@cofhe/sdk 0.3.2 → 0.5.0

package/CHANGELOG.md

@@ -1,5 +1,43 @@
 # @cofhe/sdk Changelog
 
+## 0.5.0
+
+### Minor Changes
+
+- 788a6e2: Add `onPoll` callback support for decrypt polling (tx + view) so consumers can observe poll progress.
+
+  - SDK decrypt helpers accept `onPoll` and emit `{ operation, requestId, attemptIndex, elapsedMs, intervalMs, timeoutMs }` once per poll attempt.
+  - React wiring supports passing the callback end-to-end.
+  - Docs updated with usage examples.
+
+- 9a06012: Tighten permit validation and treat invalid permits as missing.
+
+  - SDK: `PermitUtils.validate` now enforces schema + signed + not-expired (use `PermitUtils.validateSchema` for schema-only validation).
+  - SDK: `ValidationResult.error` is now a typed union (`'invalid-schema' | 'expired' | 'not-signed' | null`).
+  - React: rename `disabledDueToMissingPermit` to `disabledDueToMissingValidPermit` in read/decrypt hooks and token balance helpers, and disable reads when the active permit is invalid.
+
+### Patch Changes
+
+- 6c4084f: Add submit retries to the threshold-network decrypt flows used by both `decryptForTx` and `decryptForView` when the backend responds with `204 No Content` before a `request_id` is available.
+
+  - When the submit endpoint returns `204` without a body, the SDK now retries until it receives a `request_id` or the existing poll timeout budget is exhausted.
+  - These submit retries now emit `onPoll` callbacks, so consumers can observe retry progress before a request id exists.
+  - Submit retries and status polling now share the same overall timeout budget.
+
+- 503536a: Improve logging ergonomics across React + web SDK.
+
+  - Add a configurable internal logger to `@cofhe/react` via `createCofheConfig({ react: { logger } })`.
+  - Make `@cofhe/sdk` `createWebStorage` logging opt-in via `createWebStorage({ enableLog })`.
+
+- a685cd4: **Breaking change: upgraded to tfhe v1.5.3.**
+  Previous cofhesdk versions will no longer function.
+
+## 0.4.0
+
+### Patch Changes
+
+- e446642: Switch `decryptForTx` to Threshold Network v2 decrypt (submit + poll)
+
 ## 0.3.2
 
 ### Patch Changes

package/adapters/{ethers5.test.ts → test/ethers5.test.ts}

@@ -1,7 +1,7 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { parseEther } from 'viem';
-import { Ethers5Adapter } from './ethers5.js';
-import { createMockEIP1193Provider } from './test-utils.js';
+import { Ethers5Adapter } from '../ethers5.js';
+import { createMockEIP1193Provider } from '../test-utils.js';
 import * as ethers5 from 'ethers5';
 
 describe('Ethers5Adapter', () => {

package/adapters/{ethers6.test.ts → test/ethers6.test.ts}

@@ -1,7 +1,7 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { parseEther } from 'viem';
-import { Ethers6Adapter } from './ethers6.js';
-import { createMockEIP1193Provider } from './test-utils.js';
+import { Ethers6Adapter } from '../ethers6.js';
+import { createMockEIP1193Provider } from '../test-utils.js';
 import * as ethers6 from 'ethers6';
 
 describe('Ethers6Adapter', () => {

package/adapters/{hardhat.hh2.test.ts → test/hardhat.hh2.test.ts}

@@ -1,11 +1,11 @@
 import { describe, it, expect, beforeEach, beforeAll, afterAll } from 'vitest';
 import { parseEther } from 'viem';
 import { hardhat } from 'viem/chains';
-import { HardhatSignerAdapter } from './hardhat.js';
+import { HardhatSignerAdapter } from '../hardhat.js';
 import hre from 'hardhat';
 import '@nomicfoundation/hardhat-ethers';
 import type { HardhatEthersSigner } from '@nomicfoundation/hardhat-ethers/signers.js';
-import { hardhatNode } from './hardhat-node.js';
+import { hardhatNode } from '../hardhat-node.js';
 
