@mysten/seal 0.1.0

package/CHANGELOG.md

@@ -0,0 +1,13 @@
+# @mysten/seal
+
+## 0.1.0
+
+### Minor Changes
+
+- 8ca8df3: First publish
+
+### Patch Changes
+
+- Updated dependencies [95b1ea5]
+  - @mysten/bcs@1.4.0
+  - @mysten/sui@1.21.2

package/README.md

@@ -0,0 +1,4 @@
+# `@mysten/seal`
+
+**Warning**: This is a DEVELOPER PREVIEW of Seal. It is EXPERIMENTAL and has NO GUARANTEES of uptime
+or correctness. USE AT YOUR OWN RISK.

package/dist/cjs/aes.d.ts

@@ -0,0 +1,18 @@
+import type { CiphertextType } from './types.js';
+export declare const iv: Uint8Array<ArrayBuffer>;
+export interface EncryptionInput {
+    encrypt(key: Uint8Array): Promise<CiphertextType>;
+    generateKey(): Promise<Uint8Array>;
+}
+export declare class AesGcm256 implements EncryptionInput {
+    readonly plaintext: Uint8Array;
+    readonly aad: Uint8Array;
+    constructor(msg: Uint8Array, aad: Uint8Array);
+    generateKey(): Promise<Uint8Array>;
+    encrypt(key: Uint8Array): Promise<CiphertextType>;
+    static decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array>;
+}
+export declare class Plain implements EncryptionInput {
+    encrypt(_key: Uint8Array): Promise<CiphertextType>;
+    generateKey(): Promise<Uint8Array>;
+}

package/dist/cjs/aes.js

@@ -0,0 +1,111 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var aes_exports = {};
+__export(aes_exports, {
+  AesGcm256: () => AesGcm256,
+  Plain: () => Plain,
+  iv: () => iv
+});
+module.exports = __toCommonJS(aes_exports);
+const iv = Uint8Array.from([
+  138,
+  55,
+  153,
+  253,
+  198,
+  46,
+  121,
+  219,
+  160,
+  128,
+  89,
+  7,
+  214,
+  156,
+  148,
+  220
+]);
+async function generateAesKey() {
+  const key = await crypto.subtle.generateKey(
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    true,
+    ["encrypt", "decrypt"]
+  );
+  return await crypto.subtle.exportKey("raw", key).then((keyData) => new Uint8Array(keyData));
+}
+class AesGcm256 {
+  constructor(msg, aad) {
+    this.plaintext = new Uint8Array(msg);
+    this.aad = aad;
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+  async encrypt(key) {
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
+    const blob = new Uint8Array(
+      await crypto.subtle.encrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: this.aad
+        },
+        aesCryptoKey,
+        this.plaintext
+      )
+    );
+    return {
+      Aes256Gcm: {
+        blob,
+        aad: this.aad ?? []
+      }
+    };
+  }
+  static async decrypt(key, ciphertext) {
+    if (!("Aes256Gcm" in ciphertext)) {
+      throw new Error("Invalid ciphertext");
+    }
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
+    return new Uint8Array(
+      await crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? [])
+        },
+        aesCryptoKey,
+        new Uint8Array(ciphertext.Aes256Gcm.blob)
+      )
+    );
+  }
+}
+class Plain {
+  async encrypt(_key) {
+    return {
+      Plain: {}
+    };
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+}
+//# sourceMappingURL=aes.js.map

package/dist/cjs/aes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/aes.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { CiphertextType } from './types.js';\n\n// Use a fixed IV for AES.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<CiphertextType>;\n\tgenerateKey(): Promise<Uint8Array>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = new Uint8Array(msg);\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<CiphertextType> {\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['encrypt']);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new Error('Invalid ciphertext');\n\t\t}\n\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['decrypt']);\n\n\t\t// TODO: add test to check if aad is wrong does throw an error.\n\t\treturn new Uint8Array(\n\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t),\n\t\t);\n\t}\n}\n\nexport class Plain implements EncryptionInput {\n\tasync encrypt(_key: Uint8Array): Promise<CiphertextType> {\n\t\treturn {\n\t\t\tPlain: {},\n\t\t};\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAMO,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAsC;AACpD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAOO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY,IAAI,WAAW,GAAG;AACnC,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAA0C;AACvD,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QAAQ,KAAiB,YAAiD;AACtF,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAG5F,WAAO,IAAI;AAAA,MACV,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,QAC9D;AAAA,QACA;AAAA,QACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,MACzC;AAAA,IACD;AAAA,EACD;AACD;AAEO,MAAM,MAAiC;AAAA,EAC7C,MAAM,QAAQ,MAA2C;AACxD,WAAO;AAAA,MACN,OAAO,CAAC;AAAA,IACT;AAAA,EACD;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AACD;",
+  "names": []
+}

