@aztec/key-store 0.0.0-test.0

package/README.md

@@ -0,0 +1,3 @@
+# Key Store
+
+A key store is an input component for the [PXEService](../pxe/) to manage keys securely. It provides a secure environment and interfaces for users to manage their keys. When the PXEService requests keys and signatures from the key store, a well-designed key store should prompt users to authorize the requested action before sending any sensitive information to the PXEService. This helps to ensure that sensitive data, such as private keys, is not accessible to unauthorized parties. Additionally, the key store should provide robust protection mechanisms such as encryption, multi-factor authentication, and backup/restore functionalities to prevent data loss or theft.

package/dest/index.d.ts

@@ -0,0 +1,2 @@
+export * from './key_store.js';
+//# sourceMappingURL=index.d.ts.map

package/dest/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC"}

package/dest/index.js

@@ -0,0 +1 @@
+export * from './key_store.js';

package/dest/key_store.d.ts

@@ -0,0 +1,99 @@
+import { Fr, GrumpkinScalar } from '@aztec/foundation/fields';
+import { type Bufferable } from '@aztec/foundation/serialize';
+import type { AztecAsyncKVStore } from '@aztec/kv-store';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { CompleteAddress, type PartialAddress } from '@aztec/stdlib/contract';
+import { KeyValidationRequest } from '@aztec/stdlib/kernel';
+import { type KeyPrefix, type PublicKey } from '@aztec/stdlib/keys';
+/**
+ * Used for managing keys. Can hold keys of multiple accounts.
+ */
+export declare class KeyStore {
+    #private;
+    static readonly SCHEMA_VERSION = 1;
+    constructor(database: AztecAsyncKVStore);
+    /**
+     * Creates a new account from a randomly generated secret key.
+     * @returns A promise that resolves to the newly created account's CompleteAddress.
+     */
+    createAccount(): Promise<CompleteAddress>;
+    /**
+     * Adds an account to the key store from the provided secret key.
+     * @param sk - The secret key of the account.
+     * @param partialAddress - The partial address of the account.
+     * @returns The account's complete address.
+     */
+    addAccount(sk: Fr, partialAddress: PartialAddress): Promise<CompleteAddress>;
+    /**
+     * Retrieves addresses of accounts stored in the key store.
+     * @returns A Promise that resolves to an array of account addresses.
+     */
+    getAccounts(): Promise<AztecAddress[]>;
+    /**
+     * Gets the key validation request for a given master public key hash and contract address.
+     * @throws If the account corresponding to the master public key hash does not exist in the key store.
+     * @param pkMHash - The master public key hash.
+     * @param contractAddress - The contract address to silo the secret key in the key validation request with.
+     * @returns The key validation request.
+     */
+    getKeyValidationRequest(pkMHash: Fr, contractAddress: AztecAddress): Promise<KeyValidationRequest>;
+    /**
+     * Gets the master nullifier public key for a given account.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account address for which to retrieve the master nullifier public key.
+     * @returns The master nullifier public key for the account.
+     */
+    getMasterNullifierPublicKey(account: AztecAddress): Promise<PublicKey>;
+    /**
+     * Gets the master incoming viewing public key for a given account.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account address for which to retrieve the master incoming viewing public key.
+     * @returns The master incoming viewing public key for the account.
+     */
+    getMasterIncomingViewingPublicKey(account: AztecAddress): Promise<PublicKey>;
+    /**
+     * Retrieves the master outgoing viewing public key.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account to retrieve the master outgoing viewing key for.
+     * @returns A Promise that resolves to the master outgoing viewing key.
+     */
+    getMasterOutgoingViewingPublicKey(account: AztecAddress): Promise<PublicKey>;
+    /**
+     * Retrieves the master tagging public key.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account to retrieve the master tagging key for.
+     * @returns A Promise that resolves to the master tagging key.
+     */
+    getMasterTaggingPublicKey(account: AztecAddress): Promise<PublicKey>;
+    /**
+     * Retrieves master incoming viewing secret key.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account to retrieve the master incoming viewing secret key for.
+     * @returns A Promise that resolves to the master incoming viewing secret key.
+     */
+    getMasterIncomingViewingSecretKey(account: AztecAddress): Promise<GrumpkinScalar>;
+    /**
+     * Retrieves application outgoing viewing secret key.
+     * @throws If the account does not exist in the key store.
+     * @param account - The account to retrieve the application outgoing viewing secret key for.
+     * @param app - The application address to retrieve the outgoing viewing secret key for.
+     * @returns A Promise that resolves to the application outgoing viewing secret key.
+     */
+    getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr>;
+    /**
+     * Retrieves the sk_m corresponding to the pk_m.
+     * @throws If the provided public key is not associated with any of the registered accounts.
+     * @param pkM - The master public key to get secret key for.
+     * @returns A Promise that resolves to sk_m.
+     * @dev Used when feeding the sk_m to the kernel circuit for keys verification.
+     */
+    getMasterSecretKey(pkM: PublicKey): Promise<GrumpkinScalar>;
+    /**
+     * Gets the key prefix and account address for a given value.
+     * @returns A tuple containing the key prefix and account address.
+     * @dev Note that this is quite inefficient but it should not matter because there should never be too many keys
+     * in the key store.
+     */
+    getKeyPrefixAndAccount(value: Bufferable): Promise<[KeyPrefix, AztecAddress]>;
+}
+//# sourceMappingURL=key_store.d.ts.map

