@inco/lightning-js 0.0.0-bootstrap.0

package/dist/cjs/kms/quorumClient.d.ts

@@ -0,0 +1,65 @@
+import { type Address } from 'viem';
+import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
+import { type EListDecryptionAttestation, type EncryptedEListDecryptionAttestation } from '../elistattesteddecrypt/types.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest, EListAttestedDecryptRequest, EListAttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { type KmsClient } from './client.js';
+import type { ViemClient } from '../viem.js';
+export declare class KmsQuorumClient {
+    private readonly kmss;
+    private readonly threshold;
+    private constructor();
+    private constructor();
+    /**
+     * Creates a KmsQuorumClient from an array of URLs.
+     * Requires signer addresses and threshold to be explicitly provided.
+     *
+     * @param urls - Array of KMS endpoint URLs
+     * @param signers - Array of signer addresses, must match the length of URLs
+     * @param threshold - Number of successful responses required (must be between 1 and urls.length)
+     * @throws {Error} If URLs array is empty, signers length doesn't match URLs length, or threshold is invalid
+     */
+    static fromUrls(urls: string[], signers: Address[], threshold: number): KmsQuorumClient;
+    /**
+     * Creates a KmsQuorumClient from an array of KmsClient instances.
+     * Each KmsClient must have a signerAddress property.
+     *
+     * @param kmsClients - Array of KMS client instances
+     * @param threshold - Number of successful responses required (must be between 1 and kmsClients.length)
+     * @throws {Error} If KMS clients array is empty or threshold is invalid
+     */
+    static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
+    attestedDecrypt(request: AttestedDecryptRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<(DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>)[]>;
+    attestedCompute(request: AttestedComputeRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    attestedReveal(request: AttestedRevealRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>)[]>;
+    eListAttestedDecrypt(request: EListAttestedDecryptRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedEListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    eListAttestedReveal(request: EListAttestedRevealRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    /**
+     * Generic method to execute a KMS operation across all clients with retry and threshold logic.
+     * Returns results with both the response and signer address.
+     */
+    private executeKmsOperationWithThreshold;
+    /**
+     * Collects signatures from responses and sorts them by signer address (ascending).
+     * This is required by SignatureVerifier.
+     */
+    private collectAndSortSignatures;
+    /**
+     * Builds a plaintext attestation from a DecryptionAttestation proto message.
+     */
+    private buildPlaintextAttestation;
+    private buildAggregatedAttestations;
+    private buildAggregatedComputeAttestation;
+    private buildAggregatedEListAttestation;
+    /**
+     * Verifies proof hashes at two levels:
+     * 1. Aggregate: keccak256(concat(proofHashes)) must equal the attested commitmentProof
+     * 2. Per-element:
+     *    - For plaintext (reveal): proofHash[i] = keccak256(value[i])
+     *    - For reencryption (decrypt): proofHash[i] = keccak256(commitment[i] || plaintext[i])
+     *      — requires reencryptKeypair to decrypt the ciphertext first.
+     */
+    private verifyElementProofHashes;
+}

package/dist/cjs/kms/quorumClient.js

@@ -0,0 +1,463 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KmsQuorumClient = void 0;
+const viem_1 = require("viem");
+const binary_js_1 = require("../binary.js");
+const types_js_1 = require("../elistattesteddecrypt/types.js");
+const encryption_js_1 = require("../encryption/encryption.js");
+const handle_js_1 = require("../handle.js");
+const xwing_js_1 = require("../lite/xwing.js");
+const retry_js_1 = require("../retry.js");
+const client_js_1 = require("./client.js");
+const quorumConsistency_js_1 = require("./quorumConsistency.js");
+const signatureVerification_js_1 = require("./signatureVerification.js");
+const thresholdPromises_js_1 = require("./thresholdPromises.js");
+/**
+ * Checks if the threshold is at least a majority of signers and throws an error if not.
+ * This is important to ensure that the quorum client provides the expected security guarantees.
+ */
+function checkMajorityThreshold(threshold, signerCount) {
+    const majority = Math.floor(signerCount / 2) + 1;
+    if (threshold < majority) {
+        throw new Error(`Threshold (${threshold}) must be at least a majority (${majority}) of ${signerCount} signers to ensure security guarantees.`);
+    }
+}
+class KmsQuorumClient {
+    kmss;
+    threshold;
+    // Implementation
+    constructor(attestersOrClients, threshold) {
+        if (attestersOrClients.length === 0) {
+            throw new Error('At least one attester or KMS client is required');
+        }
+        if (threshold < 1 || threshold > attestersOrClients.length) {
+            throw new Error(`Threshold must be between 1 and ${attestersOrClients.length}`);
+        }
+        checkMajorityThreshold(threshold, attestersOrClients.length);
+        // Check if first element is a KmsClient (has attestedDecrypt method) or an attester object
+        if (attestersOrClients.length > 0 &&
+            'attestedDecrypt' in attestersOrClients[0]) {
+            // Handle KmsClient[] case
+            const kmsClients = attestersOrClients;
+            this.kmss = kmsClients.map((client) => ({
+                client,
+                signer: client.signerAddress,
+            }));
+        }
+        else {
+            // Handle { url: string; signer: Address }[] case
+            const attesters = attestersOrClients;
+            this.kmss = attesters.map((attester) => {
+                return {
+                    client: (0, client_js_1.getKmsClient)(attester.url, attester.signer),
+                    signer: attester.signer,
+                };
+            });
+        }
+        this.threshold = threshold;
+    }
+    /**
+     * Creates a KmsQuorumClient from an array of URLs.
+     * Requires signer addresses and threshold to be explicitly provided.
+     *
+     * @param urls - Array of KMS endpoint URLs
+     * @param signers - Array of signer addresses, must match the length of URLs
+     * @param threshold - Number of successful responses required (must be between 1 and urls.length)
+     * @throws {Error} If URLs array is empty, signers length doesn't match URLs length, or threshold is invalid
+     */
+    static fromUrls(urls, signers, threshold) {
+        if (urls.length === 0) {
+            throw new Error('At least one URL is required');
+        }
+        if (signers.length !== urls.length) {
+            throw new Error(`Signers array length (${signers.length}) must match URLs array length (${urls.length})`);
+        }
+        if (threshold < 1 || threshold > urls.length) {
+            throw new Error(`Threshold must be between 1 and ${urls.length} (number of URLs)`);
+        }
+        const attesters = urls.map((url, index) => {
+            return { url, signer: signers[index] };
+        });
+        return new KmsQuorumClient(attesters, threshold);
+    }
+    /**
+     * Creates a KmsQuorumClient from an array of KmsClient instances.
+     * Each KmsClient must have a signerAddress property.