package/dist/cjs/bls12381.d.ts

@@ -0,0 +1,37 @@
+import type { Fp2, Fp12 } from '@noble/curves/abstract/tower';
+import type { ProjPointType } from '@noble/curves/abstract/weierstrass';
+export declare class G1Element {
+    point: ProjPointType<bigint>;
+    constructor(point: ProjPointType<bigint>);
+    static generator(): G1Element;
+    static fromBytes(bytes: Uint8Array): G1Element;
+    toBytes(): Uint8Array;
+    multiply(scalar: Scalar): G1Element;
+    add(other: G1Element): G1Element;
+    subtract(other: G1Element): G1Element;
+    static hashToCurve(data: Uint8Array): G1Element;
+    pairing(other: G2Element): GTElement;
+}
+export declare class G2Element {
+    point: ProjPointType<Fp2>;
+    constructor(point: ProjPointType<Fp2>);
+    static generator(): G2Element;
+    static fromBytes(bytes: Uint8Array): G2Element;
+    toBytes(): Uint8Array;
+    multiply(scalar: Scalar): G2Element;
+    add(other: G2Element): G2Element;
+    hashToCurve(data: Uint8Array): G2Element;
+}
+export declare class GTElement {
+    element: Fp12;
+    constructor(element: Fp12);
+    toBytes(): Uint8Array;
+}
+export declare class Scalar {
+    scalar: bigint;
+    constructor(scalar: bigint);
+    static random(): Scalar;
+    toBytes(): Uint8Array;
+    static fromBytes(bytes: Uint8Array): Scalar;
+    static fromNumber(num: number): Scalar;
+}

package/dist/cjs/bls12381.js

@@ -0,0 +1,110 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var bls12381_exports = {};
+__export(bls12381_exports, {
+  G1Element: () => G1Element,
+  G2Element: () => G2Element,
+  GTElement: () => GTElement,
+  Scalar: () => Scalar
+});
+module.exports = __toCommonJS(bls12381_exports);
+var import_bcs = require("@mysten/bcs");
+var import_bls12_381 = require("@noble/curves/bls12-381");
+class G1Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new G1Element(import_bls12_381.bls12_381.G1.ProjectivePoint.BASE);
+  }
+  static fromBytes(bytes) {
+    return new G1Element(import_bls12_381.bls12_381.G1.ProjectivePoint.fromHex((0, import_bcs.toHex)(bytes)));
+  }
+  toBytes() {
+    return this.point.toRawBytes();
+  }
+  multiply(scalar) {
+    return new G1Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new G1Element(this.point.add(other.point));
+  }
+  subtract(other) {
+    return new G1Element(this.point.subtract(other.point));
+  }
+  static hashToCurve(data) {
+    return new G1Element(
+      import_bls12_381.bls12_381.G1.ProjectivePoint.fromAffine(import_bls12_381.bls12_381.G1.hashToCurve(data).toAffine())
+    );
+  }
+  pairing(other) {
+    return new GTElement(import_bls12_381.bls12_381.pairing(this.point, other.point));
+  }
+}
+class G2Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new G2Element(import_bls12_381.bls12_381.G2.ProjectivePoint.BASE);
+  }
+  static fromBytes(bytes) {
+    return new G2Element(import_bls12_381.bls12_381.G2.ProjectivePoint.fromHex((0, import_bcs.toHex)(bytes)));
+  }
+  toBytes() {
+    return this.point.toRawBytes();
+  }
+  multiply(scalar) {
+    return new G2Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new G2Element(this.point.add(other.point));
+  }
+  hashToCurve(data) {
+    return new G2Element(
+      import_bls12_381.bls12_381.G2.ProjectivePoint.fromAffine(import_bls12_381.bls12_381.G2.hashToCurve(data).toAffine())
+    );
+  }
+}
+class GTElement {
+  constructor(element) {
+    this.element = element;
+  }
+  toBytes() {
+    return import_bls12_381.bls12_381.fields.Fp12.toBytes(this.element);
+  }
+}
+class Scalar {
+  constructor(scalar) {
+    this.scalar = scalar;
+  }
+  static random() {
+    return Scalar.fromBytes(import_bls12_381.bls12_381.utils.randomPrivateKey());
+  }
+  toBytes() {
+    return new Uint8Array(import_bls12_381.bls12_381.fields.Fr.toBytes(this.scalar));
+  }
+  static fromBytes(bytes) {
+    return new Scalar(import_bls12_381.bls12_381.fields.Fr.fromBytes(bytes));
+  }
+  static fromNumber(num) {
+    return new Scalar(BigInt(num));
+  }
+}
+//# sourceMappingURL=bls12381.js.map