package/dest/key_store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key_store.d.ts","sourceRoot":"","sources":["../src/key_store.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,EAAE,EAAE,cAAc,EAAS,MAAM,0BAA0B,CAAC;AAErE,OAAO,EAAE,KAAK,UAAU,EAAqB,MAAM,6BAA6B,CAAC;AACjF,OAAO,KAAK,EAAE,iBAAiB,EAAiB,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,SAAS,EAIf,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,qBAAa,QAAQ;;IACnB,gBAAuB,cAAc,KAAK;gBAG9B,QAAQ,EAAE,iBAAiB;IAIvC;;;OAGG;IACI,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC;IAMhD;;;;;OAKG;IACU,UAAU,CAAC,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;IAsCzF;;;OAGG;IACU,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAOnD;;;;;;OAMG;IACU,uBAAuB,CAAC,OAAO,EAAE,EAAE,EAAE,eAAe,EAAE,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAuC/G;;;;;OAKG;IACU,2BAA2B,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUnF;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUzF;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUzF;;;;;OAKG;IACU,yBAAyB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUjF;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC;IAU9F;;;;;;OAMG;IACU,8BAA8B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC;IAelG;;;;;;OAMG;IACU,kBAAkB,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,cAAc,CAAC;IAmBxE;;;;;OAKG;IACU,sBAAsB,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;CAe3F"}

