@aztec/foundation 3.0.0-devnet.6 → 3.0.0-devnet.6-patch.1

package/dest/crypto/bls/bn254_keystore.d.ts

@@ -0,0 +1,296 @@
+import { z } from 'zod';
+/**
+ * BN254 Keystore Format
+ *
+ * Implements encryption and decryption of keystores for BN254 BLS private keys
+ * using PBKDF2 and AES-128-CTR. This format is inspired by EIP-2335 but adapted
+ * for BN254 keys rather than BLS12-381.
+ *
+ * @see https://eips.ethereum.org/EIPS/eip-2335
+ */
+/**
+ * Zod schema for validating BN254 keystore structure
+ */
+declare const bn254KeystoreSchema: z.ZodObject<{
+    crypto: z.ZodObject<{
+        kdf: z.ZodObject<{
+            function: z.ZodLiteral<"pbkdf2">;
+            params: z.ZodObject<{
+                dklen: z.ZodNumber;
+                c: z.ZodNumber;
+                prf: z.ZodString;
+                salt: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            }, {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            }>;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        }, {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        }>;
+        checksum: z.ZodObject<{
+            function: z.ZodLiteral<"sha256">;
+            params: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            function: "sha256";
+            params: {};
+            message: string;
+        }, {
+            function: "sha256";
+            params: {};
+            message: string;
+        }>;
+        cipher: z.ZodObject<{
+            function: z.ZodLiteral<"aes-128-ctr">;
+            params: z.ZodObject<{
+                iv: z.ZodString;
+            }, "strip", z.ZodTypeAny, {
+                iv: string;
+            }, {
+                iv: string;
+            }>;
+            message: z.ZodString;
+        }, "strip", z.ZodTypeAny, {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        }, {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        }>;
+    }, "strip", z.ZodTypeAny, {
+        kdf: {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        };
+        checksum: {
+            function: "sha256";
+            params: {};
+            message: string;
+        };
+        cipher: {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        };
+    }, {
+        kdf: {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        };
+        checksum: {
+            function: "sha256";
+            params: {};
+            message: string;
+        };
+        cipher: {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        };
+    }>;
+    description: z.ZodOptional<z.ZodString>;
+    pubkey: z.ZodString;
+    path: z.ZodString;
+    uuid: z.ZodString;
+    version: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    crypto: {
+        kdf: {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        };
+        checksum: {
+            function: "sha256";
+            params: {};
+            message: string;
+        };
+        cipher: {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        };
+    };
+    description?: string | undefined;
+    pubkey: string;
+    path: string;
+    uuid: string;
+    version: number;
+}, {
+    crypto: {
+        kdf: {
+            function: "pbkdf2";
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        };
+        checksum: {
+            function: "sha256";
+            params: {};
+            message: string;
+        };
+        cipher: {
+            function: "aes-128-ctr";
+            params: {
+                iv: string;
+            };
+            message: string;
+        };
+    };
+    description?: string | undefined;
+    pubkey: string;
+    path: string;
+    uuid: string;
+    version: number;
+}>;
+/**
+ * Error thrown when BN254 keystore operations fail
+ */
+export declare class Bn254KeystoreError extends Error {
+    cause?: Error | undefined;
+    constructor(message: string, cause?: Error | undefined);
+}
+export type Bn254Keystore = z.infer<typeof bn254KeystoreSchema>;
+/**
+ * The JSON structure of a BN254 keystore file.
+ * @deprecated Use the inferred type from bn254KeystoreSchema instead
+ */
+export interface Bn254KeystoreInterface {
+    crypto: {
+        kdf: {
+            function: 'pbkdf2';
+            params: {
+                dklen: number;
+                c: number;
+                prf: string;
+                salt: string;
+            };
+            message: string;
+        };
+        checksum: {
+            function: 'sha256';
+            params: Record<string, never>;
+            message: string;
+        };
+        cipher: {
+            function: 'aes-128-ctr';
+            params: {
+                iv: string;
+            };
+            message: string;
+        };
+    };
+    description: string;
+    pubkey: string;
+    path: string;
+    uuid: string;
+    version: number;
+}
+/**
+ * Creates a BN254 keystore object for a BN254 BLS private key.
