@mysten/seal 0.10.0 → 1.0.0

package/dist/esm/error.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/error.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(error: string, message: string, requestId: string, status?: number) {\n\t\tswitch (error) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId, message);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'InvalidSDKVersion':\n\t\t\t\treturn new InvalidSDKVersionError(requestId);\n\t\t\tcase 'InvalidSDKType':\n\t\t\t\treturn new InvalidSDKTypeError(requestId);\n\t\t\tcase 'DeprecatedSDKVersion':\n\t\t\t\treturn new DeprecatedSDKVersionError(requestId);\n\t\t\tcase 'InvalidParameter':\n\t\t\t\treturn new InvalidParameterError(requestId);\n\t\t\tcase 'InvalidMVRName':\n\t\t\t\treturn new InvalidMVRNameError(requestId);\n\t\t\tcase 'InvalidServiceId':\n\t\t\t\treturn new InvalidKeyServerObjectIdError(requestId);\n\t\t\tcase 'UnsupportedPackageId':\n\t\t\t\treturn new UnsupportedPackageIdError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\tconst message = JSON.parse(text)['message'];\n\t\t\terrorInstance = SealAPIError.#generate(error, message, requestId);\n\t\t} catch {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string, message?: string) {\n\t\tsuper('PTB does not conform to the expected format ' + message, requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class InvalidParameterError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper(\n\t\t\t'PTB contains an invalid parameter, possibly a newly created object that the FN has not yet seen',\n\t\t\trequestId,\n\t\t);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\nexport class InvalidMVRNameError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('MVR name is invalid or not consistent with the first version of the package', requestId);\n\t}\n}\n\n/** Server error indicating that the requested key server object id is invalid */\nexport class InvalidKeyServerObjectIdError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Key server object ID is invalid', requestId);\n\t}\n}\n\n/** Server error indicating that the requested package id is not supported (i.e., key server is running in Permissioned mode) */\nexport class UnsupportedPackageIdError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Requested package is not supported', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the SDK version is invalid (implying that HTTP headers used by the SDK are being removed) or deprecated (implying that the SDK should be upgraded).\n\nexport class InvalidSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is invalid', requestId);\n\t}\n}\n\nexport class InvalidSDKTypeError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK type is invalid', requestId);\n\t}\n}\n\nexport class DeprecatedSDKVersionError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('SDK version is deprecated', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidKeyServerVersionError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\nexport class DecryptionError extends UserError {}\nexport class InvalidClientOptionsError extends UserError {}\nexport class TooManyFailedFetchKeyRequestsError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
-  "mappings": ";;;;;;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EAqCA,aAAa,eAAe,UAAoB,WAAmB;AApDpE;AAqDE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,YAAM,UAAU,KAAK,MAAM,IAAI,EAAE,SAAS;AAC1C,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO,SAAS;AAAA,IACxD,QAAQ;AAGP,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AA7DO;AASC,cAAS,SAAC,OAAe,SAAiB,WAAmB,QAAiB;AACpF,UAAQ,OAAO;AAAA,IACd,KAAK;AACJ,aAAO,IAAI,gBAAgB,WAAW,OAAO;AAAA,IAC9C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,sBAAsB,SAAS;AAAA,IAC3C,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,8BAA8B,SAAS;AAAA,IACnD,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AA1CM,aAAM,eAAN;AAAA,IAAM,eAAN;AAiEA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB,SAAkB;AACjD,UAAM,iDAAiD,SAAS,SAAS;AAAA,EAC1E;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,8BAA8B,aAAa;AAAA,EACvD,YAAY,WAAoB;AAC/B;AAAA,MACC;AAAA,MACA;AAAA,IACD;AAAA,EACD;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,+EAA+E,SAAS;AAAA,EAC/F;AACD;AAGO,MAAM,sCAAsC,aAAa;AAAA,EAC/D,YAAY,WAAoB;AAC/B,UAAM,mCAAmC,SAAS;AAAA,EACnD;AACD;AAGO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,sCAAsC,SAAS;AAAA,EACtD;AACD;AAIO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,0BAA0B,SAAS;AAAA,EAC1C;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,uBAAuB,SAAS;AAAA,EACvC;AACD;AAEO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,6BAA6B,SAAS;AAAA,EAC7C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,qCAAqC,UAAU;AAAC;AACtD,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AACrD,MAAM,wBAAwB,UAAU;AAAC;AACzC,MAAM,kCAAkC,UAAU;AAAC;AACnD,MAAM,2CAA2C,UAAU;AAAC;AAE5D,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
-  "names": []
-}

