@haneullabs/seal 0.1.0

package/dist/cjs/bls12381.js

@@ -0,0 +1,151 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var bls12381_exports = {};
+__export(bls12381_exports, {
+  G1Element: () => G1Element,
+  G2Element: () => G2Element,
+  GTElement: () => GTElement,
+  Scalar: () => Scalar
+});
+module.exports = __toCommonJS(bls12381_exports);
+var import_bls12_381 = require("@noble/curves/bls12-381");
+var import_utils = require("@noble/curves/utils");
+const _G1Element = class _G1Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new _G1Element(import_bls12_381.bls12_381.G1.Point.BASE);
+  }
+  static fromBytes(bytes) {
+    try {
+      return new _G1Element(import_bls12_381.bls12_381.G1.Point.fromBytes(bytes));
+    } catch {
+      throw new Error("Invalid G1 point");
+    }
+  }
+  toBytes() {
+    return this.point.toBytes();
+  }
+  multiply(scalar) {
+    return new _G1Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new _G1Element(this.point.add(other.point));
+  }
+  subtract(other) {
+    return new _G1Element(this.point.subtract(other.point));
+  }
+  static hashToCurve(data) {
+    return new _G1Element(import_bls12_381.bls12_381.G1.Point.fromAffine(import_bls12_381.bls12_381.G1.hashToCurve(data).toAffine()));
+  }
+  pairing(other) {
+    return new GTElement(import_bls12_381.bls12_381.pairing(this.point, other.point));
+  }
+};
+_G1Element.SIZE = 48;
+let G1Element = _G1Element;
+const _G2Element = class _G2Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new _G2Element(import_bls12_381.bls12_381.G2.Point.BASE);
+  }
+  static fromBytes(bytes) {
+    try {
+      return new _G2Element(import_bls12_381.bls12_381.G2.Point.fromBytes(bytes));
+    } catch {
+      throw new Error("Invalid G2 point");
+    }
+  }
+  toBytes() {
+    return this.point.toBytes();
+  }
+  multiply(scalar) {
+    return new _G2Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new _G2Element(this.point.add(other.point));
+  }
+  static hashToCurve(data) {
+    return new _G2Element(import_bls12_381.bls12_381.G2.Point.fromAffine(import_bls12_381.bls12_381.G2.hashToCurve(data).toAffine()));
+  }
+  equals(other) {
+    return this.point.equals(other.point);
+  }
+};
+_G2Element.SIZE = 96;
+let G2Element = _G2Element;
+const _GTElement = class _GTElement {
+  constructor(element) {
+    this.element = element;
+  }
+  toBytes() {
+    const P = [0, 3, 1, 4, 2, 5];
+    const PAIR_SIZE = _GTElement.SIZE / P.length;
+    const bytes = import_bls12_381.bls12_381.fields.Fp12.toBytes(this.element);
+    const result = new Uint8Array(_GTElement.SIZE);
+    for (let i = 0; i < P.length; i++) {
+      const sourceStart = P[i] * PAIR_SIZE;
+      const sourceEnd = sourceStart + PAIR_SIZE;
+      const targetStart = i * PAIR_SIZE;
+      result.set(bytes.subarray(sourceStart, sourceEnd), targetStart);
+    }
+    return result;
+  }
+  equals(other) {
+    return import_bls12_381.bls12_381.fields.Fp12.eql(this.element, other.element);
+  }
+};
+_GTElement.SIZE = 576;
+let GTElement = _GTElement;
+const _Scalar = class _Scalar {
+  constructor(scalar) {
+    this.scalar = scalar;
+  }
+  static fromBigint(scalar) {
+    if (scalar < 0n || scalar >= import_bls12_381.bls12_381.fields.Fr.ORDER) {
+      throw new Error("Scalar out of range");
+    }
+    return new _Scalar(scalar);
+  }
+  static random() {
+    const randomSecretKey = import_bls12_381.bls12_381.utils.randomSecretKey();
+    return _Scalar.fromBytes(randomSecretKey);
+  }
+  toBytes() {
+    return (0, import_utils.numberToBytesBE)(this.scalar, _Scalar.SIZE);
+  }
+  static fromBytes(bytes) {
+    if (bytes.length !== _Scalar.SIZE) {
+      throw new Error("Invalid scalar length");
+    }
+    return this.fromBigint((0, import_utils.bytesToNumberBE)(bytes));
+  }
