@haneullabs/seal 0.1.0

package/dist/cjs/ibe.js

@@ -0,0 +1,167 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ibe_exports = {};
+__export(ibe_exports, {
+  BonehFranklinBLS12381Services: () => BonehFranklinBLS12381Services,
+  DST_POP: () => DST_POP,
+  IBEServers: () => IBEServers,
+  decryptRandomness: () => decryptRandomness,
+  verifyNonce: () => verifyNonce,
+  verifyNonceWithLE: () => verifyNonceWithLE
+});
+module.exports = __toCommonJS(ibe_exports);
+var import_bcs = require("@haneullabs/bcs");
+var import_bls12381 = require("./bls12381.js");
+var import_kdf = require("./kdf.js");
+var import_utils = require("./utils.js");
+var import_error = require("./error.js");
+const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-POP-00");
+class IBEServers {
+  constructor(objectIds) {
+    this.objectIds = objectIds;
+  }
+}
+class BonehFranklinBLS12381Services extends IBEServers {
+  constructor(services) {
+    super(services.map((service) => service.objectId));
+    this.publicKeys = services.map((service) => import_bls12381.G2Element.fromBytes(service.pk));
+  }
+  encryptBatched(id, shares, baseKey, threshold) {
+    if (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {
+      throw new Error("Invalid public keys");
+    }
+    const [r, nonce, keys] = encapBatched(this.publicKeys, id);
+    const encryptedShares = shares.map(
+      ({ share, index }, i) => (0, import_utils.xor)(share, (0, import_kdf.kdf)(keys[i], nonce, id, this.objectIds[i], index))
+    );
+    const randomnessKey = (0, import_kdf.deriveKey)(
+      import_kdf.KeyPurpose.EncryptedRandomness,
+      baseKey,
+      encryptedShares,
+      threshold,
+      this.objectIds
+    );
+    const encryptedRandomness = (0, import_utils.xor)(randomnessKey, r.toBytes());
+    return {
+      BonehFranklinBLS12381: {
+        nonce: nonce.toBytes(),
+        encryptedShares,
+        encryptedRandomness
+      },
+      $kind: "BonehFranklinBLS12381"
+    };
+  }
+  /**
+   * Returns true if the user secret key is valid for the given public key and id.
+   * @param user_secret_key - The user secret key.
+   * @param id - The identity.
+   * @param public_key - The public key.
+   * @returns True if the user secret key is valid for the given public key and id.
+   */
+  static verifyUserSecretKey(userSecretKey, id, publicKey) {
+    const lhs = userSecretKey.pairing(import_bls12381.G2Element.generator());
+    const rhs = (0, import_kdf.hashToG1)((0, import_bcs.fromHex)(id)).pairing(publicKey);
+    return lhs.equals(rhs);
+  }
+  /**
+   * Identity-based decryption.
+   *
+   * @param nonce The encryption nonce.
+   * @param sk The user secret key.
+   * @param ciphertext The encrypted message.
+   * @param id The identity.
+   * @param [objectId, index] The object id and index of the share.
+   * @returns The decrypted message.
+   */
+  static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
+    return (0, import_utils.xor)(ciphertext, (0, import_kdf.kdf)(decap(nonce, sk), nonce, id, objectId, index));
+  }
+  /**
+   * Decrypt all shares and verify that the randomness was used to create the given nonce.
+   *
+   * @param randomness - The randomness.
+   * @param encryptedShares - The encrypted shares.
+   * @param services - The services.
+   * @param publicKeys - The public keys.
+   * @param nonce - The nonce.
+   * @param id - The id.
+   * @returns All decrypted shares.
+   */
+  static decryptAllSharesUsingRandomness(randomness, encryptedShares, services, publicKeys, nonce, id) {
+    if (publicKeys.length !== encryptedShares.length || publicKeys.length !== services.length) {
+      throw new Error("The number of public keys, encrypted shares and services must be the same");
+    }
+    let r;
+    try {
+      r = import_bls12381.Scalar.fromBytes(randomness);
+    } catch {
+      throw new import_error.InvalidCiphertextError("Invalid randomness");
+    }
+    const gid_r = (0, import_kdf.hashToG1)(id).multiply(r);
+    return services.map(([objectId, index], i) => {
+      return {
+        index,
+        share: (0, import_utils.xor)(
+          encryptedShares[i],
+          (0, import_kdf.kdf)(gid_r.pairing(publicKeys[i]), nonce, id, objectId, index)
+        )
+      };
+    });
+  }
+}
+function encapBatched(publicKeys, id) {
+  if (publicKeys.length === 0) {
+    throw new Error("No public keys provided");
+  }
+  const r = import_bls12381.Scalar.random();
+  const nonce = import_bls12381.G2Element.generator().multiply(r);
+  const gid_r = (0, import_kdf.hashToG1)(id).multiply(r);
+  return [r, nonce, publicKeys.map((public_key) => gid_r.pairing(public_key))];
+}
+function decap(nonce, usk) {
+  return usk.pairing(nonce);
+}
+function verifyNonce(nonce, randomness, useBE = true) {
+  try {
+    const r = decodeRandomness(randomness, useBE);
+    return import_bls12381.G2Element.generator().multiply(r).equals(nonce);
+  } catch {
+    throw new import_error.InvalidCiphertextError("Invalid randomness");
+  }
+}
+function decodeRandomness(bytes, useBE) {
+  if (useBE) {
+    return import_bls12381.Scalar.fromBytes(bytes);
+  } else {
+    return import_bls12381.Scalar.fromBytesLE(bytes);
+  }
+}
+function decryptRandomness(encryptedRandomness, randomnessKey) {
+  return (0, import_utils.xor)(encryptedRandomness, randomnessKey);
+}
+function verifyNonceWithLE(nonce, randomness) {
+  try {
+    if (verifyNonce(nonce, randomness, false)) {
+      return true;
+    }
+  } catch {
+  }
+  return verifyNonce(nonce, randomness, true);
+}
+//# sourceMappingURL=ibe.js.map

