@monolythium/core-sdk 0.4.23 → 0.5.0

package/dist/crypto/index.js

@@ -1,11 +1,8 @@
 import { ml_dsa65 } from '@noble/post-quantum/ml-dsa.js';
 import { blake3 } from '@noble/hashes/blake3.js';
 import { keccak_256, shake256 } from '@noble/hashes/sha3.js';
-import { entropyToMnemonic, mnemonicToEntropy } from '@scure/bip39';
+import { entropyToMnemonic, validateMnemonic as validateMnemonic$1, mnemonicToSeedSync } from '@scure/bip39';
 import { wordlist } from '@scure/bip39/wordlists/english.js';
-import { ml_kem768 } from '@noble/post-quantum/ml-kem.js';
-import { chacha20poly1305 } from '@noble/ciphers/chacha.js';
-import { randomBytes } from '@noble/hashes/utils.js';
 
 // src/crypto/bincode.ts
 var BincodeWriter = class {
@@ -353,105 +350,69 @@ function encodeMlDsa65Opaque(raw) {
   out.set(bytes, 14);
   return out;
 }
-var PQM1_ALGO_TAG_MLDSA65 = 1;
-var PQM1_ALGO_TAG_MLDSA87_RESERVED = 2;
-var PQM1_ALGO_TAG_SLHDSA128S_RESERVED = 3;
-var PQM1_ALGO_TAG_FALCON512_RESERVED = 4;
-var PQM1_VERSION_V1 = 1;
-var PQM1_PAYLOAD_LEN = 32;
-var PQM1_ENTROPY_LEN = 30;
-var PQM1_V1_MNEMONIC_WORDS = 24;
-var PQM1_V1_MLDSA65_DOMAIN_TAG = "monolythium.pqm1.v1.mldsa65";
-var Pqm1Error = class extends Error {
+var MLDSA65_MNEMONIC_WORDS = 24;
+var MLDSA65_SEED_DOMAIN = "monolythium.mldsa65.v1";
+var MLDSA65_ENTROPY_LEN = 32;
+var DOMAIN_BYTES = new TextEncoder().encode(MLDSA65_SEED_DOMAIN);
+var MnemonicError = class extends Error {
   constructor(kind, message) {
     super(message);
     this.kind = kind;
-    this.name = "Pqm1Error";
+    this.name = "MnemonicError";
   }
   kind;
 };
-var DOMAIN_BYTES = new TextEncoder().encode(PQM1_V1_MLDSA65_DOMAIN_TAG);
 function normalizeMnemonic(mnemonic) {
   return mnemonic.trim().toLowerCase().replace(/\s+/g, " ");
 }
-function ensureSupportedPayload(bytes) {
-  if (bytes.length !== PQM1_PAYLOAD_LEN) {
-    throw new Pqm1Error("badPayloadLength", `PQM-1 payload must be ${PQM1_PAYLOAD_LEN} bytes, got ${bytes.length}`);
-  }
-  if (bytes[0] !== PQM1_ALGO_TAG_MLDSA65) {
-    throw new Pqm1Error("unsupportedAlgorithm", `unsupported PQM-1 algorithm tag 0x${bytes[0].toString(16).padStart(2, "0")}`);
-  }
-  if (bytes[1] !== PQM1_VERSION_V1) {
-    throw new Pqm1Error("unsupportedVersion", `unsupported PQM-1 version 0x${bytes[1].toString(16).padStart(2, "0")}`);
-  }
+function wordCount(normalized) {
+  return normalized.length === 0 ? 0 : normalized.split(" ").length;
 }
 function defaultRandomFill(bytes) {
   const cryptoObj = globalThis.crypto;
   if (!cryptoObj?.getRandomValues) {
-    throw new Pqm1Error("missingRandom", "globalThis.crypto.getRandomValues is unavailable");
+    throw new MnemonicError("missingRandom", "globalThis.crypto.getRandomValues is unavailable");
   }
   cryptoObj.getRandomValues(bytes);
 }
-function assemblePqm1Payload(entropy) {
-  const ent = expectBytes(entropy, PQM1_ENTROPY_LEN, "PQM-1 entropy");
-  const payload = new Uint8Array(PQM1_PAYLOAD_LEN);
-  payload[0] = PQM1_ALGO_TAG_MLDSA65;
-  payload[1] = PQM1_VERSION_V1;
-  payload.set(ent, 2);
-  return payload;
-}
-function parsePqm1Payload(payload) {
-  const bytes = expectBytes(payload, PQM1_PAYLOAD_LEN, "PQM-1 payload").slice();
-  ensureSupportedPayload(bytes);
-  return {
-    algoTag: PQM1_ALGO_TAG_MLDSA65,
-    version: PQM1_VERSION_V1,
-    entropy: bytes.slice(2),
-    bytes
-  };
+function generateMnemonic(rng = defaultRandomFill) {
