@mysten/seal 0.1.0

package/dist/esm/elgamal.js

@@ -0,0 +1,26 @@
+import { G1Element, G2Element, Scalar } from "./bls12381.js";
+function elgamalDecrypt(sk, ciphertext) {
+  return decrypt(Scalar.fromBytes(sk), [
+    G1Element.fromBytes(ciphertext[0]),
+    G1Element.fromBytes(ciphertext[1])
+  ]).toBytes();
+}
+function decrypt(sk, encryption) {
+  return encryption[1].subtract(encryption[0].multiply(sk));
+}
+function generateSecretKey() {
+  return Scalar.random().toBytes();
+}
+function toPublicKey(sk) {
+  return G1Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();
+}
+function toVerificationKey(sk) {
+  return G2Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();
+}
+export {
+  elgamalDecrypt,
+  generateSecretKey,
+  toPublicKey,
+  toVerificationKey
+};
+//# sourceMappingURL=elgamal.js.map

package/dist/esm/elgamal.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/elgamal.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nexport function elgamalDecrypt(sk: Uint8Array, ciphertext: [Uint8Array, Uint8Array]): Uint8Array {\n\treturn decrypt(Scalar.fromBytes(sk), [\n\t\tG1Element.fromBytes(ciphertext[0]),\n\t\tG1Element.fromBytes(ciphertext[1]),\n\t]).toBytes();\n}\n\n/**\n * Decrypt a ciphertext with a given secret key. The secret key must be a 32-byte scalar.\n * The ciphertext is a pair of G1Elements (48 bytes).\n */\nfunction decrypt(sk: Scalar, encryption: [G1Element, G1Element]): G1Element {\n\treturn encryption[1].subtract(encryption[0].multiply(sk));\n}\n\n// /**\n//  * Encrypt a message with a given public key. Both the public key and the message must a compressed G1Element (48 bytes).\n//  */\n// function elgamal_encrypt(pk: Uint8Array, message: Uint8Array): [Uint8Array, Uint8Array] {\n// \tconst ciphertext = encrypt(G1Element.fromBytes(pk), G1Element.fromBytes(message));\n// \treturn [ciphertext[0].toBytes(), ciphertext[1].toBytes()];\n// }\n\n// /**\n//  * Encrypt a message with a given public key. Both the public key and the message must a compressed G1Element (48 bytes).\n//  */\n// function encrypt(pk: G1Element, message: G1Element): [G1Element, G1Element] {\n// \tconst r = Scalar.random();\n// \treturn [G1Element.generator().multiply(r), pk.multiply(r).add(message)];\n// }\n\n/** Generate a random secret key. */\nexport function generateSecretKey(): Uint8Array {\n\treturn Scalar.random().toBytes();\n}\n\n/** Derive the BLS public key for a given secret key. */\nexport function toPublicKey(sk: Uint8Array): Uint8Array {\n\treturn G1Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n\n/** Derive the BLS verification key for a given secret key. */\nexport function toVerificationKey(sk: Uint8Array): Uint8Array {\n\treturn G2Element.generator().multiply(Scalar.fromBytes(sk)).toBytes();\n}\n"],
+  "mappings": "AAGA,SAAS,WAAW,WAAW,cAAc;AAMtC,SAAS,eAAe,IAAgB,YAAkD;AAChG,SAAO,QAAQ,OAAO,UAAU,EAAE,GAAG;AAAA,IACpC,UAAU,UAAU,WAAW,CAAC,CAAC;AAAA,IACjC,UAAU,UAAU,WAAW,CAAC,CAAC;AAAA,EAClC,CAAC,EAAE,QAAQ;AACZ;AAMA,SAAS,QAAQ,IAAY,YAA+C;AAC3E,SAAO,WAAW,CAAC,EAAE,SAAS,WAAW,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD;AAmBO,SAAS,oBAAgC;AAC/C,SAAO,OAAO,OAAO,EAAE,QAAQ;AAChC;AAGO,SAAS,YAAY,IAA4B;AACvD,SAAO,UAAU,UAAU,EAAE,SAAS,OAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;AAGO,SAAS,kBAAkB,IAA4B;AAC7D,SAAO,UAAU,UAAU,EAAE,SAAS,OAAO,UAAU,EAAE,CAAC,EAAE,QAAQ;AACrE;",
+  "names": []
+}

