@mysten/seal 0.10.0 → 1.0.1

package/dist/esm/client.js

@@ -1,412 +0,0 @@
-var __typeError = (msg) => {
-  throw TypeError(msg);
-};
-var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
-var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
-var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
-var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
-var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
-var _suiClient, _configs, _keyServers, _verifyKeyServers, _cachedKeys, _cachedPublicKeys, _timeout, _totalWeight, _SealClient_instances, createEncryptionInput_fn, weight_fn, validateEncryptionServices_fn, getWeightedKeyServers_fn, loadKeyServers_fn;
-import { EncryptedObject } from "./bcs.js";
-import { G1Element, G2Element } from "./bls12381.js";
-import { decrypt } from "./decrypt.js";
-import { AesGcm256, Hmac256Ctr } from "./dem.js";
-import { DemType, encrypt, KemType } from "./encrypt.js";
-import {
-  InconsistentKeyServersError,
-  InvalidClientOptionsError,
-  InvalidKeyServerError,
-  InvalidPackageError,
-  InvalidThresholdError,
-  toMajorityError,
-  TooManyFailedFetchKeyRequestsError
-} from "./error.js";
-import { BonehFranklinBLS12381Services } from "./ibe.js";
-import {
-  BonehFranklinBLS12381DerivedKey,
-  retrieveKeyServers,
-  verifyKeyServer,
-  fetchKeysForAllIds
-} from "./key-server.js";
-import { createFullId, count } from "./utils.js";
-function seal({ name = "seal", ...options }) {
-  return {
-    name,
-    register: (client) => {
-      return new SealClient({
-        suiClient: client,
-        ...options
-      });
-    }
-  };
-}
-const _SealClient = class _SealClient {
-  constructor(options) {
-    __privateAdd(this, _SealClient_instances);
-    __privateAdd(this, _suiClient);
-    __privateAdd(this, _configs);
-    __privateAdd(this, _keyServers, null);
-    __privateAdd(this, _verifyKeyServers);
-    // A caching map for: fullId:object_id -> partial key.
-    __privateAdd(this, _cachedKeys, /* @__PURE__ */ new Map());
-    __privateAdd(this, _cachedPublicKeys, /* @__PURE__ */ new Map());
-    __privateAdd(this, _timeout);
-    __privateAdd(this, _totalWeight);
-    __privateSet(this, _suiClient, options.suiClient);
-    if (new Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length) {
-      throw new InvalidClientOptionsError("Duplicate object IDs");
-    }
-    if (options.serverConfigs.some((s) => s.apiKeyName && !s.apiKey || !s.apiKeyName && s.apiKey)) {
-      throw new InvalidClientOptionsError(
-        "Both apiKeyName and apiKey must be provided or not provided for all key servers"
-      );
-    }
-    __privateSet(this, _configs, new Map(options.serverConfigs.map((server) => [server.objectId, server])));
-    __privateSet(this, _totalWeight, options.serverConfigs.map((server) => server.weight).reduce((sum, term) => sum + term, 0));
-    __privateSet(this, _verifyKeyServers, options.verifyKeyServers ?? true);
-    __privateSet(this, _timeout, options.timeout ?? 1e4);
-  }
-  /** @deprecated Use `seal()` instead */
-  static asClientExtension(options) {
-    return {
-      name: "seal",
-      register: (client) => {
-        return new _SealClient({
-          suiClient: client,
-          ...options
-        });
-      }
-    };
-  }
-  /**
-   * Return an encrypted message under the identity.
-   *
-   * @param kemType - The type of KEM to use.
-   * @param demType - The type of DEM to use.
-   * @param threshold - The threshold for the TSS encryption.
-   * @param packageId - the packageId namespace.
-   * @param id - the identity to use.
-   * @param data - the data to encrypt.
-   * @param aad - optional additional authenticated data.
-   * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.
-   * 	Since the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.
-   */
-  async encrypt({
-    kemType = KemType.BonehFranklinBLS12381DemCCA,
-    demType = DemType.AesGcm256,
-    threshold,
-    packageId,
-    id,
-    data,
-    aad = new Uint8Array()
-  }) {
-    const packageObj = await __privateGet(this, _suiClient).core.getObject({ objectId: packageId });
-    if (String(packageObj.object.version) !== "1") {
-      throw new InvalidPackageError(`Package ${packageId} is not the first version`);
-    }
-    return encrypt({
-      keyServers: await __privateMethod(this, _SealClient_instances, getWeightedKeyServers_fn).call(this),
-      kemType,
-      threshold,
-      packageId,
-      id,
-      encryptionInput: __privateMethod(this, _SealClient_instances, createEncryptionInput_fn).call(this, demType, data, aad)
-    });
-  }
-  /**
-   * Decrypt the given encrypted bytes using cached keys.
-   * Calls fetchKeys in case one or more of the required keys is not cached yet.
-   * The function throws an error if the client's key servers are not a subset of
-   * the encrypted object's key servers or if the threshold cannot be met.
-   *
-   * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that
-   * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
-   * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors
-   * receive the same output (e.g., for onchain encrypted voting).
-   *
-   * @param data - The encrypted bytes to decrypt.
-   * @param sessionKey - The session key to use.
-   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
-   * @param checkShareConsistency - If true, the shares are checked for consistency.
-   * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.
-   * @returns - The decrypted plaintext corresponding to ciphertext.
-   */
-  async decrypt({
-    data,
-    sessionKey,
-    txBytes,
-    checkShareConsistency,
-    checkLEEncoding
-  }) {
-    const encryptedObject = EncryptedObject.parse(data);
-    __privateMethod(this, _SealClient_instances, validateEncryptionServices_fn).call(this, encryptedObject.services.map((s) => s[0]), encryptedObject.threshold);
-    await this.fetchKeys({
-      ids: [encryptedObject.id],
-      txBytes,
-      sessionKey,
-      threshold: encryptedObject.threshold
-    });
-    if (checkShareConsistency) {
-      const publicKeys = await this.getPublicKeys(
-        encryptedObject.services.map(([objectId, _]) => objectId)
-      );
-      return decrypt({
-        encryptedObject,
-        keys: __privateGet(this, _cachedKeys),
-        publicKeys,
-        checkLEEncoding: false
-        // We intentionally do not support other encodings here
-      });
-    }
-    return decrypt({ encryptedObject, keys: __privateGet(this, _cachedKeys), checkLEEncoding });
-  }
-  async getKeyServers() {
-    if (!__privateGet(this, _keyServers)) {
-      __privateSet(this, _keyServers, __privateMethod(this, _SealClient_instances, loadKeyServers_fn).call(this).catch((error) => {
-        __privateSet(this, _keyServers, null);
-        throw error;
-      }));
-    }
-    return __privateGet(this, _keyServers);
-  }
-  /**
-   * Get the public keys for the given services.
-   * If all public keys are not in the cache, they are retrieved.
-   *
-   * @param services - The services to get the public keys for.
-   * @returns The public keys for the given services in the same order as the given services.
-   */
-  async getPublicKeys(services) {
-    const keyServers = await this.getKeyServers();
-    const missingKeyServers = services.filter(
-      (objectId) => !keyServers.has(objectId) && !__privateGet(this, _cachedPublicKeys).has(objectId)
-    );
-    if (missingKeyServers.length > 0) {
-      (await retrieveKeyServers({
-        objectIds: missingKeyServers,
-        client: __privateGet(this, _suiClient),
-        configs: __privateGet(this, _configs)
-      })).forEach(
-        (keyServer) => __privateGet(this, _cachedPublicKeys).set(keyServer.objectId, G2Element.fromBytes(keyServer.pk))
-      );
-    }
-    return services.map((objectId) => {
-      const keyServer = keyServers.get(objectId);
-      if (keyServer) {
-        return G2Element.fromBytes(keyServer.pk);
-      }
-      return __privateGet(this, _cachedPublicKeys).get(objectId);
-    });
-  }
-  /**
-   * Fetch keys from the key servers and update the cache.
