@mysten/seal 0.1.0

package/dist/cjs/ibe.js

@@ -0,0 +1,107 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ibe_exports = {};
+__export(ibe_exports, {
+  BonehFranklinBLS12381Services: () => BonehFranklinBLS12381Services,
+  DST: () => DST,
+  DST_POP: () => DST_POP,
+  IBEServers: () => IBEServers
+});
+module.exports = __toCommonJS(ibe_exports);
+var import_bls12381 = require("./bls12381.js");
+var import_kdf = require("./kdf.js");
+var import_utils = require("./utils.js");
+const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
+const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00-POP");
+class IBEServers {
+  constructor(object_ids) {
+    this.object_ids = object_ids;
+  }
+  /**
+   * The object IDs of the key servers.
+   */
+  getObjectIds() {
+    return this.object_ids;
+  }
+  /**
+   * The number of key servers.
+   */
+  size() {
+    return this.object_ids.length;
+  }
+}
+class BonehFranklinBLS12381Services extends IBEServers {
+  constructor(services) {
+    super(services.map((service) => service.objectId));
+    this.public_keys = services.map((service) => import_bls12381.G2Element.fromBytes(service.pk));
+  }
+  encryptBatched(id, msg_and_infos) {
+    if (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {
+      throw new Error("Invalid input");
+    }
+    const [nonce, keys] = encapBatched(this.public_keys, id);
+    const encrypted_msgs = msg_and_infos.map(
+      (msg_and_info, i) => (0, import_utils.xor)(msg_and_info.msg, (0, import_kdf.kdf)(keys[i], msg_and_info.info))
+    );
+    return {
+      BonehFranklinBLS12381: {
+        encapsulation: nonce.toBytes(),
+        shares: encrypted_msgs
+      },
+      $kind: "BonehFranklinBLS12381"
+    };
+  }
+  /**
+   * Returns true if the user secret key is valid for the given public key and id.
+   * @param user_secret_key - The user secret key.
+   * @param id - The identity.
+   * @param public_key - The public key.
+   * @returns True if the user secret key is valid for the given public key and id.
+   */
+  static verifyUserSecretKey(user_secret_key, id, public_key) {
+    const lhs = user_secret_key.pairing(import_bls12381.G2Element.generator()).toBytes();
+    const rhs = import_bls12381.G1Element.hashToCurve(id).pairing(public_key).toBytes();
+    return lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);
+  }
+  /**
+   * Identity-based decryption.
+   *
+   * @param nonce The encryption nonce.
+   * @param sk The user secret key.
+   * @param ciphertext The encrypted message.
+   * @param info An info parameter also included in the KDF.
+   * @returns The decrypted message.
+   */
+  static decrypt(nonce, sk, ciphertext, info) {
+    return (0, import_utils.xor)(ciphertext, (0, import_kdf.kdf)(decap(nonce, sk), info));
+  }
+}
+function encapBatched(public_keys, id) {
+  if (public_keys.length === 0) {
+    throw new Error("Invalid input");
+  }
+  const r = import_bls12381.Scalar.random();
+  const nonce = import_bls12381.G2Element.generator().multiply(r);
+  const gid = import_bls12381.G1Element.hashToCurve(id).multiply(r);
+  return [nonce, public_keys.map((public_key) => gid.pairing(public_key))];
+}
+function decap(nonce, usk) {
+  return usk.pairing(nonce);
+}
+//# sourceMappingURL=ibe.js.map