+     *
+     * @param kmsClients - Array of KMS client instances
+     * @param threshold - Number of successful responses required (must be between 1 and kmsClients.length)
+     * @throws {Error} If KMS clients array is empty or threshold is invalid
+     */
+    static fromKmsClients(kmsClients, threshold) {
+        if (kmsClients.length === 0) {
+            throw new Error('At least one KMS client is required');
+        }
+        if (threshold < 1 || threshold > kmsClients.length) {
+            throw new Error(`Threshold must be between 1 and ${kmsClients.length} (number of KMS clients)`);
+        }
+        return new KmsQuorumClient(kmsClients, threshold);
+    }
+    async attestedDecrypt(request, executorAddress, client, backoffConfig, reencryptKeypair) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedDecrypt(request);
+        }, backoffConfig);
+        // Verify that responses are consistent across quorum (plaintext or ciphertext)
+        const { reference, winningResults } = await (0, quorumConsistency_js_1.verifyDecryptResponseConsistency)(thresholdResults, this.threshold, reencryptKeypair);
+        return this.buildAggregatedAttestations(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
+    }
+    async attestedCompute(request, executorAddress, client, backoffConfig, reencryptKeypair) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedCompute(request);
+        }, backoffConfig);
+        // Verify that responses are consistent across quorum
+        const { reference, winningResults } = await (0, quorumConsistency_js_1.verifyComputeResponseConsistency)(thresholdResults, this.threshold, request, reencryptKeypair);
+        return this.buildAggregatedComputeAttestation(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
+    }
+    async attestedReveal(request, executorAddress, client, backoffConfig) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.attestedReveal(request);
+        }, backoffConfig);
+        // Verify that responses are consistent across quorum (plaintext only for reveal)
+        const { reference, winningResults } = await (0, quorumConsistency_js_1.verifyDecryptResponseConsistency)(thresholdResults, this.threshold);
+        return this.buildAggregatedAttestations(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
+    }
+    async eListAttestedDecrypt(request, executorAddress, client, backoffConfig, reencryptKeypair) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.eListAttestedDecrypt(request);
+        }, backoffConfig);
+        const { reference, winningResults } = await (0, quorumConsistency_js_1.verifyEListResponseConsistency)(thresholdResults, this.threshold, reencryptKeypair);
+        const elistHandle = request.elistHandleWithProof?.handle;
+        if (!elistHandle) {
+            throw new types_js_1.EListAttestedDecryptError('Missing elistHandleWithProof.handle in request');
+        }
+        return this.buildAggregatedEListAttestation(elistHandle, reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client, reencryptKeypair);
+    }
+    async eListAttestedReveal(request, executorAddress, client, backoffConfig) {
+        const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
+            return await kms.client.eListAttestedReveal(request);
+        }, backoffConfig);
+        const { reference, winningResults } = await (0, quorumConsistency_js_1.verifyEListResponseConsistency)(thresholdResults, this.threshold);
+        return this.buildAggregatedEListAttestation(request.handle, reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
+    }
+    /**
+     * Generic method to execute a KMS operation across all clients with retry and threshold logic.
+     * Returns results with both the response and signer address.
+     */
+    async executeKmsOperationWithThreshold(operation, backoffConfig) {
+        // Create promises for all KMS clients, tracking signer addresses
+        // Each client call is wrapped with retry logic
+        const promises = this.kmss.map(async (kms, index) => {
+            try {
+                const response = await (0, retry_js_1.retryWithBackoff)(async () => {
+                    return await operation(kms);
+                }, backoffConfig);
+                return { response, signer: kms.signer };
+            }
+            catch (error) {
+                throw new Error(`KMS client ${index} (signer: ${kms.signer}) failed: ${error}`);
+            }
+        });
+        return await (0, thresholdPromises_js_1.executeWithThreshold)(promises, this.threshold);
+    }
+    /**
+     * Collects signatures from responses and sorts them by signer address (ascending).
+     * This is required by SignatureVerifier.
+     */
+    collectAndSortSignatures(signatures, signers) {
+        const signaturesWithSigners = signatures.map((signature, idx) => ({
+            signature,
+            signer: signers[idx],
+        }));
+        // Sort by signer address in ascending order (as required by SignatureVerifier)
+        signaturesWithSigners.sort((a, b) => {
+            const aBigInt = BigInt(a.signer);
+            const bBigInt = BigInt(b.signer);
+            if (aBigInt < bBigInt)
+                return -1;
+            if (aBigInt > bBigInt)
+                return 1;
+            return 0;
+        });
+        // Extract sorted signatures
+        return signaturesWithSigners.map((item) => item.signature);
+    }
+    /**
+     * Builds a plaintext attestation from a DecryptionAttestation proto message.
+     */
+    buildPlaintextAttestation(decryptionAttestation, covalidatorSignatures) {
+        if (!decryptionAttestation.value ||
+            decryptionAttestation.value.case !== 'plaintext') {
+            throw new Error('Expected plaintext attestation');
+        }
+        const plaintextBytes = decryptionAttestation.value.value.value;
+        const handle = decryptionAttestation.handle;
+        const handleType = (0, handle_js_1.getHandleType)(handle);
+        const bigIntValue = (0, binary_js_1.bytesToBigInt)(plaintextBytes);
+        const plaintext = (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.xwing, handleType, bigIntValue);
+        return {
+            handle,
+            plaintext,
+            covalidatorSignatures,
+        };
+    }
+    async buildAggregatedAttestations(reference, thresholdResponses, signers, executorAddress, client) {
+        const attestationCount = reference.decryptionAttestations.length;
+        const results = [];
+        for (let i = 0; i < attestationCount; i++) {
+            const refAtt = reference.decryptionAttestations[i];
+            if (!refAtt.value) {
+                throw new Error('No value in attestation');
+            }
+            // Collect signatures and sort by signer address
+            const signatures = thresholdResponses.map((resp) => resp.decryptionAttestations[i].signature);
+            const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
+            if (refAtt.value.case === 'plaintext') {
+                // Verify covalidator signatures over the plaintext attestation
+                // executorAddress and client are only undefined when using a non-real client (e.g. in tests)
+                if (executorAddress && client) {
+                    await (0, signatureVerification_js_1.verifyPlaintextAttestationSignatures)(refAtt.handle, refAtt.value.value.value, covalidatorSignatures, executorAddress, client);
+                }
+                results.push(this.buildPlaintextAttestation(refAtt, covalidatorSignatures));
+            }
+            else if (refAtt.value.case === 'reencryption') {
+                // Collect per-covalidator encrypted signatures and ciphertexts
+                const encryptedSignatures = [];
+                const perCovalidatorCiphertexts = [];
+                for (const resp of thresholdResponses) {
+                    const attValue = resp.decryptionAttestations[i].value;
+                    if (attValue?.case === 'reencryption') {
+                        encryptedSignatures.push(attValue.value.encryptedSignature);
+                        perCovalidatorCiphertexts.push(attValue.value.userCiphertext);
+                    }
+                    else {
+                        throw new Error(`Expected reencryption attestation but received '${attValue?.case}'`);
+                    }
+                }
+                const encryptedCovalidatorSignatures = this.collectAndSortSignatures(encryptedSignatures, signers);
+                const sortedCiphertexts = this.collectAndSortSignatures(perCovalidatorCiphertexts, signers);
+                // executorAddress and client are only undefined when using a non-real client (e.g. in tests)
+                if (executorAddress && client) {
+                    await (0, signatureVerification_js_1.verifyReencryptionAttestationSignatures)(refAtt.handle, sortedCiphertexts, encryptedCovalidatorSignatures, covalidatorSignatures, executorAddress, client);
+                }
+                const reencryption = refAtt.value.value;
+                const ct = reencryption.userCiphertext;
+                const handleType = (0, handle_js_1.getHandleType)((0, binary_js_1.parseHex)(refAtt.handle));
+                results.push({
+                    handle: refAtt.handle,
+                    encryptedPlaintext: {
+                        ciphertext: {
+                            value: (0, binary_js_1.bytesToHex)(ct),
+                            scheme: encryption_js_1.encryptionSchemes.xwing, // EncryptionScheme: XWING
+                            type: handleType,
+                        },
+                    },
+                    encryptedSignatures: encryptedCovalidatorSignatures,
+                    covalidatorSignatures,
+                });
+            }
+            else {
+                throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext' or 'reencryption'`);
+            }
+        }
+        return results;
+    }
+    async buildAggregatedComputeAttestation(reference, thresholdResponses, signers, executorAddress, client) {
+        const refAtt = reference.decryptionAttestation;
+        if (!refAtt) {
+            throw new Error('No decryption attestation in reference response');
+        }
+        if (!refAtt.value) {
+            throw new Error('No value in reference attestation');
+        }
+        // Collect signatures and sort by signer address
+        // All responses are guaranteed to have decryption attestations by verifyComputeResponseConsistency
+        const signatures = [];
+        for (const resp of thresholdResponses) {
+            const att = resp.decryptionAttestation;
+            if (!att)
+                throw new Error('Missing decryption attestation in winning response');
+            signatures.push(att.signature);
+        }
+        const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
+        if (refAtt.value.case === 'plaintext') {
+            // Verify covalidator signatures over the plaintext attestation
+            // executorAddress and client are only undefined when using a non-real client (e.g. in tests)
+            if (executorAddress && client) {
+                await (0, signatureVerification_js_1.verifyPlaintextAttestationSignatures)(refAtt.handle, refAtt.value.value.value, covalidatorSignatures, executorAddress, client);
+            }
+            return this.buildPlaintextAttestation(refAtt, covalidatorSignatures);
+        }
+        if (refAtt.value.case === 'reencryption') {
+            // Reencryption envelope signatures are verified per-covalidator via
+            // isValidReencryptionAttestation on-chain (each has a unique digest).
