@haneullabs/seal 0.1.0

package/dist/esm/bls12381.js

@@ -0,0 +1,131 @@
+import { bls12_381 } from "@noble/curves/bls12-381";
+import { bytesToNumberBE, bytesToNumberLE, numberToBytesBE } from "@noble/curves/utils";
+const _G1Element = class _G1Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new _G1Element(bls12_381.G1.Point.BASE);
+  }
+  static fromBytes(bytes) {
+    try {
+      return new _G1Element(bls12_381.G1.Point.fromBytes(bytes));
+    } catch {
+      throw new Error("Invalid G1 point");
+    }
+  }
+  toBytes() {
+    return this.point.toBytes();
+  }
+  multiply(scalar) {
+    return new _G1Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new _G1Element(this.point.add(other.point));
+  }
+  subtract(other) {
+    return new _G1Element(this.point.subtract(other.point));
+  }
+  static hashToCurve(data) {
+    return new _G1Element(bls12_381.G1.Point.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()));
+  }
+  pairing(other) {
+    return new GTElement(bls12_381.pairing(this.point, other.point));
+  }
+};
+_G1Element.SIZE = 48;
+let G1Element = _G1Element;
+const _G2Element = class _G2Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new _G2Element(bls12_381.G2.Point.BASE);
+  }
+  static fromBytes(bytes) {
+    try {
+      return new _G2Element(bls12_381.G2.Point.fromBytes(bytes));
+    } catch {
+      throw new Error("Invalid G2 point");
+    }
+  }
+  toBytes() {
+    return this.point.toBytes();
+  }
+  multiply(scalar) {
+    return new _G2Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new _G2Element(this.point.add(other.point));
+  }
+  static hashToCurve(data) {
+    return new _G2Element(bls12_381.G2.Point.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()));
+  }
+  equals(other) {
+    return this.point.equals(other.point);
+  }
+};
+_G2Element.SIZE = 96;
+let G2Element = _G2Element;
+const _GTElement = class _GTElement {
+  constructor(element) {
+    this.element = element;
+  }
+  toBytes() {
+    const P = [0, 3, 1, 4, 2, 5];
+    const PAIR_SIZE = _GTElement.SIZE / P.length;
+    const bytes = bls12_381.fields.Fp12.toBytes(this.element);
+    const result = new Uint8Array(_GTElement.SIZE);
+    for (let i = 0; i < P.length; i++) {
+      const sourceStart = P[i] * PAIR_SIZE;
+      const sourceEnd = sourceStart + PAIR_SIZE;
+      const targetStart = i * PAIR_SIZE;
+      result.set(bytes.subarray(sourceStart, sourceEnd), targetStart);
+    }
+    return result;
+  }
+  equals(other) {
+    return bls12_381.fields.Fp12.eql(this.element, other.element);
+  }
+};
+_GTElement.SIZE = 576;
+let GTElement = _GTElement;
+const _Scalar = class _Scalar {
+  constructor(scalar) {
+    this.scalar = scalar;
+  }
+  static fromBigint(scalar) {
+    if (scalar < 0n || scalar >= bls12_381.fields.Fr.ORDER) {
+      throw new Error("Scalar out of range");
+    }
+    return new _Scalar(scalar);
+  }
+  static random() {
+    const randomSecretKey = bls12_381.utils.randomSecretKey();
+    return _Scalar.fromBytes(randomSecretKey);
+  }
+  toBytes() {
+    return numberToBytesBE(this.scalar, _Scalar.SIZE);
+  }
+  static fromBytes(bytes) {
+    if (bytes.length !== _Scalar.SIZE) {
+      throw new Error("Invalid scalar length");
+    }
+    return this.fromBigint(bytesToNumberBE(bytes));
+  }
+  static fromBytesLE(bytes) {
+    if (bytes.length !== _Scalar.SIZE) {
+      throw new Error("Invalid scalar length");
+    }
+    return this.fromBigint(bytesToNumberLE(bytes));
+  }
+};
+_Scalar.SIZE = 32;
+let Scalar = _Scalar;
+export {
+  G1Element,
+  G2Element,
+  GTElement,
+  Scalar
+};