package/dist/cjs/ibe.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/ibe.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport type { IBEEncryptionsType } from './types.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00-POP');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tprotected readonly object_ids: Uint8Array[];\n\n\tprotected constructor(object_ids: Uint8Array[]) {\n\t\tthis.object_ids = object_ids;\n\t}\n\n\t/**\n\t * The object IDs of the key servers.\n\t */\n\tgetObjectIds(): Uint8Array[] {\n\t\treturn this.object_ids;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.object_ids.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly public_keys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.public_keys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType {\n\t\tif (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {\n\t\t\tthrow new Error('Invalid input');\n\t\t}\n\t\tconst [nonce, keys] = encapBatched(this.public_keys, id);\n\t\tconst encrypted_msgs = msg_and_infos.map((msg_and_info, i) =>\n\t\t\txor(msg_and_info.msg, kdf(keys[i], msg_and_info.info)),\n\t\t);\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tencapsulation: nonce.toBytes(),\n\t\t\t\tshares: encrypted_msgs,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(\n\t\tuser_secret_key: G1Element,\n\t\tid: Uint8Array,\n\t\tpublic_key: G2Element,\n\t): boolean {\n\t\tconst lhs = user_secret_key.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(id).pairing(public_key).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tinfo: Uint8Array,\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), info));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param public_keys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(public_keys: G2Element[], id: Uint8Array): [G2Element, GTElement[]] {\n\tif (public_keys.length === 0) {\n\t\tthrow new Error('Invalid input');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [nonce, public_keys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,sBAA6C;AAC7C,iBAAoB;AAGpB,mBAAoB;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGtB,YAAY,YAA0B;AAC/C,SAAK,aAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,eAA6B;AAC5B,WAAO,KAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,WAAW;AAAA,EACxB;AAaD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,cAAc,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC7E;AAAA,EAEA,eACC,IACA,eACqB;AACrB,QAAI,KAAK,YAAY,WAAW,KAAK,KAAK,YAAY,WAAW,cAAc,QAAQ;AACtF,YAAM,IAAI,MAAM,eAAe;AAAA,IAChC;AACA,UAAM,CAAC,OAAO,IAAI,IAAI,aAAa,KAAK,aAAa,EAAE;AACvD,UAAM,iBAAiB,cAAc;AAAA,MAAI,CAAC,cAAc,UACvD,kBAAI,aAAa,SAAK,gBAAI,KAAK,CAAC,GAAG,aAAa,IAAI,CAAC;AAAA,IACtD;AAEA,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,eAAe,MAAM,QAAQ;AAAA,QAC7B,QAAQ;AAAA,MACT;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBACN,iBACA,IACA,YACU;AACV,UAAM,MAAM,gBAAgB,QAAQ,0BAAU,UAAU,CAAC,EAAE,QAAQ;AACnE,UAAM,MAAM,0BAAU,YAAY,EAAE,EAAE,QAAQ,UAAU,EAAE,QAAQ;AAClE,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,MACa;AACb,eAAO,kBAAI,gBAAY,gBAAI,MAAM,OAAO,EAAE,GAAG,IAAI,CAAC;AAAA,EACnD;AACD;AASA,SAAS,aAAa,aAA0B,IAA0C;AACzF,MAAI,YAAY,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,IAAI,uBAAO,OAAO;AACxB,QAAM,QAAQ,0BAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,0BAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,OAAO,YAAY,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AACxE;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
+  "names": []
+}

package/dist/cjs/index.d.ts

@@ -0,0 +1,6 @@
+export { AesGcm256 } from './aes.js';
+export { encrypt } from './encrypt.js';
+export { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer } from './key-server.js';
+export { KeyStore } from './key-store.js';
+export { SessionKey } from './session-key.js';
+export { EncryptedObject } from './types.js';

