@aptos-labs/ts-sdk 1.14.0-zeta.0 → 1.14.0-zeta.1

package/src/account/KeylessAccount.ts

@@ -2,21 +2,20 @@
 // SPDX-License-Identifier: Apache-2.0
 
 import { JwtPayload, jwtDecode } from "jwt-decode";
+import { JwksClient } from "jwks-rsa";
 import { decode } from "base-64";
 import EventEmitter from "eventemitter3";
-import { HexInput, SigningScheme } from "../types";
+import { EphemeralCertificateVariant, HexInput, SigningScheme } from "../types";
 import { AccountAddress } from "../core/accountAddress";
 import {
   AnyPublicKey,
   AnySignature,
   KeylessPublicKey,
   KeylessSignature,
-  OpenIdSignature,
-  OpenIdSignatureOrZkProof,
+  EphemeralCertificate,
   Signature,
-  SignedGroth16Signature,
-  computeAddressSeed,
-  fromDerivationPath as fromDerivationPathInner,
+  ZeroKnowledgeSig,
+  ZkProof,
 } from "../core/crypto";
 
 import { Account } from "./Account";
@@ -24,64 +23,44 @@ import { EphemeralKeyPair } from "./EphemeralKeyPair";
 import { Hex } from "../core/hex";
 import { AccountAuthenticatorSingleKey } from "../transactions/authenticator/account";
 import { Deserializer, Serializable, Serializer } from "../bcs";
-import { deriveTransactionType, generateSigningMessage } from "../transactions/transactionBuilder/signingMessage";
-import { AnyRawTransaction } from "../transactions/types";
-
-function base64UrlDecode(base64Url: string): string {
-  // Replace base64url-specific characters
-  const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
-  // Pad the string with '=' characters if needed
-  const paddedBase64 = base64 + "==".substring(0, (3 - (base64.length % 3)) % 3);
-  // Decode the base64 string using the base-64 library
-  const decodedString = decode(paddedBase64);
-  return decodedString;
-}
-
-export type ProofFetchSuccess = {
-  status: "Success";
-};
+import {
+  deriveTransactionType,
+  generateSigningMessageForSerializable,
+} from "../transactions/transactionBuilder/signingMessage";
+import { AnyRawTransaction, AnyRawTransactionInstance } from "../transactions/types";
 
-export type ProofFetchFailure = {
-  status: "Failed";
-  error: string;
+export const IssuerToJwkEndpoint: Record<string, string> = {
+  "https://accounts.google.com": "https://www.googleapis.com/oauth2/v3/certs",
 };
 
-export type ProofFetchStatus = ProofFetchSuccess | ProofFetchFailure
-
-export type ProofFetchCallback = (status: ProofFetchStatus) => Promise<void>;
-
-export interface ProofFetchEvents {
-  proofFetchFinish: (status: ProofFetchStatus) => void;
-}
-
 export class KeylessAccount extends Serializable implements Account {
   static readonly PEPPER_LENGTH: number = 31;
 
-  static readonly SLIP_0010_SEED: string = "32 bytes";
+  readonly publicKey: KeylessPublicKey;
 
-  publicKey: KeylessPublicKey;
+  readonly ephemeralKeyPair: EphemeralKeyPair;
 
-  ephemeralKeyPair: EphemeralKeyPair;
+  readonly uidKey: string;
 
-  uidKey: string;
+  readonly uidVal: string;
 
-  uidVal: string;
+  readonly aud: string;
 
-  aud: string;
+  readonly pepper: Uint8Array;
 
-  pepper: Uint8Array;
+  readonly accountAddress: AccountAddress;
 
-  accountAddress: AccountAddress;
+  proof: ZeroKnowledgeSig | undefined;
 
-  proof: SignedGroth16Signature | undefined;
+  readonly proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
 
-  proofOrPromise: SignedGroth16Signature | Promise<SignedGroth16Signature>;
+  readonly signingScheme: SigningScheme;
 
