aptos-labs
diff --git a/‎api/doc/spec.json
+4-4 b/‎api/doc/spec.json
+4-4
diff --git a/‎api/doc/spec.yaml
+4-4 b/‎api/doc/spec.yaml
+4-4
diff --git a/‎api/src/tests/accounts_test.rs
+5-5 b/‎api/src/tests/accounts_test.rs
+5-5
diff --git a/‎api/types/src/transaction.rs
+28-28 b/‎api/types/src/transaction.rs
+28-28
diff --git a/‎aptos-move/aptos-release-builder/data/release.yaml
+3-3 b/‎aptos-move/aptos-release-builder/data/release.yaml
+3-3
diff --git a/‎aptos-move/aptos-release-builder/src/components/feature_flags.rs
+6-6 b/‎aptos-move/aptos-release-builder/src/components/feature_flags.rs
+6-6
diff --git a/‎aptos-move/aptos-vm/src/aptos_vm.rs
+5-24 b/‎aptos-move/aptos-vm/src/aptos_vm.rs
+5-24
diff --git a/‎aptos-move/aptos-vm/src/lib.rs
+1-1 b/‎aptos-move/aptos-vm/src/lib.rs
+1-1
@@ -13433,7 +13433,7 @@
             "ed25519": "#/components/schemas/PublicKey_string(HexEncodedBytes)",
             "secp256k1_ecdsa": "#/components/schemas/PublicKey_string(HexEncodedBytes)",
             "secp256r1_ecdsa": "#/components/schemas/PublicKey_string(HexEncodedBytes)",
-            "zk_id": "#/components/schemas/PublicKey_string(HexEncodedBytes)"
+            "oidb": "#/components/schemas/PublicKey_string(HexEncodedBytes)"
           }
         }
       },
@@ -13447,7 +13447,7 @@
             "properties": {
               "type": {
                 "type": "string",
-                "example": "zk_id"
+                "example": "oidb"
               }
             }
           },
@@ -13538,7 +13538,7 @@
             "ed25519": "#/components/schemas/Signature_string(HexEncodedBytes)",
             "secp256k1_ecdsa": "#/components/schemas/Signature_string(HexEncodedBytes)",
             "web_authn": "#/components/schemas/Signature_string(HexEncodedBytes)",
-            "zk_id": "#/components/schemas/Signature_string(HexEncodedBytes)"
+            "oidb": "#/components/schemas/Signature_string(HexEncodedBytes)"
           }
         }
       },
@@ -13552,7 +13552,7 @@
             "properties": {
               "type": {
                 "type": "string",
-                "example": "zk_id"
+                "example": "oidb"
               }
             }
           },
 
@@ -10115,7 +10115,7 @@ components:
           ed25519: '#/components/schemas/PublicKey_string(HexEncodedBytes)'
           secp256k1_ecdsa: '#/components/schemas/PublicKey_string(HexEncodedBytes)'
           secp256r1_ecdsa: '#/components/schemas/PublicKey_string(HexEncodedBytes)'
-          zk_id: '#/components/schemas/PublicKey_string(HexEncodedBytes)'
+          oidb: '#/components/schemas/PublicKey_string(HexEncodedBytes)'
     PublicKey_string(HexEncodedBytes):
       allOf:
       - type: object
@@ -10124,7 +10124,7 @@ components:
         properties:
           type:
             type: string
-            example: zk_id
+            example: oidb
       - $ref: '#/components/schemas/HexEncodedBytes'
     RawTableItemRequest:
       type: object
@@ -10181,7 +10181,7 @@ components:
           ed25519: '#/components/schemas/Signature_string(HexEncodedBytes)'
           secp256k1_ecdsa: '#/components/schemas/Signature_string(HexEncodedBytes)'
           web_authn: '#/components/schemas/Signature_string(HexEncodedBytes)'
-          zk_id: '#/components/schemas/Signature_string(HexEncodedBytes)'
+          oidb: '#/components/schemas/Signature_string(HexEncodedBytes)'
     Signature_string(HexEncodedBytes):
       allOf:
       - type: object
@@ -10190,7 +10190,7 @@ components:
         properties:
           type:
             type: string
-            example: zk_id
+            example: oidb
       - $ref: '#/components/schemas/HexEncodedBytes'
     SingleKeySignature:
       type: object
 