package/dist/cjs/index.js

@@ -0,0 +1,37 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var index_exports = {};
+__export(index_exports, {
+  AesGcm256: () => import_aes.AesGcm256,
+  EncryptedObject: () => import_types.EncryptedObject,
+  KeyStore: () => import_key_store.KeyStore,
+  SessionKey: () => import_session_key.SessionKey,
+  encrypt: () => import_encrypt.encrypt,
+  getAllowlistedKeyServers: () => import_key_server.getAllowlistedKeyServers,
+  retrieveKeyServers: () => import_key_server.retrieveKeyServers,
+  verifyKeyServer: () => import_key_server.verifyKeyServer
+});
+module.exports = __toCommonJS(index_exports);
+var import_aes = require("./aes.js");
+var import_encrypt = require("./encrypt.js");
+var import_key_server = require("./key-server.js");
+var import_key_store = require("./key-store.js");
+var import_session_key = require("./session-key.js");
+var import_types = require("./types.js");
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { AesGcm256 } from './aes.js';\nexport { encrypt } from './encrypt.js';\nexport { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer } from './key-server.js';\nexport { KeyStore } from './key-store.js';\nexport { SessionKey } from './session-key.js';\nexport { EncryptedObject } from './types.js';\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA0B;AAC1B,qBAAwB;AACxB,wBAA8E;AAC9E,uBAAyB;AACzB,yBAA2B;AAC3B,mBAAgC;",
+  "names": []
+}

package/dist/cjs/kdf.d.ts

@@ -0,0 +1,9 @@
+import type { GTElement } from './bls12381.js';
+/**
+ * The default key derivation function.
+ *
+ * @param element The GTElement to derive the key from.
+ * @param info Optional context and application specific information.
+ * @returns The derived key.
+ */
+export declare function kdf(element: GTElement, info: Uint8Array): Uint8Array;

package/dist/cjs/kdf.js

@@ -0,0 +1,29 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var kdf_exports = {};
+__export(kdf_exports, {
+  kdf: () => kdf
+});
+module.exports = __toCommonJS(kdf_exports);
+var import_hkdf = require("@noble/hashes/hkdf");
+var import_sha3 = require("@noble/hashes/sha3");
+function kdf(element, info) {
+  return (0, import_hkdf.hkdf)(import_sha3.sha3_256, element.toBytes(), "", info, 32);
+}
+//# sourceMappingURL=kdf.js.map

package/dist/cjs/kdf.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/kdf.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(element: GTElement, info: Uint8Array): Uint8Array {\n\treturn hkdf(sha3_256, element.toBytes(), '', info, 32);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,kBAAqB;AACrB,kBAAyB;AAWlB,SAAS,IAAI,SAAoB,MAA8B;AACrE,aAAO,kBAAK,sBAAU,QAAQ,QAAQ,GAAG,IAAI,MAAM,EAAE;AACtD;",
+  "names": []
+}

package/dist/cjs/key-server.d.ts

@@ -0,0 +1,38 @@
+import type { SuiClient } from '@mysten/sui/client';
+export type KeyServer = {
+    objectId: Uint8Array;
+    name: string;
+    url: string;
+    keyType: KeyServerType;
+    pk: Uint8Array;
+};
+export declare enum KeyServerType {
+    BonehFranklinBLS12381 = 0
+}
+/**
+ * Returns a static list of Seal key server object ids that the dapp can choose to use.
+ * @param network - The network to use.
+ * @returns The object id's of the key servers.
+ */
+export declare function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): Uint8Array[];
+/**
+ * Given a list of key server object IDs, returns a list of SealKeyServer
+ * from onchain state containing name, objectId, URL and pk.
+ *
+ * @param objectIds - The key server object IDs.
+ * @param client - The SuiClient to use.
+ * @returns - An array of SealKeyServer.
+ */
+export declare function retrieveKeyServers({ objectIds, client, }: {
+    objectIds: Uint8Array[];
+    client: SuiClient;
+}): Promise<KeyServer[]>;
+/**
+ * Given a KeyServer, fetch the proof of possesion (PoP) from the URL and verify it
+ * against the pubkey. This should be used only rarely when the dapp uses a dynamic
+ * set of key servers.
+ *
+ * @param server - The KeyServer to verify.
+ * @returns - True if the key server is valid, false otherwise.
+ */
+export declare function verifyKeyServer(server: KeyServer): Promise<boolean>;