+  const entropy = new Uint8Array(MLDSA65_ENTROPY_LEN);
+  rng(entropy);
+  return entropyToMnemonic(entropy, wordlist);
 }
-function pqm1PayloadToMnemonic(payload) {
-  const parsed = parsePqm1Payload(payload);
-  return entropyToMnemonic(parsed.bytes, wordlist);
+function validateMnemonic(mnemonic) {
+  const normalized = normalizeMnemonic(mnemonic);
+  if (wordCount(normalized) !== MLDSA65_MNEMONIC_WORDS) {
+    return false;
+  }
+  return validateMnemonic$1(normalized, wordlist);
 }
-function pqm1MnemonicToPayload(mnemonic) {
+function mnemonicToMlDsa65Seed(mnemonic) {
   const normalized = normalizeMnemonic(mnemonic);
-  const words = normalized.length === 0 ? [] : normalized.split(" ");
-  if (words.length !== PQM1_V1_MNEMONIC_WORDS) {
-    throw new Pqm1Error("badWordCount", `PQM-1 mnemonic must be ${PQM1_V1_MNEMONIC_WORDS} words, got ${words.length}`);
+  const words = wordCount(normalized);
+  if (words !== MLDSA65_MNEMONIC_WORDS) {
+    throw new MnemonicError(
+      "badWordCount",
+      `mnemonic must be ${MLDSA65_MNEMONIC_WORDS} words, got ${words}`
+    );
   }
-  let payload;
-  try {
-    payload = mnemonicToEntropy(normalized, wordlist);
-  } catch (e) {
-    throw new Pqm1Error("bip39Decode", `invalid PQM-1 mnemonic: ${e.message}`);
+  if (!validateMnemonic$1(normalized, wordlist)) {
+    throw new MnemonicError(
+      "bip39Decode",
+      "invalid BIP-39 mnemonic (unknown word or bad checksum)"
+    );
   }
-  return parsePqm1Payload(payload);
-}
-function derivePqm1MlDsa65SeedFromPayload(payload) {
-  const parsed = parsePqm1Payload(payload);
-  return shake256(concatBytes(DOMAIN_BYTES, parsed.bytes), { dkLen: ML_DSA_65_SEED_LEN });
+  const seed64 = mnemonicToSeedSync(normalized, "");
+  return shake256(concatBytes(DOMAIN_BYTES, seed64), { dkLen: ML_DSA_65_SEED_LEN });
 }
-function pqm1MnemonicToMlDsa65Seed(mnemonic) {
-  return derivePqm1MlDsa65SeedFromPayload(pqm1MnemonicToPayload(mnemonic).bytes);
+function mnemonicToMlDsa65Backend(mnemonic) {
+  return MlDsa65Backend.fromSeed(mnemonicToMlDsa65Seed(mnemonic));
 }
-function pqm1MnemonicToMlDsa65Backend(mnemonic) {
-  return MlDsa65Backend.fromSeed(pqm1MnemonicToMlDsa65Seed(mnemonic));
+function mnemonicToAddress(mnemonic) {
+  return mnemonicToMlDsa65Backend(mnemonic).getAddress();
 }
-function pqm1MnemonicToAddress(mnemonic) {
-  return pqm1MnemonicToMlDsa65Backend(mnemonic).getAddress();
-}
-function generatePqm1Mnemonic(rng = defaultRandomFill) {
-  const entropy = new Uint8Array(PQM1_ENTROPY_LEN);
-  rng(entropy);
-  return pqm1PayloadToMnemonic(assemblePqm1Payload(entropy));
-}
-var DKG_AEAD_DOMAIN_TAG = new TextEncoder().encode("protocore/v2/mempool/dkg-mlkem768/1");
-var ML_KEM_768_CIPHERTEXT_LEN = 1088;
-var ML_KEM_768_ENCAPSULATION_KEY_LEN = 1184;
-var ML_KEM_768_SHARED_SECRET_LEN = 32;
-var DKG_NONCE_LEN = 12;
-var DKG_AEAD_TAG_LEN = 16;
+
+// src/crypto/envelope.ts
 var MempoolClass = {
   Transfer: 0,
   ContractCall: 1,
@@ -463,430 +424,8 @@ var MempoolClass = {
   GovernanceOp: 5,
   RWAOp: 6
 };
-function bincodeNonceAad(aad) {
-  const w = new BincodeWriter();
-  w.bytes(expectBytes(aad.sender, 20, "NonceAad.sender"));
-  w.u64(aad.nonce);
-  w.u64(aad.chainId);
-  w.enumVariant(aad.class);
-  w.u128(aad.maxFeePerGas);
-  w.u128(aad.maxPriorityFeePerGas);
-  w.u64(aad.gasLimit);
-  return w.toBytes();
-}
