[Bug]: ownPublicKey() is not cryptographically safe

### Prerequisites

- [x] I have read the [Contributing Guidelines](https://github.com/OpenZeppelin/midnight-contracts/CONTRIBUTING.md#creating-an-issue).
- [x] I agree to follow the [Code of Conduct](https://github.com/OpenZeppelin/midnight-contracts/CODE_OF_CONDUCT.md).
- [x] I have searched for [existing issues](https://github.com/OpenZeppelin/midnight-contracts/issues) that already report this problem, without success.

### What are the steps to reproduce this issue?

In `Ownable.compact`
```
  export circuit assertOnlyOwner(): [] {
    Initializable_assertInitialized();
    const caller = ownPublicKey();
    assert(caller == _owner.left, "Ownable: caller is not the owner");
  }
```

### What happens?

`ownPublicKey()` is a witness call that provides user information.
This value is not constrained to the prover's actual key.
Therefore any value can be passed.

### What were you expecting to happen?

Use `hash(secret)` instead for ownership.

### Paste any relevant logs, error output, etc.

```shell

```

### Additional context

_No response_

### Code Reproduction URL

_No response_

### Version

0.29.0 (Default)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug]: ownPublicKey() is not cryptographically safe #418

Prerequisites

What are the steps to reproduce this issue?

What happens?

What were you expecting to happen?

Paste any relevant logs, error output, etc.

Additional context

Code Reproduction URL

Version

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Bug]: ownPublicKey() is not cryptographically safe #418

Description

Prerequisites

What are the steps to reproduce this issue?

What happens?

What were you expecting to happen?

Paste any relevant logs, error output, etc.

Additional context

Code Reproduction URL

Version

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions