@mysten/seal 0.1.0

package/dist/cjs/key-store.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/key-store.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64, toHex } from '@mysten/bcs';\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport { AesGcm256 } from './aes.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { elgamalDecrypt, toPublicKey, toVerificationKey } from './elgamal.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport type { KeyServer } from './key-server.js';\nimport { KeyServerType } from './key-server.js';\nimport type { Certificate, SessionKey } from './session-key.js';\nimport type { EncryptedObject } from './types.js';\nimport { createFullId } from './utils.js';\n\n/**\n * A class to cache user secret keys after they have been fetched from key servers.\n */\nexport class KeyStore {\n\t// A caching map for: fullId:object_id -> partial key.\n\tprivate readonly keys_map: Map<string, G1Element>;\n\n\tconstructor() {\n\t\tthis.keys_map = new Map();\n\t}\n\n\tprivate createMapKey(fullId: Uint8Array, objectId: Uint8Array): string {\n\t\treturn toHex(fullId) + ':' + toHex(objectId);\n\t}\n\n\t/** @internal */\n\taddKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element) {\n\t\tthis.keys_map.set(this.createMapKey(fullId, objectId), key);\n\t}\n\n\t/**\n\t * Get a key from this KeyStore or undefined if the key is not found.\n\t *\n\t * @param fullId The full ID used to derive the key.\n\t * @param objectId The object ID of the key server holding the key.\n\t */\n\tprivate getKey(fullId: Uint8Array, objectId: Uint8Array): G1Element | undefined {\n\t\treturn this.keys_map.get(this.createMapKey(fullId, objectId));\n\t}\n\n\t/**\n\t * Check if the key store has a key for the given full ID and object ID.\n\t *\n\t * @param fullId The full ID used to derive the key.\n\t * @param objectId The object ID of the key server holding the key.\n\t */\n\tprivate hasKey(fullId: Uint8Array, objectId: Uint8Array): boolean {\n\t\treturn this.keys_map.has(this.createMapKey(fullId, objectId));\n\t}\n\n\t/**\n\t * Look up URLs of key servers and fetch key from servers with request signature,\n\t * cert and ephPk, then updates the caching keys_map.\n\t */\n\tasync fetchKeys({\n\t\tkeyServers,\n\t\tthreshold: _threshold,\n\t\tpackageId,\n\t\tids,\n\t\ttxBytes,\n\t\tsessionKey,\n\t}: {\n\t\tkeyServers: KeyServer[];\n\t\tthreshold: number;\n\t\tpackageId: Uint8Array;\n\t\tids: Uint8Array[];\n\t\ttxBytes: Uint8Array;\n\t\tsessionKey: SessionKey;\n\t}) {\n\t\t// TODO: support multiple ids.\n\t\tif (ids.length !== 1) {\n\t\t\tthrow new Error('Only one ID is supported');\n\t\t}\n\t\tconst fullId = createFullId(DST, packageId, ids[0]);\n\t\tconst remainingKeyServers = keyServers.filter((ks) => !this.hasKey(fullId, ks.objectId));\n\t\tif (remainingKeyServers.length === 0) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cert = sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\t// TODO: wait for t valid keys, either from completed promises (not failures) or from the cache.\n\t\t// TODO: detect an expired session key and raise an error.\n\t\tawait Promise.all(\n\t\t\tremainingKeyServers.map(async (server) => {\n\t\t\t\tif (server.keyType !== KeyServerType.BonehFranklinBLS12381) {\n\t\t\t\t\tconsole.warn('Server has invalid key type: ' + server.keyType);\n\t\t\t\t\treturn;\n\t\t\t\t}\n\t\t\t\tconst res = await fetchKey(\n\t\t\t\t\tserver.url,\n\t\t\t\t\tsignedRequest.request_signature,\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsignedRequest.decryption_key,\n\t\t\t\t\tcert,\n\t\t\t\t);\n\n\t\t\t\tconst key = G1Element.fromBytes(res.key);\n\t\t\t\tif (\n\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\tkey,\n\t\t\t\t\t\tfullId,\n\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t)\n\t\t\t\t) {\n\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tthis.addKey(fullId, server.objectId, key);\n\t\t\t}),\n\t\t);\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n\t * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n\t * otherwise, this will throw an error.\n\t *\n\t * @param encryptedObject - EncryptedObject.\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array> {\n\t\tif (!encryptedObject.encrypted_shares.BonehFranklinBLS12381) {\n\t\t\tthrow new Error('Encryption mode not supported');\n\t\t}\n\n\t\tconst fullId = createFullId(\n\t\t\tDST,\n\t\t\tencryptedObject.package_id,\n\t\t\tnew Uint8Array(encryptedObject.id),\n\t\t);\n\n\t\t// Get the indices of the service whose keys are in the keystore.\n\t\tconst in_keystore = encryptedObject.services\n\t\t\t.map((_, i) => i)\n\t\t\t.filter((i) => this.hasKey(fullId, encryptedObject.services[i][0]));\n\t\tif (in_keystore.length < encryptedObject.threshold) {\n\t\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t\t}\n\n\t\tconst encryptedShares = encryptedObject.encrypted_shares.BonehFranklinBLS12381.shares;\n\t\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\t\tthrow new Error('Invalid input');\n\t\t}\n\n\t\tconst nonce = G2Element.fromBytes(\n\t\t\tencryptedObject.encrypted_shares.BonehFranklinBLS12381.encapsulation,\n\t\t);\n\n\t\t// Decrypt each share.\n\t\tconst shares = in_keystore.map((i: number) => {\n\t\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\t\tconst info = new Uint8Array([index]);\n\t\t\tlet share = BonehFranklinBLS12381Services.decrypt(\n\t\t\t\tnonce,\n\t\t\t\tthis.getKey(fullId, objectId)!,\n\t\t\t\tencryptedShares[i],\n\t\t\t\tinfo,\n\t\t\t);\n\t\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\t\treturn { index, share };\n\t\t});\n\n\t\t// Combine the decrypted shares into the key.