package/dist/cjs/ibe.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/ibe.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@haneullabs/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { G1Element, GTElement } from './bls12381.js';\nimport { G2Element, Scalar } from './bls12381.js';\nimport { deriveKey, hashToG1, kdf, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { InvalidCiphertextError } from './error.js';\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme (https://eprint.iacr.org/2001/090).\n * Note that this implementation is of the \"BasicIdent\" protocol which on its own is not CCA secure, so this IBE implementation should not be used on its own.\n *\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = shares.map(({ share, index }, i) =>\n\t\t\txor(share, kdf(keys[i], nonce, id, this.objectIds[i], index)),\n\t\t);\n\t\tconst randomnessKey = deriveKey(\n\t\t\tKeyPurpose.EncryptedRandomness,\n\t\t\tbaseKey,\n\t\t\tencryptedShares,\n\t\t\tthreshold,\n\t\t\tthis.objectIds,\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator());\n\t\tconst rhs = hashToG1(fromHex(id)).pairing(publicKey);\n\t\treturn lhs.equals(rhs);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param id The identity.\n\t * @param [objectId, index] The object id and index of the share.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n\n\t/**\n\t * Decrypt all shares and verify that the randomness was used to create the given nonce.\n\t *\n\t * @param randomness - The randomness.\n\t * @param encryptedShares - The encrypted shares.\n\t * @param services - The services.\n\t * @param publicKeys - The public keys.\n\t * @param nonce - The nonce.\n\t * @param id - The id.\n\t * @returns All decrypted shares.\n\t */\n\tstatic decryptAllSharesUsingRandomness(\n\t\trandomness: Uint8Array,\n\t\tencryptedShares: Uint8Array[],\n\t\tservices: [string, number][],\n\t\tpublicKeys: G2Element[],\n\t\tnonce: G2Element,\n\t\tid: Uint8Array,\n\t): { index: number; share: Uint8Array }[] {\n\t\tif (publicKeys.length !== encryptedShares.length || publicKeys.length !== services.length) {\n\t\t\tthrow new Error('The number of public keys, encrypted shares and services must be the same');\n\t\t}\n\t\tlet r;\n\t\ttry {\n\t\t\tr = Scalar.fromBytes(randomness);\n\t\t} catch {\n\t\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t\t}\n\t\tconst gid_r = hashToG1(id).multiply(r);\n\t\treturn services.map(([objectId, index], i) => {\n\t\t\treturn {\n\t\t\t\tindex,\n\t\t\t\tshare: xor(\n\t\t\t\t\tencryptedShares[i],\n\t\t\t\t\tkdf(gid_r.pairing(publicKeys[i]), nonce, id, objectId, index),\n\t\t\t\t),\n\t\t\t};\n\t\t});\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns The randomness, a common nonce of the keys and a list of keys.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid_r = hashToG1(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid_r.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Throws an error if the given randomness is invalid (not a BLS scalar).\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @param useBE - Flag to indicate if BE encoding is used for the randomness. Defaults to true.\n * @returns True if the randomness was used to create the nonce, false otherwise.\n */\nexport function verifyNonce(\n\tnonce: G2Element,\n\trandomness: Uint8Array,\n\tuseBE: boolean = true,\n): boolean {\n\ttry {\n\t\tconst r = decodeRandomness(randomness, useBE);\n\t\treturn G2Element.generator().multiply(r).equals(nonce);\n\t} catch {\n\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t}\n}\n\nfunction decodeRandomness(bytes: Uint8Array, useBE: boolean): Scalar {\n\tif (useBE) {\n\t\treturn Scalar.fromBytes(bytes);\n\t} else {\n\t\treturn Scalar.fromBytesLE(bytes);\n\t}\n}\n\n/**\n * Decrypt the randomness using a key.