@inco/js 0.8.0-devnet-5 → 0.9.0-devnet-test-2

package/dist/types/lite/lightning.d.ts

@@ -1,16 +1,17 @@
 import { Account, Chain, GetContractReturnType, PublicClient, Transport, WalletClient } from 'viem';
+import type { PrivateKeyAccount } from 'viem/accounts';
 import { AllowanceVoucherWithSig } from '../advancedacl/types.js';
 import { AttestedComputeOP } from '../attestedcompute/types.js';
 import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
 import { Address, HexString } from '../binary.js';
-import { EciesScheme, SupportedFheType } from '../encryption/index.js';
+import { EncryptionScheme, SupportedFheType } from '../encryption/index.js';
 import { incoVerifierAbi } from '../generated/abis/verifier.js';
 import { lightningDeployments } from '../generated/lightning.js';
 import { localNodeLightningConfig } from '../generated/local-node.js';
 import { FheType } from '../handle.js';
 import { LocalNodeEnv } from '../local/index.js';
 import { BackoffConfig } from '../retry.js';
-import { Secp256k1Keypair } from './ecies.js';
+import { XwingKeypair } from './xwing.js';
 type TupleToUnion<T> = T extends readonly unknown[] ? T[number] : never;
 type Deployment = TupleToUnion<typeof lightningDeployments>;
 type DistributedPick<T, K> = T extends any ? Pick<T, Extract<keyof T, K>> : never;
@@ -59,10 +60,17 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     private readonly networkPubkey;
     readonly executorAddress: Address;
     readonly chainId: bigint;
-    private readonly ephemeralKeypair;
     private readonly kmsQuorumClient;
-    private readonly encryptor;
+    private encryptor;
+    private encryptionScheme;
     private constructor();
+    private getEncryptor;
+    /**
+     * Get the encryption scheme version used by this Lightning instance.
+     * Returns 1 for ECIES or 2 for X-Wing.
+     * This is a convenience method to get the encryption scheme used by this Lightning instance.
+     */
+    getEncryptionScheme(): Promise<EncryptionScheme>;
     /**
      * Get a Lightning instance bound to the latest Lightning deployment for the Base Sepolia testnet.
      */
@@ -121,7 +129,8 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     static latest<P extends Pepper>(pepper: P, chainId: ChainId): Promise<Lightning<Deployment>>;
     get deployment(): T;
     /**
-     * Encrypt a value using the public ECIES key of the Lightning deployment.
+     * Encrypt a value using the network's public key (ECIES or X-Wing).
+     * The encryption scheme is automatically detected based on the public key length.
      *
      * @param value a boolean or numeric value to encrypt
      * @param accountAddress the address of the account interacting with the dapp contract, normally an Externally Owned Account (EOA)
@@ -224,13 +233,13 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * console.log(decrypted[0].plaintext.value);
      * ```
      */
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Requests attested decrypts using a voucher-backed session key.
      *
-     * @param ephemeralKeypair Session keypair matching the voucher grantee.
+     * @param ephemeralAccount Session Account matching the voucher grantee.
      * @param allowanceVoucherWithSig Signed allowance voucher.
      * @param ethClient - A public eth client or eth wallet client used for signing the attested decrypt request
      * @param handles Handles to decrypt.
@@ -239,7 +248,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Plaintext results
      * ```ts
      * const attestations = await lightning.attestedDecryptWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   [handle],
@@ -249,7 +258,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt for a delegate
      * ```ts
      * const encrypted = await lightning.attestedDecryptWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   [handle],
@@ -257,9 +266,9 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * );
      * ```
      */
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Get an attested compute for the given wallet client.
      *
@@ -305,16 +314,16 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * console.log(decrypted.plaintext.value);
      * ```
      */
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Performs attested compute via a voucher-backed session key.
      *
      * @example Plaintext result
      * ```ts
      * const attestation = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   lhsHandle,
@@ -326,7 +335,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt for a delegate
      * ```ts
      * const encrypted = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
@@ -339,7 +348,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt and decrypt locally
      * ```ts
      * const decrypted = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
@@ -350,9 +359,9 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * console.log(decrypted.plaintext.value);
      * ```
      */
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Get an decryption of publicly revealed handles.
      *
@@ -366,7 +375,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const { plaintext, covalidatorSignature } = response[0];
      * ```
      */
-    attestedReveal(handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedReveal(handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Get the GRPC endpoint for the covalidator that services this deployment.
