@inco/js 0.8.0-devnet-5 → 0.9.0-devnet-test-2

package/dist/types/generated/es/inco/covalidator/compute/v1/server_pb.d.ts

@@ -1,6 +1,6 @@
 import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
 import type { CryptogramWithProof, InputCryptogram, StoredCryptogram } from "./types_pb";
-import type { DecryptionAttestation } from "../../../kms/lite/v1/kms_service_pb";
+import type { DecryptionAttestation, EListElement } from "../../../kms/lite/v1/kms_service_pb";
 import type { ACLProof, SupportedScalarBinaryOp } from "../../../kms/lite/v1/types_pb";
 import type { RATlsServer } from "../../../sealingfetcher/v1/sealingfetcher_pb";
 import type { StartHeliosRequest } from "../../../helioswrapper/v1/helioswrapper_pb";
@@ -580,6 +580,24 @@ export type ConfigureRequest = Message<"inco.covalidator.compute.v1.ConfigureReq
  * Use `create(ConfigureRequestSchema)` to create a new message.
  */
 export declare const ConfigureRequestSchema: GenMessage<ConfigureRequest>;
+/**
+ * HeliosConfigureRequest is a request to configure the helios light client.
+ *
+ * @generated from message inco.covalidator.compute.v1.HeliosConfigureRequest
+ */
+export type HeliosConfigureRequest = Message<"inco.covalidator.compute.v1.HeliosConfigureRequest"> & {
+    /**
+     * Provide Helios-specific configuration to start the Helios from compute service.
+     *
+     * @generated from field: inco.helioswrapper.v1.StartHeliosRequest helios_config = 2;
+     */
+    heliosConfig?: StartHeliosRequest;
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.HeliosConfigureRequest.
+ * Use `create(HeliosConfigureRequestSchema)` to create a new message.
+ */
+export declare const HeliosConfigureRequestSchema: GenMessage<HeliosConfigureRequest>;
 /**
  * ConfigureResponse is a response to ConfigureRequest.
  *
@@ -604,6 +622,24 @@ export type ConfigureResponse = Message<"inco.covalidator.compute.v1.ConfigureRe
  * Use `create(ConfigureResponseSchema)` to create a new message.
  */
 export declare const ConfigureResponseSchema: GenMessage<ConfigureResponse>;
+/**
+ * HeliosConfigureResponse is a response to HeliosConfigureRequest.
+ *
+ * @generated from message inco.covalidator.compute.v1.HeliosConfigureResponse
+ */
+export type HeliosConfigureResponse = Message<"inco.covalidator.compute.v1.HeliosConfigureResponse"> & {
+    /**
+     * True if the Helios light client was started successfully.
+     *
+     * @generated from field: bool helios_started = 1;
+     */
+    heliosStarted: boolean;
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.HeliosConfigureResponse.
+ * Use `create(HeliosConfigureResponseSchema)` to create a new message.
+ */
+export declare const HeliosConfigureResponseSchema: GenMessage<HeliosConfigureResponse>;
 /**
  * AttestedDecryptRequest is the request type for the ComputeService/AttestedDecrypt RPC method.
  *
@@ -619,8 +655,8 @@ export type AttestedDecryptRequest = Message<"inco.covalidator.compute.v1.Attest
     userAddress: string;
     /**
      * reencrypt_pub_key is the encoding of the user's public
-     * encryption key (secp256k1) used to reencrypt the result for.
-     * It is encoded in its 33-byte compressed format.
+     * encryption key (X-Wing) used to reencrypt the result for.
+     * It is encoded in its 1216-byte format.
      * If empty, the KMS will return plaintext decryption instead of reencryption.
      *
      * @generated from field: bytes reencrypt_pub_key = 2;
@@ -680,6 +716,82 @@ export type AttestedDecryptRequest = Message<"inco.covalidator.compute.v1.Attest
  * Use `create(AttestedDecryptRequestSchema)` to create a new message.
