@arcium-hq/client 0.6.2 → 0.6.3

package/build/index.cjs

@@ -499,7 +499,11 @@ function randMatrix(field, nrows, ncols) {
 /**
  * Curve25519 base field as an IField instance.
  */
-const CURVE25519_BASE_FIELD = ed25519.ed25519.CURVE.Fp;
+const CURVE25519_BASE_FIELD = ed25519.ed25519.Point.Fp;
+/**
+ * Curve25519 scalar field as an IField instance.
+ */
+const CURVE25519_SCALAR_FIELD = ed25519.ed25519.Point.Fn;
 // Security level for the block cipher.
 const SECURITY_LEVEL_BLOCK_CIPHER = 128;
 // Security level for the hash function.
@@ -895,8 +899,8 @@ class RescuePrimeHash {
     /**
      * Constructs a RescuePrimeHash instance with rate = 7 and capacity = 5.
      */
-    constructor() {
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'hash', m: 12, capacity: 5 });
+    constructor(field) {
+        this.desc = new RescueDesc(field, { kind: 'hash', m: 12, capacity: 5 });
         this.rate = 7;
         this.digestLength = 5;
     }
@@ -950,15 +954,32 @@ const RESCUE_CIPHER_BLOCK_SIZE = 5;
  * The Rescue cipher in Counter (CTR) mode, with a fixed block size m = 5.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
  */
-class RescueCipher {
+class RescueCipherCommon {
     desc;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Constructs a RescueCipherCommon instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
      * @param sharedSecret - The shared secret to derive the cipher key from.
      */
-    constructor(sharedSecret) {
-        const hasher = new RescuePrimeHash();
+    constructor(sharedSecret, field) {
+        if (sharedSecret.length != 32) {
+            throw Error(`sharedSecret must be of length 32 (found ${sharedSecret.length})`);
+        }
+        const hasher = new RescuePrimeHash(field);
+        // In case `field` is different from CURVE25519_BASE_FIELD we need to injectively map sharedSecret
+        // to a vector of elements over `field`.
+        const converted = [];
+        if (field === CURVE25519_BASE_FIELD) {
+            converted.push(deserializeLE(sharedSecret));
+        }
+        else {
+            // We chunk sharedSecret by field.BYTES - 1 and convert.
+            const chunkSize = field.BYTES - 1;
+            const nChunks = Math.ceil(sharedSecret.length / chunkSize);
+            for (let i = 0; i < nChunks; ++i) {
+                converted.push(deserializeLE(sharedSecret.slice(i * chunkSize, (i + 1) * chunkSize)));
+            }
+        }
         // We follow [Section 4, Option 1.](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf).
         // For our choice of hash function, we have:
         // - H_outputBits = hasher.digestLength = RESCUE_CIPHER_BLOCK_SIZE
@@ -967,9 +988,9 @@ class RescueCipher {
         // - L = RESCUE_CIPHER_BLOCK_SIZE.
         // Build the vector `counter || Z || FixedInfo` (we only have i = 1, since reps = 1).
         // For the FixedInfo we simply take L.
-        const counter = [1n, deserializeLE(sharedSecret), BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
+        const counter = [1n, ...converted, BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
         const rescueKey = hasher.digest(counter);
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'cipher', key: rescueKey });
+        this.desc = new RescueDesc(field, { kind: 'cipher', key: rescueKey });
     }
     /**
      * Encrypts the plaintext vector in Counter (CTR) mode (raw, returns bigints).
@@ -991,7 +1012,7 @@ class RescueCipher {
             const ciphertext = [];
             for (let i = 0; i < ptxt.length; ++i) {
                 if (!verifyBinSize(ptxt[i], binSize - 1n) || ctSignBit(ptxt[i], binSize) || !ctLt(ptxt[i], desc.field.ORDER, binSize)) {
-                    throw Error(`plaintext must be non-negative and at most ${desc.field.ORDER}`);
+                    throw Error(`plaintext must be non-negative and less than ${desc.field.ORDER}`);
                 }
                 const sum = ctAdd(ptxt[i], encryptedCounter.data[i][0], binSize);
                 ciphertext.push(ctSelect(ctLt(sum, desc.field.ORDER, binSize), sum, ctSub(sum, desc.field.ORDER, binSize), binSize));
@@ -1089,6 +1110,74 @@ function getCounter(nonce, nBlocks) {
     return counter;
 }
 