+ *
+ * Uses PBKDF2 with SHA-256 for key derivation and AES-128-CTR for encryption,
+ * following the EIP-2335 specification format.
+ *
+ * @param password - Password for encrypting the private key
+ * @param privateKeyHex - Private key as 0x-prefixed hex string (32 bytes)
+ * @param pubkeyHex - Public key as hex string (compressed or uncompressed)
+ * @param derivationPath - BIP-44 style derivation path (e.g., "m/12381/3600/0/0/0")
+ * @returns BN254 keystore object ready to be serialized to JSON
+ * @throws Error if private key is not 32-byte hex
+ */
+export declare function createBn254Keystore(password: string, privateKeyHex: string, pubkeyHex: string, derivationPath: string): Bn254Keystore;
+/**
+ * Loads and validates a BN254 keystore file.
+ *
+ * @param filePath - Path to the BN254 keystore JSON file
+ * @returns Validated keystore object
+ * @throws Bn254KeystoreError if file cannot be read or validated
+ */
+export declare function loadBn254Keystore(filePath: string): Bn254Keystore;
+/**
+ * Decrypts a BN254 BLS private key from a keystore file.
+ *
+ * @param filePath - Path to the BN254 keystore JSON file
+ * @param password - Password to decrypt the keystore
+ * @returns Decrypted private key as 0x-prefixed hex string (32 bytes)
+ * @throws Bn254KeystoreError if decryption fails or checksum is invalid
+ */
+export declare function decryptBn254Keystore(filePath: string, password: string): string;
+/**
+ * Decrypts a BN254 BLS private key from a keystore object.
+ *
+ * @param keystore - BN254 keystore object
+ * @param password - Password to decrypt the keystore
+ * @returns Decrypted private key as 0x-prefixed hex string (32 bytes)
+ * @throws Bn254KeystoreError if decryption fails or checksum is invalid
+ */
+export declare function decryptBn254KeystoreFromObject(keystore: Bn254Keystore, password: string): string;
+/**
+ * Validates that a decrypted private key matches the public key in the keystore.
+ *
+ * @param privateKeyHex - Decrypted private key (0x-prefixed)
+ * @param expectedPubkey - Expected public key from keystore
+ * @param computePublicKey - Function to compute public key from private key
+ * @returns true if keys match, false otherwise
+ */
+export declare function verifyBn254Keypair(privateKeyHex: string, expectedPubkey: string, computePublicKey: (privateKey: string) => string): boolean;