  */
 export declare const AttestedDecryptRequestSchema: GenMessage<AttestedDecryptRequest>;
+/**
+ * EListAttestedDecryptRequest is the request type for the ComputeService/EListAttestedDecrypt RPC method.
+ *
+ * @generated from message inco.covalidator.compute.v1.EListAttestedDecryptRequest
+ */
+export type EListAttestedDecryptRequest = Message<"inco.covalidator.compute.v1.EListAttestedDecryptRequest"> & {
+    /**
+     * user_address is the Ethereum address of the user who requested the
+     * decryption, prefixed with 0x.
+     *
+     * @generated from field: string user_address = 1;
+     */
+    userAddress: string;
+    /**
+     * reencrypt_pub_key is the encoding of the user's public
+     * encryption key (secp256k1) used to reencrypt the result for.
+     * It is encoded in its 33-byte compressed format.
+     * If empty, the KMS will return plaintext decryption instead of reencryption.
+     *
+     * @generated from field: bytes reencrypt_pub_key = 2;
+     */
+    reencryptPubKey: Uint8Array;
+    /**
+     * eip712_signature is an EIP-712 signature of the following EIP-712 typed data by
+     * `user_address` (note that we only give a JSON representation for the sake of
+     * readability, but the actual signed data is defined in the EIP-712 spec) where:
+     *     handles - list of 0x prefixed handles to decrypt
+     *     publicKey - 0x prefixed reencrypt_pub_key (if any). "0x" otherwise if empty.
+     *
+     * ```json
+     * {
+     *   "types": {
+     *     "EIP712Domain": [
+     *       { "name": "name", "type": "string" },
+     *       { "name": "version", "type": "string" },
+     *       { "name": "chainId", "type": "uint256" }
+     *     ],
+     *     "AttestedDecryptRequest": [
+     *       { "name": "handles", "type": "bytes32[]" },
+     *       { "name": "publicKey", "type": "bytes" },
+     *     ]
+     *   },
+     *   "primaryType": "AttestedDecryptRequest",
+     *   "domain": {
+     *     "name": "IncoAttestedDecrypt",
+     *     "version": "0.1.0",
+     *     "chainId": "<host_chain_id>",
+     *   },
+     *   "message": {
+     *     "handles": ["<handle1>", "<handle2>", ...],
+     *     "publicKey": "0x<reencrypt_pub_key>"
+     *   }
+     * }
+     * ```
+     *
+     * @generated from field: bytes eip712_signature = 3;
+     */
+    eip712Signature: Uint8Array;
+    /**
+     * cryptogram_with_proof is the cryptogram for elist with proof to decrypt.
+     * Either the user_address or sharer must have ACL access to the elist cryptogram handle for the attested
+     * decryption to succeed.
+     *
+     * @generated from field: inco.covalidator.compute.v1.CryptogramWithProof cryptogram_with_proof = 4;
+     */
+    cryptogramWithProof?: CryptogramWithProof;
+    /**
+     * @generated from field: optional inco.covalidator.compute.v1.ConfigureRequest configure_request = 5;
+     */
+    configureRequest?: ConfigureRequest;
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.EListAttestedDecryptRequest.
+ * Use `create(EListAttestedDecryptRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptRequestSchema: GenMessage<EListAttestedDecryptRequest>;
 /**
  * AttestedDecryptResponse is the response type for the ComputeService/AttestedDecrypt RPC method.
  *
@@ -699,6 +811,30 @@ export type AttestedDecryptResponse = Message<"inco.covalidator.compute.v1.Attes
  * Use `create(AttestedDecryptResponseSchema)` to create a new message.
  */
 export declare const AttestedDecryptResponseSchema: GenMessage<AttestedDecryptResponse>;
+/**
+ * EListAttestedDecryptResponse is the response type for the ComputeService/EListAttestedDecrypt RPC method.