-  signingScheme: SigningScheme;
+  private jwt: string;
 
-  jwt: string;
+  private isJwtValid: boolean;
 
-  emitter: EventEmitter<ProofFetchEvents>;
+  readonly emitter: EventEmitter<ProofFetchEvents>;
 
   constructor(args: {
     address?: AccountAddress;
@@ -91,15 +70,14 @@ export class KeylessAccount extends Serializable implements Account {
     uidVal: string;
     aud: string;
     pepper: HexInput;
-    proofOrFetcher: SignedGroth16Signature | Promise<SignedGroth16Signature>;
-    proofFetchCallback?: ProofFetchCallback
+    proofOrFetcher: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
+    proofFetchCallback?: ProofFetchCallback;
     jwt: string;
   }) {
     super();
-    const { address, ephemeralKeyPair, iss, uidKey, uidVal, aud, pepper, proofOrFetcher, proofFetchCallback, jwt } = args;
+    const { address, ephemeralKeyPair, uidKey, uidVal, aud, pepper, proofOrFetcher, proofFetchCallback, jwt } = args;
     this.ephemeralKeyPair = ephemeralKeyPair;
-    const addressSeed = computeAddressSeed(args);
-    this.publicKey = new KeylessPublicKey(iss, addressSeed);
+    this.publicKey = KeylessPublicKey.create(args);
     this.accountAddress = address ? AccountAddress.from(address) : this.publicKey.authKey().derivedAddress();
     this.uidKey = uidKey;
     this.uidVal = uidVal;
@@ -107,11 +85,11 @@ export class KeylessAccount extends Serializable implements Account {
     this.jwt = jwt;
     this.emitter = new EventEmitter<ProofFetchEvents>();
     this.proofOrPromise = proofOrFetcher;
-    if (proofOrFetcher instanceof SignedGroth16Signature) {
+    if (proofOrFetcher instanceof ZeroKnowledgeSig) {
       this.proof = proofOrFetcher;
     } else {
       if (proofFetchCallback === undefined) {
-        throw new Error("Must provide callback for async proof fetch")
+        throw new Error("Must provide callback for async proof fetch");
       }
       this.emitter.on("proofFetchFinish", async (status) => {
         await proofFetchCallback(status);
@@ -119,25 +97,28 @@ export class KeylessAccount extends Serializable implements Account {
       });
       this.init(proofOrFetcher);
     }
-    
-
     this.signingScheme = SigningScheme.SingleKey;
     const pepperBytes = Hex.fromHexInput(pepper).toUint8Array();
     if (pepperBytes.length !== KeylessAccount.PEPPER_LENGTH) {
       throw new Error(`Pepper length in bytes should be ${KeylessAccount.PEPPER_LENGTH}`);
     }
     this.pepper = pepperBytes;
+    this.isJwtValid = true;
   }
 
-  async init(promise: Promise<SignedGroth16Signature>) {
+  /**
+   * This initializes the asyncronous proof fetch
+   * @return
+   */
+  async init(promise: Promise<ZeroKnowledgeSig>) {
     try {
       this.proof = await promise;
-      this.emitter.emit("proofFetchFinish", {status: "Success"});
+      this.emitter.emit("proofFetchFinish", { status: "Success" });
     } catch (error) {
       if (error instanceof Error) {
-        this.emitter.emit("proofFetchFinish", {status: "Failed", error: error.toString()});
+        this.emitter.emit("proofFetchFinish", { status: "Failed", error: error.toString() });
       } else {
-        this.emitter.emit("proofFetchFinish", {status: "Failed", error: "Unknown"});
+        this.emitter.emit("proofFetchFinish", { status: "Failed", error: "Unknown" });
       }
     }
   }
@@ -148,7 +129,7 @@ export class KeylessAccount extends Serializable implements Account {
     serializer.serializeFixedBytes(this.pepper);
     this.ephemeralKeyPair.serialize(serializer);
     if (this.proof === undefined) {
-      throw new Error("Connot serialize - proof undefined")
+      throw new Error("Connot serialize - proof undefined");
     }
     this.proof.serialize(serializer);
   }
@@ -158,7 +139,7 @@ export class KeylessAccount extends Serializable implements Account {
     const uidKey = deserializer.deserializeStr();
     const pepper = deserializer.deserializeFixedBytes(31);
     const ephemeralKeyPair = EphemeralKeyPair.deserialize(deserializer);
-    const proof = SignedGroth16Signature.deserialize(deserializer);
+    const proof = ZeroKnowledgeSig.deserialize(deserializer);
     return KeylessAccount.fromJWTAndProof({
       proof,
       pepper,
@@ -168,98 +149,116 @@ export class KeylessAccount extends Serializable implements Account {
     });
   }
 