package/dist/esm/encrypt.d.ts

@@ -0,0 +1,24 @@
+import type { EncryptionInput } from './aes.js';
+import type { KeyServer } from './key-server.js';
+export declare const MAX_U8 = 255;
+/**
+ * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.
+ *
+ * @param keyServers - A list of KeyServers (same server can be used multiple times)
+ * @param packageId - packageId
+ * @param id - id
+ * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.
+ * @param threshold - The threshold for the TSS encryption.
+ * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
+ * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.
+ */
+export declare function encrypt<Input extends EncryptionInput>({ keyServers, threshold, packageId, id, encryptionInput, }: {
+    keyServers: KeyServer[];
+    threshold: number;
+    packageId: Uint8Array;
+    id: Uint8Array;
+    encryptionInput: Input;
+}): Promise<{
+    encryptedObject: Uint8Array;
+    key: Uint8Array;
+}>;

package/dist/esm/encrypt.js

@@ -0,0 +1,68 @@
+import { split as externalSplit } from "shamir-secret-sharing";
+import { BonehFranklinBLS12381Services, DST } from "./ibe.js";
+import { KeyServerType } from "./key-server.js";
+import { EncryptedObject } from "./types.js";
+import { createFullId } from "./utils.js";
+const MAX_U8 = 255;
+async function encrypt({
+  keyServers,
+  threshold,
+  packageId,
+  id,
+  encryptionInput
+}) {
+  if (keyServers.length < threshold || threshold === 0 || keyServers.length > MAX_U8 || threshold > MAX_U8 || packageId.length !== 32) {
+    throw new Error("Invalid input");
+  }
+  if (keyServers.some((server) => server.keyType !== KeyServerType.BonehFranklinBLS12381)) {
+    throw new Error("Key type is not supported");
+  }
+  const ibeServers = new BonehFranklinBLS12381Services(keyServers);
+  const key = await encryptionInput.generateKey();
+  const ciphertext = await encryptionInput.encrypt(key);
+  const shares = await split(key, ibeServers.size(), threshold);
+  const fullId = createFullId(DST, packageId, id);
+  const encrypted_shares = ibeServers.encryptBatched(
+    fullId,
+    shares.map(({ share, index }) => ({
+      msg: share,
+      info: new Uint8Array([index])
+    }))
+  );
+  const services = ibeServers.getObjectIds().map((id2, i) => [id2, shares[i].index]);
+  return {
+    encryptedObject: EncryptedObject.serialize({
+      version: 0,
+      package_id: packageId,
+      id,
+      services,
+      threshold,
+      encrypted_shares,
+      ciphertext
+    }).toBytes(),
+    key
+  };
+}
+async function split(secret, n, threshold) {
+  if (n === 0 || threshold === 0 || threshold > n) {
+    throw new Error("Invalid input");
+  } else if (threshold === 1) {
+    const result = [];
+    for (let i = 0; i < n; i++) {
+      result.push({ share: secret, index: i });
+    }
+    return Promise.resolve(result);
+  }
+  return externalSplit(secret, n, threshold).then(
+    (share) => share.map((s) => ({
+      share: s.subarray(0, s.length - 1),
+      // split() returns the share index in the last byte
+      index: s[s.length - 1]
+    }))
+  );
+}
+export {
+  MAX_U8,
+  encrypt
+};
+//# sourceMappingURL=encrypt.js.map