@@ -237,8 +237,8 @@ async fn test_get_account_resources_with_pagination() {
     {
         println!("0x1::{}::{}", r.module, r.name);
     }
-    assert_eq!(resources.len(), 5);
-    assert_eq!(resources, all_resources[0..5].to_vec());
+    assert_eq!(resources.len(), 4);
+    assert_eq!(resources, all_resources[0..4].to_vec());
 
     // Make a request using the cursor. Assert the 5 results we get back are the next 5.
     let req = warp::test::request().method("GET").path(&format!(
@@ -255,7 +255,7 @@ async fn test_get_account_resources_with_pagination() {
     let cursor_header = StateKeyWrapper::from_str(cursor_header.to_str().unwrap()).unwrap();
     let resources: Vec<MoveResource> = serde_json::from_slice(resp.body()).unwrap();
     assert_eq!(resources.len(), 5);
-    assert_eq!(resources, all_resources[5..10].to_vec());
+    assert_eq!(resources, all_resources[4..9].to_vec());
 
     // Get the rest of the resources, assert there is no cursor now.
     let req = warp::test::request().method("GET").path(&format!(
@@ -267,8 +267,8 @@ async fn test_get_account_resources_with_pagination() {
     assert_eq!(resp.status(), 200);
     assert!(!resp.headers().contains_key("X-Aptos-Cursor"));
     let resources: Vec<MoveResource> = serde_json::from_slice(resp.body()).unwrap();
-    assert_eq!(resources.len(), all_resources.len() - 10);
-    assert_eq!(resources, all_resources[10..].to_vec());
+    assert_eq!(resources.len(), all_resources.len() - 9);
+    assert_eq!(resources, all_resources[9..].to_vec());
 }
 
 // Same as the above test but for modules.
 
@@ -20,6 +20,7 @@ use aptos_types::{
     block_metadata::BlockMetadata,
     block_metadata_ext::BlockMetadataExt,
     contract_event::{ContractEvent, EventWithVersion},
+    oidb,
     transaction::{
         authenticator::{
             AccountAuthenticator, AnyPublicKey, AnySignature, MultiKey, MultiKeyAuthenticator,
@@ -28,7 +29,6 @@ use aptos_types::{
         webauthn::{PartialAuthenticatorAssertionResponse, MAX_WEBAUTHN_SIGNATURE_BYTES},
         Script, SignedTransaction, TransactionOutput, TransactionWithProof,
     },
-    zkid,
 };
 use once_cell::sync::Lazy;
 use poem_openapi::{Object, Union};
@@ -1198,24 +1198,24 @@ impl VerifyInput for WebAuthnSignature {
 }
 
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize, Object)]
-pub struct ZkIdSignature {
+pub struct OidbSignature {
     pub public_key: HexEncodedBytes,
     pub signature: HexEncodedBytes,
 }
 