+  static fromBytesLE(bytes) {
+    if (bytes.length !== _Scalar.SIZE) {
+      throw new Error("Invalid scalar length");
+    }
+    return this.fromBigint((0, import_utils.bytesToNumberLE)(bytes));
+  }
+};
+_Scalar.SIZE = 32;
+let Scalar = _Scalar;
+//# sourceMappingURL=bls12381.js.map

package/dist/cjs/bls12381.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/bls12381.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { WeierstrassPoint } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\nimport { bytesToNumberBE, bytesToNumberLE, numberToBytesBE } from '@noble/curves/utils';\n\nexport class G1Element {\n\tpoint: WeierstrassPoint<bigint>;\n\n\tpublic static readonly SIZE = 48;\n\n\tconstructor(point: WeierstrassPoint<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.Point.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\ttry {\n\t\t\treturn new G1Element(bls12_381.G1.Point.fromBytes(bytes));\n\t\t} catch {\n\t\t\tthrow new Error('Invalid G1 point');\n\t\t}\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\treturn this.point.toBytes() as Uint8Array<ArrayBuffer>;\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.Point.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()));\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: WeierstrassPoint<Fp2>;\n\n\tpublic static readonly SIZE = 96;\n\n\tconstructor(point: WeierstrassPoint<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.Point.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\ttry {\n\t\t\treturn new G2Element(bls12_381.G2.Point.fromBytes(bytes));\n\t\t} catch {\n\t\t\tthrow new Error('Invalid G2 point');\n\t\t}\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\treturn this.point.toBytes() as Uint8Array<ArrayBuffer>;\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.Point.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()));\n\t}\n\n\tequals(other: G2Element): boolean {\n\t\treturn this.point.equals(other.point);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tpublic static readonly SIZE = 576;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\t// This permutation reorders the 6 pairs of coefficients of the GT element for compatability with the Rust and Move implementations.\n\t\t//\n\t\t// The permutation P may be computed as:\n\t\t// for i in 0..3 {\n\t\t//   for j in 0..2 {\n\t\t//     P[2 * i + j] = i + 3 * j;\n\t\t//   }\n\t\t// }\n\t\tconst P = [0, 3, 1, 4, 2, 5];\n\t\tconst PAIR_SIZE = GTElement.SIZE / P.length;\n\n\t\tconst bytes = bls12_381.fields.Fp12.toBytes(this.element);\n\t\tconst result = new Uint8Array(GTElement.SIZE);\n\n\t\tfor (let i = 0; i < P.length; i++) {\n\t\t\tconst sourceStart = P[i] * PAIR_SIZE;\n\t\t\tconst sourceEnd = sourceStart + PAIR_SIZE;\n\t\t\tconst targetStart = i * PAIR_SIZE;\n\t\t\tresult.set(bytes.subarray(sourceStart, sourceEnd), targetStart);\n\t\t}\n\n\t\treturn result;\n\t}\n\n\tequals(other: GTElement): boolean {\n\t\treturn bls12_381.fields.Fp12.eql(this.element, other.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tpublic static readonly SIZE = 32;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic fromBigint(scalar: bigint): Scalar {\n\t\tif (scalar < 0n || scalar >= bls12_381.fields.Fr.ORDER) {\n\t\t\tthrow new Error('Scalar out of range');\n\t\t}\n\t\treturn new Scalar(scalar);\n\t}\n\n\tstatic random(): Scalar {\n\t\tconst randomSecretKey = bls12_381.utils.randomSecretKey();\n\t\treturn Scalar.fromBytes(randomSecretKey)!;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn numberToBytesBE(this.scalar, Scalar.SIZE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\tif (bytes.length !== Scalar.SIZE) {\n\t\t\tthrow new Error('Invalid scalar length');\n\t\t}\n\t\treturn this.fromBigint(bytesToNumberBE(bytes));\n\t}\n\n\tstatic fromBytesLE(bytes: Uint8Array): Scalar {\n\t\tif (bytes.length !