feat(aztec-nr)!: app-silo getSharedSecret oracle (#22020) [v4-next backport]#22025
Merged
nventuro merged 6 commits intoMar 25, 2026
Merged
Conversation
Cherry-pick of 1c74bf6 with conflicts in yarn-project/pxe/src/oracle_version.ts
The oracle interface hash differs between next and v4-next due to different Oracle class signatures. Regenerated the hash for v4-next after cherry-pick.
AztecBot
added
ci-draft
nchamo
approved these changes
Mar 25, 2026
The cherry-pick of PR #22020 modified domain separators in constants.nr but the generated files (constants.gen.ts, aztec_constants.hpp, constants_gen.pil) were not regenerated. Run remake-constants to sync.
AztecBot
requested review from
IlyasRidhuan,
Maddiaa0,
fcarreiro and
jeanmon
as code owners
Collaborator
Author
Flakey Tests🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry. |
AztecBot
added a commit
that referenced
this pull request
Mar 25, 2026
Merged latest target branch which includes PR #22025 (app-silo getSharedSecret). Combined oracle interface now includes both renames and new oracle. Recomputed ORACLE_INTERFACE_HASH and bumped ORACLE_VERSION to 22.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backport of #22020 to v4-next.
The
getSharedSecretoracle now app-silos the shared secret by hashing it with the calling contract's address, preventing cross-contract decryption attacks. Key derivation uses new domain separators (DOM_SEP__APP_SILOED_ECDH_SHARED_SECRET,DOM_SEP__ECDH_SUBKEY,DOM_SEP__ECDH_FIELD_MASK).Cherry-pick conflicts
Only one conflict in
yarn-project/pxe/src/oracle_version.ts— the oracle interface hash differs betweennextandv4-nextbecause the Oracle class has diverged. Regenerated the hash for the v4-next Oracle interface.Commits
09ca7d52...)ClaudeBox log: https://claudebox.work/s/c95bc78416dda66e?run=1