Skip to content

feat(anonbeta1): Arcium RNS co-signed settlement flow#4

Open
FwazB wants to merge 4 commits into
mainfrom
fawaz-test
Open

feat(anonbeta1): Arcium RNS co-signed settlement flow#4
FwazB wants to merge 4 commits into
mainfrom
fawaz-test

Conversation

@FwazB
Copy link
Copy Markdown
Collaborator

@FwazB FwazB commented May 20, 2026

Summary

Reworks anonbeta1 around the mobile/RNS architecture:

  • sender builds and partial-signs transfer parameters offline
  • anonmesh/RNS carries the partial transaction to an announced beacon
  • beacon co-signs and submits execute_cosigned_transfer
  • program verifies the beacon is registered and Arcium-bound
  • SPL token amount is split between recipient ATA and beacon ATA
  • CosignedSettlement receipt prevents settlement replay

Arcium / Privacy

  • keeps beacon_bind for private operator-to-RNS transport binding
  • keeps relay_increment for optional encrypted private relay stats
  • raw RNS identity is not stored publicly on-chain
  • settled transfer facts are public by design: sender, recipient token account, mint, amount, beacon, and beacon share

Cleanup

  • removes stale ble-revshare model program
  • removes old payment_v3 circuit and scripts/tests
  • removes old public register_beacon / heartbeat path
  • makes arcium build the canonical build and verification path

Security Notes

  • Sentinel reviewed the program and gave greenlight after MH1 fix
  • settlement PDA is sender-namespaced: [b"settlement", sender, settlement_id]
  • beacon operator is a required signer but not writable
  • settlement receipts are append-only; no close path is exposed
  • SPL Token only for this PR; Token-2022 is not supported yet

Verification

arcium build

Result: passes. The build still prints the known non-fatal Arcium client stack-offset warning, but exits 0.

FwazB added 4 commits May 11, 2026 19:48
@FwazB
Add beacon_bind Arcium circuit + anonbeta1 program with MPC binding
8987a4d 
- beacon_bind circuit: SHA3-256 commitment of rns_dest_hash + region_code
  computed inside Arcium MPC, returns encrypted u128 to owner
- anonbeta1 program: register_beacon, heartbeat (plain), plus 3 new
  Arcium instructions (init_comp_def, register_beacon_private, callback)
- PrivateBeaconRegistry PDA for encrypted beacon state
- Deployed to devnet: anon7uu8UtVoFgS8GCSfw2RqyphJhkN3xEjgPwznYDe
- MXE initialized, comp def registered on-chain (cluster offset 456)
- Circuit uploaded to Supabase storage bucket
@FwazB
Add registration fee to register_beacon_private (SOL + SPL)
6856376 
- 2% fee to treasury on beacon registration (same as ble-revshare)
- SOL native: system_program transfer to treasury wallet
- SPL token: spl_token transfer via optional mint/token accounts
- Added anchor-spl dependency, TREASURY_WALLET + FEE_BPS constants
- Upgraded on devnet: anon7uu8UtVoFgS8GCSfw2RqyphJhkN3xEjgPwznYDe
@FwazB
refactor(anonbeta1): strip to registry-only program; archive Arcium b…
7702279 
…ind for v2

Frontier scope decision: anonbeta1 ships as a plain Anchor registry program
backing the explorer "Active Beacons" metric. Encrypted relay accounting
(private counts, reward calculation, operator stats) moves to v2 of the same
program — same vanity program ID, expand in place.

What stays in anonbeta1:
- register_beacon: writes BeaconRegistry PDA with rns_dest_hash + region_code
- heartbeat: bumps last_heartbeat + heartbeat_count, emits BeaconHeartbeat
- BeaconRegistry account, BeaconRegistered + BeaconHeartbeat events
- 4 errors (InvalidRnsHash, InvalidRegionCode, OperatorMismatch, HeartbeatOverflow)
- Single dep: anchor-lang 0.32.1
- Vanity program ID anon7uu8UtVoFgS8GCSfw2RqyphJhkN3xEjgPwznYDe (already deployed)

What archives to archive/anonbeta1-arcium-bind/ for v2 revival:
- register_beacon_private + beacon_bind_callback + init_beacon_bind_comp_def
  (3 live files moved via git mv, history preserved)
- PrivateBeaconRegistry account, BeaconBindCompleted event
- Arcium/fee errors, treasury constants, beacon_bind circuit snapshot
- README documenting revival path

What stays elsewhere:
- programs/ble-revshare/ untouched (v2 payment seed)
- encrypted-ixs/ keeps payment_v3 circuit (ble-revshare dependency)

Anchor.toml + ble-revshare/lib.rs declare_id! sync to new ble_revshare keypair
i1cAa6iWmL8GRdZisyX2sgJ43jdemdUZh2QbstxTJ2C — accepted side-effect of arcium
build's ID sync. Original 7xeQNUggKc2e5q6AQxsFBLBkXGg2p54kSx11zVainMks deploy
on devnet is orphaned (keypair not available locally); ble-revshare is deferred
to v2 anyway, so the orphan is harmless.

arcium build passes clean. anchor build of anonbeta1 alone is plain Anchor.
@FwazB
feat(anonbeta1): add Arcium RNS settlement flow
0f1f77a
@FwazB FwazB requested a review from Magicred-1 May 20, 2026 03:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Magicred-1 Magicred-1 Awaiting requested review from Magicred-1

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FwazB