== Scalar.SIZE) {\n\t\t\tthrow new Error('Invalid scalar length');\n\t\t}\n\t\treturn this.fromBigint(bytesToNumberLE(bytes));\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,uBAA0B;AAC1B,mBAAkE;AAE3D,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAAiC;AAC5C,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,QAAI;AACH,aAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,UAAU,KAAK,CAAC;AAAA,IACzD,QAAQ;AACP,YAAM,IAAI,MAAM,kBAAkB;AAAA,IACnC;AAAA,EACD;AAAA,EAEA,UAAmC;AAClC,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC3B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,WAAW,2BAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC,CAAC;AAAA,EAC9F;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,2BAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AA5Ca,WAGW,OAAO;AAHxB,IAAM,YAAN;AA8CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,QAAI;AACH,aAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,UAAU,KAAK,CAAC;AAAA,IACzD,QAAQ;AACP,YAAM,IAAI,MAAM,kBAAkB;AAAA,IACnC;AAAA,EACD;AAAA,EAEA,UAAmC;AAClC,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC3B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI,WAAU,2BAAU,GAAG,MAAM,WAAW,2BAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC,CAAC;AAAA,EAC9F;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,KAAK,MAAM,OAAO,MAAM,KAAK;AAAA,EACrC;AACD;AAxCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AA0CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAmC;AASlC,UAAM,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC3B,UAAM,YAAY,WAAU,OAAO,EAAE;AAErC,UAAM,QAAQ,2BAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AACxD,UAAM,SAAS,IAAI,WAAW,WAAU,IAAI;AAE5C,aAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AAClC,YAAM,cAAc,EAAE,CAAC,IAAI;AAC3B,YAAM,YAAY,cAAc;AAChC,YAAM,cAAc,IAAI;AACxB,aAAO,IAAI,MAAM,SAAS,aAAa,SAAS,GAAG,WAAW;AAAA,IAC/D;AAEA,WAAO;AAAA,EACR;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,2BAAU,OAAO,KAAK,IAAI,KAAK,SAAS,MAAM,OAAO;AAAA,EAC7D;AACD;AArCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AAuCA,MAAM,UAAN,MAAM,QAAO;AAAA,EAKnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,WAAW,QAAwB;AACzC,QAAI,SAAS,MAAM,UAAU,2BAAU,OAAO,GAAG,OAAO;AACvD,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,WAAO,IAAI,QAAO,MAAM;AAAA,EACzB;AAAA,EAEA,OAAO,SAAiB;AACvB,UAAM,kBAAkB,2BAAU,MAAM,gBAAgB;AACxD,WAAO,QAAO,UAAU,eAAe;AAAA,EACxC;AAAA,EAEA,UAAsB;AACrB,eAAO,8BAAgB,KAAK,QAAQ,QAAO,IAAI;AAAA,EAChD;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,QAAI,MAAM,WAAW,QAAO,MAAM;AACjC,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACxC;AACA,WAAO,KAAK,eAAW,8BAAgB,KAAK,CAAC;AAAA,EAC9C;AAAA,EAEA,OAAO,YAAY,OAA2B;AAC7C,QAAI,MAAM,WAAW,QAAO,MAAM;AACjC,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACxC;AACA,WAAO,KAAK,eAAW,8BAAgB,KAAK,CAAC;AAAA,EAC9C;AACD;AAtCa,QAGW,OAAO;AAHxB,IAAM,SAAN;",
+  "names": []
+}

package/dist/cjs/client.d.ts

@@ -0,0 +1,84 @@
+import { G2Element } from './bls12381.js';
+import type { DerivedKey, KeyServer } from './key-server.js';
+import type { DecryptOptions, EncryptOptions, FetchKeysOptions, GetDerivedKeysOptions, SealClientExtensionOptions, SealClientOptions, SealCompatibleClient, SealOptions } from './types.js';
+export declare function seal<Name = 'seal'>({ name, ...options }: SealOptions<Name>): {
+    name: Name;
+    register: (client: SealCompatibleClient) => SealClient;
+};
+export declare class SealClient {
+    #private;
+    constructor(options: SealClientOptions);
+    /** @deprecated Use `seal()` instead */
+    static asClientExtension(options: SealClientExtensionOptions): {
+        name: "seal";
+        register: (client: SealCompatibleClient) => SealClient;
+    };
+    /**
+     * Return an encrypted message under the identity.