\n\t\tconst key = await combine(shares);\n\n\t\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\t\ttry {\n\t\t\t\t// Decrypt the ciphertext with the key.\n\t\t\t\treturn AesGcm256.decrypt(key, encryptedObject.ciphertext);\n\t\t\t} catch {\n\t\t\t\tthrow new Error('Decryption failed');\n\t\t\t}\n\t\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t\t// In case `Plain` mode is used, return the key.\n\t\t\treturn key;\n\t\t} else {\n\t\t\tthrow new Error('Invalid encrypted object');\n\t\t}\n\t}\n}\n\n/**\n * Helper function to request a Seal key from URL with requestSig, txBytes, ephemeral pubkey.\n * Then decrypt the Seal key with ephemeral secret key.\n */\nasync function fetchKey(\n\turl: string,\n\trequestSig: string,\n\ttxBytes: Uint8Array,\n\tenc_key: Uint8Array,\n\tcertificate: Certificate,\n): Promise<{ fullId: Uint8Array; key: Uint8Array }> {\n\tconst enc_key_pk = toPublicKey(enc_key);\n\tconst enc_verification_key = toVerificationKey(enc_key);\n\tconst body = {\n\t\tptb: toBase64(txBytes.slice(1)), // removes the byte of the transaction type version\n\t\tenc_key: toBase64(enc_key_pk),\n\t\tenc_verification_key: toBase64(enc_verification_key),\n\t\trequest_signature: requestSig, // already b64\n\t\tcertificate,\n\t};\n\tconst response = await fetch(url + '/v1/fetch_key', {\n\t\tmethod: 'POST',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t},\n\t\tbody: JSON.stringify(body),\n\t});\n\tconst resp = await response.json();\n\t// TODO: handle the different error responses.\n\t// TODO: handle multiple decryption keys.\n\tconst key = elgamalDecrypt(enc_key, resp.decryption_keys[0].encrypted_key.map(fromBase64));\n\treturn {\n\t\tfullId: resp.decryption_keys[0].fullId,\n\t\tkey,\n\t};\n}\n\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid input');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAA4C;AAC5C,mCAA2C;AAE3C,iBAA0B;AAC1B,sBAAqC;AACrC,qBAA+D;AAC/D,iBAAmD;AAEnD,wBAA8B;AAG9B,mBAA6B;AAKtB,MAAM,SAAS;AAAA,EAIrB,cAAc;AACb,SAAK,WAAW,oBAAI,IAAI;AAAA,EACzB;AAAA,EAEQ,aAAa,QAAoB,UAA8B;AACtE,eAAO,kBAAM,MAAM,IAAI,UAAM,kBAAM,QAAQ;AAAA,EAC5C;AAAA;AAAA,EAGA,OAAO,QAAoB,UAAsB,KAAgB;AAChE,SAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,GAAG,GAAG;AAAA,EAC3D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,OAAO,QAAoB,UAA6C;AAC/E,WAAO,KAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,CAAC;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQQ,OAAO,QAAoB,UAA+B;AACjE,WAAO,KAAK,SAAS,IAAI,KAAK,aAAa,QAAQ,QAAQ,CAAC;AAAA,EAC7D;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAU;AAAA,IACf;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAOG;AAEF,QAAI,IAAI,WAAW,GAAG;AACrB,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC3C;AACA,UAAM,aAAS,2BAAa,gBAAK,WAAW,IAAI,CAAC,CAAC;AAClD,UAAM,sBAAsB,WAAW,OAAO,CAAC,OAAO,CAAC,KAAK,OAAO,QAAQ,GAAG,QAAQ,CAAC;AACvF,QAAI,oBAAoB,WAAW,GAAG;AACrC;AAAA,IACD;AAEA,UAAM,OAAO,WAAW,eAAe;AACvC,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAIlE,UAAM,QAAQ;AAAA,MACb,oBAAoB,IAAI,OAAO,WAAW;AACzC,YAAI,OAAO,YAAY,gCAAc,uBAAuB;AAC3D,kBAAQ,KAAK,kCAAkC,OAAO,OAAO;AAC7D;AAAA,QACD;AACA,cAAM,MAAM,MAAM;AAAA,UACjB,OAAO;AAAA,UACP,cAAc;AAAA,UACd;AAAA,UACA,cAAc;AAAA,UACd;AAAA,QACD;AAEA,cAAM,MAAM,0BAAU,UAAU,IAAI,GAAG;AACvC,YACC,CAAC,yCAA8B;AAAA,UAC9B;AAAA,UACA;AAAA,UACA,0BAAU,UAAU,OAAO,EAAE;AAAA,QAC9B,GACC;AACD,kBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,QACD;AAEA,aAAK,OAAO,QAAQ,OAAO,UAAU,GAAG;AAAA,MACzC,CAAC;AAAA,IACF;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QAAQ,iBAAyE;AACtF,QAAI,CAAC,gBAAgB,iBAAiB,uBAAuB;AAC5D,YAAM,IAAI,MAAM,+BAA+B;AAAA,IAChD;AAEA,UAAM,aAAS;AAAA,MACd;AAAA,MACA,gBAAgB;AAAA,MAChB,IAAI,WAAW,gBAAgB,EAAE;AAAA,IAClC;AAGA,UAAM,cAAc,gBAAgB,SAClC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,OAAO,QAAQ,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;AACnE,QAAI,YAAY,SAAS,gBAAgB,WAAW;AACnD,YAAM,IAAI,MAAM,4CAA4C;AAAA,IAC7D;AAEA,UAAM,kBAAkB,gBAAgB,iBAAiB,sBAAsB;AAC/E,QAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,YAAM,IAAI,MAAM,eAAe;AAAA,IAChC;AAEA,UAAM,QAAQ,0BAAU;AAAA,MACvB,gBAAgB,iBAAiB,sBAAsB;AAAA,IACxD;AAGA,UAAM,SAAS,YAAY,IAAI,CAAC,MAAc;AAC7C,YAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,YAAM,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC;AACnC,UAAI,QAAQ,yCAA8B;AAAA,QACzC;AAAA,QACA,KAAK,OAAO,QAAQ,QAAQ;AAAA,QAC5B,gBAAgB,CAAC;AAAA,QACjB;AAAA,MACD;AAEA,aAAO,EAAE,OAAO,MAAM;AAAA,IACvB,CAAC;AAGD,UAAM,MAAM,MAAM,QAAQ,MAAM;AAEhC,QAAI,gBAAgB,WAAW,WAAW;AACzC,UAAI;AAEH,eAAO,qBAAU,QAAQ,KAAK,gBAAgB,UAAU;AAAA,MACzD,QAAQ;AACP,cAAM,IAAI,MAAM,mBAAmB;AAAA,MACpC;AAAA,IACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,aAAO;AAAA,IACR,OAAO;AACN,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC3C;AAAA,EACD;AACD;AAMA,eAAe,SACd,KACA,YACA,SACA,SACA,aACmD;AACnD,QAAM,iBAAa,4BAAY,OAAO;AACtC,QAAM,2BAAuB,kCAAkB,OAAO;AACtD,QAAM,OAAO;AAAA,IACZ,SAAK,qBAAS,QAAQ,MAAM,CAAC,CAAC;AAAA;AAAA,IAC9B,aAAS,qBAAS,UAAU;AAAA,IAC5B,0BAAsB,qBAAS,oBAAoB;AAAA,IACnD,mBAAmB;AAAA;AAAA,IACnB;AAAA,EACD;AACA,QAAM,WAAW,MAAM,MAAM,MAAM,iBAAiB;AAAA,IACnD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,IACjB;AAAA,IACA,MAAM,KAAK,UAAU,IAAI;AAAA,EAC1B,CAAC;AACD,QAAM,OAAO,MAAM,SAAS,KAAK;AAGjC,QAAM,UAAM,+BAAe,SAAS,KAAK,gBAAgB,CAAC,EAAE,cAAc,IAAI,qBAAU,CAAC;AACzF,SAAO;AAAA,IACN,QAAQ,KAAK,gBAAgB,CAAC,EAAE;AAAA,IAChC;AAAA,EACD;AACD;AAEA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,aAAO,6BAAAA;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
+  "names": ["externalCombine"]
+}