package/dist/esm/ibe.d.ts

@@ -1,98 +0,0 @@
-import type { IBEEncryptions } from './bcs.js';
-import type { G1Element } from './bls12381.js';
-import { G2Element } from './bls12381.js';
-import type { KeyServer } from './key-server.js';
-import type { Share } from './shamir.js';
-/**
- * The domain separation tag for the signing proof of possession.
- */
-export declare const DST_POP: Uint8Array;
-/**
- * The interface for the key servers.
- */
-export declare abstract class IBEServers {
-    objectIds: string[];
-    constructor(objectIds: string[]);
-    /**
-     * Encrypt a batch of messages for the given identity.
-     *
-     * @param id The identity.
-     * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.
-     * @returns The encrypted messages.
-     */
-    abstract encryptBatched(id: Uint8Array, shares: Share[], baseKey: Uint8Array, threshold: number): typeof IBEEncryptions.$inferType;
-}
-/**
- * Identity-based encryption based on the Boneh-Franklin IBE scheme (https://eprint.iacr.org/2001/090).
- * Note that this implementation is of the "BasicIdent" protocol which on its own is not CCA secure, so this IBE implementation should not be used on its own.
- *
- * This object represents a set of key servers that can be used to encrypt messages for a given identity.
- */
-export declare class BonehFranklinBLS12381Services extends IBEServers {
-    readonly publicKeys: G2Element[];
-    constructor(services: KeyServer[]);
-    encryptBatched(id: Uint8Array, shares: Share[], baseKey: Uint8Array, threshold: number): typeof IBEEncryptions.$inferType;
-    /**
-     * Returns true if the user secret key is valid for the given public key and id.
-     * @param user_secret_key - The user secret key.
-     * @param id - The identity.
-     * @param public_key - The public key.
-     * @returns True if the user secret key is valid for the given public key and id.
-     */
-    static verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean;
-    /**
-     * Identity-based decryption.
-     *
-     * @param nonce The encryption nonce.
-     * @param sk The user secret key.
-     * @param ciphertext The encrypted message.
-     * @param id The identity.
-     * @param [objectId, index] The object id and index of the share.
-     * @returns The decrypted message.
-     */
-    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, id: Uint8Array, [objectId, index]: [string, number]): Uint8Array;
-    /**
-     * Decrypt all shares and verify that the randomness was used to create the given nonce.
-     *
-     * @param randomness - The randomness.
-     * @param encryptedShares - The encrypted shares.
-     * @param services - The services.
-     * @param publicKeys - The public keys.
-     * @param nonce - The nonce.
-     * @param id - The id.
-     * @returns All decrypted shares.
-     */
-    static decryptAllSharesUsingRandomness(randomness: Uint8Array, encryptedShares: Uint8Array[], services: [string, number][], publicKeys: G2Element[], nonce: G2Element, id: Uint8Array): {
-        index: number;
-        share: Uint8Array;
-    }[];
-}
-/**
- * Verify that the given randomness was used to crate the nonce.
- * Throws an error if the given randomness is invalid (not a BLS scalar).
- *
- * @param randomness - The randomness.
- * @param nonce - The nonce.
- * @param useBE - Flag to indicate if BE encoding is used for the randomness. Defaults to true.
- * @returns True if the randomness was used to create the nonce, false otherwise.
- */
-export declare function verifyNonce(nonce: G2Element, randomness: Uint8Array, useBE?: boolean): boolean;
-/**
- * Decrypt the randomness using a key.
- *
- * @param encrypted_randomness - The encrypted randomness.
- * @param derived_key - The derived key.
- * @returns The randomness. Returns both the scalar interpreted in big-endian and little-endian encoding.
- */
-export declare function decryptRandomness(encryptedRandomness: Uint8Array, randomnessKey: Uint8Array): Uint8Array;
-/**
- * Verify that the given randomness was used to crate the nonce.
- * Check using both big-endian and little-endian encoding of the randomness.
- *
- * Throws an error if the nonce check doesn't pass using LE encoding _and_ the randomness is invalid as a BE encoded scalar.
- *
- * @param randomness - The randomness.
- * @param nonce - The nonce.
- * @returns True if the randomness was used to create the nonce using either LE or BE encoding, false otherwise.
- */
-export declare function verifyNonceWithLE(nonce: G2Element, randomness: Uint8Array): boolean;