+     *
+     * @param kemType - The type of KEM to use.
+     * @param demType - The type of DEM to use.
+     * @param threshold - The threshold for the TSS encryption.
+     * @param packageId - the packageId namespace.
+     * @param id - the identity to use.
+     * @param data - the data to encrypt.
+     * @param aad - optional additional authenticated data.
+     * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+     * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+     */
+    encrypt({ kemType, demType, threshold, packageId, id, data, aad, }: EncryptOptions): Promise<{
+        encryptedObject: Uint8Array<ArrayBuffer>;
+        key: Uint8Array<ArrayBuffer>;
+    }>;
+    /**
+     * Decrypt the given encrypted bytes using cached keys.
+     * Calls fetchKeys in case one or more of the required keys is not cached yet.
+     * The function throws an error if the client's key servers are not a subset of
+     * the encrypted object's key servers or if the threshold cannot be met.
+     *
+     * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that
+     * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
+     * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors
+     * receive the same output (e.g., for onchain encrypted voting).
+     *
+     * @param data - The encrypted bytes to decrypt.
+     * @param sessionKey - The session key to use.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param checkShareConsistency - If true, the shares are checked for consistency.
+     * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.
+     * @returns - The decrypted plaintext corresponding to ciphertext.
+     */
+    decrypt({ data, sessionKey, txBytes, checkShareConsistency, checkLEEncoding, }: DecryptOptions): Promise<Uint8Array<ArrayBufferLike>>;
+    getKeyServers(): Promise<Map<string, KeyServer>>;
+    /**
+     * Get the public keys for the given services.
+     * If all public keys are not in the cache, they are retrieved.
+     *
+     * @param services - The services to get the public keys for.
+     * @returns The public keys for the given services in the same order as the given services.
+     */
+    getPublicKeys(services: string[]): Promise<G2Element[]>;
+    /**
+     * Fetch keys from the key servers and update the cache.
+     *
+     * It is recommended to call this function once for all ids of all encrypted objects if
+     * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+     * individually for each decrypt.
+     *
+     * @param ids - The ids of the encrypted objects.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param sessionKey - The session key to use.
+     * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+     */
+    fetchKeys({ ids, txBytes, sessionKey, threshold }: FetchKeysOptions): Promise<void>;
+    /**
+     * Get derived keys from the given services.
+     *
+     * @param id - The id of the encrypted object.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param sessionKey - The session key to use.
+     * @param threshold - The threshold.
+     * @returns - Derived keys for the given services that are in the cache as a "service object ID" -> derived key map. If the call is succesful, exactly threshold keys will be returned.