-   *
-   * It is recommended to call this function once for all ids of all encrypted objects if
-   * there are multiple, then call decrypt for each object. This avoids calling fetchKey
-   * individually for each decrypt.
-   *
-   * @param ids - The ids of the encrypted objects.
-   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
-   * @param sessionKey - The session key to use.
-   * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.
-   */
-  async fetchKeys({ ids, txBytes, sessionKey, threshold }) {
-    if (threshold > __privateGet(this, _totalWeight) || threshold < 1) {
-      throw new InvalidThresholdError(
-        `Invalid threshold ${threshold} servers with weights ${JSON.stringify(__privateGet(this, _configs))}`
-      );
-    }
-    const keyServers = await this.getKeyServers();
-    const fullIds = ids.map((id) => createFullId(sessionKey.getPackageId(), id));
-    let completedWeight = 0;
-    const remainingKeyServers = [];
-    let remainingKeyServersWeight = 0;
-    for (const objectId of keyServers.keys()) {
-      if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${objectId}`))) {
-        completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-      } else {
-        remainingKeyServers.push(objectId);
-        remainingKeyServersWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-      }
-    }
-    if (completedWeight >= threshold) {
-      return;
-    }
-    const certificate = await sessionKey.getCertificate();
-    const signedRequest = await sessionKey.createRequestParams(txBytes);
-    const controller = new AbortController();
-    const errors = [];
-    const keyFetches = remainingKeyServers.map(async (objectId) => {
-      const server = keyServers.get(objectId);
-      try {
-        const config = __privateGet(this, _configs).get(objectId);
-        const allKeys = await fetchKeysForAllIds({
-          url: server.url,
-          requestSignature: signedRequest.requestSignature,
-          transactionBytes: txBytes,
-          encKey: signedRequest.encKey,
-          encKeyPk: signedRequest.encKeyPk,
-          encVerificationKey: signedRequest.encVerificationKey,
-          certificate,
-          timeout: __privateGet(this, _timeout),
-          apiKeyName: config?.apiKeyName,
-          apiKey: config?.apiKey,
-          signal: controller.signal
-        });
-        for (const { fullId, key } of allKeys) {
-          const keyElement = G1Element.fromBytes(key);
-          if (!BonehFranklinBLS12381Services.verifyUserSecretKey(
-            keyElement,
-            fullId,
-            G2Element.fromBytes(server.pk)
-          )) {
-            console.warn("Received invalid key from key server " + server.objectId);
-            continue;
-          }
-          __privateGet(this, _cachedKeys).set(`${fullId}:${server.objectId}`, keyElement);
-        }
-        if (fullIds.every((fullId) => __privateGet(this, _cachedKeys).has(`${fullId}:${server.objectId}`))) {
-          completedWeight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-          if (completedWeight >= threshold) {
-            controller.abort();
-          }
-        }
-      } catch (error) {
-        if (!controller.signal.aborted) {
-          errors.push(error);
-        }
-      } finally {
-        remainingKeyServersWeight -= __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-        if (remainingKeyServersWeight < threshold - completedWeight) {
-          controller.abort(new TooManyFailedFetchKeyRequestsError());
-        }
-      }
-    });
-    await Promise.allSettled(keyFetches);
-    if (completedWeight < threshold) {
-      throw toMajorityError(errors);
-    }
-  }
-  /**
-   * Get derived keys from the given services.
-   *
-   * @param id - The id of the encrypted object.
-   * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).
-   * @param sessionKey - The session key to use.
-   * @param threshold - The threshold.
-   * @returns - Derived keys for the given services that are in the cache as a "service object ID" -> derived key map. If the call is succesful, exactly threshold keys will be returned.
-   */
-  async getDerivedKeys({
-    kemType = KemType.BonehFranklinBLS12381DemCCA,
-    id,
-    txBytes,
-    sessionKey,
-    threshold
-  }) {
-    switch (kemType) {
-      case KemType.BonehFranklinBLS12381DemCCA:
-        const keyServers = await this.getKeyServers();
-        if (threshold > __privateGet(this, _totalWeight)) {
-          throw new InvalidThresholdError(
-            `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
-          );
-        }
-        await this.fetchKeys({
-          ids: [id],
-          txBytes,
-          sessionKey,
-          threshold
-        });
-        const fullId = createFullId(sessionKey.getPackageId(), id);
-        const derivedKeys = /* @__PURE__ */ new Map();
-        let weight = 0;
-        for (const objectId of keyServers.keys()) {
-          const cachedKey = __privateGet(this, _cachedKeys).get(`${fullId}:${objectId}`);
-          if (cachedKey) {
-            derivedKeys.set(objectId, new BonehFranklinBLS12381DerivedKey(cachedKey));
-            weight += __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-            if (weight >= threshold) {
-              break;
-            }
-          }
-        }
-        return derivedKeys;
-    }
-  }
-};
-_suiClient = new WeakMap();
-_configs = new WeakMap();
-_keyServers = new WeakMap();
-_verifyKeyServers = new WeakMap();
-_cachedKeys = new WeakMap();
-_cachedPublicKeys = new WeakMap();
-_timeout = new WeakMap();
-_totalWeight = new WeakMap();
-_SealClient_instances = new WeakSet();
-createEncryptionInput_fn = function(type, data, aad) {
-  switch (type) {
-    case DemType.AesGcm256:
-      return new AesGcm256(data, aad);
-    case DemType.Hmac256Ctr:
-      return new Hmac256Ctr(data, aad);
-  }
-};
-weight_fn = function(objectId) {
-  return __privateGet(this, _configs).get(objectId)?.weight ?? 0;
-};
-validateEncryptionServices_fn = function(services, threshold) {
-  if (services.some((objectId) => {
-    const countInClient = __privateMethod(this, _SealClient_instances, weight_fn).call(this, objectId);
