iotaledger · TheMrAI · Sep 11, 2025 · Sep 3, 2025 · Sep 4, 2025 · Sep 4, 2025
diff --git a/Cargo.lock b/Cargo.lock
@@ -54,7 +54,7 @@ use iota_storage::{
 use iota_types::committee::CommitteeTrait;
 use iota_types::{
     IOTA_SYSTEM_ADDRESS, TypeTag,
-    account::{AUTHENTICATOR_DF_NAME, AuthenticatorInfo},
+    account::{AUTHENTICATOR_DF_NAME, AuthenticatorInfoV1},
     authenticator_state::get_authenticator_state,
     base_types::*,
     committee::{Committee, EpochId, ProtocolVersion},
@@ -5217,7 +5217,7 @@ impl AuthorityState {
         auth_account_object_digest: Option<ObjectDigest>,
         account_object: ObjectReadResult,
         signer: &IotaAddress,
-    ) -> IotaResult<AuthenticatorInfo> {
+    ) -> IotaResult<AuthenticatorInfoV1> {
         let account_object = match account_object.object {
             ObjectReadResultKind::Object(object) => Ok(object),
             ObjectReadResultKind::DeletedSharedObject(version, digest) => {
@@ -5289,7 +5289,7 @@ impl AuthorityState {
 
         let authenticator_id = self.get_dynamic_field_object_id(
             auth_account_object_id,
-            AuthenticatorInfo::tag().into(),
+            AuthenticatorInfoV1::tag().into(),
             AUTHENTICATOR_DF_NAME.as_bytes(),
         )?;
 
@@ -5302,7 +5302,7 @@ impl AuthorityState {
                 )?;
 
             if let Some(authenticator_info) = authenticator_info {
-                AuthenticatorInfo::try_from(authenticator_info)
+                AuthenticatorInfoV1::try_from(authenticator_info)
             } else {
                 Err(UserInputError::MoveAuthenticatorNotFound {
                     authenticator_object_id: authenticator_id,
@@ -5329,7 +5329,7 @@ impl AuthorityState {
         protocol_config: &ProtocolConfig,
         reference_gas_price: u64,
         transaction: &TransactionData,
-    ) -> IotaResult<(IotaGasStatus, CheckedInputObjects, AuthenticatorInfo)> {
+    ) -> IotaResult<(IotaGasStatus, CheckedInputObjects, AuthenticatorInfoV1)> {
         let digest = transaction.digest();
         let signer = transaction.sender();
 

@@ -315,7 +315,7 @@
     ]
   },
   "12": {
-    "git_revision": "0dfba5a1f03f173cb36f9cd846c8d3e125b2d73b",
+    "git_revision": "6ac6db501d0baf15a3528ef82af63be25256333e",
     "packages": [
       {
         "name": "MoveStdlib",