package/dest/key_store.js

@@ -0,0 +1,219 @@
+import { GeneratorIndex } from '@aztec/constants';
+import { poseidon2HashWithSeparator } from '@aztec/foundation/crypto';
+import { Fr, GrumpkinScalar, Point } from '@aztec/foundation/fields';
+import { toArray } from '@aztec/foundation/iterable';
+import { serializeToBuffer } from '@aztec/foundation/serialize';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { CompleteAddress } from '@aztec/stdlib/contract';
+import { KeyValidationRequest } from '@aztec/stdlib/kernel';
+import { KEY_PREFIXES, computeAppSecretKey, deriveKeys, derivePublicKeyFromSecretKey } from '@aztec/stdlib/keys';
+/**
+ * Used for managing keys. Can hold keys of multiple accounts.
+ */ export class KeyStore {
+    static SCHEMA_VERSION = 1;
+    #keys;
+    constructor(database){
+        this.#keys = database.openMap('key_store');
+    }
+    /**
+   * Creates a new account from a randomly generated secret key.
+   * @returns A promise that resolves to the newly created account's CompleteAddress.
+   */ createAccount() {
+        const sk = Fr.random();
+        const partialAddress = Fr.random();
+        return this.addAccount(sk, partialAddress);
+    }
+    /**
+   * Adds an account to the key store from the provided secret key.
+   * @param sk - The secret key of the account.
+   * @param partialAddress - The partial address of the account.
+   * @returns The account's complete address.
+   */ async addAccount(sk, partialAddress) {
+        const { masterNullifierSecretKey, masterIncomingViewingSecretKey, masterOutgoingViewingSecretKey, masterTaggingSecretKey, publicKeys } = await deriveKeys(sk);
+        const completeAddress = await CompleteAddress.fromSecretKeyAndPartialAddress(sk, partialAddress);
+        const { address: account } = completeAddress;
+        // Naming of keys is as follows ${account}-${n/iv/ov/t}${sk/pk}_m
+        await this.#keys.set(`${account.toString()}-ivsk_m`, masterIncomingViewingSecretKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-ovsk_m`, masterOutgoingViewingSecretKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-tsk_m`, masterTaggingSecretKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-nsk_m`, masterNullifierSecretKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-npk_m`, publicKeys.masterNullifierPublicKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-ivpk_m`, publicKeys.masterIncomingViewingPublicKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-ovpk_m`, publicKeys.masterOutgoingViewingPublicKey.toBuffer());
+        await this.#keys.set(`${account.toString()}-tpk_m`, publicKeys.masterTaggingPublicKey.toBuffer());
+        // We store pk_m_hash under `account-{n/iv/ov/t}pk_m_hash` key to be able to obtain address and key prefix
+        // using the #getKeyPrefixAndAccount function later on
+        const masterNullifierPublicKeyHash = await publicKeys.masterNullifierPublicKey.hash();
+        await this.#keys.set(`${account.toString()}-npk_m_hash`, masterNullifierPublicKeyHash.toBuffer());
+        const masterIncomingViewingPublicKeyHash = await publicKeys.masterIncomingViewingPublicKey.hash();
+        await this.#keys.set(`${account.toString()}-ivpk_m_hash`, masterIncomingViewingPublicKeyHash.toBuffer());
+        const masterOutgoingViewingPublicKeyHash = await publicKeys.masterOutgoingViewingPublicKey.hash();
+        await this.#keys.set(`${account.toString()}-ovpk_m_hash`, masterOutgoingViewingPublicKeyHash.toBuffer());
+        const masterTaggingPublicKeyHash = await publicKeys.masterTaggingPublicKey.hash();
+        await this.#keys.set(`${account.toString()}-tpk_m_hash`, masterTaggingPublicKeyHash.toBuffer());
+        // At last, we return the newly derived account address
+        return completeAddress;
+    }
+    /**
+   * Retrieves addresses of accounts stored in the key store.
+   * @returns A Promise that resolves to an array of account addresses.
+   */ async getAccounts() {
+        const allMapKeys = await toArray(this.#keys.keysAsync());
+        // We return account addresses based on the map keys that end with '-ivsk_m'
+        const accounts = allMapKeys.filter((key)=>key.endsWith('-ivsk_m')).map((key)=>key.split('-')[0]);
+        return accounts.map((account)=>AztecAddress.fromString(account));
+    }
+    /**
+   * Gets the key validation request for a given master public key hash and contract address.
+   * @throws If the account corresponding to the master public key hash does not exist in the key store.
+   * @param pkMHash - The master public key hash.
+   * @param contractAddress - The contract address to silo the secret key in the key validation request with.
+   * @returns The key validation request.
+   */ async getKeyValidationRequest(pkMHash, contractAddress) {
+        const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkMHash);
+        // Now we find the master public key for the account
+        const pkMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}pk_m`);
+        if (!pkMBuffer) {
+            throw new Error(`Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
+        }
+        const pkM = Point.fromBuffer(pkMBuffer);
+        const computedPkMHash = await pkM.hash();
+        if (!computedPkMHash.equals(pkMHash)) {
+            throw new Error(`Could not find ${keyPrefix}pkM for ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
+        }
+        // Now we find the secret key for the public key
+        const skMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}sk_m`);
+        if (!skMBuffer) {
+            throw new Error(`Could not find ${keyPrefix}sk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
+        }
+        const skM = GrumpkinScalar.fromBuffer(skMBuffer);
+        // We sanity check that it's possible to derive the public key from the secret key
+        const derivedPkM = await derivePublicKeyFromSecretKey(skM);
+        if (!derivedPkM.equals(pkM)) {
+            throw new Error(`Could not derive ${keyPrefix}pkM from ${keyPrefix}skM.`);
+        }
