@cofhe/sdk 0.3.1 → 0.4.0

package/CHANGELOG.md

@@ -1,5 +1,24 @@
 # @cofhe/sdk Changelog
 
+## 0.4.0
+
+### Patch Changes
+
+- e446642: Switch `decryptForTx` to Threshold Network v2 decrypt (submit + poll)
+
+## 0.3.2
+
+### Patch Changes
+
+- d4e86ea: Aligns with CTA encrypted variables bytes32 representation.
+
+  - **@cofhe/hardhat-plugin**: `hre.cofhe.mocks.getTestBed()`, `getMockTaskManager()`, `getMockACL()`, `getMockThresholdNetwork()`, and `getMockZkVerifier()` now return typed contracts (typechain interfaces) instead of untyped `Contract`. `getPlaintext(ctHash)` and `expectPlaintext(ctHash, value)` now accept bytes32 ctHashes as `string` support cofhe-contracts 0.1.0 CTA changes.
+  - **@cofhe/mock-contracts**: Export typechain-generated contract types (`TestBed`, `MockACL`, `MockTaskManager`, `MockZkVerifier`, `MockThresholdNetwork`) for use with the hardhat plugin. Typechain is run from artifact ABIs only; factory files are not generated.
+  - **@cofhe/abi**: CTA-related types use `bytes32` (string) instead of `uint256`. Decryption and return-type helpers aligned with cofhe-contracts 0.1.0.
+  - **@cofhe/sdk**: Decryption APIs (`decryptForTx`, `decryptForView`, and related builders) now also accept `string` for ciphertext hashes (bytes32) as well as `bigint`.
+
+- 0feaf3f: `cofheClient.decryptForTx` returns a ready-to-use signature
+
 ## 0.3.1
 
 ### Patch Changes

package/adapters/ethers6.test.ts

@@ -164,6 +164,6 @@ describe('Ethers6Adapter', () => {
         expect(isInsufficientFunds).toBe(true);
         console.log('Expected error (insufficient funds or method not supported):', error.message);
       }
-    }, 10000);
+    }, 20000);
   });
 });

package/core/client.ts

@@ -146,7 +146,7 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
     });
   }
 
-  function decryptForView<U extends FheTypes>(ctHash: bigint, utype: U): DecryptForViewBuilder<U> {
+  function decryptForView<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U> {
     const state = connectStore.getState();
 
     return new DecryptForViewBuilder({
@@ -163,7 +163,7 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
     });
   }
 
-  function decryptForTx(ctHash: bigint): DecryptForTxBuilderUnset {
+  function decryptForTx(ctHash: bigint | string): DecryptForTxBuilderUnset {
     const state = connectStore.getState();
 
     return new DecryptForTxBuilder({
@@ -250,22 +250,22 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
     },
 
     // Retrieval methods (auto-fill chainId/account)
-    getPermit: async (hash: string, chainId?: number, account?: string) => {
+    getPermit: (hash: string, chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getPermit(_chainId, _account, hash);
     },
 
-    getPermits: async (chainId?: number, account?: string) => {
+    getPermits: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getPermits(_chainId, _account);
     },
 
-    getActivePermit: async (chainId?: number, account?: string) => {
+    getActivePermit: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getActivePermit(_chainId, _account);
     },
 
-    getActivePermitHash: async (chainId?: number, account?: string) => {
+    getActivePermitHash: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getActivePermitHash(_chainId, _account);
     },

package/core/clientTypes.ts

@@ -48,9 +48,9 @@ export type CofheClient<TConfig extends CofheConfig = CofheConfig> = {
   /**
    * @deprecated Use `decryptForView` instead. Kept for backward compatibility.
    */
-  decryptHandle<U extends FheTypes>(ctHash: bigint, utype: U): DecryptForViewBuilder<U>;
-  decryptForView<U extends FheTypes>(ctHash: bigint, utype: U): DecryptForViewBuilder<U>;
-  decryptForTx(ctHash: bigint): DecryptForTxBuilderUnset;
+  decryptHandle<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
+  decryptForView<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
+  decryptForTx(ctHash: bigint | string): DecryptForTxBuilderUnset;
   permits: CofheClientPermits;
 };
 