+  /**
+   * Checks if the proof is expired.  If so the account must be rederived with a new EphemeralKeyPair
+   * and JWT token.
+   * @return boolean
+   */
   isExpired(): boolean {
     return this.ephemeralKeyPair.isExpired();
   }
 
-  bcsToBytes(): Uint8Array {
-    const serializer = new Serializer();
-    this.serialize(serializer);
-    return serializer.toUint8Array();
-  }
-
-  bcsToHex(): Hex {
-    const bcsBytes = this.bcsToBytes();
-    return Hex.fromHexInput(bcsBytes);
+  /**
+   * Checks if the the JWK used to verify the token still exists on the issuer's JWK uri.
+   * Caches the result.
+   * @return boolean
+   */
+  async checkJwkValidity(): Promise<boolean> {
+    if (!this.isJwtValid) {
+      return false;
+    }
+    const jwtHeader = jwtDecode(this.jwt, { header: true });
+    const client = new JwksClient({
+      jwksUri: IssuerToJwkEndpoint[this.publicKey.iss],
+    });
+    try {
+      await client.getSigningKey(jwtHeader.kid);
+      return true;
+    } catch (error) {
+      this.isJwtValid = false;
+      return false;
+    }
   }
 
+  /**
+   * Sign a message using Keyless.
+   * @param message the message to sign, as binary input
+   * @return the AccountAuthenticator containing the signature, together with the account's public key
+   */
   signWithAuthenticator(message: HexInput): AccountAuthenticatorSingleKey {
     const signature = new AnySignature(this.sign(message));
     const publicKey = new AnyPublicKey(this.publicKey);
     return new AccountAuthenticatorSingleKey(publicKey, signature);
   }
 
+  /**
+   * Sign a transaction using Keyless.
+   * @param transaction the raw transaction
+   * @return the AccountAuthenticator containing the signature of the transaction, together with the account's public key
+   */
   signTransactionWithAuthenticator(transaction: AnyRawTransaction): AccountAuthenticatorSingleKey {
-    const raw = deriveTransactionType(transaction);
-    const signature = new AnySignature(this.sign(raw.bcsToBytes()));
+    const signature = new AnySignature(this.signTransaction(transaction));
     const publicKey = new AnyPublicKey(this.publicKey);
     return new AccountAuthenticatorSingleKey(publicKey, signature);
   }
 
+  /**
+   * Waits for asyncronous proof fetching to finish.
+   * @return
+   */
   async waitForProofFetch() {
     if (this.proofOrPromise instanceof Promise) {
       await this.proofOrPromise;
     }
   }
 