+//# sourceMappingURL=bls12381.js.map

package/dist/esm/bls12381.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/bls12381.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { WeierstrassPoint } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\nimport { bytesToNumberBE, bytesToNumberLE, numberToBytesBE } from '@noble/curves/utils';\n\nexport class G1Element {\n\tpoint: WeierstrassPoint<bigint>;\n\n\tpublic static readonly SIZE = 48;\n\n\tconstructor(point: WeierstrassPoint<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.Point.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\ttry {\n\t\t\treturn new G1Element(bls12_381.G1.Point.fromBytes(bytes));\n\t\t} catch {\n\t\t\tthrow new Error('Invalid G1 point');\n\t\t}\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\treturn this.point.toBytes() as Uint8Array<ArrayBuffer>;\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.Point.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()));\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: WeierstrassPoint<Fp2>;\n\n\tpublic static readonly SIZE = 96;\n\n\tconstructor(point: WeierstrassPoint<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.Point.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\ttry {\n\t\t\treturn new G2Element(bls12_381.G2.Point.fromBytes(bytes));\n\t\t} catch {\n\t\t\tthrow new Error('Invalid G2 point');\n\t\t}\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\treturn this.point.toBytes() as Uint8Array<ArrayBuffer>;\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.Point.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()));\n\t}\n\n\tequals(other: G2Element): boolean {\n\t\treturn this.point.equals(other.point);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tpublic static readonly SIZE = 576;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array<ArrayBuffer> {\n\t\t// This permutation reorders the 6 pairs of coefficients of the GT element for compatability with the Rust and Move implementations.\n\t\t//\n\t\t// The permutation P may be computed as:\n\t\t// for i in 0..3 {\n\t\t//   for j in 0..2 {\n\t\t//     P[2 * i + j] = i + 3 * j;\n\t\t//   }\n\t\t// }\n\t\tconst P = [0, 3, 1, 4, 2, 5];\n\t\tconst PAIR_SIZE = GTElement.SIZE / P.length;\n\n\t\tconst bytes = bls12_381.fields.Fp12.toBytes(this.element);\n\t\tconst result = new Uint8Array(GTElement.SIZE);\n\n\t\tfor (let i = 0; i < P.length; i++) {\n\t\t\tconst sourceStart = P[i] * PAIR_SIZE;\n\t\t\tconst sourceEnd = sourceStart + PAIR_SIZE;\n\t\t\tconst targetStart = i * PAIR_SIZE;\n\t\t\tresult.set(bytes.subarray(sourceStart, sourceEnd), targetStart);\n\t\t}\n\n\t\treturn result;\n\t}\n\n\tequals(other: GTElement): boolean {\n\t\treturn bls12_381.fields.Fp12.eql(this.element, other.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tpublic static readonly SIZE = 32;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic fromBigint(scalar: bigint): Scalar {\n\t\tif (scalar < 0n || scalar >= bls12_381.fields.Fr.ORDER) {\n\t\t\tthrow new Error('Scalar out of range');\n\t\t}\n\t\treturn new Scalar(scalar);\n\t}\n\n\tstatic random(): Scalar {\n\t\tconst randomSecretKey = bls12_381.utils.randomSecretKey();\n\t\treturn Scalar.fromBytes(randomSecretKey)!;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn numberToBytesBE(this.scalar, Scalar.SIZE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\tif (bytes.length !== Scalar.SIZE) {\n\t\t\tthrow new Error('Invalid scalar length');\n\t\t}\n\t\treturn this.fromBigint(bytesToNumberBE(bytes));\n\t}\n\n\tstatic fromBytesLE(bytes: Uint8Array): Scalar {\n\t\tif (bytes.length !== Scalar.SIZE) {\n\t\t\tthrow new Error('Invalid scalar length');\n\t\t}\n\t\treturn this.fromBigint(bytesToNumberLE(bytes));\n\t}\n}\n"],