-impl VerifyInput for ZkIdSignature {
+impl VerifyInput for OidbSignature {
     fn verify(&self) -> anyhow::Result<()> {
         let public_key_len = self.public_key.inner().len();
         let signature_len = self.signature.inner().len();
-        if public_key_len > zkid::ZkIdPublicKey::MAX_LEN {
+        if public_key_len > oidb::OidbPublicKey::MAX_LEN {
             bail!(
-                "zkID public key length is greater than the maximum number of {} bytes: found {} bytes",
-                zkid::ZkIdPublicKey::MAX_LEN, public_key_len
+                "OIDB public key length is greater than the maximum number of {} bytes: found {} bytes",
+                oidb::OidbPublicKey::MAX_LEN, public_key_len
             )
-        } else if signature_len > zkid::ZkIdSignature::MAX_LEN {
+        } else if signature_len > oidb::OidbSignature::MAX_LEN {
             bail!(
-                "zkID signature length is greater than the maximum number of {} bytes: found {} bytes",
-                zkid::ZkIdSignature::MAX_LEN, signature_len
+                "OIDB signature length is greater than the maximum number of {} bytes: found {} bytes",
+                oidb::OidbSignature::MAX_LEN, signature_len
             )
         } else {
             Ok(())
@@ -1230,7 +1230,7 @@ pub enum Signature {
     Ed25519(HexEncodedBytes),
     Secp256k1Ecdsa(HexEncodedBytes),
     WebAuthn(HexEncodedBytes),
-    ZkId(HexEncodedBytes),
+    Oidb(HexEncodedBytes),
 }
 
 impl TryFrom<Signature> for AnySignature {
@@ -1241,7 +1241,7 @@ impl TryFrom<Signature> for AnySignature {
             Signature::Ed25519(s) => AnySignature::ed25519(s.inner().try_into()?),
             Signature::Secp256k1Ecdsa(s) => AnySignature::secp256k1_ecdsa(s.inner().try_into()?),
             Signature::WebAuthn(s) => AnySignature::webauthn(s.inner().try_into()?),
-            Signature::ZkId(s) => AnySignature::zkid(s.inner().try_into()?),
+            Signature::Oidb(s) => AnySignature::oidb(s.inner().try_into()?),
         })
     }
 }
@@ -1258,7 +1258,7 @@ impl From<AnySignature> for Signature {
             AnySignature::WebAuthn { signature } => {
                 Signature::WebAuthn(signature.to_bytes().to_vec().into())
             },
-            AnySignature::ZkId { signature } => Signature::ZkId(signature.to_bytes().into()),
+            AnySignature::OIDB { signature } => Signature::Oidb(signature.to_bytes().into()),
         }
     }
 }
@@ -1270,7 +1270,7 @@ pub enum PublicKey {
     Ed25519(HexEncodedBytes),
     Secp256k1Ecdsa(HexEncodedBytes),
     Secp256r1Ecdsa(HexEncodedBytes),
-    ZkId(HexEncodedBytes),
+    Oidb(HexEncodedBytes),
 }
 
 impl TryFrom<PublicKey> for AnyPublicKey {
@@ -1281,7 +1281,7 @@ impl TryFrom<PublicKey> for AnyPublicKey {
             PublicKey::Ed25519(p) => AnyPublicKey::ed25519(p.inner().try_into()?),
             PublicKey::Secp256k1Ecdsa(p) => AnyPublicKey::secp256k1_ecdsa(p.inner().try_into()?),
             PublicKey::Secp256r1Ecdsa(p) => AnyPublicKey::secp256r1_ecdsa(p.inner().try_into()?),
-            PublicKey::ZkId(p) => AnyPublicKey::zkid(p.inner().try_into()?),
+            PublicKey::Oidb(p) => AnyPublicKey::oidb(p.inner().try_into()?),
         })
     }
 }
@@ -1298,7 +1298,7 @@ impl From<AnyPublicKey> for PublicKey {
             AnyPublicKey::Secp256r1Ecdsa { public_key } => {
                 PublicKey::Secp256r1Ecdsa(public_key.to_bytes().to_vec().into())
             },
-            AnyPublicKey::ZkId { public_key } => PublicKey::ZkId(public_key.to_bytes().into()),
+            AnyPublicKey::OIDB { public_key } => PublicKey::Oidb(public_key.to_bytes().into()),
         }
     }
 }
@@ -1330,7 +1330,7 @@ impl VerifyInput for SingleKeySignature {
                 signature: s.clone(),
             }
             .verify(),
-            (PublicKey::ZkId(p), Signature::ZkId(s)) => ZkIdSignature {
+            (PublicKey::Oidb(p), Signature::Oidb(s)) => OidbSignature {
                 public_key: p.clone(),
                 signature: s.clone(),
             }
@@ -1374,12 +1374,12 @@ impl TryFrom<SingleKeySignature> for AccountAuthenticator {
                     )?;
                     AnyPublicKey::secp256r1_ecdsa(key)
                 },
-                PublicKey::ZkId(p) => {
+                PublicKey::Oidb(p) => {
                     let key = p
                         .inner()
                         .try_into()
-                        .context("Failed to parse given public_key bytes as ZkIdPublicKey")?;
-                    AnyPublicKey::zkid(key)
+                        .context("Failed to parse given public_key bytes as OidbPublicKey")?;
+                    AnyPublicKey::oidb(key)
                 },
             };
 