-function bincodeDecryptHint(hint) {
-  const w = new BincodeWriter();
-  w.u64(hint.epoch);
-  w.u16(hint.scheme);
-  return w.toBytes();
-}
-function bincodeEncryptedEnvelope(env) {
-  const w = new BincodeWriter();
-  w.rawBytes(bincodeNonceAad(env.nonceAad));
-  w.bytes(env.ciphertext);
-  w.rawBytes(bincodeDecryptHint(env.decryptionHint));
-  bincodeMlDsa65OpaqueInto2(w, expectBytes(env.senderPubkey, ML_DSA_65_PUBLIC_KEY_LEN, "senderPubkey"));
-  bincodeMlDsa65OpaqueInto2(w, expectBytes(env.outerSignature, ML_DSA_65_SIGNATURE_LEN, "outerSignature"));
-  w.bytes(expectBytes(env.sender, 20, "sender"));
-  return w.toBytes();
-}
-function encryptInnerTx(signedInnerTxBincode, nonceAad, kemEncapsulationKey) {
-  expectBytes(kemEncapsulationKey, ML_KEM_768_ENCAPSULATION_KEY_LEN, "kemEncapsulationKey");
-  const { cipherText: kemCt, sharedSecret } = ml_kem768.encapsulate(kemEncapsulationKey);
-  const nonce = randomBytes(DKG_NONCE_LEN);
-  const cipher = chacha20poly1305(sharedSecret, nonce, aadFor(nonceAad));
-  const aeadCt = cipher.encrypt(signedInnerTxBincode);
-  sharedSecret.fill(0);
-  return concatBytes(kemCt, nonce, aeadCt);
-}
-function outerSigDigest(nonceAad, ciphertext, decryptionHint, senderPubkey) {
-  const aad = bincodeNonceAad(nonceAad);
-  const hint = bincodeDecryptHint(decryptionHint);
-  return keccak_256(concatBytes(aad, ciphertext, hint, expectBytes(senderPubkey, ML_DSA_65_PUBLIC_KEY_LEN, "senderPubkey")));
-}
-async function buildEncryptedEnvelope(args) {
-  const ciphertext = encryptInnerTx(args.signedInnerTxBincode, args.nonceAad, args.kemEncapsulationKey);
-  const digest = outerSigDigest(args.nonceAad, ciphertext, args.decryptionHint, args.senderPubkey);
-  const outerSignature = await args.signOuterDigest(digest);
-  const envelope = {
-    nonceAad: args.nonceAad,
-    ciphertext,
-    decryptionHint: args.decryptionHint,
-    senderPubkey: expectBytes(args.senderPubkey, ML_DSA_65_PUBLIC_KEY_LEN, "senderPubkey"),
-    outerSignature: expectBytes(outerSignature, ML_DSA_65_SIGNATURE_LEN, "outerSignature"),
-    sender: expectBytes(args.senderAddress, 20, "senderAddress")
-  };
-  const wireBytes = bincodeEncryptedEnvelope(envelope);
-  return { envelope, wireBytes, wireHex: bytesToHex(wireBytes) };
-}
-function aadFor(aad) {
-  return concatBytes(DKG_AEAD_DOMAIN_TAG, bincodeNonceAad(aad));
-}
-function bincodeMlDsa65OpaqueInto2(w, raw) {
-  w.enumVariant(ENUM_VARIANT_INDEX_ML_DSA_65);
-  w.u16(STANDARD_ALGO_NUMBER_ML_DSA_65);
-  w.bytes(raw);
-}
-var SEAL_EK_LEN = 1184;
-var SEAL_DK_LEN = 2400;
-var SEAL_KEM_CT_LEN = 1088;
-var SEAL_KEM_SEED_LEN = 64;
-var SEAL_KEY_LEN = 32;
-var SEAL_NONCE_LEN = 12;
-var SEAL_TAG_LEN = 16;
-var SEAL_COMMIT_LEN = 32;
-var SEAL_SECRET_LEN = 32;
-var SEAL_SHARE_LEN = 1 + SEAL_SECRET_LEN;
-var CLUSTER_MLKEM_SHAMIR = 3;
-var COMMIT_DOMAIN = new TextEncoder().encode("lythiumseal/commit/v1");
-var KEK_DOMAIN = new TextEncoder().encode("lythiumseal/kek/v1");
-var NONCE_DOMAIN = new TextEncoder().encode("lythiumseal/nonce/v1");
-var BODY_AAD_DOMAIN = new TextEncoder().encode("lythiumseal/body/v1");
-var SHARE_AAD_DOMAIN = new TextEncoder().encode("lythiumseal/share/v1");
-var ROSTER_DOMAIN = new TextEncoder().encode("lythiumseal/roster/v1");
-function cryptoRandomSource() {
-  return {
-    fillBytes(dest) {
-      crypto.getRandomValues(dest);
-    }
-  };
-}
-function generateOperatorSealKeypair() {