      */

package/dist/types/lite/xwing.d.ts

@@ -0,0 +1,123 @@
+import { Decryptor, Encryptor, XwingScheme } from '../encryption/encryption.js';
+import { PubKeyEncodable } from '../reencryption/index.js';
+/**
+ * X-Wing public key size in bytes.
+ * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
+ */
+export declare const XWING_PUBLIC_KEY_SIZE: number;
+export declare const TEST_NETWORK_SEED_KEY = "0x0000000000000000000000000000000000000000000000000000000000000000";
+export declare const TEST_NETWORK_XWING_PUBKEY = "0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d";
+/**
+ * X-Wing keypair interface.
+ * X-Wing is a post-quantum hybrid KEM combining ML-KEM-768 and X25519.
+ * - Private key: 32-byte seed
+ * - Public key: 1216 bytes
+ * - Encapsulated key: 1120 bytes
+ */
+export interface XwingKeypair extends PubKeyEncodable {
+    scheme: XwingScheme;
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+}
+/**
+ * Derive X-Wing keypair from a 32-byte seed (deterministic).
+ * This matches the Go implementation in covalidator/encoding/xwing.go
+ *
+ * @param seed - 32-byte seed for deterministic key derivation
+ * @returns X-Wing keypair with cached public key bytes
+ */
+export declare function deriveXwingKeypairFromSeed(seed: Uint8Array): Promise<XwingKeypair>;
+/**
+ * Generate a random X-Wing keypair.
+ *
+ * @returns X-Wing keypair with cached public key bytes
+ */
+export declare function generateXwingKeypair(): Promise<XwingKeypair>;
+/**
+ * Decode X-Wing public key from bytes.
+ *
+ * @param pubKeyBytes - 1216-byte X-Wing public key
+ * @returns CryptoKey for encryption operations
+ */
+export declare function decodeXwingPublicKey(pubKeyBytes: Uint8Array): Promise<CryptoKey>;
+/**
+ * Decode X-Wing private key from 32-byte seed.
+ * Alias for deriveXwingKeypairFromSeed for consistency with Go API.
+ *
+ * @param seed - 32-byte seed
+ * @returns X-Wing keypair
+ */
+export declare function decodeXwingPrivateKey(seed: Uint8Array): Promise<XwingKeypair>;
+/**
+ * Encode X-Wing public key to bytes.
+ *
+ * @param publicKey - CryptoKey containing X-Wing public key
+ * @returns 1216-byte serialized public key
+ */
+export declare function encodeXwingPublicKey(publicKey: CryptoKey): Promise<Uint8Array>;
+/**
+ * X-Wing encryptor arguments.
+ * pubKeyA is the recipient's public key (usually the covalidator's public key).
+ */
+export type XwingEncryptorArgs = {
+    pubKeyA: CryptoKey;
+};
+/**
+ * X-Wing decryptor arguments.
+ * privKeyA is the recipient's private key (usually the covalidator's private key).
+ */
+export type XwingDecryptorArgs = {
+    privKeyA: XwingKeypair;
+};
+/**
+ * Encrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
+ *
+ * Output format: encappedKey (1184 bytes) || ciphertext (variable length)
+ *
+ * @param pubKeyA - Recipient's public key
+ * @param msg - Message to encrypt
+ * @param aad - Additional authenticated data (default: empty)
+ * @param info - Context info for key derivation (default: empty)
+ * @returns Encrypted data (encappedKey || ciphertext)
+ */
+export declare function encrypt(pubKeyA: CryptoKey, msg: Uint8Array, aad?: Uint8Array, info?: Uint8Array): Promise<Uint8Array>;
+/**
+ * Decrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
+ *
+ * Input format: encappedKey (1184 bytes) || ciphertext (variable length)
+ *
+ * @param privKeyA - Recipient's private key
+ * @param encryptedData - Encrypted data (encappedKey || ciphertext)
+ * @param aad - Additional authenticated data (default: empty)
+ * @param info - Context info for key derivation (default: empty)
+ * @returns Decrypted plaintext
+ */
+export declare function decrypt(privKeyA: XwingKeypair, encryptedData: Uint8Array, aad?: Uint8Array, info?: Uint8Array): Promise<Uint8Array>;
+/**
+ * Create an X-Wing encryptor for encrypting inputs.
+ * Follows the same pattern as ECIES encryptor in ecies.ts.