package/dist/esm/ibe.js

@@ -1,147 +0,0 @@
-import { fromHex } from "@mysten/bcs";
-import { G2Element, Scalar } from "./bls12381.js";
-import { deriveKey, hashToG1, kdf, KeyPurpose } from "./kdf.js";
-import { xor } from "./utils.js";
-import { InvalidCiphertextError } from "./error.js";
-const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-POP-00");
-class IBEServers {
-  constructor(objectIds) {
-    this.objectIds = objectIds;
-  }
-}
-class BonehFranklinBLS12381Services extends IBEServers {
-  constructor(services) {
-    super(services.map((service) => service.objectId));
-    this.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));
-  }
-  encryptBatched(id, shares, baseKey, threshold) {
-    if (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {
-      throw new Error("Invalid public keys");
-    }
-    const [r, nonce, keys] = encapBatched(this.publicKeys, id);
-    const encryptedShares = shares.map(
-      ({ share, index }, i) => xor(share, kdf(keys[i], nonce, id, this.objectIds[i], index))
-    );
-    const randomnessKey = deriveKey(
-      KeyPurpose.EncryptedRandomness,
-      baseKey,
-      encryptedShares,
-      threshold,
-      this.objectIds
-    );
-    const encryptedRandomness = xor(randomnessKey, r.toBytes());
-    return {
-      BonehFranklinBLS12381: {
-        nonce: nonce.toBytes(),
-        encryptedShares,
-        encryptedRandomness
-      },
-      $kind: "BonehFranklinBLS12381"
-    };
-  }
-  /**
-   * Returns true if the user secret key is valid for the given public key and id.
-   * @param user_secret_key - The user secret key.
-   * @param id - The identity.
-   * @param public_key - The public key.
-   * @returns True if the user secret key is valid for the given public key and id.
-   */
-  static verifyUserSecretKey(userSecretKey, id, publicKey) {
-    const lhs = userSecretKey.pairing(G2Element.generator());
-    const rhs = hashToG1(fromHex(id)).pairing(publicKey);
-    return lhs.equals(rhs);
-  }
-  /**
-   * Identity-based decryption.
-   *
-   * @param nonce The encryption nonce.
-   * @param sk The user secret key.
-   * @param ciphertext The encrypted message.
-   * @param id The identity.
-   * @param [objectId, index] The object id and index of the share.
-   * @returns The decrypted message.
-   */
-  static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
-    return xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));
-  }
-  /**
-   * Decrypt all shares and verify that the randomness was used to create the given nonce.
-   *
-   * @param randomness - The randomness.
-   * @param encryptedShares - The encrypted shares.
-   * @param services - The services.
-   * @param publicKeys - The public keys.
-   * @param nonce - The nonce.
-   * @param id - The id.
-   * @returns All decrypted shares.
-   */
-  static decryptAllSharesUsingRandomness(randomness, encryptedShares, services, publicKeys, nonce, id) {
-    if (publicKeys.length !== encryptedShares.length || publicKeys.length !== services.length) {
-      throw new Error("The number of public keys, encrypted shares and services must be the same");
-    }
-    let r;
-    try {
-      r = Scalar.fromBytes(randomness);
-    } catch {
-      throw new InvalidCiphertextError("Invalid randomness");
-    }
-    const gid_r = hashToG1(id).multiply(r);
-    return services.map(([objectId, index], i) => {
-      return {
-        index,
-        share: xor(
-          encryptedShares[i],
-          kdf(gid_r.pairing(publicKeys[i]), nonce, id, objectId, index)
-        )
-      };
-    });
-  }
-}
-function encapBatched(publicKeys, id) {
-  if (publicKeys.length === 0) {
-    throw new Error("No public keys provided");
-  }
-  const r = Scalar.random();
-  const nonce = G2Element.generator().multiply(r);
-  const gid_r = hashToG1(id).multiply(r);
-  return [r, nonce, publicKeys.map((public_key) => gid_r.pairing(public_key))];
-}
-function decap(nonce, usk) {
-  return usk.pairing(nonce);
-}
-function verifyNonce(nonce, randomness, useBE = true) {
-  try {
-    const r = decodeRandomness(randomness, useBE);
-    return G2Element.generator().multiply(r).equals(nonce);
-  } catch {
-    throw new InvalidCiphertextError("Invalid randomness");
-  }
-}
-function decodeRandomness(bytes, useBE) {
-  if (useBE) {
-    return Scalar.fromBytes(bytes);
-  } else {
-    return Scalar.fromBytesLE(bytes);
-  }
-}
-function decryptRandomness(encryptedRandomness, randomnessKey) {
-  return xor(encryptedRandomness, randomnessKey);
-}
-function verifyNonceWithLE(nonce, randomness) {
-  try {
-    if (verifyNonce(nonce, randomness, false)) {
-      return true;
-    }
-  } catch {
-  }
-  return verifyNonce(nonce, randomness, true);
-}
-export {
-  BonehFranklinBLS12381Services,
-  DST_POP,
-  IBEServers,
-  decryptRandomness,
-  verifyNonce,
-  verifyNonceWithLE
-};
-//# sourceMappingURL=ibe.js.map