package/dist/cjs/bls12381.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/bls12381.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { ProjPointType } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nexport class G1Element {\n\tpoint: ProjPointType<bigint>;\n\n\tconstructor(point: ProjPointType<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(\n\t\t\tbls12_381.G1.ProjectivePoint.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: ProjPointType<Fp2>;\n\n\tconstructor(point: ProjPointType<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\thashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(\n\t\t\tbls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn bls12_381.fields.Fp12.toBytes(this.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic random(): Scalar {\n\t\treturn Scalar.fromBytes(bls12_381.utils.randomPrivateKey());\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn new Uint8Array(bls12_381.fields.Fr.toBytes(this.scalar));\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\treturn new Scalar(bls12_381.fields.Fr.fromBytes(bytes));\n\t}\n\n\tstatic fromNumber(num: number): Scalar {\n\t\treturn new Scalar(BigInt(num));\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAsB;AAGtB,uBAA0B;AAEnB,MAAM,UAAU;AAAA,EAGtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,UAAU,2BAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,UAAU,2BAAU,GAAG,gBAAgB,YAAQ,kBAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,UAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI;AAAA,MACV,2BAAU,GAAG,gBAAgB,WAAW,2BAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,2BAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AAEO,MAAM,UAAU;AAAA,EAGtB,YAAY,OAA2B;AACtC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,UAAU,2BAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,UAAU,2BAAU,GAAG,gBAAgB,YAAQ,kBAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,UAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,YAAY,MAA6B;AACxC,WAAO,IAAI;AAAA,MACV,2BAAU,GAAG,gBAAgB,WAAW,2BAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AACD;AAEO,MAAM,UAAU;AAAA,EAGtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAsB;AACrB,WAAO,2BAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AAAA,EAClD;AACD;AAEO,MAAM,OAAO;AAAA,EAGnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,SAAiB;AACvB,WAAO,OAAO,UAAU,2BAAU,MAAM,iBAAiB,CAAC;AAAA,EAC3D;AAAA,EAEA,UAAsB;AACrB,WAAO,IAAI,WAAW,2BAAU,OAAO,GAAG,QAAQ,KAAK,MAAM,CAAC;AAAA,EAC/D;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,WAAO,IAAI,OAAO,2BAAU,OAAO,GAAG,UAAU,KAAK,CAAC;AAAA,EACvD;AAAA,EAEA,OAAO,WAAW,KAAqB;AACtC,WAAO,IAAI,OAAO,OAAO,GAAG,CAAC;AAAA,EAC9B;AACD;",
+  "names": []
+}

package/dist/cjs/elgamal.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.
+ * The ciphertext is a pair of G1Elements (48 bytes).
+ */
+export declare function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array;
+/** Generate a random secret key. */
+export declare function generateSecretKey(): Uint8Array;
+/** Derive the BLS public key for a given secret key. */
+export declare function toPublicKey(sk: Uint8Array): Uint8Array;
+/** Derive the BLS verification key for a given secret key. */
+export declare function toVerificationKey(sk: Uint8Array): Uint8Array;