@@ -84,10 +84,10 @@ export type CofheClientPermits = {
   ) => Promise<RecipientPermit>;
 
   // Retrieval methods (chainId/account optional)
-  getPermit: (hash: string, chainId?: number, account?: string) => Promise<Permit | undefined>;
-  getPermits: (chainId?: number, account?: string) => Promise<Record<string, Permit>>;
-  getActivePermit: (chainId?: number, account?: string) => Promise<Permit | undefined>;
-  getActivePermitHash: (chainId?: number, account?: string) => Promise<string | undefined>;
+  getPermit: (hash: string, chainId?: number, account?: string) => Permit | undefined;
+  getPermits: (chainId?: number, account?: string) => Record<string, Permit>;
+  getActivePermit: (chainId?: number, account?: string) => Permit | undefined;
+  getActivePermitHash: (chainId?: number, account?: string) => string | undefined;
 
   // Get or create methods (get active or create new, chainId/account optional)
   getOrCreateSelfPermit: (chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;

package/core/decrypt/cofheMocksDecryptForTx.ts

@@ -1,8 +1,7 @@
 import { type Permit, PermitUtils } from '@/permits';
 
-import { encodePacked, keccak256, pad, toHex, type Hex, type PublicClient } from 'viem';
+import { encodePacked, keccak256, type PublicClient } from 'viem';
 import { sign } from 'viem/accounts';
-import { sleep } from '../utils.js';
 import { MockThresholdNetworkAbi } from './MockThresholdNetworkAbi.js';
 import { FheTypes } from '../types.js';
 import { CofheError, CofheErrorCode } from '../error.js';
@@ -10,25 +9,23 @@ import { MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY } from '../consts.js';
 import { MOCKS_THRESHOLD_NETWORK_ADDRESS } from '../consts.js';
 
 export type DecryptForTxMocksResult = {
-  ctHash: bigint;
+  ctHash: bigint | string;
   decryptedValue: bigint;
-  signature: string;
+  signature: `0x${string}`;
 };
 
 export async function cofheMocksDecryptForTx(
-  ctHash: bigint,
+  ctHash: bigint | string,
   utype: FheTypes,
   permit: Permit | null,
-  publicClient: PublicClient,
-  mocksDecryptForTxDelay: number
+  publicClient: PublicClient
 ): Promise<DecryptForTxMocksResult> {
-  // Configurable delay before decrypting to simulate the CoFHE decrypt processing time
-  // Recommended 1000ms on web
-  // Recommended 0ms on hardhat (will be called during tests no need for fake delay)
-  if (mocksDecryptForTxDelay > 0) await sleep(mocksDecryptForTxDelay);
+  let allowed: boolean;
+  let error: string;
+  let decryptedValue: bigint;
 
+  // With permit
   if (permit !== null) {
-    // With permit
     let permission = PermitUtils.getPermission(permit, true);
     const permissionWithBigInts = {
       ...permission,
@@ -36,66 +33,22 @@ export async function cofheMocksDecryptForTx(
       validatorId: BigInt(permission.validatorId),
     };
 