-    return countInClient > 0 && countInClient !== count(services, objectId);
-  })) {
-    throw new InconsistentKeyServersError(
-      `Client's key servers must be a subset of the encrypted object's key servers`
-    );
-  }
-  if (threshold > __privateGet(this, _totalWeight)) {
-    throw new InvalidThresholdError(
-      `Invalid threshold ${threshold} for ${__privateGet(this, _totalWeight)} servers`
-    );
-  }
-};
-getWeightedKeyServers_fn = async function() {
-  const keyServers = await this.getKeyServers();
-  const keyServersWithMultiplicity = [];
-  for (const [objectId, config] of __privateGet(this, _configs)) {
-    const keyServer = keyServers.get(objectId);
-    for (let i = 0; i < config.weight; i++) {
-      keyServersWithMultiplicity.push(keyServer);
-    }
-  }
-  return keyServersWithMultiplicity;
-};
-loadKeyServers_fn = async function() {
-  const keyServers = await retrieveKeyServers({
-    objectIds: [...__privateGet(this, _configs).keys()],
-    client: __privateGet(this, _suiClient),
-    configs: __privateGet(this, _configs)
-  });
-  if (keyServers.length === 0) {
-    throw new InvalidKeyServerError("No key servers found");
-  }
-  if (__privateGet(this, _verifyKeyServers)) {
-    await Promise.all(
-      keyServers.map(async (server) => {
-        if (server.serverType === "Committee") {
-          return;
-        }
-        const config = __privateGet(this, _configs).get(server.objectId);
-        if (!await verifyKeyServer(server, __privateGet(this, _timeout), config?.apiKeyName, config?.apiKey)) {
-          throw new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);
-        }
-      })
-    );
-  }
-  return new Map(keyServers.map((server) => [server.objectId, server]));
-};
-let SealClient = _SealClient;
-export {
-  SealClient,
-  seal
-};
-//# sourceMappingURL=client.js.map

package/dist/esm/client.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/client.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { EncryptedObject } from './bcs.js';\nimport { G1Element, G2Element } from './bls12381.js';\nimport { decrypt } from './decrypt.js';\nimport type { EncryptionInput } from './dem.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { DemType, encrypt, KemType } from './encrypt.js';\nimport {\n\tInconsistentKeyServersError,\n\tInvalidClientOptionsError,\n\tInvalidKeyServerError,\n\tInvalidPackageError,\n\tInvalidThresholdError,\n\ttoMajorityError,\n\tTooManyFailedFetchKeyRequestsError,\n} from './error.js';\nimport { BonehFranklinBLS12381Services } from './ibe.js';\nimport {\n\tBonehFranklinBLS12381DerivedKey,\n\tretrieveKeyServers,\n\tverifyKeyServer,\n\tfetchKeysForAllIds,\n} from './key-server.js';\nimport type { DerivedKey, KeyServer } from './key-server.js';\nimport type {\n\tDecryptOptions,\n\tEncryptOptions,\n\tFetchKeysOptions,\n\tGetDerivedKeysOptions,\n\tKeyCacheKey,\n\tKeyServerConfig,\n\tSealClientExtensionOptions,\n\tSealClientOptions,\n\tSealCompatibleClient,\n\tSealOptions,\n} from './types.js';\nimport { createFullId, count } from './utils.js';\n\nexport function seal<Name = 'seal'>({ name = 'seal' as Name, ...options }: SealOptions<Name>) {\n\treturn {\n\t\tname,\n\t\tregister: (client: SealCompatibleClient) => {\n\t\t\treturn new SealClient({\n\t\t\t\tsuiClient: client,\n\t\t\t\t...options,\n\t\t\t});\n\t\t},\n\t};\n}\n\nexport class SealClient {\n\t#suiClient: SealCompatibleClient;\n\t#configs: Map<string, KeyServerConfig>;\n\t#keyServers: Promise<Map<string, KeyServer>> | null = null;\n\t#verifyKeyServers: boolean;\n\t// A caching map for: fullId:object_id -> partial key.\n\t#cachedKeys = new Map<KeyCacheKey, G1Element>();\n\t#cachedPublicKeys = new Map<string, G2Element>();\n\t#timeout: number;\n\t#totalWeight: number;\n\n\tconstructor(options: SealClientOptions) {\n\t\tthis.#suiClient = options.suiClient;\n\n\t\tif (\n\t\t\tnew Set(options.serverConfigs.map((s) => s.objectId)).size !== options.serverConfigs.length\n\t\t) {\n\t\t\tthrow new InvalidClientOptionsError('Duplicate object IDs');\n\t\t}\n\n\t\tif (\n\t\t\toptions.serverConfigs.some((s) => (s.apiKeyName && !s.apiKey) || (!s.apiKeyName && s.apiKey))\n\t\t) {\n\t\t\tthrow new InvalidClientOptionsError(\n\t\t\t\t'Both apiKeyName and apiKey must be provided or not provided for all key servers',\n\t\t\t);\n\t\t}\n\n\t\tthis.#configs = new Map(options.serverConfigs.map((server) => [server.objectId, server]));\n\t\tthis.#totalWeight = options.serverConfigs\n\t\t\t.map((server) => server.weight)\n\t\t\t.reduce((sum, term) => sum + term, 0);\n\n\t\tthis.#verifyKeyServers = options.verifyKeyServers ?? true;\n\t\tthis.#timeout = options.timeout ?? 10_000;\n\t}\n\n\t/** @deprecated Use `seal()` instead */\n\tstatic asClientExtension(options: SealClientExtensionOptions) {\n\t\treturn {\n\t\t\tname: 'seal' as const,\n\t\t\tregister: (client: SealCompatibleClient) => {\n\t\t\t\treturn new SealClient({\n\t\t\t\t\tsuiClient: client,\n\t\t\t\t\t...options,\n\t\t\t\t});\n\t\t\t},\n\t\t};\n\t}\n\n\t/**\n\t * Return an encrypted message under the identity.\n\t *\n\t * @param kemType - The type of KEM to use.\n\t * @param demType - The type of DEM to use.\n\t * @param threshold - The threshold for the TSS encryption.\n\t * @param packageId - the packageId namespace.\n\t * @param id - the identity to use.\n\t * @param data - the data to encrypt.\n\t * @param aad - optional additional authenticated data.\n\t * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n\t * \tSince the symmetric key can be used to decrypt, it should not be shared but can be used e.g. for backup.\n\t */\n\tasync encrypt({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tdemType = DemType.AesGcm256,\n\t\tthreshold,\n\t\tpackageId,\n\t\tid,\n\t\tdata,\n\t\taad = new Uint8Array(),\n\t}: EncryptOptions) {\n\t\tconst packageObj = await this.#suiClient.core.getObject({ objectId: packageId });\n\t\tif (String(packageObj.object.version) !== '1') {\n\t\t\tthrow new InvalidPackageError(`Package ${packageId} is not the first version`);\n\t\t}\n\n\t\treturn encrypt({\n\t\t\tkeyServers: await this.