-  const { publicKey, secretKey } = ml_kem768.keygen();
-  return {
-    encapsulationKey: expectBytes(publicKey, SEAL_EK_LEN, "encapsulationKey").slice(),
-    decapsulationKey: expectBytes(secretKey, SEAL_DK_LEN, "decapsulationKey").slice()
-  };
-}
-function u32le(n) {
-  const out = new Uint8Array(4);
-  out[0] = n & 255;
-  out[1] = n >>> 8 & 255;
-  out[2] = n >>> 16 & 255;
-  out[3] = n >>> 24 & 255;
-  return out;
-}
-function u64le(n) {
-  const out = new Uint8Array(8);
-  let v = n;
-  for (let i = 0; i < 8; i++) {
-    out[i] = Number(v & 0xffn);
-    v >>= 8n;
-  }
-  return out;
-}
-function framed(field) {
-  return concatBytes(u32le(field.length), field);
-}
-function keyCommitment(key) {
-  return shake256(concatBytes(framed(COMMIT_DOMAIN), key), { dkLen: SEAL_COMMIT_LEN });
-}
-function deriveKek(sharedSecret, domain, clusterId, epoch, opIndex) {
-  const input = concatBytes(
-    framed(KEK_DOMAIN),
-    framed(sharedSecret),
-    framed(domain),
-    u32le(clusterId),
-    u64le(epoch),
-    Uint8Array.of(opIndex)
-  );
-  return shake256(input, { dkLen: SEAL_KEY_LEN });
-}
-function deriveNonce(domain, context) {
-  const input = concatBytes(framed(NONCE_DOMAIN), framed(domain), framed(context));
-  return shake256(input, { dkLen: SEAL_NONCE_LEN });
-}
-function bodyAad(ctx, k, n) {
-  return concatBytes(
-    BODY_AAD_DOMAIN,
-    u32le(ctx.clusterId),
-    u64le(ctx.epoch),
-    Uint8Array.of(k),
-    Uint8Array.of(n),
-    ctx.rosterHash
-  );
-}
-function shareAad(ctx, opIndex) {
-  return concatBytes(
-    SHARE_AAD_DOMAIN,
-    u32le(ctx.clusterId),
-    u64le(ctx.epoch),
-    Uint8Array.of(opIndex),
-    ctx.rosterHash
-  );
-}
-function aeadSeal(key, nonce, plaintext, aad) {
-  const cipher = chacha20poly1305(key, nonce, aad);
-  const ct = cipher.encrypt(plaintext);
-  return { nonce, ct, commitment: keyCommitment(key) };
-}
-function gfMul(a, b) {
-  let product = 0;
-  let x = a & 255;
-  let y = b & 255;
-  for (let i = 0; i < 8; i++) {
-    const mask = -(y & 1) & 255;
-    product ^= x & mask;
-    const high = -(x >> 7 & 1) & 255;
-    x = x << 1 & 255;
-    x ^= 27 & high;
-    y >>= 1;
-  }
-  return product & 255;
-}
-function polyEval(coeffs, x) {
-  let acc = 0;
-  for (let i = coeffs.length - 1; i >= 0; i--) {
-    acc = gfMul(acc, x) ^ coeffs[i];
-  }
-  return acc & 255;
-}
-function shamirSplit(secret, t, n, rng) {
-  const byteCoeffs = [];
-  for (let j = 0; j < SEAL_SECRET_LEN; j++) {
-    const c = new Uint8Array(t);
-    c[0] = secret[j];
-    if (t > 1) {
-      const tail = new Uint8Array(t - 1);
-      rng.fillBytes(tail);
-      c.set(tail, 1);
-    }
-    byteCoeffs.push(c);
-  }
-  const shares = [];
-  for (let k = 0; k < n; k++) {
-    const x = k + 1 & 255;
-    const value = new Uint8Array(SEAL_SECRET_LEN);
-    for (let j = 0; j < SEAL_SECRET_LEN; j++) {
-      value[j] = polyEval(byteCoeffs[j], x);
-    }
-    shares.push({ index: x, value });
-  }
-  return shares;
-}
-function shareToBytes(s) {
-  const out = new Uint8Array(SEAL_SHARE_LEN);
-  out[0] = s.index;
-  out.set(s.value, 1);
-  return out;
-}
-function sealRosterHash(keccak2562, clusterId, t, n, roster) {
-  const chunks = [ROSTER_DOMAIN, u32le(clusterId), Uint8Array.of(t), Uint8Array.of(n)];
-  for (const { operatorIndex, ek } of roster) {
-    chunks.push(Uint8Array.of(operatorIndex), ek);
-  }