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYm4yNTRfa2V5c3RvcmUuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jcnlwdG8vYmxzL2JuMjU0X2tleXN0b3JlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUlBLE9BQU8sRUFBRSxDQUFDLEVBQUUsTUFBTSxLQUFLLENBQUM7QUFFeEI7Ozs7Ozs7O0dBUUc7QUFFSDs7R0FFRztBQUNILFFBQUEsTUFBTSxtQkFBbUI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0VBOEJ2QixDQUFDO0FBRUg7O0dBRUc7QUFDSCxxQkFBYSxrQkFBbUIsU0FBUSxLQUFLO0lBR3pCLEtBQUssQ0FBQztJQUZ4QixZQUNFLE9BQU8sRUFBRSxNQUFNLEVBQ0MsS0FBSyxDQUFDLG1CQUFPLEVBSTlCO0NBQ0Y7QUFFRCxNQUFNLE1BQU0sYUFBYSxHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsT0FBTyxtQkFBbUIsQ0FBQyxDQUFDO0FBRWhFOzs7R0FHRztBQUNILE1BQU0sV0FBVyxzQkFBc0I7SUFDckMsTUFBTSxFQUFFO1FBQ04sR0FBRyxFQUFFO1lBQ0gsUUFBUSxFQUFFLFFBQVEsQ0FBQztZQUNuQixNQUFNLEVBQUU7Z0JBQ04sS0FBSyxFQUFFLE1BQU0sQ0FBQztnQkFDZCxDQUFDLEVBQUUsTUFBTSxDQUFDO2dCQUNWLEdBQUcsRUFBRSxNQUFNLENBQUM7Z0JBQ1osSUFBSSxFQUFFLE1BQU0sQ0FBQzthQUNkLENBQUM7WUFDRixPQUFPLEVBQUUsTUFBTSxDQUFDO1NBQ2pCLENBQUM7UUFDRixRQUFRLEVBQUU7WUFDUixRQUFRLEVBQUUsUUFBUSxDQUFDO1lBQ25CLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQzlCLE9BQU8sRUFBRSxNQUFNLENBQUM7U0FDakIsQ0FBQztRQUNGLE1BQU0sRUFBRTtZQUNOLFFBQVEsRUFBRSxhQUFhLENBQUM7WUFDeEIsTUFBTSxFQUFFO2dCQUNOLEVBQUUsRUFBRSxNQUFNLENBQUM7YUFDWixDQUFDO1lBQ0YsT0FBTyxFQUFFLE1BQU0sQ0FBQztTQUNqQixDQUFDO0tBQ0gsQ0FBQztJQUNGLFdBQVcsRUFBRSxNQUFNLENBQUM7SUFDcEIsTUFBTSxFQUFFLE1BQU0sQ0FBQztJQUNmLElBQUksRUFBRSxNQUFNLENBQUM7SUFDYixJQUFJLEVBQUUsTUFBTSxDQUFDO0lBQ2IsT0FBTyxFQUFFLE1BQU0sQ0FBQztDQUNqQjtBQUVEOzs7Ozs7Ozs7Ozs7R0FZRztBQUNILHdCQUFnQixtQkFBbUIsQ0FDakMsUUFBUSxFQUFFLE1BQU0sRUFDaEIsYUFBYSxFQUFFLE1BQU0sRUFDckIsU0FBUyxFQUFFLE1BQU0sRUFDakIsY0FBYyxFQUFFLE1BQU0sR0FDckIsYUFBYSxDQThDZjtBQUVEOzs7Ozs7R0FNRztBQUNILHdCQUFnQixpQkFBaUIsQ0FBQyxRQUFRLEVBQUUsTUFBTSxHQUFHLGFBQWEsQ0FnQmpFO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILHdCQUFnQixvQkFBb0IsQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxNQUFNLEdBQUcsTUFBTSxDQUcvRTtBQUVEOzs7Ozs7O0dBT0c7QUFDSCx3QkFBZ0IsOEJBQThCLENBQUMsUUFBUSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsTUFBTSxHQUFHLE1BQU0sQ0FpRGhHO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILHdCQUFnQixrQkFBa0IsQ0FDaEMsYUFBYSxFQUFFLE1BQU0sRUFDckIsY0FBYyxFQUFFLE1BQU0sRUFDdEIsZ0JBQWdCLEVBQUUsQ0FBQyxVQUFVLEVBQUUsTUFBTSxLQUFLLE1BQU0sR0FDL0MsT0FBTyxDQVNUIn0=

package/dest/crypto/bls/bn254_keystore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bn254_keystore.d.ts","sourceRoot":"","sources":["../../../src/crypto/bls/bn254_keystore.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;GAQG;AAEH;;GAEG;AACH,QAAA,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BvB,CAAC;AAEH;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;IAGzB,KAAK,CAAC;IAFxB,YACE,OAAO,EAAE,MAAM,EACC,KAAK,CAAC,mBAAO,EAI9B;CACF;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE;QACN,GAAG,EAAE;YACH,QAAQ,EAAE,QAAQ,CAAC;YACnB,MAAM,EAAE;gBACN,KAAK,EAAE,MAAM,CAAC;gBACd,CAAC,EAAE,MAAM,CAAC;gBACV,GAAG,EAAE,MAAM,CAAC;gBACZ,IAAI,EAAE,MAAM,CAAC;aACd,CAAC;YACF,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,QAAQ,EAAE;YACR,QAAQ,