AztecProtocol · mverzilli · Mar 25, 2026 · Mar 25, 2026 · Mar 25, 2026
@@ -11,8 +11,8 @@ use crate::{
         logs::notify_created_contract_class_log,
         notes::notify_nullified_note,
         nullifiers::notify_created_nullifier,
-        public_call::validate_public_calldata,
-        tx_phase::{in_revertible_phase, notify_revertible_phase_start},
+        public_call::assert_valid_public_call_data,
+        tx_phase::{is_execution_in_revertible_phase, notify_revertible_phase_start},
     },
 };
 use crate::logging::aztecnr_trace_log_format;
@@ -519,7 +519,7 @@ impl PrivateContext {
         let current_counter = self.side_effect_counter;
 
         // Safety: Kernel will validate that the claim is correct by validating the expected counters.
-        let is_revertible = unsafe { in_revertible_phase(current_counter) };
+        let is_revertible = unsafe { is_execution_in_revertible_phase(current_counter) };
 
         if is_revertible {
             if (self.expected_revertible_side_effect_counter == 0)
@@ -1260,7 +1260,7 @@ impl PrivateContext {
 
         let is_static_call = is_static_call | self.inputs.call_context.is_static_call;
 
-        validate_public_calldata(calldata_hash);
+        assert_valid_public_call_data(calldata_hash);
 
         let msg_sender = if hide_msg_sender {
             NULL_MSG_SENDER_CONTRACT_ADDRESS
@@ -1331,7 +1331,7 @@ impl PrivateContext {
     ) {
         let is_static_call = is_static_call | self.inputs.call_context.is_static_call;
 
-        validate_public_calldata(calldata_hash);
+        assert_valid_public_call_data(calldata_hash);
 
         let msg_sender = if hide_msg_sender {
             NULL_MSG_SENDER_CONTRACT_ADDRESS

@@ -82,7 +82,7 @@ mod test {
 
         let hash = hash_args(serialized);
 
-        let _ = OracleMock::mock("aztec_prv_loadFromExecutionCache").returns(bad_serialized);
+        let _ = OracleMock::mock("aztec_prv_getHashPreimage").returns(bad_serialized);
         assert_eq(ReturnsHash::new(hash).get_preimage(), value);
     }
 }
@@ -71,7 +71,7 @@ mod test {
         // partial address
         random_keys_and_partial_address[12] = 0x236703e2cb00a182e024e98e9f759231b556d25ff19f98896cebb69e9e678cc9;
 
-        let _ = OracleMock::mock("aztec_utl_tryGetPublicKeysAndPartialAddress").returns(Option::some(
+        let _ = OracleMock::mock("aztec_utl_getPublicKeysAndPartialAddress").returns(Option::some(
             random_keys_and_partial_address,
         ));
         let _ = get_public_keys(account);

@@ -685,7 +685,7 @@ mod test {
             let ciphertext = BoundedVec::from_array(AES128::encrypt(plaintext, recipient));
 
             let empty_header = BoundedVec::<u8, HEADER_CIPHERTEXT_SIZE_IN_BYTES>::new();
-            let _ = OracleMock::mock("aztec_utl_tryAes128Decrypt").returns(Option::some(empty_header)).times(1);
+            let _ = OracleMock::mock("aztec_utl_decryptAes128").returns(Option::some(empty_header)).times(1);
 
             assert(AES128::decrypt(ciphertext, recipient).is_none());
         });
@@ -705,7 +705,7 @@ mod test {
             let bad_header = BoundedVec::<u8, HEADER_CIPHERTEXT_SIZE_IN_BYTES>::from_array(encode_header(
                 MESSAGE_PLAINTEXT_SIZE_IN_BYTES + 1,
             ));
-            let _ = OracleMock::mock("aztec_utl_tryAes128Decrypt").returns(Option::some(bad_header)).times(1);
+            let _ = OracleMock::mock("aztec_utl_decryptAes128").returns(Option::some(bad_header)).times(1);
 
             assert(AES128::decrypt(ciphertext, recipient).is_none());
         });