package/dist/cjs/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "type": "commonjs",
+  "sideEffects": false
+}

package/dist/cjs/session-key.d.ts

@@ -0,0 +1,36 @@
+export declare const RequestFormat: import("@mysten/bcs").BcsType<{
+    ptb: number[];
+    enc_key: number[];
+    enc_verification_key: number[];
+}, {
+    ptb: Iterable<number> & {
+        length: number;
+    };
+    enc_key: Iterable<number> & {
+        length: number;
+    };
+    enc_verification_key: Iterable<number> & {
+        length: number;
+    };
+}>;
+export type Certificate = {
+    session_vk: string;
+    creation_time: number;
+    ttl_min: number;
+    signature: string;
+};
+export declare class SessionKey {
+    private packageId;
+    private creationTime;
+    private ttlMin;
+    private session_key;
+    private personalMessageSignature;
+    constructor(packageId: Uint8Array, ttlMin: number);
+    getPersonalMessage(): Uint8Array;
+    setPersonalMessageSignature(personalMessageSignature: string): void;
+    getCertificate(): Certificate;
+    createRequestParams(txBytes: Uint8Array): Promise<{
+        decryption_key: Uint8Array;
+        request_signature: string;
+    }>;
+}

package/dist/cjs/session-key.js

@@ -0,0 +1,73 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var session_key_exports = {};
+__export(session_key_exports, {
+  RequestFormat: () => RequestFormat,
+  SessionKey: () => SessionKey
+});
+module.exports = __toCommonJS(session_key_exports);
+var import_bcs = require("@mysten/bcs");
+var import_bcs2 = require("@mysten/sui/bcs");
+var import_ed25519 = require("@mysten/sui/keypairs/ed25519");
+var import_elgamal = require("./elgamal.js");
+const RequestFormat = import_bcs2.bcs.struct("RequestFormat", {
+  ptb: import_bcs2.bcs.vector(import_bcs2.bcs.U8),
+  enc_key: import_bcs2.bcs.vector(import_bcs2.bcs.U8),
+  enc_verification_key: import_bcs2.bcs.vector(import_bcs2.bcs.U8)
+});
+class SessionKey {
+  constructor(packageId, ttlMin) {
+    this.packageId = packageId;
+    this.creationTime = Date.now();
+    this.ttlMin = ttlMin;
+    this.session_key = import_ed25519.Ed25519Keypair.generate();
+    this.personalMessageSignature = "";
+  }
+  getPersonalMessage() {
+    const message = `Requesting access to keys of package ${(0, import_bcs.toHex)(this.packageId)} for ${this.ttlMin} mins, session key ${(0, import_bcs.toBase64)(this.session_key.getPublicKey().toRawBytes())}, created at ${this.creationTime}`;
+    return new TextEncoder().encode(message);
+  }
+  setPersonalMessageSignature(personalMessageSignature) {
+    this.personalMessageSignature = personalMessageSignature;
+  }
+  getCertificate() {
+    if (this.personalMessageSignature === "") {
+      throw new Error("Personal message signature is not set");
+    }
+    return {
+      session_vk: (0, import_bcs.toBase64)(this.session_key.getPublicKey().toRawBytes()),
+      creation_time: this.creationTime,
+      ttl_min: this.ttlMin,
+      signature: this.personalMessageSignature
+    };
+  }
+  async createRequestParams(txBytes) {
+    let eg_sk = (0, import_elgamal.generateSecretKey)();
+    const msgToSign = RequestFormat.serialize({
+      ptb: txBytes.slice(1),
+      enc_key: (0, import_elgamal.toPublicKey)(eg_sk),
+      enc_verification_key: (0, import_elgamal.toVerificationKey)(eg_sk)
+    }).toBytes();
+    return {
+      decryption_key: eg_sk,
+      request_signature: (0, import_bcs.toBase64)(await this.session_key.sign(msgToSign))
+    };
+  }
+}
+//# sourceMappingURL=session-key.js.map