+        // At last we silo the secret key and return the key validation request
+        const skApp = await computeAppSecretKey(skM, contractAddress, keyPrefix);
+        return new KeyValidationRequest(pkM, skApp);
+    }
+    /**
+   * Gets the master nullifier public key for a given account.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account address for which to retrieve the master nullifier public key.
+   * @returns The master nullifier public key for the account.
+   */ async getMasterNullifierPublicKey(account) {
+        const masterNullifierPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-npk_m`);
+        if (!masterNullifierPublicKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        return Point.fromBuffer(masterNullifierPublicKeyBuffer);
+    }
+    /**
+   * Gets the master incoming viewing public key for a given account.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account address for which to retrieve the master incoming viewing public key.
+   * @returns The master incoming viewing public key for the account.
+   */ async getMasterIncomingViewingPublicKey(account) {
+        const masterIncomingViewingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ivpk_m`);
+        if (!masterIncomingViewingPublicKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        return Point.fromBuffer(masterIncomingViewingPublicKeyBuffer);
+    }
+    /**
+   * Retrieves the master outgoing viewing public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master outgoing viewing key for.
+   * @returns A Promise that resolves to the master outgoing viewing key.
+   */ async getMasterOutgoingViewingPublicKey(account) {
+        const masterOutgoingViewingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ovpk_m`);
+        if (!masterOutgoingViewingPublicKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        return Point.fromBuffer(masterOutgoingViewingPublicKeyBuffer);
+    }
+    /**
+   * Retrieves the master tagging public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master tagging key for.
+   * @returns A Promise that resolves to the master tagging key.
+   */ async getMasterTaggingPublicKey(account) {
+        const masterTaggingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-tpk_m`);
+        if (!masterTaggingPublicKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        return Point.fromBuffer(masterTaggingPublicKeyBuffer);
+    }
+    /**
+   * Retrieves master incoming viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master incoming viewing secret key for.
+   * @returns A Promise that resolves to the master incoming viewing secret key.
+   */ async getMasterIncomingViewingSecretKey(account) {
+        const masterIncomingViewingSecretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ivsk_m`);
+        if (!masterIncomingViewingSecretKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        return GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer);
+    }
+    /**
+   * Retrieves application outgoing viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application outgoing viewing secret key for.
+   * @param app - The application address to retrieve the outgoing viewing secret key for.
+   * @returns A Promise that resolves to the application outgoing viewing secret key.
+   */ async getAppOutgoingViewingSecretKey(account, app) {
+        const masterOutgoingViewingSecretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ovsk_m`);
+        if (!masterOutgoingViewingSecretKeyBuffer) {
+            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
+        }
+        const masterOutgoingViewingSecretKey = GrumpkinScalar.fromBuffer(masterOutgoingViewingSecretKeyBuffer);
+        return poseidon2HashWithSeparator([
+            masterOutgoingViewingSecretKey.hi,
+            masterOutgoingViewingSecretKey.lo,
+            app
+        ], GeneratorIndex.OVSK_M);
+    }
+    /**
+   * Retrieves the sk_m corresponding to the pk_m.
+   * @throws If the provided public key is not associated with any of the registered accounts.
+   * @param pkM - The master public key to get secret key for.
+   * @returns A Promise that resolves to sk_m.
+   * @dev Used when feeding the sk_m to the kernel circuit for keys verification.
+   */ async getMasterSecretKey(pkM) {
+        const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkM);
+        const secretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}sk_m`);
+        if (!secretKeyBuffer) {
+            throw new Error(`Could not find ${keyPrefix}sk_m for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`);
+        }
+        const skM = GrumpkinScalar.fromBuffer(secretKeyBuffer);
+        const derivedpkM = await derivePublicKeyFromSecretKey(skM);
+        if (!derivedpkM.equals(pkM)) {
+            throw new Error(`Could not find ${keyPrefix}skM for ${keyPrefix}pkM ${pkM.toString()} in secret keys buffer.`);
+        }
+        return Promise.resolve(skM);
+    }
+    /**
+   * Gets the key prefix and account address for a given value.
+   * @returns A tuple containing the key prefix and account address.
+   * @dev Note that this is quite inefficient but it should not matter because there should never be too many keys
+   * in the key store.
+   */ async getKeyPrefixAndAccount(value) {
+        const valueBuffer = serializeToBuffer(value);
+        for await (const [key, val] of this.#keys.entriesAsync()){
+            // Browser returns Uint8Array, Node.js returns Buffer
+            if (Buffer.from(val).equals(valueBuffer)) {
+                for (const prefix of KEY_PREFIXES){
+                    if (key.includes(`-${prefix}`)) {
+                        const account = AztecAddress.fromString(key.split('-')[0]);
+                        return [
+                            prefix,
+                            account
+                        ];
+                    }
+                }
+            }
+        }
+        throw new Error(`Could not find key prefix.`);
+    }
+}