 describe('HardhatSignerAdapter', () => {
   const HARDHAT_CHAIN_ID = 31337; // Hardhat local network

package/adapters/{index.test.ts → test/index.test.ts}

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import * as adapters from './index.js';
+import * as adapters from '../index.js';
 
 describe('Index Exports', () => {
   it('should export main adapter functions', () => {

package/adapters/{wagmi.test.ts → test/wagmi.test.ts}

@@ -1,7 +1,7 @@
 import { describe, it, expect, beforeEach } from 'vitest';
 import { parseEther, createPublicClient, createWalletClient, http, type PublicClient, type WalletClient } from 'viem';
 import { privateKeyToAccount } from 'viem/accounts';
-import { WagmiAdapter } from './wagmi.js';
+import { WagmiAdapter } from '../wagmi.js';
 
 describe('WagmiAdapter', () => {
   const testRpcUrl = 'https://ethereum-sepolia.rpc.subquery.network/public';

package/chains/{chains.test.ts → test/chains.test.ts}

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { sepolia, arbSepolia, baseSepolia, hardhat, chains, getChainById, getChainByName } from './index.js';
+import { sepolia, arbSepolia, baseSepolia, hardhat, chains, getChainById, getChainByName } from '../index.js';
 
 describe('Chains', () => {
   it('should export all chains', () => {

package/core/client.ts

@@ -1,13 +1,14 @@
 import type { CreateSelfPermitOptions, CreateSharingPermitOptions, ImportSharedPermitOptions } from '@/permits';
 
 import { createStore } from 'zustand/vanilla';
-import { type PublicClient, type WalletClient } from 'viem';
+import { type Hex, type PublicClient, type WalletClient } from 'viem';
 import { CofheError, CofheErrorCode } from './error.js';
 import { EncryptInputsBuilder } from './encrypt/encryptInputsBuilder.js';
 import { createKeysStore } from './keyStore.js';
 import { permits } from './permits.js';
 import { DecryptForViewBuilder } from './decrypt/decryptForViewBuilder.js';
 import { DecryptForTxBuilder, type DecryptForTxBuilderUnset } from './decrypt/decryptForTxBuilder.js';
+import { verifyDecryptResult as verifyDecryptResultStandalone } from './decrypt/verifyDecryptResult.js';
 import { getPublicClientChainID, getWalletClientAccount } from './utils.js';
 import type { CofheClientConnectionState, CofheClientParams, CofheClient, CofheClientPermits } from './clientTypes.js';
 import type { EncryptableItem, FheTypes } from './types.js';
@@ -179,6 +180,13 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
     });
   }
 
+  // VERIFY DECRYPT RESULT
+  function verifyDecryptResult(handle: bigint | string, cleartext: bigint, signature: Hex): Promise<boolean> {
+    _requireConnected();
+    const { publicClient } = connectStore.getState();
+    return verifyDecryptResultStandalone(handle, cleartext, signature, publicClient!);
+  }
+
   // PERMITS - Context-aware wrapper
 
   const _getChainIdAndAccount = (chainId?: number, account?: string) => {
@@ -250,22 +258,22 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
     },
 
     // Retrieval methods (auto-fill chainId/account)
-    getPermit: async (hash: string, chainId?: number, account?: string) => {
+    getPermit: (hash: string, chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getPermit(_chainId, _account, hash);
     },
 
-    getPermits: async (chainId?: number, account?: string) => {
+    getPermits: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getPermits(_chainId, _account);
     },
 
-    getActivePermit: async (chainId?: number, account?: string) => {
+    getActivePermit: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getActivePermit(_chainId, _account);
     },
 
-    getActivePermitHash: async (chainId?: number, account?: string) => {
+    getActivePermitHash: (chainId?: number, account?: string) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.getActivePermitHash(_chainId, _account);
     },
@@ -288,6 +296,7 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
 
     // Utils (no context needed)
     getHash: permits.getHash,
+    export: permits.export,
     serialize: permits.serialize,
     deserialize: permits.deserialize,
   };
@@ -320,6 +329,7 @@ export function createCofheClientBase<TConfig extends CofheConfig>(
      */
     decryptHandle: decryptForView,
     decryptForTx,
+    verifyDecryptResult,
     permits: clientPermits,
 