package/dist/cjs/session-key.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/session-key.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toBase64, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';\n\nimport { generateSecretKey, toPublicKey, toVerificationKey } from './elgamal.js';\n\nexport const RequestFormat = bcs.struct('RequestFormat', {\n\tptb: bcs.vector(bcs.U8),\n\tenc_key: bcs.vector(bcs.U8),\n\tenc_verification_key: bcs.vector(bcs.U8),\n});\n\nexport type Certificate = {\n\tsession_vk: string;\n\tcreation_time: number;\n\tttl_min: number;\n\tsignature: string;\n};\n\nexport class SessionKey {\n\tprivate packageId: Uint8Array;\n\tprivate creationTime: number;\n\tprivate ttlMin: number;\n\tprivate session_key: Ed25519Keypair;\n\tprivate personalMessageSignature: string;\n\n\tconstructor(packageId: Uint8Array, ttlMin: number) {\n\t\tthis.packageId = packageId;\n\t\tthis.creationTime = Date.now();\n\t\tthis.ttlMin = ttlMin;\n\t\tthis.session_key = Ed25519Keypair.generate();\n\t\tthis.personalMessageSignature = '';\n\t}\n\n\tgetPersonalMessage(): Uint8Array {\n\t\t// TODO: decide if we want 0x on the server end\n\t\tconst message = `Requesting access to keys of package ${toHex(this.packageId)} for ${this.ttlMin} mins, session key ${toBase64(this.session_key.getPublicKey().toRawBytes())}, created at ${this.creationTime}`;\n\t\treturn new TextEncoder().encode(message);\n\t}\n\n\tsetPersonalMessageSignature(personalMessageSignature: string) {\n\t\tthis.personalMessageSignature = personalMessageSignature;\n\t}\n\n\tgetCertificate(): Certificate {\n\t\tif (this.personalMessageSignature === '') {\n\t\t\tthrow new Error('Personal message signature is not set');\n\t\t}\n\t\treturn {\n\t\t\tsession_vk: toBase64(this.session_key.getPublicKey().toRawBytes()),\n\t\t\tcreation_time: this.creationTime,\n\t\t\tttl_min: this.ttlMin,\n\t\t\tsignature: this.personalMessageSignature,\n\t\t};\n\t}\n\n\tasync createRequestParams(\n\t\ttxBytes: Uint8Array,\n\t): Promise<{ decryption_key: Uint8Array; request_signature: string }> {\n\t\tlet eg_sk = generateSecretKey();\n\t\tconst msgToSign = RequestFormat.serialize({\n\t\t\tptb: txBytes.slice(1),\n\t\t\tenc_key: toPublicKey(eg_sk),\n\t\t\tenc_verification_key: toVerificationKey(eg_sk),\n\t\t}).toBytes();\n\t\treturn {\n\t\t\tdecryption_key: eg_sk,\n\t\t\trequest_signature: toBase64(await this.session_key.sign(msgToSign)),\n\t\t};\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAgC;AAChC,IAAAA,cAAoB;AACpB,qBAA+B;AAE/B,qBAAkE;AAE3D,MAAM,gBAAgB,gBAAI,OAAO,iBAAiB;AAAA,EACxD,KAAK,gBAAI,OAAO,gBAAI,EAAE;AAAA,EACtB,SAAS,gBAAI,OAAO,gBAAI,EAAE;AAAA,EAC1B,sBAAsB,gBAAI,OAAO,gBAAI,EAAE;AACxC,CAAC;AASM,MAAM,WAAW;AAAA,EAOvB,YAAY,WAAuB,QAAgB;AAClD,SAAK,YAAY;AACjB,SAAK,eAAe,KAAK,IAAI;AAC7B,SAAK,SAAS;AACd,SAAK,cAAc,8BAAe,SAAS;AAC3C,SAAK,2BAA2B;AAAA,EACjC;AAAA,EAEA,qBAAiC;AAEhC,UAAM,UAAU,4CAAwC,kBAAM,KAAK,SAAS,CAAC,QAAQ,KAAK,MAAM,0BAAsB,qBAAS,KAAK,YAAY,aAAa,EAAE,WAAW,CAAC,CAAC,gBAAgB,KAAK,YAAY;AAC7M,WAAO,IAAI,YAAY,EAAE,OAAO,OAAO;AAAA,EACxC;AAAA,EAEA,4BAA4B,0BAAkC;AAC7D,SAAK,2BAA2B;AAAA,EACjC;AAAA,EAEA,iBAA8B;AAC7B,QAAI,KAAK,6BAA6B,IAAI;AACzC,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACxD;AACA,WAAO;AAAA,MACN,gBAAY,qBAAS,KAAK,YAAY,aAAa,EAAE,WAAW,CAAC;AAAA,MACjE,eAAe,KAAK;AAAA,MACpB,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IACjB;AAAA,EACD;AAAA,EAEA,MAAM,oBACL,SACqE;AACrE,QAAI,YAAQ,kCAAkB;AAC9B,UAAM,YAAY,cAAc,UAAU;AAAA,MACzC,KAAK,QAAQ,MAAM,CAAC;AAAA,MACpB,aAAS,4BAAY,KAAK;AAAA,MAC1B,0BAAsB,kCAAkB,KAAK;AAAA,IAC9C,CAAC,EAAE,QAAQ;AACX,WAAO;AAAA,MACN,gBAAgB;AAAA,MAChB,uBAAmB,qBAAS,MAAM,KAAK,YAAY,KAAK,SAAS,CAAC;AAAA,IACnE;AAAA,EACD;AACD;",
+  "names": ["import_bcs"]
+}

package/dist/cjs/types.d.ts

@@ -0,0 +1,86 @@
+export declare const IBEEncryptions: import("@mysten/sui/bcs").BcsType<{
+    BonehFranklinBLS12381: {
+        encapsulation: Uint8Array<ArrayBufferLike>;
+        shares: Uint8Array<ArrayBufferLike>[];
+    };
+    $kind: "BonehFranklinBLS12381";
+}, {
+    BonehFranklinBLS12381: {
+        encapsulation: Iterable<number>;
+        shares: Iterable<Iterable<number>> & {
+            length: number;
+        };
+    };
+}>;
+export type IBEEncryptionsType = typeof IBEEncryptions.$inferType;
+export declare const Ciphertext: import("@mysten/sui/bcs").BcsType<import("@mysten/bcs").EnumOutputShapeWithKeys<{
+    Aes256Gcm: {
+        blob: number[];
+        aad: number[] | null;
+    };
+    Plain: {};
+}, "Aes256Gcm" | "Plain">, import("@mysten/bcs").EnumInputShape<{
+    Aes256Gcm: {
+        blob: Iterable<number> & {
+            length: number;
+        };
+        aad: (Iterable<number> & {
+            length: number;
+        }) | null | undefined;
+    };
+    Plain: {};
+}>>;
+export type CiphertextType = typeof Ciphertext.$inferInput;
+/**
+ * The encrypted object format. Should be aligned with the Rust implementation.
+ */
+export declare const EncryptedObject: import("@mysten/sui/bcs").BcsType<{
+    version: number;
+    package_id: Uint8Array<ArrayBufferLike>;
+    id: number[];
+    services: [Uint8Array<ArrayBufferLike>, number][];
+    threshold: number;
+    encrypted_shares: {
+        BonehFranklinBLS12381: {
+            encapsulation: Uint8Array<ArrayBufferLike>;
+            shares: Uint8Array<ArrayBufferLike>[];
+        };
+        $kind: "BonehFranklinBLS12381";
+    };
+    ciphertext: import("@mysten/bcs").EnumOutputShapeWithKeys<{
+        Aes256Gcm: {
+            blob: number[];
+            aad: number[] | null;
+        };
+        Plain: {};
+    }, "Aes256Gcm" | "Plain">;
+}, {
+    version: number;
+    package_id: Iterable<number>;
+    id: Iterable<number> & {
+        length: number;
+    };
+    services: Iterable<readonly [Iterable<number>, number]> & {
+        length: number;
+    };
+    threshold: number;
+    encrypted_shares: {
+        BonehFranklinBLS12381: {
+            encapsulation: Iterable<number>;
+            shares: Iterable<Iterable<number>> & {
+                length: number;
+            };
+        };
+    };
+    ciphertext: import("@mysten/bcs").EnumInputShape<{
+        Aes256Gcm: {
+            blob: Iterable<number> & {
+                length: number;
+            };
+            aad: (Iterable<number> & {
+                length: number;
+            }) | null | undefined;
+        };
+        Plain: {};
+    }>;
+}>;