+ *
+ * @generated from message inco.covalidator.compute.v1.EListAttestedDecryptResponse
+ */
+export type EListAttestedDecryptResponse = Message<"inco.covalidator.compute.v1.EListAttestedDecryptResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment proof of the decrypted elist values.
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist elements.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.EListAttestedDecryptResponse.
+ * Use `create(EListAttestedDecryptResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptResponseSchema: GenMessage<EListAttestedDecryptResponse>;
 /**
  * AttestedRevealRequest is the request type for the ComputeService/AttestedReveal RPC method.
  *
@@ -722,6 +858,29 @@ export type AttestedRevealRequest = Message<"inco.covalidator.compute.v1.Atteste
  * Use `create(AttestedRevealRequestSchema)` to create a new message.
  */
 export declare const AttestedRevealRequestSchema: GenMessage<AttestedRevealRequest>;
+/**
+ * EListAttestedRevealRequest is the request type for the ComputeService/EListAttestedReveal RPC method.
+ *
+ * @generated from message inco.covalidator.compute.v1.EListAttestedRevealRequest
+ */
+export type EListAttestedRevealRequest = Message<"inco.covalidator.compute.v1.EListAttestedRevealRequest"> & {
+    /**
+     * cryptogram is the elist ciphertext to decrypt.
+     * The elist handle must have been revealed beforehand with the on-chain .reveal() call.
+     *
+     * @generated from field: inco.covalidator.compute.v1.StoredCryptogram cryptogram = 3;
+     */
+    cryptogram?: StoredCryptogram;
+    /**
+     * @generated from field: optional inco.covalidator.compute.v1.ConfigureRequest configure_request = 4;
+     */
+    configureRequest?: ConfigureRequest;
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.EListAttestedRevealRequest.
+ * Use `create(EListAttestedRevealRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealRequestSchema: GenMessage<EListAttestedRevealRequest>;
 /**
  * AttestedRevealResponse is the response type for the ComputeService/AttestedReveal RPC method.
  *
@@ -741,6 +900,30 @@ export type AttestedRevealResponse = Message<"inco.covalidator.compute.v1.Attest
  * Use `create(AttestedRevealResponseSchema)` to create a new message.
  */
 export declare const AttestedRevealResponseSchema: GenMessage<AttestedRevealResponse>;
+/**
+ * EListAttestedRevealResponse is the response type for the ComputeService/EListAttestedRevealResponse RPC method.
+ *
+ * @generated from message inco.covalidator.compute.v1.EListAttestedRevealResponse
+ */
+export type EListAttestedRevealResponse = Message<"inco.covalidator.compute.v1.EListAttestedRevealResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment proof of the decrypted elist values.
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist elements.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.covalidator.compute.v1.EListAttestedRevealResponse.
+ * Use `create(EListAttestedRevealResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealResponseSchema: GenMessage<EListAttestedRevealResponse>;
 /**
  * AttestedComputeRequest is the request type for the ComputeService/AttestedDecrypt RPC method.
  *
@@ -756,8 +939,8 @@ export type AttestedComputeRequest = Message<"inco.covalidator.compute.v1.Attest
     userAddress: string;
     /**
      * reencrypt_pub_key is the encoding of the user's public
-     * encryption key (secp256k1) used to reencrypt the result for.
-     * It is encoded in its 33-byte compressed format.
+     * encryption key (X-Wing) used to reencrypt the result for.
+     * It is encoded in its 1216-byte format.
      * If empty, the KMS will return plaintext decryption instead of reencryption.