     // Add SDK-specific methods below that require connection

package/core/clientTypes.ts

@@ -1,5 +1,5 @@
 // TODO: Extract client types to its own file, keep this one as primitives
-import { type PublicClient, type WalletClient } from 'viem';
+import { type Hex, type PublicClient, type WalletClient } from 'viem';
 import { type CofheConfig } from './config.js';
 import { type DecryptForViewBuilder } from './decrypt/decryptForViewBuilder.js';
 import { type DecryptForTxBuilderUnset } from './decrypt/decryptForTxBuilder.js';
@@ -51,6 +51,7 @@ export type CofheClient<TConfig extends CofheConfig = CofheConfig> = {
   decryptHandle<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
   decryptForView<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
   decryptForTx(ctHash: bigint | string): DecryptForTxBuilderUnset;
+  verifyDecryptResult(handle: bigint | string, cleartext: bigint, signature: Hex): Promise<boolean>;
   permits: CofheClientPermits;
 };
 
@@ -84,10 +85,10 @@ export type CofheClientPermits = {
   ) => Promise<RecipientPermit>;
 
   // Retrieval methods (chainId/account optional)
-  getPermit: (hash: string, chainId?: number, account?: string) => Promise<Permit | undefined>;
-  getPermits: (chainId?: number, account?: string) => Promise<Record<string, Permit>>;
-  getActivePermit: (chainId?: number, account?: string) => Promise<Permit | undefined>;
-  getActivePermitHash: (chainId?: number, account?: string) => Promise<string | undefined>;
+  getPermit: (hash: string, chainId?: number, account?: string) => Permit | undefined;
+  getPermits: (chainId?: number, account?: string) => Record<string, Permit>;
+  getActivePermit: (chainId?: number, account?: string) => Permit | undefined;
+  getActivePermitHash: (chainId?: number, account?: string) => string | undefined;
 
   // Get or create methods (get active or create new, chainId/account optional)
   getOrCreateSelfPermit: (chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
@@ -104,6 +105,7 @@ export type CofheClientPermits = {
 
   // Utils
   getHash: typeof PermitUtils.getHash;
+  export: typeof PermitUtils.export;
   serialize: typeof PermitUtils.serialize;
   deserialize: typeof PermitUtils.deserialize;
 };

package/core/consts.ts

@@ -20,3 +20,12 @@ export const MOCKS_ZK_VERIFIER_SIGNER_ADDRESS = '0x6E12D8C87503D4287c294f2Fdef96
 /** Private key for the Mock decrypt result signer account */
 export const MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY =
   '0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d' as const;
+
+/** Maximum total bits for ZK proof packing */
+export const TFHE_RS_ZK_MAX_BITS = 2048 as const;
+
+/** Size limit for safe_serialize/safe_deserialize (1 GB) */
+export const TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT = BigInt(1 << 30);
+
+/** TFHE.rs key version (invalidates cached keys) */
+export const TFHE_RS_KEY_VERSION = 2;

package/core/decrypt/cofheMocksDecryptForTx.ts

@@ -8,6 +8,11 @@ import { CofheError, CofheErrorCode } from '../error.js';
 import { MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY } from '../consts.js';
 import { MOCKS_THRESHOLD_NETWORK_ADDRESS } from '../consts.js';
 
+const UINT_TYPE_MASK = 0x7fn;
+const TYPE_BYTE_OFFSET = 8n;
+
+const getEncryptionTypeFromCtHash = (ctHash: bigint) => Number((ctHash >> TYPE_BYTE_OFFSET) & UINT_TYPE_MASK);
+
 export type DecryptForTxMocksResult = {
   ctHash: bigint | string;
   decryptedValue: bigint;
@@ -64,9 +69,15 @@ export async function cofheMocksDecryptForTx(
   }
 