package/dist/cjs/types.js

@@ -0,0 +1,49 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var types_exports = {};
+__export(types_exports, {
+  Ciphertext: () => Ciphertext,
+  EncryptedObject: () => EncryptedObject,
+  IBEEncryptions: () => IBEEncryptions
+});
+module.exports = __toCommonJS(types_exports);
+var import_bcs = require("@mysten/sui/bcs");
+const IBEEncryptions = import_bcs.bcs.enum("IBEEncryptions", {
+  BonehFranklinBLS12381: import_bcs.bcs.struct("BonehFranklinBLS12381", {
+    encapsulation: import_bcs.bcs.bytes(96),
+    shares: import_bcs.bcs.vector(import_bcs.bcs.bytes(32))
+  })
+});
+const Ciphertext = import_bcs.bcs.enum("Ciphertext", {
+  Aes256Gcm: import_bcs.bcs.struct("Aes256Gcm", {
+    blob: import_bcs.bcs.vector(import_bcs.bcs.U8),
+    aad: import_bcs.bcs.option(import_bcs.bcs.vector(import_bcs.bcs.U8))
+  }),
+  Plain: import_bcs.bcs.struct("Plain", {})
+});
+const EncryptedObject = import_bcs.bcs.struct("EncryptedObject", {
+  version: import_bcs.bcs.U8,
+  package_id: import_bcs.bcs.bytes(32),
+  id: import_bcs.bcs.vector(import_bcs.bcs.U8),
+  services: import_bcs.bcs.vector(import_bcs.bcs.tuple([import_bcs.bcs.bytes(32), import_bcs.bcs.U8])),
+  threshold: import_bcs.bcs.U8,
+  encrypted_shares: IBEEncryptions,
+  ciphertext: Ciphertext
+});
+//# sourceMappingURL=types.js.map

package/dist/cjs/types.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/types.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { bcs } from '@mysten/sui/bcs';\n\nexport const IBEEncryptions = bcs.enum('IBEEncryptions', {\n\tBonehFranklinBLS12381: bcs.struct('BonehFranklinBLS12381', {\n\t\tencapsulation: bcs.bytes(96),\n\t\tshares: bcs.vector(bcs.bytes(32)),\n\t}),\n});\nexport type IBEEncryptionsType = typeof IBEEncryptions.$inferType;\n\nexport const Ciphertext = bcs.enum('Ciphertext', {\n\tAes256Gcm: bcs.struct('Aes256Gcm', {\n\t\tblob: bcs.vector(bcs.U8),\n\t\taad: bcs.option(bcs.vector(bcs.U8)),\n\t}),\n\tPlain: bcs.struct('Plain', {}),\n});\nexport type CiphertextType = typeof Ciphertext.$inferInput;\n\n/**\n * The encrypted object format. Should be aligned with the Rust implementation.\n */\nexport const EncryptedObject = bcs.struct('EncryptedObject', {\n\tversion: bcs.U8,\n\tpackage_id: bcs.bytes(32),\n\tid: bcs.vector(bcs.U8),\n\tservices: bcs.vector(bcs.tuple([bcs.bytes(32), bcs.U8])),\n\tthreshold: bcs.U8,\n\tencrypted_shares: IBEEncryptions,\n\tciphertext: Ciphertext,\n});\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAoB;AAEb,MAAM,iBAAiB,eAAI,KAAK,kBAAkB;AAAA,EACxD,uBAAuB,eAAI,OAAO,yBAAyB;AAAA,IAC1D,eAAe,eAAI,MAAM,EAAE;AAAA,IAC3B,QAAQ,eAAI,OAAO,eAAI,MAAM,EAAE,CAAC;AAAA,EACjC,CAAC;AACF,CAAC;AAGM,MAAM,aAAa,eAAI,KAAK,cAAc;AAAA,EAChD,WAAW,eAAI,OAAO,aAAa;AAAA,IAClC,MAAM,eAAI,OAAO,eAAI,EAAE;AAAA,IACvB,KAAK,eAAI,OAAO,eAAI,OAAO,eAAI,EAAE,CAAC;AAAA,EACnC,CAAC;AAAA,EACD,OAAO,eAAI,OAAO,SAAS,CAAC,CAAC;AAC9B,CAAC;AAMM,MAAM,kBAAkB,eAAI,OAAO,mBAAmB;AAAA,EAC5D,SAAS,eAAI;AAAA,EACb,YAAY,eAAI,MAAM,EAAE;AAAA,EACxB,IAAI,eAAI,OAAO,eAAI,EAAE;AAAA,EACrB,UAAU,eAAI,OAAO,eAAI,MAAM,CAAC,eAAI,MAAM,EAAE,GAAG,eAAI,EAAE,CAAC,CAAC;AAAA,EACvD,WAAW,eAAI;AAAA,EACf,kBAAkB;AAAA,EAClB,YAAY;AACb,CAAC;",
+  "names": []
+}

package/dist/cjs/utils.d.ts

@@ -0,0 +1,9 @@
+export declare function xor(a: Uint8Array, b: Uint8Array): Uint8Array;
+/**
+ * Create a full ID concatenating DST || package ID || inner ID.
+ * @param dst - The domain separation tag.
+ * @param packageId - The package ID.
+ * @param innerId - The inner ID.
+ * @returns The full ID.
+ */
+export declare function createFullId(dst: Uint8Array, packageId: Uint8Array, innerId: Uint8Array): Uint8Array;

package/dist/cjs/utils.js

@@ -0,0 +1,39 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var utils_exports = {};
+__export(utils_exports, {
+  createFullId: () => createFullId,
+  xor: () => xor
+});
+module.exports = __toCommonJS(utils_exports);
+function xor(a, b) {
+  if (a.length !== b.length) {
+    throw new Error("Invalid input");
+  }
+  return a.map((ai, i) => ai ^ b[i]);
+}
+function createFullId(dst, packageId, innerId) {
+  const fullId = new Uint8Array(1 + dst.length + packageId.length + innerId.length);
+  fullId.set([dst.length], 0);
+  fullId.set(dst, 1);
+  fullId.set(packageId, 1 + dst.length);
+  fullId.set(innerId, 1 + dst.length + packageId.length);
+  return fullId;
+}
+//# sourceMappingURL=utils.js.map

package/dist/cjs/utils.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/utils.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport function xor(a: Uint8Array, b: Uint8Array): Uint8Array {\n\tif (a.length !== b.length) {\n\t\tthrow new Error('Invalid input');\n\t}\n\treturn a.map((ai, i) => ai ^ b[i]);\n}\n\n/**\n * Create a full ID concatenating DST || package ID || inner ID.\n * @param dst - The domain separation tag.\n * @param packageId - The package ID.\n * @param innerId - The inner ID.\n * @returns The full ID.\n */\nexport function createFullId(\n\tdst: Uint8Array,\n\tpackageId: Uint8Array,\n\tinnerId: Uint8Array,\n): Uint8Array {\n\tconst fullId = new Uint8Array(1 + dst.length + packageId.length + innerId.length);\n\tfullId.set([dst.length], 0);\n\tfullId.set(dst, 1);\n\tfullId.set(packageId, 1 + dst.length);\n\tfullId.set(innerId, 1 + dst.length + packageId.length);\n\treturn fullId;\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGO,SAAS,IAAI,GAAe,GAA2B;AAC7D,MAAI,EAAE,WAAW,EAAE,QAAQ;AAC1B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,SAAO,EAAE,IAAI,CAAC,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC;AAClC;AASO,SAAS,aACf,KACA,WACA,SACa;AACb,QAAM,SAAS,IAAI,WAAW,IAAI,IAAI,SAAS,UAAU,SAAS,QAAQ,MAAM;AAChF,SAAO,IAAI,CAAC,IAAI,MAAM,GAAG,CAAC;AAC1B,SAAO,IAAI,KAAK,CAAC;AACjB,SAAO,IAAI,WAAW,IAAI,IAAI,MAAM;AACpC,SAAO,IAAI,SAAS,IAAI,IAAI,SAAS,UAAU,MAAM;AACrD,SAAO;AACR;",
+  "names": []
+}

