LedgerHQ · sportron-ledger · Apr 16, 2026 · Apr 17, 2026 · Apr 17, 2026 · Apr 23, 2026
diff --git a/Makefile b/Makefile
@@ -30,7 +30,7 @@ APPNAME = "Aleo"
 # Application version
 APPVERSION_M = 1
 APPVERSION_N = 0
-APPVERSION_P = 1
+APPVERSION_P = 2
 APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)"
 
 # Application source files

diff --git a/doc/SIGN_TRANSACTION.md b/doc/SIGN_TRANSACTION.md
@@ -113,6 +113,7 @@ Serialized TLV data:
 | `network_id`         |  0xc3 |      2   |    u16 | Network ID (big endian) (0 : mainnet, 1 : testnet) |
 | `program_id`         |  0xb5 | variable |  bytes | Program ID to use |
 | `program_checksum`   |  0xc4 |     32   |  field | Program checksum (OPTIONAL) |
+| `r_hint          `   |  0xc5 |     32   | scalar | r hint (OPTIONAL) |
 | `function_name`      |  0xb6 | variable |  bytes | Function name to call |
 | `nested_calls_count` |  0xba |      1   |     u8 | The number of nested calls (INTENT ONLY) |
 | `input_count`        |  0xb7 |      1   |     u8 | The number of inputs |

diff --git a/fuzzing/CMakeLists.txt b/fuzzing/CMakeLists.txt
@@ -40,6 +40,7 @@ target_include_directories(
          ${APP_SRC}
          ${APP_SRC}/account
          ${APP_SRC}/crypto
+         ${APP_SRC}/db
          ${APP_SRC}/handler
          ${APP_SRC}/helper
          ${APP_SRC}/transaction

diff --git a/src/account/account.c b/src/account/account.c
@@ -234,7 +234,7 @@ int account_get_address_string(const uint32_t *path, uint8_t path_len, char addr
     bn_reverse(address_bn);
     bn_print(address_bn);
 
-    uint8_t data[64];
+    uint8_t data[ADDRESS_LEN + 1];
     size_t  datalen = 0;
     if ((status = bech32_convert_bits(data, &datalen, sizeof(data), 5, address_bn, 32, 8, 1)) < 0) {
         goto end;
@@ -300,7 +300,9 @@ int account_get_view_key_string(const uint32_t *path, uint8_t path_len, char vie
 
 int account_generate_keys(const uint32_t *path, uint8_t path_len, account_t *account)
 {
-    int status = 0;
+    int          status = 0;
+    bigint_256_t address_big_int;
+    uint8_t      address_bn[32];
 
     LEDGER_ASSERT(path != NULL, "NULL path");
     LEDGER_ASSERT(account != NULL, "NULL account");
@@ -329,6 +331,28 @@ int account_generate_keys(const uint32_t *path, uint8_t path_len, account_t *acc
     if ((status = graph_key_from_view_key(&account->view_key, &account->graph_key)) < 0) {
         goto error;
     }
+
+    field_to_big_int(&account->address.x, &address_big_int);
+    big_int_to_bn(&address_big_int, address_bn);
+
+    // Reverse bn
+    bn_reverse(address_bn);
+    bn_print(address_bn);
+
+    uint8_t data[ADDRESS_LEN + 1];
+    size_t  datalen = 0;
+    memset(account->address_str, 0, ADDRESS_LEN + 1);
+    if ((status = bech32_convert_bits(
+             data, &datalen, sizeof(data), 5, address_bn, sizeof(address_bn), 8, 1))
+        < 0) {
+        goto error;
+    }
+    if ((status = bech32_encode(
+             account->address_str, ADDRESS_PREFIX, data, datalen, BECH32_ENCODING_BECH32M))
+        < 0) {
+        goto error;
+    }
+
     return 0;
 
 error:

diff --git a/src/account/account.h b/src/account/account.h
@@ -29,7 +29,7 @@ typedef struct {
     scalar_t      view_key;
     group_t       address;
     field_t       graph_key;
-
+    char          address_str[ADDRESS_LEN + 1];
 } account_t;
 
 typedef struct {

diff --git a/src/account/signature.c b/src/account/signature.c
@@ -348,7 +348,7 @@ static void display_progression(uint8_t step)
     }
     else if (G_context.signing_state == SIGNING_STATE_NESTED_CALL) {
         text = "Prepare Tx";
-        current_step += step + ((1 + G_context.nested_call_offset) * 5);
+        current_step += step + (G_context.nested_call_offset * 5);
     }
     else {
         text = "Prepare Tx";
@@ -383,18 +383,29 @@ int sign_prepared_request(account_t *account, prepared_request_t *request)
 
     display_progression(1);
 