+  "mappings": "AAKA,SAAS,iBAAiB;AAC1B,SAAS,iBAAiB,iBAAiB,uBAAuB;AAE3D,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAAiC;AAC5C,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,MAAM,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,QAAI;AACH,aAAO,IAAI,WAAU,UAAU,GAAG,MAAM,UAAU,KAAK,CAAC;AAAA,IACzD,QAAQ;AACP,YAAM,IAAI,MAAM,kBAAkB;AAAA,IACnC;AAAA,EACD;AAAA,EAEA,UAAmC;AAClC,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC3B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI,WAAU,UAAU,GAAG,MAAM,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC,CAAC;AAAA,EAC9F;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,UAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AA5Ca,WAGW,OAAO;AAHxB,IAAM,YAAN;AA8CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,WAAU,UAAU,GAAG,MAAM,IAAI;AAAA,EAC7C;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,QAAI;AACH,aAAO,IAAI,WAAU,UAAU,GAAG,MAAM,UAAU,KAAK,CAAC;AAAA,IACzD,QAAQ;AACP,YAAM,IAAI,MAAM,kBAAkB;AAAA,IACnC;AAAA,EACD;AAAA,EAEA,UAAmC;AAClC,WAAO,KAAK,MAAM,QAAQ;AAAA,EAC3B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,WAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,WAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI,WAAU,UAAU,GAAG,MAAM,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC,CAAC;AAAA,EAC9F;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,KAAK,MAAM,OAAO,MAAM,KAAK;AAAA,EACrC;AACD;AAxCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AA0CA,MAAM,aAAN,MAAM,WAAU;AAAA,EAKtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAmC;AASlC,UAAM,IAAI,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAC3B,UAAM,YAAY,WAAU,OAAO,EAAE;AAErC,UAAM,QAAQ,UAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AACxD,UAAM,SAAS,IAAI,WAAW,WAAU,IAAI;AAE5C,aAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AAClC,YAAM,cAAc,EAAE,CAAC,IAAI;AAC3B,YAAM,YAAY,cAAc;AAChC,YAAM,cAAc,IAAI;AACxB,aAAO,IAAI,MAAM,SAAS,aAAa,SAAS,GAAG,WAAW;AAAA,IAC/D;AAEA,WAAO;AAAA,EACR;AAAA,EAEA,OAAO,OAA2B;AACjC,WAAO,UAAU,OAAO,KAAK,IAAI,KAAK,SAAS,MAAM,OAAO;AAAA,EAC7D;AACD;AArCa,WAGW,OAAO;AAHxB,IAAM,YAAN;AAuCA,MAAM,UAAN,MAAM,QAAO;AAAA,EAKnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,WAAW,QAAwB;AACzC,QAAI,SAAS,MAAM,UAAU,UAAU,OAAO,GAAG,OAAO;AACvD,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,WAAO,IAAI,QAAO,MAAM;AAAA,EACzB;AAAA,EAEA,OAAO,SAAiB;AACvB,UAAM,kBAAkB,UAAU,MAAM,gBAAgB;AACxD,WAAO,QAAO,UAAU,eAAe;AAAA,EACxC;AAAA,EAEA,UAAsB;AACrB,WAAO,gBAAgB,KAAK,QAAQ,QAAO,IAAI;AAAA,EAChD;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,QAAI,MAAM,WAAW,QAAO,MAAM;AACjC,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACxC;AACA,WAAO,KAAK,WAAW,gBAAgB,KAAK,CAAC;AAAA,EAC9C;AAAA,EAEA,OAAO,YAAY,OAA2B;AAC7C,QAAI,MAAM,WAAW,QAAO,MAAM;AACjC,YAAM,IAAI,MAAM,uBAAuB;AAAA,IACxC;AACA,WAAO,KAAK,WAAW,gBAAgB,KAAK,CAAC;AAAA,EAC9C;AACD;AAtCa,QAGW,OAAO;AAHxB,IAAM,SAAN;",
+  "names": []
+}

package/dist/esm/client.d.ts

@@ -0,0 +1,84 @@
+import { G2Element } from './bls12381.js';
+import type { DerivedKey, KeyServer } from './key-server.js';
+import type { DecryptOptions, EncryptOptions, FetchKeysOptions, GetDerivedKeysOptions, SealClientExtensionOptions, SealClientOptions, SealCompatibleClient, SealOptions } from './types.js';
+export declare function seal<Name = 'seal'>({ name, ...options }: SealOptions<Name>): {
+    name: Name;
+    register: (client: SealCompatibleClient) => SealClient;
+};
+export declare class SealClient {
+    #private;