@@ -184,13 +184,13 @@ pub unconstrained fn validate_and_store_enqueued_notes_and_events(contract_addre
 /// The `message_context_requests_array_base_slot` must point to a CapsuleArray<Field> containing tx hashes.
 /// PXE will store `Option<MessageContextResponse>` values into the responses array at
 /// `message_context_responses_array_base_slot`.
-pub unconstrained fn resolve_message_contexts(
+pub unconstrained fn get_message_contexts_by_tx_hash(
     contract_address: AztecAddress,
     message_context_requests_array_base_slot: Field,
     message_context_responses_array_base_slot: Field,
     scope: AztecAddress,
 ) {
-    oracle::message_processing::resolve_message_contexts(
+    oracle::message_processing::get_message_contexts_by_tx_hash(
         contract_address,
         message_context_requests_array_base_slot,
         message_context_responses_array_base_slot,
@@ -230,7 +230,7 @@ pub(crate) unconstrained fn get_pending_partial_notes_completion_logs(
         i += 1;
     }
 
-    oracle::message_processing::bulk_retrieve_logs(
+    oracle::message_processing::get_logs_by_tag(
         contract_address,
         LOG_RETRIEVAL_REQUESTS_ARRAY_BASE_SLOT,
         LOG_RETRIEVAL_RESPONSES_ARRAY_BASE_SLOT,

@@ -3,9 +3,9 @@ use crate::{
     context::UtilityContext,
     messages::{
         encoding::MESSAGE_CIPHERTEXT_LEN,
-        processing::{MessageContext, OffchainMessageWithContext, resolve_message_contexts},
+        processing::{get_message_contexts_by_tx_hash, MessageContext, OffchainMessageWithContext},
     },
-    oracle::contract_sync::invalidate_contract_sync_cache,
+    oracle::contract_sync::set_contract_sync_cache_invalid,
     protocol::{
         address::AztecAddress,
         constants::MAX_TX_LIFETIME,
@@ -133,7 +133,7 @@ pub unconstrained fn receive(
         i += 1;
     }
 
-    invalidate_contract_sync_cache(contract_address, scopes);
+    set_contract_sync_cache_invalid(contract_address, scopes);
 }
 
 /// Returns offchain-delivered messages to process during sync.
@@ -169,7 +169,7 @@ pub unconstrained fn sync_inbox(
     }
 
     // Ask PXE to resolve contexts for all requested tx hashes.
-    resolve_message_contexts(
+    get_message_contexts_by_tx_hash(
         contract_address,
         OFFCHAIN_CONTEXT_REQUESTS_SLOT,
         OFFCHAIN_CONTEXT_RESPONSES_SLOT,

@@ -1,5 +1,5 @@
-#[oracle(aztec_utl_tryAes128Decrypt)]
-unconstrained fn try_aes128_decrypt_oracle<let N: u32>(
+#[oracle(aztec_utl_decryptAes128)]
+unconstrained fn aes128_decrypt_oracle<let N: u32>(
     ciphertext: BoundedVec<u8, N>,
     iv: [u8; 16],
     sym_key: [u8; 16],
@@ -14,12 +14,13 @@ unconstrained fn try_aes128_decrypt_oracle<let N: u32>(
 /// Note that we accept ciphertext as a BoundedVec, not as an array. This is because this function is typically used
 /// when processing logs and at that point we don't have comptime information about the length of the ciphertext as
 /// the log is not specific to any individual note.
+// TODO(F-498): review naming consistency
 pub unconstrained fn try_aes128_decrypt<let N: u32>(
     ciphertext: BoundedVec<u8, N>,
     iv: [u8; 16],
     sym_key: [u8; 16],
 ) -> Option<BoundedVec<u8, N>> {
-    try_aes128_decrypt_oracle(ciphertext, iv, sym_key)
+    aes128_decrypt_oracle(ciphertext, iv, sym_key)
 }
 
 mod test {

@@ -2,21 +2,23 @@ use crate::protocol::{address::AztecAddress, traits::{Deserialize, Serialize}};
 