package/dist/esm/ibe.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/ibe.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { G1Element, GTElement } from './bls12381.js';\nimport { G2Element, Scalar } from './bls12381.js';\nimport { deriveKey, hashToG1, kdf, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\nimport type { Share } from './shamir.js';\nimport { InvalidCiphertextError } from './error.js';\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme (https://eprint.iacr.org/2001/090).\n * Note that this implementation is of the \"BasicIdent\" protocol which on its own is not CCA secure, so this IBE implementation should not be used on its own.\n *\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tshares: Share[],\n\t\tbaseKey: Uint8Array,\n\t\tthreshold: number,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== shares.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = shares.map(({ share, index }, i) =>\n\t\t\txor(share, kdf(keys[i], nonce, id, this.objectIds[i], index)),\n\t\t);\n\t\tconst randomnessKey = deriveKey(\n\t\t\tKeyPurpose.EncryptedRandomness,\n\t\t\tbaseKey,\n\t\t\tencryptedShares,\n\t\t\tthreshold,\n\t\t\tthis.objectIds,\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator());\n\t\tconst rhs = hashToG1(fromHex(id)).pairing(publicKey);\n\t\treturn lhs.equals(rhs);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param id The identity.\n\t * @param [objectId, index] The object id and index of the share.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n\n\t/**\n\t * Decrypt all shares and verify that the randomness was used to create the given nonce.\n\t *\n\t * @param randomness - The randomness.\n\t * @param encryptedShares - The encrypted shares.\n\t * @param services - The services.\n\t * @param publicKeys - The public keys.\n\t * @param nonce - The nonce.\n\t * @param id - The id.\n\t * @returns All decrypted shares.\n\t */\n\tstatic decryptAllSharesUsingRandomness(\n\t\trandomness: Uint8Array,\n\t\tencryptedShares: Uint8Array[],\n\t\tservices: [string, number][],\n\t\tpublicKeys: G2Element[],\n\t\tnonce: G2Element,\n\t\tid: Uint8Array,\n\t): { index: number; share: Uint8Array }[] {\n\t\tif (publicKeys.length !== encryptedShares.length || publicKeys.length !== services.length) {\n\t\t\tthrow new Error('The number of public keys, encrypted shares and services must be the same');\n\t\t}\n\t\tlet r;\n\t\ttry {\n\t\t\tr = Scalar.fromBytes(randomness);\n\t\t} catch {\n\t\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t\t}\n\t\tconst gid_r = hashToG1(id).multiply(r);\n\t\treturn services.map(([objectId, index], i) => {\n\t\t\treturn {\n\t\t\t\tindex,\n\t\t\t\tshare: xor(\n\t\t\t\t\tencryptedShares[i],\n\t\t\t\t\tkdf(gid_r.pairing(publicKeys[i]), nonce, id, objectId, index),\n\t\t\t\t),\n\t\t\t};\n\t\t});\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns The randomness, a common nonce of the keys and a list of keys.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid_r = hashToG1(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid_r.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Throws an error if the given randomness is invalid (not a BLS scalar).\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @param useBE - Flag to indicate if BE encoding is used for the randomness. Defaults to true.\n * @returns True if the randomness was used to create the nonce, false otherwise.\n */\nexport function verifyNonce(\n\tnonce: G2Element,\n\trandomness: Uint8Array,\n\tuseBE: boolean = true,\n): boolean {\n\ttry {\n\t\tconst r = decodeRandomness(randomness, useBE);\n\t\treturn G2Element.generator().multiply(r).equals(nonce);\n\t} catch {\n\t\tthrow new InvalidCiphertextError('Invalid randomness');\n\t}\n}\n\nfunction decodeRandomness(bytes: Uint8Array, useBE: boolean): Scalar {\n\tif (useBE) {\n\t\treturn Scalar.fromBytes(bytes);\n\t} else {\n\t\treturn Scalar.fromBytesLE(bytes);\n\t}\n}\n\n/**\n * Decrypt the randomness using a key.\n *\n * @param encrypted_randomness - The encrypted randomness.\n * @param derived_key - The derived key.\n * @returns The randomness. Returns both the scalar interpreted in big-endian and little-endian encoding.\n */\nexport function decryptRandomness(\n\tencryptedRandomness: Uint8Array,\n\trandomnessKey: Uint8Array,\n): Uint8Array {\n\treturn xor(encryptedRandomness, randomnessKey);\n}\n\n/**\n * Verify that the given randomness was used to crate the nonce.\n * Check using both big-endian and little-endian encoding of the randomness.\n *\n * Throws an error if the nonce check doesn't pass using LE encoding _and_ the randomness is invalid as a BE encoded scalar.\n *\n * @param randomness - The randomness.\n * @param nonce - The nonce.\n * @returns True if the randomness was used to create the nonce using either LE or BE encoding, false otherwise.\n */\nexport function verifyNonceWithLE(nonce: G2Element, randomness: Uint8Array): boolean {\n\ttry {\n\t\t// First try little-endian encoding\n\t\tif (verifyNonce(nonce, randomness, false)) {\n\t\t\treturn true;\n\t\t}\n\t} catch {\n\t\t// Ignore error and try big-endian encoding\n\t}\n\treturn verifyNonce(nonce, randomness, true);\n}\n"],
-  "mappings": "AAGA,SAAS,eAAe;AAIxB,SAAS,WAAW,cAAc;AAClC,SAAS,WAAW,UAAU,KAAK,kBAAkB;AAErD,SAAS,WAAW;AAEpB,SAAS,8BAA8B;AAKhC,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAeD;AAQO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,QACA,SACA,WACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,OAAO,QAAQ;AAC7E,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,OAAO;AAAA,MAAI,CAAC,EAAE,OAAO,MAAM,GAAG,MACrD,IAAI,OAAO,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,KAAK,CAAC;AAAA,IAC7D;AACA,UAAM,gBAAgB;AAAA,MACrB,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,IACN;AACA,UAAM,sBAAsB,IAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,UAAU,UAAU,CAAC;AACvD,UAAM,MAAM,SAAS,QAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS;AACnD,WAAO,IAAI,OAAO,GAAG;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,OAAO,gCACN,YACA,iBACA,UACA,YACA,OACA,IACyC;AACzC,QAAI,WAAW,WAAW,gBAAgB,UAAU,WAAW,WAAW,SAAS,QAAQ;AAC1F,YAAM,IAAI,MAAM,2EAA2E;AAAA,IAC5F;AACA,QAAI;AACJ,QAAI;AACH,UAAI,OAAO,UAAU,UAAU;AAAA,IAChC,QAAQ;AACP,YAAM,IAAI,uBAAuB,oBAAoB;AAAA,IACtD;AACA,UAAM,QAAQ,SAAS,EAAE,EAAE,SAAS,CAAC;AACrC,WAAO,SAAS,IAAI,CAAC,CAAC,UAAU,KAAK,GAAG,MAAM;AAC7C,aAAO;AAAA,QACN;AAAA,QACA,OAAO;AAAA,UACN,gBAAgB,CAAC;AAAA,UACjB,IAAI,MAAM,QAAQ,WAAW,CAAC,CAAC,GAAG,OAAO,IAAI,UAAU,KAAK;AAAA,QAC7D;AAAA,MACD;AAAA,IACD,CAAC;AAAA,EACF;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,QAAQ,SAAS,EAAE,EAAE,SAAS,CAAC;AACrC,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,MAAM,QAAQ,UAAU,CAAC,CAAC;AAC5E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;AAWO,SAAS,YACf,OACA,YACA,QAAiB,MACP;AACV,MAAI;AACH,UAAM,IAAI,iBAAiB,YAAY,KAAK;AAC5C,WAAO,UAAU,UAAU,EAAE,SAAS,CAAC,EAAE,OAAO,KAAK;AAAA,EACtD,QAAQ;AACP,UAAM,IAAI,uBAAuB,oBAAoB;AAAA,EACtD;AACD;AAEA,SAAS,iBAAiB,OAAmB,OAAwB;AACpE,MAAI,OAAO;AACV,WAAO,OAAO,UAAU,KAAK;AAAA,EAC9B,OAAO;AACN,WAAO,OAAO,YAAY,KAAK;AAAA,EAChC;AACD;AASO,SAAS,kBACf,qBACA,eACa;AACb,SAAO,IAAI,qBAAqB,aAAa;AAC9C;AAYO,SAAS,kBAAkB,OAAkB,YAAiC;AACpF,MAAI;AAEH,QAAI,YAAY,OAAO,YAAY,KAAK,GAAG;AAC1C,aAAO;AAAA,IACR;AAAA,EACD,QAAQ;AAAA,EAER;AACA,SAAO,YAAY,OAAO,YAAY,IAAI;AAC3C;",
-  "names": []
-}