\n *\n * @param encrypted_randomness - The encrypted randomness.\n * @param derived_key - The derived key.\n * @returns The randomness. Returns both the scalar interpreted in big-endian and little-endian encoding.\n */\nexport function decryptRandomness(\n\tencryptedRandomness: Uint8Array,\n\trandomnessKey: Uint8Array,\n): Uint8Array {\n\treturn xor(encryptedRandomness, randomnessKey);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Check using both big-endian and little-endian encoding of the randomness.\n *\n * Throws an error if the nonce check doesn't pass using LE encoding _and_ the randomness is invalid as a BE encoded scalar.\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @returns True if the randomness was used to create the nonce using either LE or BE encoding, false otherwise.\n */\nexport function verifyNonceWithLE(nonce: G2Element, randomness: Uint8Array): boolean {\n\ttry {\n\t\t// First try little-endian encoding\n\t\tif (verifyNonce(nonce, randomness, false)) {\n\t\t\treturn true;\n\t\t}\n\t} catch {\n\t\t// Ignore error and try big-endian encoding\n\t}\n\treturn verifyNonce(nonce, randomness, true);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAAkC;AAClC,iBAAqD;AAErD,mBAAoB;AAEpB,mBAAuC;AAKhC,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAeD;AAQO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,QACA,SACA,WACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,OAAO,QAAQ;AAC7E,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,OAAO;AAAA,MAAI,CAAC,EAAE,OAAO,MAAM,GAAG,UACrD,kBAAI,WAAO,gBAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,KAAK,CAAC;AAAA,IAC7D;AACA,UAAM,oBAAgB;AAAA,MACrB,sBAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACN;AACA,UAAM,0BAAsB,kBAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,0BAAU,UAAU,CAAC;AACvD,UAAM,UAAM,yBAAS,oBAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS;AACnD,WAAO,IAAI,OAAO,GAAG;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,eAAO,kBAAI,gBAAY,gBAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,OAAO,gCACN,YACA,iBACA,UACA,YACA,OACA,IACyC;AACzC,QAAI,WAAW,WAAW,gBAAgB,UAAU,WAAW,WAAW,SAAS,QAAQ;AAC1F,YAAM,IAAI,MAAM,2EAA2E;AAAA,IAC5F;AACA,QAAI;AACJ,QAAI;AACH,UAAI,uBAAO,UAAU,UAAU;AAAA,IAChC,QAAQ;AACP,YAAM,IAAI,oCAAuB,oBAAoB;AAAA,IACtD;AACA,UAAM,YAAQ,qBAAS,EAAE,EAAE,SAAS,CAAC;AACrC,WAAO,SAAS,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,MAAM;AAC7C,aAAO;AAAA,QACN;AAAA,QACA,WAAO;AAAA,UACN,gBAAgB,CAAC;AAAA,cACjB,gBAAI,MAAM,QAAQ,WAAW,CAAC,CAAC,GAAG,OAAO,IAAI,UAAU,KAAK;AAAA,QAC7D;AAAA,MACD;AAAA,IACD,CAAC;AAAA,EACF;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,uBAAO,OAAO;AACxB,QAAM,QAAQ,0BAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,YAAQ,qBAAS,EAAE,EAAE,SAAS,CAAC;AACrC,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,MAAM,QAAQ,UAAU,CAAC,CAAC;AAC5E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;AAWO,SAAS,YACf,OACA,YACA,QAAiB,MACP;AACV,MAAI;AACH,UAAM,IAAI,iBAAiB,YAAY,KAAK;AAC5C,WAAO,0BAAU,UAAU,EAAE,SAAS,CAAC,EAAE,OAAO,KAAK;AAAA,EACtD,QAAQ;AACP,UAAM,IAAI,oCAAuB,oBAAoB;AAAA,EACtD;AACD;AAEA,SAAS,iBAAiB,OAAmB,OAAwB;AACpE,MAAI,OAAO;AACV,WAAO,uBAAO,UAAU,KAAK;AAAA,EAC9B,OAAO;AACN,WAAO,uBAAO,YAAY,KAAK;AAAA,EAChC;AACD;AASO,SAAS,kBACf,qBACA,eACa;AACb,aAAO,kBAAI,qBAAqB,aAAa;AAC9C;AAYO,SAAS,kBAAkB,OAAkB,YAAiC;AACpF,MAAI;AAEH,QAAI,YAAY,OAAO,YAAY,KAAK,GAAG;AAC1C,aAAO;AAAA,IACR;AAAA,EACD,QAAQ;AAAA,EAER;AACA,SAAO,YAAY,OAAO,YAAY,IAAI;AAC3C;",
+  "names": []
+}