+/**
+ * The Rescue cipher over Curve25519's base field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class RescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_BASE_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
+/**
+ * The Rescue cipher over Curve25519's scalar field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class CSplRescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_SCALAR_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
 // The arcisEd25519 signature scheme. This is essentially ed25519 but we use the hash function
 // SHA3-512 instead of SHA-512 since its multiplicative depth is much lower, which
 // makes it much better suited to be evaluated in MPC.
@@ -1720,7 +1809,7 @@ function createPacker(fields, typeName = 'Packer') {
 var address = "Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ";
 var metadata = {
 	name: "arcium",
-	version: "0.6.2",
+	version: "0.6.3",
 	spec: "0.1.0",
 	description: "The Arcium program"
 };
@@ -2808,6 +2897,10 @@ var instructions = [
 			{
 				name: "mxe_program",
 				type: "pubkey"
+			},
+			{
+				name: "output_len_bytes",
+				type: "u32"
 			}
 		]
 	},
@@ -3582,6 +3675,55 @@ var instructions = [
 						}
 					]
 				}
+			},
+			{
+				name: "comp_def_raw",
+				docs: [
+					"At least the first raw circuit account must exist before finalizing"
+				],
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								111,
+								109,
+								112,
+								117,
+								116,
+								97,
+								116,
+								105,
+								111,
+								110,
+								68,
+								101,
+								102,
+								105,
+								110,
+								105,
+								116,
+								105,
+								111,
+								110,
+								82,
+								97,
+								119
+							]
+						},
+						{
+							kind: "account",
+							path: "comp_def_acc"
+						},
+						{
+							kind: "const",
+							value: [
+								0
+							]
+						}
+					]
+				}
 			}
 		],
 		args: [
@@ -13634,7 +13776,9 @@ exports.Aes256Cipher = Aes256Cipher;
 exports.ArcisModule = ArcisModule;
 exports.ArcisType = ArcisType;
 exports.ArcisValueField = ArcisValueField;
+exports.CSplRescueCipher = CSplRescueCipher;
 exports.CURVE25519_BASE_FIELD = CURVE25519_BASE_FIELD;
+exports.CURVE25519_SCALAR_FIELD = CURVE25519_SCALAR_FIELD;
 exports.CURVE25519_SCALAR_FIELD_MODULUS = CURVE25519_SCALAR_FIELD_MODULUS;
 exports.IntegerInfo = IntegerInfo;
 exports.Matrix = Matrix;

package/build/index.d.ts

@@ -99,13 +99,17 @@ type HashFunction = {
     capacity: number;
 };
 /**
- * Field type for Curve25519 base field.
+ * Field type.
  */
 type FpField = IField<bigint>;
 /**
  * Curve25519 base field as an IField instance.
  */
 declare const CURVE25519_BASE_FIELD: FpField;
+/**
+ * Curve25519 scalar field as an IField instance.
+ */
+declare const CURVE25519_SCALAR_FIELD: FpField;
 /**
  * Description and parameters for the Rescue cipher or hash function, including round constants, MDS matrix, and key schedule.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
@@ -152,14 +156,14 @@ declare function toVec(data: bigint[]): bigint[][];
  * The Rescue cipher in Counter (CTR) mode, with a fixed block size m = 5.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
  */
-declare class RescueCipher {
+declare class RescueCipherCommon {
     desc: RescueDesc;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Constructs a RescueCipherCommon instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
      * @param sharedSecret - The shared secret to derive the cipher key from.
      */
-    constructor(sharedSecret: Uint8Array);
+    constructor(sharedSecret: Uint8Array, field: FpField);
     /**
      * Encrypts the plaintext vector in Counter (CTR) mode (raw, returns bigints).
      * @param plaintext - The array of plaintext bigints to encrypt.
@@ -192,6 +196,62 @@ declare class RescueCipher {
     decrypt(ciphertext: number[][], nonce: Uint8Array): bigint[];
 }
 