-  sign(data: HexInput): Signature {
+  /**
+   * Sign the given message using Keyless.
+   * @param message in HexInput format
+   * @returns Signature
+   */
+  sign(data: HexInput): KeylessSignature {
     const { expiryDateSecs } = this.ephemeralKeyPair;
-    const currentTimeInSeconds = Math.floor(new Date().getTime() / 1000);
-    if (expiryDateSecs < currentTimeInSeconds) {
+    if (this.isExpired()) {
       throw new Error("Ephemeral key pair is expired.");
     }
     if (this.proof === undefined) {
       throw new Error("Proof not found");
     }
-    const jwtHeader = this.jwt.split(".")[0];
+    if (!this.isJwtValid) {
+      throw new Error("The proof has expired. Please refetch proof");
+    }
     const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();
-
-    const serializer = new Serializer();
-    serializer.serializeFixedBytes(Hex.fromHexInput(data).toUint8Array());
-    serializer.serializeOption(this.proof.proof);
-    const signMess = generateSigningMessage(serializer.toUint8Array(), "APTOS::TransactionAndProof");
-
-    const ephemeralSignature = this.ephemeralKeyPair.sign(signMess);
+    const ephemeralSignature = this.ephemeralKeyPair.sign(data);
 
     return new KeylessSignature({
-      jwtHeader: base64UrlDecode(jwtHeader),
-      openIdSignatureOrZkProof: new OpenIdSignatureOrZkProof(this.proof),
+      jwtHeader: base64UrlDecode(this.jwt.split(".")[0]),
+      ephemeralCertificate: new EphemeralCertificate(this.proof, EphemeralCertificateVariant.ZkProof),
       expiryDateSecs,
       ephemeralPublicKey,
       ephemeralSignature,
     });
   }
 
-  signTransaction(transaction: AnyRawTransaction): Signature {
+  /**
+   * Sign the given transaction with Keyless.
+   * Signs the transaction and proof to guard against proof malleability.
+   * @param transaction the transaction to be signed
+   * @returns KeylessSignature
+   */
+  signTransaction(transaction: AnyRawTransaction): KeylessSignature {
+    if (this.proof === undefined) {
+      throw new Error("Proof not found");
+    }
     const raw = deriveTransactionType(transaction);
-    return this.sign(raw.bcsToBytes());
-  }
-
-  signWithOpenIdSignature(data: HexInput): Signature {
-    const [jwtHeader, jwtPayload, jwtSignature] = this.jwt.split(".");
-    const openIdSig = new OpenIdSignature({
-      jwtSignature,
-      jwtPayloadJson: jwtPayload,
-      uidKey: this.uidKey,
-      epkBlinder: this.ephemeralKeyPair.blinder,
-      pepper: this.pepper,
-    });
-
-    const { expiryDateSecs } = this.ephemeralKeyPair;
-    const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();
-    const ephemeralSignature = this.ephemeralKeyPair.sign(data);
-    return new KeylessSignature({
-      jwtHeader,
-      openIdSignatureOrZkProof: new OpenIdSignatureOrZkProof(openIdSig),
-      expiryDateSecs,
-      ephemeralPublicKey,
-      ephemeralSignature,
-    });
+    const txnAndProof = new TransactionAndProof(raw, this.proof.proof);
+    const signMess = generateSigningMessageForSerializable(txnAndProof);
+    return this.sign(signMess);
   }
 
   // eslint-disable-next-line @typescript-eslint/no-unused-vars, class-methods-use-this
   verifySignature(args: { message: HexInput; signature: Signature }): boolean {
-    return true;
+    throw new Error("Not implemented");
   }
 
   static fromBytes(bytes: Uint8Array): KeylessAccount {
@@ -267,7 +266,7 @@ export class KeylessAccount extends Serializable implements Account {
   }
 
   static fromJWTAndProof(args: {
-    proof: SignedGroth16Signature | Promise<SignedGroth16Signature>;
+    proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
     jwt: string;
     ephemeralKeyPair: EphemeralKeyPair;
     pepper: HexInput;
@@ -296,8 +295,48 @@ export class KeylessAccount extends Serializable implements Account {
       proofFetchCallback,
     });
   }
+}
+
+class TransactionAndProof extends Serializable {
+  transaction: AnyRawTransactionInstance;
+
+  proof?: ZkProof;
+
+  constructor(transaction: AnyRawTransactionInstance, proof?: ZkProof) {
+    super();
+    this.transaction = transaction;
+    this.proof = proof;
+  }
 