package/package.json

@@ -0,0 +1,81 @@
+{
+  "name": "@aztec/key-store",
+  "version": "0.0.0-test.0",
+  "type": "module",
+  "exports": "./dest/index.js",
+  "typedocOptions": {
+    "entryPoints": [
+      "./src/index.ts"
+    ],
+    "name": "KeyStore",
+    "tsconfig": "./tsconfig.json"
+  },
+  "scripts": {
+    "build": "yarn clean && tsc -b",
+    "build:dev": "tsc -b --watch",
+    "clean": "rm -rf ./dest .tsbuildinfo",
+    "formatting": "run -T prettier --check ./src && run -T eslint ./src",
+    "formatting:fix": "run -T eslint --fix ./src && run -T prettier -w ./src",
+    "test": "NODE_NO_WARNINGS=1 node --experimental-vm-modules ../node_modules/.bin/jest --passWithNoTests --maxWorkers=${JEST_MAX_WORKERS:-8}"
+  },
+  "inherits": [
+    "../package.common.json"
+  ],
+  "jest": {
+    "moduleNameMapper": {
+      "^(\\.{1,2}/.*)\\.[cm]?js$": "$1"
+    },
+    "testRegex": "./src/.*\\.test\\.(js|mjs|ts)$",
+    "rootDir": "./src",
+    "transform": {
+      "^.+\\.tsx?$": [
+        "@swc/jest",
+        {
+          "jsc": {
+            "parser": {
+              "syntax": "typescript",
+              "decorators": true
+            },
+            "transform": {
+              "decoratorVersion": "2022-03"
+            }
+          }
+        }
+      ]
+    },
+    "extensionsToTreatAsEsm": [
+      ".ts"
+    ],
+    "reporters": [
+      "default"
+    ],
+    "testTimeout": 120000,
+    "setupFiles": [
+      "../../foundation/src/jest/setup.mjs"
+    ]
+  },
+  "dependencies": {
+    "@aztec/constants": "0.0.0-test.0",
+    "@aztec/foundation": "0.0.0-test.0",
+    "@aztec/kv-store": "0.0.0-test.0",
+    "@aztec/stdlib": "0.0.0-test.0",
+    "tslib": "^2.4.0"
+  },
+  "devDependencies": {
+    "@jest/globals": "^29.5.0",
+    "@types/jest": "^29.5.0",
+    "@types/node": "^18.7.23",
+    "jest": "^29.5.0",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.0.4"
+  },
+  "files": [
+    "dest",
+    "src",
+    "!*.test.*"
+  ],
+  "types": "./dest/index.d.ts",
+  "engines": {
+    "node": ">=18"
+  }
+}