EAAE,QAAQ,CAAC;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC9B,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;QACF,MAAM,EAAE;YACN,QAAQ,EAAE,aAAa,CAAC;YACxB,MAAM,EAAE;gBACN,EAAE,EAAE,MAAM,CAAC;aACZ,CAAC;YACF,OAAO,EAAE,MAAM,CAAC;SACjB,CAAC;KACH,CAAC;IACF,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,MAAM,EACjB,cAAc,EAAE,MAAM,GACrB,aAAa,CA8Cf;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAgBjE;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAG/E;AAED;;;;;;;GAOG;AACH,wBAAgB,8BAA8B,CAAC,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAiDhG;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,MAAM,EACrB,cAAc,EAAE,MAAM,EACtB,gBAAgB,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,GAC/C,OAAO,CAST"}

package/dest/crypto/bls/bn254_keystore.js

@@ -0,0 +1,218 @@
+import { randomBytes } from '@aztec/foundation/crypto/random';
+import { createCipheriv, createDecipheriv, createHash, pbkdf2Sync, randomUUID } from 'crypto';
+import { readFileSync } from 'fs';
+import { z } from 'zod';
+/**
+ * BN254 Keystore Format
+ *
+ * Implements encryption and decryption of keystores for BN254 BLS private keys
+ * using PBKDF2 and AES-128-CTR. This format is inspired by EIP-2335 but adapted
+ * for BN254 keys rather than BLS12-381.
+ *
+ * @see https://eips.ethereum.org/EIPS/eip-2335
+ */ /**
+ * Zod schema for validating BN254 keystore structure
+ */ const bn254KeystoreSchema = z.object({
+    crypto: z.object({
+        kdf: z.object({
+            function: z.literal('pbkdf2'),
+            params: z.object({
+                dklen: z.number(),
+                c: z.number(),
+                prf: z.string(),
+                salt: z.string()
+            }),
+            message: z.string()
+        }),
+        checksum: z.object({
+            function: z.literal('sha256'),
+            params: z.object({}),
+            message: z.string()
+        }),
+        cipher: z.object({
+            function: z.literal('aes-128-ctr'),
+            params: z.object({
+                iv: z.string()
+            }),
+            message: z.string()
+        })
+    }),
+    description: z.string().optional(),
+    pubkey: z.string(),
+    path: z.string(),
+    uuid: z.string(),
+    version: z.number()
+});
+/**
+ * Error thrown when BN254 keystore operations fail
+ */ export class Bn254KeystoreError extends Error {
+    cause;
+    constructor(message, cause){
+        super(message), this.cause = cause;
+        this.name = 'Bn254KeystoreError';
+    }
+}
+/**
+ * Creates a BN254 keystore object for a BN254 BLS private key.
+ *
+ * Uses PBKDF2 with SHA-256 for key derivation and AES-128-CTR for encryption,
+ * following the EIP-2335 specification format.
