Security Model
Trust assumptions and threat boundaries inside aztec-rs.
The normative version of the rules summarized on this page lives in Specification → Trust Model. This page is the readable prose narrative; the spec is the authoritative reference.
Trust Boundaries
| Boundary | Trusted | Untrusted |
|---|---|---|
| PXE ↔ Node | PXE-owned state and keys | Node RPC responses |
| PXE ↔ Contracts | Artifact class hash (if verified) | Artifact JSON content pre-verify |
| Wallet ↔ Account | Account provider (signer) | Call arguments from the app layer |
| L1 ↔ L2 | Portal contracts at pinned addresses | Arbitrary cross-chain payloads |
Highlights
- Private keys never leave the PXE process — see TRUST-1.
- The node is untrusted; responses are either public or kernel-verified — see TRUST-2.
- L1 portal addresses come from
NodeInfo, not from code — see TRUST-3. - The
AccountProvideris the signing-material trust root — see TRUST-4. - Cross-chain consumption verifies inclusion against a kernel-bound root — see CROSS-8.
- Fee payment payloads bind to one tx and one chain head — see FEE-5.