#getWeightedKeyServers(),\n\t\t\tkemType,\n\t\t\tthreshold,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tencryptionInput: this.#createEncryptionInput(\n\t\t\t\tdemType,\n\t\t\t\tdata as Uint8Array<ArrayBuffer>,\n\t\t\t\taad as Uint8Array<ArrayBuffer>,\n\t\t\t),\n\t\t});\n\t}\n\n\t#createEncryptionInput(\n\t\ttype: DemType,\n\t\tdata: Uint8Array<ArrayBuffer>,\n\t\taad: Uint8Array<ArrayBuffer>,\n\t): EncryptionInput {\n\t\tswitch (type) {\n\t\t\tcase DemType.AesGcm256:\n\t\t\t\treturn new AesGcm256(data, aad);\n\t\t\tcase DemType.Hmac256Ctr:\n\t\t\t\treturn new Hmac256Ctr(data, aad);\n\t\t}\n\t}\n\n\t/**\n\t * Decrypt the given encrypted bytes using cached keys.\n\t * Calls fetchKeys in case one or more of the required keys is not cached yet.\n\t * The function throws an error if the client's key servers are not a subset of\n\t * the encrypted object's key servers or if the threshold cannot be met.\n\t *\n\t * If checkShareConsistency is true, the decrypted shares are checked for consistency, meaning that\n\t * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.\n\t * This is useful in case the encryptor is not trusted and the decryptor wants to ensure all decryptors\n\t * receive the same output (e.g., for onchain encrypted voting).\n\t *\n\t * @param data - The encrypted bytes to decrypt.\n\t * @param sessionKey - The session key to use.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param checkShareConsistency - If true, the shares are checked for consistency.\n\t * @param checkLEEncoding - If true, the encryption is also checked using an LE encoded nonce.\n\t * @returns - The decrypted plaintext corresponding to ciphertext.\n\t */\n\tasync decrypt({\n\t\tdata,\n\t\tsessionKey,\n\t\ttxBytes,\n\t\tcheckShareConsistency,\n\t\tcheckLEEncoding,\n\t}: DecryptOptions) {\n\t\tconst encryptedObject = EncryptedObject.parse(data);\n\n\t\tthis.#validateEncryptionServices(\n\t\t\tencryptedObject.services.map((s) => s[0]),\n\t\t\tencryptedObject.threshold,\n\t\t);\n\n\t\tawait this.fetchKeys({\n\t\t\tids: [encryptedObject.id],\n\t\t\ttxBytes,\n\t\t\tsessionKey,\n\t\t\tthreshold: encryptedObject.threshold,\n\t\t});\n\n\t\tif (checkShareConsistency) {\n\t\t\tconst publicKeys = await this.getPublicKeys(\n\t\t\t\tencryptedObject.services.map(([objectId, _]) => objectId),\n\t\t\t);\n\t\t\treturn decrypt({\n\t\t\t\tencryptedObject,\n\t\t\t\tkeys: this.#cachedKeys,\n\t\t\t\tpublicKeys,\n\t\t\t\tcheckLEEncoding: false, // We intentionally do not support other encodings here\n\t\t\t});\n\t\t}\n\t\treturn decrypt({ encryptedObject, keys: this.#cachedKeys, checkLEEncoding });\n\t}\n\n\t#weight(objectId: string) {\n\t\treturn this.#configs.get(objectId)?.weight ?? 0;\n\t}\n\n\t#validateEncryptionServices(services: string[], threshold: number) {\n\t\t// Check that the client's key servers are a subset of the encrypted object's key servers.\n\t\tif (\n\t\t\tservices.some((objectId) => {\n\t\t\t\tconst countInClient = this.#weight(objectId);\n\t\t\t\treturn countInClient > 0 && countInClient !== count(services, objectId);\n\t\t\t})\n\t\t) {\n\t\t\tthrow new InconsistentKeyServersError(\n\t\t\t\t`Client's key servers must be a subset of the encrypted object's key servers`,\n\t\t\t);\n\t\t}\n\t\t// Check that the threshold can be met with the client's key servers.\n\t\tif (threshold > this.#totalWeight) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t);\n\t\t}\n\t}\n\n\tasync getKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tif (!this.#keyServers) {\n\t\t\tthis.#keyServers = this.#loadKeyServers().catch((error) => {\n\t\t\t\tthis.#keyServers = null;\n\t\t\t\tthrow error;\n\t\t\t});\n\t\t}\n\t\treturn this.#keyServers;\n\t}\n\n\t/**\n\t * Get the public keys for the given services.\n\t * If all public keys are not in the cache, they are retrieved.\n\t *\n\t * @param services - The services to get the public keys for.\n\t * @returns The public keys for the given services in the same order as the given services.\n\t */\n\tasync getPublicKeys(services: string[]): Promise<G2Element[]> {\n\t\tconst keyServers = await this.getKeyServers();\n\n\t\t// Collect the key servers not already in store or cache.\n\t\tconst missingKeyServers = services.filter(\n\t\t\t(objectId) => !keyServers.has(objectId) && !this.#cachedPublicKeys.has(objectId),\n\t\t);\n\n\t\t// If there are missing key servers, retrieve them and update the cache.\n\t\tif (missingKeyServers.length > 0) {\n\t\t\t(\n\t\t\t\tawait retrieveKeyServers({\n\t\t\t\t\tobjectIds: missingKeyServers,\n\t\t\t\t\tclient: this.#suiClient,\n\t\t\t\t\tconfigs: this.#configs,\n\t\t\t\t})\n\t\t\t).forEach((keyServer) =>\n\t\t\t\tthis.#cachedPublicKeys.set(keyServer.objectId, G2Element.fromBytes(keyServer.pk)),\n\t\t\t);\n\t\t}\n\n\t\treturn services.map((objectId) => {\n\t\t\tconst keyServer = keyServers.get(objectId);\n\t\t\tif (keyServer) {\n\t\t\t\treturn G2Element.fromBytes(keyServer.pk);\n\t\t\t}\n\t\t\treturn this.#cachedPublicKeys.get(objectId)!;\n\t\t});\n\t}\n\n\t/**\n\t * Returns a list of key servers with multiplicity according to their weights.\n\t * The list is used for encryption.\n\t */\n\tasync #getWeightedKeyServers() {\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst keyServersWithMultiplicity = [];\n\t\tfor (const [objectId, config] of this.#configs) {\n\t\t\tconst keyServer = keyServers.get(objectId)!;\n\t\t\tfor (let i = 0; i < config.weight; i++) {\n\t\t\t\tkeyServersWithMultiplicity.push(keyServer);\n\t\t\t}\n\t\t}\n\t\treturn keyServersWithMultiplicity;\n\t}\n\n\tasync #loadKeyServers(): Promise<Map<string, KeyServer>> {\n\t\tconst keyServers = await retrieveKeyServers({\n\t\t\tobjectIds: [...this.#configs.keys()],\n\t\t\tclient: this.#suiClient,\n\t\t\tconfigs: this.#configs,\n\t\t});\n\n\t\tif (keyServers.length === 0) {\n\t\t\tthrow new InvalidKeyServerError('No key servers found');\n\t\t}\n\n\t\tif (this.#verifyKeyServers) {\n\t\t\tawait Promise.all(\n\t\t\t\tkeyServers.map(async (server) => {\n\t\t\t\t\t// Skip /service verification for committee key server type since the request goes through an aggregator.\n\t\t\t\t\tif (server.serverType === 'Committee') {\n\t\t\t\t\t\treturn;\n\t\t\t\t\t}\n\t\t\t\t\tconst config = this.