+ *
+ * @param password - Password for encrypting the private key
+ * @param privateKeyHex - Private key as 0x-prefixed hex string (32 bytes)
+ * @param pubkeyHex - Public key as hex string (compressed or uncompressed)
+ * @param derivationPath - BIP-44 style derivation path (e.g., "m/12381/3600/0/0/0")
+ * @returns BN254 keystore object ready to be serialized to JSON
+ * @throws Error if private key is not 32-byte hex
+ */ export function createBn254Keystore(password, privateKeyHex, pubkeyHex, derivationPath) {
+    const ensureHex = (hex)=>hex.replace(/^0x/i, '');
+    const privHex = ensureHex(privateKeyHex);
+    if (!/^[0-9a-fA-F]{64}$/.test(privHex)) {
+        throw new Error('BLS private key must be 32-byte hex');
+    }
+    const salt = randomBytes(32);
+    const iv = randomBytes(16);
+    const dk = pbkdf2Sync(Buffer.from(password.normalize('NFKD'), 'utf8'), salt, 262144, 32, 'sha256');
+    const cipherKey = dk.subarray(0, 16);
+    const cipher = createCipheriv('aes-128-ctr', cipherKey, iv);
+    const plaintext = Buffer.from(privHex, 'hex');
+    const ciphertext = Buffer.concat([
+        cipher.update(plaintext),
+        cipher.final()
+    ]);
+    const checksum = createHash('sha256').update(Buffer.concat([
+        dk.subarray(16, 32),
+        ciphertext
+    ])).digest();
+    const uuid = randomUUID();
+    return {
+        crypto: {
+            kdf: {
+                function: 'pbkdf2',
+                params: {
+                    dklen: 32,
+                    c: 262144,
+                    prf: 'hmac-sha256',
+                    salt: salt.toString('hex')
+                },
+                message: ''
+            },
+            checksum: {
+                function: 'sha256',
+                params: {},
+                message: checksum.toString('hex')
+            },
+            cipher: {
+                function: 'aes-128-ctr',
+                params: {
+                    iv: iv.toString('hex')
+                },
+                message: ciphertext.toString('hex')
+            }
+        },
+        description: ensureHex(pubkeyHex),
+        pubkey: pubkeyHex,
+        path: derivationPath ?? '',
+        uuid,
+        version: 4
+    };
+}
+/**
+ * Loads and validates a BN254 keystore file.
+ *
+ * @param filePath - Path to the BN254 keystore JSON file
+ * @returns Validated keystore object
+ * @throws Bn254KeystoreError if file cannot be read or validated
+ */ export function loadBn254Keystore(filePath) {
+    try {
+        const content = readFileSync(filePath, 'utf-8');
+        const json = JSON.parse(content);
+        return bn254KeystoreSchema.parse(json);
+    } catch (error) {
+        if (error instanceof SyntaxError) {
+            throw new Bn254KeystoreError(`Invalid JSON in keystore file: ${filePath}`, error);
+        }
+        if (error && typeof error === 'object' && 'issues' in error) {
+            const issues = error.issues ?? [];
+            const message = issues.map((e)=>`${e.message} at ${e.path?.join('.') ?? 'root'}`).join('; ');
+            throw new Bn254KeystoreError(`Invalid BN254 keystore format: ${message}`);
+        }
+        throw new Bn254KeystoreError(`Failed to load keystore from ${filePath}: ${String(error)}`, error);
+    }
+}
+/**
+ * Decrypts a BN254 BLS private key from a keystore file.
+ *
+ * @param filePath - Path to the BN254 keystore JSON file
+ * @param password - Password to decrypt the keystore
+ * @returns Decrypted private key as 0x-prefixed hex string (32 bytes)
+ * @throws Bn254KeystoreError if decryption fails or checksum is invalid
+ */ export function decryptBn254Keystore(filePath, password) {
+    const keystore = loadBn254Keystore(filePath);
+    return decryptBn254KeystoreFromObject(keystore, password);
+}
+/**
+ * Decrypts a BN254 BLS private key from a keystore object.