+     */
+    getDerivedKeys({ kemType, id, txBytes, sessionKey, threshold, }: GetDerivedKeysOptions): Promise<Map<string, DerivedKey>>;
+}

package/dist/cjs/client.js

@@ -0,0 +1,414 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var client_exports = {};
+__export(client_exports, {
+  SealClient: () => SealClient,
+  seal: () => seal
+});
+module.exports = __toCommonJS(client_exports);
+var import_bcs = require("./bcs.js");
+var import_bls12381 = require("./bls12381.js");
+var import_decrypt = require("./decrypt.js");
+var import_dem = require("./dem.js");
+var import_encrypt = require("./encrypt.js");
+var import_error = require("./error.js");
+var import_ibe = require("./ibe.js");
+var import_key_server = require("./key-server.js");
+var import_utils = require("./utils.js");
+var _haneulClient, _configs, _keyServers, _verifyKeyServers, _cachedKeys, _cachedPublicKeys, _timeout, _totalWeight, _SealClient_instances, createEncryptionInput_fn, weight_fn, validateEncryptionServices_fn, getWeightedKeyServers_fn, loadKeyServers_fn;
+function seal({ name = "seal", ...options }) {
+  return {
+    name,
+    register: (client) => {
+      return new SealClient({
+        haneulClient: client,
+        ...options
+      });
+    }
+  };
+}
+const _SealClient = class _SealClient {
+  constructor(options) {
+    __privateAdd(this, _SealClient_instances);
+    __privateAdd(this, _haneulClient);
+    __privateAdd(this, _configs);
+    __privateAdd(this, _keyServers, null);
+    __privateAdd(this, _verifyKeyServers);
+    // A caching map for: fullId:object_id -> partial key.
+    __privateAdd(this, _cachedKeys, /* @__PURE__ */ new Map());
+    __privateAdd(this, _cachedPublicKeys, /* @__PURE__ */ new Map());
+    __privateAdd(this, _timeout);
+    __privateAdd(this, _totalWeight);
+    __privateSet(this, _haneulClient, options.haneulClient);
+    if (new Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length) {
+      throw new import_error.InvalidClientOptionsError("Duplicate object IDs");
+    }
+    if (options.serverConfigs.some((s) => s.apiKeyName && !s.apiKey || !s.apiKeyName && s.apiKey)) {
+      throw new import_error.InvalidClientOptionsError(
+        "Both apiKeyName and apiKey must be provided or not provided for all key servers"
+      );
+    }
+    __privateSet(this, _configs, new Map(options.serverConfigs.map((server) => [server.objectId, server])));
+    __privateSet(this, _totalWeight, options.serverConfigs.map((server) => server.weight).reduce((sum, term) => sum + term, 0));
+    __privateSet(this, _verifyKeyServers, options.verifyKeyServers ?? true);
+    __privateSet(this, _timeout, options.timeout ?? 1e4);
+  }
+  /** @deprecated Use `seal()` instead */
+  static asClientExtension(options) {
+    return {
+      name: "seal",
+      register: (client) => {
+        return new _SealClient({
+          haneulClient: client,
+          ...options
+        });
+      }
+    };
+  }
+  /**
+   * Return an encrypted message under the identity.
+   *
+   * @param kemType - The type of KEM to use.
+   * @param demType - The type of DEM to use.
+   * @param threshold - The threshold for the TSS encryption.
+   * @param packageId - the packageId namespace.
+   * @param id - the identity to use.
+   * @param data - the data to encrypt.
+   * @param aad - optional additional authenticated data.