#configs.get(server.objectId);\n\t\t\t\t\tif (!(await verifyKeyServer(server, this.#timeout, config?.apiKeyName, config?.apiKey))) {\n\t\t\t\t\t\tthrow new InvalidKeyServerError(`Key server ${server.objectId} is not valid`);\n\t\t\t\t\t}\n\t\t\t\t}),\n\t\t\t);\n\t\t}\n\t\treturn new Map(keyServers.map((server) => [server.objectId, server]));\n\t}\n\n\t/**\n\t * Fetch keys from the key servers and update the cache.\n\t *\n\t * It is recommended to call this function once for all ids of all encrypted objects if\n\t * there are multiple, then call decrypt for each object. This avoids calling fetchKey\n\t * individually for each decrypt.\n\t *\n\t * @param ids - The ids of the encrypted objects.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold for the TSS encryptions. The function returns when a threshold of key servers had returned keys for all ids.\n\t */\n\tasync fetchKeys({ ids, txBytes, sessionKey, threshold }: FetchKeysOptions) {\n\t\tif (threshold > this.#totalWeight || threshold < 1) {\n\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t`Invalid threshold ${threshold} servers with weights ${JSON.stringify(this.#configs)}`,\n\t\t\t);\n\t\t}\n\t\tconst keyServers = await this.getKeyServers();\n\t\tconst fullIds = ids.map((id) => createFullId(sessionKey.getPackageId(), id));\n\n\t\t// Count a server as completed if it has keys for all fullIds.\n\t\t// Duplicated key server ids will be counted towards the threshold.\n\t\tlet completedWeight = 0;\n\t\tconst remainingKeyServers = [];\n\t\tlet remainingKeyServersWeight = 0;\n\t\tfor (const objectId of keyServers.keys()) {\n\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${objectId}`))) {\n\t\t\t\tcompletedWeight += this.#weight(objectId);\n\t\t\t} else {\n\t\t\t\tremainingKeyServers.push(objectId);\n\t\t\t\tremainingKeyServersWeight += this.#weight(objectId);\n\t\t\t}\n\t\t}\n\n\t\t// Return early if we have enough keys from cache.\n\t\tif (completedWeight >= threshold) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst certificate = await sessionKey.getCertificate();\n\t\tconst signedRequest = await sessionKey.createRequestParams(txBytes);\n\n\t\tconst controller = new AbortController();\n\t\tconst errors: Error[] = [];\n\n\t\tconst keyFetches = remainingKeyServers.map(async (objectId) => {\n\t\t\tconst server = keyServers.get(objectId)!;\n\t\t\ttry {\n\t\t\t\tconst config = this.#configs.get(objectId);\n\t\t\t\tconst allKeys = await fetchKeysForAllIds({\n\t\t\t\t\turl: server.url,\n\t\t\t\t\trequestSignature: signedRequest.requestSignature,\n\t\t\t\t\ttransactionBytes: txBytes,\n\t\t\t\t\tencKey: signedRequest.encKey,\n\t\t\t\t\tencKeyPk: signedRequest.encKeyPk,\n\t\t\t\t\tencVerificationKey: signedRequest.encVerificationKey,\n\t\t\t\t\tcertificate,\n\t\t\t\t\ttimeout: this.#timeout,\n\t\t\t\t\tapiKeyName: config?.apiKeyName,\n\t\t\t\t\tapiKey: config?.apiKey,\n\t\t\t\t\tsignal: controller.signal,\n\t\t\t\t});\n\t\t\t\t// Check validity of the keys and add them to the cache.\n\t\t\t\tfor (const { fullId, key } of allKeys) {\n\t\t\t\t\tconst keyElement = G1Element.fromBytes(key);\n\t\t\t\t\tif (\n\t\t\t\t\t\t!BonehFranklinBLS12381Services.verifyUserSecretKey(\n\t\t\t\t\t\t\tkeyElement,\n\t\t\t\t\t\t\tfullId,\n\t\t\t\t\t\t\tG2Element.fromBytes(server.pk),\n\t\t\t\t\t\t)\n\t\t\t\t\t) {\n\t\t\t\t\t\tconsole.warn('Received invalid key from key server ' + server.objectId);\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tthis.#cachedKeys.set(`${fullId}:${server.objectId}`, keyElement);\n\t\t\t\t}\n\n\t\t\t\t// Check if all the receivedIds are consistent with the requested fullIds.\n\t\t\t\t// If so, consider the key server got all keys and mark as completed.\n\t\t\t\tif (fullIds.every((fullId) => this.#cachedKeys.has(`${fullId}:${server.objectId}`))) {\n\t\t\t\t\tcompletedWeight += this.#weight(objectId);\n\n\t\t\t\t\t// Return early if the completed servers is more than the threshold.\n\t\t\t\t\tif (completedWeight >= threshold) {\n\t\t\t\t\t\tcontroller.abort();\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (error) {\n\t\t\t\tif (!controller.signal.aborted) {\n\t\t\t\t\terrors.push(error as Error);\n\t\t\t\t}\n\t\t\t} finally {\n\t\t\t\t// If there are too many errors that the threshold is not attainable, return early with error.\n\t\t\t\tremainingKeyServersWeight -= this.#weight(objectId);\n\t\t\t\tif (remainingKeyServersWeight < threshold - completedWeight) {\n\t\t\t\t\tcontroller.abort(new TooManyFailedFetchKeyRequestsError());\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\n\t\tawait Promise.allSettled(keyFetches);\n\n\t\tif (completedWeight < threshold) {\n\t\t\tthrow toMajorityError(errors);\n\t\t}\n\t}\n\n\t/**\n\t * Get derived keys from the given services.\n\t *\n\t * @param id - The id of the encrypted object.\n\t * @param txBytes - The transaction bytes to use (that calls seal_approve* functions).\n\t * @param sessionKey - The session key to use.\n\t * @param threshold - The threshold.\n\t * @returns - Derived keys for the given services that are in the cache as a \"service object ID\" -> derived key map. If the call is succesful, exactly threshold keys will be returned.\n\t */\n\tasync getDerivedKeys({\n\t\tkemType = KemType.BonehFranklinBLS12381DemCCA,\n\t\tid,\n\t\ttxBytes,\n\t\tsessionKey,\n\t\tthreshold,\n\t}: GetDerivedKeysOptions): Promise<Map<string, DerivedKey>> {\n\t\tswitch (kemType) {\n\t\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\t\tconst keyServers = await this.getKeyServers();\n\t\t\t\tif (threshold > this.#totalWeight) {\n\t\t\t\t\tthrow new InvalidThresholdError(\n\t\t\t\t\t\t`Invalid threshold ${threshold} for ${this.#totalWeight} servers`,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t\tawait this.fetchKeys({\n\t\t\t\t\tids: [id],\n\t\t\t\t\ttxBytes,\n\t\t\t\t\tsessionKey,\n\t\t\t\t\tthreshold,\n\t\t\t\t});\n\n\t\t\t\t// After calling fetchKeys, we can be sure that there are at least `threshold` of the required keys in the cache.\n\t\t\t\t// It is also checked there that the KeyServerType is BonehFranklinBLS12381 for all services.\n\n\t\t\t\tconst fullId = createFullId(sessionKey.getPackageId(), id);\n\n\t\t\t\tconst derivedKeys = new Map();\n\t\t\t\tlet weight = 0;\n\t\t\t\tfor (const objectId of keyServers.keys()) {\n\t\t\t\t\t// The code below assumes that the KeyServerType is BonehFranklinBLS12381.\n\t\t\t\t\tconst cachedKey = this.#cachedKeys.get(`${fullId}:${objectId}`);\n\t\t\t\t\tif (cachedKey) {\n\t\t\t\t\t\tderivedKeys.set(objectId, new BonehFranklinBLS12381DerivedKey(cachedKey));\n\t\t\t\t\t\tweight += this.#weight(objectId);\n\t\t\t\t\t\tif (weight >= threshold) {\n\t\t\t\t\t\t\t// We have enough keys, so we can stop.\n\t\t\t\t\t\t\tbreak;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn derivedKeys;\n\t\t}\n\t}\n}\n"],