+            const reencryption = refAtt.value.value;
+            const ct = reencryption.userCiphertext;
+            if (!ct) {
+                throw new Error('No ciphertext in reencryption');
+            }
+            const handleType = (0, handle_js_1.getHandleType)((0, binary_js_1.parseHex)(refAtt.handle));
+            // Collect per-covalidator encrypted signatures and ciphertexts
+            const encryptedSignatures = [];
+            const perCovalidatorCiphertexts = [];
+            for (const resp of thresholdResponses) {
+                if (resp.decryptionAttestation?.value.case === 'reencryption') {
+                    const reenc = resp.decryptionAttestation.value.value;
+                    encryptedSignatures.push(reenc.encryptedSignature);
+                    perCovalidatorCiphertexts.push(reenc.userCiphertext);
+                }
+                else {
+                    throw new Error(`Expected reencryption attestation but received '${resp.decryptionAttestation?.value.case}'`);
+                }
+            }
+            const encryptedCovalidatorSignatures = this.collectAndSortSignatures(encryptedSignatures, signers);
+            const sortedCiphertexts = this.collectAndSortSignatures(perCovalidatorCiphertexts, signers);
+            // executorAddress and client are only undefined when using a non-real client (e.g. in tests)
+            if (executorAddress && client) {
+                await (0, signatureVerification_js_1.verifyReencryptionAttestationSignatures)(refAtt.handle, sortedCiphertexts, encryptedCovalidatorSignatures, covalidatorSignatures, executorAddress, client);
+            }
+            return {
+                handle: refAtt.handle,
+                encryptedPlaintext: {
+                    ciphertext: {
+                        value: (0, binary_js_1.bytesToHex)(ct),
+                        scheme: encryption_js_1.encryptionSchemes.xwing, // EncryptionScheme: XWING
+                        type: handleType,
+                    },
+                },
+                encryptedSignatures: encryptedCovalidatorSignatures,
+                covalidatorSignatures,
+            };
+        }
+        throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext' or 'reencryption'`);
+    }
+    async buildAggregatedEListAttestation(elistHandle, reference, thresholdResponses, signers, executorAddress, client, reencryptKeypair) {
+        const refProofAtt = reference.commitmentProofAttestation;
+        if (!refProofAtt) {
+            throw new Error('No commitmentProofAttestation in reference response');
+        }
+        if (!refProofAtt.value) {
+            throw new Error('No value in commitmentProofAttestation');
+        }
+        // Collect and sort commitment proof signatures
+        const proofSignatures = thresholdResponses.map((resp) => resp.commitmentProofAttestation.signature);
+        const covalidatorSignatures = this.collectAndSortSignatures(proofSignatures, signers);
+        // Build commitment proof from the attestation
+        // The commitment proof is always a keccak256 hash (uint256), regardless of the elist handle type.
+        let commitmentProof;
+        if (refProofAtt.value.case === 'plaintext') {
+            const proofBytes = refProofAtt.value.value.value;
+            const proofHandle = refProofAtt.handle;
+            // Verify commitment proof signatures
+            if (executorAddress && client) {
+                await (0, signatureVerification_js_1.verifyPlaintextAttestationSignatures)(proofHandle, proofBytes, covalidatorSignatures, executorAddress, client);
+            }
+            commitmentProof = (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.xwing, handle_js_1.handleTypes.euint256, (0, binary_js_1.bytesToBigInt)(proofBytes));
+        }
+        else {
+            throw new Error(`Unexpected commitmentProofAttestation type: ${refProofAtt.value.case}`);
+        }
+        // Verify proof hashes: per-element and aggregate
+        await this.verifyElementProofHashes(reference, refProofAtt.value.value.value, reencryptKeypair);
+        // Build values and commitments from EListElements
+        const elementType = (0, handle_js_1.getEListElementType)(elistHandle);
+        const commitments = [];
+        const isReencryption = reference.values.length > 0 &&
+            reference.values[0].value.case === 'reencryption';
+        if (isReencryption) {
+            const values = [];
+            for (const elem of reference.values) {
+                commitments.push(elem.commitment);
+                if (elem.value.case !== 'reencryption') {
+                    throw new Error(`Expected reencryption elist element but got '${elem.value.case}'`);
+                }
+                const ct = elem.value.value.userCiphertext;
+                values.push({
+                    ciphertext: {
+                        value: (0, binary_js_1.bytesToHex)(ct),
+                        scheme: encryption_js_1.encryptionSchemes.xwing,
+                        type: elementType,
+                    },
+                });
+            }
+            return {
+                handle: elistHandle,
+                commitmentProof,
+                values,
+                covalidatorSignatures,
+                commitments,
+            };
+        }
+        else {
+            const values = [];
+            for (const elem of reference.values) {
+                commitments.push(elem.commitment);
+                if (elem.value.case !== 'plaintext') {
+                    throw new Error(`Expected plaintext elist element but got '${elem.value.case}'`);
+                }
+                const plaintextBytes = elem.value.value.value;
+                values.push((0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.xwing, elementType, (0, binary_js_1.bytesToBigInt)(plaintextBytes)));
+            }
+            return {
+                handle: elistHandle,
+                commitmentProof,
+                values,
+                covalidatorSignatures,
+                commitments,
+            };
+        }
+    }
+    /**
+     * Verifies proof hashes at two levels:
+     * 1. Aggregate: keccak256(concat(proofHashes)) must equal the attested commitmentProof
+     * 2. Per-element:
+     *    - For plaintext (reveal): proofHash[i] = keccak256(value[i])
+     *    - For reencryption (decrypt): proofHash[i] = keccak256(commitment[i] || plaintext[i])
+     *      — requires reencryptKeypair to decrypt the ciphertext first.