package/dist/cjs/index.d.ts

@@ -0,0 +1,6 @@
+export { EncryptedObject } from './bcs.js';
+export { SealClient } from './client.js';
+export { SessionKey, type ExportedSessionKey } from './session-key.js';
+export * from './error.js';
+export type { SealCompatibleClient, SealClientOptions, SealClientExtensionOptions, KeyServerConfig, EncryptOptions, DecryptOptions, FetchKeysOptions, GetDerivedKeysOptions, } from './types.js';
+export { DemType } from './encrypt.js';

package/dist/cjs/index.js

@@ -0,0 +1,33 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var index_exports = {};
+__export(index_exports, {
+  DemType: () => import_encrypt.DemType,
+  EncryptedObject: () => import_bcs.EncryptedObject,
+  SealClient: () => import_client.SealClient,
+  SessionKey: () => import_session_key.SessionKey
+});
+module.exports = __toCommonJS(index_exports);
+var import_bcs = require("./bcs.js");
+var import_client = require("./client.js");
+var import_session_key = require("./session-key.js");
+__reExport(index_exports, require("./error.js"), module.exports);
+var import_encrypt = require("./encrypt.js");
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { EncryptedObject } from './bcs.js';\nexport { SealClient } from './client.js';\nexport { SessionKey, type ExportedSessionKey } from './session-key.js';\nexport * from './error.js';\nexport type {\n\tSealCompatibleClient,\n\tSealClientOptions,\n\tSealClientExtensionOptions,\n\tKeyServerConfig,\n\tEncryptOptions,\n\tDecryptOptions,\n\tFetchKeysOptions,\n\tGetDerivedKeysOptions,\n} from './types.js';\nexport { DemType } from './encrypt.js';\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAgC;AAChC,oBAA2B;AAC3B,yBAAoD;AACpD,0BAAc,uBANd;AAiBA,qBAAwB;",
+  "names": []
+}

package/dist/cjs/kdf.d.ts

@@ -0,0 +1,30 @@
+import { G1Element } from './bls12381.js';
+import type { G2Element, GTElement } from './bls12381.js';
+/**
+ * Hash an id to a G1Element.
+ *
+ * @param id The id to hash.
+ * @returns The G1Element.
+ */
+export declare function hashToG1(id: Uint8Array): G1Element;
+/**
+ * The default key derivation function.
+ *
+ * @returns The derived key.
+ */
+export declare function kdf(element: GTElement, nonce: G2Element, id: Uint8Array, objectId: string, index: number): Uint8Array;
+export declare enum KeyPurpose {
+    EncryptedRandomness = 0,
+    DEM = 1
+}
+/**
+ * Derive a key from a base key and a list of encrypted shares.
+ *
+ * @param purpose The purpose of the key.
+ * @param baseKey The base key.
+ * @param encryptedShares The encrypted shares.
+ * @param threshold The threshold.
+ * @param keyServers The object ids of the key servers.
+ * @returns The derived key.
+ */
+export declare function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array, encryptedShares: Uint8Array[], threshold: number, keyServers: string[]): Uint8Array;

