@interest-protocol/vortex-sdk 11.3.1 → 12.0.4

package/dist/utils/decrypt.d.ts

@@ -1,9 +1,9 @@
-import { PaginatedEvents } from '@mysten/sui/client';
-import { Commitment } from '../vortex-api.types';
-import { VortexKeypair } from '../entities/keypair';
+import type { PaginatedEvents } from '@mysten/sui/client';
+import type { Commitment } from '../vortex-api.types';
+import type { VortexKeypair } from '../entities/keypair';
+import type { Vortex } from '../vortex';
+import type { VortexPool } from '../vortex.types';
 import { Utxo } from '../entities/utxo';
-import { Vortex } from '../vortex';
-import { VortexPool } from '../vortex.types';
 interface GetUnspentUtxosArgs {
     commitmentEvents: PaginatedEvents;
     vortexKeypair: VortexKeypair;
@@ -18,7 +18,7 @@ interface GetUnspentUtxosWithApiArgs {
     vortexPool: string | VortexPool;
 }
 interface GetUnspentUtxosWithApiAndCommitmentsArgs {
-    commitments: Pick<Commitment, 'coinType' | 'encryptedOutput'>[];
+    commitments: Pick<Commitment, 'coinType' | 'encryptedOutput' | 'index'>[];
     vortexKeypair: VortexKeypair;
     vortexSdk: Vortex;
     vortexPool: string | VortexPool;
@@ -26,7 +26,7 @@ interface GetUnspentUtxosWithApiAndCommitmentsArgs {
 export declare const getUnspentUtxosWithApi: ({ commitments, vortexKeypair, vortexSdk, vortexPool, }: GetUnspentUtxosWithApiArgs) => Promise<Utxo[]>;
 export declare const getUnspentUtxosWithApiAndCommitments: ({ commitments, vortexKeypair, vortexSdk, vortexPool, }: GetUnspentUtxosWithApiAndCommitmentsArgs) => Promise<{
     unspentUtxos: Utxo[];
-    userCommitments: Pick<Commitment, "coinType" | "encryptedOutput">[];
+    userCommitments: Pick<Commitment, "index" | "coinType" | "encryptedOutput">[];
 }>;
 export {};
 //# sourceMappingURL=decrypt.d.ts.map

package/dist/utils/decrypt.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../../src/utils/decrypt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAErD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAExC,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAG7C,UAAU,mBAAmB;IAC3B,gBAAgB,EAAE,eAAe,CAAC;IAClC,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,eAAO,MAAM,eAAe,GAAU,6DAKnC,mBAAmB,oBAkCrB,CAAC;AAEF,UAAU,0BAA0B;IAClC,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,UAAU,wCAAwC;IAChD,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,iBAAiB,CAAC,EAAE,CAAC;IAChE,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,eAAO,MAAM,sBAAsB,GAAU,wDAK1C,0BAA0B,oBA2C5B,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAAU,wDAKxD,wCAAwC;;;EAmD1C,CAAC"}
+{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../../src/utils/decrypt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAe,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAGlD,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAIxC,UAAU,mBAAmB;IAC3B,gBAAgB,EAAE,eAAe,CAAC;IAClC,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,eAAO,MAAM,eAAe,GAAU,6DAKnC,mBAAmB,oBAyCrB,CAAC;AAEF,UAAU,0BAA0B;IAClC,WAAW,EAAE,UAAU,EAAE,CAAC;IAC1B,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,UAAU,wCAAwC;IAChD,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,iBAAiB,GAAG,OAAO,CAAC,EAAE,CAAC;IAC1E,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,UAAU,CAAC;CACjC;AAED,eAAO,MAAM,sBAAsB,GAAU,wDAK1C,0BAA0B,oBA8C5B,CAAC;AAEF,eAAO,MAAM,oCAAoC,GAAU,wDAKxD,wCAAwC;;;EAoD1C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@interest-protocol/vortex-sdk",
-  "version": "11.3.1",
+  "version": "12.0.4",
   "description": "",
   "main": "index.js",
   "module": "./dist/index.mjs",

package/src/__tests__/entities/keypair.spec.ts

@@ -108,8 +108,267 @@ describe(VortexKeypair.name, () => {
         keypair1.encryptionKey
       );
 