+    constructor(options: SealClientOptions);
+    /** @deprecated Use `seal()` instead */
+    static asClientExtension(options: SealClientExtensionOptions): {
+        name: "seal";
+        register: (client: SealCompatibleClient) => SealClient;
+    };
+    /**
+     * Return an encrypted message under the identity.
+     *
+     * @param kemType - The type of KEM to use.
+     * @param demType - The type of DEM to use.
+     * @param threshold - The threshold for the TSS encryption.
+     * @param packageId - the packageId namespace.
+     * @param id - the identity to use.
+     * @param data - the data to encrypt.
+     * @param aad - optional additional authenticated data.
+     * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+     * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+     */
+    encrypt({ kemType, demType, threshold, packageId, id, data, aad, }: EncryptOptions): Promise<{
+        encryptedObject: Uint8Array<ArrayBuffer>;
+        key: Uint8Array<ArrayBuffer>;
+    }>;
+    /**
+     * Decrypt the given encrypted bytes using cached keys.
+     * Calls fetchKeys in case one or more of the required keys is not cached yet.
+     * The function throws an error if the client's key servers are not a subset of
+     * the encrypted object's key servers or if the threshold cannot be met.
+     *
+     * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that
+     * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
+     * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors
+     * receive the same output (e.g., for onchain encrypted voting).
+     *
+     * @param data - The encrypted bytes to decrypt.
+     * @param sessionKey - The session key to use.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param checkShareConsistency - If true, the shares are checked for consistency.
+     * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.
+     * @returns - The decrypted plaintext corresponding to ciphertext.
+     */
+    decrypt({ data, sessionKey, txBytes, checkShareConsistency, checkLEEncoding, }: DecryptOptions): Promise<Uint8Array<ArrayBufferLike>>;
+    getKeyServers(): Promise<Map<string, KeyServer>>;
+    /**
+     * Get the public keys for the given services.
+     * If all public keys are not in the cache, they are retrieved.
+     *
+     * @param services - The services to get the public keys for.
+     * @returns The public keys for the given services in the same order as the given services.
+     */
+    getPublicKeys(services: string[]): Promise<G2Element[]>;
+    /**
+     * Fetch keys from the key servers and update the cache.
+     *
+     * It is recommended to call this function once for all ids of all encrypted objects if
+     * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+     * individually for each decrypt.
+     *
+     * @param ids - The ids of the encrypted objects.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param sessionKey - The session key to use.
+     * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+     */
+    fetchKeys({ ids, txBytes, sessionKey, threshold }: FetchKeysOptions): Promise<void>;
+    /**
+     * Get derived keys from the given services.
+     *
+     * @param id - The id of the encrypted object.
+     * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+     * @param sessionKey - The session key to use.
+     * @param threshold - The threshold.
+     * @returns - Derived keys for the given services that are in the cache as a "service object ID" -> derived key map. If the call is succesful, exactly threshold keys will be returned.