package/dist/cjs/elgamal.js

@@ -0,0 +1,46 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var elgamal_exports = {};
+__export(elgamal_exports, {
+  elgamalDecrypt: () => elgamalDecrypt,
+  generateSecretKey: () => generateSecretKey,
+  toPublicKey: () => toPublicKey,
+  toVerificationKey: () => toVerificationKey
+});
+module.exports = __toCommonJS(elgamal_exports);
+var import_bls12381 = require("./bls12381.js");
+function elgamalDecrypt(sk, ciphertext) {
+  return decrypt(import_bls12381.Scalar.fromBytes(sk), [
+    import_bls12381.G1Element.fromBytes(ciphertext[0]),
+    import_bls12381.G1Element.fromBytes(ciphertext[1])
+  ]).toBytes();
+}
+function decrypt(sk, encryption) {
+  return encryption[1].subtract(encryption[0].multiply(sk));
+}
+function generateSecretKey() {
+  return import_bls12381.Scalar.random().toBytes();
+}
+function toPublicKey(sk) {
+  return import_bls12381.G1Element.generator().multiply(import_bls12381.Scalar.fromBytes(sk)).toBytes();
+}
+function toVerificationKey(sk) {
+  return import_bls12381.G2Element.generator().multiply(import_bls12381.Scalar.fromBytes(sk)).toBytes();
+}
+//# sourceMappingURL=elgamal.js.map

package/dist/cjs/elgamal.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/elgamal.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nexport function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array {\n\treturn decrypt(Scalar.fromBytes(sk), [\n\t\tG1Element.fromBytes(ciphertext[0]),\n\t\tG1Element.fromBytes(ciphertext[1]),\n\t]).toBytes();\n}\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nfunction decrypt(sk: Scalar, encryption: [G1Element, G1Element]): G1Element {\n\treturn encryption[1].subtract(encryption[0].multiply(sk));\n}\n\n// /**\n//  * Encrypt a message with a given public key. Both the public key and the message must a compressed G1Element (48 bytes).\n//  */\n// function elgamal_encrypt(pk: Uint8Array, message: Uint8Array): [Uint8Array, Uint8Array] {\n// \tconst ciphertext = encrypt(G1Element.fromBytes(pk), G1Element.fromBytes(message));\n// \treturn [ciphertext[0].toBytes(), ciphertext[1].toBytes()];\n// }\n\n// /**\n//  * Encrypt a message with a given public key. Both the public key and the message must a compressed G1Element (48 bytes).\n//  */\n// function encrypt(pk: G1Element, message: G1Element): [G1Element, G1Element] {\n// \tconst r = Scalar.random();\n// \treturn [G1Element.generator().multiply(r), pk.multiply(r).add(message)];\n// }\n\n/** Generate a random secret key. */\nexport function generateSecretKey(): Uint8Array {\n\treturn Scalar.random().toBytes();\n}\n\n/** Derive the BLS public key for a given secret key. */\nexport function toPublicKey(sk: Uint8Array): Uint8Array {\n\treturn G1Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n\n/** Derive the BLS verification key for a given secret key. */\nexport function toVerificationKey(sk: Uint8Array): Uint8Array {\n\treturn G2Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,sBAA6C;AAMtC,SAAS,eAAe,IAAgB,YAAkD;AAChG,SAAO,QAAQ,uBAAO,UAAU,EAAE,GAAG;AAAA,IACpC,0BAAU,UAAU,WAAW,CAAC,CAAC;AAAA,IACjC,0BAAU,UAAU,WAAW,CAAC,CAAC;AAAA,EAClC,CAAC,EAAE,QAAQ;AACZ;AAMA,SAAS,QAAQ,IAAY,YAA+C;AAC3E,SAAO,WAAW,CAAC,EAAE,SAAS,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD;AAmBO,SAAS,oBAAgC;AAC/C,SAAO,uBAAO,OAAO,EAAE,QAAQ;AAChC;AAGO,SAAS,YAAY,IAA4B;AACvD,SAAO,0BAAU,UAAU,EAAE,SAAS,uBAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;AAGO,SAAS,kBAAkB,IAA4B;AAC7D,SAAO,0BAAU,UAAU,EAAE,SAAS,uBAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;",
+  "names": []
+}