package/dist/cjs/key-server.js

@@ -0,0 +1,98 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var key_server_exports = {};
+__export(key_server_exports, {
+  KeyServerType: () => KeyServerType,
+  getAllowlistedKeyServers: () => getAllowlistedKeyServers,
+  retrieveKeyServers: () => retrieveKeyServers,
+  verifyKeyServer: () => verifyKeyServer
+});
+module.exports = __toCommonJS(key_server_exports);
+var import_bcs = require("@mysten/bcs");
+var import_bcs2 = require("@mysten/sui/bcs");
+var import_bls12_381 = require("@noble/curves/bls12-381");
+var import_ibe = require("./ibe.js");
+var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
+  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
+  return KeyServerType2;
+})(KeyServerType || {});
+const KeyServerMove = import_bcs2.bcs.struct("KeyServer", {
+  id: import_bcs2.bcs.Address,
+  name: import_bcs2.bcs.string(),
+  url: import_bcs2.bcs.string(),
+  key_type: import_bcs2.bcs.u8(),
+  pk: import_bcs2.bcs.vector(import_bcs2.bcs.u8())
+});
+function getAllowlistedKeyServers(network) {
+  if (network === "testnet") {
+    return [
+      (0, import_bcs.fromHex)("0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8"),
+      (0, import_bcs.fromHex)("0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06")
+    ];
+  } else {
+    throw new Error("Network not supported");
+  }
+}
+async function retrieveKeyServers({
+  objectIds,
+  client
+}) {
+  return await Promise.all(
+    objectIds.map(async (objectId) => {
+      const res = await client.getObject({
+        id: (0, import_bcs.toHex)(objectId),
+        options: {
+          showBcs: true
+        }
+      });
+      if (!res || res.error || !res.data) {
+        throw new Error(`KeyServer ${objectId} not found; ${res.error}`);
+      }
+      if (!res.data.bcs || !("bcsBytes" in res.data.bcs)) {
+        throw new Error(`Invalid KeyServer query: ${objectId}, expected object, got package`);
+      }
+      let ks = KeyServerMove.parse((0, import_bcs.fromBase64)(res.data.bcs.bcsBytes));
+      if (ks.key_type !== 0) {
+        throw new Error("Unsupported key type");
+      }
+      return {
+        objectId,
+        name: ks.name,
+        url: ks.url,
+        keyType: 0 /* BonehFranklinBLS12381 */,
+        pk: new Uint8Array(ks.pk)
+      };
+    })
+  );
+}
+async function verifyKeyServer(server) {
+  const response = await fetch(server.url + "/v1/service", {
+    method: "GET",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+  const serviceResponse = await response.json();
+  if (serviceResponse.service_id !== server.objectId) {
+    return false;
+  }
+  const fullMsg = new Uint8Array([...import_ibe.DST_POP, ...server.pk, ...server.objectId]);
+  return import_bls12_381.bls12_381.verifyShortSignature((0, import_bcs.fromBase64)(serviceResponse.pop), fullMsg, server.pk);
+}
+//# sourceMappingURL=key-server.js.map