+ *
+ * @param keystore - BN254 keystore object
+ * @param password - Password to decrypt the keystore
+ * @returns Decrypted private key as 0x-prefixed hex string (32 bytes)
+ * @throws Bn254KeystoreError if decryption fails or checksum is invalid
+ */ export function decryptBn254KeystoreFromObject(keystore, password) {
+    try {
+        const { crypto } = keystore;
+        // Only support PBKDF2 + AES-128-CTR (as per our implementation)
+        if (crypto.kdf.function !== 'pbkdf2') {
+            throw new Bn254KeystoreError(`Unsupported KDF function: ${crypto.kdf.function}`);
+        }
+        if (crypto.cipher.function !== 'aes-128-ctr') {
+            throw new Bn254KeystoreError(`Unsupported cipher function: ${crypto.cipher.function}`);
+        }
+        // Derive decryption key using PBKDF2
+        const salt = Buffer.from(crypto.kdf.params.salt, 'hex');
+        const dk = pbkdf2Sync(Buffer.from(password.normalize('NFKD'), 'utf8'), salt, crypto.kdf.params.c, crypto.kdf.params.dklen, 'sha256');
+        const cipherKey = dk.subarray(0, 16);
+        const checksumKey = dk.subarray(16, 32);
+        // Decrypt the ciphertext
+        const iv = Buffer.from(crypto.cipher.params.iv, 'hex');
+        const ciphertext = Buffer.from(crypto.cipher.message, 'hex');
+        const decipher = createDecipheriv('aes-128-ctr', cipherKey, iv);
+        const decrypted = Buffer.concat([
+            decipher.update(ciphertext),
+            decipher.final()
+        ]);
+        // Verify checksum
+        const computedChecksum = createHash('sha256').update(Buffer.concat([
+            checksumKey,
+            ciphertext
+        ])).digest();
+        const expectedChecksum = Buffer.from(crypto.checksum.message, 'hex');
+        if (!computedChecksum.equals(expectedChecksum)) {
+            throw new Bn254KeystoreError('Checksum verification failed - incorrect password or corrupted keystore');
+        }
+        // Return as 0x-prefixed hex
+        return '0x' + decrypted.toString('hex');
+    } catch (error) {
+        if (error instanceof Bn254KeystoreError) {
+            throw error;
+        }
+        throw new Bn254KeystoreError(`Failed to decrypt keystore: ${String(error)}`, error);
+    }
+}
+/**
+ * Validates that a decrypted private key matches the public key in the keystore.
+ *
+ * @param privateKeyHex - Decrypted private key (0x-prefixed)
+ * @param expectedPubkey - Expected public key from keystore
+ * @param computePublicKey - Function to compute public key from private key
+ * @returns true if keys match, false otherwise
+ */ export function verifyBn254Keypair(privateKeyHex, expectedPubkey, computePublicKey) {
+    try {
+        const computedPubkey = computePublicKey(privateKeyHex);
+        const normalizedExpected = expectedPubkey.toLowerCase().replace(/^0x/i, '');
+        const normalizedComputed = computedPubkey.toLowerCase().replace(/^0x/i, '');
+        return normalizedExpected === normalizedComputed;
+    } catch  {
+        return false;
+    }
+}

package/dest/crypto/bls/index.d.ts

@@ -0,0 +1,13 @@
+import type { Hex } from '@aztec/foundation/string';
+export declare function deriveBlsPrivateKey(mnemonic: string | undefined, ikm: string | undefined, path: string): Hex<32>;
+/**
+ * Deterministically derive a BN254 BLS private key from mnemonic and derivation path.
+ * Returns a 0x-prefixed 32-byte hex string representing an Fr in [1, r-1].
+ */
+export declare function deriveBlsKeyFromMnemonic(mnemonic: string, derivationPath: string, passphrase?: string): string;
+/**
+ * Deterministically derive a BN254 BLS private key from input keying material (IKM) and derivation path.
+ * Returns a 0x-prefixed 32-byte hex string representing an Fr in [1, r-1].