package/dist/cjs/encrypt.d.ts

@@ -0,0 +1,24 @@
+import type { EncryptionInput } from './aes.js';
+import type { KeyServer } from './key-server.js';
+export declare const MAX_U8 = 255;
+/**
+ * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.
+ *
+ * @param keyServers - A list of KeyServers (same server can be used multiple times)
+ * @param packageId - packageId
+ * @param id - id
+ * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.
+ * @param threshold - The threshold for the TSS encryption.
+ * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+ * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.
+ */
+export declare function encrypt<Input extends EncryptionInput>({ keyServers, threshold, packageId, id, encryptionInput, }: {
+    keyServers: KeyServer[];
+    threshold: number;
+    packageId: Uint8Array;
+    id: Uint8Array;
+    encryptionInput: Input;
+}): Promise<{
+    encryptedObject: Uint8Array;
+    key: Uint8Array;
+}>;

package/dist/cjs/encrypt.js

@@ -0,0 +1,88 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var encrypt_exports = {};
+__export(encrypt_exports, {
+  MAX_U8: () => MAX_U8,
+  encrypt: () => encrypt
+});
+module.exports = __toCommonJS(encrypt_exports);
+var import_shamir_secret_sharing = require("shamir-secret-sharing");
+var import_ibe = require("./ibe.js");
+var import_key_server = require("./key-server.js");
+var import_types = require("./types.js");
+var import_utils = require("./utils.js");
+const MAX_U8 = 255;
+async function encrypt({
+  keyServers,
+  threshold,
+  packageId,
+  id,
+  encryptionInput
+}) {
+  if (keyServers.length < threshold || threshold === 0 || keyServers.length > MAX_U8 || threshold > MAX_U8 || packageId.length !== 32) {
+    throw new Error("Invalid input");
+  }
+  if (keyServers.some((server) => server.keyType !== import_key_server.KeyServerType.BonehFranklinBLS12381)) {
+    throw new Error("Key type is not supported");
+  }
+  const ibeServers = new import_ibe.BonehFranklinBLS12381Services(keyServers);
+  const key = await encryptionInput.generateKey();
+  const ciphertext = await encryptionInput.encrypt(key);
+  const shares = await split(key, ibeServers.size(), threshold);
+  const fullId = (0, import_utils.createFullId)(import_ibe.DST, packageId, id);
+  const encrypted_shares = ibeServers.encryptBatched(
+    fullId,
+    shares.map(({ share, index }) => ({
+      msg: share,
+      info: new Uint8Array([index])
+    }))
+  );
+  const services = ibeServers.getObjectIds().map((id2, i) => [id2, shares[i].index]);
+  return {
+    encryptedObject: import_types.EncryptedObject.serialize({
+      version: 0,
+      package_id: packageId,
+      id,
+      services,
+      threshold,
+      encrypted_shares,
+      ciphertext
+    }).toBytes(),
+    key
+  };
+}
+async function split(secret, n, threshold) {
+  if (n === 0 || threshold === 0 || threshold > n) {
+    throw new Error("Invalid input");
+  } else if (threshold === 1) {
+    const result = [];
+    for (let i = 0; i < n; i++) {
+      result.push({ share: secret, index: i });
+    }
+    return Promise.resolve(result);
+  }
+  return (0, import_shamir_secret_sharing.split)(secret, n, threshold).then(
+    (share) => share.map((s) => ({
+      share: s.subarray(0, s.length - 1),
+      // split() returns the share index in the last byte
+      index: s[s.length - 1]
+    }))
+  );
+}
+//# sourceMappingURL=encrypt.js.map