@@ -1405,12 +1405,12 @@ impl TryFrom<SingleKeySignature> for AccountAuthenticator {
                     .context( "Failed to parse given signature bytes as PartialAuthenticatorAssertionResponse")?;
                 AnySignature::webauthn(signature)
             },
-            Signature::ZkId(s) => {
+            Signature::Oidb(s) => {
                 let signature = s
                     .inner()
                     .try_into()
-                    .context("Failed to parse given signature bytes as ZkIdSignature")?;
-                AnySignature::zkid(signature)
+                    .context("Failed to parse given signature bytes as OidbSignature")?;
+                AnySignature::oidb(signature)
             },
         };
 
@@ -1475,12 +1475,12 @@ impl TryFrom<MultiKeySignature> for AccountAuthenticator {
                     )?;
                     AnyPublicKey::secp256r1_ecdsa(key)
                 },
-                PublicKey::ZkId(p) => {
+                PublicKey::Oidb(p) => {
                     let key = p
                         .inner()
                         .try_into()
-                        .context("Failed to parse given public_key bytes as ZkIdPublicKey")?;
-                    AnyPublicKey::zkid(key)
+                        .context("Failed to parse given public_key bytes as OidbPublicKey")?;
+                    AnyPublicKey::oidb(key)
                 },
             };
             public_keys.push(key);
@@ -1508,12 +1508,12 @@ impl TryFrom<MultiKeySignature> for AccountAuthenticator {
                     )?;
                         AnySignature::webauthn(paar)
                     },
-                    Signature::ZkId(s) => {
+                    Signature::Oidb(s) => {
                         let signature = s
                             .inner()
                             .try_into()
-                            .context("Failed to parse given signature as ZkIdSignature")?;
-                        AnySignature::zkid(signature)
+                            .context("Failed to parse given signature as OidbSignature")?;
+                        AnySignature::oidb(signature)
                     },
                 };
             signatures.push((indexed_signature.index, signature));
 
@@ -151,16 +151,16 @@ proposals:
       - FeatureFlag:
           enabled:
             - jwk_consensus
-  - name: step_12_enable_zkid
+  - name: step_12_enable_oidb
     metadata:
       title: "AIP-61: OpenID blockchain (OIDB) accounts"
-      description: "Enable validation of zkID transactions, allowing users to transact using their Web2 accounts"
+      description: "Enable validation of OIDB transactions, allowing users to transact using their Web2 accounts"
       discussion_url: "https://github.com/aptos-foundation/AIPs/issues/297"
     execution_mode: MultiStep
     update_sequence:
       - FeatureFlag:
           enabled:
-            - zk_id_signature
+            - oidb_signature
   - name: step_13_start_watching_google_jwks
     metadata:
       title: "Start JWK consensus for Google"
 
