@inco/js 0.8.0-devnet-6 → 0.9.0-devnet-test-3

package/dist/types/generated/es/inco/kms/lite/v1/kms_service_pb.d.ts

@@ -106,6 +106,105 @@ export type AttestedDecryptRequest = Message<"inco.kms.lite.v1.AttestedDecryptRe
  * Use `create(AttestedDecryptRequestSchema)` to create a new message.
  */
 export declare const AttestedDecryptRequestSchema: GenMessage<AttestedDecryptRequest>;
+/**
+ * EListAttestedDecryptRequest is the request type for the KmsService/EListAttestedDecrypt RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedDecryptRequest
+ */
+export type EListAttestedDecryptRequest = Message<"inco.kms.lite.v1.EListAttestedDecryptRequest"> & {
+    /**
+     * user_address is the Ethereum address of the user who requested the
+     * decryption, prefixed with 0x.
+     *
+     * @generated from field: string user_address = 1;
+     */
+    userAddress: string;
+    /**
+     * reencrypt_pub_key is the encoding of the user's public
+     * encryption key (secp256k1) used to reencrypt the result for.
+     * It is encoded in its 33-byte compressed format.
+     * If empty, the KMS will return plaintext decryption instead of reencryption.
+     *
+     * @generated from field: bytes reencrypt_pub_key = 2;
+     */
+    reencryptPubKey: Uint8Array;
+    /**
+     * eip712_signature is an EIP-712 signature of the following EIP-712 typed data by
+     * `user_address` (note that we only give a JSON representation for the sake of
+     * readability, but the actual signed data is defined in the EIP-712 spec) where:
+     *     handles - list of 0x prefixed handles to decrypt
+     *     publicKey - 0x prefixed reencrypt_pub_key (if any). "0x" otherwise if empty.
+     *
+     * ```json
+     * {
+     *   "types": {
+     *     "EIP712Domain": [
+     *       { "name": "name", "type": "string" },
+     *       { "name": "version", "type": "string" },
+     *       { "name": "chainId", "type": "uint256" }
+     *     ],
+     *     "AttestedDecryptRequest": [
+     *       { "name": "handles", "type": "bytes32[]" },
+     *       { "name": "publicKey", "type": "bytes" },
+     *     ]
+     *   },
+     *   "primaryType": "AttestedDecryptRequest",
+     *   "domain": {
+     *     "name": "IncoAttestedDecrypt",
+     *     "version": "1",
+     *     "chainId": "<host_chain_id>",
+     *   },
+     *   "message": {
+     *     "handles": ["<handle1>", "<handle2>", ...],
+     *     "publicKey": "0x<reencrypt_pub_key>"
+     *   }
+     * }
+     * ```
+     *
+     * @generated from field: bytes eip712_signature = 3;
+     */
+    eip712Signature: Uint8Array;
+    /**
+     * handle_with_proof is the handle of an elist ciphertext with proof to decrypt.
+     * Either the user_address or sharer must have ACL access to the elist handle for the attested
+     * decryption to succeed.
+     *
+     * @generated from field: inco.kms.lite.v1.HandleWithProof elist_handle_with_proof = 4;
+     */
+    elistHandleWithProof?: HandleWithProof;
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedDecryptRequest.
+ * Use `create(EListAttestedDecryptRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptRequestSchema: GenMessage<EListAttestedDecryptRequest>;
+/**
+ * EListAttestedDecryptResponse is the response type for the KmsService/EListAttestedDecryptResponse RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedDecryptResponse
+ */
+export type EListAttestedDecryptResponse = Message<"inco.kms.lite.v1.EListAttestedDecryptResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment_proof of the decrypted elist values and their corresponding commitments.
+     * commitment_proof = hash(concat([
+     *   hash(concat([commitment1, v1])),
+     * ...]))
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist values.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedDecryptResponse.
+ * Use `create(EListAttestedDecryptResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedDecryptResponseSchema: GenMessage<EListAttestedDecryptResponse>;
 /**
  * AttestedRevealRequest is the request type for the KmsService/AttestedReveal RPC method.
  *
@@ -125,6 +224,25 @@ export type AttestedRevealRequest = Message<"inco.kms.lite.v1.AttestedRevealRequ
  * Use `create(AttestedRevealRequestSchema)` to create a new message.
  */
 export declare const AttestedRevealRequestSchema: GenMessage<AttestedRevealRequest>;
+/**
+ * EListAttestedRevealRequest is the request type for the KmsService/EListAttestedReveal RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedRevealRequest
+ */
+export type EListAttestedRevealRequest = Message<"inco.kms.lite.v1.EListAttestedRevealRequest"> & {
+    /**
+     * handle is the handle of the elist ciphertext to decrypt.
+     * The handle must have been revealed beforehand with the on-chain .reveal() call.
+     *