package/dist/esm/aes.d.ts

@@ -0,0 +1,18 @@
+import type { CiphertextType } from './types.js';
+export declare const iv: Uint8Array<ArrayBuffer>;
+export interface EncryptionInput {
+    encrypt(key: Uint8Array): Promise<CiphertextType>;
+    generateKey(): Promise<Uint8Array>;
+}
+export declare class AesGcm256 implements EncryptionInput {
+    readonly plaintext: Uint8Array;
+    readonly aad: Uint8Array;
+    constructor(msg: Uint8Array, aad: Uint8Array);
+    generateKey(): Promise<Uint8Array>;
+    encrypt(key: Uint8Array): Promise<CiphertextType>;
+    static decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array>;
+}
+export declare class Plain implements EncryptionInput {
+    encrypt(_key: Uint8Array): Promise<CiphertextType>;
+    generateKey(): Promise<Uint8Array>;
+}

package/dist/esm/aes.js

@@ -0,0 +1,91 @@
+const iv = Uint8Array.from([
+  138,
+  55,
+  153,
+  253,
+  198,
+  46,
+  121,
+  219,
+  160,
+  128,
+  89,
+  7,
+  214,
+  156,
+  148,
+  220
+]);
+async function generateAesKey() {
+  const key = await crypto.subtle.generateKey(
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    true,
+    ["encrypt", "decrypt"]
+  );
+  return await crypto.subtle.exportKey("raw", key).then((keyData) => new Uint8Array(keyData));
+}
+class AesGcm256 {
+  constructor(msg, aad) {
+    this.plaintext = new Uint8Array(msg);
+    this.aad = aad;
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+  async encrypt(key) {
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["encrypt"]);
+    const blob = new Uint8Array(
+      await crypto.subtle.encrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: this.aad
+        },
+        aesCryptoKey,
+        this.plaintext
+      )
+    );
+    return {
+      Aes256Gcm: {
+        blob,
+        aad: this.aad ?? []
+      }
+    };
+  }
+  static async decrypt(key, ciphertext) {
+    if (!("Aes256Gcm" in ciphertext)) {
+      throw new Error("Invalid ciphertext");
+    }
+    const aesCryptoKey = await crypto.subtle.importKey("raw", key, "AES-GCM", false, ["decrypt"]);
+    return new Uint8Array(
+      await crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv,
+          additionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? [])
+        },
+        aesCryptoKey,
+        new Uint8Array(ciphertext.Aes256Gcm.blob)
+      )
+    );
+  }
+}
+class Plain {
+  async encrypt(_key) {
+    return {
+      Plain: {}
+    };
+  }
+  generateKey() {
+    return generateAesKey();
+  }
+}
+export {
+  AesGcm256,
+  Plain,
+  iv
+};
+//# sourceMappingURL=aes.js.map

package/dist/esm/aes.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/aes.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { CiphertextType } from './types.js';\n\n// Use a fixed IV for AES.\nexport const iv = Uint8Array.from([\n\t138, 55, 153, 253, 198, 46, 121, 219, 160, 128, 89, 7, 214, 156, 148, 220,\n]);\n\nasync function generateAesKey(): Promise<Uint8Array> {\n\tconst key = await crypto.subtle.generateKey(\n\t\t{\n\t\t\tname: 'AES-GCM',\n\t\t\tlength: 256,\n\t\t},\n\t\ttrue,\n\t\t['encrypt', 'decrypt'],\n\t);\n\treturn await crypto.subtle.exportKey('raw', key).then((keyData) => new Uint8Array(keyData));\n}\n\nexport interface EncryptionInput {\n\tencrypt(key: Uint8Array): Promise<CiphertextType>;\n\tgenerateKey(): Promise<Uint8Array>;\n}\n\nexport class AesGcm256 implements EncryptionInput {\n\treadonly plaintext: Uint8Array;\n\treadonly aad: Uint8Array;\n\n\tconstructor(msg: Uint8Array, aad: Uint8Array) {\n\t\tthis.plaintext = new Uint8Array(msg);\n\t\tthis.aad = aad;\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n\n\tasync encrypt(key: Uint8Array): Promise<CiphertextType> {\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['encrypt']);\n\n\t\tconst blob = new Uint8Array(\n\t\t\tawait crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: this.aad,\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tthis.plaintext,\n\t\t\t),\n\t\t);\n\n\t\treturn {\n\t\t\tAes256Gcm: {\n\t\t\t\tblob,\n\t\t\t\taad: this.aad ?? [],\n\t\t\t},\n\t\t};\n\t}\n\n\tstatic async decrypt(key: Uint8Array, ciphertext: CiphertextType): Promise<Uint8Array> {\n\t\tif (!('Aes256Gcm' in ciphertext)) {\n\t\t\tthrow new Error('Invalid ciphertext');\n\t\t}\n\n\t\tconst aesCryptoKey = await crypto.subtle.importKey('raw', key, 'AES-GCM', false, ['decrypt']);\n\n\t\t// TODO: add test to check if aad is wrong does throw an error.\n\t\treturn new Uint8Array(\n\t\t\tawait crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t\tadditionalData: new Uint8Array(ciphertext.Aes256Gcm.aad ?? []),\n\t\t\t\t},\n\t\t\t\taesCryptoKey,\n\t\t\t\tnew Uint8Array(ciphertext.Aes256Gcm.blob),\n\t\t\t),\n\t\t);\n\t}\n}\n\nexport class Plain implements EncryptionInput {\n\tasync encrypt(_key: Uint8Array): Promise<CiphertextType> {\n\t\treturn {\n\t\t\tPlain: {},\n\t\t};\n\t}\n\n\tgenerateKey(): Promise<Uint8Array> {\n\t\treturn generateAesKey();\n\t}\n}\n"],
+  "mappings": "AAMO,MAAM,KAAK,WAAW,KAAK;AAAA,EACjC;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AAAA,EAAI;AAAA,EAAG;AAAA,EAAK;AAAA,EAAK;AAAA,EAAK;AACvE,CAAC;AAED,eAAe,iBAAsC;AACpD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,MACC,MAAM;AAAA,MACN,QAAQ;AAAA,IACT;AAAA,IACA;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACtB;AACA,SAAO,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,EAAE,KAAK,CAAC,YAAY,IAAI,WAAW,OAAO,CAAC;AAC3F;AAOO,MAAM,UAAqC;AAAA,EAIjD,YAAY,KAAiB,KAAiB;AAC7C,SAAK,YAAY,IAAI,WAAW,GAAG;AACnC,SAAK,MAAM;AAAA,EACZ;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AAAA,EAEA,MAAM,QAAQ,KAA0C;AACvD,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAE5F,UAAM,OAAO,IAAI;AAAA,MAChB,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,KAAK;AAAA,QACtB;AAAA,QACA;AAAA,QACA,KAAK;AAAA,MACN;AAAA,IACD;AAEA,WAAO;AAAA,MACN,WAAW;AAAA,QACV;AAAA,QACA,KAAK,KAAK,OAAO,CAAC;AAAA,MACnB;AAAA,IACD;AAAA,EACD;AAAA,EAEA,aAAa,QAAQ,KAAiB,YAAiD;AACtF,QAAI,EAAE,eAAe,aAAa;AACjC,YAAM,IAAI,MAAM,oBAAoB;AAAA,IACrC;AAEA,UAAM,eAAe,MAAM,OAAO,OAAO,UAAU,OAAO,KAAK,WAAW,OAAO,CAAC,SAAS,CAAC;AAG5F,WAAO,IAAI;AAAA,MACV,MAAM,OAAO,OAAO;AAAA,QACnB;AAAA,UACC,MAAM;AAAA,UACN;AAAA,UACA,gBAAgB,IAAI,WAAW,WAAW,UAAU,OAAO,CAAC,CAAC;AAAA,QAC9D;AAAA,QACA;AAAA,QACA,IAAI,WAAW,WAAW,UAAU,IAAI;AAAA,MACzC;AAAA,IACD;AAAA,EACD;AACD;AAEO,MAAM,MAAiC;AAAA,EAC7C,MAAM,QAAQ,MAA2C;AACxD,WAAO;AAAA,MACN,OAAO,CAAC;AAAA,IACT;AAAA,EACD;AAAA,EAEA,cAAmC;AAClC,WAAO,eAAe;AAAA,EACvB;AACD;",
+  "names": []
+}