package/dist/esm/encrypt.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/encrypt.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { EncryptionInput } from './aes.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport type { KeyServer } from './key-server.js';\nimport { KeyServerType } from './key-server.js';\nimport { EncryptedObject } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt<Input extends EncryptionInput>({\n\tkeyServers,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tthreshold: number;\n\tpackageId: Uint8Array;\n\tid: Uint8Array;\n\tencryptionInput: Input;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\tpackageId.length !== 32\n\t) {\n\t\tthrow new Error('Invalid input');\n\t}\n\tif (keyServers.some((server) => server.keyType !== KeyServerType.BonehFranklinBLS12381)) {\n\t\tthrow new Error('Key type is not supported');\n\t}\n\tconst ibeServers = new BonehFranklinBLS12381Services(keyServers);\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst ciphertext = await encryptionInput.encrypt(key);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, ibeServers.size(), threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encrypted_shares = ibeServers.encryptBatched(\n\t\tfullId,\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tinfo: new Uint8Array([index]),\n\t\t})),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [Uint8Array, number][] = ibeServers\n\t\t.getObjectIds()\n\t\t.map((id, i) => [id, shares[i].index]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackage_id: packageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencrypted_shares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey,\n\t};\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid input');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
+  "mappings": "AAGA,SAAS,SAAS,qBAAqB;AAGvC,SAAS,+BAA+B,WAAW;AAEnD,SAAS,qBAAqB;AAC9B,SAAS,uBAAuB;AAChC,SAAS,oBAAoB;AAEtB,MAAM,SAAS;AAatB,eAAsB,QAAuC;AAAA,EAC5D;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GASG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,UAAU,WAAW,IACpB;AACD,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,MAAI,WAAW,KAAK,CAAC,WAAW,OAAO,YAAY,cAAc,qBAAqB,GAAG;AACxF,UAAM,IAAI,MAAM,2BAA2B;AAAA,EAC5C;AACA,QAAM,aAAa,IAAI,8BAA8B,UAAU;AAG/D,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,GAAG;AAGpD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,KAAK,GAAG,SAAS;AAG5D,QAAM,SAAS,aAAa,KAAK,WAAW,EAAE;AAC9C,QAAM,mBAAmB,WAAW;AAAA,IACnC;AAAA,IACA,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC;AAAA,IAC7B,EAAE;AAAA,EACH;AAGA,QAAM,WAAmC,WACvC,aAAa,EACb,IAAI,CAACA,KAAI,MAAM,CAACA,KAAI,OAAO,CAAC,EAAE,KAAK,CAAC;AAEtC,SAAO;AAAA,IACN,iBAAiB,gBAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT,YAAY;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX;AAAA,EACD;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,SAAO,cAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
+  "names": ["id"]
+}

package/dist/esm/ibe.d.ts

@@ -0,0 +1,67 @@
+import { G1Element, G2Element } from './bls12381.js';
+import type { KeyServer } from './key-server.js';
+import type { IBEEncryptionsType } from './types.js';
+/**
+ * The domain separation tag for the hash-to-group function.
+ */
+export declare const DST: Uint8Array;
+/**
+ * The domain separation tag for the signing proof of possession.
+ */
+export declare const DST_POP: Uint8Array;
+/**
+ * The interface for the key servers.
+ */
+export declare abstract class IBEServers {
+    protected readonly object_ids: Uint8Array[];
+    protected constructor(object_ids: Uint8Array[]);
+    /**
+     * The object IDs of the key servers.
+     */
+    getObjectIds(): Uint8Array[];
+    /**
+     * The number of key servers.
+     */
+    size(): number;
+    /**
+     * Encrypt a batch of messages for the given identity.
+     *
+     * @param id The identity.
+     * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.
+     * @returns The encrypted messages.
+     */
+    abstract encryptBatched(id: Uint8Array, msg_and_infos: {
+        msg: Uint8Array;
+        info: Uint8Array;
+    }[]): IBEEncryptionsType;
+}
+/**
+ * Identity-based encryption based on the Boneh-Franklin IBE scheme.
+ * This object represents a set of key servers that can be used to encrypt messages for a given identity.
+ */
+export declare class BonehFranklinBLS12381Services extends IBEServers {
+    readonly public_keys: G2Element[];
+    constructor(services: KeyServer[]);
+    encryptBatched(id: Uint8Array, msg_and_infos: {
+        msg: Uint8Array;
+        info: Uint8Array;
+    }[]): IBEEncryptionsType;
+    /**
+     * Returns true if the user secret key is valid for the given public key and id.
+     * @param user_secret_key - The user secret key.
+     * @param id - The identity.
+     * @param public_key - The public key.
+     * @returns True if the user secret key is valid for the given public key and id.
+     */
+    static verifyUserSecretKey(user_secret_key: G1Element, id: Uint8Array, public_key: G2Element): boolean;
+    /**
+     * Identity-based decryption.
+     *
+     * @param nonce The encryption nonce.
+     * @param sk The user secret key.
+     * @param ciphertext The encrypted message.
+     * @param info An info parameter also included in the KDF.
+     * @returns The decrypted message.
+     */
+    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, info: Uint8Array): Uint8Array;
+}