   // decryptForTx returns plaintext directly (no sealing/unsealing needed)
-  // Generate a mock threshold network signature (in production, this would be the actual signature)
-  // The signature must be valid for MockTaskManager verification.
-  const packed = encodePacked(['uint256', 'uint256'], [BigInt(ctHash), decryptedValue]);
+  // Generate a mock threshold network signature using the same payload format
+  // that TaskManager expects in production and in mocks.
+  const chainId = publicClient.chain?.id ?? (await publicClient.getChainId());
+  const normalizedCtHash = BigInt(ctHash);
+  const encryptionType = getEncryptionTypeFromCtHash(normalizedCtHash);
+  const packed = encodePacked(
+    ['uint256', 'uint32', 'uint64', 'uint256'],
+    [decryptedValue, encryptionType, BigInt(chainId), normalizedCtHash]
+  );
   const messageHash = keccak256(packed);
 
   // Raw digest signature (no EIP-191 prefix). Must verify against OpenZeppelin ECDSA.recover(messageHash, signature).

package/core/decrypt/decryptForTxBuilder.ts

@@ -2,14 +2,15 @@
 import { hardhat } from '@/chains';
 import { type Permit, type Permission, PermitUtils } from '@/permits';
 
-import { FheTypes } from '../types.js';
-import { getThresholdNetworkUrlOrThrow } from '../config.js';
-import { CofheError, CofheErrorCode } from '../error.js';
-import { permits } from '../permits.js';
-import { BaseBuilder, type BaseBuilderParams } from '../baseBuilder.js';
-import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx.js';
-import { getPublicClientChainID, sleep } from '../utils.js';
-import { tnDecrypt } from './tnDecrypt.js';
+import { FheTypes } from '../types';
+import { getThresholdNetworkUrlOrThrow } from '../config';
+import { CofheError, CofheErrorCode } from '../error';
+import { permits } from '../permits';
+import { BaseBuilder, type BaseBuilderParams } from '../baseBuilder';
+import { cofheMocksDecryptForTx } from './cofheMocksDecryptForTx';
+import { getPublicClientChainID, sleep } from '../utils';
+import { type DecryptPollCallbackFunction } from '../types';
+import { tnDecryptV2 } from './tnDecryptV2';
 
 /**
  * API
@@ -60,6 +61,7 @@ export class DecryptForTxBuilder extends BaseBuilder {
   private permitHash?: string;
   private permit?: Permit;
   private permitSelection: DecryptForTxPermitSelection = 'unset';
+  private pollCallback?: DecryptPollCallbackFunction;
 
   constructor(params: DecryptForTxBuilderParams) {
     super({
@@ -124,6 +126,13 @@ export class DecryptForTxBuilder extends BaseBuilder {
     return this.account;
   }
 
+  onPoll(this: DecryptForTxBuilderUnset, callback: DecryptPollCallbackFunction): DecryptForTxBuilderUnset;
+  onPoll(this: DecryptForTxBuilderSelected, callback: DecryptPollCallbackFunction): DecryptForTxBuilderSelected;
+  onPoll(callback: DecryptPollCallbackFunction): DecryptForTxBuilder {
+    this.pollCallback = callback;
+    return this;
+  }
+
   /**
    * Select "use permit" mode.
    *
@@ -291,7 +300,13 @@ export class DecryptForTxBuilder extends BaseBuilder {
     const thresholdNetworkUrl = await this.getThresholdNetworkUrl();
 
     const permission = permit ? PermitUtils.getPermission(permit, true) : null;
-    const { decryptedValue, signature } = await tnDecrypt(this.ctHash, this.chainId, permission, thresholdNetworkUrl);
+    const { decryptedValue, signature } = await tnDecryptV2({
+      ctHash: this.ctHash,
+      chainId: this.chainId,
+      permission,
+      thresholdNetworkUrl,
+      onPoll: this.pollCallback,
+    });
 
     return {
       ctHash: this.ctHash,
@@ -315,7 +330,6 @@ export class DecryptForTxBuilder extends BaseBuilder {
     if (permit !== null) {
       // Ensure permit validity
       PermitUtils.validate(permit);
-      PermitUtils.isValid(permit);
 
