Skip to content

Canonical Confidential Transfer Fixture v2

This document defines the canonical fixture for the confidential transition path:

  • Fixture file: fixtures/phase3/confidential_transfer_v2_no_receiver_marker.json
  • Shared adversarial corpus: fixtures/phase3/confidential_transfer_real_proof_corpus_v1.json
  • Scenario id: confidential_transfer_v2_no_receiver_marker
  • Version: 2

Purpose

The fixture is the shared deterministic reference for:

  • backend proof-envelope verification (PIv1 + PBv1)
  • host/covenant output-binding checks
  • wallet-side no-public-marker recovery assumptions
  • shared adversarial mutation classes used by backend/host/wallet-facing tests

Normative invariants

  1. Confidential transitions use fixed public carrier sats for continuation outputs (1000 sats in this profile).
  2. Continuation output index is deterministic (0) for this fixture profile.
  3. Continuation output is tokenized and carries state continuity in the NFT commitment.
  4. PIv1.outputFingerprint32 is computed with OFm2/v2 (token-aware fold).
  5. Wallet recovery depends on encrypted payload + wallet keys, not a public receiver marker output.

Mutation vectors

The fixture includes deterministic leakage mutations:

  • mutations.publicValueLeak: modifies continuation sats away from the fixed carrier profile.
  • mutations.receiverMarkerLeak: appends an explicit public marker output (OP_RETURN).

These are intended to fail covenant/output-binding or policy checks in consumer tests.

The shared corpus also freezes mutation classes for:

  • committed amount/value-conservation mutations
  • nullifier mutations
  • note-commitment mutations
  • state-transition mutations
  • transcript/proof-envelope mutations
  • tokenized continuation invariant mutations
  • output-binding mutations

Verifier-boundary expectation in corpus:

  • verifier acceptance is defined by public inputs + proof artifact only
  • verifier-side witness bytes are not allowed in the final verifier boundary
  • any backend-1 witness replay semantics are provisional scaffolding only and are non-normative for final verifier acceptance

Reuse plan

  • @bch-stealth/pool-shards: covenant/host verification parity tests (canonical + mutation rejects).
  • @bch-stealth/zk-backend-mock: proof verification against committed PIv1/PBv1.
  • @bch-stealth/cli: fixture policy/invariant checks and mutation structure checks.

Legacy note

fixtures/phase3/alice_bob_pool_internal_send_v1.json remains a legacy fixture for older Phase 3 scaffolding references.
The v2 fixture above is the canonical source for confidential-transfer boundary work going forward.