 /// Stores arbitrary information in a per-contract non-volatile database, which can later be retrieved with `load`. If
 /// data was already stored at this slot, it is overwritten.
+// TODO(F-498): review naming consistency
 pub unconstrained fn store<T>(contract_address: AztecAddress, slot: Field, value: T, scope: AztecAddress)
 where
     T: Serialize,
 {
     let serialized = value.serialize();
-    store_oracle(contract_address, slot, serialized, scope);
+    set_capsule_oracle(contract_address, slot, serialized, scope);
 }
 
 /// Returns data previously stored via `storeCapsule` in the per-contract non-volatile database. Returns
 /// Option::none() if nothing was stored at the given slot.
+// TODO(F-498): review naming consistency
 pub unconstrained fn load<T>(contract_address: AztecAddress, slot: Field, scope: AztecAddress) -> Option<T>
 where
     T: Deserialize,
 {
-    let serialized_option = load_oracle(contract_address, slot, <T as Deserialize>::N, scope);
+    let serialized_option = get_capsule_oracle(contract_address, slot, <T as Deserialize>::N, scope);
     serialized_option.map(|arr| Deserialize::deserialize(arr))
 }
 
@@ -39,8 +41,8 @@ pub unconstrained fn copy(
     copy_oracle(contract_address, src_slot, dst_slot, num_entries, scope);
 }
 
-#[oracle(aztec_utl_storeCapsule)]
-unconstrained fn store_oracle<let N: u32>(
+#[oracle(aztec_utl_setCapsule)]
+unconstrained fn set_capsule_oracle<let N: u32>(
     contract_address: AztecAddress,
     slot: Field,
     values: [Field; N],
@@ -54,8 +56,8 @@ unconstrained fn store_oracle<let N: u32>(
 /// require for the oracle resolver to know the shape of T (e.g. if T were a struct of 3 u32 values then the expected
 /// response shape would be 3 single items, whereas it were a struct containing `u32, [Field;10], u32` then the
 /// expected shape would be single, array, single.). Instead, we return the serialization and deserialize in Noir.
-#[oracle(aztec_utl_loadCapsule)]
-unconstrained fn load_oracle<let N: u32>(
+#[oracle(aztec_utl_getCapsule)]
+unconstrained fn get_capsule_oracle<let N: u32>(
     contract_address: AztecAddress,
     slot: Field,
     array_len: u32,

@@ -1,7 +1,7 @@
 use crate::protocol::address::AztecAddress;
 
-#[oracle(aztec_utl_invalidateContractSyncCache)]
-unconstrained fn invalidate_contract_sync_cache_oracle<let N: u32>(
+#[oracle(aztec_utl_setContractSyncCacheInvalid)]
+unconstrained fn set_contract_sync_cache_invalid_oracle<let N: u32>(
     contract_address: AztecAddress,
     scopes: BoundedVec<AztecAddress, N>,
 ) {}
@@ -10,9 +10,9 @@ unconstrained fn invalidate_contract_sync_cache_oracle<let N: u32>(
 ///
 /// Call this after writing data (e.g. offchain messages) that the contract's `sync_state` function needs to discover.
 /// Without invalidation, the sync cache would skip re-running `sync_state` until the next block.
-pub unconstrained fn invalidate_contract_sync_cache<let N: u32>(
+pub unconstrained fn set_contract_sync_cache_invalid<let N: u32>(
     contract_address: AztecAddress,
     scopes: BoundedVec<AztecAddress, N>,
 ) {
-    invalidate_contract_sync_cache_oracle(contract_address, scopes);
+    set_contract_sync_cache_invalid_oracle(contract_address, scopes);
 }
@@ -1,20 +1,22 @@
 /// Stores values represented as slice in execution cache to be later obtained by its hash.
+// TODO(F-498): review naming consistency
 pub fn store<let N: u32>(values: [Field; N], hash: Field) {
     // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe to
     // call. When loading the values, however, the caller must check that the values are indeed the preimage.
-    unsafe { store_in_execution_cache_oracle_wrapper(values, hash) };
+    unsafe { set_hash_preimage_oracle_wrapper(values, hash) };
 }
 
-unconstrained fn store_in_execution_cache_oracle_wrapper<let N: u32>(values: [Field; N], hash: Field) {
-    store_in_execution_cache_oracle(values, hash);
+unconstrained fn set_hash_preimage_oracle_wrapper<let N: u32>(values: [Field; N], hash: Field) {
+    set_hash_preimage_oracle(values, hash);
 }
 