+     */
+    getDerivedKeys({ kemType, id, txBytes, sessionKey, threshold, }: GetDerivedKeysOptions): Promise<Map<string, DerivedKey>>;
+}

package/dist/esm/client.js

@@ -0,0 +1,407 @@
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var _haneulClient, _configs, _keyServers, _verifyKeyServers, _cachedKeys, _cachedPublicKeys, _timeout, _totalWeight, _SealClient_instances, createEncryptionInput_fn, weight_fn, validateEncryptionServices_fn, getWeightedKeyServers_fn, loadKeyServers_fn;
+import { EncryptedObject } from "./bcs.js";
+import { G1Element, G2Element } from "./bls12381.js";
+import { decrypt } from "./decrypt.js";
+import { AesGcm256, Hmac256Ctr } from "./dem.js";
+import { DemType, encrypt, KemType } from "./encrypt.js";
+import {
+  InconsistentKeyServersError,
+  InvalidClientOptionsError,
+  InvalidKeyServerError,
+  InvalidPackageError,
+  InvalidThresholdError,
+  toMajorityError,
+  TooManyFailedFetchKeyRequestsError
+} from "./error.js";
+import { BonehFranklinBLS12381Services } from "./ibe.js";
+import {
+  BonehFranklinBLS12381DerivedKey,
+  retrieveKeyServers,
+  verifyKeyServer,
+  fetchKeysForAllIds
+} from "./key-server.js";
+import { createFullId, count } from "./utils.js";
+function seal({ name = "seal", ...options }) {
+  return {
+    name,
+    register: (client) => {
+      return new SealClient({
+        haneulClient: client,
+        ...options
+      });
+    }
+  };
+}
+const _SealClient = class _SealClient {
+  constructor(options) {
+    __privateAdd(this, _SealClient_instances);
+    __privateAdd(this, _haneulClient);
+    __privateAdd(this, _configs);
+    __privateAdd(this, _keyServers, null);
+    __privateAdd(this, _verifyKeyServers);
+    // A caching map for: fullId:object_id -> partial key.
+    __privateAdd(this, _cachedKeys, /* @__PURE__ */ new Map());
+    __privateAdd(this, _cachedPublicKeys, /* @__PURE__ */ new Map());
+    __privateAdd(this, _timeout);
+    __privateAdd(this, _totalWeight);
+    __privateSet(this, _haneulClient, options.haneulClient);
+    if (new Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length) {
+      throw new InvalidClientOptionsError("Duplicate object IDs");
+    }
+    if (options.serverConfigs.some((s) => s.apiKeyName && !s.apiKey || !s.apiKeyName && s.apiKey)) {
+      throw new InvalidClientOptionsError(
+        "Both apiKeyName and apiKey must be provided or not provided for all key servers"
+      );
+    }
+    __privateSet(this, _configs, new Map(options.serverConfigs.map((server) => [server.objectId, server])));
+    __privateSet(this, _totalWeight, options.serverConfigs.map((server) => server.weight).reduce((sum, term) => sum + term, 0));
+    __privateSet(this, _verifyKeyServers, options.verifyKeyServers ?? true);
+    __privateSet(this, _timeout, options.timeout ?? 1e4);
+  }
+  /** @deprecated Use `seal()` instead */
+  static asClientExtension(options) {
+    return {
+      name: "seal",
+      register: (client) => {
+        return new _SealClient({
+          haneulClient: client,
+          ...options
+        });
+      }
+    };
+  }
+  /**
+   * Return an encrypted message under the identity.
+   *
+   * @param kemType - The type of KEM to use.
+   * @param demType - The type of DEM to use.
+   * @param threshold - The threshold for the TSS encryption.
+   * @param packageId - the packageId namespace.
+   * @param id - the identity to use.
+   * @param data - the data to encrypt.