+   * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+   * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+   */
+  async encrypt({
+    kemType = import_encrypt.KemType.BonehFranklinBLS12381DemCCA,
+    demType = import_encrypt.DemType.AesGcm256,
+    threshold,
+    packageId,
+    id,
+    data,
+    aad = new Uint8Array()
+  }) {
+    const packageObj = await __privateGet(this, _haneulClient).core.getObject({ objectId: packageId });
+    if (String(packageObj.object.version) !== "1") {
+      throw new import_error.InvalidPackageError(`Package ${packageId} is not the first version`);
+    }
+    return (0, import_encrypt.encrypt)({
+      keyServers: await __privateMethod(this, _SealClient_instances, getWeightedKeyServers_fn).call(this),
+      kemType,
+      threshold,
+      packageId,
+      id,
+      encryptionInput: __privateMethod(this, _SealClient_instances, createEncryptionInput_fn).call(this, demType, data, aad)
+    });
+  }
+  /**
+   * Decrypt the given encrypted bytes using cached keys.
+   * Calls fetchKeys in case one or more of the required keys is not cached yet.
+   * The function throws an error if the client's key servers are not a subset of
+   * the encrypted object's key servers or if the threshold cannot be met.
+   *
+   * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that
+   * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
+   * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors
+   * receive the same output (e.g., for onchain encrypted voting).
+   *
+   * @param data - The encrypted bytes to decrypt.
+   * @param sessionKey - The session key to use.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param checkShareConsistency - If true, the shares are checked for consistency.
+   * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.
+   * @returns - The decrypted plaintext corresponding to ciphertext.
+   */
+  async decrypt({
+    data,
+    sessionKey,
+    txBytes,
+    checkShareConsistency,
+    checkLEEncoding
+  }) {
+    const encryptedObject = import_bcs.EncryptedObject.parse(data);
+    __privateMethod(this, _SealClient_instances, validateEncryptionServices_fn).call(this, encryptedObject.services.map((s) => s[0]), encryptedObject.threshold);
+    await this.fetchKeys({
+      ids: [encryptedObject.id],
+      txBytes,
+      sessionKey,
+      threshold: encryptedObject.threshold
+    });
+    if (checkShareConsistency) {
+      const publicKeys = await this.getPublicKeys(
+        encryptedObject.services.map(([objectId, _]) => objectId)
+      );
+      return (0, import_decrypt.decrypt)({
+        encryptedObject,
+        keys: __privateGet(this, _cachedKeys),
+        publicKeys,
+        checkLEEncoding: false
+        // We intentionally do not support other encodings here
+      });
+    }
+    return (0, import_decrypt.decrypt)({ encryptedObject, keys: __privateGet(this, _cachedKeys), checkLEEncoding });
+  }
+  async getKeyServers() {
+    if (!__privateGet(this, _keyServers)) {
+      __privateSet(this, _keyServers, __privateMethod(this, _SealClient_instances, loadKeyServers_fn).call(this).catch((error) => {
+        __privateSet(this, _keyServers, null);
+        throw error;
+      }));
+    }
+    return __privateGet(this, _keyServers);
+  }
+  /**
+   * Get the public keys for the given services.
+   * If all public keys are not in the cache, they are retrieved.
+   *
+   * @param services - The services to get the public keys for.
+   * @returns The public keys for the given services in the same order as the given services.
+   */
+  async getPublicKeys(services) {
+    const keyServers = await this.getKeyServers();
+    const missingKeyServers = services.filter(
+      (objectId) => !keyServers.has(objectId) && !__privateGet(this, _cachedPublicKeys).has(objectId)
+    );
+    if (missingKeyServers.length > 0) {
+      (await (0, import_key_server.retrieveKeyServers)({
+        objectIds: missingKeyServers,
+        client: __privateGet(this, _haneulClient)
+      })).forEach(
+        (keyServer) => __privateGet(this, _cachedPublicKeys).set(keyServer.objectId, import_bls12381.G2Element.fromBytes(keyServer.pk))
+      );
+    }
+    return services.map((objectId) => {
+      const keyServer = keyServers.get(objectId);
+      if (keyServer) {
+        return import_bls12381.G2Element.fromBytes(keyServer.pk);
+      }
+      return __privateGet(this, _cachedPublicKeys).get(objectId);
+    });
+  }
+  /**
+   * Fetch keys from the key servers and update the cache.