-  return keccak2562(concatBytes(...chunks));
-}
-function encodeSealEnvelope(env) {
-  const chunks = [];
-  chunks.push(u32le(env.clusterId));
-  chunks.push(u64le(env.epoch));
-  chunks.push(expectBytes(env.rosterHash, 32, "rosterHash"));
-  chunks.push(Uint8Array.of(env.t));
-  chunks.push(Uint8Array.of(env.n));
-  pushAeadBody(chunks, env.aeadBody);
-  chunks.push(u64le(BigInt(env.recipients.length)));
-  for (const r of env.recipients) {
-    chunks.push(Uint8Array.of(r.operatorIndex));
-    chunks.push(u64le(BigInt(r.kemCt.length)));
-    chunks.push(r.kemCt);
-    pushAeadBody(chunks, r.wrapped);
-  }
-  return concatBytes(...chunks);
-}
-function pushAeadBody(chunks, body) {
-  chunks.push(expectBytes(body.nonce, SEAL_NONCE_LEN, "aead nonce"));
-  chunks.push(u64le(BigInt(body.ct.length)));
-  chunks.push(body.ct);
-  chunks.push(expectBytes(body.commitment, SEAL_COMMIT_LEN, "aead commitment"));
-}
-function sealToCluster(args) {
-  const { plaintext, recipientEks, t, clusterId } = args;
-  const epoch = args.epoch;
-  const rosterHash = expectBytes(args.rosterHash, 32, "rosterHash");
-  const rng = args.rng ?? cryptoRandomSource();
-  const n = recipientEks.length;
-  if (!Number.isInteger(t) || t < 1 || t > n || n < 1 || n > 255) {
-    throw new Error(`invalid threshold/recipient count: t=${t} n=${n}`);
-  }
-  for (let i = 0; i < n; i++) {
-    expectBytes(recipientEks[i], SEAL_EK_LEN, `recipientEks[${i}]`);
-  }
-  const ctx = { clusterId, epoch, rosterHash };
-  const bodyKey = new Uint8Array(SEAL_KEY_LEN);
-  rng.fillBytes(bodyKey);
-  const aad = bodyAad(ctx, t, n);
-  const bodyNonce = deriveNonce(new TextEncoder().encode("body"), aad);
-  const aeadBody = aeadSeal(bodyKey, bodyNonce, plaintext, aad);
-  const shares = shamirSplit(bodyKey, t, n, rng);
-  const recipients = [];
-  for (let i = 0; i < n; i++) {
-    const opIndex = i + 1 & 255;
-    const m = new Uint8Array(32);
-    rng.fillBytes(m);
-    const { cipherText: kemCt, sharedSecret } = ml_kem768.encapsulate(recipientEks[i], m);
-    const kek = deriveKek(sharedSecret, rosterHash, clusterId, epoch, opIndex);
-    const sAad = shareAad(ctx, opIndex);
-    const wrapNonce = deriveNonce(new TextEncoder().encode("share"), sAad);
-    const wrapped = aeadSeal(kek, wrapNonce, shareToBytes(shares[i]), sAad);
-    recipients.push({ operatorIndex: opIndex, kemCt, wrapped });
-    sharedSecret.fill(0);
-    kek.fill(0);
-  }
-  bodyKey.fill(0);
-  return {
-    clusterId,
-    epoch,
-    rosterHash,
-    t,
-    n,
-    aeadBody,
-    recipients
-  };
-}
-
-// src/crypto/seal.ts
-var CLUSTER_MLKEM_SHAMIR_ALGO = "cluster-mlkem768-shamir";
-function parseClusterSealKeys(source) {
-  const n = source.roster.length;
-  if (n === 0) {
-    throw new Error("cluster seal roster is empty");
-  }
-  if (source.n !== n) {
-    throw new Error(`cluster seal roster n=${source.n} disagrees with ${n} entries`);
-  }
-  if (!Number.isInteger(source.t) || source.t < 2 || source.t > n) {
-    throw new Error(`cluster seal threshold t=${source.t} out of range 2..=${n}`);
-  }
-  const sorted = [...source.roster].sort((a, b) => a.operatorIndex - b.operatorIndex);
-  const recipientEks = [];
-  const hashInput = [];
-  for (let i = 0; i < n; i++) {
-    const entry = sorted[i];
-    if (entry.operatorIndex !== i + 1) {
-      throw new Error(