+ *
+ * The encryptor:
+ * 1. Encodes the plaintext with its context (HADU encoding)
+ * 2. Encrypts using X-Wing HPKE
+ * 3. Computes prehandle and handle for tracking
+ * 4. Returns the encrypted ciphertext with metadata
+ *
+ * @param args - X-Wing encryptor arguments (recipient's public key)
+ * @returns Encryptor function
+ */
+export declare function getXwingEncryptor({ pubKeyA, }: XwingEncryptorArgs): Encryptor<XwingScheme>;
+/**
+ * Create an X-Wing decryptor for decrypting inputs.
+ * Follows the same pattern as ECIES decryptor in ecies.ts.
+ *
+ * The decryptor:
+ * 1. Removes the prepended handle from the ciphertext
+ * 2. Decrypts using X-Wing HPKE
+ * 3. Decodes the HADU-encoded payload
+ * 4. Extracts and returns the plaintext
+ *
+ * @param args - X-Wing decryptor arguments (recipient's private key)
+ * @returns Decryptor function
+ */
+export declare function getXwingDecryptor({ privKeyA, }: XwingDecryptorArgs): Decryptor<XwingScheme>;

package/dist/types/reencryption/types.d.ts

@@ -2,7 +2,7 @@ import { Address } from 'viem';
 import { HexString } from '../binary.js';
 import { CiphertextOf, EncryptionScheme, PlaintextOf, SupportedFheType } from '../encryption/encryption.js';
 import { Handle } from '../handle.js';
-import type { Secp256k1Keypair } from '../lite/ecies.js';
+import type { XwingKeypair } from '../lite/xwing.js';
 import type { BackoffConfig } from '../retry.js';
 export type Reencryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: ReencryptFnArgs<S, T>, backoffConfig?: Partial<BackoffConfig>) => Promise<PlaintextOf<S, T>>;
 export interface ReencryptorArgs {
@@ -12,7 +12,7 @@ export type ReencryptFnArgs<S extends EncryptionScheme, T extends SupportedFheTy
     handle: Handle;
     ciphertext?: CiphertextOf<S, T>;
 };
-export type SupportedEphemeralKeypairs = Secp256k1Keypair;
+export type SupportedEphemeralKeypairs = XwingKeypair;
 export interface PubKeyEncodable {
     encodePublicKey(): Uint8Array;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/js",
-  "version": "0.8.0-devnet-5",
+  "version": "0.9.0-devnet-test-2",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "license": "Apache-2.0",
   "sideEffects": false,
@@ -77,7 +77,7 @@
     "generate:protos": "buf generate",
     "lint": "bun prettier --check . && eslint .",
     "lint:fix": "bun prettier --write . && eslint . --fix",
-    "publish:npm": "bun publish",
+    "publish:npm": "npm publish --tag ${NPM_DIST_TAG:-alpha}",
     "test": "bun run lint && bun run test:tsc && bun run test:unit",
     "test:coverage": "bun vitest run --project unit --coverage",
     "test:e2e": "bun vitest run --bail=1 --project e2e",
@@ -91,15 +91,15 @@
     "@connectrpc/connect-node": "^2.0.0",
     "@connectrpc/connect-web": "^2.0.1",
     "@grpc/grpc-js": "^1.13.4",
-    "@types/elliptic": "^6.4.18",
-    "ecies-geth": "^1.7.5",
+    "@hpke/hybridkem-x-wing": "^0.6.1",
+    "@hpke/core": "^1.7.5",
+    "@hpke/chacha20poly1305": "^1.7.1",
     "effect": "^3.17.13",
-    "elliptic": "^6.6.1",
     "sha3": "^2.1.4",
     "viem": "^2.39.3"
   },
   "devDependencies": {
-    "@inco/pega": "0.0.0",
+    "@inco/pega": "workspace:*",
     "@bufbuild/protoc-gen-es": "^2.2.2",
     "@typescript-eslint/parser": "^8.35.1",
     "@vitest/coverage-istanbul": "3.1.1",

package/dist/cjs/lite/ecies.d.ts

@@ -1,26 +0,0 @@
-import * as ellipticPkg from 'elliptic';
-import { Decryptor, EciesScheme, Encryptor } from '../encryption/encryption.js';
-import { PubKeyEncodable } from '../reencryption/index.js';
-export declare const TEST_NETWORK_PUBKEY = "0x02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
-export declare const TEST_NETWORK_PRIVATE_KEY = "0x384a707568ab63ad2ad9f10135faa0699801db3174f33f7846badc11affb8f57";
-export interface Secp256k1Keypair extends PubKeyEncodable {
-    scheme: EciesScheme;
-    kp: ellipticPkg.ec.KeyPair;
-}
-export type Secp256k1PubKey = ellipticPkg.curve.base.BasePoint;