+     */
+    async verifyElementProofHashes(reference, commitmentProofBytes, reencryptKeypair) {
+        // Aggregate check: keccak256(concat(proofHashes)) must match the attested commitment proof
+        const proofHashesConcat = new Uint8Array(reference.proofHashes.reduce((acc, h) => acc + h.length, 0));
+        let offset = 0;
+        for (const h of reference.proofHashes) {
+            proofHashesConcat.set(h, offset);
+            offset += h.length;
+        }
+        const computedProof = (0, viem_1.keccak256)((0, binary_js_1.bytesToHex)(proofHashesConcat));
+        const attestedProof = (0, binary_js_1.bytesToHex)(commitmentProofBytes);
+        if (computedProof !== attestedProof) {
+            throw new types_js_1.EListAttestedDecryptError(`Commitment proof verification failed: computed ${computedProof} but attested value is ${attestedProof}`);
+        }
+        // Per-element check
+        if (reference.proofHashes.length !== reference.values.length) {
+            throw new types_js_1.EListAttestedDecryptError(`proofHashes length (${reference.proofHashes.length}) does not match values length (${reference.values.length})`);
+        }
+        for (let i = 0; i < reference.values.length; i++) {
+            const elem = reference.values[i];
+            let preimage;
+            if (elem.value.case === 'reencryption') {
+                if (!reencryptKeypair) {
+                    // Can't verify without keypair; aggregate check + signatures still hold
+                    continue;
+                }
+                const plaintext = await (0, xwing_js_1.decrypt)(reencryptKeypair, elem.value.value.userCiphertext);
+                const combined = new Uint8Array(elem.commitment.length + plaintext.length);
+                combined.set(elem.commitment, 0);
+                combined.set(plaintext, elem.commitment.length);
+                preimage = combined;
+            }
+            else if (elem.value.case === 'plaintext') {
+                preimage = elem.value.value.value;
+            }
+            else {
+                throw new types_js_1.EListAttestedDecryptError(`Unexpected elist element type at index ${i}: ${elem.value.case}`);
+            }
+            const computedHash = (0, viem_1.keccak256)((0, binary_js_1.bytesToHex)(preimage));
+            const expectedHash = (0, binary_js_1.bytesToHex)(reference.proofHashes[i]);
+            if (computedHash !== expectedHash) {
+                throw new types_js_1.EListAttestedDecryptError(`Element proof hash mismatch at index ${i}: computed ${computedHash} but expected ${expectedHash}`);
+            }
+        }
+    }
+}
+exports.KmsQuorumClient = KmsQuorumClient;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVvcnVtQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2ttcy9xdW9ydW1DbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsK0JBQStDO0FBSy9DLDRDQUtzQjtBQUN0QiwrREFJMEM7QUFNMUMsK0RBR3FDO0FBY3JDLDRDQUErRTtBQUMvRSwrQ0FBOEQ7QUFFOUQsMENBQStDO0FBQy9DLDJDQUEyRDtBQUMzRCxpRUFJZ0M7QUFHaEMseUVBR29DO0FBQ3BDLGlFQUE4RDtBQU85RDs7O0dBR0c7QUFDSCxTQUFTLHNCQUFzQixDQUFDLFNBQWlCLEVBQUUsV0FBbUI7SUFDcEUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2pELElBQUksU0FBUyxHQUFHLFFBQVEsRUFBRSxDQUFDO1FBQ3pCLE1BQU0sSUFBSSxLQUFLLENBQ2IsY0FBYyxTQUFTLGtDQUFrQyxRQUFRLFFBQVEsV0FBVyx5Q0FBeUMsQ0FDOUgsQ0FBQztJQUNKLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBYSxlQUFlO0lBQ1QsSUFBSSxDQUFRO0lBQ1osU0FBUyxDQUFTO0lBUW5DLGlCQUFpQjtJQUNqQixZQUNFLGtCQUFvRSxFQUNwRSxTQUFpQjtRQUVqQixJQUFJLGtCQUFrQixDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLGlEQUFpRCxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQUksU0FBUyxHQUFHLENBQUMsSUFBSSxTQUFTLEdBQUcsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FDYixtQ0FBbUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQy9ELENBQUM7UUFDSixDQUFDO1FBRUQsc0JBQXNCLENBQUMsU0FBUyxFQUFFLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRTdELDJGQUEyRjtRQUMzRixJQUNFLGtCQUFrQixDQUFDLE1BQU0sR0FBRyxDQUFDO1lBQzdCLGlCQUFpQixJQUFJLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxFQUMxQyxDQUFDO1lBQ0QsMEJBQTBCO1lBQzFCLE1BQU0sVUFBVSxHQUFHLGtCQUFpQyxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDdEMsTUFBTTtnQkFDTixNQUFNLEVBQUUsTUFBTSxDQUFDLGFBQWE7YUFDN0IsQ0FBQyxDQUFDLENBQUM7UUFDTixDQUFDO2FBQU0sQ0FBQztZQUNOLGlEQUFpRDtZQUNqRCxNQUFNLFNBQVMsR0FBRyxrQkFHZixDQUFDO1lBQ0osSUFBSSxDQUFDLElBQUksR0FBRyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUU7Z0JBQ3JDLE9BQU87b0JBQ0wsTUFBTSxFQUFFLElBQUEsd0JBQVksRUFBQyxRQUFRLENBQUMsR0FBRyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBQ25ELE1BQU0sRUFBRSxRQUFRLENBQUMsTUFBTTtpQkFDeEIsQ0FBQztZQUNKLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUNELElBQUksQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILE1BQU0sQ0FBQyxRQUFRLENBQ2IsSUFBYyxFQUNkLE9BQWtCLEVBQ2xCLFNBQWlCO1FBRWpCLElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN0QixNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUM7UUFDbEQsQ0FBQztRQUNELElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbkMsTUFBTSxJQUFJLEtBQUssQ0FDYix5QkFBeUIsT0FBTyxDQUFDLE1BQU0sbUNBQW1DLElBQUksQ0FBQyxNQUFNLEdBQUcsQ0FDekYsQ0FBQztRQUNKLENBQUM7UUFFRCxJQUFJLFNBQVMsR0FBRyxDQUFDLElBQUksU0FBUyxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QyxNQUFNLElBQUksS0FBSyxDQUNiLG1DQUFtQyxJQUFJLENBQUMsTUFBTSxtQkFBbUIsQ0FDbEUsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxFQUFFO1lBQ3hDLE9BQU8sRUFBRSxHQUFHLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQ3pDLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxJQUFJLGVBQWUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSCxNQUFNLENBQUMsY0FBYyxDQUNuQixVQUF1QixFQUN2QixTQUFpQjtRQUVqQixJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxJQUFJLFNBQVMsR0FBRyxDQUFDLElBQUksU0FBUyxHQUFHLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNuRCxNQUFNLElBQUksS0FBSyxDQUNiLG1DQUFtQyxVQUFVLENBQUMsTUFBTSwwQkFBMEIsQ0FDL0UsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLElBQUksZUFBZSxDQUFDLFVBQVUsRUFBRSxTQUFTLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGVBQWUsQ0FDbkIsT0FBK0IsRUFDL0IsZUFBd0IsRUFDeEIsTUFBa0IsRUFDbEIsYUFBc0MsRUFDdEMsZ0JBQStCO1FBTy9CLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQ2xFLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtZQUNaLE9BQU8sTUFBTSxHQUFHLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRiwrRUFBK0U7UUFDL0UsTUFBTSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FDakMsTUFBTSxJQUFBLHVEQUFnQyxFQUNwQyxnQkFHRSxFQUNGLElBQUksQ0FBQyxTQUFTLEVBQ2QsZ0JBQWdCLENBQ2pCLENBQUM7UUFFSixPQUFPLElBQUksQ0FBQywyQkFBMkIsQ0FDckMsU0FBUyxFQUNULGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFDckMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxFQUNuQyxlQUFlLEVBQ2YsTUFBTSxDQUNQLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLGVBQWUsQ0FDbkIsT0FBK0IsRUFDL0IsZUFBd0IsRUFDeEIsTUFBa0IsRUFDbEIsYUFBc0MsRUFDdEMsZ0JBQStCO1FBSy9CLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQ2xFLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtZQUNaLE9BQU8sTUFBTSxHQUFHLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRixxREFBcUQ7UUFDckQsTUFBTSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FDakMsTUFBTSxJQUFBLHVEQUFnQyxFQUNwQyxnQkFHRSxFQUNGLElBQUksQ0FBQyxTQUFTLEVBQ2QsT0FBTyxFQUNQLGdCQUFnQixDQUNqQixDQUFDO1FBRUosT0FBTyxJQUFJLENBQUMsaUNBQWlDLENBQzNDLFNBQVMsRUFDVCxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEVBQ3JDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFDbkMsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQ2xCLE9BQThCLEVBQzlCLGVBQXdCLEVBQ3hCLE1BQWtCLEVBQ2xCLGFBQXNDO1FBT3RDLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQ2xFLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtZQUNaLE9BQU8sTUFBTSxHQUFHLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNsRCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRixpRkFBaUY7UUFDakYsTUFBTSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FDakMsTUFBTSxJQUFBLHVEQUFnQyxFQUNwQyxnQkFHRSxFQUNGLElBQUksQ0FBQyxTQUFTLENBQ2YsQ0FBQztRQUVKLE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUNyQyxTQUFTLEVBQ1QsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUNyQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEVBQ25DLGVBQWUsRUFDZixNQUFNLENBQ1AsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMsb0JBQW9CLENBQ3hCLE9BQW9DLEVBQ3BDLGVBQXdCLEVBQ3hCLE1BQWtCLEVBQ2xCLGFBQXNDLEVBQ3RDLGdCQUErQjtRQUsvQixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGdDQUFnQyxDQUNsRSxLQUFLLEVBQUUsR0FBRyxFQUFFLEVBQUU7WUFDWixPQUFPLE1BQU0sR0FBRyxDQUFDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN4RCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRixNQUFNLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUFHLE1BQU0sSUFBQSxxREFBOEIsRUFDeEUsZ0JBR0UsRUFDRixJQUFJLENBQUMsU0FBUyxFQUNkLGdCQUFnQixDQUNqQixDQUFDO1FBRUYsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLG9CQUFvQixFQUFFLE1BQU0sQ0FBQztRQUN6RCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLG9DQUF5QixDQUNqQyxnREFBZ0QsQ0FDakQsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQywrQkFBK0IsQ0FDekMsV0FBd0IsRUFDeEIsU0FBUyxFQUNULGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFDckMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxFQUNuQyxlQUFlLEVBQ2YsTUFBTSxFQUNOLGdCQUFnQixDQUNqQixDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxtQkFBbUIsQ0FDdkIsT0FBbUMsRUFDbkMsZUFBd0IsRUFDeEIsTUFBa0IsRUFDbEIsYUFBc0M7UUFFdEMsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsbUJBQW1CLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdkQsQ0FBQyxFQUNELGFBQWEsQ0FDZCxDQUFDO1FBRUYsTUFBTSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FBRyxNQUFNLElBQUEscURBQThCLEVBQ3hFLGdCQUdFLEVBQ0YsSUFBSSxDQUFDLFNBQVMsQ0FDZixDQUFDO1FBRUYsT0FBTyxJQUFJLENBQUMsK0JBQStCLENBQ3pDLE9BQU8sQ0FBQyxNQUFtQixFQUMzQixTQUFTLEVBQ1QsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUNyQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEVBQ25DLGVBQWUsRUFDZixNQUFNLENBR1AsQ0FBQztJQUNKLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsZ0NBQWdDLENBQzVDLFNBQTJDLEVBQzNDLGFBQXNDO1FBRXRDLGlFQUFpRTtRQUNqRSwrQ0FBK0M7UUFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRTtZQUNsRCxJQUFJLENBQUM7Z0JBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFBLDJCQUFnQixFQUFDLEtBQUssSUFBSSxFQUFFO29CQUNqRCxPQUFPLE1BQU0sU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUM5QixDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7Z0JBQ2xCLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUMxQyxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDZixNQUFNLElBQUksS0FBSyxDQUNiLGNBQWMsS0FBSyxhQUFhLEdBQUcsQ0FBQyxNQUFNLGFBQWEsS0FBSyxFQUFFLENBQy9ELENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sSUFBQSwyQ0FBb0IsRUFHOUIsUUFBUSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssd0JBQXdCLENBQzlCLFVBQXdCLEVBQ3hCLE9BQWtCO1FBRWxCLE1BQU0scUJBQXFCLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLFNBQVMsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDaEUsU0FBUztZQUNULE1BQU0sRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDO1NBQ3JCLENBQUMsQ0FBQyxDQUFDO1FBRUosK0VBQStFO1FBQy9FLHFCQUFxQixDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRTtZQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDakMsSUFBSSxPQUFPLEdBQUcsT0FBTztnQkFBRSxPQUFPLENBQUMsQ0FBQyxDQUFDO1lBQ2pDLElBQUksT0FBTyxHQUFHLE9BQU87Z0JBQUUsT0FBTyxDQUFDLENBQUM7WUFDaEMsT0FBTyxDQUFDLENBQUM7UUFDWCxDQUFDLENBQUMsQ0FBQztRQUVILDRCQUE0QjtRQUM1QixPQUFPLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzdELENBQUM7SUFFRDs7T0FFRztJQUNLLHlCQUF5QixDQUMvQixxQkFBaUQsRUFDakQscUJBQW1DO1FBRW5DLElBQ0UsQ0FBQyxxQkFBcUIsQ0FBQyxLQUFLO1lBQzVCLHFCQUFxQixDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUNoRCxDQUFDO1lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxxQkFBcUIsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztRQUMvRCxNQUFNLE1BQU0sR0FBRyxxQkFBcUIsQ0FBQyxNQUFtQixDQUFDO1FBQ3pELE1BQU0sVUFBVSxHQUFHLElBQUEseUJBQWEsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUN6QyxNQUFNLFdBQVcsR0FBRyxJQUFBLHlCQUFhLEVBQUMsY0FBYyxDQUFDLENBQUM7UUFDbEQsTUFBTSxTQUFTLEdBQUcsSUFBQSxpQ0FBaUIsRUFDakMsaUNBQWlCLENBQUMsS0FBSyxFQUN2QixVQUE4QixFQUM5QixXQUFXLENBQ1osQ0FBQztRQUVGLE9BQU87WUFDTCxNQUFNO1lBQ04sU0FBUztZQUNULHFCQUFxQjtTQUN1QyxDQUFDO0lBQ2pFLENBQUM7SUFFTyxLQUFLLENBQUMsMkJBQTJCLENBQ3ZDLFNBQTJELEVBQzNELGtCQUF3RSxFQUN4RSxPQUFrQixFQUNsQixlQUF3QixFQUN4QixNQUFrQjtRQU9sQixNQUFNLGdCQUFnQixHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLENBQUM7UUFDakUsTUFBTSxPQUFPLEdBR1AsRUFBRSxDQUFDO1FBRVQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGdCQUFnQixFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDMUMsTUFBTSxNQUFNLEdBQUcsU0FBUyxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ25ELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUM3QyxDQUFDO1lBRUQsZ0RBQWdEO1lBQ2hELE1BQU0sVUFBVSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FDdkMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQ25ELENBQUM7WUFDRixNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDekQsVUFBVSxFQUNWLE9BQU8sQ0FDUixDQUFDO1lBRUYsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztnQkFDdEMsK0RBQStEO2dCQUMvRCw2RkFBNkY7Z0JBQzdGLElBQUksZUFBZSxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUM5QixNQUFNLElBQUEsK0RBQW9DLEVBQ3hDLE1BQU0sQ0FBQyxNQUFNLEVBQ2IsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN4QixxQkFBcUIsRUFDckIsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsT0FBTyxDQUFDLElBQUksQ0FDVixJQUFJLENBQUMseUJBQXlCLENBQUMsTUFBTSxFQUFFLHFCQUFxQixDQUFDLENBQzlELENBQUM7WUFDSixDQUFDO2lCQUFNLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ2hELCtEQUErRDtnQkFDL0QsTUFBTSxtQkFBbUIsR0FBaUIsRUFBRSxDQUFDO2dCQUM3QyxNQUFNLHlCQUF5QixHQUFpQixFQUFFLENBQUM7Z0JBQ25ELEtBQUssTUFBTSxJQUFJLElBQUksa0JBQWtCLEVBQUUsQ0FBQztvQkFDdEMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQztvQkFDdEQsSUFBSSxRQUFRLEVBQUUsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO3dCQUN0QyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO3dCQUM1RCx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FBQztvQkFDaEUsQ0FBQzt5QkFBTSxDQUFDO3dCQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsbURBQW1ELFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FDckUsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7Z0JBRUQsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ2xFLG1CQUFtQixFQUNuQixPQUFPLENBQ1IsQ0FBQztnQkFFRixNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDckQseUJBQXlCLEVBQ3pCLE9BQU8sQ0FDUixDQUFDO2dCQUVGLDZGQUE2RjtnQkFDN0YsSUFBSSxlQUFlLElBQUksTUFBTSxFQUFFLENBQUM7b0JBQzlCLE1BQU0sSUFBQSxrRUFBdUMsRUFDM0MsTUFBTSxDQUFDLE1BQU0sRUFDYixpQkFBaUIsRUFDakIsOEJBQThCLEVBQzlCLHFCQUFxQixFQUNyQixlQUFlLEVBQ2YsTUFBTSxDQUNQLENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztnQkFDeEMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztnQkFDdkMsTUFBTSxVQUFVLEdBQUcsSUFBQSx5QkFBYSxFQUFDLElBQUEsb0JBQVEsRUFBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztnQkFDMUQsT0FBTyxDQUFDLElBQUksQ0FBQztvQkFDWCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQW1CO29CQUNsQyxrQkFBa0IsRUFBRTt3QkFDbEIsVUFBVSxFQUFFOzRCQUNWLEtBQUssRUFBRSxJQUFBLHNCQUFVLEVBQUMsRUFBRSxDQUFDOzRCQUNyQixNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSyxFQUFFLDBCQUEwQjs0QkFDM0QsSUFBSSxFQUFFLFVBQThCO3lCQUNyQztxQkFDcUQ7b0JBQ3hELG1CQUFtQixFQUFFLDhCQUE4QjtvQkFDbkQscUJBQXFCO2lCQUl0QixDQUFDLENBQUM7WUFDTCxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxJQUFJLEtBQUssQ0FDYixnQ0FBZ0MsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLDBDQUEwQyxDQUM1RixDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLE9BQU8sQ0FBQztJQUNqQixDQUFDO0lBRU8sS0FBSyxDQUFDLGlDQUFpQyxDQUM3QyxTQUFrQyxFQUNsQyxrQkFBNkMsRUFDN0MsT0FBa0IsRUFDbEIsZUFBd0IsRUFDeEIsTUFBa0I7UUFLbEIsTUFBTSxNQUFNLEdBQUcsU0FBUyxDQUFDLHFCQUFxQixDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNaLE1BQU0sSUFBSSxLQUFLLENBQUMsaURBQWlELENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELGdEQUFnRDtRQUNoRCxtR0FBbUc7UUFDbkcsTUFBTSxVQUFVLEdBQWlCLEVBQUUsQ0FBQztRQUNwQyxLQUFLLE1BQU0sSUFBSSxJQUFJLGtCQUFrQixFQUFFLENBQUM7WUFDdEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDO1lBQ3ZDLElBQUksQ0FBQyxHQUFHO2dCQUNOLE1BQU0sSUFBSSxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztZQUN4RSxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUNqQyxDQUFDO1FBQ0QsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ3pELFVBQVUsRUFDVixPQUFPLENBQ1IsQ0FBQztRQUVGLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7WUFDdEMsK0RBQStEO1lBQy9ELDZGQUE2RjtZQUM3RixJQUFJLGVBQWUsSUFBSSxNQUFNLEVBQUUsQ0FBQztnQkFDOUIsTUFBTSxJQUFBLCtEQUFvQyxFQUN4QyxNQUFNLENBQUMsTUFBTSxFQUNiLE1BQU0sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEtBQUssRUFDeEIscUJBQXFCLEVBQ3JCLGVBQWUsRUFDZixNQUFNLENBQ1AsQ0FBQztZQUNKLENBQUM7WUFDRCxPQUFPLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxNQUFNLEVBQUUscUJBQXFCLENBQUMsQ0FBQztRQUN2RSxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjLEVBQUUsQ0FBQztZQUN6QyxvRUFBb0U7WUFDcEUsc0VBQXNFO1lBRXRFLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQ3hDLE1BQU0sRUFBRSxHQUFHLFlBQVksQ0FBQyxjQUFjLENBQUM7WUFDdkMsSUFBSSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUNSLE1BQU0sSUFBSSxLQUFLLENBQUMsK0JBQStCLENBQUMsQ0FBQztZQUNuRCxDQUFDO1lBRUQsTUFBTSxVQUFVLEdBQUcsSUFBQSx5QkFBYSxFQUFDLElBQUEsb0JBQVEsRUFBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUUxRCwrREFBK0Q7WUFDL0QsTUFBTSxtQkFBbUIsR0FBaUIsRUFBRSxDQUFDO1lBQzdDLE1BQU0seUJBQXlCLEdBQWlCLEVBQUUsQ0FBQztZQUNuRCxLQUFLLE1BQU0sSUFBSSxJQUFJLGtCQUFrQixFQUFFLENBQUM7Z0JBQ3RDLElBQUksSUFBSSxDQUFDLHFCQUFxQixFQUFFLEtBQUssQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