+     * @generated from field: string handle = 3;
+     */
+    handle: string;
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedRevealRequest.
+ * Use `create(EListAttestedRevealRequestSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealRequestSchema: GenMessage<EListAttestedRevealRequest>;
 /**
  * AttestedComputeRequest is the request type for the KmsService/AttestedDecrypt RPC method.
  *
@@ -261,6 +379,30 @@ export type AttestedRevealResponse = Message<"inco.kms.lite.v1.AttestedRevealRes
  * Use `create(AttestedRevealResponseSchema)` to create a new message.
  */
 export declare const AttestedRevealResponseSchema: GenMessage<AttestedRevealResponse>;
+/**
+ * EListAttestedRevealResponse is the response type for the KmsService/EListAttestedReveal RPC method.
+ *
+ * @generated from message inco.kms.lite.v1.EListAttestedRevealResponse
+ */
+export type EListAttestedRevealResponse = Message<"inco.kms.lite.v1.EListAttestedRevealResponse"> & {
+    /**
+     * commitment_proof_attestation is the signed commitment_proof of the concatenation of the hashes of individual elist values.
+     *
+     * @generated from field: inco.kms.lite.v1.DecryptionAttestation commitment_proof_attestation = 1;
+     */
+    commitmentProofAttestation?: DecryptionAttestation;
+    /**
+     * values is the list of decrypted elist values.
+     *
+     * @generated from field: repeated inco.kms.lite.v1.EListElement values = 2;
+     */
+    values: EListElement[];
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListAttestedRevealResponse.
+ * Use `create(EListAttestedRevealResponseSchema)` to create a new message.
+ */
+export declare const EListAttestedRevealResponseSchema: GenMessage<EListAttestedRevealResponse>;
 /**
  * AttestedComputeResponse is the response type for the KmsService/AttestedCompute RPC method.
  *
@@ -321,6 +463,53 @@ export type Reencryption = Message<"inco.kms.lite.v1.Reencryption"> & {
  * Use `create(ReencryptionSchema)` to create a new message.
  */
 export declare const ReencryptionSchema: GenMessage<Reencryption>;
+/**
+ * EListElement contains the decryptions/reencryptions for elist element.
+ *
+ * @generated from message inco.kms.lite.v1.EListElement
+ */
+export type EListElement = Message<"inco.kms.lite.v1.EListElement"> & {
+    /**
+     * index is the index of the element in the elist.
+     *
+     * @generated from field: uint32 index = 1;
+     */
+    index: number;
+    /**
+     * commitment is the random commitment applied to the element when calculating elist commitment_proof.
+     *
+     * @generated from field: bytes commitment = 2;
+     */
+    commitment: Uint8Array;
+    /**
+     * @generated from oneof inco.kms.lite.v1.EListElement.value
+     */
+    value: {
+        /**
+         * Returns plaintext if reencrypt_pub_key was empty in the request
+         *
+         * @generated from field: inco.kms.lite.v1.Plaintext plaintext = 3;
+         */
+        value: Plaintext;
+        case: "plaintext";
+    } | {
+        /**
+         * Returns encrypted ciphertext if reencrypt_pub_key was set in the request
+         *
+         * @generated from field: inco.kms.lite.v1.Reencryption reencryption = 4;
+         */
+        value: Reencryption;
+        case: "reencryption";
+    } | {
+        case: undefined;
+        value?: undefined;
+    };
+};
+/**
+ * Describes the message inco.kms.lite.v1.EListElement.
+ * Use `create(EListElementSchema)` to create a new message.
+ */
+export declare const EListElementSchema: GenMessage<EListElement>;
 /**
  * DecryptionAttestation contains the attestation for the decryption of a single handle.
  *
@@ -453,4 +642,28 @@ export declare const KmsService: GenService<{
         input: typeof AttestedRevealRequestSchema;
         output: typeof AttestedRevealResponseSchema;
     };
+    /**
+     * EListAttestedDecrypt decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Can optionally reencrypt the result of the decryption to a desired public key.
+     *
+     * @generated from rpc inco.kms.lite.v1.KmsService.EListAttestedDecrypt
+     */
+    eListAttestedDecrypt: {
+        methodKind: "unary";
+        input: typeof EListAttestedDecryptRequestSchema;
+        output: typeof EListAttestedDecryptResponseSchema;
+    };
+    /**
+     * EListAttestedReveal decrypts a single elist ciphertext and provides an attestation
+     * that the decryption was performed correctly.
+     * Doesn't require authentication if the handle is publicly revealed with the on-chain .reveal() call beforehand.
+     *
+     * @generated from rpc inco.kms.lite.v1.KmsService.EListAttestedReveal
+     */
+    eListAttestedReveal: {
+        methodKind: "unary";
+        input: typeof EListAttestedRevealRequestSchema;
+        output: typeof EListAttestedRevealResponseSchema;
+    };
 }>;