-      // Attempting to decrypt with wrong keypair should throw or produce garbage
-      expect(() => keypair2.decryptUtxo(encrypted)).toThrow();
+      // Attempting to decrypt with wrong keypair should throw
+      expect(() => keypair2.decryptUtxo(encrypted)).toThrow(
+        'Decryption failed: HMAC verification failed'
+      );
+    });
+
+    it('should ALWAYS fail with wrong keypair - 100 iterations', () => {
+      // This test verifies the key-committing property of HMAC
+      // With the old Poly1305, this could sometimes succeed with garbage data
+      // With HMAC-SHA256, it should ALWAYS fail
+
+      const correctKeypair = VortexKeypair.generate();
+      const utxo = {
+        amount: 1000000n,
+        blinding: 123456789n,
+        index: 42n,
+        vortexPool:
+          '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef',
+      };
+
+      const encrypted = VortexKeypair.encryptUtxoFor(
+        utxo,
+        correctKeypair.encryptionKey
+      );
+
+      let failureCount = 0;
+      const iterations = 100;
+
+      for (let i = 0; i < iterations; i++) {
+        const wrongKeypair = VortexKeypair.generate();
+        try {
+          wrongKeypair.decryptUtxo(encrypted);
+          // If we get here, decryption "succeeded" (BUG!)
+        } catch {
+          failureCount++;
+        }
+      }
+
+      // ALL attempts must fail - this proves the key-committing property
+      expect(failureCount).toBe(iterations);
+    });
+
+    it('should throw specific HMAC error message on wrong key', () => {
+      const keypair1 = VortexKeypair.generate();
+      const keypair2 = VortexKeypair.generate();
+
+      const utxo = {
+        amount: 500n,
+        blinding: 12345n,
+        index: 1n,
+        vortexPool: '0xabc',
+      };
+
+      const encrypted = VortexKeypair.encryptUtxoFor(
+        utxo,
+        keypair1.encryptionKey
+      );
+
+      expect(() => keypair2.decryptUtxo(encrypted)).toThrow(
+        'HMAC verification failed'
+      );
+    });
+
+    it('should decrypt correctly with the right keypair after failed attempts', () => {
+      const correctKeypair = VortexKeypair.generate();
+      const utxo = {
+        amount: 9999n,
+        blinding: 8888n,
+        index: 7n,
+        vortexPool: '0xdef',
+      };
+
+      const encrypted = VortexKeypair.encryptUtxoFor(
+        utxo,
+        correctKeypair.encryptionKey
+      );
+
+      // Try 10 wrong keypairs first
+      for (let i = 0; i < 10; i++) {
+        const wrongKeypair = VortexKeypair.generate();
+        expect(() => wrongKeypair.decryptUtxo(encrypted)).toThrow();
+      }
+
+      // Now decrypt with correct keypair - should still work
+      const decrypted = correctKeypair.decryptUtxo(encrypted);
+      expect(decrypted.amount).toBe(utxo.amount);
+      expect(decrypted.blinding).toBe(utxo.blinding);
+      expect(decrypted.index).toBe(utxo.index);
+    });
+
+    it('should handle large amounts correctly', () => {
+      const keypair = VortexKeypair.generate();
+      const utxo = {
+        amount: BigInt('999999999999999999999999999'),
+        blinding: BigInt('888888888888888888888888888'),
+        index: BigInt('77777777777'),
+        vortexPool:
+          '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff',
+      };
+
+      const encrypted = VortexKeypair.encryptUtxoFor(
+        utxo,
+        keypair.encryptionKey
+      );
+      const decrypted = keypair.decryptUtxo(encrypted);
+
+      expect(decrypted.amount).toBe(utxo.amount);
+      expect(decrypted.blinding).toBe(utxo.blinding);
+      expect(decrypted.index).toBe(utxo.index);
+    });
+
+    it('should handle zero values correctly', () => {
+      const keypair = VortexKeypair.generate();
+      const utxo = {
+        amount: 0n,
+        blinding: 0n,
+        index: 0n,
+        vortexPool: '0x0',
+      };
+
+      const encrypted = VortexKeypair.encryptUtxoFor(
+        utxo,
+        keypair.encryptionKey
+      );
+      const decrypted = keypair.decryptUtxo(encrypted);
+
+      expect(decrypted.amount).toBe(utxo.amount);