package/dist/cjs/kdf.js

@@ -0,0 +1,97 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var kdf_exports = {};
+__export(kdf_exports, {
+  KeyPurpose: () => KeyPurpose,
+  deriveKey: () => deriveKey,
+  hashToG1: () => hashToG1,
+  kdf: () => kdf
+});
+module.exports = __toCommonJS(kdf_exports);
+var import_bcs = require("@haneullabs/bcs");
+var import_sha3 = require("@noble/hashes/sha3");
+var import_bls12381 = require("./bls12381.js");
+var import_utils = require("./utils.js");
+const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
+const KDF_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H2-00");
+const DERIVE_KEY_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H3-00");
+function hashToG1(id) {
+  return import_bls12381.G1Element.hashToCurve((0, import_utils.flatten)([DST, id]));
+}
+function kdf(element, nonce, id, objectId, index) {
+  if (!Number.isInteger(index) || index < 0 || index > import_utils.MAX_U8) {
+    throw new Error(`Invalid index ${index}`);
+  }
+  const objectIdBytes = (0, import_bcs.fromHex)(objectId);
+  if (objectIdBytes.length !== import_utils.HANEUL_ADDRESS_LENGTH) {
+    throw new Error(`Invalid object id ${objectId}`);
+  }
+  const hash = import_sha3.sha3_256.create();
+  hash.update(KDF_DST);
+  hash.update(element.toBytes());
+  hash.update(nonce.toBytes());
+  hash.update(hashToG1(id).toBytes());
+  hash.update(objectIdBytes);
+  hash.update(new Uint8Array([index]));
+  return hash.digest();
+}
+var KeyPurpose = /* @__PURE__ */ ((KeyPurpose2) => {
+  KeyPurpose2[KeyPurpose2["EncryptedRandomness"] = 0] = "EncryptedRandomness";
+  KeyPurpose2[KeyPurpose2["DEM"] = 1] = "DEM";
+  return KeyPurpose2;
+})(KeyPurpose || {});
+function tag(purpose) {
+  switch (purpose) {
+    case 0 /* EncryptedRandomness */:
+      return new Uint8Array([0]);
+    case 1 /* DEM */:
+      return new Uint8Array([1]);
+    default:
+      throw new Error(`Invalid key purpose ${purpose}`);
+  }
+}
+function deriveKey(purpose, baseKey, encryptedShares, threshold, keyServers) {
+  if (!Number.isInteger(threshold) || threshold <= 0 || threshold > import_utils.MAX_U8) {
+    throw new Error(`Invalid threshold ${threshold}`);
+  }
+  if (encryptedShares.length !== keyServers.length) {
+    throw new Error(
+      `Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`
+    );
+  }
+  const keyServerBytes = keyServers.map((keyServer) => (0, import_bcs.fromHex)(keyServer));
+  if (keyServerBytes.some((keyServer) => keyServer.length !== import_utils.HANEUL_ADDRESS_LENGTH)) {
+    throw new Error(`Invalid key servers ${keyServers}`);
+  }
+  if (encryptedShares.some((share) => share.length !== import_utils.ENCRYPTED_SHARE_LENGTH)) {
+    throw new Error(`Invalid encrypted shares ${encryptedShares}`);
+  }
+  if (baseKey.length !== import_utils.KEY_LENGTH) {
+    throw new Error(`Invalid base key ${baseKey}`);
+  }
+  const hash = import_sha3.sha3_256.create();
+  hash.update(DERIVE_KEY_DST);
+  hash.update(baseKey);
+  hash.update(tag(purpose));
+  hash.update(new Uint8Array([threshold]));
+  encryptedShares.forEach((share) => hash.update(share));
+  keyServerBytes.forEach((keyServer) => hash.update(keyServer));
+  return hash.digest();
+}
+//# sourceMappingURL=kdf.js.map