-export declare function toSecp256k1Keypair(kp: ellipticPkg.ec.KeyPair): Secp256k1Keypair;
-export declare function generateSecp256k1Keypair(): Secp256k1Keypair;
-export declare function encodeSecp256k1PublicKey(pub: Secp256k1PubKey): Uint8Array;
-export declare function decodeSecp256k1PublicKey(pubKeyCompressed: Uint8Array): Secp256k1PubKey;
-export declare function decodeSecp256k1PrivateKey(privKey: Uint8Array): Secp256k1Keypair;
-export declare function encrypt(pubKeyA: Secp256k1PubKey, plaintext: Uint8Array, privKeyB: Secp256k1Keypair): Promise<Uint8Array>;
-export type EciesEncryptorArgs = {
-    pubKeyA: Secp256k1PubKey;
-    privKeyB: Secp256k1Keypair;
-};
-export declare function getEciesEncryptor({ pubKeyA, privKeyB, }: EciesEncryptorArgs): Encryptor<EciesScheme>;
-export declare function decrypt(privKeyA: Secp256k1Keypair, ciphertext: Uint8Array): Promise<Uint8Array>;
-export type EciesDecryptorArgs = {
-    privKeyA: Secp256k1Keypair;
-};
-export declare function getEciesDecryptor({ privKeyA, }: EciesDecryptorArgs): Decryptor<EciesScheme>;

package/dist/cjs/lite/ecies.js

@@ -1,146 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.TEST_NETWORK_PRIVATE_KEY = exports.TEST_NETWORK_PUBKEY = void 0;
-exports.toSecp256k1Keypair = toSecp256k1Keypair;
-exports.generateSecp256k1Keypair = generateSecp256k1Keypair;
-exports.encodeSecp256k1PublicKey = encodeSecp256k1PublicKey;
-exports.decodeSecp256k1PublicKey = decodeSecp256k1PublicKey;
-exports.decodeSecp256k1PrivateKey = decodeSecp256k1PrivateKey;
-exports.encrypt = encrypt;
-exports.getEciesEncryptor = getEciesEncryptor;
-exports.decrypt = decrypt;
-exports.getEciesDecryptor = getEciesDecryptor;
-const ecies_geth_1 = require("ecies-geth");
-const ellipticPkg = require("elliptic");
-const binary_js_1 = require("../binary.js");
-const encryption_js_1 = require("../encryption/encryption.js");
-const handle_js_1 = require("../handle.js");
-const schema_js_1 = require("../schema.js");
-const hadu_js_1 = require("./hadu.js");
-const secp256k1 = new ellipticPkg.ec('secp256k1');
-// These are ECIES keys for testing purposes
-exports.TEST_NETWORK_PUBKEY = '0x02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb';
-exports.TEST_NETWORK_PRIVATE_KEY = '0x384a707568ab63ad2ad9f10135faa0699801db3174f33f7846badc11affb8f57';
-// Convert an ec.KeyPair from the 'elliptic' package (assumed to have geen generated
-// with the secp256k1 curve) to our Secp256k1Keypair type.
-function toSecp256k1Keypair(kp) {
-    return {
-        scheme: encryption_js_1.encryptionSchemes.ecies,
-        kp,
-        encodePublicKey() {
-            return new Uint8Array(kp.getPublic().encode('array', true));
-        },
-    };
-}
-// Generate a new ephemeral keypair for reencryption.
-function generateSecp256k1Keypair() {
-    return toSecp256k1Keypair(secp256k1.genKeyPair());
-}
-// EncodePublicKey encodes an ECIES public key it's 33-byte compressed form.
-function encodeSecp256k1PublicKey(pub) {
-    return new Uint8Array(pub.encodeCompressed('array'));
-}
-// DecodeSecp256k1PublicKey decodes a 33-byte compressed ECIES public key.
-function decodeSecp256k1PublicKey(pubKeyCompressed) {
-    return secp256k1.keyFromPublic(pubKeyCompressed, 'array').getPublic();
-}
-// DecodeSecp256k1PrivateKey returns a ECIES secp256k1 private key based on the provided byte slice which is
-// interpreted as an unsigned 256-bit big-endian integer in the range [0, N-1],
-// where N is the order of the curve.
-// where N is the order of the curve.
-//
-// WARNING: This means passing a slice with more than 32 bytes is truncated and
-// that truncated value is reduced modulo N.  Further, 0 is not a valid private
-// key.  It is up to the caller to provide a value in the appropriate range of
-// [1, N-1].  Failure to do so will either result in an invalid private key or
-// potentially weak private keys that have bias that could be exploited.