       // Extract chainId from signed permit
       const chainId = permit._signedDomain!.chainId;

package/core/decrypt/decryptForViewBuilder.ts

@@ -12,6 +12,7 @@ import { cofheMocksDecryptForView } from './cofheMocksDecryptForView.js';
 // import { tnSealOutputV1 } from './tnSealOutputV1.js';
 import { tnSealOutputV2 } from './tnSealOutputV2.js';
 import { sleep } from '../utils.js';
+import { type DecryptPollCallbackFunction } from '../types.js';
 
 /**
  * API
@@ -46,6 +47,7 @@ export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
   private utype: U;
   private permitHash?: string;
   private permit?: Permit;
+  private pollCallback?: DecryptPollCallbackFunction;
 
   constructor(params: DecryptForViewBuilderParams<U>) {
     super({
@@ -109,6 +111,11 @@ export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
     return this.account;
   }
 
+  onPoll(callback: DecryptPollCallbackFunction): DecryptForViewBuilder<U> {
+    this.pollCallback = callback;
+    return this;
+  }
+
   /**
    * Select "use permit" mode (optional).
    *
@@ -264,7 +271,13 @@ export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
     const thresholdNetworkUrl = await this.getThresholdNetworkUrl();
     const permission = PermitUtils.getPermission(permit, true);
     // const sealed = await tnSealOutputV1(this.ctHash, this.chainId, permission, thresholdNetworkUrl);
-    const sealed = await tnSealOutputV2(this.ctHash, this.chainId, permission, thresholdNetworkUrl);
+    const sealed = await tnSealOutputV2({
+      ctHash: this.ctHash,
+      chainId: this.chainId,
+      permission,
+      thresholdNetworkUrl,
+      onPoll: this.pollCallback,
+    });
     return PermitUtils.unseal(permit, sealed);
   }
 
@@ -297,14 +310,8 @@ export class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
     const permit = await this.getResolvedPermit();
 
     // Ensure permit validity
-    // TODO: This doesn't validate permit expiration
-    // TODO: This doesn't throw, returns a validation result instead
     PermitUtils.validate(permit);
 
-    // TODO: Add this further validation step for the permit
-    // TODO: Ensure this throws if the permit is invalid
-    PermitUtils.isValid(permit);
-
     // Extract chainId from signed permit
     // Use this chainId to fetch the threshold network URL since this.chainId may be undefined
     const chainId = permit._signedDomain!.chainId;

package/core/decrypt/polling.ts

@@ -0,0 +1,14 @@
+export function computeMinuteRampPollIntervalMs(
+  elapsedMs: number,
+  params: {
+    minIntervalMs: number;
+    maxIntervalMs: number;
+  }
+): number {
+  // Increase interval by 1 second every minute: 1s, 2s, 3s... capped.
+  const elapsedSeconds = Math.floor(elapsedMs / 1000);
+  const intervalSeconds = 1 + Math.floor(elapsedSeconds / 60);
+  const intervalMs = intervalSeconds * 1000;
+
+  return Math.min(params.maxIntervalMs, Math.max(params.minIntervalMs, intervalMs));
+}

package/core/decrypt/tnDecryptUtils.ts

@@ -0,0 +1,65 @@
+import { CofheError, CofheErrorCode } from '../error';
+import { parseSignature, serializeSignature } from 'viem';
+
+export function normalizeTnSignature(signature: unknown): `0x${string}` {
+  if (typeof signature !== 'string') {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response missing signature',
+      context: {
+        signature,
+      },
+    });
+  }
+
+  const trimmed = signature.trim();
+  if (trimmed.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response returned empty signature',
+    });
+  }
+
+  const prefixed = trimmed.startsWith('0x') ? (trimmed as `0x${string}`) : (`0x${trimmed}` as `0x${string}`);
+  const parsed = parseSignature(prefixed);
+  return serializeSignature(parsed);
+}
+
+export function parseDecryptedBytesToBigInt(decrypted: unknown): bigint {
+  if (!Array.isArray(decrypted)) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> must be a byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  if (decrypted.length === 0) {
+    throw new CofheError({
+      code: CofheErrorCode.DecryptReturnedNull,
+      message: 'decrypt response field <decrypted> was an empty byte array',
+      context: {
+        decrypted,
+      },
+    });
+  }
+
+  let hex = '';
+  for (const b of decrypted as unknown[]) {
+    if (typeof b !== 'number' || !Number.isInteger(b) || b < 0 || b > 255) {
+      throw new CofheError({
+        code: CofheErrorCode.DecryptReturnedNull,
+        message: 'decrypt response field <decrypted> contained a non-byte value',
+        context: {
+          badElement: b,
+          decrypted,
+        },
+      });
+    }
+    hex += b.toString(16).padStart(2, '0');
+  }
+
+  return BigInt(`0x${hex}`);
+}