+   * @param aad - optional additional authenticated data.
+   * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+   * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
+   */
+  async encrypt({
+    kemType = KemType.BonehFranklinBLS12381DemCCA,
+    demType = DemType.AesGcm256,
+    threshold,
+    packageId,
+    id,
+    data,
+    aad = new Uint8Array()
+  }) {
+    const packageObj = await __privateGet(this, _haneulClient).core.getObject({ objectId: packageId });
+    if (String(packageObj.object.version) !== "1") {
+      throw new InvalidPackageError(`Package ${packageId} is not the first version`);
+    }
+    return encrypt({
+      keyServers: await __privateMethod(this, _SealClient_instances, getWeightedKeyServers_fn).call(this),
+      kemType,
+      threshold,
+      packageId,
+      id,
+      encryptionInput: __privateMethod(this, _SealClient_instances, createEncryptionInput_fn).call(this, demType, data, aad)
+    });
+  }
+  /**
+   * Decrypt the given encrypted bytes using cached keys.
+   * Calls fetchKeys in case one or more of the required keys is not cached yet.
+   * The function throws an error if the client's key servers are not a subset of
+   * the encrypted object's key servers or if the threshold cannot be met.
+   *
+   * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that
+   * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
+   * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors
+   * receive the same output (e.g., for onchain encrypted voting).
+   *
+   * @param data - The encrypted bytes to decrypt.
+   * @param sessionKey - The session key to use.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param checkShareConsistency - If true, the shares are checked for consistency.
+   * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.
+   * @returns - The decrypted plaintext corresponding to ciphertext.
+   */
+  async decrypt({
+    data,
+    sessionKey,
+    txBytes,
+    checkShareConsistency,
+    checkLEEncoding
+  }) {
+    const encryptedObject = EncryptedObject.parse(data);
+    __privateMethod(this, _SealClient_instances, validateEncryptionServices_fn).call(this, encryptedObject.services.map((s) => s[0]), encryptedObject.threshold);
+    await this.fetchKeys({
+      ids: [encryptedObject.id],
+      txBytes,
+      sessionKey,
+      threshold: encryptedObject.threshold
+    });
+    if (checkShareConsistency) {
+      const publicKeys = await this.getPublicKeys(
+        encryptedObject.services.map(([objectId, _]) => objectId)
+      );
+      return decrypt({
+        encryptedObject,
+        keys: __privateGet(this, _cachedKeys),
+        publicKeys,
+        checkLEEncoding: false
+        // We intentionally do not support other encodings here
+      });
+    }
+    return decrypt({ encryptedObject, keys: __privateGet(this, _cachedKeys), checkLEEncoding });
+  }
+  async getKeyServers() {
+    if (!__privateGet(this, _keyServers)) {
+      __privateSet(this, _keyServers, __privateMethod(this, _SealClient_instances, loadKeyServers_fn).call(this).catch((error) => {
+        __privateSet(this, _keyServers, null);
+        throw error;
+      }));
+    }
+    return __privateGet(this, _keyServers);
+  }
+  /**
+   * Get the public keys for the given services.
+   * If all public keys are not in the cache, they are retrieved.
+   *
+   * @param services - The services to get the public keys for.
+   * @returns The public keys for the given services in the same order as the given services.
+   */
+  async getPublicKeys(services) {
+    const keyServers = await this.getKeyServers();
+    const missingKeyServers = services.filter(
+      (objectId) => !keyServers.has(objectId) && !__privateGet(this, _cachedPublicKeys).has(objectId)
+    );
+    if (missingKeyServers.length > 0) {
+      (await retrieveKeyServers({
+        objectIds: missingKeyServers,
+        client: __privateGet(this, _haneulClient)
+      })).forEach(
+        (keyServer) => __privateGet(this, _cachedPublicKeys).set(keyServer.objectId, G2Element.fromBytes(keyServer.pk))
+      );
+    }
+    return services.map((objectId) => {
+      const keyServer = keyServers.get(objectId);
+      if (keyServer) {
+        return G2Element.fromBytes(keyServer.pk);
+      }
+      return __privateGet(this, _cachedPublicKeys).get(objectId);
+    });
+  }
+  /**
+   * Fetch keys from the key servers and update the cache.