+      expect(decrypted.blinding).toBe(utxo.blinding);
+      expect(decrypted.index).toBe(utxo.index);
+    });
+
+    it('should produce different ciphertexts for same data (random nonce)', () => {
+      const keypair = VortexKeypair.generate();
+      const utxo = {
+        amount: 1000n,
+        blinding: 999n,
+        index: 5n,
+        vortexPool: '0x123',
+      };
+
+      const encrypted1 = VortexKeypair.encryptUtxoFor(
+        utxo,
+        keypair.encryptionKey
+      );
+      const encrypted2 = VortexKeypair.encryptUtxoFor(
+        utxo,
+        keypair.encryptionKey
+      );
+
+      // Different ciphertexts due to random nonce
+      expect(encrypted1).not.toBe(encrypted2);
+
+      // But both decrypt to same data
+      const decrypted1 = keypair.decryptUtxo(encrypted1);
+      const decrypted2 = keypair.decryptUtxo(encrypted2);
+
+      expect(decrypted1.amount).toBe(decrypted2.amount);
+      expect(decrypted1.blinding).toBe(decrypted2.blinding);
+      expect(decrypted1.index).toBe(decrypted2.index);
+    });
+  });
+
+  describe('BigInt encryption/decryption', () => {
+    it('should encrypt and decrypt a BigInt value', () => {
+      const keypair = VortexKeypair.generate();
+      const originalValue = 123456n;
+
+      const encrypted = VortexKeypair.encryptBigIntFor(
+        originalValue,
+        keypair.encryptionKey
+      );
+      const decrypted = keypair.decryptBigInt(encrypted);
+
+      expect(decrypted).toBe(originalValue);
+    });
+
+    it('should handle zero', () => {
+      const keypair = VortexKeypair.generate();
+      const originalValue = 0n;
+
+      const encrypted = VortexKeypair.encryptBigIntFor(
+        originalValue,
+        keypair.encryptionKey
+      );
+      const decrypted = keypair.decryptBigInt(encrypted);
+
+      expect(decrypted).toBe(originalValue);
+    });
+
+    it('should handle large BigInt values', () => {
+      const keypair = VortexKeypair.generate();
+      const originalValue = BigInt(
+        '21888242871839275222246405745257275088548364400416034343698204186575808495616'
+      );
+
+      const encrypted = VortexKeypair.encryptBigIntFor(
+        originalValue,
+        keypair.encryptionKey
+      );
+      const decrypted = keypair.decryptBigInt(encrypted);
+
+      expect(decrypted).toBe(originalValue);
+    });
+
+    it('should fail to decrypt with wrong keypair', () => {
+      const keypair1 = VortexKeypair.generate();
+      const keypair2 = VortexKeypair.generate();
+      const originalValue = 123456n;
+
+      const encrypted = VortexKeypair.encryptBigIntFor(
+        originalValue,
+        keypair1.encryptionKey
+      );
+
+      expect(() => keypair2.decryptBigInt(encrypted)).toThrow(
+        'Decryption failed: HMAC verification failed'
+      );
+    });
+
+    it('should produce different ciphertexts for same value (random nonce)', () => {
+      const keypair = VortexKeypair.generate();
+      const value = 999999n;
+
+      const encrypted1 = VortexKeypair.encryptBigIntFor(
+        value,
+        keypair.encryptionKey
+      );
+      const encrypted2 = VortexKeypair.encryptBigIntFor(
+        value,
+        keypair.encryptionKey
+      );
+
+      expect(encrypted1).not.toBe(encrypted2);
+
+      // But both decrypt to the same value
+      expect(keypair.decryptBigInt(encrypted1)).toBe(value);
+      expect(keypair.decryptBigInt(encrypted2)).toBe(value);
+    });
+
+    it('should ALWAYS fail with wrong keypair - 100 iterations', () => {
+      const correctKeypair = VortexKeypair.generate();
+      const value = BigInt('12345678901234567890');
+
+      const encrypted = VortexKeypair.encryptBigIntFor(
+        value,
+        correctKeypair.encryptionKey
+      );
+
+      let failureCount = 0;
+      const iterations = 100;
+
+      for (let i = 0; i < iterations; i++) {
+        const wrongKeypair = VortexKeypair.generate();
+        try {
+          wrongKeypair.decryptBigInt(encrypted);
+        } catch {
+          failureCount++;
+        }
+      }
+
+      expect(failureCount).toBe(iterations);
     });
   });
 