package/dist/cjs/kdf.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/kdf.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@haneullabs/bcs';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\nimport {\n\tENCRYPTED_SHARE_LENGTH,\n\tflatten,\n\tKEY_LENGTH,\n\tMAX_U8,\n\tHANEUL_ADDRESS_LENGTH,\n} from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nconst DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\nconst KDF_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H2-00');\nconst DERIVE_KEY_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H3-00');\n\n/**\n * Hash an id to a G1Element.\n *\n * @param id The id to hash.\n * @returns The G1Element.\n */\nexport function hashToG1(id: Uint8Array): G1Element {\n\treturn G1Element.hashToCurve(flatten([DST, id]));\n}\n\n/**\n * The default key derivation function.\n *\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\tif (!Number.isInteger(index) || index < 0 || index > MAX_U8) {\n\t\tthrow new Error(`Invalid index ${index}`);\n\t}\n\tconst objectIdBytes = fromHex(objectId);\n\tif (objectIdBytes.length !== HANEUL_ADDRESS_LENGTH) {\n\t\tthrow new Error(`Invalid object id ${objectId}`);\n\t}\n\tconst hash = sha3_256.create();\n\thash.update(KDF_DST);\n\thash.update(element.toBytes());\n\thash.update(nonce.toBytes());\n\thash.update(hashToG1(id).toBytes());\n\thash.update(objectIdBytes);\n\thash.update(new Uint8Array([index])); // this is safe because index < 256.\n\treturn hash.digest();\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nfunction tag(purpose: KeyPurpose): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn new Uint8Array([0]);\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn new Uint8Array([1]);\n\t\tdefault:\n\t\t\tthrow new Error(`Invalid key purpose ${purpose}`);\n\t}\n}\n\n/**\n * Derive a key from a base key and a list of encrypted shares.\n *\n * @param purpose The purpose of the key.\n * @param baseKey The base key.\n * @param encryptedShares The encrypted shares.\n * @param threshold The threshold.\n * @param keyServers The object ids of the key servers.\n * @returns The derived key.\n */\nexport function deriveKey(\n\tpurpose: KeyPurpose,\n\tbaseKey: Uint8Array,\n\tencryptedShares: Uint8Array[],\n\tthreshold: number,\n\tkeyServers: string[],\n): Uint8Array {\n\tif (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {\n\t\tthrow new Error(`Invalid threshold ${threshold}`);\n\t}\n\n\tif (encryptedShares.length !== keyServers.length) {\n\t\tthrow new Error(\n\t\t\t`Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`,\n\t\t);\n\t}\n\tconst keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));\n\tif (keyServerBytes.some((keyServer) => keyServer.length !== HANEUL_ADDRESS_LENGTH)) {\n\t\tthrow new Error(`Invalid key servers ${keyServers}`);\n\t}\n\tif (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {\n\t\tthrow new Error(`Invalid encrypted shares ${encryptedShares}`);\n\t}\n\n\tif (baseKey.length !== KEY_LENGTH) {\n\t\tthrow new Error(`Invalid base key ${baseKey}`);\n\t}\n\n\tconst hash = sha3_256.create();\n\thash.update(DERIVE_KEY_DST);\n\thash.update(baseKey);\n\thash.update(tag(purpose));\n\thash.update(new Uint8Array([threshold]));\n\tencryptedShares.forEach((share) => hash.update(share));\n\tkeyServerBytes.forEach((keyServer) => hash.update(keyServer));\n\treturn hash.digest();\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,kBAAyB;AAEzB,sBAA0B;AAE1B,mBAMO;AAKP,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAC3E,MAAM,UAAU,IAAI,YAAY,EAAE,OAAO,6BAA6B;AACtE,MAAM,iBAAiB,IAAI,YAAY,EAAE,OAAO,6BAA6B;AAQtE,SAAS,SAAS,IAA2B;AACnD,SAAO,0BAAU,gBAAY,sBAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;AAChD;AAOO,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AACb,MAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ,qBAAQ;AAC5D,UAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAAA,EACzC;AACA,QAAM,oBAAgB,oBAAQ,QAAQ;AACtC,MAAI,cAAc,WAAW,oCAAuB;AACnD,UAAM,IAAI,MAAM,qBAAqB,QAAQ,EAAE;AAAA,EAChD;AACA,QAAM,OAAO,qBAAS,OAAO;AAC7B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,QAAQ,QAAQ,CAAC;AAC7B,OAAK,OAAO,MAAM,QAAQ,CAAC;AAC3B,OAAK,OAAO,SAAS,EAAE,EAAE,QAAQ,CAAC;AAClC,OAAK,OAAO,aAAa;AACzB,OAAK,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;AACnC,SAAO,KAAK,OAAO;AACpB;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,IAAI,SAAiC;AAC7C,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B;AACC,YAAM,IAAI,MAAM,uBAAuB,OAAO,EAAE;AAAA,EAClD;AACD;AAYO,SAAS,UACf,SACA,SACA,iBACA,WACA,YACa;AACb,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,aAAa,KAAK,YAAY,qBAAQ;AACzE,UAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE;AAAA,EACjD;AAEA,MAAI,gBAAgB,WAAW,WAAW,QAAQ;AACjD,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,oBAAoB,WAAW,MAAM;AAAA,IACjF;AAAA,EACD;AACA,QAAM,iBAAiB,WAAW,IAAI,CAAC,kBAAc,oBAAQ,SAAS,CAAC;AACvE,MAAI,eAAe,KAAK,CAAC,cAAc,UAAU,WAAW,kCAAqB,GAAG;AACnF,UAAM,IAAI,MAAM,uBAAuB,UAAU,EAAE;AAAA,EACpD;AACA,MAAI,gBAAgB,KAAK,CAAC,UAAU,MAAM,WAAW,mCAAsB,GAAG;AAC7E,UAAM,IAAI,MAAM,4BAA4B,eAAe,EAAE;AAAA,EAC9D;AAEA,MAAI,QAAQ,WAAW,yBAAY;AAClC,UAAM,IAAI,MAAM,oBAAoB,OAAO,EAAE;AAAA,EAC9C;AAEA,QAAM,OAAO,qBAAS,OAAO;AAC7B,OAAK,OAAO,cAAc;AAC1B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,IAAI,OAAO,CAAC;AACxB,OAAK,OAAO,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;AACvC,kBAAgB,QAAQ,CAAC,UAAU,KAAK,OAAO,KAAK,CAAC;AACrD,iBAAe,QAAQ,CAAC,cAAc,KAAK,OAAO,SAAS,CAAC;AAC5D,SAAO,KAAK,OAAO;AACpB;",
+  "names": ["KeyPurpose"]
+}