+   *
+   * It is recommended to call this function once for all ids of all encrypted objects if
+   * there are multiple, then call decrypt for each object. This avoids calling fetchKey
+   * individually for each decrypt.
+   *
+   * @param ids - The ids of the encrypted objects.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param sessionKey - The session key to use.
+   * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
+   */
+  async fetchKeys({ ids, txBytes, sessionKey, threshold }) {
+    if (threshold > __privateGet(this, _totalWeight) || threshold < 1) {
+      throw new InvalidThresholdError(
+        `Invalid threshold ${threshold} servers with weights ${JSON.stringify(__privateGet(this, _configs))}`
+      );
+    }
+    const keyServers = await this.getKeyServers();
+    const fullIds = ids.map((id) => createFullId(sessionKey.getPackageId(), id));
+    let completedWeight = 0;
+    const remainingKeyServers = [];
+    let remainingKeyServersWeight = 0;
+    for (const objectId of keyServers.keys()) {
+      if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${objectId}`))) {
+        completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+      } else {
+        remainingKeyServers.push(objectId);
+        remainingKeyServersWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+      }
+    }
+    if (completedWeight >= threshold) {
+      return;
+    }
+    const certificate = await sessionKey.getCertificate();
+    const signedRequest = await sessionKey.createRequestParams(txBytes);
+    const controller = new AbortController();
+    const errors = [];
+    const keyFetches = remainingKeyServers.map(async (objectId) => {
+      const server = keyServers.get(objectId);
+      try {
+        const config = __privateGet(this, _configs).get(objectId);
+        const allKeys = await fetchKeysForAllIds({
+          url: server.url,
+          requestSignature: signedRequest.requestSignature,
+          transactionBytes: txBytes,
+          encKey: signedRequest.encKey,
+          encKeyPk: signedRequest.encKeyPk,
+          encVerificationKey: signedRequest.encVerificationKey,
+          certificate,
+          timeout: __privateGet(this, _timeout),
+          apiKeyName: config?.apiKeyName,
+          apiKey: config?.apiKey,
+          signal: controller.signal
+        });
+        for (const { fullId, key } of allKeys) {
+          const keyElement = G1Element.fromBytes(key);
+          if (!BonehFranklinBLS12381Services.verifyUserSecretKey(
+            keyElement,
+            fullId,
+            G2Element.fromBytes(server.pk)
+          )) {
+            console.warn("Received invalid key from key server " + server.objectId);
+            continue;
+          }
+          __privateGet(this, _cachedKeys).set(`${fullId}:${server.objectId}`, keyElement);
+        }
+        if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${server.objectId}`))) {
+          completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+          if (completedWeight >= threshold) {
+            controller.abort();
+          }
+        }
+      } catch (error) {
+        if (!controller.signal.aborted) {
+          errors.push(error);
+        }
+      } finally {
+        remainingKeyServersWeight -= __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+        if (remainingKeyServersWeight < threshold - completedWeight) {
+          controller.abort(new TooManyFailedFetchKeyRequestsError());
+        }
+      }
+    });
+    await Promise.allSettled(keyFetches);
+    if (completedWeight < threshold) {
+      throw toMajorityError(errors);
+    }
+  }
+  /**
+   * Get derived keys from the given services.
+   *
+   * @param id - The id of the encrypted object.
+   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
+   * @param sessionKey - The session key to use.
+   * @param threshold - The threshold.
+   * @returns - Derived keys for the given services that are in the cache as a "service object ID" -> derived key map. If the call is succesful, exactly threshold keys will be returned.