+/**
+ * The Rescue cipher over Curve25519's base field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+declare class RescueCipher {
+    cipher: RescueCipherCommon;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret: Uint8Array);
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext: bigint[], nonce: Uint8Array): number[][];
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext: number[][], nonce: Uint8Array): bigint[];
+}
+
+/**
+ * The Rescue cipher over Curve25519's scalar field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+declare class CSplRescueCipher {
+    cipher: RescueCipherCommon;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret: Uint8Array);
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext: bigint[], nonce: Uint8Array): number[][];
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext: number[][], nonce: Uint8Array): bigint[];
+}
+
 /**
  * The Rescue-Prime hash function, as described in https://eprint.iacr.org/2020/1143.pdf, offering 256 bits
  * of security against collision, preimage and second-preimage attacks for any field of size at least 102 bits.
@@ -205,7 +265,7 @@ declare class RescuePrimeHash {
     /**
      * Constructs a RescuePrimeHash instance with rate = 7 and capacity = 5.
      */
-    constructor();
+    constructor(field: FpField);
     /**
      * Computes the Rescue-Prime hash of a message, with padding as described in Algorithm 2 of the paper.
      * @param message - The input message as an array of bigints.
@@ -396,7 +456,7 @@ type Arcium = {
     "address": "Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ";
     "metadata": {
         "name": "arcium";
-        "version": "0.6.2";
+        "version": "0.6.3";
         "spec": "0.1.0";
         "description": "The Arcium program";
     };
@@ -1484,6 +1544,10 @@ type Arcium = {
                 {
                     "name": "mxeProgram";
                     "type": "pubkey";
+                },
+                {
+                    "name": "outputLenBytes";
+                    "type": "u32";
                 }
             ];
         },
@@ -2257,6 +2321,55 @@ type Arcium = {
                             }
                         ];
                     };
+                },
+                {
+                    "name": "compDefRaw";
+                    "docs": [
+                        "At least the first raw circuit account must exist before finalizing"
+                    ];
+                    "pda": {
+                        "seeds": [
+                            {
+                                "kind": "const";
+                                "value": [
+                                    67,
+                                    111,
+                                    109,
+                                    112,
+                                    117,
+                                    116,
+                                    97,
+                                    116,
+                                    105,
+                                    111,
+                                    110,
+                                    68,
+                                    101,
+                                    102,
+                                    105,
+                                    110,
+                                    105,
+                                    116,
+                                    105,
+                                    111,
+                                    110,
+                                    82,
+                                    97,
+                                    119
+                                ];
+                            },
+                            {
+                                "kind": "account";
+                                "path": "compDefAcc";
+                            },
+                            {
+                                "kind": "const";
+                                "value": [
+                                    0
+                                ];
+                            }
+                        ];
+                    };
                 }
             ];
             "args": [
@@ -11691,5 +11804,5 @@ declare function getRecoveryClusterAccAddress(mxeProgramId: PublicKey): PublicKe
  */
 declare function getMxeRecoveryAccAddress(backupMxeProgramId: PublicKey, originalMxeProgramId: PublicKey): PublicKey;
 