package/dist/esm/ibe.js

@@ -0,0 +1,87 @@
+import { G1Element, G2Element, Scalar } from "./bls12381.js";
+import { kdf } from "./kdf.js";
+import { xor } from "./utils.js";
+const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
+const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00-POP");
+class IBEServers {
+  constructor(object_ids) {
+    this.object_ids = object_ids;
+  }
+  /**
+   * The object IDs of the key servers.
+   */
+  getObjectIds() {
+    return this.object_ids;
+  }
+  /**
+   * The number of key servers.
+   */
+  size() {
+    return this.object_ids.length;
+  }
+}
+class BonehFranklinBLS12381Services extends IBEServers {
+  constructor(services) {
+    super(services.map((service) => service.objectId));
+    this.public_keys = services.map((service) => G2Element.fromBytes(service.pk));
+  }
+  encryptBatched(id, msg_and_infos) {
+    if (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {
+      throw new Error("Invalid input");
+    }
+    const [nonce, keys] = encapBatched(this.public_keys, id);
+    const encrypted_msgs = msg_and_infos.map(
+      (msg_and_info, i) => xor(msg_and_info.msg, kdf(keys[i], msg_and_info.info))
+    );
+    return {
+      BonehFranklinBLS12381: {
+        encapsulation: nonce.toBytes(),
+        shares: encrypted_msgs
+      },
+      $kind: "BonehFranklinBLS12381"
+    };
+  }
+  /**
+   * Returns true if the user secret key is valid for the given public key and id.
+   * @param user_secret_key - The user secret key.
+   * @param id - The identity.
+   * @param public_key - The public key.
+   * @returns True if the user secret key is valid for the given public key and id.
+   */
+  static verifyUserSecretKey(user_secret_key, id, public_key) {
+    const lhs = user_secret_key.pairing(G2Element.generator()).toBytes();
+    const rhs = G1Element.hashToCurve(id).pairing(public_key).toBytes();
+    return lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);
+  }
+  /**
+   * Identity-based decryption.
+   *
+   * @param nonce The encryption nonce.
+   * @param sk The user secret key.
+   * @param ciphertext The encrypted message.
+   * @param info An info parameter also included in the KDF.
+   * @returns The decrypted message.
+   */
+  static decrypt(nonce, sk, ciphertext, info) {
+    return xor(ciphertext, kdf(decap(nonce, sk), info));
+  }
+}
+function encapBatched(public_keys, id) {
+  if (public_keys.length === 0) {
+    throw new Error("Invalid input");
+  }
+  const r = Scalar.random();
+  const nonce = G2Element.generator().multiply(r);
+  const gid = G1Element.hashToCurve(id).multiply(r);
+  return [nonce, public_keys.map((public_key) => gid.pairing(public_key))];
+}
+function decap(nonce, usk) {
+  return usk.pairing(nonce);
+}
+export {
+  BonehFranklinBLS12381Services,
+  DST,
+  DST_POP,
+  IBEServers
+};
+//# sourceMappingURL=ibe.js.map

package/dist/esm/ibe.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/ibe.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport type { IBEEncryptionsType } from './types.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00-POP');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tprotected readonly object_ids: Uint8Array[];\n\n\tprotected constructor(object_ids: Uint8Array[]) {\n\t\tthis.object_ids = object_ids;\n\t}\n\n\t/**\n\t * The object IDs of the key servers.\n\t */\n\tgetObjectIds(): Uint8Array[] {\n\t\treturn this.object_ids;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.object_ids.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly public_keys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.public_keys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType {\n\t\tif (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {\n\t\t\tthrow new Error('Invalid input');\n\t\t}\n\t\tconst [nonce, keys] = encapBatched(this.public_keys, id);\n\t\tconst encrypted_msgs = msg_and_infos.map((msg_and_info, i) =>\n\t\t\txor(msg_and_info.msg, kdf(keys[i], msg_and_info.info)),\n\t\t);\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tencapsulation: nonce.toBytes(),\n\t\t\t\tshares: encrypted_msgs,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(\n\t\tuser_secret_key: G1Element,\n\t\tid: Uint8Array,\n\t\tpublic_key: G2Element,\n\t): boolean {\n\t\tconst lhs = user_secret_key.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(id).pairing(public_key).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tinfo: Uint8Array,\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), info));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param public_keys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(public_keys: G2Element[], id: Uint8Array): [G2Element, GTElement[]] {\n\tif (public_keys.length === 0) {\n\t\tthrow new Error('Invalid input');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [nonce, public_keys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
+  "mappings": "AAIA,SAAS,WAAW,WAAW,cAAc;AAC7C,SAAS,WAAW;AAGpB,SAAS,WAAW;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGtB,YAAY,YAA0B;AAC/C,SAAK,aAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,eAA6B;AAC5B,WAAO,KAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,WAAW;AAAA,EACxB;AAaD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,cAAc,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC7E;AAAA,EAEA,eACC,IACA,eACqB;AACrB,QAAI,KAAK,YAAY,WAAW,KAAK,KAAK,YAAY,WAAW,cAAc,QAAQ;AACtF,YAAM,IAAI,MAAM,eAAe;AAAA,IAChC;AACA,UAAM,CAAC,OAAO,IAAI,IAAI,aAAa,KAAK,aAAa,EAAE;AACvD,UAAM,iBAAiB,cAAc;AAAA,MAAI,CAAC,cAAc,MACvD,IAAI,aAAa,KAAK,IAAI,KAAK,CAAC,GAAG,aAAa,IAAI,CAAC;AAAA,IACtD;AAEA,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,eAAe,MAAM,QAAQ;AAAA,QAC7B,QAAQ;AAAA,MACT;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBACN,iBACA,IACA,YACU;AACV,UAAM,MAAM,gBAAgB,QAAQ,UAAU,UAAU,CAAC,EAAE,QAAQ;AACnE,UAAM,MAAM,UAAU,YAAY,EAAE,EAAE,QAAQ,UAAU,EAAE,QAAQ;AAClE,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,MACa;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,IAAI,CAAC;AAAA,EACnD;AACD;AASA,SAAS,aAAa,aAA0B,IAA0C;AACzF,MAAI,YAAY,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,UAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,OAAO,YAAY,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AACxE;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
+  "names": []
+}