package/dist/cjs/key-server.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/key-server.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport type { SuiClient } from '@mysten/sui/client';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { DST_POP } from './ibe.js';\n\nexport type KeyServer = {\n\tobjectId: Uint8Array;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\n// The Move struct for the KeyServer object.\nconst KeyServerMove = bcs.struct('KeyServer', {\n\tid: bcs.Address,\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tkey_type: bcs.u8(),\n\tpk: bcs.vector(bcs.u8()),\n});\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): Uint8Array[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\tfromHex('0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8'),\n\t\t\tfromHex('0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06'),\n\t\t];\n\t} else {\n\t\tthrow new Error('Network not supported');\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: Uint8Array[];\n\tclient: SuiClient;\n}): Promise<KeyServer[]> {\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tconst res = await client.getObject({\n\t\t\t\tid: toHex(objectId),\n\t\t\t\toptions: {\n\t\t\t\t\tshowBcs: true,\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!res || res.error || !res.data) {\n\t\t\t\tthrow new Error(`KeyServer ${objectId} not found; ${res.error}`);\n\t\t\t}\n\n\t\t\tif (!res.data.bcs || !('bcsBytes' in res.data.bcs)) {\n\t\t\t\tthrow new Error(`Invalid KeyServer query: ${objectId}, expected object, got package`);\n\t\t\t}\n\n\t\t\tlet ks = KeyServerMove.parse(fromBase64(res.data.bcs!.bcsBytes));\n\t\t\tif (ks.key_type !== 0) {\n\t\t\t\tthrow new Error('Unsupported key type');\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possesion (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer): Promise<boolean> {\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t},\n\t});\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...server.objectId]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,iBAA2C;AAC3C,IAAAA,cAAoB;AAEpB,uBAA0B;AAE1B,iBAAwB;AAUjB,IAAK,gBAAL,kBAAKC,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAKZ,MAAM,gBAAgB,gBAAI,OAAO,aAAa;AAAA,EAC7C,IAAI,gBAAI;AAAA,EACR,MAAM,gBAAI,OAAO;AAAA,EACjB,KAAK,gBAAI,OAAO;AAAA,EAChB,UAAU,gBAAI,GAAG;AAAA,EACjB,IAAI,gBAAI,OAAO,gBAAI,GAAG,CAAC;AACxB,CAAC;AAOM,SAAS,yBAAyB,SAA8C;AACtF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,UACN,oBAAQ,oEAAoE;AAAA,UAC5E,oBAAQ,oEAAoE;AAAA,IAC7E;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AACxB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,YAAM,MAAM,MAAM,OAAO,UAAU;AAAA,QAClC,QAAI,kBAAM,QAAQ;AAAA,QAClB,SAAS;AAAA,UACR,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AACD,UAAI,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,MAAM;AACnC,cAAM,IAAI,MAAM,aAAa,QAAQ,eAAe,IAAI,KAAK,EAAE;AAAA,MAChE;AAEA,UAAI,CAAC,IAAI,KAAK,OAAO,EAAE,cAAc,IAAI,KAAK,MAAM;AACnD,cAAM,IAAI,MAAM,4BAA4B,QAAQ,gCAAgC;AAAA,MACrF;AAEA,UAAI,KAAK,cAAc,UAAM,uBAAW,IAAI,KAAK,IAAK,QAAQ,CAAC;AAC/D,UAAI,GAAG,aAAa,GAAG;AACtB,cAAM,IAAI,MAAM,sBAAsB;AAAA,MACvC;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAqC;AAC1E,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,IACjB;AAAA,EACD,CAAC;AACD,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,oBAAS,GAAG,OAAO,IAAI,GAAG,OAAO,QAAQ,CAAC;AAC7E,SAAO,2BAAU,yBAAqB,uBAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;",
+  "names": ["import_bcs", "KeyServerType"]
+}

package/dist/cjs/key-store.d.ts

@@ -0,0 +1,49 @@
+import { G1Element } from './bls12381.js';
+import type { KeyServer } from './key-server.js';
+import type { SessionKey } from './session-key.js';
+import type { EncryptedObject } from './types.js';
+/**
+ * A class to cache user secret keys after they have been fetched from key servers.
+ */
+export declare class KeyStore {
+    private readonly keys_map;
+    constructor();
+    private createMapKey;
+    /** @internal */
+    addKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element): void;
+    /**
+     * Get a key from this KeyStore or undefined if the key is not found.
+     *
+     * @param fullId The full ID used to derive the key.
+     * @param objectId The object ID of the key server holding the key.
+     */
+    private getKey;
+    /**
+     * Check if the key store has a key for the given full ID and object ID.
+     *
+     * @param fullId The full ID used to derive the key.
+     * @param objectId The object ID of the key server holding the key.
+     */
+    private hasKey;
+    /**
+     * Look up URLs of key servers and fetch key from servers with request signature,
+     * cert and ephPk, then updates the caching keys_map.
+     */
+    fetchKeys({ keyServers, threshold: _threshold, packageId, ids, txBytes, sessionKey, }: {
+        keyServers: KeyServer[];
+        threshold: number;
+        packageId: Uint8Array;
+        ids: Uint8Array[];
+        txBytes: Uint8Array;
+        sessionKey: SessionKey;
+    }): Promise<void>;
+    /**
+     * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
+     * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
+     * otherwise, this will throw an error.
+     *
+     * @param encryptedObject - EncryptedObject.
+     * @returns - The decrypted plaintext corresponding to ciphertext.
+     */
+    decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array>;
+}