-    // Compute a `r` as `HashToScalar(sk_sig || nonce)`. Note: This is the transition secret key
-    // `tsk`.
-    _Static_assert(HASH_INPUT_MAX_LENGTH >= 7, "hash_input size won't fit");
-    memset(hash_input, 0, sizeof(hash_input));
-    memcpy(&hash_input[4], &SERIAL_NUMBER_DOMAIN, sizeof(field_t));
-    scalar_to_field(&account->private_key.sk_sig, &hash_input[5]);
-    memcpy(&hash_input[6], &nonce, sizeof(field_t));
-    if ((status = hash_to_scalar_psd4(hash_input, 4 + 3, &request->r)) < 0) {
-        goto end;
+    if (request->r_hint) {
+        // Use preprocessed 'r' from the request
+        bigint_256_t s;
+        bn_reverse(request->r_hint);
+        bn_to_big_int(request->r_hint, &s);
+        scalar_from_big_int(&request->r, &s);
+        PRINTF("r_hint : ");
+        scalar_println(&request->r);
+    }
+    else {
+        // Compute a `r` as `HashToScalar(sk_sig || nonce)`. Note: This is the transition secret key
+        // `tsk`.
+        _Static_assert(HASH_INPUT_MAX_LENGTH >= 7, "hash_input size won't fit");
+        memset(hash_input, 0, sizeof(hash_input));
+        memcpy(&hash_input[4], &SERIAL_NUMBER_DOMAIN, sizeof(field_t));
+        scalar_to_field(&account->private_key.sk_sig, &hash_input[5]);
+        memcpy(&hash_input[6], &nonce, sizeof(field_t));
+        if ((status = hash_to_scalar_psd4(hash_input, 4 + 3, &request->r)) < 0) {
+            goto end;
+        }
+        PRINTF("r : ");
+        scalar_println(&request->r);
     }
-    PRINTF("r : ");
-    scalar_println(&request->r);
     display_progression(2);
 
     // Compute `g_r` as `r * G`. Note: This is the transition public key `tpk`.
@@ -431,40 +442,7 @@ int sign_prepared_request(account_t *account, prepared_request_t *request)
     }
 
     // Compute the function ID.
-    function_id_datas_t function_id_datas;
-    memset(&function_id_datas, 0, sizeof(function_id_datas));
-    function_id_datas.network_id = request->network_id;
-    uint8_t is_name              = 1;
-    uint8_t offset               = 0;
-    for (size_t i = 0; i < request->program_id_length; i++) {
-        if (request->program_id[i] != '.') {
-            if (is_name) {
-                if (offset >= sizeof(function_id_datas.program_id_name)) {
-                    status = -1;
-                    goto end;
-                }
-                function_id_datas.program_id_name[offset++] = request->program_id[i];
-            }
-            else {
-                if (offset >= sizeof(function_id_datas.program_id_network)) {
-                    status = -1;
-                    goto end;
-                }
-                function_id_datas.program_id_network[offset++] = request->program_id[i];
-            }
-        }
-        else {
-            is_name = 0;
-            offset  = 0;
-        }
-    }
-    if (request->function_name_length >= sizeof(function_id_datas.function_name)) {
-        status = -1;
-        goto end;
-    }
-    memcpy(function_id_datas.function_name, request->function_name, request->function_name_length);
-
-    if ((status = bhp_1024_hash_function_id(&function_id_datas, &request->function_id)) < 0) {
+    if ((status = bhp_1024_hash_function_id(request)) < 0) {
         goto end;
     }
     PRINTF("function_id : ");

diff --git a/src/app_main.c b/src/app_main.c
@@ -114,7 +114,9 @@ void app_ticker_event_callback(void)
         G_context.fees_waiting_time_ms += 100;
         if (G_context.fees_waiting_time_ms > 15 * 1000) {
             G_context.signing_state = SIGNING_STATE_WAIT_INTENT;
+#ifndef FUZZ
             nbgl_useCaseReviewStatus(STATUS_TYPE_TRANSACTION_REJECTED, ui_menu_main);
+#endif  // FUZZ
         }
     }
 }
diff --git a/src/constants.h b/src/constants.h
@@ -53,7 +53,7 @@
 /**
  * Maximum number of inputs for a single signature.
  */
-#define MAX_NB_OF_INPUTS (8)
+#define MAX_NB_OF_INPUTS (16)
 