7b0JBQzlELE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO29CQUNyRCxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUFDLENBQUM7b0JBQ25ELHlCQUF5QixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDLENBQUM7Z0JBQ3ZELENBQUM7cUJBQU0sQ0FBQztvQkFDTixNQUFNLElBQUksS0FBSyxDQUNiLG1EQUFtRCxJQUFJLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLElBQUksR0FBRyxDQUM3RixDQUFDO2dCQUNKLENBQUM7WUFDSCxDQUFDO1lBRUQsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ2xFLG1CQUFtQixFQUNuQixPQUFPLENBQ1IsQ0FBQztZQUVGLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLHdCQUF3QixDQUNyRCx5QkFBeUIsRUFDekIsT0FBTyxDQUNSLENBQUM7WUFFRiw2RkFBNkY7WUFDN0YsSUFBSSxlQUFlLElBQUksTUFBTSxFQUFFLENBQUM7Z0JBQzlCLE1BQU0sSUFBQSxrRUFBdUMsRUFDM0MsTUFBTSxDQUFDLE1BQU0sRUFDYixpQkFBaUIsRUFDakIsOEJBQThCLEVBQzlCLHFCQUFxQixFQUNyQixlQUFlLEVBQ2YsTUFBTSxDQUNQLENBQUM7WUFDSixDQUFDO1lBRUQsT0FBTztnQkFDTCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQW1CO2dCQUNsQyxrQkFBa0IsRUFBRTtvQkFDbEIsVUFBVSxFQUFFO3dCQUNWLEtBQUssRUFBRSxJQUFBLHNCQUFVLEVBQUMsRUFBRSxDQUFDO3dCQUNyQixNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSyxFQUFFLDBCQUEwQjt3QkFDM0QsSUFBSSxFQUFFLFVBQThCO3FCQUNyQztpQkFDcUQ7Z0JBQ3hELG1CQUFtQixFQUFFLDhCQUE4QjtnQkFDbkQscUJBQXFCO2FBQ2dELENBQUM7UUFDMUUsQ0FBQztRQUVELE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0NBQWdDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSwwQ0FBMEMsQ0FDNUYsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsK0JBQStCLENBQzNDLFdBQXNCLEVBQ3RCLFNBQXFFLEVBQ3JFLGtCQUVDLEVBQ0QsT0FBa0IsRUFDbEIsZUFBd0IsRUFDeEIsTUFBa0IsRUFDbEIsZ0JBQStCO1FBSy9CLE1BQU0sV0FBVyxHQUFHLFNBQVMsQ0FBQywwQkFBMEIsQ0FBQztRQUN6RCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLEtBQUssQ0FBQyxxREFBcUQsQ0FBQyxDQUFDO1FBQ3pFLENBQUM7UUFDRCxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsd0NBQXdDLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBRUQsK0NBQStDO1FBQy9DLE1BQU0sZUFBZSxHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FDNUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQywwQkFBMkIsQ0FBQyxTQUFTLENBQ3JELENBQUM7UUFDRixNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDekQsZUFBZSxFQUNmLE9BQU8sQ0FDUixDQUFDO1FBRUYsOENBQThDO1FBQzlDLGtHQUFrRztRQUNsRyxJQUFJLGVBQXFELENBQUM7UUFDMUQsSUFBSSxXQUFXLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUMzQyxNQUFNLFVBQVUsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDakQsTUFBTSxXQUFXLEdBQUcsV0FBVyxDQUFDLE1BQW1CLENBQUM7WUFFcEQscUNBQXFDO1lBQ3JDLElBQUksZUFBZSxJQUFJLE1BQU0sRUFBRSxDQUFDO2dCQUM5QixNQUFNLElBQUEsK0RBQW9DLEVBQ3hDLFdBQVcsRUFDWCxVQUFVLEVBQ1YscUJBQXFCLEVBQ3JCLGVBQWUsRUFDZixNQUFNLENBQ1AsQ0FBQztZQUNKLENBQUM7WUFFRCxlQUFlLEdBQUcsSUFBQSxpQ0FBaUIsRUFDakMsaUNBQWlCLENBQUMsS0FBSyxFQUN2Qix1QkFBVyxDQUFDLFFBQTRCLEVBQ3hDLElBQUEseUJBQWEsRUFBQyxVQUFVLENBQUMsQ0FDMUIsQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxJQUFJLEtBQUssQ0FDYiwrQ0FBK0MsV0FBVyxDQUFDLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FDeEUsQ0FBQztRQUNKLENBQUM7UUFFRCxpREFBaUQ7UUFDakQsTUFBTSxJQUFJLENBQUMsd0JBQXdCLENBQ2pDLFNBQVMsRUFDVCxXQUFXLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLEVBQzdCLGdCQUFnQixDQUNqQixDQUFDO1FBRUYsa0RBQWtEO1FBQ2xELE1BQU0sV0FBVyxHQUFHLElBQUEsK0JBQW1CLEVBQUMsV0FBVyxDQUFxQixDQUFDO1FBQ3pFLE1BQU0sV0FBVyxHQUFpQixFQUFFLENBQUM7UUFDckMsTUFBTSxjQUFjLEdBQ2xCLFNBQVMsQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQUM7WUFDM0IsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsQ0FBQztRQUVwRCxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ25CLE1BQU0sTUFBTSxHQUEwRCxFQUFFLENBQUM7WUFDekUsS0FBSyxNQUFNLElBQUksSUFBSSxTQUFTLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ3BDLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO2dCQUNsQyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO29CQUN2QyxNQUFNLElBQUksS0FBSyxDQUNiLGdEQUFnRCxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksR0FBRyxDQUNuRSxDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsTUFBTSxFQUFFLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUFDO2dCQUMzQyxNQUFNLENBQUMsSUFBSSxDQUFDO29CQUNWLFVBQVUsRUFBRTt3QkFDVixLQUFLLEVBQUUsSUFBQSxzQkFBVSxFQUFDLEVBQUUsQ0FBQzt3QkFDckIsTUFBTSxFQUFFLGlDQUFpQixDQUFDLEtBQUs7d0JBQy9CLElBQUksRUFBRSxXQUFXO3FCQUNsQjtpQkFDcUQsQ0FBQyxDQUFDO1lBQzVELENBQUM7WUFDRCxPQUFPO2dCQUNMLE1BQU0sRUFBRSxXQUFXO2dCQUNuQixlQUFlO2dCQUNmLE1BQU07Z0JBQ04scUJBQXFCO2dCQUNyQixXQUFXO2FBSVosQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxNQUFNLEdBQTJDLEVBQUUsQ0FBQztZQUMxRCxLQUFLLE1BQU0sSUFBSSxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDcEMsV0FBVyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7Z0JBQ2xDLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7b0JBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQ2IsNkNBQTZDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxHQUFHLENBQ2hFLENBQUM7Z0JBQ0osQ0FBQztnQkFDRCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyxJQUFJLENBQ1QsSUFBQSxpQ0FBaUIsRUFDZixpQ0FBaUIsQ0FBQyxLQUFLLEVBQ3ZCLFdBQVcsRUFDWCxJQUFBLHlCQUFhLEVBQUMsY0FBYyxDQUFDLENBQzlCLENBQ0YsQ0FBQztZQUNKLENBQUM7WUFDRCxPQUFPO2dCQUNMLE1BQU0sRUFBRSxXQUFXO2dCQUNuQixlQUFlO2dCQUNmLE1BQU07Z0JBQ04scUJBQXFCO2dCQUNyQixXQUFXO2FBQ3NELENBQUM7UUFDdEUsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ssS0FBSyxDQUFDLHdCQUF3QixDQUNwQyxTQUFxRSxFQUNyRSxvQkFBZ0MsRUFDaEMsZ0JBQStCO1FBRS9CLDJGQUEyRjtRQUMzRixNQUFNLGlCQUFpQixHQUFHLElBQUksVUFBVSxDQUN0QyxTQUFTLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxDQUM1RCxDQUFDO1FBQ0YsSUFBSSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1FBQ2YsS0FBSyxNQUFNLENBQUMsSUFBSSxTQUFTLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDdEMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUNqQyxNQUFNLElBQUksQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUNyQixDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsSUFBQSxnQkFBUyxFQUFDLElBQUEsc0JBQVUsRUFBQyxpQkFBaUIsQ0FBQyxDQUFDLENBQUM7UUFDL0QsTUFBTSxhQUFhLEdBQUcsSUFBQSxzQkFBVSxFQUFDLG9CQUFvQixDQUFDLENBQUM7UUFDdkQsSUFBSSxhQUFhLEtBQUssYUFBYSxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLG9DQUF5QixDQUNqQyxrREFBa0QsYUFBYSwwQkFBMEIsYUFBYSxFQUFFLENBQ3pHLENBQUM7UUFDSixDQUFDO1FBRUQsb0JBQW9CO1FBQ3BCLElBQUksU0FBUyxDQUFDLFdBQVcsQ0FBQyxNQUFNLEtBQUssU0FBUyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3RCxNQUFNLElBQUksb0NBQXlCLENBQ2pDLHVCQUF1QixTQUFTLENBQUMsV0FBVyxDQUFDLE1BQU0sbUNBQW1DLFNBQVMsQ0FBQyxNQUFNLENBQUMsTUFBTSxHQUFHLENBQ2pILENBQUM7UUFDSixDQUFDO1FBRUQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFNBQVMsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDakQsTUFBTSxJQUFJLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNqQyxJQUFJLFFBQW9CLENBQUM7WUFFekIsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDdkMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7b0JBQ3RCLHdFQUF3RTtvQkFDeEUsU0FBUztnQkFDWCxDQUFDO2dCQUNELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxrQkFBTyxFQUM3QixnQkFBZ0IsRUFDaEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUNoQyxDQUFDO2dCQUNGLE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUM3QixJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sR0FBRyxTQUFTLENBQUMsTUFBTSxDQUMxQyxDQUFDO2dCQUNGLFFBQVEsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDakMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDaEQsUUFBUSxHQUFHLFFBQVEsQ0FBQztZQUN0QixDQUFDO2lCQUFNLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQzNDLFFBQVEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDcEMsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sSUFBSSxvQ0FBeUIsQ0FDakMsMENBQTBDLENBQUMsS0FBSyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUNsRSxDQUFDO1lBQ0osQ0FBQztZQUVELE1BQU0sWUFBWSxHQUFHLElBQUEsZ0JBQVMsRUFBQyxJQUFBLHNCQUFVLEVBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztZQUNyRCxNQUFNLFlBQVksR0FBRyxJQUFBLHNCQUFVLEVBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzFELElBQUksWUFBWSxLQUFLLFlBQVksRUFBRSxDQUFDO2dCQUNsQyxNQUFNLElBQUksb0NBQXlCLENBQ2pDLHdDQUF3QyxDQUFDLGNBQWMsWUFBWSxpQkFBaUIsWUFBWSxFQUFFLENBQ25HLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRjtBQXp6QkQsMENBeXpCQyJ9

package/dist/cjs/kms/quorumConsistency.d.ts

@@ -0,0 +1,82 @@
+import type { Address } from 'viem';
+import type { AttestedComputeRequest, AttestedComputeResponse, AttestedDecryptResponse, AttestedRevealResponse, EListAttestedDecryptResponse, EListAttestedRevealResponse, DecryptionAttestation as ProtoDecryptionAttestation } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import type { XwingKeypair } from '../lite/xwing.js';
+/**
+ * Computes a canonical key for a single attestation.
+ * For plaintext/reencryption+keypair, the key is handle:hex(value).
+ * For reencryption without a keypair (XWing ciphertexts are non-deterministic),
+ * falls back to handle:op-type as a structural stand-in.
+ */
+export declare function computeAttestationKey(att: ProtoDecryptionAttestation, reencryptKeypair?: XwingKeypair): Promise<string>;
+/**
+ * Validates that all responses in a winning bucket have the same attestation
+ * count and types as the quorum-elected reference (bucket[0]).
+ */
+export declare function validateDecryptResponseStructure<T extends AttestedDecryptResponse | AttestedRevealResponse>(bucket: Array<{
+    response: T;
+    signer: Address;
+}>): void;
+/**
+ * Validates that all responses in a winning bucket have a decryption
+ * attestation with the same case as the quorum-elected reference (bucket[0]),
+ * and that the case is consistent with the request's reencryptPubKey.
+ */
+export declare function validateComputeResponseStructure(bucket: Array<{
+    response: AttestedComputeResponse;
+    signer: Address;
+}>, request?: AttestedComputeRequest): void;
+/**
+ * Verifies decrypt/reveal response consistency using hash-bucket voting.
+ * Collects all N responses, buckets them by content key, and returns the
+ * winning bucket (the first one with >= threshold votes).
+ *
+ * This is robust against a faulty first-responding node: even if responses[0]
+ * disagrees, a quorum of agreeing responses will form a winning bucket.
+ */
+export declare function verifyDecryptResponseConsistency<T extends AttestedDecryptResponse | AttestedRevealResponse>(allResults: Array<{
+    response: T;
+    signer: Address;
+}>, threshold: number, reencryptKeypair?: XwingKeypair): Promise<{
+    reference: T;
+    winningResults: Array<{
+        response: T;
+        signer: Address;
+    }>;
+}>;
+type EListResponse = EListAttestedDecryptResponse | EListAttestedRevealResponse;
+/**
+ * Validates that all elist responses in a winning bucket have the same
+ * number of values and matching indices.
+ */
+export declare function validateEListResponseStructure<T extends EListResponse>(bucket: Array<{
+    response: T;
+    signer: Address;
+}>): void;
+/**
+ * Verifies elist response consistency using hash-bucket voting.
+ * Works for both EListAttestedDecryptResponse and EListAttestedRevealResponse.
+ */
+export declare function verifyEListResponseConsistency<T extends EListResponse>(allResults: Array<{
+    response: T;
+    signer: Address;
+}>, threshold: number, reencryptKeypair?: XwingKeypair): Promise<{
+    reference: T;
+    winningResults: Array<{
+        response: T;
+        signer: Address;
+    }>;
+}>;
+/**
+ * Verifies compute response consistency using hash-bucket voting.
+ */
+export declare function verifyComputeResponseConsistency(allResults: Array<{
+    response: AttestedComputeResponse;
+    signer: Address;
+}>, threshold: number, request?: AttestedComputeRequest, reencryptKeypair?: XwingKeypair): Promise<{
+    reference: AttestedComputeResponse;
+    winningResults: Array<{
+        response: AttestedComputeResponse;
+        signer: Address;
+    }>;
+}>;
+export {};