package/dist/types/kms/quorumClient.d.ts

@@ -2,6 +2,7 @@ import type { Address } from 'viem';
 import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
 import type { EncryptionScheme, SupportedFheType } from '../encryption/encryption.js';
 import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import type { XwingKeypair } from '../lite/index.js';
 import type { BackoffConfig } from '../retry.js';
 import { type KmsClient } from './client.js';
 export declare class KmsQuorumClient {
@@ -28,8 +29,8 @@ export declare class KmsQuorumClient {
      * @throws {Error} If KMS clients array is empty or threshold is invalid
      */
     static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
-    attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
-    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
+    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
     /**
      * Generic method to execute a KMS operation across all clients with retry and threshold logic.

package/dist/types/lite/index.d.ts

@@ -4,7 +4,6 @@ export type { HandleWithProof } from '../generated/es/inco/kms/lite/v1/types_pb.
 export * from './attested-compute.js';
 export * from './attested-decrypt.js';
 export * from './deployments.js';
-export { TEST_NETWORK_PRIVATE_KEY, TEST_NETWORK_PUBKEY, decodeSecp256k1PrivateKey, decodeSecp256k1PublicKey, decrypt as eciesDecrypt, encrypt as eciesEncrypt, encodeSecp256k1PublicKey, generateSecp256k1Keypair, getEciesDecryptor, getEciesEncryptor, toSecp256k1Keypair, type EciesDecryptorArgs, type EciesEncryptorArgs, type Secp256k1Keypair, type Secp256k1PubKey, } from './ecies.js';
 export * from './hadu.js';
 export * from './lightning.js';
-export { TEST_NETWORK_SEED_KEY, TEST_NETWORK_XWING_PUBKEY, decodeXwingPrivateKey, decodeXwingPublicKey, deriveXwingKeypairFromSeed, encodeXwingPublicKey, generateXwingKeypair, getXwingDecryptor, getXwingEncryptor, decrypt as xwingDecrypt, encrypt as xwingEncrypt, type XwingDecryptorArgs, type XwingEncryptorArgs, type XwingKeypair, } from './xwing.js';
+export { TEST_NETWORK_SEED_KEY, TEST_NETWORK_XWING_PUBKEY, XWING_PUBLIC_KEY_SIZE, decodeXwingPrivateKey, decodeXwingPublicKey, decrypt, deriveXwingKeypairFromSeed, encodeXwingPublicKey, encrypt, generateXwingKeypair, getXwingDecryptor, getXwingEncryptor, type XwingDecryptorArgs, type XwingEncryptorArgs, type XwingKeypair, } from './xwing.js';