package/core/decrypt/{tnDecrypt.ts → tnDecryptV1.ts}

@@ -1,9 +1,9 @@
 import { type Permission } from '@/permits';
 
-import { CofheError, CofheErrorCode } from '../error.js';
-import { parseSignature, serializeSignature } from 'viem';
+import { CofheError, CofheErrorCode } from '../error';
+import { normalizeTnSignature, parseDecryptedBytesToBigInt } from './tnDecryptUtils';
 
-type TnDecryptResponse = {
+type TnDecryptResponseV1 = {
   // TN returns bytes in big-endian order, e.g. [0,0,0,42]
   decrypted: number[];
   signature: string;
@@ -11,70 +11,7 @@ type TnDecryptResponse = {
   error_message: string | null;
 };
 
-function normalizeSignature(signature: unknown): `0x${string}` {
-  if (typeof signature !== 'string') {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response missing signature',
-      context: {
-        signature,
-      },
-    });
-  }
-
-  const trimmed = signature.trim();
-  if (trimmed.length === 0) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response returned empty signature',
-    });
-  }
-
-  const prefixed = trimmed.startsWith('0x') ? (trimmed as `0x${string}`) : (`0x${trimmed}` as `0x${string}`);
-  const parsed = parseSignature(prefixed);
-  return serializeSignature(parsed);
-}
-
-function parseDecryptedBytesToBigInt(decrypted: unknown): bigint {
-  if (!Array.isArray(decrypted)) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response field <decrypted> must be a byte array',
-      context: {
-        decrypted,
-      },
-    });
-  }
-
-  if (decrypted.length === 0) {
-    throw new CofheError({
-      code: CofheErrorCode.DecryptReturnedNull,
-      message: 'decrypt response field <decrypted> was an empty byte array',
-      context: {
-        decrypted,
-      },
-    });
-  }
-
-  let hex = '';
-  for (const b of decrypted as unknown[]) {
-    if (typeof b !== 'number' || !Number.isInteger(b) || b < 0 || b > 255) {
-      throw new CofheError({
-        code: CofheErrorCode.DecryptReturnedNull,
-        message: 'decrypt response field <decrypted> contained a non-byte value',
-        context: {
-          badElement: b,
-          decrypted,
-        },
-      });
-    }
-    hex += b.toString(16).padStart(2, '0');
-  }
-
-  return BigInt(`0x${hex}`);
-}
-
-function assertTnDecryptResponse(value: unknown): TnDecryptResponse {
+function assertTnDecryptResponseV1(value: unknown): TnDecryptResponseV1 {
   if (value == null || typeof value !== 'object') {
     throw new CofheError({
       code: CofheErrorCode.DecryptFailed,
@@ -128,7 +65,7 @@ function assertTnDecryptResponse(value: unknown): TnDecryptResponse {
   };
 }
 
-export async function tnDecrypt(
+export async function tnDecryptV1(
   ctHash: bigint | string,
   chainId: number,
   permission: Permission | null,
@@ -213,7 +150,7 @@ export async function tnDecrypt(
     });
   }
 
-  const decryptResponse = assertTnDecryptResponse(rawJson);
+  const decryptResponse = assertTnDecryptResponseV1(rawJson);
 
   if (decryptResponse.error_message) {
     throw new CofheError({
@@ -228,7 +165,7 @@ export async function tnDecrypt(
   }
 
   const decryptedValue = parseDecryptedBytesToBigInt(decryptResponse.decrypted);
-  const signature = normalizeSignature(decryptResponse.signature);
+  const signature = normalizeTnSignature(decryptResponse.signature);
 
   return { decryptedValue, signature };
 }