package/dist/esm/index.d.ts

@@ -0,0 +1,6 @@
+export { AesGcm256 } from './aes.js';
+export { encrypt } from './encrypt.js';
+export { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer } from './key-server.js';
+export { KeyStore } from './key-store.js';
+export { SessionKey } from './session-key.js';
+export { EncryptedObject } from './types.js';

package/dist/esm/index.js

@@ -0,0 +1,17 @@
+import { AesGcm256 } from "./aes.js";
+import { encrypt } from "./encrypt.js";
+import { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer } from "./key-server.js";
+import { KeyStore } from "./key-store.js";
+import { SessionKey } from "./session-key.js";
+import { EncryptedObject } from "./types.js";
+export {
+  AesGcm256,
+  EncryptedObject,
+  KeyStore,
+  SessionKey,
+  encrypt,
+  getAllowlistedKeyServers,
+  retrieveKeyServers,
+  verifyKeyServer
+};
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { AesGcm256 } from './aes.js';\nexport { encrypt } from './encrypt.js';\nexport { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer } from './key-server.js';\nexport { KeyStore } from './key-store.js';\nexport { SessionKey } from './session-key.js';\nexport { EncryptedObject } from './types.js';\n"],
+  "mappings": "AAGA,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AACxB,SAAS,0BAA0B,oBAAoB,uBAAuB;AAC9E,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAC3B,SAAS,uBAAuB;",
+  "names": []
+}

package/dist/esm/kdf.d.ts

@@ -0,0 +1,9 @@
+import type { GTElement } from './bls12381.js';
+/**
+ * The default key derivation function.
+ *
+ * @param element The GTElement to derive the key from.
+ * @param info Optional context and application specific information.
+ * @returns The derived key.
+ */
+export declare function kdf(element: GTElement, info: Uint8Array): Uint8Array;

package/dist/esm/kdf.js

@@ -0,0 +1,9 @@
+import { hkdf } from "@noble/hashes/hkdf";
+import { sha3_256 } from "@noble/hashes/sha3";
+function kdf(element, info) {
+  return hkdf(sha3_256, element.toBytes(), "", info, 32);
+}
+export {
+  kdf
+};
+//# sourceMappingURL=kdf.js.map

package/dist/esm/kdf.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/kdf.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(element: GTElement, info: Uint8Array): Uint8Array {\n\treturn hkdf(sha3_256, element.toBytes(), '', info, 32);\n}\n"],
+  "mappings": "AAGA,SAAS,YAAY;AACrB,SAAS,gBAAgB;AAWlB,SAAS,IAAI,SAAoB,MAA8B;AACrE,SAAO,KAAK,UAAU,QAAQ,QAAQ,GAAG,IAAI,MAAM,EAAE;AACtD;",
+  "names": []
+}