package/src/index.ts

@@ -0,0 +1 @@
+export * from './key_store.js';

package/src/key_store.ts

@@ -0,0 +1,290 @@
+import { GeneratorIndex } from '@aztec/constants';
+import { poseidon2HashWithSeparator } from '@aztec/foundation/crypto';
+import { Fr, GrumpkinScalar, Point } from '@aztec/foundation/fields';
+import { toArray } from '@aztec/foundation/iterable';
+import { type Bufferable, serializeToBuffer } from '@aztec/foundation/serialize';
+import type { AztecAsyncKVStore, AztecAsyncMap } from '@aztec/kv-store';
+import { AztecAddress } from '@aztec/stdlib/aztec-address';
+import { CompleteAddress, type PartialAddress } from '@aztec/stdlib/contract';
+import { KeyValidationRequest } from '@aztec/stdlib/kernel';
+import {
+  KEY_PREFIXES,
+  type KeyPrefix,
+  type PublicKey,
+  computeAppSecretKey,
+  deriveKeys,
+  derivePublicKeyFromSecretKey,
+} from '@aztec/stdlib/keys';
+
+/**
+ * Used for managing keys. Can hold keys of multiple accounts.
+ */
+export class KeyStore {
+  public static readonly SCHEMA_VERSION = 1;
+  #keys: AztecAsyncMap<string, Buffer>;
+
+  constructor(database: AztecAsyncKVStore) {
+    this.#keys = database.openMap('key_store');
+  }
+
+  /**
+   * Creates a new account from a randomly generated secret key.
+   * @returns A promise that resolves to the newly created account's CompleteAddress.
+   */
+  public createAccount(): Promise<CompleteAddress> {
+    const sk = Fr.random();
+    const partialAddress = Fr.random();
+    return this.addAccount(sk, partialAddress);
+  }
+
+  /**
+   * Adds an account to the key store from the provided secret key.
+   * @param sk - The secret key of the account.
+   * @param partialAddress - The partial address of the account.
+   * @returns The account's complete address.
+   */
+  public async addAccount(sk: Fr, partialAddress: PartialAddress): Promise<CompleteAddress> {
+    const {
+      masterNullifierSecretKey,
+      masterIncomingViewingSecretKey,
+      masterOutgoingViewingSecretKey,
+      masterTaggingSecretKey,
+      publicKeys,
+    } = await deriveKeys(sk);
+
+    const completeAddress = await CompleteAddress.fromSecretKeyAndPartialAddress(sk, partialAddress);
+    const { address: account } = completeAddress;
+
+    // Naming of keys is as follows ${account}-${n/iv/ov/t}${sk/pk}_m
+    await this.#keys.set(`${account.toString()}-ivsk_m`, masterIncomingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ovsk_m`, masterOutgoingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-tsk_m`, masterTaggingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-nsk_m`, masterNullifierSecretKey.toBuffer());
+
+    await this.#keys.set(`${account.toString()}-npk_m`, publicKeys.masterNullifierPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ivpk_m`, publicKeys.masterIncomingViewingPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ovpk_m`, publicKeys.masterOutgoingViewingPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-tpk_m`, publicKeys.masterTaggingPublicKey.toBuffer());
+
+    // We store pk_m_hash under `account-{n/iv/ov/t}pk_m_hash` key to be able to obtain address and key prefix
+    // using the #getKeyPrefixAndAccount function later on
+    const masterNullifierPublicKeyHash = await publicKeys.masterNullifierPublicKey.hash();
+    await this.#keys.set(`${account.toString()}-npk_m_hash`, masterNullifierPublicKeyHash.toBuffer());
+    const masterIncomingViewingPublicKeyHash = await publicKeys.masterIncomingViewingPublicKey.hash();
+    await this.#keys.set(`${account.toString()}-ivpk_m_hash`, masterIncomingViewingPublicKeyHash.toBuffer());
+    const masterOutgoingViewingPublicKeyHash = await publicKeys.masterOutgoingViewingPublicKey.hash();
+    await this.#keys.set(`${account.toString()}-ovpk_m_hash`, masterOutgoingViewingPublicKeyHash.toBuffer());
+    const masterTaggingPublicKeyHash = await publicKeys.masterTaggingPublicKey.hash();
+    await this.#keys.set(`${account.toString()}-tpk_m_hash`, masterTaggingPublicKeyHash.toBuffer());
+
+    // At last, we return the newly derived account address
+    return completeAddress;