-        `cluster seal roster operator indices must be 1..=${n}; got ${entry.operatorIndex} at slot ${i + 1}`
-      );
-    }
-    const ek = expectBytes(hexToBytes(entry.mlKemEk, `operator ${entry.operatorIndex} mlKemEk`), SEAL_EK_LEN, `operator ${entry.operatorIndex} ek`);
-    recipientEks.push(ek);
-    hashInput.push({ operatorIndex: entry.operatorIndex, ek });
-  }
-  const recomputed = sealRosterHash(keccak256, source.clusterId, source.t, n, hashInput);
-  if (source.rosterHash !== void 0) {
-    const supplied = expectBytes(hexToBytes(source.rosterHash, "rosterHash"), 32, "rosterHash");
-    if (!bytesEqual(supplied, recomputed)) {
-      throw new Error(
-        `cluster seal roster hash mismatch: source ${bytesToHex(supplied)} != recomputed ${bytesToHex(recomputed)} (the roster hash does not commit to this ek set)`
-      );
-    }
-  }
-  return {
-    algo: source.algo ?? CLUSTER_MLKEM_SHAMIR_ALGO,
-    clusterId: source.clusterId,
-    epoch: toBigInt(source.epoch),
-    rosterHash: recomputed,
-    t: source.t,
-    n,
-    recipientEks
-  };
-}
-async function getClusterSealKeys(client, clusterId = 0) {
-  const result = await client.call(
-    "lyth_getClusterSealKeys",
-    [clusterId]
-  );
-  return parseClusterSealKeys({ ...result, clusterId: result.clusterId ?? clusterId });
-}
-async function sealTransaction(args) {
-  const keys = args.clusterSealKeys;
-  const senderPubkey = expectBytes(args.senderPubkey, ML_DSA_65_PUBLIC_KEY_LEN, "senderPubkey");
-  const senderAddress = expectBytes(args.senderAddress, 20, "senderAddress");
-  const env = sealToCluster({
-    plaintext: args.signedTxBincode,
-    recipientEks: keys.recipientEks,
-    t: keys.t,
-    clusterId: keys.clusterId,
-    epoch: keys.epoch,
-    rosterHash: keys.rosterHash,
-    rng: args.rng
-  });
-  const ciphertext = encodeSealEnvelope(env);
-  const decryptionHint = { epoch: keys.epoch, scheme: CLUSTER_MLKEM_SHAMIR };
-  const digest = outerSigDigest(args.aad, ciphertext, decryptionHint, senderPubkey);
-  const outerSignature = expectBytes(
-    await args.signOuterDigest(digest),
-    ML_DSA_65_SIGNATURE_LEN,
-    "outerSignature"
-  );
-  const envelope = {
-    nonceAad: args.aad,
-    ciphertext,
-    decryptionHint,
-    senderPubkey,
-    outerSignature,
-    sender: senderAddress
-  };
-  const envelopeWireBytes = bincodeEncryptedEnvelope(envelope);
-  return {
-    envelopeWireHex: `0x${bytesToHex(envelopeWireBytes).slice(2)}`,
-    envelopeWireBytes,
-    ciphertextBytes: ciphertext.length
-  };
-}
-async function submitSealedTransaction(client, submission) {
-  return client.call("lyth_submitEncrypted", [submission.envelopeWireHex]);
-}
-function keccak256(input) {
-  return keccak_256(input);
-}
-function toBigInt(value) {
-  if (typeof value === "bigint") return value;
-  return BigInt(value);
-}
-function bytesEqual(a, b) {
-  if (a.length !== b.length) return false;
-  for (let i = 0; i < a.length; i++) {
-    if (a[i] !== b[i]) return false;
-  }
-  return true;
-}
 
 // src/crypto/submission.ts
-async function fetchEncryptionKey(client) {
-  const result = await client.call(
-    "lyth_getEncryptionKey",
-    []
-  );
-  return {
-    algo: result.algo ?? "ml-kem-768",
-    epoch: typeof result.epoch === "string" ? BigInt(result.epoch) : BigInt(result.epoch),
-    encapsulationKey: hexToBytes(result.encapsulationKey, "encapsulationKey")
-  };
-}