package/dist/esm/key-server.d.ts

@@ -0,0 +1,38 @@
+import type { SuiClient } from '@mysten/sui/client';
+export type KeyServer = {
+    objectId: Uint8Array;
+    name: string;
+    url: string;
+    keyType: KeyServerType;
+    pk: Uint8Array;
+};
+export declare enum KeyServerType {
+    BonehFranklinBLS12381 = 0
+}
+/**
+ * Returns a static list of Seal key server object ids that the dapp can choose to use.
+ * @param network - The network to use.
+ * @returns The object id's of the key servers.
+ */
+export declare function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): Uint8Array[];
+/**
+ * Given a list of key server object IDs, returns a list of SealKeyServer
+ * from onchain state containing name, objectId, URL and pk.
+ *
+ * @param objectIds - The key server object IDs.
+ * @param client - The SuiClient to use.
+ * @returns - An array of SealKeyServer.
+ */
+export declare function retrieveKeyServers({ objectIds, client, }: {
+    objectIds: Uint8Array[];
+    client: SuiClient;
+}): Promise<KeyServer[]>;
+/**
+ * Given a KeyServer, fetch the proof of possesion (PoP) from the URL and verify it
+ * against the pubkey. This should be used only rarely when the dapp uses a dynamic
+ * set of key servers.
+ *
+ * @param server - The KeyServer to verify.
+ * @returns - True if the key server is valid, false otherwise.
+ */
+export declare function verifyKeyServer(server: KeyServer): Promise<boolean>;

package/dist/esm/key-server.js

@@ -0,0 +1,78 @@
+import { fromBase64, fromHex, toHex } from "@mysten/bcs";
+import { bcs } from "@mysten/sui/bcs";
+import { bls12_381 } from "@noble/curves/bls12-381";
+import { DST_POP } from "./ibe.js";
+var KeyServerType = /* @__PURE__ */ ((KeyServerType2) => {
+  KeyServerType2[KeyServerType2["BonehFranklinBLS12381"] = 0] = "BonehFranklinBLS12381";
+  return KeyServerType2;
+})(KeyServerType || {});
+const KeyServerMove = bcs.struct("KeyServer", {
+  id: bcs.Address,
+  name: bcs.string(),
+  url: bcs.string(),
+  key_type: bcs.u8(),
+  pk: bcs.vector(bcs.u8())
+});
+function getAllowlistedKeyServers(network) {
+  if (network === "testnet") {
+    return [
+      fromHex("0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8"),
+      fromHex("0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06")
+    ];
+  } else {
+    throw new Error("Network not supported");
+  }
+}
+async function retrieveKeyServers({
+  objectIds,
+  client
+}) {
+  return await Promise.all(
+    objectIds.map(async (objectId) => {
+      const res = await client.getObject({
+        id: toHex(objectId),
+        options: {
+          showBcs: true
+        }
+      });
+      if (!res || res.error || !res.data) {
+        throw new Error(`KeyServer ${objectId} not found; ${res.error}`);
+      }
+      if (!res.data.bcs || !("bcsBytes" in res.data.bcs)) {
+        throw new Error(`Invalid KeyServer query: ${objectId}, expected object, got package`);
+      }
+      let ks = KeyServerMove.parse(fromBase64(res.data.bcs.bcsBytes));
+      if (ks.key_type !== 0) {
+        throw new Error("Unsupported key type");
+      }
+      return {
+        objectId,
+        name: ks.name,
+        url: ks.url,
+        keyType: 0 /* BonehFranklinBLS12381 */,
+        pk: new Uint8Array(ks.pk)
+      };
+    })
+  );
+}
+async function verifyKeyServer(server) {
+  const response = await fetch(server.url + "/v1/service", {
+    method: "GET",
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+  const serviceResponse = await response.json();
+  if (serviceResponse.service_id !== server.objectId) {
+    return false;
+  }
+  const fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...server.objectId]);
+  return bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);
+}
+export {
+  KeyServerType,
+  getAllowlistedKeyServers,
+  retrieveKeyServers,
+  verifyKeyServer
+};
+//# sourceMappingURL=key-server.js.map