+ */
+export declare function deriveBlsKeyFromEntropy(ikm: string, derivationPath: string): string;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jcnlwdG8vYmxzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sS0FBSyxFQUFFLEdBQUcsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBUXBELHdCQUFnQixtQkFBbUIsQ0FBQyxRQUFRLEVBQUUsTUFBTSxHQUFHLFNBQVMsRUFBRSxHQUFHLEVBQUUsTUFBTSxHQUFHLFNBQVMsRUFBRSxJQUFJLEVBQUUsTUFBTSxHQUFHLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FRaEg7QUFFRDs7O0dBR0c7QUFDSCx3QkFBZ0Isd0JBQXdCLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsTUFBTSxFQUFFLFVBQVUsU0FBSyxHQUFHLE1BQU0sQ0FLMUc7QUFFRDs7O0dBR0c7QUFDSCx3QkFBZ0IsdUJBQXVCLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsTUFBTSxHQUFHLE1BQU0sQ0FLbkYifQ==

package/dest/crypto/bls/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/crypto/bls/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,0BAA0B,CAAC;AAQpD,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,EAAE,GAAG,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,CAQhH;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,SAAK,GAAG,MAAM,CAK1G;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAKnF"}

package/dest/crypto/bls/index.js

@@ -0,0 +1,87 @@
+import { Fr } from '@aztec/foundation/curves/bn254';
+import { mod } from '@noble/curves/abstract/modular';
+import { bytesToNumberBE } from '@noble/curves/abstract/utils';
+import { hmac } from '@noble/hashes/hmac';
+import { sha512 } from '@noble/hashes/sha2';
+import { mnemonicToSeedSync } from '@scure/bip39';
+export function deriveBlsPrivateKey(mnemonic, ikm, path) {
+    if (ikm) {
+        return deriveBlsKeyFromEntropy(ikm, path);
+    }
+    if (!mnemonic) {
+        throw new Error('Either mnemonic or ikm must be provided for BLS derivation');
+    }
+    return deriveBlsKeyFromMnemonic(mnemonic, path);
+}
+/**
+ * Deterministically derive a BN254 BLS private key from mnemonic and derivation path.
+ * Returns a 0x-prefixed 32-byte hex string representing an Fr in [1, r-1].
+ */ export function deriveBlsKeyFromMnemonic(mnemonic, derivationPath, passphrase = '') {
+    const seed = Buffer.from(mnemonicToSeedSync(mnemonic, passphrase)); // 64 bytes
+    const data = Buffer.concat([
+        Buffer.from([
+            0x00
+        ]),
+        seed,
+        Buffer.from(derivationPath, 'utf8')
+    ]);
+    const sk = deriveBn254ScalarFromData(data);
+    return `0x${toFixed32(sk).toString('hex')}`;
+}
+/**
+ * Deterministically derive a BN254 BLS private key from input keying material (IKM) and derivation path.
+ * Returns a 0x-prefixed 32-byte hex string representing an Fr in [1, r-1].
+ */ export function deriveBlsKeyFromEntropy(ikm, derivationPath) {
+    const ikmBytes = parseIkm(ikm);
+    const data = Buffer.concat([
+        Buffer.from([
+            0x01
+        ]),
+        ikmBytes,
+        Buffer.from(derivationPath, 'utf8')
+    ]);
+    const sk = deriveBn254ScalarFromData(data);
+    return `0x${toFixed32(sk).toString('hex')}`;
+}
+function deriveBn254ScalarFromData(data) {
+    // Domain-separated HMAC-SHA512, then map to BN254 Fr using noble modular math. Retry on zero.
+    const domainKey = Buffer.from('Aztec bn254 key', 'utf8');
+    for(let counter = 0;; counter = counter + 1 & 0xff){
+        const msg = counter === 0 ? data : Buffer.concat([
+            data,
+            Buffer.from([
+                counter
+            ])
+        ]);
+        const digest = hmac(sha512, domainKey, msg); // 64 bytes
+        const x = bytesToNumberBE(digest);
+        const sk = mod(x, Fr.MODULUS);
+        if (sk !== 0n) {
+            return sk;
+        }
+    }
+}
+function parseIkm(ikm) {
+    const hexMatch = ikm.replace(/^0x/i, '');
+    if (/^[0-9a-fA-F]+$/.test(hexMatch) && hexMatch.length >= 2) {
+        const normalized = hexMatch.length % 2 === 1 ? `0${hexMatch}` : hexMatch;
+        return Buffer.from(normalized, 'hex');
+    }
+    return Buffer.from(ikm, 'utf8');
+}
+function toFixed32(x) {
+    const hex = x.toString(16);
+    const padded = hex.length % 2 === 1 ? `0${hex}` : hex;
+    const buf = Buffer.from(padded, 'hex');
+    if (buf.length === 32) {
+        return buf;
+    }
+    if (buf.length < 32) {
+        return Buffer.concat([
+            Buffer.alloc(32 - buf.length, 0),
+            buf
+        ]);
+    }
+    // Should never happen since x < bn254.Fr.ORDER < 2^256, but guard anyway
+    return buf.subarray(buf.length - 32);
+}

package/dest/crypto/bn254/index.d.ts

@@ -0,0 +1,39 @@
+/**
+ * BN254 utility functions for point operations.