-    const [allowed, error, result] = await publicClient.readContract({
+    [allowed, error, decryptedValue] = await publicClient.readContract({
       address: MOCKS_THRESHOLD_NETWORK_ADDRESS,
       abi: MockThresholdNetworkAbi,
       functionName: 'decryptForTxWithPermit',
-      args: [ctHash, permissionWithBigInts],
+      args: [BigInt(ctHash), permissionWithBigInts],
     });
-
-    if (error != '') {
-      throw new CofheError({
-        code: CofheErrorCode.DecryptFailed,
-        message: `mocks decryptForTx call failed: ${error}`,
-      });
-    }
-
-    if (allowed == false) {
-      throw new CofheError({
-        code: CofheErrorCode.DecryptFailed,
-        message: `mocks decryptForTx call failed: ACL Access Denied (NotAllowed)`,
-      });
-    }
-
-    // decryptForTx returns plaintext directly (no sealing/unsealing needed)
-    // Generate a mock threshold network signature (in production, this would be the actual signature)
-    // The signature must be valid for MockTaskManager verification.
-    const chainId = await publicClient.getChainId();
-    const ctHashBigInt = BigInt(ctHash);
-    const resultBigInt = BigInt(result);
-    const encryptionType = Number((ctHashBigInt & (0x7fn << 8n)) >> 8n);
-
-    // Matches Solidity: keccak256(abi.encodePacked(result, uint32(enc_type), uint64(chainId), bytes32(ctHash)))
-    const ctHashBytes32 = pad(toHex(ctHashBigInt), { size: 32 }) as Hex;
-    const packed = encodePacked(
-      ['uint256', 'uint32', 'uint64', 'bytes32'],
-      [resultBigInt, encryptionType, BigInt(chainId), ctHashBytes32]
-    );
-    const messageHash = keccak256(packed);
-
-    // Raw digest signature (no EIP-191 prefix). Must verify against OpenZeppelin ECDSA.recover(messageHash, signature).
-    const signatureHex = await sign({
-      hash: messageHash,
-      privateKey: MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY,
-      to: 'hex',
+  } else {
+    // Without permit (global allowance)
+    [allowed, error, decryptedValue] = await publicClient.readContract({
+      address: MOCKS_THRESHOLD_NETWORK_ADDRESS,
+      abi: MockThresholdNetworkAbi,
+      functionName: 'decryptForTxWithoutPermit',
+      args: [BigInt(ctHash)],
     });
-    const signature = signatureHex.slice(2); // no 0x prefix
-
-    return {
-      ctHash,
-      decryptedValue: BigInt(result),
-      signature,
-    };
   }
 
-  // Without permit (global allowance)
-  const [allowed, error, result] = await publicClient.readContract({
-    address: MOCKS_THRESHOLD_NETWORK_ADDRESS,
-    abi: MockThresholdNetworkAbi,
-    functionName: 'decryptForTxWithoutPermit',
-    args: [ctHash],
-  });
-
   if (error != '') {
     throw new CofheError({
       code: CofheErrorCode.DecryptFailed,
@@ -113,30 +66,19 @@ export async function cofheMocksDecryptForTx(
   // decryptForTx returns plaintext directly (no sealing/unsealing needed)
   // Generate a mock threshold network signature (in production, this would be the actual signature)
   // The signature must be valid for MockTaskManager verification.
-  const chainId = await publicClient.getChainId();
-  const ctHashBigInt = BigInt(ctHash);
-  const resultBigInt = BigInt(result);
-  const encryptionType = Number((ctHashBigInt & (0x7fn << 8n)) >> 8n);
-
-  // Matches Solidity: keccak256(abi.encodePacked(result, uint32(enc_type), uint64(chainId), bytes32(ctHash)))
-  const ctHashBytes32 = pad(toHex(ctHashBigInt), { size: 32 }) as Hex;
-  const packed = encodePacked(
-    ['uint256', 'uint32', 'uint64', 'bytes32'],
-    [resultBigInt, encryptionType, BigInt(chainId), ctHashBytes32]
-  );
+  const packed = encodePacked(['uint256', 'uint256'], [BigInt(ctHash), decryptedValue]);
   const messageHash = keccak256(packed);
 
   // Raw digest signature (no EIP-191 prefix). Must verify against OpenZeppelin ECDSA.recover(messageHash, signature).
-  const signatureHex = await sign({
+  const signature = await sign({
     hash: messageHash,
     privateKey: MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY,
     to: 'hex',
   });
-  const signature = signatureHex.slice(2); // no 0x prefix
 
   return {
     ctHash,
-    decryptedValue: BigInt(result),
+    decryptedValue,
     signature,
   };
 }

package/core/decrypt/cofheMocksDecryptForView.ts

@@ -1,24 +1,17 @@
 import { type Permit, PermitUtils } from '@/permits';
 