@@ -0,0 +1,43 @@
+// Copyright (c) 2025 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+module iota::account;
+
+use std::ascii;
+
+/// Dynamic field key, where the system will look for a potential
+/// authenticate function.
+#[allow(unused_const)]
+const AUTHENTICATOR_ID: vector<u8> = b"IOTA_AUTHENTICATION";
+
+#[allow(unused_field)]
+public struct AuthenticatorInfoV1 has copy, drop, store {
+    package: ID,
+    module_name: ascii::String,
+    function_name: ascii::String,
+}
+
+/// Create an "AuthenticatorInfoV1" using an `authenticate` function defined outside of this version of the package
+///
+/// The referred `package`, `module_name`, `function_name` can refer to any valid `authenticate` function,
+/// regardless of package dependencies or versions.
+/// For example package A has two versions V1 and V2. V2 of package A may refer to an `authenticate`
+/// function defined in V1. Or it can refer to any package B with an appropriate `authenticate` function
+/// even if package A does not have a dependency on package B.
+/// In fact package A may have a dependency on package B version 1, but can still refer to an `authenticate`
+/// function defined in package B version 2.
+/// Refiring to an `authenticate` function with `create_auth_info_v1` is a strictly runtime dependency and
+/// it does not collide with any compile time restrictions.
+public fun create_auth_info_v1(
+    package: address,
+    module_name: ascii::String,
+    function_name: ascii::String,
+): AuthenticatorInfoV1 {
+    create_auth_info_v1_impl(package, module_name.as_bytes(), function_name.as_bytes())
+}
+
+native fun create_auth_info_v1_impl(
+    package: address,
+    module_name: &vector<u8>,
+    function_name: &vector<u8>,
+): AuthenticatorInfoV1;
@@ -1126,6 +1126,30 @@ vdf_verify
 vdf_verify_internal
 	fun
 	0x2::vdf
+TxContext
+	public struct
+	0x2::tx_context
+sender
+	public fun
+	0x2::tx_context
+digest
+	public fun
+	0x2::tx_context
+epoch
+	public fun
+	0x2::tx_context
+epoch_timestamp_ms
+	public fun
+	0x2::tx_context
+fresh_object_address
+	public fun
+	0x2::tx_context
+ids_created
+	fun
+	0x2::tx_context
+derive_id
+	fun
+	0x2::tx_context
 encode
 	public fun
 	0x2::hex
@@ -1165,30 +1189,6 @@ length
 max
 	public fun
 	0x2::address
-TxContext
-	public struct
-	0x2::tx_context
-sender
-	public fun
-	0x2::tx_context
-digest
-	public fun
-	0x2::tx_context
-epoch
-	public fun
-	0x2::tx_context
-epoch_timestamp_ms
-	public fun
-	0x2::tx_context
-fresh_object_address
-	public fun
-	0x2::tx_context
-ids_created
-	fun
-	0x2::tx_context
-derive_id
-	fun
-	0x2::tx_context
 ID
 	public struct
 	0x2::object
@@ -1264,6 +1264,15 @@ delete_impl
 record_new_uid
 	fun
 	0x2::object
+AuthenticatorInfoV1
+	public struct
+	0x2::account
+create_auth_info_v1
+	public fun
+	0x2::account
+create_auth_info_v1_impl
+	fun
+	0x2::account
 ProgrammableMoveCall
 	public struct
 	0x2::programmable_transaction

@@ -24,8 +24,10 @@ async fn get_normalized_move_modules_by_package() -> Result<(), anyhow::Error> {
     assert_eq!(
         move_modules.keys().cloned().collect::<HashSet<String>>(),
         [
+            "account",
             "address",
             "authenticator_state",
+            "auth_context",
             "bag",
             "balance",
             "bcs",
@@ -61,6 +63,7 @@ async fn get_normalized_move_modules_by_package() -> Result<(), anyhow::Error> {
             "pay",
             "poseidon",
             "priority_queue",
+            "programmable_transaction",
             "prover",
             "random",
             "system_admin_cap",

@@ -125,6 +125,9 @@ fn new_testing_object_and_natives_cost_runtime(ext: &mut NativeContextExtensions
     let metrics = Arc::new(LimitsMetrics::new(&registry));
     let store = Lazy::force(&TEST_STORE);
 
+    // If this list needs to be updated you likely need to update
+    // iota-execution/latest/iota-adapter/src/adapter.rs where it is constructed for
+    // regular execution as well.
     ext.add(ObjectRuntime::new(
         store,
         BTreeMap::new(),