package/dist/esm/index.d.ts

@@ -1,6 +0,0 @@
-export { EncryptedObject } from './bcs.js';
-export { SealClient } from './client.js';
-export { SessionKey, type ExportedSessionKey } from './session-key.js';
-export * from './error.js';
-export type { SealCompatibleClient, SealClientOptions, SealClientExtensionOptions, KeyServerConfig, EncryptOptions, DecryptOptions, FetchKeysOptions, GetDerivedKeysOptions, } from './types.js';
-export { DemType } from './encrypt.js';

package/dist/esm/index.js

@@ -1,12 +0,0 @@
-import { EncryptedObject } from "./bcs.js";
-import { SealClient } from "./client.js";
-import { SessionKey } from "./session-key.js";
-export * from "./error.js";
-import { DemType } from "./encrypt.js";
-export {
-  DemType,
-  EncryptedObject,
-  SealClient,
-  SessionKey
-};
-//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { EncryptedObject } from './bcs.js';\nexport { SealClient } from './client.js';\nexport { SessionKey, type ExportedSessionKey } from './session-key.js';\nexport * from './error.js';\nexport type {\n\tSealCompatibleClient,\n\tSealClientOptions,\n\tSealClientExtensionOptions,\n\tKeyServerConfig,\n\tEncryptOptions,\n\tDecryptOptions,\n\tFetchKeysOptions,\n\tGetDerivedKeysOptions,\n} from './types.js';\nexport { DemType } from './encrypt.js';\n"],
-  "mappings": "AAGA,SAAS,uBAAuB;AAChC,SAAS,kBAAkB;AAC3B,SAAS,kBAA2C;AACpD,cAAc;AAWd,SAAS,eAAe;",
-  "names": []
-}

package/dist/esm/kdf.d.ts

@@ -1,30 +0,0 @@
-import { G1Element } from './bls12381.js';
-import type { G2Element, GTElement } from './bls12381.js';
-/**
- * Hash an id to a G1Element.
- *
- * @param id The id to hash.
- * @returns The G1Element.
- */
-export declare function hashToG1(id: Uint8Array): G1Element;
-/**
- * The default key derivation function.
- *
- * @returns The derived key.
- */
-export declare function kdf(element: GTElement, nonce: G2Element, id: Uint8Array, objectId: string, index: number): Uint8Array;
-export declare enum KeyPurpose {
-    EncryptedRandomness = 0,
-    DEM = 1
-}
-/**
- * Derive a key from a base key and a list of encrypted shares.
- *
- * @param purpose The purpose of the key.
- * @param baseKey The base key.
- * @param encryptedShares The encrypted shares.
- * @param threshold The threshold.
- * @param keyServers The object ids of the key servers.
- * @returns The derived key.
- */
-export declare function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array, encryptedShares: Uint8Array[], threshold: number, keyServers: string[]): Uint8Array;

