Skip to content

fix: app-silo getSharedSecret oracle to prevent cross-contract decryption#22000

Closed
benesjan wants to merge 1 commit into
nextfrom
jan/f-477-get-shared-secret-app-siloed
Closed

fix: app-silo getSharedSecret oracle to prevent cross-contract decryption#22000
benesjan wants to merge 1 commit into
nextfrom
jan/f-477-get-shared-secret-app-siloed

Conversation

@benesjan

@benesjan benesjan commented Mar 25, 2026

Copy link
Copy Markdown
Contributor

Summary

  • App-silos the getSharedSecret oracle so it returns s_app = h(DOM_SEP, S.x, S.y, contract) instead of the raw ECDH shared secret point, preventing cross-contract decryption attacks.
  • Introduces compute_app_siloed_shared_secret and derive_shared_secret_randomness helpers for a unified derivation pattern.
  • Updates AES128 encryption, note delivery, and oracle interfaces to use the new app-siloed secret.

Closes https://linear.app/aztec-labs/issue/F-477/getsharedsecret-isnt-app-siloed

Test plan

  • Existing encryption/decryption tests pass with updated derivation
  • Verify oracle returns Field instead of Point
  • Cross-contract decryption is no longer possible

🤖 Generated with Claude Code

@benesjan @claude
fix: app-silo getSharedSecret oracle to prevent cross-contract decryp…
b173851 
…tion

The getSharedSecret oracle was not app-siloed, meaning a malicious contract could
call it with any ephemeral public key and obtain the raw ECDH shared secret. This
allowed cross-contract decryption of encrypted messages.

Now the oracle returns an app-siloed scalar `s_app = h(DOM_SEP, S.x, S.y, contract)`
instead of the raw shared secret point. Callers derive indexed randomness from s_app
via `derive_shared_secret_randomness`. The AES128 encryption helpers and note delivery
code are updated to use the new derivation pattern.

Closes F-477

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Base automatically changed from merge-train/fairies to next March 26, 2026 04:08
@nchamo

nchamo commented Mar 26, 2026

Copy link
Copy Markdown
Contributor

This was done in #22020

@nchamo nchamo closed this Mar 26, 2026
@benesjan benesjan deleted the jan/f-477-get-shared-secret-app-siloed branch March 27, 2026 05:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nventuro nventuro Awaiting requested review from nventuro nventuro will be requested when the pull request is marked ready for review nventuro is a code owner

@LeilaWang LeilaWang Awaiting requested review from LeilaWang LeilaWang will be requested when the pull request is marked ready for review LeilaWang is a code owner

@MirandaWood MirandaWood Awaiting requested review from MirandaWood MirandaWood will be requested when the pull request is marked ready for review MirandaWood is a code owner

@jeanmon jeanmon Awaiting requested review from jeanmon jeanmon will be requested when the pull request is marked ready for review jeanmon is a code owner

@IlyasRidhuan IlyasRidhuan Awaiting requested review from IlyasRidhuan IlyasRidhuan will be requested when the pull request is marked ready for review IlyasRidhuan is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benesjan @nchamo