-export { ARCIUM_ADDR, ARCIUM_IDL, Aes128Cipher, Aes192Cipher, Aes256Cipher, ArcisModule, ArcisType, ArcisValueField, CURVE25519_BASE_FIELD, CURVE25519_SCALAR_FIELD_MODULUS, IntegerInfo, Matrix, RescueCipher, RescueDesc, RescuePrimeHash, arcisEd25519, awaitComputationFinalization, buildFinalizeCompDefTx, createPacker, deserializeLE, finalizeKeyRecoveryExecution, generateRandomFieldElem, getArciumAccountBaseSeed, getArciumEnv, getArciumProgram, getArciumProgramId, getArxNodeAccAddress, getClockAccAddress, getClusterAccAddress, getCompDefAccAddress, getCompDefAccOffset, getComputationAccAddress, getComputationsInMempool, getExecutingPoolAccAddress, getExecutingPoolAccInfo, getFeePoolAccAddress, getMXEAccAddress, getMXEArcisEd25519VerifyingKey, getMXEPublicKey, getMempoolAccAddress, getMempoolAccInfo, getMempoolPriorityFeeStats, getMxeRecoveryAccAddress, getRecoveryClusterAccAddress, initKeyRecoveryExecution, initMxePart1, initMxePart2, isNullRef, positiveModulo, queueKeyRecoveryInit, randMatrix, recoverMxe, serializeLE, sha256, submitKeyRecoveryShare, toVec, uploadCircuit };
+export { ARCIUM_ADDR, ARCIUM_IDL, Aes128Cipher, Aes192Cipher, Aes256Cipher, ArcisModule, ArcisType, ArcisValueField, CSplRescueCipher, CURVE25519_BASE_FIELD, CURVE25519_SCALAR_FIELD, CURVE25519_SCALAR_FIELD_MODULUS, IntegerInfo, Matrix, RescueCipher, RescueDesc, RescuePrimeHash, arcisEd25519, awaitComputationFinalization, buildFinalizeCompDefTx, createPacker, deserializeLE, finalizeKeyRecoveryExecution, generateRandomFieldElem, getArciumAccountBaseSeed, getArciumEnv, getArciumProgram, getArciumProgramId, getArxNodeAccAddress, getClockAccAddress, getClusterAccAddress, getCompDefAccAddress, getCompDefAccOffset, getComputationAccAddress, getComputationsInMempool, getExecutingPoolAccAddress, getExecutingPoolAccInfo, getFeePoolAccAddress, getMXEAccAddress, getMXEArcisEd25519VerifyingKey, getMXEPublicKey, getMempoolAccAddress, getMempoolAccInfo, getMempoolPriorityFeeStats, getMxeRecoveryAccAddress, getRecoveryClusterAccAddress, initKeyRecoveryExecution, initMxePart1, initMxePart2, isNullRef, positiveModulo, queueKeyRecoveryInit, randMatrix, recoverMxe, serializeLE, sha256, submitKeyRecoveryShare, toVec, uploadCircuit };
 export type { Arcium as ArciumIdlType, ArciumLocalEnv, ComputationErrorType, ComputationReference, ExecutingPoolAccount, FieldInfo, FpField, MempoolAccount, MempoolPriorityFeeStats, Packer };