package/src/constants.ts

@@ -1,5 +1,3 @@
-import { SUI_TYPE_ARG } from '@mysten/sui/utils';
-
 export const BN254_FIELD_MODULUS =
   21888242871839275222246405745257275088548364400416034343698204186575808495617n;
 
@@ -73,24 +71,24 @@ export const ERROR_CODES = {
 };
 
 export const VORTEX_PACKAGE_ID =
-  '0xcf81b96e392f82b776ee980108357426b726c4043c838822545a307e12c5ded6';
+  '0xd9d3b65c318e7d7dd208050a28e113a45256765b4c45acd119626d8a228d7555';
 
 export const VORTEX_UPGRADE_CAP =
-  '0xc2d1925fd45559e09c51f5491ec96d61f9e9108c967d34fe22a053c1b307ddfc';
+  '0xa0d5c1dec2ad7c732cf8d01378eba8fc1451841b051fa0292d3ad07ce92aad80';
 
 export const REGISTRY_OBJECT_ID =
-  '0xf2c11c297e0581e0279714f6ba47e26d03d9a70756036fab5882ebc0f1d2b3b1';
+  '0x6cec550fb43435462f34b15aee9f8b8030e0433e16c8104e966013f0443b2e36';
 
 export const VORTEX_SWAP_PACKAGE_ID =
-  '0x2ddd33debbac3e0461b3551bb00bd40d3055ea5cd441b4fad8624dcbb095e8fb';
+  '0x325610fc0c15c91682f8bf263ef0991c28fe7ff77fd98266821c3e696e459cdf';
 
 export const VORTEX_SWAP_UPGRADE_CAP =
-  '0xec0beaf1453b0e09d92f8addf25abcfb4bc6ce43ead828914836cadc8df249a0';
+  '0x3f535b61b6baa2174dc301179bd2bc392563086ddca23b8eec69da505d54e3c1';
 
 export const SECRET_PACKAGE_ID =
   '0x2d57ed0dd0d5f44d91f865fee3bc33d13ef3ce97c7daf88ad5f5fbb32468ccd6';
 
-export const INITIAL_SHARED_VERSION = '692442863';
+export const INITIAL_SHARED_VERSION = '738926997';
 
 export const LSK_FETCH_OFFSET = 'fetch_offset';
 
@@ -106,8 +104,3 @@ export const TREASURY_ADDRESS =
 export const DEPOSIT_FEE_IN_BASIS_POINTS = 50n;
 
 export const BASIS_POINTS = 10_000n;
-
-export const VORTEX_POOL_IDS = {
-  [SUI_TYPE_ARG]:
-    '0x1e3672f35853fccded923505434b5138543829231f025120d57fda95b86b504c',
-};

package/src/crypto/ff/f1field.ts

@@ -1,5 +1,6 @@
+/* eslint-disable */
 import * as Scalar from './scalar';
-import { getRandomBytes } from './random';
+import { randomBytes } from '@noble/ciphers/utils.js';
 
 export class F1Field {
   type: string;
@@ -288,7 +289,7 @@ export class F1Field {
     const nBytes = (this.bitLength * 2) / 8;
     let res = this.zero;
     for (let i = 0; i < nBytes; i++) {
-      res = (res << BigInt(8)) + BigInt(getRandomBytes(1)[0]!);
+      res = (res << BigInt(8)) + BigInt(randomBytes(1)[0]!);
     }
     return res % this.p;
   }

package/src/crypto/ff/index.ts

@@ -1,6 +1,6 @@
+/* eslint-disable */
 import * as utils from './utils';
 import * as Scalar from './scalar';
 import { F1Field } from './f1field';
-import { getRandomBytes } from './random';
 