package/dist/cjs/key-store.js

@@ -0,0 +1,203 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var key_store_exports = {};
+__export(key_store_exports, {
+  KeyStore: () => KeyStore
+});
+module.exports = __toCommonJS(key_store_exports);
+var import_bcs = require("@mysten/bcs");
+var import_shamir_secret_sharing = require("shamir-secret-sharing");
+var import_aes = require("./aes.js");
+var import_bls12381 = require("./bls12381.js");
+var import_elgamal = require("./elgamal.js");
+var import_ibe = require("./ibe.js");
+var import_key_server = require("./key-server.js");
+var import_utils = require("./utils.js");
+class KeyStore {
+  constructor() {
+    this.keys_map = /* @__PURE__ */ new Map();
+  }
+  createMapKey(fullId, objectId) {
+    return (0, import_bcs.toHex)(fullId) + ":" + (0, import_bcs.toHex)(objectId);
+  }
+  /** @internal */
+  addKey(fullId, objectId, key) {
+    this.keys_map.set(this.createMapKey(fullId, objectId), key);
+  }
+  /**
+   * Get a key from this KeyStore or undefined if the key is not found.
+   *
+   * @param fullId The full ID used to derive the key.
+   * @param objectId The object ID of the key server holding the key.
+   */
+  getKey(fullId, objectId) {
+    return this.keys_map.get(this.createMapKey(fullId, objectId));
+  }
+  /**
+   * Check if the key store has a key for the given full ID and object ID.
+   *
+   * @param fullId The full ID used to derive the key.
+   * @param objectId The object ID of the key server holding the key.
+   */
+  hasKey(fullId, objectId) {
+    return this.keys_map.has(this.createMapKey(fullId, objectId));
+  }
+  /**
+   * Look up URLs of key servers and fetch key from servers with request signature,
+   * cert and ephPk, then updates the caching keys_map.
+   */
+  async fetchKeys({
+    keyServers,
+    threshold: _threshold,
+    packageId,
+    ids,
+    txBytes,
+    sessionKey
+  }) {
+    if (ids.length !== 1) {
+      throw new Error("Only one ID is supported");
+    }
+    const fullId = (0, import_utils.createFullId)(import_ibe.DST, packageId, ids[0]);
+    const remainingKeyServers = keyServers.filter((ks) => !this.hasKey(fullId, ks.objectId));
+    if (remainingKeyServers.length === 0) {
+      return;
+    }
+    const cert = sessionKey.getCertificate();
+    const signedRequest = await sessionKey.createRequestParams(txBytes);
+    await Promise.all(
+      remainingKeyServers.map(async (server) => {
+        if (server.keyType !== import_key_server.KeyServerType.BonehFranklinBLS12381) {
+          console.warn("Server has invalid key type: " + server.keyType);
+          return;
+        }
+        const res = await fetchKey(
+          server.url,
+          signedRequest.request_signature,
+          txBytes,
+          signedRequest.decryption_key,
+          cert
+        );
+        const key = import_bls12381.G1Element.fromBytes(res.key);
+        if (!import_ibe.BonehFranklinBLS12381Services.verifyUserSecretKey(
+          key,
+          fullId,
+          import_bls12381.G2Element.fromBytes(server.pk)
+        )) {
+          console.warn("Received invalid key from key server " + server.objectId);
+          return;
+        }
+        this.addKey(fullId, server.objectId, key);
+      })
+    );
+  }
+  /**
+   * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