+   *
+   * It is recommended to call this function once for all ids of all encrypted objects if
+   * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+   * individually for each decrypt.
+   *
+   * @param ids - The ids of the encrypted objects.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param sessionKey - The session key to use.
+   * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+   */
+  async fetchKeys({ ids, txBytes, sessionKey, threshold }) {
+    if (threshold > __privateGet(this, _totalWeight) || threshold < 1) {
+      throw new import_error.InvalidThresholdError(
+        `Invalid threshold ${threshold} servers with weights ${JSON.stringify(__privateGet(this, _configs))}`
+      );
+    }
+    const keyServers = await this.getKeyServers();
+    const fullIds = ids.map((id) => (0, import_utils.createFullId)(sessionKey.getPackageId(), id));
+    let completedWeight = 0;
+    const remainingKeyServers = [];
+    let remainingKeyServersWeight = 0;
+    for (const objectId of keyServers.keys()) {
+      if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${objectId}`))) {
+        completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+      } else {
+        remainingKeyServers.push(objectId);
+        remainingKeyServersWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+      }
+    }
+    if (completedWeight >= threshold) {
+      return;
+    }
+    const certificate = await sessionKey.getCertificate();
+    const signedRequest = await sessionKey.createRequestParams(txBytes);
+    const controller = new AbortController();
+    const errors = [];
+    const keyFetches = remainingKeyServers.map(async (objectId) => {
+      const server = keyServers.get(objectId);
+      try {
+        const config = __privateGet(this, _configs).get(objectId);
+        const allKeys = await (0, import_key_server.fetchKeysForAllIds)({
+          url: server.url,
+          requestSignature: signedRequest.requestSignature,
+          transactionBytes: txBytes,
+          encKey: signedRequest.encKey,
+          encKeyPk: signedRequest.encKeyPk,
+          encVerificationKey: signedRequest.encVerificationKey,
+          certificate,
+          timeout: __privateGet(this, _timeout),
+          apiKeyName: config?.apiKeyName,
+          apiKey: config?.apiKey,
+          signal: controller.signal
+        });
+        for (const { fullId, key } of allKeys) {
+          const keyElement = import_bls12381.G1Element.fromBytes(key);
+          if (!import_ibe.BonehFranklinBLS12381Services.verifyUserSecretKey(
+            keyElement,
+            fullId,
+            import_bls12381.G2Element.fromBytes(server.pk)
+          )) {
+            console.warn("Received invalid key from key server " + server.objectId);
+            continue;
+          }
+          __privateGet(this, _cachedKeys).set(`${fullId}:${server.objectId}`, keyElement);
+        }
+        if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${server.objectId}`))) {
+          completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+          if (completedWeight >= threshold) {
+            controller.abort();
+          }
+        }
+      } catch (error) {
+        if (!controller.signal.aborted) {
+          errors.push(error);
+        }
+      } finally {
+        remainingKeyServersWeight -= __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+        if (remainingKeyServersWeight < threshold - completedWeight) {
+          controller.abort(new import_error.TooManyFailedFetchKeyRequestsError());
+        }
+      }
+    });
+    await Promise.allSettled(keyFetches);
+    if (completedWeight < threshold) {
+      throw (0, import_error.toMajorityError)(errors);
+    }
+  }
+  /**
+   * Get derived keys from the given services.
+   *
+   * @param id - The id of the encrypted object.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param sessionKey - The session key to use.
+   * @param threshold - The threshold.
+   * @returns - Derived keys for the given services that are in the cache as a "service object ID" -> derived key map. If the call is succesful, exactly threshold keys will be returned.