package/dist/types/lite/lightning.d.ts

@@ -1,4 +1,5 @@
 import { Account, Chain, GetContractReturnType, PublicClient, Transport, WalletClient } from 'viem';
+import type { PrivateKeyAccount } from 'viem/accounts';
 import { AllowanceVoucherWithSig } from '../advancedacl/types.js';
 import { AttestedComputeOP } from '../attestedcompute/types.js';
 import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
@@ -10,7 +11,7 @@ import { localNodeLightningConfig } from '../generated/local-node.js';
 import { FheType } from '../handle.js';
 import { LocalNodeEnv } from '../local/index.js';
 import { BackoffConfig } from '../retry.js';
-import { Secp256k1Keypair } from './ecies.js';
+import { XwingKeypair } from './xwing.js';
 type TupleToUnion<T> = T extends readonly unknown[] ? T[number] : never;
 type Deployment = TupleToUnion<typeof lightningDeployments>;
 type DistributedPick<T, K> = T extends any ? Pick<T, Extract<keyof T, K>> : never;
@@ -60,7 +61,6 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     readonly executorAddress: Address;
     readonly chainId: bigint;
     private readonly kmsQuorumClient;
-    private readonly ephemeralKeypair;
     private encryptor;
     private encryptionScheme;
     private constructor();
@@ -235,11 +235,11 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      */
     attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Requests attested decrypts using a voucher-backed session key.
      *
-     * @param ephemeralKeypair Session keypair matching the voucher grantee.
+     * @param ephemeralAccount Session Account matching the voucher grantee.
      * @param allowanceVoucherWithSig Signed allowance voucher.
      * @param ethClient - A public eth client or eth wallet client used for signing the attested decrypt request
      * @param handles Handles to decrypt.
@@ -248,7 +248,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Plaintext results
      * ```ts
      * const attestations = await lightning.attestedDecryptWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   [handle],
@@ -258,7 +258,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt for a delegate
      * ```ts
      * const encrypted = await lightning.attestedDecryptWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   [handle],
@@ -266,9 +266,9 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * );
      * ```
      */
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Get an attested compute for the given wallet client.
      *
@@ -316,14 +316,14 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      */
     attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Performs attested compute via a voucher-backed session key.
      *
      * @example Plaintext result
      * ```ts
      * const attestation = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   ethClient,
      *   lhsHandle,
@@ -335,7 +335,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt for a delegate
      * ```ts
      * const encrypted = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
@@ -348,7 +348,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @example Reencrypt and decrypt locally
      * ```ts
      * const decrypted = await lightning.attestedComputeWithVoucher(
-     *   ephemeralKeypair,
+     *   ephemeralAccount,
      *   voucher,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
@@ -359,9 +359,9 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * console.log(decrypted.plaintext.value);
      * ```
      */
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Get an decryption of publicly revealed handles.
      *

package/dist/types/lite/xwing.d.ts

@@ -1,5 +1,10 @@
 import { Decryptor, Encryptor, XwingScheme } from '../encryption/encryption.js';
 import { PubKeyEncodable } from '../reencryption/index.js';
+/**
+ * X-Wing public key size in bytes.
+ * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
+ */
+export declare const XWING_PUBLIC_KEY_SIZE: number;
 export declare const TEST_NETWORK_SEED_KEY = "0x0000000000000000000000000000000000000000000000000000000000000000";
 export declare const TEST_NETWORK_XWING_PUBKEY = "0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d";
 /**
@@ -13,7 +18,6 @@ export interface XwingKeypair extends PubKeyEncodable {
     scheme: XwingScheme;
     publicKey: CryptoKey;
     privateKey: CryptoKey;
-    publicKeyBytes: Uint8Array;
 }
 /**
  * Derive X-Wing keypair from a 32-byte seed (deterministic).