-  static fromDerivationPath(path: string, seed: Uint8Array): Uint8Array {
-    return fromDerivationPathInner(path, KeylessAccount.SLIP_0010_SEED, seed);
+  serialize(serializer: Serializer): void {
+    serializer.serializeFixedBytes(this.transaction.bcsToBytes());
+    serializer.serializeOption(this.proof);
   }
 }
+
+function base64UrlDecode(base64Url: string): string {
+  // Replace base64url-specific characters
+  const base64 = base64Url.replace(/-/g, "+").replace(/_/g, "/");
+  // Pad the string with '=' characters if needed
+  const paddedBase64 = base64 + "==".substring(0, (3 - (base64.length % 3)) % 3);
+  // Decode the base64 string using the base-64 library
+  const decodedString = decode(paddedBase64);
+  return decodedString;
+}
+
+export type ProofFetchSuccess = {
+  status: "Success";
+};
+
+export type ProofFetchFailure = {
+  status: "Failed";
+  error: string;
+};
+
+export type ProofFetchStatus = ProofFetchSuccess | ProofFetchFailure;
+
+export type ProofFetchCallback = (status: ProofFetchStatus) => Promise<void>;
+
+export interface ProofFetchEvents {
+  proofFetchFinish: (status: ProofFetchStatus) => void;
+}

package/src/account/MultiKeyAccount.ts

@@ -124,6 +124,10 @@ export class MultiKeyAccount implements Account {
     return new AccountAuthenticatorMultiKey(this.publicKey, this.signTransaction(transaction));
   }
 
+  /**
+   * Waits for any proofs to be fetched
+   * @return
+   */
   async waitForProofFetch() {
     const keylessSigners = this.signers.filter((signer) => signer instanceof KeylessAccount) as KeylessAccount[];
     await Promise.all(keylessSigners.filter((signer) => signer.proof instanceof Promise).map((signer) => signer.proof));

package/src/api/keyless.ts

@@ -7,21 +7,34 @@ import { HexInput } from "../types";
 import { AptosConfig } from "./aptosConfig";
 
 /**
- * A class to query all `OIDB` related queries on Aptos.
+ * A class to query all `Keyless` related queries on Aptos.
  */
 export class Keyless {
   constructor(readonly config: AptosConfig) {}
 
   /**
-   * TODO
+   * Fetches the pepper from the Aptos pepper service API.
    *
-   * @param args.jwt jwt token
-   * @returns The pepper
+   * @param args.jwt JWT token
+   * @param args.ephemeralKeyPair the EphemeralKeyPair used to generate the nonce in the JWT token
+   * @returns The pepper which is a Uint8Array of length 31.
    */
   async getPepper(args: { jwt: string; ephemeralKeyPair: EphemeralKeyPair }): Promise<Uint8Array> {
     return getPepper({ aptosConfig: this.config, ...args });
   }
 
+  /**
+   * Fetches the pepper from the Aptos pepper service API.
+   *
+   * @param args.jwt JWT token
+   * @param args.ephemeralKeyPair the EphemeralKeyPair used to generate the nonce in the JWT token
+   * @param args.uidKey a key in the JWT token to use to set the uidVal in the IdCommitment
+   * @param args.pepper the pepper
+   * @param args.extraFieldKey a key in the JWT token used to reveal a value on chain
+   * @param args.proofFetchCallback a callback function that if set, the fetch of the proof will be done asyncronously. Once
+   * if finishes the callback function will be called.
+   * @returns A KeylessAccount that can be used to sign transactions
+   */
   async deriveKeylessAccount(args: {
     jwt: string;
     ephemeralKeyPair: EphemeralKeyPair;

package/src/bcs/deserializer.ts

@@ -56,6 +56,46 @@ export class Deserializer {
     return textDecoder.decode(value);
   }
 
