feat(standards): add foundation for Multisig Smart Authentication Component

CHANGELOG.md

@@ -26,6 +26,7 @@
 - [BREAKING] Added cycle counts to notes returned by `NoteConsumptionInfo` and removed public fields from related types ([#2772](https://github.com/0xMiden/miden-base/issues/2772)).
 - [BREAKING] Removed unused `payback_attachment` from `SwapNoteStorage` and `attachment` from `MintNoteStorage` ([#2789](https://github.com/0xMiden/protocol/pull/2789)).
 - Automatically enable `concurrent` feature in `miden-tx` for `std` context ([#2791](https://github.com/0xMiden/protocol/pull/2791)).
+- Add foundations for `AuthMultisigSmart` ([#2806])(https://github.com/0xMiden/protocol/pull/2806)
 - Added `AuthNetworkAccount` auth component that rejects transactions which execute a tx script or consume input notes outside of a fixed allowlist of note script roots ([#2817](https://github.com/0xMiden/protocol/pull/2817)).
 - Added standardized `NetworkAccountNoteAllowlist` slot for detecting network accounts ([#2883](https://github.com/0xMiden/protocol/pull/2883)).
 - Added trace row counts to `bench-tx.json` ([#2794](https://github.com/0xMiden/protocol/pull/2794)).

crates/miden-standards/asm/account_components/auth/multisig_smart.masm

@@ -0,0 +1,29 @@
+# The MASM code of the Multi-Signature Smart Authentication Component.
+#
+# See the `AuthMultisigSmart` Rust type's documentation for more details.
+
+use miden::standards::auth::multisig
+use miden::standards::auth::multisig_smart
+
+pub use multisig::get_threshold_and_num_approvers
+pub use multisig::get_signer_at
+pub use multisig::is_signer
+pub use multisig_smart::set_procedure_policy
+pub use multisig_smart::update_signers_and_threshold
+
+#! Authenticate a transaction using multisig smart-policy rules.
+#!
+#! Inputs:
+#!   Operand stack: [SALT]
+#! Outputs:
+#!   Operand stack: []
+#!
+#! Invocation: call
+@auth_script
+pub proc auth_tx_multisig_smart(salt: word)
+    exec.multisig_smart::auth_tx
+    # => [TX_SUMMARY_COMMITMENT]
+
+    exec.multisig::assert_new_tx
+    # => []
+end

crates/miden-standards/asm/standards/auth/guardian.masm

@@ -128,7 +128,8 @@ pub proc verify_signature(msg: word)
         exec.tx_policy::assert_only_one_non_auth_procedure_called
         # => [MSG]
 
-        exec.tx_policy::assert_no_input_or_output_notes
+        exec.tx_policy::assert_no_input_notes
+        exec.tx_policy::assert_no_output_notes
         # => [MSG]
 
         dropw

crates/miden-standards/asm/standards/auth/multisig.masm

@@ -6,6 +6,7 @@ use miden::protocol::active_account
 use miden::protocol::auth::AUTH_UNAUTHORIZED_EVENT
 use miden::protocol::native_account
 use miden::standards::auth
+use miden::standards::auth::signature
 use miden::core::word
 
 # Local Memory Addresses
@@ -113,7 +114,7 @@ proc cleanup_pubkey_and_scheme_id_mapping(init_num_of_approvers: u32, new_num_of
         # => [i-1, new_num_of_approvers]
 
         # clear scheme id at APPROVER_MAP_KEY(i-1)
-        dup exec.create_approver_map_key
+        dup exec.signature::create_approver_map_key
         # => [APPROVER_MAP_KEY, i-1, new_num_of_approvers]
 
         padw swapw
@@ -129,7 +130,7 @@ proc cleanup_pubkey_and_scheme_id_mapping(init_num_of_approvers: u32, new_num_of
         # => [i-1, new_num_of_approvers]
 
         # clear public key at APPROVER_MAP_KEY(i-1)
-        dup exec.create_approver_map_key
+        dup exec.signature::create_approver_map_key
         # => [APPROVER_MAP_KEY, i-1, new_num_of_approvers]
 
         padw swapw
@@ -152,18 +153,8 @@ proc cleanup_pubkey_and_scheme_id_mapping(init_num_of_approvers: u32, new_num_of
     drop drop
 end
 
-#! Builds the storage map key for a signer index.
-#!
-#! Inputs: [key_index]
-#! Outputs: [APPROVER_MAP_KEY]
-proc create_approver_map_key
-    push.0.0.0 movup.3
-    # => [[key_index, 0, 0, 0]]
-    # => [APPROVER_MAP_KEY]
-end
-
-#! Asserts that all configured per-procedure threshold overrides are less than or equal to 
-#! number of approvers 
+#! Asserts that all configured per-procedure threshold overrides are less than or equal to
+#! number of approvers.
 #!
 #! Inputs:  [num_approvers]
 #! Outputs: []
@@ -186,7 +177,10 @@ proc assert_proc_thresholds_lte_num_approvers(num_approvers: u32)
         push.PROC_THRESHOLD_ROOTS_SLOT[0..2]
         # => [proc_roots_slot_suffix, proc_roots_slot_prefix, PROC_ROOT, proc_index, num_approvers]
 
-        exec.active_account::get_initial_map_item
+        # Use the *current* policy state, not the initial one; otherwise a `set_proc_threshold`
+        # call earlier in the same transaction that raised a threshold above the new num_approvers
+        # would be missed and the multisig could end up with an unreachable threshold.
+        exec.active_account::get_map_item
         # => [[proc_threshold, 0, 0, 0], proc_index, num_approvers]
 
         movdn.3 drop drop drop
@@ -288,7 +282,7 @@ pub proc update_signers_and_threshold(multisig_config_hash: word)
         sub.1
         # => [i-1, pad(12)]
 
-        dup exec.create_approver_map_key
+        dup exec.signature::create_approver_map_key
         # => [APPROVER_MAP_KEY, i-1, pad(12)]
 
         padw adv_loadw
@@ -311,7 +305,7 @@ pub proc update_signers_and_threshold(multisig_config_hash: word)
         exec.auth::signature::assert_supported_scheme_word
         # => [SCHEME_ID_WORD, i-1, pad(12)]
 
-        dup.4 exec.create_approver_map_key
+        dup.4 exec.signature::create_approver_map_key
         # => [APPROVER_MAP_KEY, SCHEME_ID_WORD, i-1, pad(12)]
 
         push.APPROVER_SCHEME_ID_SLOT[0..2]
@@ -510,7 +504,7 @@ pub proc get_signer_at
     dup
     # => [index, index]
 
-    exec.create_approver_map_key
+    exec.signature::create_approver_map_key
     # => [APPROVER_MAP_KEY, index]
 
     push.APPROVER_PUBLIC_KEYS_SLOT[0..2]
@@ -522,7 +516,7 @@ pub proc get_signer_at
     movup.4
     # => [index, PUB_KEY]
 
-    exec.create_approver_map_key
+    exec.signature::create_approver_map_key
     # => [APPROVER_MAP_KEY, PUB_KEY]
 
     push.APPROVER_SCHEME_ID_SLOT[0..2]
@@ -573,7 +567,7 @@ pub proc is_signer(pub_key: word) -> felt
         dup loc_store.CURRENT_SIGNER_INDEX_LOC
         # => [i-1, PUB_KEY]
 
-        exec.create_approver_map_key
+        exec.signature::create_approver_map_key
         # => [APPROVER_MAP_KEY, PUB_KEY]
 
         push.APPROVER_PUBLIC_KEYS_SLOT[0..2]