      *
      * @generated from field: bytes reencrypt_pub_key = 2;
@@ -1008,10 +1191,66 @@ export declare enum FheOperation {
      * @generated from enum value: FHE_RAND_BOUNDED = 27;
      */
     FHE_RAND_BOUNDED = 27,
+    /**
+     * Custom
+     *
+     * @generated from enum value: FHE_ALLOW = 40;
+     */
+    FHE_ALLOW = 40,
+    /**
+     * @generated from enum value: FHE_REVEAL = 41;
+     */
+    FHE_REVEAL = 41,
     /**
      * @generated from enum value: FHE_GET_CIPHERTEXT = 32;
      */
-    FHE_GET_CIPHERTEXT = 32
+    FHE_GET_CIPHERTEXT = 32,
+    /**
+     * Elist operations
+     *
+     * @generated from enum value: FHE_NEW_ELIST = 100;
+     */
+    FHE_NEW_ELIST = 100,
+    /**
+     * @generated from enum value: FHE_ELIST_GET = 101;
+     */
+    FHE_ELIST_GET = 101,
+    /**
+     * @generated from enum value: FHE_ELIST_GET_OR = 102;
+     */
+    FHE_ELIST_GET_OR = 102,
+    /**
+     * @generated from enum value: FHE_ELIST_SET = 103;
+     */
+    FHE_ELIST_SET = 103,
+    /**
+     * @generated from enum value: FHE_ELIST_INSERT = 104;
+     */
+    FHE_ELIST_INSERT = 104,
+    /**
+     * @generated from enum value: FHE_ELIST_APPEND = 105;
+     */
+    FHE_ELIST_APPEND = 105,
+    /**
+     * @generated from enum value: FHE_ELIST_CONCAT = 106;
+     */
+    FHE_ELIST_CONCAT = 106,
+    /**
+     * @generated from enum value: FHE_ELIST_SLICE = 107;
+     */
+    FHE_ELIST_SLICE = 107,
+    /**
+     * @generated from enum value: FHE_ELIST_RANGE = 108;
+     */
+    FHE_ELIST_RANGE = 108,
+    /**
+     * @generated from enum value: FHE_ELIST_SHUFFLE = 109;
+     */
+    FHE_ELIST_SHUFFLE = 109,
+    /**
+     * @generated from enum value: FHE_ELIST_REVERSE = 110;
+     */
+    FHE_ELIST_REVERSE = 110
 }
 /**
  * Describes the enum inco.covalidator.compute.v1.FheOperation.
@@ -1049,7 +1288,7 @@ export declare const ComputeService: GenService<{
      *
      * # IncoLite
      *
-     * In the IncoLite system, the input ciphertext is an ECIES ciphertext, and
+     * In the IncoLite system, the input ciphertext is an X-Wing ciphertext, and
      * the compute ciphertexts are encrypted using the encryption codec passed
      * into the plaintext compute client.
      *
@@ -1248,4 +1487,28 @@ export declare const ComputeService: GenService<{
         input: typeof AttestedRevealRequestSchema;
         output: typeof AttestedRevealResponseSchema;
     };
+    /**
+     * EListAttestedDecrypt decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Can optionally reencrypt the results of the decryption to a desired public key.
+     *
+     * @generated from rpc inco.covalidator.compute.v1.ComputeService.EListAttestedDecrypt
+     */
+    eListAttestedDecrypt: {
+        methodKind: "unary";
+        input: typeof EListAttestedDecryptRequestSchema;
+        output: typeof EListAttestedDecryptResponseSchema;
+    };
+    /**
+     * EListAttestedReveal decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Doesn't require authentication if the handle is publicly revealed with the on-chain .reveal() call beforehand.
+     *
+     * @generated from rpc inco.covalidator.compute.v1.ComputeService.EListAttestedReveal
+     */
+    eListAttestedReveal: {
+        methodKind: "unary";
+        input: typeof EListAttestedRevealRequestSchema;
+        output: typeof EListAttestedRevealResponseSchema;
+    };
 }>;

package/dist/types/generated/es/inco/covalidator/compute/v1/types_pb.d.ts

@@ -221,12 +221,6 @@ export declare enum InputVersion {
      * @generated from enum value: INPUT_VERSION_UNSPECIFIED = 0;
      */
     UNSPECIFIED = 0,
-    /**
-     * INPUT_VERSION_ECIES is the InputPayload message encrypted using ECIES with the primary key version.