+// TODO(F-498): review naming consistency
 pub unconstrained fn load<let N: u32>(hash: Field) -> [Field; N] {
-    load_from_execution_cache_oracle(hash)
+    get_hash_preimage_oracle(hash)
 }
 
-#[oracle(aztec_prv_storeInExecutionCache)]
-unconstrained fn store_in_execution_cache_oracle<let N: u32>(_values: [Field; N], _hash: Field) {}
+#[oracle(aztec_prv_setHashPreimage)]
+unconstrained fn set_hash_preimage_oracle<let N: u32>(_values: [Field; N], _hash: Field) {}
 
-#[oracle(aztec_prv_loadFromExecutionCache)]
-unconstrained fn load_from_execution_cache_oracle<let N: u32>(_hash: Field) -> [Field; N] {}
+#[oracle(aztec_prv_getHashPreimage)]
+unconstrained fn get_hash_preimage_oracle<let N: u32>(_hash: Field) -> [Field; N] {}
@@ -4,17 +4,19 @@ use crate::protocol::{
     public_keys::{IvpkM, NpkM, OvpkM, PublicKeys, TpkM},
 };
 
+// TODO(F-498): review naming consistency
 pub unconstrained fn get_public_keys_and_partial_address(address: AztecAddress) -> (PublicKeys, PartialAddress) {
     try_get_public_keys_and_partial_address(address).expect(f"Public keys not registered for account {address}")
 }
 
-#[oracle(aztec_utl_tryGetPublicKeysAndPartialAddress)]
-unconstrained fn try_get_public_keys_and_partial_address_oracle(_address: AztecAddress) -> Option<[Field; 13]> {}
+#[oracle(aztec_utl_getPublicKeysAndPartialAddress)]
+unconstrained fn get_public_keys_and_partial_address_oracle(_address: AztecAddress) -> Option<[Field; 13]> {}
 
+// TODO(F-498): review naming consistency
 pub unconstrained fn try_get_public_keys_and_partial_address(
     address: AztecAddress,
 ) -> Option<(PublicKeys, PartialAddress)> {
-    try_get_public_keys_and_partial_address_oracle(address).map(|result: [Field; 13]| {
+    get_public_keys_and_partial_address_oracle(address).map(|result: [Field; 13]| {
         let keys = PublicKeys {
             npk_m: NpkM { inner: Point { x: result[0], y: result[1], is_infinite: result[2] != 0 } },
             ivpk_m: IvpkM { inner: Point { x: result[3], y: result[4], is_infinite: result[5] != 0 } },

@@ -2,12 +2,13 @@ use crate::protocol::address::AztecAddress;
 
 /// Finds new private logs that may have been sent to all registered accounts in PXE in the current contract and makes
 /// them available for later processing in Noir by storing them in a capsule array.
+// TODO(F-498): review naming consistency
 pub unconstrained fn fetch_tagged_logs(pending_tagged_log_array_base_slot: Field, scope: AztecAddress) {
-    fetch_tagged_logs_oracle(pending_tagged_log_array_base_slot, scope);
+    get_pending_tagged_logs_oracle(pending_tagged_log_array_base_slot, scope);
 }
 
-#[oracle(aztec_utl_fetchTaggedLogs)]
-unconstrained fn fetch_tagged_logs_oracle(pending_tagged_log_array_base_slot: Field, scope: AztecAddress) {}
+#[oracle(aztec_utl_getPendingTaggedLogs)]
+unconstrained fn get_pending_tagged_logs_oracle(pending_tagged_log_array_base_slot: Field, scope: AztecAddress) {}
 
 // This must be a single oracle and not one for notes and one for events because the entire point is to validate all
 // notes and events in one go, minimizing node round-trips.
@@ -39,44 +40,44 @@ unconstrained fn validate_and_store_enqueued_notes_and_events_oracle(
     scope: AztecAddress,
 ) {}
 