-var ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE = "private submission requires cluster seal keys; pass clusterSealKeysSource or enable lyth_getClusterSealKeys";
-async function buildEncryptedSubmission(args) {
-  const signed = args.backend.signEvmTx(args.tx);
-  const clusterSealKeys = await resolveClusterSealKeys(args);
-  const aad = nonceAadForTx(args.tx, args.backend.addressBytes(), args.class);
-  const sealed = await sealTransaction({
-    signedTxBincode: signed.wireBytes,
-    clusterSealKeys,
-    aad,
-    senderAddress: args.backend.addressBytes(),
-    senderPubkey: args.backend.publicKey(),
-    signOuterDigest: (digest) => args.backend.signPrehash(digest)
-  });
-  return {
-    envelopeWireHex: sealed.envelopeWireHex,
-    innerSighashHex: bytesToHex(signed.sighash),
-    innerTxHashHex: bytesToHex(signed.txHash),
-    innerWireBytes: signed.wireBytes.length
-  };
-}
-async function submitEncryptedEnvelope(client, envelopeWireHex) {
-  return client.call("lyth_submitEncrypted", [envelopeWireHex]);
-}
 function buildPlaintextSubmission(args) {
   const signed = args.backend.signEvmTx(args.tx);
   return {
@@ -905,29 +444,14 @@ async function submitPlaintextTransaction(client, signedTxWireHex, expectedTxHas
     );
   }
   const expectedBytes = hexToBytes(expectedTxHashHex, "expected tx hash");
-  if (!bytesEqual2(returnedBytes, expectedBytes)) {
+  if (!bytesEqual(returnedBytes, expectedBytes)) {
     throw new Error(
       `mesh_submitTx returned tx hash ${bytesToHex(returnedBytes)} but the locally computed canonical hash is ${bytesToHex(expectedBytes)}`
     );
   }
   return bytesToHex(returnedBytes);
 }
-async function submitTransactionWithPrivacy(args) {
-  if (args.private) {
-    const built = await buildEncryptedSubmission({
-      client: args.client,
-      backend: args.backend,
-      tx: args.tx,
-      encryptionKey: args.encryptionKey,
-      clusterId: args.clusterId,
-      clusterSealKeys: args.clusterSealKeys,
-      clusterSealKeysSource: args.clusterSealKeysSource,
-      class: args.class
-    });
-    const returned = await submitEncryptedEnvelope(args.client, built.envelopeWireHex);
-    assertRpcHash(returned, "lyth_submitEncrypted tx hash");
-    return built.innerTxHashHex;
-  }
+async function submitTransaction(args) {
   const plaintext = buildPlaintextSubmission({ backend: args.backend, tx: args.tx });
   return submitPlaintextTransaction(
     args.client,
@@ -935,58 +459,14 @@ async function submitTransactionWithPrivacy(args) {
     plaintext.innerTxHashHex
   );
 }
-function bytesEqual2(a, b) {
+function bytesEqual(a, b) {
   if (a.length !== b.length) return false;
   for (let i = 0; i < a.length; i++) {
     if (a[i] !== b[i]) return false;
   }
   return true;
 }
-async function resolveClusterSealKeys(args) {
-  if (args.clusterSealKeys !== void 0) return args.clusterSealKeys;
-  if (args.clusterSealKeysSource !== void 0) {
-    return parseClusterSealKeys(args.clusterSealKeysSource);
-  }
-  if (args.client === void 0) {
-    throw new Error(ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE);
-  }
-  const clusterId = args.clusterId ?? 0;
-  const result = await args.client.call(
-    "lyth_getClusterSealKeys",
-    [clusterId]
-  );
-  return parseClusterSealKeys({ ...result, clusterId: result.clusterId ?? clusterId });
-}
-function nonceAadForTx(tx, sender, mempoolClass) {
-  return {