 import { type PublicClient } from 'viem';
-import { sleep } from '../utils.js';
 import { MockThresholdNetworkAbi } from './MockThresholdNetworkAbi.js';
 import { FheTypes } from '../types.js';
 import { CofheError, CofheErrorCode } from '../error.js';
 import { MOCKS_THRESHOLD_NETWORK_ADDRESS } from '../consts.js';
 
 export async function cofheMocksDecryptForView(
-  ctHash: bigint,
+  ctHash: bigint | string,
   utype: FheTypes,
   permit: Permit,
-  publicClient: PublicClient,
-  mocksDecryptDelay: number
+  publicClient: PublicClient
 ): Promise<bigint> {
-  // Configurable delay before decrypting the output to simulate the CoFHE decrypt processing time
-  // Recommended 1000ms on web
-  // Recommended 0ms on hardhat (will be called during tests no need for fake delay)
-  if (mocksDecryptDelay > 0) await sleep(mocksDecryptDelay);
-
   const permission = PermitUtils.getPermission(permit, true);
   const permissionWithBigInts = {
     ...permission,
@@ -30,7 +23,7 @@ export async function cofheMocksDecryptForView(
     address: MOCKS_THRESHOLD_NETWORK_ADDRESS,
     abi: MockThresholdNetworkAbi,
     functionName: 'querySealOutput',
-    args: [ctHash, BigInt(utype), permissionWithBigInts],
+    args: [BigInt(ctHash), BigInt(utype), permissionWithBigInts],
   });
 
   if (error != '') {

package/core/decrypt/decryptForTxBuilder.ts

@@ -2,14 +2,14 @@
 import { hardhat } from '@/chains';
 import { type Permit, type Permission, PermitUtils } from '@/permits';
 
-import { FheTypes } from '../types.js';
-import { getThresholdNetworkUrlOrThrow } from '../config.js';
-import { CofheError, CofheErrorCode } from '../error.js';
-import { permits } from '../permits.js';
-import { BaseBuilder, type BaseBuilderParams } from '../baseBuilder.js';
-import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx.js';
-import { getPublicClientChainID } from '../utils.js';
-import { tnDecrypt } from './tnDecrypt.js';
+import { FheTypes } from '../types';
+import { getThresholdNetworkUrlOrThrow } from '../config';
+import { CofheError, CofheErrorCode } from '../error';
+import { permits } from '../permits';
+import { BaseBuilder, type BaseBuilderParams } from '../baseBuilder';
+import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx';
+import { getPublicClientChainID, sleep } from '../utils';
+import { tnDecryptV2 } from './tnDecryptV2';
 
 /**
  * API
@@ -36,13 +36,13 @@ import { tnDecrypt } from './tnDecrypt.js';
 type DecryptForTxPermitSelection = 'unset' | 'with-permit' | 'without-permit';
 
 type DecryptForTxBuilderParams = BaseBuilderParams & {
-  ctHash: bigint;
+  ctHash: bigint | string;
 };
 
 export type DecryptForTxResult = {
-  ctHash: bigint;
+  ctHash: bigint | string;
   decryptedValue: bigint;
-  signature: string; // Threshold network signature for publishDecryptResult
+  signature: `0x${string}`; // Threshold network signature for publishDecryptResult
 };
 
 /**
@@ -56,7 +56,7 @@ export type DecryptForTxBuilderUnset = Omit<DecryptForTxBuilder, 'execute'>;
 export type DecryptForTxBuilderSelected = Omit<DecryptForTxBuilder, 'withPermit' | 'withoutPermit'>;
 
 export class DecryptForTxBuilder extends BaseBuilder {
-  private ctHash: bigint;
+  private ctHash: bigint | string;
   private permitHash?: string;
   private permit?: Permit;
   private permitSelection: DecryptForTxPermitSelection = 'unset';
@@ -271,8 +271,13 @@ export class DecryptForTxBuilder extends BaseBuilder {
   private async mocksDecryptForTx(permit: Permit | null): Promise<DecryptForTxResult> {
     this.assertPublicClient();
 