package/dist/esm/bls12381.d.ts

@@ -0,0 +1,37 @@
+import type { Fp2, Fp12 } from '@noble/curves/abstract/tower';
+import type { ProjPointType } from '@noble/curves/abstract/weierstrass';
+export declare class G1Element {
+    point: ProjPointType<bigint>;
+    constructor(point: ProjPointType<bigint>);
+    static generator(): G1Element;
+    static fromBytes(bytes: Uint8Array): G1Element;
+    toBytes(): Uint8Array;
+    multiply(scalar: Scalar): G1Element;
+    add(other: G1Element): G1Element;
+    subtract(other: G1Element): G1Element;
+    static hashToCurve(data: Uint8Array): G1Element;
+    pairing(other: G2Element): GTElement;
+}
+export declare class G2Element {
+    point: ProjPointType<Fp2>;
+    constructor(point: ProjPointType<Fp2>);
+    static generator(): G2Element;
+    static fromBytes(bytes: Uint8Array): G2Element;
+    toBytes(): Uint8Array;
+    multiply(scalar: Scalar): G2Element;
+    add(other: G2Element): G2Element;
+    hashToCurve(data: Uint8Array): G2Element;
+}
+export declare class GTElement {
+    element: Fp12;
+    constructor(element: Fp12);
+    toBytes(): Uint8Array;
+}
+export declare class Scalar {
+    scalar: bigint;
+    constructor(scalar: bigint);
+    static random(): Scalar;
+    toBytes(): Uint8Array;
+    static fromBytes(bytes: Uint8Array): Scalar;
+    static fromNumber(num: number): Scalar;
+}

package/dist/esm/bls12381.js

@@ -0,0 +1,90 @@
+import { toHex } from "@mysten/bcs";
+import { bls12_381 } from "@noble/curves/bls12-381";
+class G1Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new G1Element(bls12_381.G1.ProjectivePoint.BASE);
+  }
+  static fromBytes(bytes) {
+    return new G1Element(bls12_381.G1.ProjectivePoint.fromHex(toHex(bytes)));
+  }
+  toBytes() {
+    return this.point.toRawBytes();
+  }
+  multiply(scalar) {
+    return new G1Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new G1Element(this.point.add(other.point));
+  }
+  subtract(other) {
+    return new G1Element(this.point.subtract(other.point));
+  }
+  static hashToCurve(data) {
+    return new G1Element(
+      bls12_381.G1.ProjectivePoint.fromAffine(bls12_381.G1.hashToCurve(data).toAffine())
+    );
+  }
+  pairing(other) {
+    return new GTElement(bls12_381.pairing(this.point, other.point));
+  }
+}
+class G2Element {
+  constructor(point) {
+    this.point = point;
+  }
+  static generator() {
+    return new G2Element(bls12_381.G2.ProjectivePoint.BASE);
+  }
+  static fromBytes(bytes) {
+    return new G2Element(bls12_381.G2.ProjectivePoint.fromHex(toHex(bytes)));
+  }
+  toBytes() {
+    return this.point.toRawBytes();
+  }
+  multiply(scalar) {
+    return new G2Element(this.point.multiply(scalar.scalar));
+  }
+  add(other) {
+    return new G2Element(this.point.add(other.point));
+  }
+  hashToCurve(data) {
+    return new G2Element(
+      bls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine())
+    );
+  }
+}
+class GTElement {
+  constructor(element) {
+    this.element = element;
+  }
+  toBytes() {
+    return bls12_381.fields.Fp12.toBytes(this.element);
+  }
+}
+class Scalar {
+  constructor(scalar) {
+    this.scalar = scalar;
+  }
+  static random() {
+    return Scalar.fromBytes(bls12_381.utils.randomPrivateKey());
+  }
+  toBytes() {
+    return new Uint8Array(bls12_381.fields.Fr.toBytes(this.scalar));
+  }
+  static fromBytes(bytes) {
+    return new Scalar(bls12_381.fields.Fr.fromBytes(bytes));
+  }
+  static fromNumber(num) {
+    return new Scalar(BigInt(num));
+  }
+}
+export {
+  G1Element,
+  G2Element,
+  GTElement,
+  Scalar
+};
+//# sourceMappingURL=bls12381.js.map