package/dist/cjs/key-server.d.ts

@@ -0,0 +1,98 @@
+import type { SealCompatibleClient } from './types.js';
+import type { G1Element } from './bls12381.js';
+import { Version } from './utils.js';
+import type { Certificate } from './session-key.js';
+export type KeyServer = {
+    objectId: string;
+    name: string;
+    url: string;
+    keyType: KeyServerType;
+    pk: Uint8Array<ArrayBuffer>;
+};
+export declare enum KeyServerType {
+    BonehFranklinBLS12381 = 0
+}
+export declare const SERVER_VERSION_REQUIREMENT: Version;
+/**
+ * Given a list of key server object IDs, returns a list of SealKeyServer
+ * from onchain state containing name, objectId, URL and pk.
+ *
+ * @param objectIds - The key server object IDs.
+ * @param client - The HaneulClient to use.
+ * @returns - An array of SealKeyServer.
+ */
+export declare function retrieveKeyServers({ objectIds, client, }: {
+    objectIds: string[];
+    client: SealCompatibleClient;
+}): Promise<KeyServer[]>;
+/**
+ * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it
+ * against the pubkey. This should be used only rarely when the dapp uses a dynamic
+ * set of key servers.
+ *
+ * @param server - The KeyServer to verify.
+ * @returns - True if the key server is valid, false otherwise.
+ */
+export declare function verifyKeyServer(server: KeyServer, timeout: number, apiKeyName?: string, apiKey?: string): Promise<boolean>;
+/**
+ * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.
+ *
+ * @param response - The response from the key server.
+ */
+export declare function verifyKeyServerVersion(response: Response): void;
+export interface DerivedKey {
+    toString(): string;
+}
+/**
+ * A user secret key for the Boneh-Franklin BLS12381 scheme.
+ * This is a wrapper around the G1Element type.
+ */
+export declare class BonehFranklinBLS12381DerivedKey implements DerivedKey {
+    key: G1Element;
+    representation: string;
+    constructor(key: G1Element);
+    toString(): string;
+}
+/**
+ * Options for fetching keys from the key server.
+ */
+export interface FetchKeysOptions {
+    /** The URL of the key server. */
+    url: string;
+    /** The Base64 string of request signature. */
+    requestSignature: string;
+    /** The transaction bytes. */
+    transactionBytes: Uint8Array;
+    /** The ephemeral secret key. */
+    encKey: Uint8Array<ArrayBuffer>;
+    /** The ephemeral public key. */
+    encKeyPk: Uint8Array<ArrayBuffer>;
+    /** The ephemeral verification key. */
+    encVerificationKey: Uint8Array;
+    /** The certificate. */
+    certificate: Certificate;
+    /** Request timeout in milliseconds. */
+    timeout: number;
+    /** Optional API key name. */
+    apiKeyName?: string;
+    /** Optional API key. */
+    apiKey?: string;
+    /** Optional abort signal for cancellation. */
+    signal?: AbortSignal;
+}
+/**
+ * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.
+ * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with
+ * their full IDs.
+ *
+ * @param url - The URL of the key server.
+ * @param requestSig - The Base64 string of request signature.
+ * @param txBytes - The transaction bytes.
+ * @param encKey - The ephemeral secret key.
+ * @param certificate - The certificate.
+ * @returns - A list of full ID and the decrypted key.
+ */
+export declare function fetchKeysForAllIds({ url, requestSignature, transactionBytes, encKey, encKeyPk, encVerificationKey, certificate, timeout, apiKeyName, apiKey, signal, }: FetchKeysOptions): Promise<{
+    fullId: string;
+    key: Uint8Array<ArrayBuffer>;
+}[]>;

