fix: Randomness in AddressNote

[benesjan]

• Fixes Make AddressNote’s commitment hiding  #2921
• minor ValueNote improvement

Checklist:

Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge.

• If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag.
• I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code.
• Every change is related to the PR description.
• I have linked this pull request to relevant issues (if any exist).

[AztecBot]

Benchmark results

No metrics with a significant change found.

Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Values are compared against data from master at commit 655c322a and shown if the difference exceeds 1%.

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric	8 txs	32 txs	128 txs
l1_rollup_calldata_size_in_bytes	45,444	179,588	716,132
l1_rollup_calldata_gas	222,912	868,088	3,449,456
l1_rollup_execution_gas	841,999	3,595,196	22,204,825
l2_block_processing_time_in_ms	1,050 (+2%)	3,982 (-6%)	15,680 (-1%)
note_successful_decrypting_time_in_ms	339 (+1%)	1,054 (+2%)	4,080 (-2%)
note_trial_decrypting_time_in_ms	44.0 (+16%)	108	136 (-1%)
l2_block_building_time_in_ms	9,077 (+1%)	36,268 (-1%)	159,775 (-1%)
l2_block_rollup_simulation_time_in_ms	6,716 (+1%)	26,746 (-1%)	106,484 (-1%)
l2_block_public_tx_process_time_in_ms	2,322	9,399 (-1%)	52,828

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 16 txs.

Metric	5 blocks	10 blocks
node_history_sync_time_in_ms	11,433 (+1%)	21,993 (+2%)
note_history_successful_decrypting_time_in_ms	2,390 (+1%)	4,762
note_history_trial_decrypting_time_in_ms	122	163 (+12%)
node_database_size_in_bytes	1,627,624	1,095,329
pxe_database_size_in_bytes	27,188	54,187

Circuits stats

Stats on running time and I/O sizes collected for every circuit run across all benchmarks.

Circuit	circuit_simulation_time_in_ms	circuit_input_size_in_bytes	circuit_output_size_in_bytes
private-kernel-init	47.5 (+1%)	61,697	18,841
private-kernel-ordering	23.5 (+1%)	24,233	8,089
base-rollup	852	639,797	811
root-rollup	37.8 (-5%)	4,072	1,097
private-kernel-inner	42.7 (+1%)	81,504	18,841
public-kernel-private-input	47.9	41,455	18,841
public-kernel-non-first-iteration	30.8 (-1%)	41,497	18,841
merge-rollup	0.833 (-4%)	2,592	873

Miscellaneous

Transaction sizes based on how many contracts are deployed in the tx.

Metric	0 deployed contracts	1 deployed contracts
tx_size_in_bytes	8,723	27,510

[rahul-kothari]

wouldn't the impl of compute_note_hash and nullifier be slightly different such that you can still get the note but not the nullifer?

Here looks like you would need to know the randomness to get the note?

[benesjan]

Yes, you need to know the randomness to get the note hash but I think this is quite normal. The difference between getting a nullifier and just a note hash is that for nullifier you need to know the owner secret.

BTW after this commit the note is basically just a copy of ValueNote so I think all should be good here.