ fn compute_merkle_root_from_branch(
     for leaf in branch {
         let mut eng = TxMerkleNode::engine();
 
-        res = if pos & 1 == 0 {
+        if pos & 1 == 0 {
             eng.input(res.as_raw_hash().as_byte_array());
             eng.input(leaf.as_raw_hash().as_byte_array());
-            TxMerkleNode::from_engine(eng)
         } else {
             eng.input(leaf.as_raw_hash().as_byte_array());
             eng.input(res.as_raw_hash().as_byte_array());
-            TxMerkleNode::from_engine(eng)
-        };
+        }
+        res = TxMerkleNode::from_engine(eng);
 
         pos >>= 1;
     }

Original file line number	Diff line number	Diff line change
`@@ -22,16 +22,16 @@ enum TreeNode {`
`22`	`22`	/// The `hash` is typically calculated as `Hash(Left_Child_Hash \|\| Right_Child_Hash)`.
`23`	`23`	`Branch {`
`24`	`24`	`hash: u256,`
`25`		`- left: Box<TreeNode>,`
`26`		`- right: Box<TreeNode>,`
	`25`	`+ left: Box<Self>,`
	`26`	`+ right: Box<Self>,`
`27`	`27`	`},`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`impl TreeNode {`
`31`		`- pub fn get_hash(&self) -> u256 {`
	`31`	`+ pub const fn get_hash(&self) -> u256 {`
`32`	`32`	`match self {`
`33`		`- TreeNode::Leaf { leaf_hash } => *leaf_hash,`
`34`		`- TreeNode::Branch { hash, .. } => *hash,`
	`33`	`+ Self::Leaf { leaf_hash } => *leaf_hash,`
	`34`	`+ Self::Branch { hash, .. } => *hash,`
`35`	`35`	`}`
`36`	`36`	`}`
`37`	`37`	`}`
`@@ -113,7 +113,7 @@ impl SparseMerkleTree {`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	/// Computes parent hash: `SHA256(left_child_hash \|\| right_child_hash)`.
`116`		`- fn calculate_hash(left: &mut TreeNode, right: &mut TreeNode) -> u256 {`
	`116`	`+ fn calculate_hash(left: &TreeNode, right: &TreeNode) -> u256 {`
`117`	`117`	`let mut eng = sha256::Hash::engine();`
`118`	`118`	`eng.input(&left.get_hash());`
`119`	`119`	`eng.input(&right.get_hash());`