package/dist/esm/key-server.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/key-server.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\nimport { fromBase64, fromHex, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\nimport type { SuiClient } from '@mysten/sui/client';\nimport { bls12_381 } from '@noble/curves/bls12-381';\n\nimport { DST_POP } from './ibe.js';\n\nexport type KeyServer = {\n\tobjectId: Uint8Array;\n\tname: string;\n\turl: string;\n\tkeyType: KeyServerType;\n\tpk: Uint8Array;\n};\n\nexport enum KeyServerType {\n\tBonehFranklinBLS12381 = 0,\n}\n\n// The Move struct for the KeyServer object.\nconst KeyServerMove = bcs.struct('KeyServer', {\n\tid: bcs.Address,\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tkey_type: bcs.u8(),\n\tpk: bcs.vector(bcs.u8()),\n});\n\n/**\n * Returns a static list of Seal key server object ids that the dapp can choose to use.\n * @param network - The network to use.\n * @returns The object id's of the key servers.\n */\nexport function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): Uint8Array[] {\n\tif (network === 'testnet') {\n\t\treturn [\n\t\t\tfromHex('0xb35a7228d8cf224ad1e828c0217c95a5153bafc2906d6f9c178197dce26fbcf8'),\n\t\t\tfromHex('0x2d6cde8a9d9a65bde3b0a346566945a63b4bfb70e9a06c41bdb70807e2502b06'),\n\t\t];\n\t} else {\n\t\tthrow new Error('Network not supported');\n\t}\n}\n\n/**\n * Given a list of key server object IDs, returns a list of SealKeyServer\n * from onchain state containing name, objectId, URL and pk.\n *\n * @param objectIds - The key server object IDs.\n * @param client - The SuiClient to use.\n * @returns - An array of SealKeyServer.\n */\nexport async function retrieveKeyServers({\n\tobjectIds,\n\tclient,\n}: {\n\tobjectIds: Uint8Array[];\n\tclient: SuiClient;\n}): Promise<KeyServer[]> {\n\treturn await Promise.all(\n\t\tobjectIds.map(async (objectId) => {\n\t\t\tconst res = await client.getObject({\n\t\t\t\tid: toHex(objectId),\n\t\t\t\toptions: {\n\t\t\t\t\tshowBcs: true,\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!res || res.error || !res.data) {\n\t\t\t\tthrow new Error(`KeyServer ${objectId} not found; ${res.error}`);\n\t\t\t}\n\n\t\t\tif (!res.data.bcs || !('bcsBytes' in res.data.bcs)) {\n\t\t\t\tthrow new Error(`Invalid KeyServer query: ${objectId}, expected object, got package`);\n\t\t\t}\n\n\t\t\tlet ks = KeyServerMove.parse(fromBase64(res.data.bcs!.bcsBytes));\n\t\t\tif (ks.key_type !== 0) {\n\t\t\t\tthrow new Error('Unsupported key type');\n\t\t\t}\n\n\t\t\treturn {\n\t\t\t\tobjectId,\n\t\t\t\tname: ks.name,\n\t\t\t\turl: ks.url,\n\t\t\t\tkeyType: KeyServerType.BonehFranklinBLS12381,\n\t\t\t\tpk: new Uint8Array(ks.pk),\n\t\t\t};\n\t\t}),\n\t);\n}\n\n/**\n * Given a KeyServer, fetch the proof of possesion (PoP) from the URL and verify it\n * against the pubkey. This should be used only rarely when the dapp uses a dynamic\n * set of key servers.\n *\n * @param server - The KeyServer to verify.\n * @returns - True if the key server is valid, false otherwise.\n */\nexport async function verifyKeyServer(server: KeyServer): Promise<boolean> {\n\tconst response = await fetch(server.url! + '/v1/service', {\n\t\tmethod: 'GET',\n\t\theaders: {\n\t\t\t'Content-Type': 'application/json',\n\t\t},\n\t});\n\tconst serviceResponse = await response.json();\n\n\tif (serviceResponse.service_id !== server.objectId) {\n\t\treturn false;\n\t}\n\tconst fullMsg = new Uint8Array([...DST_POP, ...server.pk, ...server.objectId]);\n\treturn bls12_381.verifyShortSignature(fromBase64(serviceResponse.pop), fullMsg, server.pk);\n}\n"],
+  "mappings": "AAEA,SAAS,YAAY,SAAS,aAAa;AAC3C,SAAS,WAAW;AAEpB,SAAS,iBAAiB;AAE1B,SAAS,eAAe;AAUjB,IAAK,gBAAL,kBAAKA,mBAAL;AACN,EAAAA,8BAAA,2BAAwB,KAAxB;AADW,SAAAA;AAAA,GAAA;AAKZ,MAAM,gBAAgB,IAAI,OAAO,aAAa;AAAA,EAC7C,IAAI,IAAI;AAAA,EACR,MAAM,IAAI,OAAO;AAAA,EACjB,KAAK,IAAI,OAAO;AAAA,EAChB,UAAU,IAAI,GAAG;AAAA,EACjB,IAAI,IAAI,OAAO,IAAI,GAAG,CAAC;AACxB,CAAC;AAOM,SAAS,yBAAyB,SAA8C;AACtF,MAAI,YAAY,WAAW;AAC1B,WAAO;AAAA,MACN,QAAQ,oEAAoE;AAAA,MAC5E,QAAQ,oEAAoE;AAAA,IAC7E;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC;AACD;AAUA,eAAsB,mBAAmB;AAAA,EACxC;AAAA,EACA;AACD,GAGyB;AACxB,SAAO,MAAM,QAAQ;AAAA,IACpB,UAAU,IAAI,OAAO,aAAa;AACjC,YAAM,MAAM,MAAM,OAAO,UAAU;AAAA,QAClC,IAAI,MAAM,QAAQ;AAAA,QAClB,SAAS;AAAA,UACR,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AACD,UAAI,CAAC,OAAO,IAAI,SAAS,CAAC,IAAI,MAAM;AACnC,cAAM,IAAI,MAAM,aAAa,QAAQ,eAAe,IAAI,KAAK,EAAE;AAAA,MAChE;AAEA,UAAI,CAAC,IAAI,KAAK,OAAO,EAAE,cAAc,IAAI,KAAK,MAAM;AACnD,cAAM,IAAI,MAAM,4BAA4B,QAAQ,gCAAgC;AAAA,MACrF;AAEA,UAAI,KAAK,cAAc,MAAM,WAAW,IAAI,KAAK,IAAK,QAAQ,CAAC;AAC/D,UAAI,GAAG,aAAa,GAAG;AACtB,cAAM,IAAI,MAAM,sBAAsB;AAAA,MACvC;AAEA,aAAO;AAAA,QACN;AAAA,QACA,MAAM,GAAG;AAAA,QACT,KAAK,GAAG;AAAA,QACR,SAAS;AAAA,QACT,IAAI,IAAI,WAAW,GAAG,EAAE;AAAA,MACzB;AAAA,IACD,CAAC;AAAA,EACF;AACD;AAUA,eAAsB,gBAAgB,QAAqC;AAC1E,QAAM,WAAW,MAAM,MAAM,OAAO,MAAO,eAAe;AAAA,IACzD,QAAQ;AAAA,IACR,SAAS;AAAA,MACR,gBAAgB;AAAA,IACjB;AAAA,EACD,CAAC;AACD,QAAM,kBAAkB,MAAM,SAAS,KAAK;AAE5C,MAAI,gBAAgB,eAAe,OAAO,UAAU;AACnD,WAAO;AAAA,EACR;AACA,QAAM,UAAU,IAAI,WAAW,CAAC,GAAG,SAAS,GAAG,OAAO,IAAI,GAAG,OAAO,QAAQ,CAAC;AAC7E,SAAO,UAAU,qBAAqB,WAAW,gBAAgB,GAAG,GAAG,SAAS,OAAO,EAAE;AAC1F;",
+  "names": ["KeyServerType"]
+}