+   * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
+   * otherwise, this will throw an error.
+   *
+   * @param encryptedObject - EncryptedObject.
+   * @returns - The decrypted plaintext corresponding to ciphertext.
+   */
+  async decrypt(encryptedObject) {
+    if (!encryptedObject.encrypted_shares.BonehFranklinBLS12381) {
+      throw new Error("Encryption mode not supported");
+    }
+    const fullId = (0, import_utils.createFullId)(
+      import_ibe.DST,
+      encryptedObject.package_id,
+      new Uint8Array(encryptedObject.id)
+    );
+    const in_keystore = encryptedObject.services.map((_, i) => i).filter((i) => this.hasKey(fullId, encryptedObject.services[i][0]));
+    if (in_keystore.length < encryptedObject.threshold) {
+      throw new Error("Not enough shares. Please fetch more keys.");
+    }
+    const encryptedShares = encryptedObject.encrypted_shares.BonehFranklinBLS12381.shares;
+    if (encryptedShares.length !== encryptedObject.services.length) {
+      throw new Error("Invalid input");
+    }
+    const nonce = import_bls12381.G2Element.fromBytes(
+      encryptedObject.encrypted_shares.BonehFranklinBLS12381.encapsulation
+    );
+    const shares = in_keystore.map((i) => {
+      const [objectId, index] = encryptedObject.services[i];
+      const info = new Uint8Array([index]);
+      let share = import_ibe.BonehFranklinBLS12381Services.decrypt(
+        nonce,
+        this.getKey(fullId, objectId),
+        encryptedShares[i],
+        info
+      );
+      return { index, share };
+    });
+    const key = await combine(shares);
+    if (encryptedObject.ciphertext.Aes256Gcm) {
+      try {
+        return import_aes.AesGcm256.decrypt(key, encryptedObject.ciphertext);
+      } catch {
+        throw new Error("Decryption failed");
+      }
+    } else if (encryptedObject.ciphertext.Plain) {
+      return key;
+    } else {
+      throw new Error("Invalid encrypted object");
+    }
+  }
+}
+async function fetchKey(url, requestSig, txBytes, enc_key, certificate) {
+  const enc_key_pk = (0, import_elgamal.toPublicKey)(enc_key);
+  const enc_verification_key = (0, import_elgamal.toVerificationKey)(enc_key);
+  const body = {
+    ptb: (0, import_bcs.toBase64)(txBytes.slice(1)),
+    // removes the byte of the transaction type version
+    enc_key: (0, import_bcs.toBase64)(enc_key_pk),
+    enc_verification_key: (0, import_bcs.toBase64)(enc_verification_key),
+    request_signature: requestSig,
+    // already b64
+    certificate
+  };
+  const response = await fetch(url + "/v1/fetch_key", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(body)
+  });
+  const resp = await response.json();
+  const key = (0, import_elgamal.elgamalDecrypt)(enc_key, resp.decryption_keys[0].encrypted_key.map(import_bcs.fromBase64));
+  return {
+    fullId: resp.decryption_keys[0].fullId,
+    key
+  };
+}
+async function combine(shares) {
+  if (shares.length === 0) {
+    throw new Error("Invalid input");
+  } else if (shares.length === 1) {
+    return Promise.resolve(shares[0].share);
+  }
+  return (0, import_shamir_secret_sharing.combine)(
+    shares.map(({ index, share }) => {
+      const packedShare = new Uint8Array(share.length + 1);
+      packedShare.set(share, 0);
+      packedShare[share.length] = index;
+      return packedShare;
+    })
+  );
+}
+//# sourceMappingURL=key-store.js.map