package/dist/cjs/key-server.js

@@ -0,0 +1,171 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var key_server_exports = {};
+__export(key_server_exports, {
+  BonehFranklinBLS12381DerivedKey: () => BonehFranklinBLS12381DerivedKey,
+  KeyServerType: () => KeyServerType,
+  SERVER_VERSION_REQUIREMENT: () => SERVER_VERSION_REQUIREMENT,
+  fetchKeysForAllIds: () => fetchKeysForAllIds,
+  retrieveKeyServers: () => retrieveKeyServers,
+  verifyKeyServer: () => verifyKeyServer,
+  verifyKeyServerVersion: () => verifyKeyServerVersion
+});
+module.exports = __toCommonJS(key_server_exports);
+var import_bcs = require("@haneullabs/bcs");
+var import_bls12_381 = require("@noble/curves/bls12-381");
+var import_bcs2 = require("./bcs.js");
+var import_error = require("./error.js");
+var import_ibe = require("./ibe.js");
+var import_version = require("./version.js");
+var import_utils = require("./utils.js");
+var import_elgamal = require("./elgamal.js");
+const EXPECTED_SERVER_VERSION = 1;
+var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
+  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
+  return KeyServerType2;
+})(KeyServerType || {});
+const SERVER_VERSION_REQUIREMENT = new import_utils.Version("0.4.1");
+async function retrieveKeyServers({
+  objectIds,
+  client
+}) {
+  return await Promise.all(
+    objectIds.map(async (objectId) => {
+      const res = await client.core.getObject({
+        objectId
+      });
+      const ks = import_bcs2.KeyServerMove.parse(await res.object.content);
+      if (EXPECTED_SERVER_VERSION < Number(ks.firstVersion) || EXPECTED_SERVER_VERSION > Number(ks.lastVersion)) {
+        throw new import_error.InvalidKeyServerVersionError(
+          `Key server ${objectId} supports versions between ${ks.firstVersion} and ${ks.lastVersion} (inclusive), but SDK expects version ${EXPECTED_SERVER_VERSION}`
+        );
+      }
+      const resVersionedKs = await client.core.getDynamicField({
+        parentId: objectId,
+        name: {
+          type: "u64",
+          bcs: import_bcs.bcs.u64().serialize(EXPECTED_SERVER_VERSION).toBytes()
+        }
+      });
+      const ksVersioned = import_bcs2.KeyServerMoveV1.parse(resVersionedKs.dynamicField.value.bcs);
+      if (ksVersioned.keyType !== 0 /* BonehFranklinBLS12381 */) {
+        throw new import_error.InvalidKeyServerError(
+          `Server ${objectId} has invalid key type: ${ksVersioned.keyType}`
+        );
+      }
+      return {
+        objectId,
+        name: ksVersioned.name,
+        url: ksVersioned.url,
+        keyType: ksVersioned.keyType,
+        pk: new Uint8Array(ksVersioned.pk)
+      };
+    })
+  );
+}
+async function verifyKeyServer(server, timeout, apiKeyName, apiKey) {
+  const requestId = crypto.randomUUID();
+  const response = await fetch(server.url + "/v1/service?service_id=" + server.objectId, {
+    method: "GET",
+    headers: {
+      "Content-Type": "application/json",
+      "Request-Id": requestId,
+      "Client-Sdk-Type": "typescript",
+      "Client-Sdk-Version": import_version.PACKAGE_VERSION,
+      ...apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}
+    },
+    signal: AbortSignal.timeout(timeout)
+  });
+  await import_error.SealAPIError.assertResponse(response, requestId);
+  verifyKeyServerVersion(response);
+  const serviceResponse = await response.json();
+  if (serviceResponse.service_id !== server.objectId) {
+    return false;
+  }
+  const fullMsg = (0, import_utils.flatten)([import_ibe.DST_POP, server.pk, (0, import_bcs.fromHex)(server.objectId)]);
+  return import_bls12_381.bls12_381.verifyShortSignature((0, import_bcs.fromBase64)(serviceResponse.pop), fullMsg, server.pk);
+}
+function verifyKeyServerVersion(response) {
+  const keyServerVersion = response.headers.get("X-KeyServer-Version");
+  if (keyServerVersion == null) {
+    throw new import_error.InvalidKeyServerVersionError("Key server version not found");
+  }
+  if (new import_utils.Version(keyServerVersion).older_than(SERVER_VERSION_REQUIREMENT)) {
+    throw new import_error.InvalidKeyServerVersionError(
+      `Key server version ${keyServerVersion} is not supported`
+    );
+  }
+}
+class BonehFranklinBLS12381DerivedKey {
+  constructor(key) {
+    this.key = key;
+    this.representation = (0, import_bcs.toHex)(key.toBytes());
+  }
+  toString() {
+    return this.representation;
+  }
+}
+async function fetchKeysForAllIds({
+  url,
+  requestSignature,
+  transactionBytes,
+  encKey,
+  encKeyPk,
+  encVerificationKey,
+  certificate,
+  timeout,
+  apiKeyName,
+  apiKey,
+  signal
+}) {
+  const body = {
+    ptb: (0, import_bcs.toBase64)(transactionBytes.slice(1)),
+    // removes the byte of the transaction type version
+    enc_key: (0, import_bcs.toBase64)(encKeyPk),
+    enc_verification_key: (0, import_bcs.toBase64)(encVerificationKey),
+    request_signature: requestSignature,
+    // already b64
+    certificate
+  };
+  const timeoutSignal = AbortSignal.timeout(timeout);
+  const combinedSignal = signal ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;
+  const requestId = crypto.randomUUID();
+  const response = await fetch(url + "/v1/fetch_key", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "Request-Id": requestId,
+      "Client-Sdk-Type": "typescript",
+      "Client-Sdk-Version": import_version.PACKAGE_VERSION,
+      ...apiKeyName && apiKey ? { [apiKeyName]: apiKey } : {}
+    },
+    body: JSON.stringify(body),
+    signal: combinedSignal
+  });
+  await import_error.SealAPIError.assertResponse(response, requestId);
+  const resp = await response.json();
+  verifyKeyServerVersion(response);
+  return resp.decryption_keys.map(
+    (dk) => ({
+      fullId: (0, import_bcs.toHex)(dk.id),
+      key: (0, import_elgamal.elgamalDecrypt)(encKey, dk.encrypted_key.map(import_bcs.fromBase64))
+    })
+  );
+}
+//# sourceMappingURL=key-server.js.map