package/dist/esm/key-store.d.ts

@@ -0,0 +1,49 @@
+import { G1Element } from './bls12381.js';
+import type { KeyServer } from './key-server.js';
+import type { SessionKey } from './session-key.js';
+import type { EncryptedObject } from './types.js';
+/**
+ * A class to cache user secret keys after they have been fetched from key servers.
+ */
+export declare class KeyStore {
+    private readonly keys_map;
+    constructor();
+    private createMapKey;
+    /** @internal */
+    addKey(fullId: Uint8Array, objectId: Uint8Array, key: G1Element): void;
+    /**
+     * Get a key from this KeyStore or undefined if the key is not found.
+     *
+     * @param fullId The full ID used to derive the key.
+     * @param objectId The object ID of the key server holding the key.
+     */
+    private getKey;
+    /**
+     * Check if the key store has a key for the given full ID and object ID.
+     *
+     * @param fullId The full ID used to derive the key.
+     * @param objectId The object ID of the key server holding the key.
+     */
+    private hasKey;
+    /**
+     * Look up URLs of key servers and fetch key from servers with request signature,
+     * cert and ephPk, then updates the caching keys_map.
+     */
+    fetchKeys({ keyServers, threshold: _threshold, packageId, ids, txBytes, sessionKey, }: {
+        keyServers: KeyServer[];
+        threshold: number;
+        packageId: Uint8Array;
+        ids: Uint8Array[];
+        txBytes: Uint8Array;
+        sessionKey: SessionKey;
+    }): Promise<void>;
+    /**
+     * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
+     * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
+     * otherwise, this will throw an error.
+     *
+     * @param encryptedObject - EncryptedObject.
+     * @returns - The decrypted plaintext corresponding to ciphertext.
+     */
+    decrypt(encryptedObject: typeof EncryptedObject.$inferType): Promise<Uint8Array>;
+}