@arcium-hq/client 0.6.1 → 0.6.3

package/build/index.cjs

@@ -499,7 +499,11 @@ function randMatrix(field, nrows, ncols) {
 /**
  * Curve25519 base field as an IField instance.
  */
-const CURVE25519_BASE_FIELD = ed25519.ed25519.CURVE.Fp;
+const CURVE25519_BASE_FIELD = ed25519.ed25519.Point.Fp;
+/**
+ * Curve25519 scalar field as an IField instance.
+ */
+const CURVE25519_SCALAR_FIELD = ed25519.ed25519.Point.Fn;
 // Security level for the block cipher.
 const SECURITY_LEVEL_BLOCK_CIPHER = 128;
 // Security level for the hash function.
@@ -895,8 +899,8 @@ class RescuePrimeHash {
     /**
      * Constructs a RescuePrimeHash instance with rate = 7 and capacity = 5.
      */
-    constructor() {
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'hash', m: 12, capacity: 5 });
+    constructor(field) {
+        this.desc = new RescueDesc(field, { kind: 'hash', m: 12, capacity: 5 });
         this.rate = 7;
         this.digestLength = 5;
     }
@@ -950,15 +954,32 @@ const RESCUE_CIPHER_BLOCK_SIZE = 5;
  * The Rescue cipher in Counter (CTR) mode, with a fixed block size m = 5.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
  */
-class RescueCipher {
+class RescueCipherCommon {
     desc;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Constructs a RescueCipherCommon instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
      * @param sharedSecret - The shared secret to derive the cipher key from.
      */
-    constructor(sharedSecret) {
-        const hasher = new RescuePrimeHash();
+    constructor(sharedSecret, field) {
+        if (sharedSecret.length != 32) {
+            throw Error(`sharedSecret must be of length 32 (found ${sharedSecret.length})`);
+        }
+        const hasher = new RescuePrimeHash(field);
+        // In case `field` is different from CURVE25519_BASE_FIELD we need to injectively map sharedSecret
+        // to a vector of elements over `field`.
+        const converted = [];
+        if (field === CURVE25519_BASE_FIELD) {
+            converted.push(deserializeLE(sharedSecret));
+        }
+        else {
+            // We chunk sharedSecret by field.BYTES - 1 and convert.
+            const chunkSize = field.BYTES - 1;
+            const nChunks = Math.ceil(sharedSecret.length / chunkSize);
+            for (let i = 0; i < nChunks; ++i) {
+                converted.push(deserializeLE(sharedSecret.slice(i * chunkSize, (i + 1) * chunkSize)));
+            }
+        }
         // We follow [Section 4, Option 1.](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf).
         // For our choice of hash function, we have:
         // - H_outputBits = hasher.digestLength = RESCUE_CIPHER_BLOCK_SIZE
@@ -967,9 +988,9 @@ class RescueCipher {
         // - L = RESCUE_CIPHER_BLOCK_SIZE.
         // Build the vector `counter || Z || FixedInfo` (we only have i = 1, since reps = 1).
         // For the FixedInfo we simply take L.
-        const counter = [1n, deserializeLE(sharedSecret), BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
+        const counter = [1n, ...converted, BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
         const rescueKey = hasher.digest(counter);
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'cipher', key: rescueKey });
+        this.desc = new RescueDesc(field, { kind: 'cipher', key: rescueKey });
     }
     /**
      * Encrypts the plaintext vector in Counter (CTR) mode (raw, returns bigints).
@@ -991,7 +1012,7 @@ class RescueCipher {
             const ciphertext = [];
             for (let i = 0; i < ptxt.length; ++i) {
                 if (!verifyBinSize(ptxt[i], binSize - 1n) || ctSignBit(ptxt[i], binSize) || !ctLt(ptxt[i], desc.field.ORDER, binSize)) {
-                    throw Error(`plaintext must be non-negative and at most ${desc.field.ORDER}`);
+                    throw Error(`plaintext must be non-negative and less than ${desc.field.ORDER}`);
                 }
                 const sum = ctAdd(ptxt[i], encryptedCounter.data[i][0], binSize);
                 ciphertext.push(ctSelect(ctLt(sum, desc.field.ORDER, binSize), sum, ctSub(sum, desc.field.ORDER, binSize), binSize));
@@ -1089,6 +1110,74 @@ function getCounter(nonce, nBlocks) {
     return counter;
 }
 