-    sender,
-    nonce: parseBigint(tx.nonce, "nonce"),
-    chainId: parseBigint(tx.chainId, "chainId"),
-    class: mempoolClass ?? inferMempoolClass(tx),
-    maxFeePerGas: parseBigint(tx.maxFeePerGas, "maxFeePerGas"),
-    maxPriorityFeePerGas: parseBigint(tx.maxPriorityFeePerGas, "maxPriorityFeePerGas"),
-    gasLimit: parseBigint(tx.gasLimit, "gasLimit")
-  };
-}
-function inferMempoolClass(tx) {
-  if (tx.to === null || hasInput(tx.input)) return MempoolClass.ContractCall;
-  return MempoolClass.Transfer;
-}
-function hasInput(input) {
-  if (input === void 0) return false;
-  if (typeof input === "string") {
-    const stripped = input.startsWith("0x") || input.startsWith("0X") ? input.slice(2) : input;
-    return stripped.length > 0;
-  }
-  return input.length > 0;
-}
-function assertRpcHash(value, label) {
-  const bytes = hexToBytes(value, label);
-  if (bytes.length !== 32) {
-    throw new Error(`${label} must be 32 bytes, got ${bytes.length}`);
-  }
-}
 
-export { ADDRESS_DERIVATION_DOMAIN, BincodeWriter, CLUSTER_MLKEM_SHAMIR, CLUSTER_MLKEM_SHAMIR_ALGO, DKG_AEAD_TAG_LEN, DKG_NONCE_LEN, ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE, ENUM_VARIANT_INDEX_ML_DSA_65, ML_DSA_65_PUBLIC_KEY_LEN, ML_DSA_65_SEED_LEN, ML_DSA_65_SIGNATURE_LEN, ML_DSA_65_SIGNING_KEY_LEN, ML_KEM_768_CIPHERTEXT_LEN, ML_KEM_768_ENCAPSULATION_KEY_LEN, ML_KEM_768_SHARED_SECRET_LEN, MempoolClass, MlDsa65Backend, PQM1_ALGO_TAG_FALCON512_RESERVED, PQM1_ALGO_TAG_MLDSA65, PQM1_ALGO_TAG_MLDSA87_RESERVED, PQM1_ALGO_TAG_SLHDSA128S_RESERVED, PQM1_ENTROPY_LEN, PQM1_PAYLOAD_LEN, PQM1_V1_MLDSA65_DOMAIN_TAG, PQM1_V1_MNEMONIC_WORDS, PQM1_VERSION_V1, Pqm1Error, SEAL_COMMIT_LEN, SEAL_DK_LEN, SEAL_EK_LEN, SEAL_KEM_CT_LEN, SEAL_KEM_SEED_LEN, SEAL_KEY_LEN, SEAL_NONCE_LEN, SEAL_SHARE_LEN, SEAL_TAG_LEN, STANDARD_ALGO_NUMBER_ML_DSA_65, assemblePqm1Payload, bincodeDecryptHint, bincodeEncryptedEnvelope, bincodeNonceAad, bincodeSignedTransaction, buildEncryptedEnvelope, buildEncryptedSubmission, buildPlaintextSubmission, bytesToHex, concatBytes, cryptoRandomSource, derivePqm1MlDsa65SeedFromPayload, encodeMlDsa65Opaque, encodeSealEnvelope, encodeTransactionForHash, encryptInnerTx, expectBytes, fetchEncryptionKey, generateOperatorSealKeypair, generatePqm1Mnemonic, getClusterSealKeys, hexToBytes, mlDsa65AddressBytes, mlDsa65AddressFromPublicKey, outerSigDigest, parseClusterSealKeys, parsePqm1Payload, pqm1MnemonicToAddress, pqm1MnemonicToMlDsa65Backend, pqm1MnemonicToMlDsa65Seed, pqm1MnemonicToPayload, pqm1PayloadToMnemonic, sealRosterHash, sealToCluster, sealTransaction, submitEncryptedEnvelope, submitPlaintextTransaction, submitSealedTransaction, submitTransactionWithPrivacy };
+export { ADDRESS_DERIVATION_DOMAIN, BincodeWriter, ENUM_VARIANT_INDEX_ML_DSA_65, MLDSA65_MNEMONIC_WORDS, MLDSA65_SEED_DOMAIN, ML_DSA_65_PUBLIC_KEY_LEN, ML_DSA_65_SEED_LEN, ML_DSA_65_SIGNATURE_LEN, ML_DSA_65_SIGNING_KEY_LEN, MempoolClass, MlDsa65Backend, MnemonicError, STANDARD_ALGO_NUMBER_ML_DSA_65, bincodeSignedTransaction, buildPlaintextSubmission, bytesToHex, concatBytes, encodeMlDsa65Opaque, encodeTransactionForHash, expectBytes, generateMnemonic, hexToBytes, mlDsa65AddressBytes, mlDsa65AddressFromPublicKey, mnemonicToAddress, mnemonicToMlDsa65Backend, mnemonicToMlDsa65Seed, submitPlaintextTransaction, submitTransaction, validateMnemonic };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map