@@ -1464,6 +1464,7 @@
                 "consensus_max_transactions_in_block_bytes": {
                   "u64": "524288"
                 },
+                "create_auth_info_v1_cost_base": null,
                 "crypto_invalid_arguments_cost": {
                   "u64": "100"
                 },
@@ -9937,33 +9938,29 @@
         "description": "MoveAuthenticator is a GenericSignature variant that enables a new method of authentication through Move code. This function represents the data received by the Move authenticate function during the Account Abstraction authentication flow.",
         "type": "object",
         "required": [
-          "inputs",
-          "object_to_authenticate"
+          "call_args",
+          "object_to_authenticate",
+          "type_arguments"
         ],
         "properties": {
-          "inputs": {
+          "call_args": {
             "description": "Input objects or primitive values",
             "type": "array",
             "items": {
               "$ref": "#/components/schemas/CallArg"
             }
           },
           "object_to_authenticate": {
-            "description": "The reference to the object that this authenticates. This object represents the account being the sender of the transaction.",
-            "type": "array",
-            "items": [
-              {
-                "$ref": "#/components/schemas/ObjectID"
-              },
-              {
-                "$ref": "#/components/schemas/SequenceNumber"
-              },
+            "description": "The object that is authenticated. Represents the account being the sender of the transaction.",
+            "allOf": [
               {
-                "$ref": "#/components/schemas/ObjectDigest"
+                "$ref": "#/components/schemas/CallArg"
               }
-            ],
-            "maxItems": 3,
-            "minItems": 3
+            ]
+          },
+          "type_arguments": {
+            "description": "Type arguments for the Move authenticate function",
+            "type": "string"
           }
         }
       },
@@ -12945,7 +12942,7 @@
         }
       },
       "TypeOrigin": {
-        "description": "Identifies a struct and the module it was defined in",
+        "description": "Store the origin of a data type where it first appeared in the version chain.\n\nA data type is identified by the name of the module and the name of the struct/enum in combination.\n\n# Undefined behavior\n\nDirectly modifying any field is undefined behavior. The fields are only public for read-only access.",
         "type": "object",
         "required": [
           "datatype_name",
@@ -12954,37 +12951,44 @@
         ],
         "properties": {
           "datatype_name": {
+            "description": "The name of the data type.\n\nHere this either refers to an enum or a struct identifier.",
             "type": "string"
           },
           "module_name": {
+            "description": "The name of the module the data type resides in.",
             "type": "string"
           },
           "package": {
-            "$ref": "#/components/schemas/ObjectID"
+            "description": "`Storage ID` of the package, where the given type first appeared.",
+            "allOf": [
+              {
+                "$ref": "#/components/schemas/ObjectID"
+              }
+            ]
           }
         }
       },
       "TypeTag": {
         "type": "string"
       },
       "UpgradeInfo": {
-        "description": "Upgraded package info for the linkage table",
+        "description": "Value for the [MovePackage]'s linkage_table.\n\n# Undefined behavior\n\nDirectly modifying any field is undefined behavior. The fields are only public for read-only access.",
         "type": "object",
         "required": [
           "upgraded_id",
           "upgraded_version"
         ],
         "properties": {
           "upgraded_id": {
-            "description": "ID of the upgraded packages",
+            "description": "`Storage ID`/`Package ID` of the referred package.",
             "allOf": [
               {
                 "$ref": "#/components/schemas/ObjectID"
               }
             ]
           },
           "upgraded_version": {
-            "description": "Version of the upgraded package",
+            "description": "The version of the package at `upgraded_id`.",
             "allOf": [
               {
                 "$ref": "#/components/schemas/SequenceNumber2"

@@ -72,6 +72,7 @@ pub const MAX_PROTOCOL_VERSION: u64 = 12;
 //             Add additional linkage checks
 // Version 11: Framework fix regarding candidate validator commission rate.
 // Version 12: Max authentication gas budget property.
+//             Introduce gas cost for 'create_auth_info_v1_cost_base'.
 
 #[derive(Copy, Clone, Debug, Hash, Serialize, Deserialize, PartialEq, Eq, PartialOrd, Ord)]
 pub struct ProtocolVersion(u64);
@@ -776,6 +777,11 @@ pub struct ProtocolConfig {
 
     // === Native Function Costs ===
 
+    // `account` module
+    // Cost params for the Move native function `create_auth_info_v1(package: address, module:
+    // String, function: String): AuthenticatorInfoV1`
+    create_auth_info_v1_cost_base: Option<u64>,
+
     // `address` module
     // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
     address_from_bytes_cost_base: Option<u64>,
@@ -1572,6 +1578,8 @@ impl ProtocolConfig {
             buffer_stake_for_protocol_upgrade_bps: Some(5000),
 
             // === Native Function Costs ===
+            // `account` module
+            create_auth_info_v1_cost_base: None,
             // `address` module
             // Cost params for the Move native function `address::from_bytes(bytes: vector<u8>)`
             address_from_bytes_cost_base: Some(52),
@@ -2140,6 +2148,9 @@ impl ProtocolConfig {
                         // max auth gas budget is in NANOS and an absolute value 1IOTA
                         cfg.max_auth_gas = Some(1_000_000_000);
                         cfg.feature_flags.move_auth = true;
+                        // === Native Function Costs ===
+                        // `account` module
+                        cfg.create_auth_info_v1_cost_base = Some(1000);
                     }
                 }
                 // Use this template when making changes:

@@ -123,6 +123,7 @@ validator_target_reward: 767000000000000
 max_transactions_per_checkpoint: 10000
 max_checkpoint_size_bytes: 31457280
 buffer_stake_for_protocol_upgrade_bps: 5000
+create_auth_info_v1_cost_base: 1000
 address_from_bytes_cost_base: 52
 address_to_u256_cost_base: 52
 address_from_u256_cost_base: 52