package/build/index.mjs

@@ -480,7 +480,11 @@ function randMatrix(field, nrows, ncols) {
 /**
  * Curve25519 base field as an IField instance.
  */
-const CURVE25519_BASE_FIELD = ed25519.CURVE.Fp;
+const CURVE25519_BASE_FIELD = ed25519.Point.Fp;
+/**
+ * Curve25519 scalar field as an IField instance.
+ */
+const CURVE25519_SCALAR_FIELD = ed25519.Point.Fn;
 // Security level for the block cipher.
 const SECURITY_LEVEL_BLOCK_CIPHER = 128;
 // Security level for the hash function.
@@ -876,8 +880,8 @@ class RescuePrimeHash {
     /**
      * Constructs a RescuePrimeHash instance with rate = 7 and capacity = 5.
      */
-    constructor() {
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'hash', m: 12, capacity: 5 });
+    constructor(field) {
+        this.desc = new RescueDesc(field, { kind: 'hash', m: 12, capacity: 5 });
         this.rate = 7;
         this.digestLength = 5;
     }
@@ -931,15 +935,32 @@ const RESCUE_CIPHER_BLOCK_SIZE = 5;
  * The Rescue cipher in Counter (CTR) mode, with a fixed block size m = 5.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
  */
-class RescueCipher {
+class RescueCipherCommon {
     desc;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Constructs a RescueCipherCommon instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
      * @param sharedSecret - The shared secret to derive the cipher key from.
      */
-    constructor(sharedSecret) {
-        const hasher = new RescuePrimeHash();
+    constructor(sharedSecret, field) {
+        if (sharedSecret.length != 32) {
+            throw Error(`sharedSecret must be of length 32 (found ${sharedSecret.length})`);
+        }
+        const hasher = new RescuePrimeHash(field);
+        // In case `field` is different from CURVE25519_BASE_FIELD we need to injectively map sharedSecret
+        // to a vector of elements over `field`.
+        const converted = [];
+        if (field === CURVE25519_BASE_FIELD) {
+            converted.push(deserializeLE(sharedSecret));
+        }
+        else {
+            // We chunk sharedSecret by field.BYTES - 1 and convert.
+            const chunkSize = field.BYTES - 1;
+            const nChunks = Math.ceil(sharedSecret.length / chunkSize);
+            for (let i = 0; i < nChunks; ++i) {
+                converted.push(deserializeLE(sharedSecret.slice(i * chunkSize, (i + 1) * chunkSize)));
+            }
+        }
         // We follow [Section 4, Option 1.](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf).
         // For our choice of hash function, we have:
         // - H_outputBits = hasher.digestLength = RESCUE_CIPHER_BLOCK_SIZE
@@ -948,9 +969,9 @@ class RescueCipher {
         // - L = RESCUE_CIPHER_BLOCK_SIZE.
         // Build the vector `counter || Z || FixedInfo` (we only have i = 1, since reps = 1).
         // For the FixedInfo we simply take L.
-        const counter = [1n, deserializeLE(sharedSecret), BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
+        const counter = [1n, ...converted, BigInt(RESCUE_CIPHER_BLOCK_SIZE)];
         const rescueKey = hasher.digest(counter);
-        this.desc = new RescueDesc(CURVE25519_BASE_FIELD, { kind: 'cipher', key: rescueKey });
+        this.desc = new RescueDesc(field, { kind: 'cipher', key: rescueKey });
     }
     /**
      * Encrypts the plaintext vector in Counter (CTR) mode (raw, returns bigints).
@@ -972,7 +993,7 @@ class RescueCipher {
             const ciphertext = [];
             for (let i = 0; i < ptxt.length; ++i) {
                 if (!verifyBinSize(ptxt[i], binSize - 1n) || ctSignBit(ptxt[i], binSize) || !ctLt(ptxt[i], desc.field.ORDER, binSize)) {
-                    throw Error(`plaintext must be non-negative and at most ${desc.field.ORDER}`);
+                    throw Error(`plaintext must be non-negative and less than ${desc.field.ORDER}`);
                 }
                 const sum = ctAdd(ptxt[i], encryptedCounter.data[i][0], binSize);
                 ciphertext.push(ctSelect(ctLt(sum, desc.field.ORDER, binSize), sum, ctSub(sum, desc.field.ORDER, binSize), binSize));
@@ -1070,6 +1091,74 @@ function getCounter(nonce, nBlocks) {
     return counter;
 }
 
+/**
+ * The Rescue cipher over Curve25519's base field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class RescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_BASE_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
+/**
+ * The Rescue cipher over Curve25519's scalar field in Counter (CTR) mode, with a fixed block size m = 5.
+ * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287
+ */
+class CSplRescueCipher {
+    cipher;
+    /**
+     * Constructs a RescueCipher instance using a shared secret.
+     * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
+     * @param sharedSecret - The shared secret to derive the cipher key from.
+     */
+    constructor(sharedSecret) {
+        this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_SCALAR_FIELD);
+    }
+    /**
+     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
+     * @param plaintext - The array of plaintext bigints to encrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     */
+    encrypt(plaintext, nonce) {
+        return this.cipher.encrypt(plaintext, nonce);
+    }
+    /**
+     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - A 16-byte nonce for CTR mode.
+     * @returns The decrypted plaintext as an array of bigints.
+     */
+    decrypt(ciphertext, nonce) {
+        return this.cipher.decrypt(ciphertext, nonce);
+    }
+}
+
 // The arcisEd25519 signature scheme. This is essentially ed25519 but we use the hash function
 // SHA3-512 instead of SHA-512 since its multiplicative depth is much lower, which
 // makes it much better suited to be evaluated in MPC.
@@ -1701,7 +1790,7 @@ function createPacker(fields, typeName = 'Packer') {
 var address = "Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ";
 var metadata = {
 	name: "arcium",
-	version: "0.6.2",
+	version: "0.6.3",
 	spec: "0.1.0",
 	description: "The Arcium program"
 };
@@ -2789,6 +2878,10 @@ var instructions = [
 			{
 				name: "mxe_program",
 				type: "pubkey"
+			},
+			{
+				name: "output_len_bytes",
+				type: "u32"
 			}
 		]
 	},
@@ -3563,6 +3656,55 @@ var instructions = [
 						}
 					]
 				}
+			},
+			{
+				name: "comp_def_raw",
+				docs: [
+					"At least the first raw circuit account must exist before finalizing"
+				],
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								111,
+								109,
+								112,
+								117,
+								116,
+								97,
+								116,
+								105,
+								111,
+								110,
+								68,
+								101,
+								102,
+								105,
+								110,
+								105,
+								116,
+								105,
+								111,
+								110,
+								82,
+								97,
+								119
+							]
+						},
+						{
+							kind: "account",
+							path: "comp_def_acc"
+						},
+						{
+							kind: "const",
+							value: [
+								0
+							]
+						}
+					]
+				}
 			}
 		],
 		args: [
@@ -13603,4 +13745,4 @@ async function awaitEvent(eventListener, eventName, eventCheck, commitment = 'co
     return { event: foundEvent[0], sig: foundEvent[1] };
 }
 