+  }
+
+  /**
+   * Retrieves addresses of accounts stored in the key store.
+   * @returns A Promise that resolves to an array of account addresses.
+   */
+  public async getAccounts(): Promise<AztecAddress[]> {
+    const allMapKeys = await toArray(this.#keys.keysAsync());
+    // We return account addresses based on the map keys that end with '-ivsk_m'
+    const accounts = allMapKeys.filter(key => key.endsWith('-ivsk_m')).map(key => key.split('-')[0]);
+    return accounts.map(account => AztecAddress.fromString(account));
+  }
+
+  /**
+   * Gets the key validation request for a given master public key hash and contract address.
+   * @throws If the account corresponding to the master public key hash does not exist in the key store.
+   * @param pkMHash - The master public key hash.
+   * @param contractAddress - The contract address to silo the secret key in the key validation request with.
+   * @returns The key validation request.
+   */
+  public async getKeyValidationRequest(pkMHash: Fr, contractAddress: AztecAddress): Promise<KeyValidationRequest> {
+    const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkMHash);
+
+    // Now we find the master public key for the account
+    const pkMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}pk_m`);
+    if (!pkMBuffer) {
+      throw new Error(
+        `Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
+      );
+    }
+
+    const pkM = Point.fromBuffer(pkMBuffer);
+    const computedPkMHash = await pkM.hash();
+    if (!computedPkMHash.equals(pkMHash)) {
+      throw new Error(`Could not find ${keyPrefix}pkM for ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
+    }
+
+    // Now we find the secret key for the public key
+    const skMBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}sk_m`);
+    if (!skMBuffer) {
+      throw new Error(
+        `Could not find ${keyPrefix}sk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
+      );
+    }
+
+    const skM = GrumpkinScalar.fromBuffer(skMBuffer);
+
+    // We sanity check that it's possible to derive the public key from the secret key
+    const derivedPkM = await derivePublicKeyFromSecretKey(skM);
+    if (!derivedPkM.equals(pkM)) {
+      throw new Error(`Could not derive ${keyPrefix}pkM from ${keyPrefix}skM.`);
+    }
+
+    // At last we silo the secret key and return the key validation request
+    const skApp = await computeAppSecretKey(skM, contractAddress, keyPrefix!);
+
+    return new KeyValidationRequest(pkM, skApp);
+  }
+
+  /**
+   * Gets the master nullifier public key for a given account.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account address for which to retrieve the master nullifier public key.
+   * @returns The master nullifier public key for the account.
+   */
+  public async getMasterNullifierPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterNullifierPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-npk_m`);
+    if (!masterNullifierPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Point.fromBuffer(masterNullifierPublicKeyBuffer);
+  }
+
+  /**
+   * Gets the master incoming viewing public key for a given account.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account address for which to retrieve the master incoming viewing public key.
+   * @returns The master incoming viewing public key for the account.
+   */
+  public async getMasterIncomingViewingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterIncomingViewingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ivpk_m`);
+    if (!masterIncomingViewingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Point.fromBuffer(masterIncomingViewingPublicKeyBuffer);
+  }
+
+  /**
+   * Retrieves the master outgoing viewing public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master outgoing viewing key for.
+   * @returns A Promise that resolves to the master outgoing viewing key.
+   */
+  public async getMasterOutgoingViewingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterOutgoingViewingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ovpk_m`);
