0xMiden · onurinanc · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -117,6 +117,7 @@
 - Added trace row counts to `bench-tx.json` ([#2794](https://github.com/0xMiden/protocol/pull/2794)).
 - [BREAKING] Renamed `set_attachment` to `add_attachment`, `set_word_attachment` to `add_word_attachment`, and `set_array_attachment` to `add_array_attachment` in `miden::protocol::output_note` ([#2795](https://github.com/0xMiden/protocol/pull/2795), [#2849](https://github.com/0xMiden/protocol/pull/2849)).
 - Added foundations for `AuthMultisigSmart` ([#2806](https://github.com/0xMiden/protocol/pull/2806)).
+- Extended `AuthMultisigSmart` with a `DelayedExecutionPolicy` and a `delayed_execution` module that exposes a timelock-controlled propose/cancel/execute flow, surfaced through `update_delayed_execution_policy`, `propose_transaction`, `cancel_transaction_proposal`, `cancel_and_propose_new_transaction`, and `execute_proposed_transaction` ([#3044](https://github.com/0xMiden/protocol/pull/3044)).
 - Added `tx::get_tx_script_root` kernel procedure returning the root of the executed transaction script (empty word if no script was executed) ([#2816](https://github.com/0xMiden/protocol/pull/2816)).
 - Added `AuthNetworkAccount` auth component that rejects transactions which execute a tx script or consume input notes outside of a fixed allowlist of note script roots ([#2817](https://github.com/0xMiden/protocol/pull/2817)).
 - Added basic blocklist transfer policy with owner-managed admin (`block_account`/`unblock_account`) and runtime policy switching via the protocol-reserved asset callback slots ([#2820])(https://github.com/0xMiden/protocol/pull/2820).

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -63,6 +63,7 @@ anyhow          = { default-features = false, features = ["backtrace", "std"], v
 assert_matches  = { default-features = false, version = "1.5" }
 bon             = { default-features = false, version = "3" }
 criterion       = { default-features = false, version = "0.5" }
+either          = { default-features = false, version = "1.16" }
 fs-err          = { default-features = false, version = "3" }
 primitive-types = { default-features = false, version = "0.14" }
 rand            = { default-features = false, version = "0.9" }

diff --git a/crates/miden-protocol/asm/kernels/transaction/lib/tx.masm b/crates/miden-protocol/asm/kernels/transaction/lib/tx.masm
@@ -106,6 +106,11 @@ pub use memory::get_tx_script_root
 #!
 #! Where:
 #! - block_height_delta is the desired expiration time delta (1 to 0xFFFF).
+#!
+#! Panics if:
+#! - block_height_delta is not a valid `u32` (`ERR_TX_INVALID_EXPIRATION_DELTA`).
+#! - block_height_delta is zero (`ERR_TX_INVALID_EXPIRATION_DELTA`).
+#! - block_height_delta is greater than 0xFFFF (`ERR_TX_INVALID_EXPIRATION_DELTA`).
 pub proc update_expiration_block_delta
     # Ensure block_height_delta is between 1 and 0xFFFF (inclusive)
     dup neq.0 assert.err=ERR_TX_INVALID_EXPIRATION_DELTA

diff --git a/crates/miden-protocol/asm/protocol/tx.masm b/crates/miden-protocol/asm/protocol/tx.masm
@@ -281,6 +281,11 @@ end
 #! Where:
 #! - block_height_delta is the desired expiration time delta (1 to 0xFFFF).
 #!
+#! Panics if:
+#! - block_height_delta is not a valid `u32`.
+#! - block_height_delta is zero.
+#! - block_height_delta is greater than 0xFFFF.
+#!
 #! Annotation hint: is not used anywhere
 pub proc update_expiration_block_delta
     push.TX_UPDATE_EXPIRATION_BLOCK_DELTA_OFFSET

diff --git a/crates/miden-standards/asm/account_components/auth/multisig_smart.masm b/crates/miden-standards/asm/account_components/auth/multisig_smart.masm
@@ -4,12 +4,16 @@
 
 use miden::standards::auth::multisig
 use miden::standards::auth::multisig_smart
+use miden::standards::auth::multisig_smart::delayed_execution
 
 pub use multisig::get_threshold_and_num_approvers
 pub use multisig::get_signer_at
 pub use multisig::is_signer
 pub use multisig_smart::set_procedure_policy
 pub use multisig_smart::update_signers_and_threshold
+pub use delayed_execution::update_delayed_execution_policy
+pub use delayed_execution::propose_transaction
+pub use delayed_execution::cancel_transaction_proposal
 
 #! Authenticate a transaction using multisig smart-policy rules.
 #!

diff --git a/crates/miden-standards/asm/standards/auth/multisig.masm b/crates/miden-standards/asm/standards/auth/multisig.masm
@@ -486,6 +486,29 @@ pub proc get_threshold_and_num_approvers
     # => [default_threshold, num_approvers]
 end
 
+#! Verifies the configured approver signatures over `MSG` and returns how many of them are valid.
+#!
+#! Thin wrapper over [`signature::verify_signatures`] that supplies this component's approver
+#! public-key and scheme-id storage slots, so callers don't need to know the slot layout. It does
+#! not enforce any threshold, the caller compares the returned count against the required threshold.
+#!
+#! Inputs:  [num_of_approvers, MSG]
+#! Outputs: [num_verified_signatures, MSG]
+#!
+#! Invocation: exec
+pub proc verify_signatures
+    # => [num_of_approvers, MSG]
+
+    push.APPROVER_PUBLIC_KEYS_SLOT[0..2]
+    # => [pub_key_slot_suffix, pub_key_slot_prefix, num_of_approvers, MSG]
+
+    push.APPROVER_SCHEME_ID_SLOT[0..2]
+    # => [scheme_id_slot_suffix, scheme_id_slot_prefix, pub_key_slot_suffix, pub_key_slot_prefix, num_of_approvers, MSG]
+
+    exec.::miden::standards::auth::signature::verify_signatures
+    # => [num_verified_signatures, MSG]
+end
+
 #! Sets or clears a per-procedure threshold override.
 #!
 #! Inputs: [proc_threshold, PROC_ROOT]