-export { ARCIUM_ADDR, ARCIUM_IDL, Aes128Cipher, Aes192Cipher, Aes256Cipher, ArcisModule, ArcisType, ArcisValueField, CURVE25519_BASE_FIELD, CURVE25519_SCALAR_FIELD_MODULUS, IntegerInfo, Matrix, RescueCipher, RescueDesc, RescuePrimeHash, arcisEd25519, awaitComputationFinalization, buildFinalizeCompDefTx, createPacker, deserializeLE, finalizeKeyRecoveryExecution, generateRandomFieldElem, getArciumAccountBaseSeed, getArciumEnv, getArciumProgram, getArciumProgramId, getArxNodeAccAddress, getClockAccAddress, getClusterAccAddress, getCompDefAccAddress, getCompDefAccOffset, getComputationAccAddress, getComputationsInMempool, getExecutingPoolAccAddress, getExecutingPoolAccInfo, getFeePoolAccAddress, getMXEAccAddress, getMXEArcisEd25519VerifyingKey, getMXEPublicKey, getMempoolAccAddress, getMempoolAccInfo, getMempoolPriorityFeeStats, getMxeRecoveryAccAddress, getRecoveryClusterAccAddress, initKeyRecoveryExecution, initMxePart1, initMxePart2, isNullRef, positiveModulo, queueKeyRecoveryInit, randMatrix, recoverMxe, serializeLE, sha256, submitKeyRecoveryShare, toVec, uploadCircuit };
+export { ARCIUM_ADDR, ARCIUM_IDL, Aes128Cipher, Aes192Cipher, Aes256Cipher, ArcisModule, ArcisType, ArcisValueField, CSplRescueCipher, CURVE25519_BASE_FIELD, CURVE25519_SCALAR_FIELD, CURVE25519_SCALAR_FIELD_MODULUS, IntegerInfo, Matrix, RescueCipher, RescueDesc, RescuePrimeHash, arcisEd25519, awaitComputationFinalization, buildFinalizeCompDefTx, createPacker, deserializeLE, finalizeKeyRecoveryExecution, generateRandomFieldElem, getArciumAccountBaseSeed, getArciumEnv, getArciumProgram, getArciumProgramId, getArxNodeAccAddress, getClockAccAddress, getClusterAccAddress, getCompDefAccAddress, getCompDefAccOffset, getComputationAccAddress, getComputationsInMempool, getExecutingPoolAccAddress, getExecutingPoolAccInfo, getFeePoolAccAddress, getMXEAccAddress, getMXEArcisEd25519VerifyingKey, getMXEPublicKey, getMempoolAccAddress, getMempoolAccInfo, getMempoolPriorityFeeStats, getMxeRecoveryAccAddress, getRecoveryClusterAccAddress, initKeyRecoveryExecution, initMxePart1, initMxePart2, isNullRef, positiveModulo, queueKeyRecoveryInit, randMatrix, recoverMxe, serializeLE, sha256, submitKeyRecoveryShare, toVec, uploadCircuit };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arcium-hq/client",
-  "version": "0.6.2",
+  "version": "0.6.3",
   "description": "Client SDK for interacting with encrypted Solana programs",
   "author": "Arcium",
   "license": "GPL-3.0-only",