package/dist/esm/kdf.js

@@ -1,83 +0,0 @@
-import { fromHex } from "@mysten/bcs";
-import { sha3_256 } from "@noble/hashes/sha3";
-import { G1Element } from "./bls12381.js";
-import {
-  ENCRYPTED_SHARE_LENGTH,
-  flatten,
-  KEY_LENGTH,
-  MAX_U8,
-  SUI_ADDRESS_LENGTH
-} from "./utils.js";
-const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
-const KDF_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H2-00");
-const DERIVE_KEY_DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-H3-00");
-function hashToG1(id) {
-  return G1Element.hashToCurve(flatten([DST, id]));
-}
-function kdf(element, nonce, id, objectId, index) {
-  if (!Number.isInteger(index) || index < 0 || index > MAX_U8) {
-    throw new Error(`Invalid index ${index}`);
-  }
-  const objectIdBytes = fromHex(objectId);
-  if (objectIdBytes.length !== SUI_ADDRESS_LENGTH) {
-    throw new Error(`Invalid object id ${objectId}`);
-  }
-  const hash = sha3_256.create();
-  hash.update(KDF_DST);
-  hash.update(element.toBytes());
-  hash.update(nonce.toBytes());
-  hash.update(hashToG1(id).toBytes());
-  hash.update(objectIdBytes);
-  hash.update(new Uint8Array([index]));
-  return hash.digest();
-}
-var KeyPurpose = /* @__PURE__ */ ((KeyPurpose2) => {
-  KeyPurpose2[KeyPurpose2["EncryptedRandomness"] = 0] = "EncryptedRandomness";
-  KeyPurpose2[KeyPurpose2["DEM"] = 1] = "DEM";
-  return KeyPurpose2;
-})(KeyPurpose || {});
-function tag(purpose) {
-  switch (purpose) {
-    case 0 /* EncryptedRandomness */:
-      return new Uint8Array([0]);
-    case 1 /* DEM */:
-      return new Uint8Array([1]);
-    default:
-      throw new Error(`Invalid key purpose ${purpose}`);
-  }
-}
-function deriveKey(purpose, baseKey, encryptedShares, threshold, keyServers) {
-  if (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {
-    throw new Error(`Invalid threshold ${threshold}`);
-  }
-  if (encryptedShares.length !== keyServers.length) {
-    throw new Error(
-      `Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`
-    );
-  }
-  const keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));
-  if (keyServerBytes.some((keyServer) => keyServer.length !== SUI_ADDRESS_LENGTH)) {
-    throw new Error(`Invalid key servers ${keyServers}`);
-  }
-  if (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {
-    throw new Error(`Invalid encrypted shares ${encryptedShares}`);
-  }
-  if (baseKey.length !== KEY_LENGTH) {
-    throw new Error(`Invalid base key ${baseKey}`);
-  }
-  const hash = sha3_256.create();
-  hash.update(DERIVE_KEY_DST);
-  hash.update(baseKey);
-  hash.update(tag(purpose));
-  hash.update(new Uint8Array([threshold]));
-  encryptedShares.forEach((share) => hash.update(share));
-  keyServerBytes.forEach((keyServer) => hash.update(keyServer));
-  return hash.digest();
-}
-export {
-  KeyPurpose,
-  deriveKey,
-  hashToG1,
-  kdf
-};
-//# sourceMappingURL=kdf.js.map