-//
-// This function primarily exists to provide a mechanism for converting
-// serialized private keys that are already known to be good.
-//
-// For more info, refer to the decred/dcrd documentation:
-// ref: https://pkg.go.dev/github.com/decred/dcrd/dcrec/secp256k1/v4@v4.2.0#PrivKeyFromBytes
-//
-// We don't include any curve parameters or ECIES params, as they are assumed to
-// be the ones in ecies.ECIES_AES128_SHA256 from go-ethereum.
-// ref: https://github.com/ethereum/go-ethereum/blob/v1.15.0/crypto/ecies/params.go#L76-L82
-function decodeSecp256k1PrivateKey(privKey) {
-    return toSecp256k1Keypair(secp256k1.keyFromPrivate(privKey, 'array'));
-}
-// Given a (usually 3rd-party known) public key, called `pubKeyA`, and an ephemeral
-// private key (usually generated locally), called `privKeyB`, encrypt the `msg`
-// using ECIES, with geth's parameters:
-// ref: https://github.com/ethereum/go-ethereum/blob/v1.15.2/crypto/ecies/ecies.go
-async function encrypt(pubKeyA, plaintext, privKeyB) {
-    const pubKeyABuffer = Buffer.from(pubKeyA.encode('array', false));
-    const privKeyBBuffer = privKeyB.kp.getPrivate().toArrayLike(Buffer, 'be', 32);
-    const ct = await (0, ecies_geth_1.encrypt)(pubKeyABuffer, Buffer.from(plaintext), {
-        ephemPrivateKey: privKeyBBuffer,
-    });
-    return new Uint8Array(ct);
-}
-function getEciesEncryptor({ pubKeyA, privKeyB, }) {
-    const pubKeyABuffer = Buffer.from(pubKeyA.encode('array', false));
-    const privKeyBBuffer = privKeyB.kp.getPrivate().toArrayLike(Buffer, 'be', 32);
-    return async ({ plaintext, context, }) => {
-        if (plaintext.scheme !== encryption_js_1.encryptionSchemes.ecies) {
-            throw new Error(`Plaintext with scheme ${(0, encryption_js_1.getEncryptionSchemeName)(plaintext.scheme)} cannot be encrypted with ECIES`);
-        }
-        const inputCiphertextPayloadBytes = Buffer.from((0, hadu_js_1.encodeInput)({ plaintext, context }));
-        const ct = await (0, ecies_geth_1.encrypt)(pubKeyABuffer, inputCiphertextPayloadBytes, {
-            ephemPrivateKey: privKeyBBuffer,
-        });
-        const prehandle = (0, handle_js_1.computePrehandle)({
-            ciphertext: ct,
-            handleType: plaintext.type,
-            indexHandle: 0,
-            handleVersion: 0,
-        });
-        const handle = (0, handle_js_1.computeHandle)({
-            prehandle,
-            context: context,
-        });
-        // const inputBytes = Buffer.concat([handle, ct]);
-        return {
-            prehandle: (0, binary_js_1.asBytes32)(prehandle),
-            handle: (0, binary_js_1.asBytes32)(handle),
-            context,
-            ciphertext: {
-                scheme: encryption_js_1.encryptionSchemes.ecies,
-                type: plaintext.type,
-                // The prepended version keeps the bundle self-describing, avoiding a loose parameter.
-                // The prepended handle serves as a checksum on the encrypted payload, so we can fail early on an accidental mismatch
-                value: (0, encryption_js_1.encodeCiphertextInput)(context.version, (0, binary_js_1.bytesToHex)(handle), (0, binary_js_1.bytesToHex)(ct)),
-            },
-        };
-    };
-}
-// Given an ephemeral private key, called `privKeyA`, and a ciphertext `ct`,
-// decrypt the ciphertext using ECIES, with geth's parameters:
-// ref: https://github.com/ethereum/go-ethereum/blob/v1.15.2/crypto/ecies/ecies.go
-async function decrypt(privKeyA, ciphertext) {
-    const privKeyABuffer = privKeyA.kp.getPrivate().toArrayLike(Buffer, 'be', 32);
-    const pt = await (0, ecies_geth_1.decrypt)(privKeyABuffer, Buffer.from(ciphertext));
-    return new Uint8Array(pt);
-}
-function getEciesDecryptor({ privKeyA, }) {
-    const privKeyABuffer = privKeyA.kp.getPrivate().toArrayLike(Buffer, 'be', 32);
-    return async ({ scheme, value, }) => {
-        if (scheme !== encryption_js_1.encryptionSchemes.ecies) {
-            throw new Error(`Ciphertext with scheme ${(0, encryption_js_1.getEncryptionSchemeName)(scheme)} cannot be decrypted with ECIES`);
-        }
-        // remove the prepended version and handle
-        // We could verify or dispatch on the version here,
-        // but the intention is for the SDK to only support one input version at a time.
