Skip to content

fix: remove redundant to/memo from DecryptionData#364

Open
dankrad wants to merge 4 commits intomainfrom
fix/decryption-data-trim
Open

fix: remove redundant to/memo from DecryptionData#364
dankrad wants to merge 4 commits intomainfrom
fix/decryption-data-trim

Conversation

@dankrad
Copy link
Copy Markdown
Collaborator

@dankrad dankrad commented Apr 7, 2026

Summary

  • Remove to and memo fields from the DecryptionData struct. These were redundant because ZoneInbox already decrypts the ciphertext via AES-256-GCM on-chain and can derive (to, memo) directly from the plaintext.
  • Update ZoneInbox.sol to use the decrypted values directly instead of comparing them against sequencer-supplied duplicates.
  • Saves 52 bytes of calldata per encrypted deposit (20-byte address + 32-byte memo).

Closes #357

Changes

Layer Files What changed
Solidity interface IZone.sol Removed to and memo from DecryptionData
Solidity logic ZoneInbox.sol Uses decryptedTo/decryptedMemo from decodePlaintext() directly
Solidity tests ZoneInbox.t.sol, ZoneBridge.t.sol Removed fields from all struct constructors
Rust ABI abi.rs, advance_tempo.rs Removed fields from sol! struct
Rust builder l1.rs, builder.rs Removed fields from construction sites
Docs overview.md, crypto-review.md, prover-design.md Updated struct definitions and code snippets

Note

The off-chain TIP-403 policy check in l1.rs that previously redirected unauthorized recipients by setting to: d.sender in DecryptionData no longer has an on-chain effect — the contract now always uses the decrypted recipient. The policy check is retained for logging but the redirect variable is prefixed with _ to suppress the unused warning. This behavioral change should be evaluated separately if sequencer-side recipient override is still desired.

Test plan

  • forge build — Solidity compiles
  • forge test --match-contract "ZoneInbox|ZoneBridge" — 41/41 tests pass
  • cargo build --workspace — Rust compiles
  • cargo test -p zone — advance_tempo and builder tests pass
  • CI

Made with Cursor

@dankrad dankrad force-pushed the fix/decryption-data-trim branch from 7d045d3 to b785d3b Compare April 7, 2026 13:21
@dankrad
fix: remove redundant to/memo from DecryptionData
5c7f28b 
The `to` and `memo` fields in `DecryptionData` were redundant: the
on-chain `ZoneInbox` already decrypts the ciphertext via AES-256-GCM
and can derive these values directly from the plaintext. Remove them
from the struct and use the decrypted values on-chain instead of
comparing against sequencer-supplied duplicates.

Saves 52 bytes of calldata per encrypted deposit (20-byte address +
32-byte memo).

Closes #357

Made-with: Cursor
@dankrad dankrad force-pushed the fix/decryption-data-trim branch from b785d3b to 5c7f28b Compare April 7, 2026 13:49
@decofe decofe mentioned this pull request Apr 9, 2026
Merged
dankrad added 3 commits April 17, 2026 17:32
@dankrad
Merge branch 'main' into fix/decryption-data-trim
2a0ed53 
Resolve conflicts:
- docs/pages/protocol/privacy/{overview,execution,prover-design}.md:
  accept deletion. The privacy docs were removed from the /pages tree
  on main; equivalent content now lives in docs/specs/zone_spec.md.
- docs/specs/zone_spec.md: propagate the DecryptionData trim into the
  spec. Removed the to/memo fields from the struct definition, and
  rewrote the Onchain Decryption Verification section from a
  three-step (Chaum-Pedersen + AES-GCM + plaintext match) process to
  a two-step one where the zone uses the decrypted (to, memo)
  directly instead of comparing against sequencer-supplied copies.
- IZone.sol and Rust crates auto-merged.

Made-with: Cursor
@dankrad
Merge branch 'main' into fix/decryption-data-trim
3bdc0a6 
Resolve conflicts introduced by PR #355 (deposit counter) landing on main.

Only code conflict: regenerated
crates/tempo-zone/tests/assets/zone-test-genesis.json via
`tempo-xtask generate-zone-genesis` since the deposit counter
added state to ZoneInbox/ZonePortal bytecode.

All other files (IZone.sol, ZoneInbox.sol, abi.rs, tests, etc.)
auto-merged cleanly — the DecryptionData trim (remove to/memo)
and the deposit counter additions are orthogonal.

Made-with: Cursor
@dankrad
test: regenerate zone-test-genesis with Address::ZERO tempo_portal
8145565 
The integration tests' start_from_l1() patches the ZoneInbox/ZoneConfig
bytecode at test setup by replacing Address::ZERO with the real L1 portal
address. The previous regeneration baked 0xbb..bb as the placeholder,
causing `expected 4 tempoPortal immutable(s) ... found 0` assertion
failures in all start_from_l1 integration tests.

Regenerated with --tempo-portal 0x0000...0000 to match main's convention.

Made-with: Cursor
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

@0xKitsune 0xKitsune Awaiting requested review from 0xKitsune 0xKitsune is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

DecryptionData contains too much info

1 participant

@dankrad