+  /**
+   * Deserializes a an optional string.
+   *
+   * BCS layout for Optional<String>: 0 if none, else 1 | string_length | string_content
+   * @example
+   * ```ts
+   * const deserializer = new Deserializer(new Uint8Array([0x00]));
+   * assert(deserializer.deserializeOptionStr() === undefined);
+   * const deserializer = new Deserializer(new Uint8Array([1, 8, 49, 50, 51, 52, 97, 98, 99, 100]));
+   * assert(deserializer.deserializeOptionStr() === "1234abcd");
+   * ```
+   */
+  deserializeOptionStr(): string | undefined {
+    const exists = this.deserializeUleb128AsU32();
+    if (exists === 1) {
+      return this.deserializeStr();
+    }
+    return undefined;
+  }
+
+  /**
+   * Deserializes a an optional string.
+   *
+   * BCS layout for Optional<String>: 0 if none, else 1 | string_length | string_content
+   * @example
+   * ```ts
+   * const deserializer = new Deserializer(new Uint8Array([0x00]));
+   * assert(deserializer.deserializeOptionStr() === undefined);
+   * const deserializer = new Deserializer(new Uint8Array([1, 8, 49, 50, 51, 52, 97, 98, 99, 100]));
+   * assert(deserializer.deserializeOptionStr() === "1234abcd");
+   * ```
+   */
+  deserializeOption<T>(cls: Deserializable<T>): T | undefined {
+    const exists = this.deserializeUleb128AsU32();
+    if (exists === 1) {
+      return this.deserialize(cls);
+    }
+    return undefined;
+  }
+
   /**
    * Deserializes an array of bytes.
    *

package/src/client/core.ts

@@ -110,7 +110,7 @@ export async function aptosRequest<Req extends {}, Res extends {}>(
     throw new AptosApiError(options, result, `${response.data}`);
   }
 
-  if (aptosConfig.isPepperServiceRequest(url)) {
+  if (aptosConfig.isPepperServiceRequest(url) || aptosConfig.isProverServiceRequest(url)) {
     throw new AptosApiError(options, result, `${response.data}`);
   }
 

package/src/client/types.ts

@@ -41,7 +41,7 @@ export class AptosApiError extends Error {
 
   readonly statusText: string;
 
-  readonly data: any;
+  readonly data: { message: string; error_code?: string; vm_error_code?: number };
 
   readonly request: AptosRequest;
 

package/src/core/account/index.ts

@@ -1,2 +1 @@
 export * from "./utils";
-

package/src/core/crypto/ed25519.ts

@@ -7,7 +7,7 @@ import { Serializable, Serializer } from "../../bcs/serializer";
 import { AuthenticationKey } from "../authenticationKey";
 import { Hex } from "../hex";
 import { HexInput, SigningScheme as AuthenticationKeyScheme } from "../../types";
-import { isValidHardenedPath, fromDerivationPath as fromDerivationPathInner, mnemonicToSeed } from "./hdKey";
+import { CKDPriv, deriveKey, HARDENED_OFFSET, isValidHardenedPath, mnemonicToSeed, splitPath } from "./hdKey";
 import { PrivateKey } from "./privateKey";
 import { AccountPublicKey, VerifySignatureArgs } from "./publicKey";
 import { Signature } from "./signature";
@@ -185,9 +185,29 @@ export class Ed25519PrivateKey extends Serializable implements PrivateKey {
     if (!isValidHardenedPath(path)) {
       throw new Error(`Invalid derivation path ${path}`);
     }
-    return new Ed25519PrivateKey(
-      fromDerivationPathInner(path, Ed25519PrivateKey.SLIP_0010_SEED, mnemonicToSeed(mnemonics)),
-    );
+    return Ed25519PrivateKey.fromDerivationPathInner(path, mnemonicToSeed(mnemonics));
+  }
+
+  /**
+   * A private inner function so we can separate from the main fromDerivationPath() method
+   * to add tests to verify we create the keys correctly.
+   *
+   * @param path the BIP44 path
+   * @param seed the seed phrase created by the mnemonics
+   * @param offset the offset used for key derivation, defaults to 0x80000000
+   * @returns
+   */
+  private static fromDerivationPathInner(path: string, seed: Uint8Array, offset = HARDENED_OFFSET): Ed25519PrivateKey {
+    const { key, chainCode } = deriveKey(Ed25519PrivateKey.SLIP_0010_SEED, seed);
+
+    const segments = splitPath(path).map((el) => parseInt(el, 10));
+
+    // Derive the child key based on the path
+    const { key: privateKey } = segments.reduce((parentKeys, segment) => CKDPriv(parentKeys, segment + offset), {
+      key,
+      chainCode,
+    });
+    return new Ed25519PrivateKey(privateKey);
   }
 