-export { utils, Scalar, F1Field, getRandomBytes };
+export { utils, Scalar, F1Field };

package/src/crypto/ff/scalar.ts

@@ -1,3 +1,4 @@
+/* eslint-disable */
 const hexLen = [0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4];
 
 export const fromString = (s: string, radix?: number): bigint => {

package/src/crypto/ff/utils.ts

@@ -1,3 +1,4 @@
+/* eslint-disable */
 import * as Scalar from './scalar';
 import { fromBase64 } from '@mysten/sui/utils';
 export function unStringifyBigInts(o: unknown): unknown {

package/src/entities/keypair.ts

@@ -6,10 +6,22 @@ import { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';
 import invariant from 'tiny-invariant';
 import { randomBytes } from '@noble/ciphers/utils.js';
 import { x25519 } from '@noble/curves/ed25519.js';
-import { xsalsa20poly1305 } from '@noble/ciphers/salsa.js';
+import { xchacha20 } from '@noble/ciphers/chacha.js';
+import { hmac } from '@noble/hashes/hmac.js';
+import { sha256 } from '@noble/hashes/sha2.js';
 import { blake2b } from '@noble/hashes/blake2.js';
 import { normalizeSuiAddress } from '@mysten/sui/utils';
 
+// Constant-time comparison to prevent timing attacks
+function constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) {
+    diff |= a[i] ^ b[i];
+  }
+  return diff === 0;
+}
+
 export interface UtxoPayload {
   amount: bigint;
   blinding: bigint;
@@ -21,6 +33,7 @@ interface EncryptedMessage {
   version: string;
   nonce: string; // base64
   ephemPublicKey: string; // base64
+  hmacTag: string; // base64 - HMAC-SHA256 tag for key-committing authentication
   ciphertext: string; // base64
 }
 
@@ -30,12 +43,14 @@ type SignMessageFn = (message: Uint8Array) => Promise<{
   bytes: string;
 }>;
 
+// Message format: nonce (24) | ephemPublicKey (32) | hmacTag (32) | ciphertext (variable)
 function packEncryptedMessage(encryptedMessage: EncryptedMessage): string {
   const nonceBuf = Buffer.from(encryptedMessage.nonce, 'base64');
   const ephemPublicKeyBuf = Buffer.from(
     encryptedMessage.ephemPublicKey,
     'base64'
   );
+  const hmacTagBuf = Buffer.from(encryptedMessage.hmacTag, 'base64');
   const ciphertextBuf = Buffer.from(encryptedMessage.ciphertext, 'base64');
 
   const messageBuff = Buffer.concat([
@@ -43,6 +58,8 @@ function packEncryptedMessage(encryptedMessage: EncryptedMessage): string {
     nonceBuf,
     Buffer.alloc(32 - ephemPublicKeyBuf.length),
     ephemPublicKeyBuf,
+    Buffer.alloc(32 - hmacTagBuf.length),
+    hmacTagBuf,
     ciphertextBuf,
   ]);
 
@@ -58,12 +75,14 @@ function unpackEncryptedMessage(encryptedMessage: string): EncryptedMessage {
 
   const nonceBuf = messageBuff.subarray(0, 24);
   const ephemPublicKeyBuf = messageBuff.subarray(24, 56);
-  const ciphertextBuf = messageBuff.subarray(56);
+  const hmacTagBuf = messageBuff.subarray(56, 88);
+  const ciphertextBuf = messageBuff.subarray(88);
 
   return {
-    version: 'x25519-xsalsa20-poly1305',
+    version: 'x25519-xchacha20-hmac-sha256',
     nonce: nonceBuf.toString('base64'),
     ephemPublicKey: ephemPublicKeyBuf.toString('base64'),
+    hmacTag: hmacTagBuf.toString('base64'),
     ciphertext: ciphertextBuf.toString('base64'),
   };
 }
@@ -159,14 +178,19 @@ export class VortexKeypair {
       recipientPublicKey
     );
 