package/dist/cjs/encrypt.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/encrypt.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { EncryptionInput } from './aes.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport type { KeyServer } from './key-server.js';\nimport { KeyServerType } from './key-server.js';\nimport { EncryptedObject } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt<Input extends EncryptionInput>({\n\tkeyServers,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tthreshold: number;\n\tpackageId: Uint8Array;\n\tid: Uint8Array;\n\tencryptionInput: Input;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\tpackageId.length !== 32\n\t) {\n\t\tthrow new Error('Invalid input');\n\t}\n\tif (keyServers.some((server) => server.keyType !== KeyServerType.BonehFranklinBLS12381)) {\n\t\tthrow new Error('Key type is not supported');\n\t}\n\tconst ibeServers = new BonehFranklinBLS12381Services(keyServers);\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst ciphertext = await encryptionInput.encrypt(key);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, ibeServers.size(), threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encrypted_shares = ibeServers.encryptBatched(\n\t\tfullId,\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tinfo: new Uint8Array([index]),\n\t\t})),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [Uint8Array, number][] = ibeServers\n\t\t.getObjectIds()\n\t\t.map((id, i) => [id, shares[i].index]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackage_id: packageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencrypted_shares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey,\n\t};\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid input');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,mCAAuC;AAGvC,iBAAmD;AAEnD,wBAA8B;AAC9B,mBAAgC;AAChC,mBAA6B;AAEtB,MAAM,SAAS;AAatB,eAAsB,QAAuC;AAAA,EAC5D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GASG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,UAAU,WAAW,IACpB;AACD,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,MAAI,WAAW,KAAK,CAAC,WAAW,OAAO,YAAY,gCAAc,qBAAqB,GAAG;AACxF,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC5C;AACA,QAAM,aAAa,IAAI,yCAA8B,UAAU;AAG/D,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,GAAG;AAGpD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,KAAK,GAAG,SAAS;AAG5D,QAAM,aAAS,2BAAa,gBAAK,WAAW,EAAE;AAC9C,QAAM,mBAAmB,WAAW;AAAA,IACnC;AAAA,IACA,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC;AAAA,IAC7B,EAAE;AAAA,EACH;AAGA,QAAM,WAAmC,WACvC,aAAa,EACb,IAAI,CAACA,KAAI,MAAM,CAACA,KAAI,OAAO,CAAC,EAAE,KAAK,CAAC;AAEtC,SAAO;AAAA,IACN,iBAAiB,6BAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX;AAAA,EACD;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,aAAO,6BAAAC,OAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
+  "names": ["id", "externalSplit"]
+}

package/dist/cjs/ibe.d.ts

@@ -0,0 +1,67 @@
+import { G1Element, G2Element } from './bls12381.js';
+import type { KeyServer } from './key-server.js';
+import type { IBEEncryptionsType } from './types.js';
+/**
+ * The domain separation tag for the hash-to-group function.
+ */
+export declare const DST: Uint8Array;
+/**
+ * The domain separation tag for the signing proof of possession.
+ */
+export declare const DST_POP: Uint8Array;
+/**
+ * The interface for the key servers.
+ */
+export declare abstract class IBEServers {
+    protected readonly object_ids: Uint8Array[];
+    protected constructor(object_ids: Uint8Array[]);
+    /**
+     * The object IDs of the key servers.
+     */
+    getObjectIds(): Uint8Array[];
+    /**
+     * The number of key servers.
+     */
+    size(): number;
+    /**
+     * Encrypt a batch of messages for the given identity.
+     *
+     * @param id The identity.
+     * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.
+     * @returns The encrypted messages.
+     */
+    abstract encryptBatched(id: Uint8Array, msg_and_infos: {
+        msg: Uint8Array;
+        info: Uint8Array;
+    }[]): IBEEncryptionsType;
+}
+/**
+ * Identity-based encryption based on the Boneh-Franklin IBE scheme.
+ * This object represents a set of key servers that can be used to encrypt messages for a given identity.
+ */
+export declare class BonehFranklinBLS12381Services extends IBEServers {
+    readonly public_keys: G2Element[];
+    constructor(services: KeyServer[]);
+    encryptBatched(id: Uint8Array, msg_and_infos: {
+        msg: Uint8Array;
+        info: Uint8Array;
+    }[]): IBEEncryptionsType;
+    /**
+     * Returns true if the user secret key is valid for the given public key and id.
+     * @param user_secret_key - The user secret key.
+     * @param id - The identity.
+     * @param public_key - The public key.
+     * @returns True if the user secret key is valid for the given public key and id.
+     */
+    static verifyUserSecretKey(user_secret_key: G1Element, id: Uint8Array, public_key: G2Element): boolean;
+    /**
+     * Identity-based decryption.
+     *
+     * @param nonce The encryption nonce.
+     * @param sk The user secret key.
+     * @param ciphertext The encrypted message.
+     * @param info An info parameter also included in the KDF.
+     * @returns The decrypted message.
+     */
+    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, info: Uint8Array): Uint8Array;
+}