-  "mappings": ";;;;;;;;AAAA;AAGA,SAAS,uBAAuB;AAChC,SAAS,WAAW,iBAAiB;AACrC,SAAS,eAAe;AAExB,SAAS,WAAW,kBAAkB;AACtC,SAAS,SAAS,SAAS,eAAe;AAC1C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,qCAAqC;AAC9C;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAcP,SAAS,cAAc,aAAa;AAE7B,SAAS,KAAoB,EAAE,OAAO,QAAgB,GAAG,QAAQ,GAAsB;AAC7F,SAAO;AAAA,IACN;AAAA,IACA,UAAU,CAAC,WAAiC;AAC3C,aAAO,IAAI,WAAW;AAAA,QACrB,WAAW;AAAA,QACX,GAAG;AAAA,MACJ,CAAC;AAAA,IACF;AAAA,EACD;AACD;AAEO,MAAM,cAAN,MAAM,YAAW;AAAA,EAWvB,YAAY,SAA4B;AAXlC;AACN;AACA;AACA,oCAAsD;AACtD;AAEA;AAAA,oCAAc,oBAAI,IAA4B;AAC9C,0CAAoB,oBAAI,IAAuB;AAC/C;AACA;AAGC,uBAAK,YAAa,QAAQ;AAE1B,QACC,IAAI,IAAI,QAAQ,cAAc,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,SAAS,QAAQ,cAAc,QACpF;AACD,YAAM,IAAI,0BAA0B,sBAAsB;AAAA,IAC3D;AAEA,QACC,QAAQ,cAAc,KAAK,CAAC,MAAO,EAAE,cAAc,CAAC,EAAE,UAAY,CAAC,EAAE,cAAc,EAAE,MAAO,GAC3F;AACD,YAAM,IAAI;AAAA,QACT;AAAA,MACD;AAAA,IACD;AAEA,uBAAK,UAAW,IAAI,IAAI,QAAQ,cAAc,IAAI,CAAC,WAAW,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC;AACxF,uBAAK,cAAe,QAAQ,cAC1B,IAAI,CAAC,WAAW,OAAO,MAAM,EAC7B,OAAO,CAAC,KAAK,SAAS,MAAM,MAAM,CAAC;AAErC,uBAAK,mBAAoB,QAAQ,oBAAoB;AACrD,uBAAK,UAAW,QAAQ,WAAW;AAAA,EACpC;AAAA;AAAA,EAGA,OAAO,kBAAkB,SAAqC;AAC7D,WAAO;AAAA,MACN,MAAM;AAAA,MACN,UAAU,CAAC,WAAiC;AAC3C,eAAO,IAAI,YAAW;AAAA,UACrB,WAAW;AAAA,UACX,GAAG;AAAA,QACJ,CAAC;AAAA,MACF;AAAA,IACD;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,QAAQ;AAAA,IACb,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,MAAM,IAAI,WAAW;AAAA,EACtB,GAAmB;AAClB,UAAM,aAAa,MAAM,mBAAK,YAAW,KAAK,UAAU,EAAE,UAAU,UAAU,CAAC;AAC/E,QAAI,OAAO,WAAW,OAAO,OAAO,MAAM,KAAK;AAC9C,YAAM,IAAI,oBAAoB,WAAW,SAAS,2BAA2B;AAAA,IAC9E;AAEA,WAAO,QAAQ;AAAA,MACd,YAAY,MAAM,sBAAK,iDAAL;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,iBAAiB,sBAAK,iDAAL,WAChB,SACA,MACA;AAAA,IAEF,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAiCA,MAAM,QAAQ;AAAA,IACb;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAAmB;AAClB,UAAM,kBAAkB,gBAAgB,MAAM,IAAI;AAElD,0BAAK,sDAAL,WACC,gBAAgB,SAAS,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,GACxC,gBAAgB;AAGjB,UAAM,KAAK,UAAU;AAAA,MACpB,KAAK,CAAC,gBAAgB,EAAE;AAAA,MACxB;AAAA,MACA;AAAA,MACA,WAAW,gBAAgB;AAAA,IAC5B,CAAC;AAED,QAAI,uBAAuB;AAC1B,YAAM,aAAa,MAAM,KAAK;AAAA,QAC7B,gBAAgB,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ;AAAA,MACzD;AACA,aAAO,QAAQ;AAAA,QACd;AAAA,QACA,MAAM,mBAAK;AAAA,QACX;AAAA,QACA,iBAAiB;AAAA;AAAA,MAClB,CAAC;AAAA,IACF;AACA,WAAO,QAAQ,EAAE,iBAAiB,MAAM,mBAAK,cAAa,gBAAgB,CAAC;AAAA,EAC5E;AAAA,EA0BA,MAAM,gBAAiD;AACtD,QAAI,CAAC,mBAAK,cAAa;AACtB,yBAAK,aAAc,sBAAK,0CAAL,WAAuB,MAAM,CAAC,UAAU;AAC1D,2BAAK,aAAc;AACnB,cAAM;AAAA,MACP,CAAC;AAAA,IACF;AACA,WAAO,mBAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,cAAc,UAA0C;AAC7D,UAAM,aAAa,MAAM,KAAK,cAAc;AAG5C,UAAM,oBAAoB,SAAS;AAAA,MAClC,CAAC,aAAa,CAAC,WAAW,IAAI,QAAQ,KAAK,CAAC,mBAAK,mBAAkB,IAAI,QAAQ;AAAA,IAChF;AAGA,QAAI,kBAAkB,SAAS,GAAG;AACjC,OACC,MAAM,mBAAmB;AAAA,QACxB,WAAW;AAAA,QACX,QAAQ,mBAAK;AAAA,QACb,SAAS,mBAAK;AAAA,MACf,CAAC,GACA;AAAA,QAAQ,CAAC,cACV,mBAAK,mBAAkB,IAAI,UAAU,UAAU,UAAU,UAAU,UAAU,EAAE,CAAC;AAAA,MACjF;AAAA,IACD;AAEA,WAAO,SAAS,IAAI,CAAC,aAAa;AACjC,YAAM,YAAY,WAAW,IAAI,QAAQ;AACzC,UAAI,WAAW;AACd,eAAO,UAAU,UAAU,UAAU,EAAE;AAAA,MACxC;AACA,aAAO,mBAAK,mBAAkB,IAAI,QAAQ;AAAA,IAC3C,CAAC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA0DA,MAAM,UAAU,EAAE,KAAK,SAAS,YAAY,UAAU,GAAqB;AAC1E,QAAI,YAAY,mBAAK,iBAAgB,YAAY,GAAG;AACnD,YAAM,IAAI;AAAA,QACT,qBAAqB,SAAS,yBAAyB,KAAK,UAAU,mBAAK,SAAQ,CAAC;AAAA,MACrF;AAAA,IACD;AACA,UAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,UAAM,UAAU,IAAI,IAAI,CAAC,OAAO,aAAa,WAAW,aAAa,GAAG,EAAE,CAAC;AAI3E,QAAI,kBAAkB;AACtB,UAAM,sBAAsB,CAAC;AAC7B,QAAI,4BAA4B;AAChC,eAAW,YAAY,WAAW,KAAK,GAAG;AACzC,UAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE,CAAC,GAAG;AAC7E,2BAAmB,sBAAK,kCAAL,WAAa;AAAA,MACjC,OAAO;AACN,4BAAoB,KAAK,QAAQ;AACjC,qCAA6B,sBAAK,kCAAL,WAAa;AAAA,MAC3C;AAAA,IACD;AAGA,QAAI,mBAAmB,WAAW;AACjC;AAAA,IACD;AAEA,UAAM,cAAc,MAAM,WAAW,eAAe;AACpD,UAAM,gBAAgB,MAAM,WAAW,oBAAoB,OAAO;AAElE,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,SAAkB,CAAC;AAEzB,UAAM,aAAa,oBAAoB,IAAI,OAAO,aAAa;AAC9D,YAAM,SAAS,WAAW,IAAI,QAAQ;AACtC,UAAI;AACH,cAAM,SAAS,mBAAK,UAAS,IAAI,QAAQ;AACzC,cAAM,UAAU,MAAM,mBAAmB;AAAA,UACxC,KAAK,OAAO;AAAA,UACZ,kBAAkB,cAAc;AAAA,UAChC,kBAAkB;AAAA,UAClB,QAAQ,cAAc;AAAA,UACtB,UAAU,cAAc;AAAA,UACxB,oBAAoB,cAAc;AAAA,UAClC;AAAA,UACA,SAAS,mBAAK;AAAA,UACd,YAAY,QAAQ;AAAA,UACpB,QAAQ,QAAQ;AAAA,UAChB,QAAQ,WAAW;AAAA,QACpB,CAAC;AAED,mBAAW,EAAE,QAAQ,IAAI,KAAK,SAAS;AACtC,gBAAM,aAAa,UAAU,UAAU,GAAG;AAC1C,cACC,CAAC,8BAA8B;AAAA,YAC9B;AAAA,YACA;AAAA,YACA,UAAU,UAAU,OAAO,EAAE;AAAA,UAC9B,GACC;AACD,oBAAQ,KAAK,0CAA0C,OAAO,QAAQ;AACtE;AAAA,UACD;AACA,6BAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,IAAI,UAAU;AAAA,QAChE;AAIA,YAAI,QAAQ,MAAM,CAAC,WAAW,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,OAAO,QAAQ,EAAE,CAAC,GAAG;AACpF,6BAAmB,sBAAK,kCAAL,WAAa;AAGhC,cAAI,mBAAmB,WAAW;AACjC,uBAAW,MAAM;AAAA,UAClB;AAAA,QACD;AAAA,MACD,SAAS,OAAO;AACf,YAAI,CAAC,WAAW,OAAO,SAAS;AAC/B,iBAAO,KAAK,KAAc;AAAA,QAC3B;AAAA,MACD,UAAE;AAED,qCAA6B,sBAAK,kCAAL,WAAa;AAC1C,YAAI,4BAA4B,YAAY,iBAAiB;AAC5D,qBAAW,MAAM,IAAI,mCAAmC,CAAC;AAAA,QAC1D;AAAA,MACD;AAAA,IACD,CAAC;AAED,UAAM,QAAQ,WAAW,UAAU;AAEnC,QAAI,kBAAkB,WAAW;AAChC,YAAM,gBAAgB,MAAM;AAAA,IAC7B;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,eAAe;AAAA,IACpB,UAAU,QAAQ;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD,GAA4D;AAC3D,YAAQ,SAAS;AAAA,MAChB,KAAK,QAAQ;AACZ,cAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