+    // Encrypt with XChaCha20
     const nonce = randomBytes(24);
-    const cipher = xsalsa20poly1305(sharedSecret, nonce);
-    const ciphertext = cipher.encrypt(bytes);
+    const ciphertext = xchacha20(sharedSecret, nonce, bytes);
+
+    // Compute HMAC-SHA256 over ciphertext (Encrypt-then-MAC)
+    // This provides key-committing authentication
+    const hmacTag = hmac(sha256, sharedSecret, ciphertext);
 
     const encryptedMessage: EncryptedMessage = {
-      version: 'x25519-xsalsa20-poly1305',
+      version: 'x25519-xchacha20-hmac-sha256',
       nonce: Buffer.from(nonce).toString('base64'),
       ephemPublicKey: Buffer.from(ephemeralPublicKey).toString('base64'),
+      hmacTag: Buffer.from(hmacTag).toString('base64'),
       ciphertext: Buffer.from(ciphertext).toString('base64'),
     };
 
@@ -189,10 +213,28 @@ export class VortexKeypair {
 
     invariant(parts.length === 4, 'Invalid UTXO format after decryption');
 
+    const amount = BigInt(parts[0]);
+    const blinding = BigInt(parts[1]);
+    const index = BigInt(parts[2]);
+
+    // Validate values are within BN254 field to prevent proof failures
+    invariant(
+      amount >= 0n && amount < BN254_FIELD_MODULUS,
+      'Amount exceeds field modulus'
+    );
+    invariant(
+      blinding >= 0n && blinding < BN254_FIELD_MODULUS,
+      'Blinding exceeds field modulus'
+    );
+    invariant(
+      index >= 0n && index < BN254_FIELD_MODULUS,
+      'Index exceeds field modulus'
+    );
+
     return {
-      amount: BigInt(parts[0]),
-      blinding: BigInt(parts[1]),
-      index: BigInt(parts[2]),
+      amount,
+      blinding,
+      index,
       vortexPool: normalizeSuiAddress(parts[3]),
     };
   }
@@ -254,12 +296,20 @@ export class VortexKeypair {
       ephemeralPublicKey
     );
 
-    // Decrypt using XSalsa20-Poly1305
-    const nonce = Buffer.from(encryptedMessage.nonce, 'base64');
     const ciphertext = Buffer.from(encryptedMessage.ciphertext, 'base64');
+    const receivedHmacTag = Buffer.from(encryptedMessage.hmacTag, 'base64');
 
-    const cipher = xsalsa20poly1305(sharedSecret, nonce);
-    const decrypted = cipher.decrypt(ciphertext);
+    // Verify HMAC-SHA256 first (Encrypt-then-MAC verification)
+    // This is key-committing: wrong key = wrong HMAC = guaranteed failure
+    const expectedHmacTag = hmac(sha256, sharedSecret, ciphertext);
+
+    if (!constantTimeEqual(receivedHmacTag, expectedHmacTag)) {
+      throw new Error('Decryption failed: HMAC verification failed');
+    }
+
+    // Decrypt using XChaCha20
+    const nonce = Buffer.from(encryptedMessage.nonce, 'base64');
+    const decrypted = xchacha20(sharedSecret, nonce, ciphertext);
 
     return Buffer.from(decrypted);
   }

package/src/entities/utxo.ts

@@ -1,6 +1,8 @@
 import { VortexKeypair } from './keypair';
 import { poseidon3, poseidon4 } from '../crypto';
-import { normalizeSuiAddress } from '@mysten/sui/utils';
+import { normalizeSuiAddress, toHex } from '@mysten/sui/utils';
+import { randomBytes } from '@noble/ciphers/utils.js';
+import { BN254_FIELD_MODULUS } from '../constants';
 
 interface UtxoConstructorArgs {
   amount: bigint;
@@ -53,7 +55,10 @@ export class Utxo {
   }
 
   static blinding() {
-    return BigInt(Math.floor(Math.random() * 1_000_000_000));
+    // Use cryptographically secure randomness (works on web + Node.js)
+    // 31 bytes = 248 bits, safely below BN254 field modulus (~254 bits)
+    const bytes = randomBytes(31);
+    return BigInt('0x' + toHex(bytes)) % BN254_FIELD_MODULUS;
   }
 
   commitment() {