+/**
+ * The Rescue cipher over Curve25519's base field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class RescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_BASE_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
+/**
+ * The Rescue cipher over Curve25519's scalar field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class CSplRescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_SCALAR_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
 // The arcisEd25519 signature scheme. This is essentially ed25519 but we use the hash function
 // SHA3-512 instead of SHA-512 since its multiplicative depth is much lower, which
 // makes it much better suited to be evaluated in MPC.
@@ -1720,7 +1809,7 @@ function createPacker(fields, typeName = 'Packer') {
 var address = "Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ";
 var metadata = {
 	name: "arcium",
-	version: "0.6.1",
+	version: "0.6.3",
 	spec: "0.1.0",
 	description: "The Arcium program"
 };
@@ -2808,6 +2897,10 @@ var instructions = [
 			{
 				name: "mxe_program",
 				type: "pubkey"
+			},
+			{
+				name: "output_len_bytes",
+				type: "u32"
 			}
 		]
 	},
@@ -2893,18 +2986,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -3576,6 +3675,55 @@ var instructions = [
 						}
 					]
 				}
+			},
+			{
+				name: "comp_def_raw",
+				docs: [
+					"At least the first raw circuit account must exist before finalizing"
+				],
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								111,
+								109,
+								112,
+								117,
+								116,
+								97,
+								116,
+								105,
+								111,
+								110,
+								68,
+								101,
+								102,
+								105,
+								110,
+								105,
+								116,
+								105,
+								111,
+								110,
+								82,
+								97,
+								119
+							]
+						},
+						{
+							kind: "account",
+							path: "comp_def_acc"
+						},
+						{
+							kind: "const",
+							value: [
+								0
+							]
+						}
+					]
+				}
 			}
 		],
 		args: [
@@ -3670,18 +3818,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -4025,18 +4179,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -5139,18 +5299,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -5312,18 +5478,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -7480,18 +7652,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -8720,18 +8898,24 @@ var instructions = [
 						{
 							kind: "const",
 							value: [
-								109,
+								77,
 								120,
 								101,
-								95,
-								114,
+								82,
 								101,
 								99,
 								111,
 								118,
 								101,
 								114,
-								121
+								121,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
 							]
 						},
 						{
@@ -9845,6 +10029,11 @@ var errors = [
 		code: 6713,
 		name: "BackupClusterNotSet",
 		msg: "Backup MXE cluster is not set"
+	},
+	{
+		code: 6714,
+		name: "ShareAlreadySubmitted",
+		msg: "Share already submitted"
 	}
 ];
 var types = [
@@ -11705,17 +11894,11 @@ var types = [
 			kind: "struct",
 			fields: [
 				{
-					name: "bitmap",
+					name: "key_recovery_finalize_offset",
 					docs: [
-						"Bitmap tracking which peers have uploaded their shares.",
-						"Bit index corresponds to the index in the original MXE's recovery_peers array."
+						"The computation offset for the queued key_recovery_finalize circuit."
 					],
-					type: {
-						array: [
-							"u8",
-							13
-						]
-					}
+					type: "u64"
 				},
 				{
 					name: "shares",
@@ -11741,52 +11924,32 @@ var types = [
 					}
 				},
 				{
-					name: "is_finalized",
-					docs: [
-						"Whether the recovery has been finalized (threshold met and marked ready)."
-					],
-					type: "u8"
+					name: "original_mxe_pubkey",
+					type: "pubkey"
 				},
 				{
-					name: "_padding1",
-					docs: [
-						"Padding for u64 alignment (need 5 bytes to align key_recovery_final_offset at 8-byte",
-						"boundary)"
-					],
-					type: {
-						array: [
-							"u8",
-							2
-						]
-					}
+					name: "backup_mxe_pubkey",
+					type: "pubkey"
 				},
 				{
-					name: "key_recovery_finalize_offset",
+					name: "is_finalized",
 					docs: [
-						"The computation offset for the queued key_recovery_finalize circuit."
+						"Whether the recovery has been finalized (threshold met and marked ready)."
 					],
-					type: "u64"
+					type: "u8"
 				},
 				{
 					name: "_padding2",
 					docs: [
-						"Padding to ensure struct size is multiple of 8 (for zero_copy alignment after bump field)"
+						"Padding to ensure struct size is u64 aligned (6 bytes)"
 					],
 					type: {
 						array: [
 							"u8",
-							7
+							6
 						]
 					}
 				},
-				{
-					name: "original_mxe_pubkey",
-					type: "pubkey"
-				},
-				{
-					name: "backup_mxe_pubkey",
-					type: "pubkey"
-				},
 				{
 					name: "bump",
 					type: "u8"
@@ -12775,7 +12938,7 @@ const RECOVERY_CLUSTER_ACC_SEED = 'RecoveryClusterAccount';
  * Seed for MxeRecoveryAccount PDA
  * @constant {string}
  */
-const MXE_RECOVERY_ACC_SEED = 'mxe_recovery';
+const MXE_RECOVERY_ACC_SEED = 'MxeRecoveryAccount';
 /**
  * Maximum number of bytes that can be reallocated per instruction.
  * @constant {number}
@@ -13613,7 +13776,9 @@ exports.Aes256Cipher = Aes256Cipher;
 exports.ArcisModule = ArcisModule;
 exports.ArcisType = ArcisType;
 exports.ArcisValueField = ArcisValueField;
+exports.CSplRescueCipher = CSplRescueCipher;
 exports.CURVE25519_BASE_FIELD = CURVE25519_BASE_FIELD;
+exports.CURVE25519_SCALAR_FIELD = CURVE25519_SCALAR_FIELD;
 exports.CURVE25519_SCALAR_FIELD_MODULUS = CURVE25519_SCALAR_FIELD_MODULUS;
 exports.IntegerInfo = IntegerInfo;
 exports.Matrix = Matrix;