+   */
+  async getDerivedKeys({
+    kemType = import_encrypt.KemType.BonehFranklinBLS12381DemCCA,
+    id,
+    txBytes,
+    sessionKey,
+    threshold
+  }) {
+    switch (kemType) {
+      case import_encrypt.KemType.BonehFranklinBLS12381DemCCA:
+        const keyServers = await this.getKeyServers();
+        if (threshold > __privateGet(this, _totalWeight)) {
+          throw new import_error.InvalidThresholdError(
+            `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
+          );
+        }
+        await this.fetchKeys({
+          ids: [id],
+          txBytes,
+          sessionKey,
+          threshold
+        });
+        const fullId = (0, import_utils.createFullId)(sessionKey.getPackageId(), id);
+        const derivedKeys = /* @__PURE__ */ new Map();
+        let weight = 0;
+        for (const objectId of keyServers.keys()) {
+          const cachedKey = __privateGet(this, _cachedKeys).get(`${fullId}:${objectId}`);
+          if (cachedKey) {
+            derivedKeys.set(objectId, new import_key_server.BonehFranklinBLS12381DerivedKey(cachedKey));
+            weight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+            if (weight >= threshold) {
+              break;
+            }
+          }
+        }
+        return derivedKeys;
+    }
+  }
+};
+_haneulClient = new WeakMap();
+_configs = new WeakMap();
+_keyServers = new WeakMap();
+_verifyKeyServers = new WeakMap();
+_cachedKeys = new WeakMap();
+_cachedPublicKeys = new WeakMap();
+_timeout = new WeakMap();
+_totalWeight = new WeakMap();
+_SealClient_instances = new WeakSet();
+createEncryptionInput_fn = function(type, data, aad) {
+  switch (type) {
+    case import_encrypt.DemType.AesGcm256:
+      return new import_dem.AesGcm256(data, aad);
+    case import_encrypt.DemType.Hmac256Ctr:
+      return new import_dem.Hmac256Ctr(data, aad);
+  }
+};
+weight_fn = function(objectId) {
+  return __privateGet(this, _configs).get(objectId)?.weight ?? 0;
+};
+validateEncryptionServices_fn = function(services, threshold) {
+  if (services.some((objectId) => {
+    const countInClient = __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+    return countInClient > 0 && countInClient !== (0, import_utils.count)(services, objectId);
+  })) {
+    throw new import_error.InconsistentKeyServersError(
+      `Client's key servers must be a subset of the encrypted object's key servers`
+    );
+  }
+  if (threshold > __privateGet(this, _totalWeight)) {
+    throw new import_error.InvalidThresholdError(
+      `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
+    );
+  }
+};
+getWeightedKeyServers_fn = async function() {
+  const keyServers = await this.getKeyServers();
+  const keyServersWithMultiplicity = [];
+  for (const [objectId, config] of __privateGet(this, _configs)) {
+    const keyServer = keyServers.get(objectId);
+    for (let i = 0; i < config.weight; i++) {
+      keyServersWithMultiplicity.push(keyServer);
+    }
+  }
+  return keyServersWithMultiplicity;
+};
+loadKeyServers_fn = async function() {
+  const keyServers = await (0, import_key_server.retrieveKeyServers)({
+    objectIds: [...__privateGet(this, _configs)].map(([objectId]) => objectId),
+    client: __privateGet(this, _haneulClient)
+  });
+  if (keyServers.length === 0) {
+    throw new import_error.InvalidKeyServerError("No key servers found");
+  }
+  if (__privateGet(this, _verifyKeyServers)) {
+    await Promise.all(
+      keyServers.map(async (server) => {
+        const config = __privateGet(this, _configs).get(server.objectId);
+        if (!await (0, import_key_server.verifyKeyServer)(server, __privateGet(this, _timeout), config?.apiKeyName, config?.apiKey)) {
+          throw new import_error.InvalidKeyServerError(`Key server ${server.objectId} is not valid`);
+        }
+      })
+    );
+  }
+  return new Map(keyServers.map((server) => [server.objectId, server]));
+};
+let SealClient = _SealClient;
+//# sourceMappingURL=client.js.map