-     *
-     * @generated from enum value: INPUT_VERSION_ECIES = 1;
-     */
-    ECIES = 1,
     /**
      * INPUT_VERSION_XWING is the InputPayload message encrypted using HPKE-XWING-CHACHA20POLY1305-SHA256 with the primary key version.
      *

package/dist/types/generated/es/inco/kms/lite/v1/kms_service_pb.d.ts

@@ -106,6 +106,105 @@ export type AttestedDecryptRequest = Message<"inco.kms.lite.v1.AttestedDecryptRe
  * Use `create(AttestedDecryptRequestSchema)` to create a new message.
  */
 export declare const AttestedDecryptRequestSchema: GenMessage<AttestedDecryptRequest>;
+/**
+ * EListAttestedDecryptRequest is the request type for the KmsService/EListAttestedDecrypt RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedDecryptRequest
+ */
+export type EListAttestedDecryptRequest = Message<"inco.kms.lite.v1.EListAttestedDecryptRequest"> & {
+    /**
+     * user_address is the Ethereum address of the user who requested the
+     * decryption, prefixed with 0x.
+     *
+     * @generated from field: string user_address = 1;
+     */
+    userAddress: string;
+    /**
+     * reencrypt_pub_key is the encoding of the user's public
+     * encryption key (secp256k1) used to reencrypt the result for.
+     * It is encoded in its 33-byte compressed format.
+     * If empty, the KMS will return plaintext decryption instead of reencryption.
+     *
+     * @generated from field: bytes reencrypt_pub_key = 2;
+     */
+    reencryptPubKey: Uint8Array;
+    /**
+     * eip712_signature is an EIP-712 signature of the following EIP-712 typed data by
+     * `user_address` (note that we only give a JSON representation for the sake of
+     * readability, but the actual signed data is defined in the EIP-712 spec) where:
+     *     handles - list of 0x prefixed handles to decrypt
+     *     publicKey - 0x prefixed reencrypt_pub_key (if any). "0x" otherwise if empty.
+     *
+     * ```json
+     * {
+     *   "types": {
+     *     "EIP712Domain": [
+     *       { "name": "name", "type": "string" },
+     *       { "name": "version", "type": "string" },
+     *       { "name": "chainId", "type": "uint256" }
+     *     ],
+     *     "AttestedDecryptRequest": [
+     *       { "name": "handles", "type": "bytes32[]" },
+     *       { "name": "publicKey", "type": "bytes" },
+     *     ]
+     *   },
+     *   "primaryType": "AttestedDecryptRequest",
+     *   "domain": {
+     *     "name": "IncoAttestedDecrypt",
+     *     "version": "1",
+     *     "chainId": "<host_chain_id>",
+     *   },
+     *   "message": {
+     *     "handles": ["<handle1>", "<handle2>", ...],
+     *     "publicKey": "0x<reencrypt_pub_key>"
+     *   }
+     * }
+     * ```
+     *
+     * @generated from field: bytes eip712_signature = 3;
+     */
+    eip712Signature: Uint8Array;
+    /**
+     * handle_with_proof is the handle of an elist ciphertext with proof to decrypt.
+     * Either the user_address or sharer must have ACL access to the elist handle for the attested
+     * decryption to succeed.
+     *
+     * @generated from field: inco.kms.lite.v1.HandleWithProof elist_handle_with_proof = 4;
+     */
+    elistHandleWithProof?: HandleWithProof;
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedDecryptRequest.
+ * Use `create(EListAttestedDecryptRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptRequestSchema: GenMessage<EListAttestedDecryptRequest>;
+/**
+ * EListAttestedDecryptResponse is the response type for the KmsService/EListAttestedDecryptResponse RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedDecryptResponse
+ */
+export type EListAttestedDecryptResponse = Message<"inco.kms.lite.v1.EListAttestedDecryptResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment_proof of the decrypted elist values and their corresponding commitments.