   // endregion

package/src/core/crypto/ephemeral.ts

@@ -6,16 +6,19 @@ import { Ed25519PublicKey, Ed25519Signature } from "./ed25519";
 import { Hex } from "../hex";
 
 /**
- * Represents ephemeral keys and signatures for Aptos Keyless accounts.
+ * Represents ephemeral public keys for Aptos Keyless accounts.
  *
- * TODO
+ * These are not public keys used as a public key on an account.  They are only used ephemerally on Keyless accounts.
  */
 export class EphemeralPublicKey extends PublicKey {
   /**
-   * Reference to the inner public key
+   * The public key itself
    */
   public readonly publicKey: PublicKey;
 
+  /**
+   * An enum indicating the scheme of the ephemeral public key
+   */
   public readonly variant: EphemeralPublicKeyVariant;
 
   constructor(publicKey: PublicKey) {
@@ -41,19 +44,10 @@ export class EphemeralPublicKey extends PublicKey {
   }
 
   /**
-   * Get the public key as a hex string with the 0x prefix.
-   *
-   * @returns string representation of the public key
-   */
-  toString(): string {
-    return this.bcsToHex().toString();
-  }
-
-  /**
-   * Verifies a signed data with a public key
+   * Verifies a signed data with a the ephemeral public key
    *
    * @param args.message message
-   * @param args.signature The signature
+   * @param args.signature The signature that was signed by the private key of the ephemeral public key
    * @returns true if the signature is valid
    */
   verifySignature(args: { message: HexInput; signature: EphemeralSignature }): boolean {
@@ -83,13 +77,17 @@ export class EphemeralPublicKey extends PublicKey {
   static isPublicKey(publicKey: PublicKey): publicKey is EphemeralPublicKey {
     return publicKey instanceof EphemeralPublicKey;
   }
-
-  isEd25519(): this is Ed25519PublicKey {
-    return this.publicKey instanceof Ed25519PublicKey;
-  }
 }
 
+/**
+ * Represents ephemeral signatures used in Aptos Keyless accounts.
+ *
+ * These signatures are used inside of KeylessSignature
+ */
 export class EphemeralSignature extends Signature {
+  /**
+   * The signature signed by the private key of an EphemeralKeyPair
+   */
   public readonly signature: Signature;
 
   constructor(signature: Signature) {
@@ -110,16 +108,7 @@ export class EphemeralSignature extends Signature {
    * @returns Uint8Array representation of the public key
    */
   toUint8Array(): Uint8Array {
-    return this.signature.toUint8Array();
-  }
-
-  /**
-   * Get the public key as a hex string with the 0x prefix.
-   *
-   * @returns string representation of the public key
-   */
-  toString(): string {
-    return this.signature.toString();
+    return this.bcsToBytes();
   }
 
   static fromHex(hexInput: HexInput): EphemeralSignature {