,YAAI,YAAY,mBAAK,eAAc;AAClC,gBAAM,IAAI;AAAA,YACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,UACxD;AAAA,QACD;AACA,cAAM,KAAK,UAAU;AAAA,UACpB,KAAK,CAAC,EAAE;AAAA,UACR;AAAA,UACA;AAAA,UACA;AAAA,QACD,CAAC;AAKD,cAAM,SAAS,aAAa,WAAW,aAAa,GAAG,EAAE;AAEzD,cAAM,cAAc,oBAAI,IAAI;AAC5B,YAAI,SAAS;AACb,mBAAW,YAAY,WAAW,KAAK,GAAG;AAEzC,gBAAM,YAAY,mBAAK,aAAY,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAC9D,cAAI,WAAW;AACd,wBAAY,IAAI,UAAU,IAAI,gCAAgC,SAAS,CAAC;AACxE,sBAAU,sBAAK,kCAAL,WAAa;AACvB,gBAAI,UAAU,WAAW;AAExB;AAAA,YACD;AAAA,UACD;AAAA,QACD;AACA,eAAO;AAAA,IACT;AAAA,EACD;AACD;AAjbC;AACA;AACA;AACA;AAEA;AACA;AACA;AACA;AATM;AA2FN,2BAAsB,SACrB,MACA,MACA,KACkB;AAClB,UAAQ,MAAM;AAAA,IACb,KAAK,QAAQ;AACZ,aAAO,IAAI,UAAU,MAAM,GAAG;AAAA,IAC/B,KAAK,QAAQ;AACZ,aAAO,IAAI,WAAW,MAAM,GAAG;AAAA,EACjC;AACD;AAuDA,YAAO,SAAC,UAAkB;AACzB,SAAO,mBAAK,UAAS,IAAI,QAAQ,GAAG,UAAU;AAC/C;AAEA,gCAA2B,SAAC,UAAoB,WAAmB;AAElE,MACC,SAAS,KAAK,CAAC,aAAa;AAC3B,UAAM,gBAAgB,sBAAK,kCAAL,WAAa;AACnC,WAAO,gBAAgB,KAAK,kBAAkB,MAAM,UAAU,QAAQ;AAAA,EACvE,CAAC,GACA;AACD,UAAM,IAAI;AAAA,MACT;AAAA,IACD;AAAA,EACD;AAEA,MAAI,YAAY,mBAAK,eAAc;AAClC,UAAM,IAAI;AAAA,MACT,qBAAqB,SAAS,QAAQ,mBAAK,aAAY;AAAA,IACxD;AAAA,EACD;AACD;AAqDM,2BAAsB,iBAAG;AAC9B,QAAM,aAAa,MAAM,KAAK,cAAc;AAC5C,QAAM,6BAA6B,CAAC;AACpC,aAAW,CAAC,UAAU,MAAM,KAAK,mBAAK,WAAU;AAC/C,UAAM,YAAY,WAAW,IAAI,QAAQ;AACzC,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACvC,iCAA2B,KAAK,SAAS;AAAA,IAC1C;AAAA,EACD;AACA,SAAO;AACR;AAEM,oBAAe,iBAAoC;AACxD,QAAM,aAAa,MAAM,mBAAmB;AAAA,IAC3C,WAAW,CAAC,GAAG,mBAAK,UAAS,KAAK,CAAC;AAAA,IACnC,QAAQ,mBAAK;AAAA,IACb,SAAS,mBAAK;AAAA,EACf,CAAC;AAED,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,sBAAsB,sBAAsB;AAAA,EACvD;AAEA,MAAI,mBAAK,oBAAmB;AAC3B,UAAM,QAAQ;AAAA,MACb,WAAW,IAAI,OAAO,WAAW;AAEhC,YAAI,OAAO,eAAe,aAAa;AACtC;AAAA,QACD;AACA,cAAM,SAAS,mBAAK,UAAS,IAAI,OAAO,QAAQ;AAChD,YAAI,CAAE,MAAM,gBAAgB,QAAQ,mBAAK,WAAU,QAAQ,YAAY,QAAQ,MAAM,GAAI;AACxF,gBAAM,IAAI,sBAAsB,cAAc,OAAO,QAAQ,eAAe;AAAA,QAC7E;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACA,SAAO,IAAI,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,OAAO,UAAU,MAAM,CAAC,CAAC;AACrE;AA9QM,IAAM,aAAN;",
-  "names": []
-}

package/dist/esm/decrypt.d.ts

@@ -1,22 +0,0 @@
-import type { EncryptedObject } from './bcs.js';
-import type { G1Element } from './bls12381.js';
-import { G2Element } from './bls12381.js';
-import type { KeyCacheKey } from './types.js';
-export interface DecryptOptions {
-    encryptedObject: typeof EncryptedObject.$inferType;
-    keys: Map<KeyCacheKey, G1Element>;
-    publicKeys?: G2Element[];
-    checkLEEncoding?: boolean;
-}
-/**
- * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.
- * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers
- * otherwise, this will throw an error.
- * Also, it's assumed that the keys were verified by the caller.
- *
- * If publicKeys are provided, the decrypted shares are checked for consistency, meaning that
- * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.
- *
- * @returns - The decrypted plaintext corresponding to ciphertext.
- */
-export declare function decrypt({ encryptedObject, keys, publicKeys, checkLEEncoding, }: DecryptOptions): Promise<Uint8Array>;

package/dist/esm/decrypt.js

@@ -1,94 +0,0 @@
-import { fromHex } from "@mysten/bcs";
-import { G2Element } from "./bls12381.js";
-import { AesGcm256, Hmac256Ctr } from "./dem.js";
-import { InvalidCiphertextError, UnsupportedFeatureError } from "./error.js";
-import {
-  BonehFranklinBLS12381Services,
-  decryptRandomness,
-  verifyNonce,
-  verifyNonceWithLE
-} from "./ibe.js";
-import { deriveKey, KeyPurpose } from "./kdf.js";
-import { createFullId, equals } from "./utils.js";
-import { combine, interpolate } from "./shamir.js";
-async function decrypt({
-  encryptedObject,
-  keys,
-  publicKeys,
-  checkLEEncoding
-}) {
-  if (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {
-    throw new UnsupportedFeatureError("Encryption mode not supported");
-  }
-  const fullId = createFullId(encryptedObject.packageId, encryptedObject.id);
-  const inKeystore = encryptedObject.services.map((_, i) => i).filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));
-  if (inKeystore.length < encryptedObject.threshold) {
-    throw new Error("Not enough shares. Please fetch more keys.");
-  }
-  const encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;
-  if (encryptedShares.length !== encryptedObject.services.length) {
-    throw new InvalidCiphertextError(
-      `Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`
-    );
-  }
-  const nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);
-  const shares = inKeystore.map((i) => {
-    const [objectId, index] = encryptedObject.services[i];
-    const share = BonehFranklinBLS12381Services.decrypt(
-      nonce,
-      keys.get(`${fullId}:${objectId}`),
-      encryptedShares[i],
-      fromHex(fullId),
-      [objectId, index]
-    );
-    return { index, share };
-  });
-  const baseKey = combine(shares);
-  const randomnessKey = deriveKey(
-    KeyPurpose.EncryptedRandomness,
-    baseKey,
-    encryptedShares,
-    encryptedObject.threshold,
-    encryptedObject.services.map(([objectIds, _]) => objectIds)
-  );
-  const randomness = decryptRandomness(
-    encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedRandomness,
-    randomnessKey
-  );
-  if (!(checkLEEncoding ? verifyNonceWithLE(nonce, randomness) : verifyNonce(nonce, randomness))) {
-    throw new InvalidCiphertextError("Invalid nonce");
-  }
-  const checkShareConsistency = publicKeys !== void 0;
-  if (checkShareConsistency) {
-    const polynomial = interpolate(shares);
-    const allShares = BonehFranklinBLS12381Services.decryptAllSharesUsingRandomness(
-      randomness,
-      encryptedShares,
-      encryptedObject.services,
-      publicKeys,
-      nonce,
-      fromHex(fullId)
-    );
-    if (allShares.some(({ index, share }) => !equals(polynomial(index), share))) {
-      throw new InvalidCiphertextError("Invalid shares");
-    }
-  }
-  const demKey = deriveKey(
-    KeyPurpose.DEM,
-    baseKey,
-    encryptedShares,
-    encryptedObject.threshold,
-    encryptedObject.services.map(([objectId, _]) => objectId)