package/dist/esm/kdf.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/kdf.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\nimport {\n\tENCRYPTED_SHARE_LENGTH,\n\tflatten,\n\tKEY_LENGTH,\n\tMAX_U8,\n\tSUI_ADDRESS_LENGTH,\n} from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nconst DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\nconst KDF_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H2-00');\nconst DERIVE_KEY_DST = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-H3-00');\n\n/**\n * Hash an id to a G1Element.\n *\n * @param id The id to hash.\n * @returns The G1Element.\n */\nexport function hashToG1(id: Uint8Array): G1Element {\n\treturn G1Element.hashToCurve(flatten([DST, id]));\n}\n\n/**\n * The default key derivation function.\n *\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\tif (!Number.isInteger(index) || index < 0 || index > MAX_U8) {\n\t\tthrow new Error(`Invalid index ${index}`);\n\t}\n\tconst objectIdBytes = fromHex(objectId);\n\tif (objectIdBytes.length !== SUI_ADDRESS_LENGTH) {\n\t\tthrow new Error(`Invalid object id ${objectId}`);\n\t}\n\tconst hash = sha3_256.create();\n\thash.update(KDF_DST);\n\thash.update(element.toBytes());\n\thash.update(nonce.toBytes());\n\thash.update(hashToG1(id).toBytes());\n\thash.update(objectIdBytes);\n\thash.update(new Uint8Array([index])); // this is safe because index < 256.\n\treturn hash.digest();\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nfunction tag(purpose: KeyPurpose): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn new Uint8Array([0]);\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn new Uint8Array([1]);\n\t\tdefault:\n\t\t\tthrow new Error(`Invalid key purpose ${purpose}`);\n\t}\n}\n\n/**\n * Derive a key from a base key and a list of encrypted shares.\n *\n * @param purpose The purpose of the key.\n * @param baseKey The base key.\n * @param encryptedShares The encrypted shares.\n * @param threshold The threshold.\n * @param keyServers The object ids of the key servers.\n * @returns The derived key.\n */\nexport function deriveKey(\n\tpurpose: KeyPurpose,\n\tbaseKey: Uint8Array,\n\tencryptedShares: Uint8Array[],\n\tthreshold: number,\n\tkeyServers: string[],\n): Uint8Array {\n\tif (!Number.isInteger(threshold) || threshold <= 0 || threshold > MAX_U8) {\n\t\tthrow new Error(`Invalid threshold ${threshold}`);\n\t}\n\n\tif (encryptedShares.length !== keyServers.length) {\n\t\tthrow new Error(\n\t\t\t`Mismatched shares ${encryptedShares.length} and key servers ${keyServers.length}`,\n\t\t);\n\t}\n\tconst keyServerBytes = keyServers.map((keyServer) => fromHex(keyServer));\n\tif (keyServerBytes.some((keyServer) => keyServer.length !== SUI_ADDRESS_LENGTH)) {\n\t\tthrow new Error(`Invalid key servers ${keyServers}`);\n\t}\n\tif (encryptedShares.some((share) => share.length !== ENCRYPTED_SHARE_LENGTH)) {\n\t\tthrow new Error(`Invalid encrypted shares ${encryptedShares}`);\n\t}\n\n\tif (baseKey.length !== KEY_LENGTH) {\n\t\tthrow new Error(`Invalid base key ${baseKey}`);\n\t}\n\n\tconst hash = sha3_256.create();\n\thash.update(DERIVE_KEY_DST);\n\thash.update(baseKey);\n\thash.update(tag(purpose));\n\thash.update(new Uint8Array([threshold]));\n\tencryptedShares.forEach((share) => hash.update(share));\n\tkeyServerBytes.forEach((keyServer) => hash.update(keyServer));\n\treturn hash.digest();\n}\n"],
-  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,gBAAgB;AAEzB,SAAS,iBAAiB;AAE1B;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAKP,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAC3E,MAAM,UAAU,IAAI,YAAY,EAAE,OAAO,6BAA6B;AACtE,MAAM,iBAAiB,IAAI,YAAY,EAAE,OAAO,6BAA6B;AAQtE,SAAS,SAAS,IAA2B;AACnD,SAAO,UAAU,YAAY,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;AAChD;AAOO,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AACb,MAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ,QAAQ;AAC5D,UAAM,IAAI,MAAM,iBAAiB,KAAK,EAAE;AAAA,EACzC;AACA,QAAM,gBAAgB,QAAQ,QAAQ;AACtC,MAAI,cAAc,WAAW,oBAAoB;AAChD,UAAM,IAAI,MAAM,qBAAqB,QAAQ,EAAE;AAAA,EAChD;AACA,QAAM,OAAO,SAAS,OAAO;AAC7B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,QAAQ,QAAQ,CAAC;AAC7B,OAAK,OAAO,MAAM,QAAQ,CAAC;AAC3B,OAAK,OAAO,SAAS,EAAE,EAAE,QAAQ,CAAC;AAClC,OAAK,OAAO,aAAa;AACzB,OAAK,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC;AACnC,SAAO,KAAK,OAAO;AACpB;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,IAAI,SAAiC;AAC7C,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B,KAAK;AACJ,aAAO,IAAI,WAAW,CAAC,CAAC,CAAC;AAAA,IAC1B;AACC,YAAM,IAAI,MAAM,uBAAuB,OAAO,EAAE;AAAA,EAClD;AACD;AAYO,SAAS,UACf,SACA,SACA,iBACA,WACA,YACa;AACb,MAAI,CAAC,OAAO,UAAU,SAAS,KAAK,aAAa,KAAK,YAAY,QAAQ;AACzE,UAAM,IAAI,MAAM,qBAAqB,SAAS,EAAE;AAAA,EACjD;AAEA,MAAI,gBAAgB,WAAW,WAAW,QAAQ;AACjD,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,oBAAoB,WAAW,MAAM;AAAA,IACjF;AAAA,EACD;AACA,QAAM,iBAAiB,WAAW,IAAI,CAAC,cAAc,QAAQ,SAAS,CAAC;AACvE,MAAI,eAAe,KAAK,CAAC,cAAc,UAAU,WAAW,kBAAkB,GAAG;AAChF,UAAM,IAAI,MAAM,uBAAuB,UAAU,EAAE;AAAA,EACpD;AACA,MAAI,gBAAgB,KAAK,CAAC,UAAU,MAAM,WAAW,sBAAsB,GAAG;AAC7E,UAAM,IAAI,MAAM,4BAA4B,eAAe,EAAE;AAAA,EAC9D;AAEA,MAAI,QAAQ,WAAW,YAAY;AAClC,UAAM,IAAI,MAAM,oBAAoB,OAAO,EAAE;AAAA,EAC9C;AAEA,QAAM,OAAO,SAAS,OAAO;AAC7B,OAAK,OAAO,cAAc;AAC1B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,IAAI,OAAO,CAAC;AACxB,OAAK,OAAO,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;AACvC,kBAAgB,QAAQ,CAAC,UAAU,KAAK,OAAO,KAAK,CAAC;AACrD,iBAAe,QAAQ,CAAC,cAAc,KAAK,OAAO,SAAS,CAAC;AAC5D,SAAO,KAAK,OAAO;AACpB;",
-  "names": ["KeyPurpose"]
-}

