From dbc95bedc4246b05df257daeff7dce04a1ae2a8b Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@penumbra.zone>
Date: Tue, 19 Mar 2024 15:57:24 -0400
Subject: [PATCH] add comment to use `NullifierDerivationCircuit` client-side
 only (#4052)

add note for future maintainers to only use the
`NullifierDerivationCircuit` on the client-side, since the nk is not
actually demonstrated to be associated with the address on the note in
circuit (related issue #3978)
---
 .../core/component/shielded-pool/src/nullifier_derivation.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crates/core/component/shielded-pool/src/nullifier_derivation.rs b/crates/core/component/shielded-pool/src/nullifier_derivation.rs
index 4c27803fcb..813e7320e7 100644
--- a/crates/core/component/shielded-pool/src/nullifier_derivation.rs
+++ b/crates/core/component/shielded-pool/src/nullifier_derivation.rs
@@ -74,6 +74,11 @@ fn check_circuit_satisfaction(
 }
 
 /// Groth16 proof for correct nullifier derivation.
+///
+/// # Safety
+///
+/// This proof is only for client-side use and not on chain. The nullifier-deriving
+/// key is not linked in the circuit to the address associated with the note commitment.
 #[derive(Clone, Debug)]
 pub struct NullifierDerivationCircuit {
     public: NullifierDerivationProofPublic,