-        const { ciphertext } = (0, encryption_js_1.decodeCiphertextInput)(value);
-        const ptBuf = await (0, ecies_geth_1.decrypt)(privKeyABuffer, (0, binary_js_1.bytesFromHexString)(ciphertext));
-        const payload = (0, hadu_js_1.decodeInput)(ptBuf);
-        const computable = payload.value;
-        if (computable.case !== 'scalar') {
-            throw new Error(`decrypted plaintext is not a scalar, cannot currently be decrypted, this feature may be implemented on request`);
-        }
-        const typ = (0, schema_js_1.parse)(encryption_js_1.SupportedFheType, computable.value.type);
-        return (0, encryption_js_1.bytesToPlaintext)(computable.value.value, encryption_js_1.encryptionSchemes.ecies, typ);
-    };
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWNpZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS9lY2llcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUF5Q0EsZ0RBVUM7QUFHRCw0REFFQztBQUdELDREQUVDO0FBR0QsNERBSUM7QUFzQkQsOERBSUM7QUFNRCwwQkFhQztBQU9ELDhDQW9EQztBQUtELDBCQU9DO0FBTUQsOENBb0NDO0FBbE9ELDJDQUE4RTtBQUM5RSx3Q0FBd0M7QUFDeEMsNENBQXlFO0FBQ3pFLCtEQWNxQztBQUNyQyw0Q0FBK0Q7QUFFL0QsNENBQXFDO0FBQ3JDLHVDQUFxRDtBQUVyRCxNQUFNLFNBQVMsR0FBRyxJQUFJLFdBQVcsQ0FBQyxFQUFFLENBQUMsV0FBVyxDQUFDLENBQUM7QUFFbEQsNENBQTRDO0FBQy9CLFFBQUEsbUJBQW1CLEdBQzlCLHNFQUFzRSxDQUFDO0FBQzVELFFBQUEsd0JBQXdCLEdBQ25DLG9FQUFvRSxDQUFDO0FBVXZFLG9GQUFvRjtBQUNwRiwwREFBMEQ7QUFDMUQsU0FBZ0Isa0JBQWtCLENBQ2hDLEVBQTBCO0lBRTFCLE9BQU87UUFDTCxNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSztRQUMvQixFQUFFO1FBQ0YsZUFBZTtZQUNiLE9BQU8sSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLFNBQVMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUM5RCxDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRCxxREFBcUQ7QUFDckQsU0FBZ0Isd0JBQXdCO0lBQ3RDLE9BQU8sa0JBQWtCLENBQUMsU0FBUyxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUM7QUFDcEQsQ0FBQztBQUVELDRFQUE0RTtBQUM1RSxTQUFnQix3QkFBd0IsQ0FBQyxHQUFvQjtJQUMzRCxPQUFPLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0FBQ3ZELENBQUM7QUFFRCwwRUFBMEU7QUFDMUUsU0FBZ0Isd0JBQXdCLENBQ3RDLGdCQUE0QjtJQUU1QixPQUFPLFNBQVMsQ0FBQyxhQUFhLENBQUMsZ0JBQWdCLEVBQUUsT0FBTyxDQUFDLENBQUMsU0FBUyxFQUFFLENBQUM7QUFDeEUsQ0FBQztBQUVELDRHQUE0RztBQUM1RywrRUFBK0U7QUFDL0UscUNBQXFDO0FBQ3JDLHFDQUFxQztBQUNyQyxFQUFFO0FBQ0YsK0VBQStFO0FBQy9FLCtFQUErRTtBQUMvRSw4RUFBOEU7QUFDOUUsOEVBQThFO0FBQzlFLHdFQUF3RTtBQUN4RSxFQUFFO0FBQ0YsdUVBQXVFO0FBQ3ZFLDZEQUE2RDtBQUM3RCxFQUFFO0FBQ0YseURBQXlEO0FBQ3pELDRGQUE0RjtBQUM1RixFQUFFO0FBQ0YsZ0ZBQWdGO0FBQ2hGLDZEQUE2RDtBQUM3RCwyRkFBMkY7QUFDM0YsU0FBZ0IseUJBQXlCLENBQ3ZDLE9BQW1CO0lBRW5CLE9BQU8sa0JBQWtCLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztBQUN4RSxDQUFDO0FBRUQsbUZBQW1GO0FBQ25GLGdGQUFnRjtBQUNoRix1Q0FBdUM7QUFDdkMsa0ZBQWtGO0FBQzNFLEtBQUssVUFBVSxPQUFPLENBQzNCLE9BQXdCLEVBQ3hCLFNBQXFCLEVBQ3JCLFFBQTBCO0lBRTFCLE1BQU0sYUFBYSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNsRSxNQUFNLGNBQWMsR0FBRyxRQUFRLENBQUMsRUFBRSxDQUFDLFVBQVUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBRTlFLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBQSxvQkFBWSxFQUFDLGFBQWEsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFO1FBQ25FLGVBQWUsRUFBRSxjQUFjO0tBQ2hDLENBQUMsQ0FBQztJQUVILE9BQU8sSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUM7QUFDNUIsQ0FBQztBQU9ELFNBQWdCLGlCQUFpQixDQUFDLEVBQ2hDLE9BQU8sRUFDUCxRQUFRLEdBQ1c7SUFDbkIsTUFBTSxhQUFhLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO0lBQ2xFLE1BQU0sY0FBYyxHQUFHLFFBQVEsQ0FBQyxFQUFFLENBQUMsVUFBVSxFQUFFLENBQUMsV0FBVyxDQUFDLE1BQU0sRUFBRSxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFFOUUsT0FBTyxLQUFLLEVBQThCLEVBQ3hDLFNBQVMsRUFDVCxPQUFPLEdBQ2dDLEVBRXZDLEVBQUU7UUFDRixJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssaUNBQWlCLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDakQsTUFBTSxJQUFJLEtBQUssQ0FDYix5QkFBeUIsSUFBQSx1Q0FBdUIsRUFBQyxTQUFTLENBQUMsTUFBTSxDQUFDLGlDQUFpQyxDQUNwRyxDQUFDO1FBQ0osQ0FBQztRQUNELE1BQU0sMkJBQTJCLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FDN0MsSUFBQSxxQkFBVyxFQUFDLEVBQUUsU0FBUyxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQ3BDLENBQUM7UUFDRixNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUEsb0JBQVksRUFBQyxhQUFhLEVBQUUsMkJBQTJCLEVBQUU7WUFDeEUsZUFBZSxFQUFFLGNBQWM7U0FDaEMsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxTQUFTLEdBQUcsSUFBQSw0QkFBZ0IsRUFBQztZQUNqQyxVQUFVLEVBQUUsRUFBRTtZQUNkLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixXQUFXLEVBQUUsQ0FBQztZQUNkLGFBQWEsRUFBRSxDQUFDO1NBQ2pCLENBQUMsQ0FBQztRQUNILE1BQU0sTUFBTSxHQUFHLElBQUEseUJBQWEsRUFBQztZQUMzQixTQUFTO1lBQ1QsT0FBTyxFQUFFLE9BQU87U0FDakIsQ0FBQyxDQUFDO1FBQ0gsa0RBQWtEO1FBQ2xELE9BQU87WUFDTCxTQUFTLEVBQUUsSUFBQSxxQkFBUyxFQUFDLFNBQVMsQ0FBQztZQUMvQixNQUFNLEVBQUUsSUFBQSxxQkFBUyxFQUFDLE1BQU0sQ0FBQztZQUN6QixPQUFPO1lBQ1AsVUFBVSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxpQ0FBaUIsQ0FBQyxLQUFLO2dCQUMvQixJQUFJLEVBQUUsU0FBUyxDQUFDLElBQUk7Z0JBQ3BCLHNGQUFzRjtnQkFDdEYscUhBQXFIO2dCQUNySCxLQUFLLEVBQUUsSUFBQSxxQ0FBcUIsRUFDMUIsT0FBTyxDQUFDLE9BQU8sRUFDZixJQUFBLHNCQUFVLEVBQUMsTUFBTSxDQUFDLEVBQ2xCLElBQUEsc0JBQVUsRUFBQyxFQUFFLENBQUMsQ0FDZjthQUNGO1NBQ0YsQ0FBQztJQUNKLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRCw0RUFBNEU7QUFDNUUsOERBQThEO0FBQzlELGtGQUFrRjtBQUMzRSxLQUFLLFVBQVUsT0FBTyxDQUMzQixRQUEwQixFQUMxQixVQUFzQjtJQUV0QixNQUFNLGNBQWMsR0FBRyxRQUFRLENBQUMsRUFBRSxDQUFDLFVBQVUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxNQUFNLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQzlFLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBQSxvQkFBWSxFQUFDLGNBQWMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7SUFDdkUsT0FBTyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQztBQUM1QixDQUFDO0FBTUQsU0FBZ0IsaUJBQWlCLENBQUMsRUFDaEMsUUFBUSxHQUNXO0lBQ25CLE1BQU0sY0FBYyxHQUFHLFFBQVEsQ0FBQyxFQUFFLENBQUMsVUFBVSxFQUFFLENBQUMsV0FBVyxDQUFDLE1BQU0sRUFBRSxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDOUUsT0FBTyxLQUFLLEVBQThCLEVBQ3hDLE1BQU0sRUFDTixLQUFLLEdBQ3dCLEVBQXdDLEVBQUU7UUFDdkUsSUFBSSxNQUFNLEtBQUssaUNBQWlCLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDdkMsTUFBTSxJQUFJLEtBQUssQ0FDYiwwQkFBMEIsSUFBQSx1Q0FBdUIsRUFBQyxNQUFNLENBQUMsaUNBQWlDLENBQzNGLENBQUM7UUFDSixDQUFDO1FBRUQsMENBQTBDO1FBQzFDLG1EQUFtRDtRQUNuRCxnRkFBZ0Y7UUFDaEYsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUEscUNBQXFCLEVBQUMsS0FBSyxDQUFDLENBQUM7UUFDcEQsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFBLG9CQUFZLEVBQzlCLGNBQWMsRUFDZCxJQUFBLDhCQUFrQixFQUFDLFVBQVUsQ0FBQyxDQUMvQixDQUFDO1FBQ0YsTUFBTSxPQUFPLEdBQUcsSUFBQSxxQkFBVyxFQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25DLE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUM7UUFDakMsSUFBSSxVQUFVLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0hBQWdILENBQ2pILENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxHQUFHLEdBQUcsSUFBQSxpQkFBSyxFQUFDLGdDQUFnQixFQUFFLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDM0QsT0FBTyxJQUFBLGdDQUFnQixFQUNyQixVQUFVLENBQUMsS0FBSyxDQUFDLEtBQUssRUFDdEIsaUNBQWlCLENBQUMsS0FBSyxFQUN2QixHQUFHLENBQzJCLENBQUM7SUFDbkMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyJ9

package/dist/esm/lite/ecies.d.ts

@@ -1,26 +0,0 @@
-import * as ellipticPkg from 'elliptic';
-import { Decryptor, EciesScheme, Encryptor } from '../encryption/encryption.js';
-import { PubKeyEncodable } from '../reencryption/index.js';
-export declare const TEST_NETWORK_PUBKEY = "0x02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
-export declare const TEST_NETWORK_PRIVATE_KEY = "0x384a707568ab63ad2ad9f10135faa0699801db3174f33f7846badc11affb8f57";
-export interface Secp256k1Keypair extends PubKeyEncodable {
-    scheme: EciesScheme;
-    kp: ellipticPkg.ec.KeyPair;
-}
-export type Secp256k1PubKey = ellipticPkg.curve.base.BasePoint;
-export declare function toSecp256k1Keypair(kp: ellipticPkg.ec.KeyPair): Secp256k1Keypair;
-export declare function generateSecp256k1Keypair(): Secp256k1Keypair;
-export declare function encodeSecp256k1PublicKey(pub: Secp256k1PubKey): Uint8Array;
-export declare function decodeSecp256k1PublicKey(pubKeyCompressed: Uint8Array): Secp256k1PubKey;
-export declare function decodeSecp256k1PrivateKey(privKey: Uint8Array): Secp256k1Keypair;
-export declare function encrypt(pubKeyA: Secp256k1PubKey, plaintext: Uint8Array, privKeyB: Secp256k1Keypair): Promise<Uint8Array>;
-export type EciesEncryptorArgs = {
-    pubKeyA: Secp256k1PubKey;
-    privKeyB: Secp256k1Keypair;
-};
-export declare function getEciesEncryptor({ pubKeyA, privKeyB, }: EciesEncryptorArgs): Encryptor<EciesScheme>;
-export declare function decrypt(privKeyA: Secp256k1Keypair, ciphertext: Uint8Array): Promise<Uint8Array>;
-export type EciesDecryptorArgs = {
-    privKeyA: Secp256k1Keypair;
-};
-export declare function getEciesDecryptor({ privKeyA, }: EciesDecryptorArgs): Decryptor<EciesScheme>;