package/dist/esm/key-server.d.ts

@@ -1,105 +0,0 @@
-import type { KeyServerConfig, SealCompatibleClient } from './types.js';
-import type { G1Element } from './bls12381.js';
-import { Version } from './utils.js';
-import type { Certificate } from './session-key.js';
-export type ServerType = 'Independent' | 'Committee';
-export type KeyServer = {
-    objectId: string;
-    name: string;
-    url: string;
-    keyType: KeyType;
-    pk: Uint8Array<ArrayBuffer>;
-    serverType: ServerType;
-};
-export declare enum KeyType {
-    BonehFranklinBLS12381 = 0
-}
-export declare const SERVER_VERSION_REQUIREMENT: Version;
-/**
- * Given a list of key server object IDs, returns a list of SealKeyServer
- * from onchain state containing name, objectId, URL and pk.
- *
- * Supports both V1 (independent servers) and V2 (independent + committee servers).
- * For V2 committee servers, returns the aggregator URL from the config.
- *
- * @param objectIds - The key server object IDs.
- * @param client - The SuiClient to use.
- * @param configs - The key server configurations containing aggregator URLs.
- * @returns - An array of SealKeyServer.
- */
-export declare function retrieveKeyServers({ objectIds, client, configs, }: {
-    objectIds: string[];
-    client: SealCompatibleClient;
-    configs: Map<string, KeyServerConfig>;
-}): Promise<KeyServer[]>;
-/**
- * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it
- * against the pubkey. This should be used only rarely when the dapp uses a dynamic
- * set of key servers.
- *
- * @param server - The KeyServer to verify.
- * @returns - True if the key server is valid, false otherwise.
- */
-export declare function verifyKeyServer(server: KeyServer, timeout: number, apiKeyName?: string, apiKey?: string): Promise<boolean>;
-/**
- * Verify the key server version. Throws an `InvalidKeyServerError` if the version is not supported.
- *
- * @param response - The response from the key server.
- */
-export declare function verifyKeyServerVersion(response: Response): void;
-export interface DerivedKey {
-    toString(): string;
-}
-/**
- * A user secret key for the Boneh-Franklin BLS12381 scheme.
- * This is a wrapper around the G1Element type.
- */
-export declare class BonehFranklinBLS12381DerivedKey implements DerivedKey {
-    key: G1Element;
-    representation: string;
-    constructor(key: G1Element);
-    toString(): string;
-}
-/**
- * Options for fetching keys from the key server.
- */
-export interface FetchKeysOptions {
-    /** The URL of the key server. */
-    url: string;
-    /** The Base64 string of request signature. */
-    requestSignature: string;
-    /** The transaction bytes. */
-    transactionBytes: Uint8Array;
-    /** The ephemeral secret key. */
-    encKey: Uint8Array<ArrayBuffer>;
-    /** The ephemeral public key. */
-    encKeyPk: Uint8Array<ArrayBuffer>;
-    /** The ephemeral verification key. */
-    encVerificationKey: Uint8Array;
-    /** The certificate. */
-    certificate: Certificate;
-    /** Request timeout in milliseconds. */
-    timeout: number;
-    /** Optional API key name. */
-    apiKeyName?: string;
-    /** Optional API key. */
-    apiKey?: string;
-    /** Optional abort signal for cancellation. */
-    signal?: AbortSignal;
-}
-/**
- * Helper function to request all keys from URL with requestSig, txBytes, ephemeral pubkey.
- * Then decrypt the Seal key with ephemeral secret key. Returns a list decryption keys with
- * their full IDs.
- *
- * @param url - The URL of the key server.
- * @param requestSig - The Base64 string of request signature.
- * @param txBytes - The transaction bytes.
- * @param encKey - The ephemeral secret key.
- * @param certificate - The certificate.
- * @returns - A list of full ID and the decrypted key.
- */
-export declare function fetchKeysForAllIds({ url, requestSignature, transactionBytes, encKey, encKeyPk, encVerificationKey, certificate, timeout, apiKeyName, apiKey, signal, }: FetchKeysOptions): Promise<{
-    fullId: string;
-    key: Uint8Array<ArrayBuffer>;
-}[]>;