package/dist/esm/bls12381.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/bls12381.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { toHex } from '@mysten/bcs';\nimport type { Fp2, Fp12 } from '@noble/curves/abstract/tower';\nimport type { ProjPointType } from '@noble/curves/abstract/weierstrass';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nexport class G1Element {\n\tpoint: ProjPointType<bigint>;\n\n\tconstructor(point: ProjPointType<bigint>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G1Element {\n\t\treturn new G1Element(bls12_381.G1.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G1Element {\n\t\treturn new G1Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.add(other.point));\n\t}\n\n\tsubtract(other: G1Element): G1Element {\n\t\treturn new G1Element(this.point.subtract(other.point));\n\t}\n\n\tstatic hashToCurve(data: Uint8Array): G1Element {\n\t\treturn new G1Element(\n\t\t\tbls12_381.G1.ProjectivePoint.fromAffine(bls12_381.G1.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n\n\tpairing(other: G2Element): GTElement {\n\t\treturn new GTElement(bls12_381.pairing(this.point, other.point));\n\t}\n}\n\nexport class G2Element {\n\tpoint: ProjPointType<Fp2>;\n\n\tconstructor(point: ProjPointType<Fp2>) {\n\t\tthis.point = point;\n\t}\n\n\tstatic generator(): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.BASE);\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): G2Element {\n\t\treturn new G2Element(bls12_381.G2.ProjectivePoint.fromHex(toHex(bytes)));\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn this.point.toRawBytes();\n\t}\n\n\tmultiply(scalar: Scalar): G2Element {\n\t\treturn new G2Element(this.point.multiply(scalar.scalar));\n\t}\n\n\tadd(other: G2Element): G2Element {\n\t\treturn new G2Element(this.point.add(other.point));\n\t}\n\n\thashToCurve(data: Uint8Array): G2Element {\n\t\treturn new G2Element(\n\t\t\tbls12_381.G2.ProjectivePoint.fromAffine(bls12_381.G2.hashToCurve(data).toAffine()),\n\t\t);\n\t}\n}\n\nexport class GTElement {\n\telement: Fp12;\n\n\tconstructor(element: Fp12) {\n\t\tthis.element = element;\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn bls12_381.fields.Fp12.toBytes(this.element);\n\t}\n}\n\nexport class Scalar {\n\tscalar: bigint;\n\n\tconstructor(scalar: bigint) {\n\t\tthis.scalar = scalar;\n\t}\n\n\tstatic random(): Scalar {\n\t\treturn Scalar.fromBytes(bls12_381.utils.randomPrivateKey());\n\t}\n\n\ttoBytes(): Uint8Array {\n\t\treturn new Uint8Array(bls12_381.fields.Fr.toBytes(this.scalar));\n\t}\n\n\tstatic fromBytes(bytes: Uint8Array): Scalar {\n\t\treturn new Scalar(bls12_381.fields.Fr.fromBytes(bytes));\n\t}\n\n\tstatic fromNumber(num: number): Scalar {\n\t\treturn new Scalar(BigInt(num));\n\t}\n}\n"],
+  "mappings": "AAGA,SAAS,aAAa;AAGtB,SAAS,iBAAiB;AAEnB,MAAM,UAAU;AAAA,EAGtB,YAAY,OAA8B;AACzC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,UAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,UAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,UAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,SAAS,OAA6B;AACrC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,MAAM,KAAK,CAAC;AAAA,EACtD;AAAA,EAEA,OAAO,YAAY,MAA6B;AAC/C,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AAAA,EAEA,QAAQ,OAA6B;AACpC,WAAO,IAAI,UAAU,UAAU,QAAQ,KAAK,OAAO,MAAM,KAAK,CAAC;AAAA,EAChE;AACD;AAEO,MAAM,UAAU;AAAA,EAGtB,YAAY,OAA2B;AACtC,SAAK,QAAQ;AAAA,EACd;AAAA,EAEA,OAAO,YAAuB;AAC7B,WAAO,IAAI,UAAU,UAAU,GAAG,gBAAgB,IAAI;AAAA,EACvD;AAAA,EAEA,OAAO,UAAU,OAA8B;AAC9C,WAAO,IAAI,UAAU,UAAU,GAAG,gBAAgB,QAAQ,MAAM,KAAK,CAAC,CAAC;AAAA,EACxE;AAAA,EAEA,UAAsB;AACrB,WAAO,KAAK,MAAM,WAAW;AAAA,EAC9B;AAAA,EAEA,SAAS,QAA2B;AACnC,WAAO,IAAI,UAAU,KAAK,MAAM,SAAS,OAAO,MAAM,CAAC;AAAA,EACxD;AAAA,EAEA,IAAI,OAA6B;AAChC,WAAO,IAAI,UAAU,KAAK,MAAM,IAAI,MAAM,KAAK,CAAC;AAAA,EACjD;AAAA,EAEA,YAAY,MAA6B;AACxC,WAAO,IAAI;AAAA,MACV,UAAU,GAAG,gBAAgB,WAAW,UAAU,GAAG,YAAY,IAAI,EAAE,SAAS,CAAC;AAAA,IAClF;AAAA,EACD;AACD;AAEO,MAAM,UAAU;AAAA,EAGtB,YAAY,SAAe;AAC1B,SAAK,UAAU;AAAA,EAChB;AAAA,EAEA,UAAsB;AACrB,WAAO,UAAU,OAAO,KAAK,QAAQ,KAAK,OAAO;AAAA,EAClD;AACD;AAEO,MAAM,OAAO;AAAA,EAGnB,YAAY,QAAgB;AAC3B,SAAK,SAAS;AAAA,EACf;AAAA,EAEA,OAAO,SAAiB;AACvB,WAAO,OAAO,UAAU,UAAU,MAAM,iBAAiB,CAAC;AAAA,EAC3D;AAAA,EAEA,UAAsB;AACrB,WAAO,IAAI,WAAW,UAAU,OAAO,GAAG,QAAQ,KAAK,MAAM,CAAC;AAAA,EAC/D;AAAA,EAEA,OAAO,UAAU,OAA2B;AAC3C,WAAO,IAAI,OAAO,UAAU,OAAO,GAAG,UAAU,KAAK,CAAC;AAAA,EACvD;AAAA,EAEA,OAAO,WAAW,KAAqB;AACtC,WAAO,IAAI,OAAO,OAAO,GAAG,CAAC;AAAA,EAC9B;AACD;",
+  "names": []
+}

package/dist/esm/elgamal.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.
+ * The ciphertext is a pair of G1Elements (48 bytes).
+ */
+export declare function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array;
+/** Generate a random secret key. */
+export declare function generateSecretKey(): Uint8Array;
+/** Derive the BLS public key for a given secret key. */
+export declare function toPublicKey(sk: Uint8Array): Uint8Array;
+/** Derive the BLS verification key for a given secret key. */
+export declare function toVerificationKey(sk: Uint8Array): Uint8Array;