+    if (!masterOutgoingViewingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Point.fromBuffer(masterOutgoingViewingPublicKeyBuffer);
+  }
+
+  /**
+   * Retrieves the master tagging public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master tagging key for.
+   * @returns A Promise that resolves to the master tagging key.
+   */
+  public async getMasterTaggingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterTaggingPublicKeyBuffer = await this.#keys.getAsync(`${account.toString()}-tpk_m`);
+    if (!masterTaggingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Point.fromBuffer(masterTaggingPublicKeyBuffer);
+  }
+
+  /**
+   * Retrieves master incoming viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master incoming viewing secret key for.
+   * @returns A Promise that resolves to the master incoming viewing secret key.
+   */
+  public async getMasterIncomingViewingSecretKey(account: AztecAddress): Promise<GrumpkinScalar> {
+    const masterIncomingViewingSecretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ivsk_m`);
+    if (!masterIncomingViewingSecretKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer);
+  }
+
+  /**
+   * Retrieves application outgoing viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application outgoing viewing secret key for.
+   * @param app - The application address to retrieve the outgoing viewing secret key for.
+   * @returns A Promise that resolves to the application outgoing viewing secret key.
+   */
+  public async getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterOutgoingViewingSecretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-ovsk_m`);
+    if (!masterOutgoingViewingSecretKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    const masterOutgoingViewingSecretKey = GrumpkinScalar.fromBuffer(masterOutgoingViewingSecretKeyBuffer);
+
+    return poseidon2HashWithSeparator(
+      [masterOutgoingViewingSecretKey.hi, masterOutgoingViewingSecretKey.lo, app],
+      GeneratorIndex.OVSK_M,
+    );
+  }
+
+  /**
+   * Retrieves the sk_m corresponding to the pk_m.
+   * @throws If the provided public key is not associated with any of the registered accounts.
+   * @param pkM - The master public key to get secret key for.
+   * @returns A Promise that resolves to sk_m.
+   * @dev Used when feeding the sk_m to the kernel circuit for keys verification.
+   */
+  public async getMasterSecretKey(pkM: PublicKey): Promise<GrumpkinScalar> {
+    const [keyPrefix, account] = await this.getKeyPrefixAndAccount(pkM);
+
+    const secretKeyBuffer = await this.#keys.getAsync(`${account.toString()}-${keyPrefix}sk_m`);
+    if (!secretKeyBuffer) {
+      throw new Error(
+        `Could not find ${keyPrefix}sk_m for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`,
+      );
+    }
+
+    const skM = GrumpkinScalar.fromBuffer(secretKeyBuffer);
+    const derivedpkM = await derivePublicKeyFromSecretKey(skM);
+    if (!derivedpkM.equals(pkM)) {
+      throw new Error(`Could not find ${keyPrefix}skM for ${keyPrefix}pkM ${pkM.toString()} in secret keys buffer.`);
+    }
+
+    return Promise.resolve(skM);
+  }
+
+  /**
+   * Gets the key prefix and account address for a given value.
+   * @returns A tuple containing the key prefix and account address.
+   * @dev Note that this is quite inefficient but it should not matter because there should never be too many keys
+   * in the key store.
+   */
+  public async getKeyPrefixAndAccount(value: Bufferable): Promise<[KeyPrefix, AztecAddress]> {
+    const valueBuffer = serializeToBuffer(value);
+    for await (const [key, val] of this.#keys.entriesAsync()) {
+      // Browser returns Uint8Array, Node.js returns Buffer
+      if (Buffer.from(val).equals(valueBuffer)) {
+        for (const prefix of KEY_PREFIXES) {
+          if (key.includes(`-${prefix}`)) {
+            const account = AztecAddress.fromString(key.split('-')[0]);
+            return [prefix, account];
+          }
+        }
+      }
+    }
+    throw new Error(`Could not find key prefix.`);
+  }
+}