+    // Configurable delay before decrypting to simulate the CoFHE decrypt processing time
+    // Recommended 1000ms on web
+    // Recommended 0ms on hardhat (will be called during tests no need for fake delay)
     const delay = this.config.mocks.decryptDelay;
-    const result = await cofheMocksDecryptForTx(this.ctHash, 0 as FheTypes, permit, this.publicClient, delay);
+    if (delay > 0) await sleep(delay);
+
+    const result = await cofheMocksDecryptForTx(this.ctHash, 0 as FheTypes, permit, this.publicClient);
     return result;
   }
 
@@ -286,7 +291,7 @@ export class DecryptForTxBuilder extends BaseBuilder {
     const thresholdNetworkUrl = await this.getThresholdNetworkUrl();
 
     const permission = permit ? PermitUtils.getPermission(permit, true) : null;
-    const { decryptedValue, signature } = await tnDecrypt(this.ctHash, this.chainId, permission, thresholdNetworkUrl);
+    const { decryptedValue, signature } = await tnDecryptV2(this.ctHash, this.chainId, permission, thresholdNetworkUrl);
 
     return {
       ctHash: this.ctHash,

package/core/decrypt/decryptForViewBuilder.ts

@@ -11,7 +11,7 @@ import { BaseBuilder, type BaseBuilderParams } from '../baseBuilder.js';
 import { cofheMocksDecryptForView } from './cofheMocksDecryptForView.js';
 // import { tnSealOutputV1 } from './tnSealOutputV1.js';
 import { tnSealOutputV2 } from './tnSealOutputV2.js';
-import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx.js';
+import { sleep } from '../utils.js';
 
 /**
  * API
@@ -35,14 +35,14 @@ import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx.js';
  */
 
 type DecryptForViewBuilderParams<U extends FheTypes> = BaseBuilderParams & {
-  ctHash: bigint;
+  ctHash: bigint | string;
   utype: U;
   permitHash?: string;
   permit?: Permit;
 };
 
 export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
-  private ctHash: bigint;
+  private ctHash: bigint | string;
   private utype: U;
   private permitHash?: string;
   private permit?: Permit;
@@ -245,8 +245,13 @@ export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
   private async mocksSealOutput(permit: Permit): Promise<bigint> {
     this.assertPublicClient();
 
+    // Configurable delay before decrypting the output to simulate the CoFHE decrypt processing time
+    // Recommended 1000ms on web
+    // Recommended 0ms on hardhat (will be called during tests no need for fake delay)
     const mocksDecryptDelay = this.config.mocks.decryptDelay;
-    return cofheMocksDecryptForView(this.ctHash, this.utype, permit, this.publicClient, mocksDecryptDelay);
+    if (mocksDecryptDelay > 0) await sleep(mocksDecryptDelay);
+
+    return cofheMocksDecryptForView(this.ctHash, this.utype, permit, this.publicClient);
   }
 
   /**

package/core/decrypt/tnDecryptUtils.ts

@@ -0,0 +1,65 @@
+import { CofheError, CofheErrorCode } from '../error';
+import { parseSignature, serializeSignature } from 'viem';
+
+export function normalizeTnSignature(signature: unknown): `0x${string}` {
+  if (typeof signature !== 'string') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response missing signature',
+      context: {
+        signature,
+      },
+    });
+  }
+
+  const trimmed = signature.trim();
+  if (trimmed.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response returned empty signature',
+    });
+  }
+
+  const prefixed = trimmed.startsWith('0x') ? (trimmed as `0x${string}`) : (`0x${trimmed}` as `0x${string}`);
+  const parsed = parseSignature(prefixed);
+  return serializeSignature(parsed);
+}
+
+export function parseDecryptedBytesToBigInt(decrypted: unknown): bigint {
+  if (!Array.isArray(decrypted)) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> must be a byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  if (decrypted.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> was an empty byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  let hex = '';
+  for (const b of decrypted as unknown[]) {
+    if (typeof b !== 'number' || !Number.isInteger(b) || b < 0 || b > 255) {
+      throw new CofheError({
+        code: CofheErrorCode.DecryptReturnedNull,
+        message: 'decrypt response field <decrypted> contained a non-byte value',
+        context: {
+          badElement: b,
+          decrypted,
+        },
+      });
+    }
+    hex += b.toString(16).padStart(2, '0');
+  }
+
+  return BigInt(`0x${hex}`);
+}

package/core/decrypt/{tnDecrypt.ts → tnDecryptV1.ts}

@@ -1,8 +1,9 @@
 import { type Permission } from '@/permits';
 