@@ -96,8 +96,8 @@ pub enum FeatureFlag {
     Bn254Structures,
     WebAuthnSignature,
     ReconfigureWithDkg,
-    ZkIdSignature,
-    ZkIdZkLessSignature,
+    OidbSignature,
+    OidbZkLessSignature,
     RemoveDetailedError,
     JwkConsensus,
     ConcurrentFungibleAssets,
@@ -257,8 +257,8 @@ impl From<FeatureFlag> for AptosFeatureFlag {
             FeatureFlag::Bn254Structures => AptosFeatureFlag::BN254_STRUCTURES,
             FeatureFlag::WebAuthnSignature => AptosFeatureFlag::WEBAUTHN_SIGNATURE,
             FeatureFlag::ReconfigureWithDkg => AptosFeatureFlag::RECONFIGURE_WITH_DKG,
-            FeatureFlag::ZkIdSignature => AptosFeatureFlag::ZK_ID_SIGNATURES,
-            FeatureFlag::ZkIdZkLessSignature => AptosFeatureFlag::ZK_ID_ZKLESS_SIGNATURE,
+            FeatureFlag::OidbSignature => AptosFeatureFlag::OIDB_SIGNATURE,
+            FeatureFlag::OidbZkLessSignature => AptosFeatureFlag::OIDB_ZKLESS_SIGNATURE,
             FeatureFlag::RemoveDetailedError => AptosFeatureFlag::REMOVE_DETAILED_ERROR_FROM_HASH,
             FeatureFlag::JwkConsensus => AptosFeatureFlag::JWK_CONSENSUS,
             FeatureFlag::ConcurrentFungibleAssets => AptosFeatureFlag::CONCURRENT_FUNGIBLE_ASSETS,
@@ -341,8 +341,8 @@ impl From<AptosFeatureFlag> for FeatureFlag {
             AptosFeatureFlag::BN254_STRUCTURES => FeatureFlag::Bn254Structures,
             AptosFeatureFlag::WEBAUTHN_SIGNATURE => FeatureFlag::WebAuthnSignature,
             AptosFeatureFlag::RECONFIGURE_WITH_DKG => FeatureFlag::ReconfigureWithDkg,
-            AptosFeatureFlag::ZK_ID_SIGNATURES => FeatureFlag::ZkIdSignature,
-            AptosFeatureFlag::ZK_ID_ZKLESS_SIGNATURE => FeatureFlag::ZkIdZkLessSignature,
+            AptosFeatureFlag::OIDB_SIGNATURE => FeatureFlag::OidbSignature,
+            AptosFeatureFlag::OIDB_ZKLESS_SIGNATURE => FeatureFlag::OidbZkLessSignature,
             AptosFeatureFlag::REMOVE_DETAILED_ERROR_FROM_HASH => FeatureFlag::RemoveDetailedError,
             AptosFeatureFlag::JWK_CONSENSUS => FeatureFlag::JwkConsensus,
             AptosFeatureFlag::CONCURRENT_FUNGIBLE_ASSETS => FeatureFlag::ConcurrentFungibleAssets,
 
@@ -12,10 +12,11 @@ use crate::{
         get_max_binary_format_version, AptosMoveResolver, MoveVmExt, RespawnedSession, SessionExt,
         SessionId,
     },
+    oidb_validation,
     sharded_block_executor::{executor_client::ExecutorClient, ShardedBlockExecutor},
     system_module_names::*,
     transaction_metadata::TransactionMetadata,
-    transaction_validation, verifier, zkid_validation, VMExecutor, VMValidator,
+    transaction_validation, verifier, VMExecutor, VMValidator,
 };
 use anyhow::{anyhow, Result};
 use aptos_block_executor::txn_commit_hook::NoOpTransactionCommitHook;
@@ -1323,29 +1324,9 @@ impl AptosVM {
             ));
         }
 