 /**
  * Maximum number of records for a single signature.

diff --git a/src/crypto/bhp_1024.c b/src/crypto/bhp_1024.c
@@ -25,38 +25,29 @@
 #include "os_utils.h"
 #include "cx.h"
 
-#include "bhp_1024_parameters.h"
+#include "db_program_function.h"
 #include "bhp_1024.h"
 
-int bhp_1024_hash_function_id(const function_id_datas_t *data, field_t *hash)
+int bhp_1024_hash_function_id(prepared_request_t *request)
 {
-    size_t             index         = 0;
-    size_t             program_index = 0;
-    function_hashes_t *functions     = NULL;
+    size_t                 index         = 0;
+    size_t                 program_index = 0;
+    function_parameters_t *functions     = NULL;
 
-    LEDGER_ASSERT(data != NULL, "NULL data");
-    LEDGER_ASSERT(hash != NULL, "NULL hash");
+    LEDGER_ASSERT(request != NULL, "NULL request");
 
-    if (data->network_id >= NETWORK_ID_COUNT) {
+    if (request->network_id >= NETWORK_ID_COUNT) {
         return -1;
     }
 
+    // Find program
     for (index = 0; index < NB_OF_PROGRAMS; index++) {
-        if (strlen(data->program_id_name) != strlen(PIC(bhp_1024_parameters[index].program_id))) {
+        if (request->program_id_length != strlen(PIC(program_parameters[index].program_id))) {
             continue;
         }
-        if (memcmp(data->program_id_name,
-                   PIC(bhp_1024_parameters[index].program_id),
-                   strlen(data->program_id_name))) {
-            continue;
-        }
-        if (strlen(data->program_id_network)
-            != strlen(PIC(bhp_1024_parameters[index].program_id_network))) {
-            continue;
-        }
-        if (memcmp(data->program_id_network,
-                   PIC(bhp_1024_parameters[index].program_id_network),
-                   strlen(data->program_id_network))) {
+        if (memcmp(request->program_id,
+                   PIC(program_parameters[index].program_id),
+                   request->program_id_length)) {
             continue;
         }
         break;
@@ -65,18 +56,23 @@ int bhp_1024_hash_function_id(const function_id_datas_t *data, field_t *hash)
     if (index >= NB_OF_PROGRAMS) {
         return -1;
     }
+
+    // Find program's function
     program_index = index;
-    functions     = PIC(bhp_1024_parameters[program_index].functions);
+    functions     = PIC(program_parameters[program_index].functions);
 
-    for (index = 0; index < bhp_1024_parameters[program_index].nb_of_functions; index++) {
-        if (strlen(data->function_name) != strlen(PIC(functions[index].string))) {
+    for (index = 0; index < program_parameters[program_index].nb_of_functions; index++) {
+        if (request->function_name_length != strlen(PIC(functions[index].string))) {
             continue;
         }
-        if (memcmp(
-                data->function_name, PIC(functions[index].string), strlen(data->function_name))) {
+        if (memcmp(request->function_name,
+                   PIC(functions[index].string),
+                   request->function_name_length)) {
             continue;
         }
-        memcpy(hash, PIC(&functions[index].hashes[data->network_id]), sizeof(field_t));
+        memcpy(&request->function_id,
+               PIC(&functions[index].bhp_1024_hashes[request->network_id]),
+               sizeof(field_t));
         return 0;
     }
 

diff --git a/src/crypto/bhp_1024.h b/src/crypto/bhp_1024.h
@@ -3,14 +3,6 @@
 #include <stdint.h>  // uint*_t
 #include "constants.h"
 
-#include "field.h"
+#include "types.h"
 
-typedef struct {
-    uint16_t network_id;
-    char     program_id_name[PROGRAM_ID_NAME_MAX_LEN + 1];
-    char     program_id_network[PROGRAM_ID_NETWORK_MAX_LEN + 1];
-    char     function_name[FUNCTION_NAME_MAX_LEN + 1];
-
-} function_id_datas_t;
-
-extern int bhp_1024_hash_function_id(const function_id_datas_t *data, field_t *hash);
+extern int bhp_1024_hash_function_id(prepared_request_t *request);
diff --git a/src/crypto/bhp_1024_parameters.c b/src/crypto/bhp_1024_parameters.c
diff --git a/src/crypto/bhp_1024_parameters.h b/src/crypto/bhp_1024_parameters.h