-import { CofheError, CofheErrorCode } from '../error.js';
+import { CofheError, CofheErrorCode } from '../error';
+import { normalizeTnSignature, parseDecryptedBytesToBigInt } from './tnDecryptUtils';
 
-type TnDecryptResponse = {
+type TnDecryptResponseV1 = {
   // TN returns bytes in big-endian order, e.g. [0,0,0,42]
   decrypted: number[];
   signature: string;
@@ -10,69 +11,7 @@ type TnDecryptResponse = {
   error_message: string | null;
 };
 
-function normalizeSignature(signature: unknown): string {
-  if (typeof signature !== 'string') {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response missing signature',
-      context: {
-        signature,
-      },
-    });
-  }
-
-  const trimmed = signature.trim();
-  if (trimmed.length === 0) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response returned empty signature',
-    });
-  }
-
-  // SDK uses "no-0x" signatures in mocks/tests; normalize to that format.
-  return trimmed.startsWith('0x') ? trimmed.slice(2) : trimmed;
-}
-
-function parseDecryptedBytesToBigInt(decrypted: unknown): bigint {
-  if (!Array.isArray(decrypted)) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response field <decrypted> must be a byte array',
-      context: {
-        decrypted,
-      },
-    });
-  }
-
-  if (decrypted.length === 0) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response field <decrypted> was an empty byte array',
-      context: {
-        decrypted,
-      },
-    });
-  }
-
-  let hex = '';
-  for (const b of decrypted as unknown[]) {
-    if (typeof b !== 'number' || !Number.isInteger(b) || b < 0 || b > 255) {
-      throw new CofheError({
-        code: CofheErrorCode.DecryptReturnedNull,
-        message: 'decrypt response field <decrypted> contained a non-byte value',
-        context: {
-          badElement: b,
-          decrypted,
-        },
-      });
-    }
-    hex += b.toString(16).padStart(2, '0');
-  }
-
-  return BigInt(`0x${hex}`);
-}
-
-function assertTnDecryptResponse(value: unknown): TnDecryptResponse {
+function assertTnDecryptResponseV1(value: unknown): TnDecryptResponseV1 {
   if (value == null || typeof value !== 'object') {
     throw new CofheError({
       code: CofheErrorCode.DecryptFailed,
@@ -126,18 +65,18 @@ function assertTnDecryptResponse(value: unknown): TnDecryptResponse {
   };
 }
 
-export async function tnDecrypt(
-  ctHash: bigint,
+export async function tnDecryptV1(
+  ctHash: bigint | string,
   chainId: number,
   permission: Permission | null,
   thresholdNetworkUrl: string
-): Promise<{ decryptedValue: bigint; signature: string }> {
+): Promise<{ decryptedValue: bigint; signature: `0x${string}` }> {
   const body: {
     ct_tempkey: string;
     host_chain_id: number;
     permit?: Permission;
   } = {
-    ct_tempkey: ctHash.toString(16).padStart(64, '0'),
+    ct_tempkey: BigInt(ctHash).toString(16).padStart(64, '0'),
     host_chain_id: chainId,
   };
 
@@ -211,7 +150,7 @@ export async function tnDecrypt(
     });
   }
 
-  const decryptResponse = assertTnDecryptResponse(rawJson);
+  const decryptResponse = assertTnDecryptResponseV1(rawJson);
 
   if (decryptResponse.error_message) {
     throw new CofheError({
@@ -226,7 +165,7 @@ export async function tnDecrypt(
   }
 
   const decryptedValue = parseDecryptedBytesToBigInt(decryptResponse.decrypted);
-  const signature = normalizeSignature(decryptResponse.signature);
+  const signature = normalizeTnSignature(decryptResponse.signature);
 
   return { decryptedValue, signature };
 }