+     * commitment_proof = hash(concat([
+     *   hash(concat([commitment1, v1])),
+     * ...]))
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist values.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedDecryptResponse.
+ * Use `create(EListAttestedDecryptResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptResponseSchema: GenMessage<EListAttestedDecryptResponse>;
 /**
  * AttestedRevealRequest is the request type for the KmsService/AttestedReveal RPC method.
  *
@@ -125,6 +224,25 @@ export type AttestedRevealRequest = Message<"inco.kms.lite.v1.AttestedRevealRequ
  * Use `create(AttestedRevealRequestSchema)` to create a new message.
  */
 export declare const AttestedRevealRequestSchema: GenMessage<AttestedRevealRequest>;
+/**
+ * EListAttestedRevealRequest is the request type for the KmsService/EListAttestedReveal RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedRevealRequest
+ */
+export type EListAttestedRevealRequest = Message<"inco.kms.lite.v1.EListAttestedRevealRequest"> & {
+    /**
+     * handle is the handle of the elist ciphertext to decrypt.
+     * The handle must have been revealed beforehand with the on-chain .reveal() call.
+     *
+     * @generated from field: string handle = 3;
+     */
+    handle: string;
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedRevealRequest.
+ * Use `create(EListAttestedRevealRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealRequestSchema: GenMessage<EListAttestedRevealRequest>;
 /**
  * AttestedComputeRequest is the request type for the KmsService/AttestedDecrypt RPC method.
  *
@@ -261,6 +379,30 @@ export type AttestedRevealResponse = Message<"inco.kms.lite.v1.AttestedRevealRes
  * Use `create(AttestedRevealResponseSchema)` to create a new message.
  */
 export declare const AttestedRevealResponseSchema: GenMessage<AttestedRevealResponse>;
+/**
+ * EListAttestedRevealResponse is the response type for the KmsService/EListAttestedReveal RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedRevealResponse
+ */
+export type EListAttestedRevealResponse = Message<"inco.kms.lite.v1.EListAttestedRevealResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment_proof of the concatenation of the hashes of individual elist values.
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist values.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedRevealResponse.
+ * Use `create(EListAttestedRevealResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealResponseSchema: GenMessage<EListAttestedRevealResponse>;
 /**
  * AttestedComputeResponse is the response type for the KmsService/AttestedCompute RPC method.
  *
@@ -321,6 +463,53 @@ export type Reencryption = Message<"inco.kms.lite.v1.Reencryption"> & {
  * Use `create(ReencryptionSchema)` to create a new message.
  */
 export declare const ReencryptionSchema: GenMessage<Reencryption>;
+/**
+ * EListElement contains the decryptions/reencryptions for elist element.
+ *
+ * @generated from message inco.kms.lite.v1.EListElement
+ */
+export type EListElement = Message<"inco.kms.lite.v1.EListElement"> & {
+    /**
+     * index is the index of the element in the elist.
+     *
+     * @generated from field: uint32 index = 1;
+     */
+    index: number;
+    /**
+     * commitment is the random commitment applied to the element when calculating elist commitment_proof.
+     *
+     * @generated from field: bytes commitment = 2;
+     */
+    commitment: Uint8Array;
+    /**
+     * @generated from oneof inco.kms.lite.v1.EListElement.value
+     */
+    value: {
+        /**
+         * Returns plaintext if reencrypt_pub_key was empty in the request
+         *
+         * @generated from field: inco.kms.lite.v1.Plaintext plaintext = 3;
+         */
+        value: Plaintext;
+        case: "plaintext";
+    } | {
+        /**
+         * Returns encrypted ciphertext if reencrypt_pub_key was set in the request
+         *
+         * @generated from field: inco.kms.lite.v1.Reencryption reencryption = 4;
+         */
+        value: Reencryption;
+        case: "reencryption";
+    } | {
+        case: undefined;
+        value?: undefined;
+    };
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListElement.