+ * Provides compression, decompression, and public key generation for the BN254 curve.
+ * Uses the bb.js Barretenberg backend for point operations.
+ */
+/**
+ * Generate a compressed BN254 G1 public key from a private key.
+ *
+ * @param privateKeyHex - Private key as 0x-prefixed hex string
+ * @returns Compressed G1 point (32 bytes with sign bit in MSB)
+ */
+export declare function computeBn254G1PublicKeyCompressed(privateKeyHex: string): Promise<string>;
+/**
+ * Generate uncompressed BN254 G1 public key from a private key.
+ *
+ * @param privateKeyHex - Private key as 0x-prefixed hex string
+ * @returns G1 point in affine coordinates
+ */
+export declare function computeBn254G1PublicKey(privateKeyHex: string): Promise<{
+    x: bigint;
+    y: bigint;
+}>;
+/**
+ * Generate BN254 G2 public key from a private key.
+ *
+ * @param privateKeyHex - Private key as 0x-prefixed hex string
+ * @returns G2 point in affine coordinates
+ */
+export declare function computeBn254G2PublicKey(privateKeyHex: string): Promise<{
+    x: {
+        c0: bigint;
+        c1: bigint;
+    };
+    y: {
+        c0: bigint;
+        c1: bigint;
+    };
+}>;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jcnlwdG8vYm4yNTQvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBR0E7Ozs7R0FJRztBQUVIOzs7OztHQUtHO0FBQ0gsd0JBQXNCLGlDQUFpQyxDQUFDLGFBQWEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQVU5RjtBQUVEOzs7OztHQUtHO0FBQ0gsd0JBQXNCLHVCQUF1QixDQUFDLGFBQWEsRUFBRSxNQUFNLEdBQUcsT0FBTyxDQUFDO0lBQUUsQ0FBQyxFQUFFLE1BQU0sQ0FBQztJQUFDLENBQUMsRUFBRSxNQUFNLENBQUE7Q0FBRSxDQUFDLENBUXRHO0FBRUQ7Ozs7O0dBS0c7QUFDSCx3QkFBc0IsdUJBQXVCLENBQUMsYUFBYSxFQUFFLE1BQU0sR0FBRyxPQUFPLENBQUM7SUFDNUUsQ0FBQyxFQUFFO1FBQUUsRUFBRSxFQUFFLE1BQU0sQ0FBQztRQUFDLEVBQUUsRUFBRSxNQUFNLENBQUE7S0FBRSxDQUFDO0lBQzlCLENBQUMsRUFBRTtRQUFFLEVBQUUsRUFBRSxNQUFNLENBQUM7UUFBQyxFQUFFLEVBQUUsTUFBTSxDQUFBO0tBQUUsQ0FBQztDQUMvQixDQUFDLENBV0QifQ==

package/dest/crypto/bn254/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/crypto/bn254/index.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AAEH;;;;;GAKG;AACH,wBAAsB,iCAAiC,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAU9F;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAQtG;AAED;;;;;GAKG;AACH,wBAAsB,uBAAuB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;IAC5E,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAC9B,CAAC,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/B,CAAC,CAWD"}