-pub(crate) unconstrained fn bulk_retrieve_logs(
+pub(crate) unconstrained fn get_logs_by_tag(
     contract_address: AztecAddress,
     log_retrieval_requests_array_base_slot: Field,
     log_retrieval_responses_array_base_slot: Field,
     scope: AztecAddress,
 ) {
-    bulk_retrieve_logs_oracle(
+    get_logs_by_tag_oracle(
         contract_address,
         log_retrieval_requests_array_base_slot,
         log_retrieval_responses_array_base_slot,
         scope,
     );
 }
 
-#[oracle(aztec_utl_bulkRetrieveLogs)]
-unconstrained fn bulk_retrieve_logs_oracle(
+#[oracle(aztec_utl_getLogsByTag)]
+unconstrained fn get_logs_by_tag_oracle(
     contract_address: AztecAddress,
     log_retrieval_requests_array_base_slot: Field,
     log_retrieval_responses_array_base_slot: Field,
     scope: AztecAddress,
 ) {}
 
-pub(crate) unconstrained fn resolve_message_contexts(
+pub(crate) unconstrained fn get_message_contexts_by_tx_hash(
     contract_address: AztecAddress,
     message_context_requests_array_base_slot: Field,
     message_context_responses_array_base_slot: Field,
     scope: AztecAddress,
 ) {
-    resolve_message_contexts_oracle(
+    get_message_contexts_by_tx_hash_oracle(
         contract_address,
         message_context_requests_array_base_slot,
         message_context_responses_array_base_slot,
         scope,
     );
 }
 
-#[oracle(aztec_utl_utilityResolveMessageContexts)]
-unconstrained fn resolve_message_contexts_oracle(
+#[oracle(aztec_utl_getMessageContextsByTxHash)]
+unconstrained fn get_message_contexts_by_tx_hash_oracle(
     contract_address: AztecAddress,
     message_context_requests_array_base_slot: Field,
     message_context_responses_array_base_slot: Field,

@@ -33,9 +33,10 @@ unconstrained fn is_nullifier_pending_oracle(_inner_nullifier: Field, _contract_
 /// nullifier, but a `false` value should not be relied upon since other transactions may emit this nullifier before
 /// the current transaction is included in a block. While this might seem of little use at first, certain design
 /// patterns benefit from this abstraction (see e.g. `PrivateMutable`).
+// TODO(F-498): review naming consistency
 pub unconstrained fn check_nullifier_exists(inner_nullifier: Field) -> bool {
-    check_nullifier_exists_oracle(inner_nullifier)
+    does_nullifier_exist_oracle(inner_nullifier)
 }
 
-#[oracle(aztec_utl_checkNullifierExists)]
-unconstrained fn check_nullifier_exists_oracle(_inner_nullifier: Field) -> bool {}
+#[oracle(aztec_utl_doesNullifierExist)]
+unconstrained fn does_nullifier_exist_oracle(_inner_nullifier: Field) -> bool {}
@@ -2,17 +2,17 @@
 ///
 /// The check is unconstrained and the only purpose of it is to fail early in case of calldata overflow or a bug in
 /// calldata hashing.
-pub(crate) fn validate_public_calldata(calldata_hash: Field) {
+pub(crate) fn assert_valid_public_call_data(calldata_hash: Field) {
     // Safety: This oracle call returns nothing: we only call it for its side effects (validating the calldata).
     // It is therefore always safe to call.
     unsafe {
-        validate_public_calldata_wrapper(calldata_hash)
+        assert_valid_public_call_data_oracle_wrapper(calldata_hash)
     }
 }
 
-unconstrained fn validate_public_calldata_wrapper(calldata_hash: Field) {
-    validate_public_calldata_oracle(calldata_hash)
+unconstrained fn assert_valid_public_call_data_oracle_wrapper(calldata_hash: Field) {
+    assert_valid_public_call_data_oracle(calldata_hash)
 }
 
-#[oracle(aztec_prv_validatePublicCalldata)]
-unconstrained fn validate_public_calldata_oracle(_calldata_hash: Field) {}
+#[oracle(aztec_prv_assertValidPublicCalldata)]
+unconstrained fn assert_valid_public_call_data_oracle(_calldata_hash: Field) {}