+   */
+  async getDerivedKeys({
+    kemType = KemType.BonehFranklinBLS12381DemCCA,
+    id,
+    txBytes,
+    sessionKey,
+    threshold
+  }) {
+    switch (kemType) {
+      case KemType.BonehFranklinBLS12381DemCCA:
+        const keyServers = await this.getKeyServers();
+        if (threshold > __privateGet(this, _totalWeight)) {
+          throw new InvalidThresholdError(
+            `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
+          );
+        }
+        await this.fetchKeys({
+          ids: [id],
+          txBytes,
+          sessionKey,
+          threshold
+        });
+        const fullId = createFullId(sessionKey.getPackageId(), id);
+        const derivedKeys = /* @__PURE__ */ new Map();
+        let weight = 0;
+        for (const objectId of keyServers.keys()) {
+          const cachedKey = __privateGet(this, _cachedKeys).get(`${fullId}:${objectId}`);
+          if (cachedKey) {
+            derivedKeys.set(objectId, new BonehFranklinBLS12381DerivedKey(cachedKey));
+            weight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+            if (weight >= threshold) {
+              break;
+            }
+          }
+        }
+        return derivedKeys;
+    }
+  }
+};
+_haneulClient = new WeakMap();
+_configs = new WeakMap();
+_keyServers = new WeakMap();
+_verifyKeyServers = new WeakMap();
+_cachedKeys = new WeakMap();
+_cachedPublicKeys = new WeakMap();
+_timeout = new WeakMap();
+_totalWeight = new WeakMap();
+_SealClient_instances = new WeakSet();
+createEncryptionInput_fn = function(type, data, aad) {
+  switch (type) {
+    case DemType.AesGcm256:
+      return new AesGcm256(data, aad);
+    case DemType.Hmac256Ctr:
+      return new Hmac256Ctr(data, aad);
+  }
+};
+weight_fn = function(objectId) {
+  return __privateGet(this, _configs).get(objectId)?.weight ?? 0;
+};
+validateEncryptionServices_fn = function(services, threshold) {
+  if (services.some((objectId) => {
+    const countInClient = __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
+    return countInClient > 0 && countInClient !== count(services, objectId);
+  })) {
+    throw new InconsistentKeyServersError(
+      `Client's key servers must be a subset of the encrypted object's key servers`
+    );
+  }
+  if (threshold > __privateGet(this, _totalWeight)) {
+    throw new InvalidThresholdError(
+      `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
+    );
+  }
+};
+getWeightedKeyServers_fn = async function() {
+  const keyServers = await this.getKeyServers();
+  const keyServersWithMultiplicity = [];
+  for (const [objectId, config] of __privateGet(this, _configs)) {
+    const keyServer = keyServers.get(objectId);
+    for (let i = 0; i < config.weight; i++) {
+      keyServersWithMultiplicity.push(keyServer);
+    }
+  }
+  return keyServersWithMultiplicity;
+};
+loadKeyServers_fn = async function() {
+  const keyServers = await retrieveKeyServers({
+    objectIds: [...__privateGet(this, _configs)].map(([objectId]) => objectId),
+    client: __privateGet(this, _haneulClient)
+  });
+  if (keyServers.length === 0) {
+    throw new InvalidKeyServerError("No key servers found");
+  }
+  if (__privateGet(this, _verifyKeyServers)) {
+    await Promise.all(
+      keyServers.map(async (server) => {
+        const config = __privateGet(this, _configs).get(server.objectId);
+        if (!await verifyKeyServer(server, __privateGet(this, _timeout), config?.apiKeyName, config?.apiKey)) {
+          throw new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);
+        }
+      })
+    );
+  }
+  return new Map(keyServers.map((server) => [server.objectId, server]));
+};
+let SealClient = _SealClient;
+export {
+  SealClient,
+  seal
+};
+//# sourceMappingURL=client.js.map