+ * Use `create(EListElementSchema)` to create a new message.
+ */
+export declare const EListElementSchema: GenMessage<EListElement>;
 /**
  * DecryptionAttestation contains the attestation for the decryption of a single handle.
  *
@@ -453,4 +642,28 @@ export declare const KmsService: GenService<{
         input: typeof AttestedRevealRequestSchema;
         output: typeof AttestedRevealResponseSchema;
     };
+    /**
+     * EListAttestedDecrypt decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Can optionally reencrypt the result of the decryption to a desired public key.
+     *
+     * @generated from rpc inco.kms.lite.v1.KmsService.EListAttestedDecrypt
+     */
+    eListAttestedDecrypt: {
+        methodKind: "unary";
+        input: typeof EListAttestedDecryptRequestSchema;
+        output: typeof EListAttestedDecryptResponseSchema;
+    };
+    /**
+     * EListAttestedReveal decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Doesn't require authentication if the handle is publicly revealed with the on-chain .reveal() call beforehand.
+     *
+     * @generated from rpc inco.kms.lite.v1.KmsService.EListAttestedReveal
+     */
+    eListAttestedReveal: {
+        methodKind: "unary";
+        input: typeof EListAttestedRevealRequestSchema;
+        output: typeof EListAttestedRevealResponseSchema;
+    };
 }>;

package/dist/types/generated/es/inco/sealingfetcher/v1/sealingfetcher_pb.d.ts

@@ -107,9 +107,9 @@ export type TeeKeys = Message<"inco.sealingfetcher.v1.TeeKeys"> & {
      */
     eoaPrivkey: Uint8Array;
     /**
-     * The Network private key that the TEE generated during the bootstrap process.
-     * This is simply a 32-byte array, that can be used as-is as a sepc256k1
-     * private key.
+     * The Network private key (X-Wing) that the TEE generated during the bootstrap process.
+     * This is a 32-byte seed used to derive the X-Wing keypair for input encryption.
+     * X-Wing is a post-quantum hybrid KEM combining ML-KEM-768 and X25519.
      *
      * @generated from field: bytes network_privkey = 2;
      */

package/dist/types/kms/quorumClient.d.ts

@@ -1,7 +1,8 @@
 import type { Address } from 'viem';
 import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
-import type { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
+import type { EncryptionScheme, SupportedFheType } from '../encryption/encryption.js';
 import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import type { XwingKeypair } from '../lite/index.js';
 import type { BackoffConfig } from '../retry.js';
 import { type KmsClient } from './client.js';
 export declare class KmsQuorumClient {
@@ -28,9 +29,9 @@ export declare class KmsQuorumClient {
      * @throws {Error} If KMS clients array is empty or threshold is invalid
      */
     static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
-    attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
-    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
-    attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
+    attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
+    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
     /**
      * Generic method to execute a KMS operation across all clients with retry and threshold logic.
      * Returns results with both the response and signer address.

package/dist/types/lite/index.d.ts

@@ -4,6 +4,6 @@ export type { HandleWithProof } from '../generated/es/inco/kms/lite/v1/types_pb.
 export * from './attested-compute.js';
 export * from './attested-decrypt.js';
 export * from './deployments.js';
-export * from './ecies.js';
 export * from './hadu.js';
 export * from './lightning.js';
+export { TEST_NETWORK_SEED_KEY, TEST_NETWORK_XWING_PUBKEY, XWING_PUBLIC_KEY_SIZE, decodeXwingPrivateKey, decodeXwingPublicKey, decrypt, deriveXwingKeypairFromSeed, encodeXwingPublicKey, encrypt, generateXwingKeypair, getXwingDecryptor, getXwingEncryptor, type XwingDecryptorArgs, type XwingEncryptorArgs, type XwingKeypair, } from './xwing.js';