package/dist/types/reencryption/types.d.ts

@@ -2,7 +2,7 @@ import { Address } from 'viem';
 import { HexString } from '../binary.js';
 import { CiphertextOf, EncryptionScheme, PlaintextOf, SupportedFheType } from '../encryption/encryption.js';
 import { Handle } from '../handle.js';
-import type { Secp256k1Keypair } from '../lite/ecies.js';
+import type { XwingKeypair } from '../lite/xwing.js';
 import type { BackoffConfig } from '../retry.js';
 export type Reencryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: ReencryptFnArgs<S, T>, backoffConfig?: Partial<BackoffConfig>) => Promise<PlaintextOf<S, T>>;
 export interface ReencryptorArgs {
@@ -12,7 +12,7 @@ export type ReencryptFnArgs<S extends EncryptionScheme, T extends SupportedFheTy
     handle: Handle;
     ciphertext?: CiphertextOf<S, T>;
 };
-export type SupportedEphemeralKeypairs = Secp256k1Keypair;
+export type SupportedEphemeralKeypairs = XwingKeypair;
 export interface PubKeyEncodable {
     encodePublicKey(): Uint8Array;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/js",
-  "version": "0.8.0-devnet-6",
+  "version": "0.9.0-devnet-test-3",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "license": "Apache-2.0",
   "sideEffects": false,
@@ -77,7 +77,7 @@
     "generate:protos": "buf generate",
     "lint": "bun prettier --check . && eslint .",
     "lint:fix": "bun prettier --write . && eslint . --fix",
-    "publish:npm": "bun publish",
+    "publish:npm": "npm publish --tag ${NPM_DIST_TAG:-alpha}",
     "test": "bun run lint && bun run test:tsc && bun run test:unit",
     "test:coverage": "bun vitest run --project unit --coverage",
     "test:e2e": "bun vitest run --bail=1 --project e2e",
@@ -94,15 +94,12 @@
     "@hpke/hybridkem-x-wing": "^0.6.1",
     "@hpke/core": "^1.7.5",
     "@hpke/chacha20poly1305": "^1.7.1",
-    "@types/elliptic": "^6.4.18",
-    "ecies-geth": "^1.7.5",
     "effect": "^3.17.13",
-    "elliptic": "^6.6.1",
     "sha3": "^2.1.4",
     "viem": "^2.39.3"
   },
   "devDependencies": {
-    "@inco/pega": "0.0.0",
+    "@inco/pega": "workspace:*",
     "@bufbuild/protoc-gen-es": "^2.2.2",
     "@typescript-eslint/parser": "^8.35.1",
     "@vitest/coverage-istanbul": "3.1.1",

package/dist/cjs/lite/ecies.d.ts

@@ -1,26 +0,0 @@
-import * as ellipticPkg from 'elliptic';
-import { Decryptor, EciesScheme, Encryptor } from '../encryption/encryption.js';
-import { PubKeyEncodable } from '../reencryption/index.js';
-export declare const TEST_NETWORK_PUBKEY = "0x02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
-export declare const TEST_NETWORK_PRIVATE_KEY = "0x384a707568ab63ad2ad9f10135faa0699801db3174f33f7846badc11affb8f57";
-export interface Secp256k1Keypair extends PubKeyEncodable {
-    scheme: EciesScheme;
-    kp: ellipticPkg.ec.KeyPair;
-}
-export type Secp256k1PubKey = ellipticPkg.curve.base.BasePoint;
-export declare function toSecp256k1Keypair(kp: ellipticPkg.ec.KeyPair): Secp256k1Keypair;
-export declare function generateSecp256k1Keypair(): Secp256k1Keypair;
-export declare function encodeSecp256k1PublicKey(pub: Secp256k1PubKey): Uint8Array;
-export declare function decodeSecp256k1PublicKey(pubKeyCompressed: Uint8Array): Secp256k1PubKey;
-export declare function decodeSecp256k1PrivateKey(privKey: Uint8Array): Secp256k1Keypair;
-export declare function encrypt(pubKeyA: Secp256k1PubKey, plaintext: Uint8Array, privKeyB: Secp256k1Keypair): Promise<Uint8Array>;
-export type EciesEncryptorArgs = {
-    pubKeyA: Secp256k1PubKey;
-    privKeyB: Secp256k1Keypair;
-};
-export declare function getEciesEncryptor({ pubKeyA, privKeyB, }: EciesEncryptorArgs): Encryptor<EciesScheme>;
-export declare function decrypt(privKeyA: Secp256k1Keypair, ciphertext: Uint8Array): Promise<Uint8Array>;
-export type EciesDecryptorArgs = {
-    privKeyA: Secp256k1Keypair;
-};
-export declare function getEciesDecryptor({ privKeyA, }: EciesDecryptorArgs): Decryptor<EciesScheme>;