-        // zkID feature gating
-        let authenticators = aptos_types::zkid::get_zkid_authenticators(transaction);
-        match &authenticators {
-            Ok(authenticators) => {
-                for (_, sig) in authenticators {
-                    if !self.features.is_zkid_enabled()
-                        && matches!(sig.sig, ZkpOrOpenIdSig::Groth16Zkp { .. })
-                    {
-                        return Err(VMStatus::error(StatusCode::FEATURE_UNDER_GATING, None));
-                    }
-                    if (!self.features.is_zkid_enabled() || !self.features.is_zkid_zkless_enabled())
-                        && matches!(sig.sig, ZkpOrOpenIdSig::OpenIdSig { .. })
-                    {
-                        return Err(VMStatus::error(StatusCode::FEATURE_UNDER_GATING, None));
-                    }
-                }
-            },
-            Err(_) => {
-                return Err(VMStatus::error(StatusCode::INVALID_SIGNATURE, None));
-            },
-        }
-
-        zkid_validation::validate_zkid_authenticators(&authenticators.unwrap(), resolver)?;
+        let authenticators = aptos_types::oidb::get_oidb_authenticators(transaction)
+            .map_err(|_| VMStatus::error(StatusCode::INVALID_SIGNATURE, None))?;
+        oidb_validation::validate_oidb_authenticators(&authenticators, self.features(), resolver)?;
 
         // The prologue MUST be run AFTER any validation. Otherwise you may run prologue and hit
         // SEQUENCE_NUMBER_TOO_NEW if there is more than one transaction from the same sender and
 
@@ -111,14 +111,14 @@ mod errors;
 mod gas;
 pub mod move_vm_ext;
 pub mod natives;
+mod oidb_validation;
 pub mod sharded_block_executor;
 pub mod system_module_names;
 pub mod testing;
 pub mod transaction_metadata;
 mod transaction_validation;
 pub mod validator_txns;
 pub mod verifier;
-mod zkid_validation;
 
 pub use crate::aptos_vm::{AptosSimulationVM, AptosVM};
 use crate::sharded_block_executor::{executor_client::ExecutorClient, ShardedBlockExecutor};
Original file line number	Diff line number	Diff line change
`@@ -13433,7 +13433,7 @@`
`13433`	`13433`	`"ed25519": "#/components/schemas/PublicKey_string(HexEncodedBytes)",`
`13434`	`13434`	`"secp256k1_ecdsa": "#/components/schemas/PublicKey_string(HexEncodedBytes)",`
`13435`	`13435`	`"secp256r1_ecdsa": "#/components/schemas/PublicKey_string(HexEncodedBytes)",`
`13436`		`- "zk_id": "#/components/schemas/PublicKey_string(HexEncodedBytes)"`
	`13436`	`+ "oidb": "#/components/schemas/PublicKey_string(HexEncodedBytes)"`
`13437`	`13437`	`}`
`13438`	`13438`	`}`
`13439`	`13439`	`},`
`@@ -13447,7 +13447,7 @@`
`13447`	`13447`	`"properties": {`
`13448`	`13448`	`"type": {`
`13449`	`13449`	`"type": "string",`
`13450`		`- "example": "zk_id"`
	`13450`	`+ "example": "oidb"`
`13451`	`13451`	`}`
`13452`	`13452`	`}`
`13453`	`13453`	`},`
`@@ -13538,7 +13538,7 @@`
`13538`	`13538`	`"ed25519": "#/components/schemas/Signature_string(HexEncodedBytes)",`
`13539`	`13539`	`"secp256k1_ecdsa": "#/components/schemas/Signature_string(HexEncodedBytes)",`
`13540`	`13540`	`"web_authn": "#/components/schemas/Signature_string(HexEncodedBytes)",`
`13541`		`- "zk_id": "#/components/schemas/Signature_string(HexEncodedBytes)"`
	`13541`	`+ "oidb": "#/components/schemas/Signature_string(HexEncodedBytes)"`
`13542`	`13542`	`}`
`13543`	`13543`	`}`
`13544`	`13544`	`},`
`@@ -13552,7 +13552,7 @@`
`13552`	`13552`	`"properties": {`
`13553`	`13553`	`"type": {`
`13554`	`13554`	`"type": "string",`
`13555`		`- "example": "zk_id"`
	`13555`	`+ "example": "oidb"`
`13556`	`13556`	`}`
`13557`	`13557`	`}`
`13558`	`13558`	`},`