-  );
-  if (encryptedObject.ciphertext.Aes256Gcm) {
-    return AesGcm256.decrypt(demKey, encryptedObject.ciphertext);
-  } else if (encryptedObject.ciphertext.Hmac256Ctr) {
-    return Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);
-  } else {
-    throw new InvalidCiphertextError("Invalid ciphertext type");
-  }
-}
-export {
-  decrypt
-};
-//# sourceMappingURL=decrypt.js.map

package/dist/esm/decrypt.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/decrypt.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport {\n\tBonehFranklinBLS12381Services,\n\tdecryptRandomness,\n\tverifyNonce,\n\tverifyNonceWithLE,\n} from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId, equals } from './utils.js';\nimport { combine, interpolate } from './shamir.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n\tpublicKeys?: G2Element[];\n\tcheckLEEncoding?: boolean;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n * Also, it's assumed that the keys were verified by the caller.\n *\n * If publicKeys are provided, the decrypted shares are checked for consistency, meaning that\n * any combination of at least threshold shares should either succesfully combine to the plaintext or fail.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({\n\tencryptedObject,\n\tkeys,\n\tpublicKeys,\n\tcheckLEEncoding,\n}: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t) as Uint8Array<ArrayBuffer>;\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key\n\tconst baseKey = combine(shares);\n\n\t// Decrypt randomness\n\tconst randomnessKey = deriveKey(\n\t\tKeyPurpose.EncryptedRandomness,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectIds, _]) => objectIds),\n\t);\n\tconst randomness = decryptRandomness(\n\t\tencryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedRandomness,\n\t\trandomnessKey,\n\t);\n\n\t// Verify that the nonce was created with the randomness.\n\tif (!(checkLEEncoding ? verifyNonceWithLE(nonce, randomness) : verifyNonce(nonce, randomness))) {\n\t\tthrow new InvalidCiphertextError('Invalid nonce');\n\t}\n\n\t// If public keys are provided, check consistency of the shares.\n\tconst checkShareConsistency = publicKeys !== undefined;\n\tif (checkShareConsistency) {\n\t\tconst polynomial = interpolate(shares);\n\t\tconst allShares = BonehFranklinBLS12381Services.decryptAllSharesUsingRandomness(\n\t\t\trandomness,\n\t\t\tencryptedShares,\n\t\t\tencryptedObject.services,\n\t\t\tpublicKeys,\n\t\t\tnonce,\n\t\t\tfromHex(fullId),\n\t\t);\n\t\tif (allShares.some(({ index, share }) => !equals(polynomial(index), share))) {\n\t\t\tthrow new InvalidCiphertextError('Invalid shares');\n\t\t}\n\t}\n\n\t// Derive the DEM key\n\tconst demKey = deriveKey(\n\t\tKeyPurpose.DEM,\n\t\tbaseKey,\n\t\tencryptedShares,\n\t\tencryptedObject.threshold,\n\t\tencryptedObject.services.map(([objectId, _]) => objectId),\n\t);\n\n\t// Decrypt the ciphertext\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t} else {\n\t\tthrow new InvalidCiphertextError('Invalid ciphertext type');\n\t}\n}\n"],
-  "mappings": "AAGA,SAAS,eAAe;AAIxB,SAAS,iBAAiB;AAC1B,SAAS,WAAW,kBAAkB;AACtC,SAAS,wBAAwB,+BAA+B;AAChE;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AACP,SAAS,WAAW,kBAAkB;AAEtC,SAAS,cAAc,cAAc;AACrC,SAAS,SAAS,mBAAmB;AAoBrC,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAAwC;AACvC,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,wBAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,SAAS,aAAa,gBAAgB,WAAW,gBAAgB,EAAE;AAGzE,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,UAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAM;AACpC,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,8BAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,MACjB,QAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AACA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,UAAU,QAAQ,MAAM;AAG9B,QAAM,gBAAgB;AAAA,IACrB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,WAAW,CAAC,MAAM,SAAS;AAAA,EAC3D;AACA,QAAM,aAAa;AAAA,IAClB,gBAAgB,gBAAgB,sBAAsB;AAAA,IACtD;AAAA,EACD;AAGA,MAAI,EAAE,kBAAkB,kBAAkB,OAAO,UAAU,IAAI,YAAY,OAAO,UAAU,IAAI;AAC/F,UAAM,IAAI,uBAAuB,eAAe;AAAA,EACjD;AAGA,QAAM,wBAAwB,eAAe;AAC7C,MAAI,uBAAuB;AAC1B,UAAM,aAAa,YAAY,MAAM;AACrC,UAAM,YAAY,8BAA8B;AAAA,MAC/C;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB;AAAA,MACA;AAAA,MACA,QAAQ,MAAM;AAAA,IACf;AACA,QAAI,UAAU,KAAK,CAAC,EAAE,OAAO,MAAM,MAAM,CAAC,OAAO,WAAW,KAAK,GAAG,KAAK,CAAC,GAAG;AAC5E,YAAM,IAAI,uBAAuB,gBAAgB;AAAA,IAClD;AAAA,EACD;AAGA,QAAM,SAAS;AAAA,IACd,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,IAChB,gBAAgB,SAAS,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,QAAQ;AAAA,EACzD;AAGA,MAAI,gBAAgB,WAAW,WAAW;AACzC,WAAO,UAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC5D,WAAW,gBAAgB,WAAW,YAAY;AACjD,WAAO,WAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,EAC7D,OAAO;AACN,UAAM,IAAI,uBAAuB,yBAAyB;AAAA,EAC3D;AACD;",
-  "names": []
-}

package/dist/esm/dem.d.ts

@@ -1,38 +0,0 @@
-import type { Ciphertext } from './bcs.js';
-export declare const iv: Uint8Array<ArrayBuffer>;
-/**
- * An interface for supported DEMs.
- */
-export interface EncryptionInput {
-    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
-    generateKey(): Promise<Uint8Array<ArrayBuffer>>;
-}
-/**
- * AES-GCM encryption.
- */
-export declare class AesGcm256 implements EncryptionInput {
-    readonly plaintext: Uint8Array<ArrayBuffer>;
-    readonly aad: Uint8Array<ArrayBuffer>;
-    constructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>);
-    generateKey(): Promise<Uint8Array<ArrayBuffer>>;
-    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
-    static decrypt(key: Uint8Array, ciphertext: typeof Ciphertext.$inferInput): Promise<Uint8Array>;
-}
-/**
- * Authenticated encryption using CTR mode with HMAC-SHA3-256 as a PRF.
- * 1. Derive an encryption key, <i>k<sub>1</sub> = <b>hmac</b>(key, 1)</i>.
- * 2. Chunk the message into blocks of 32 bytes, <i>m = m<sub>1</sub> || ... || m<sub>n</sub></i>.
- * 3. Let the ciphertext be defined by <i>c = c<sub>1</sub> || ... || c<sub>n</sub></i> where <i>c<sub>i</sub> = m<sub>i</sub> ⊕ <b>hmac</b>(k<sub>1</sub>, i)</i>.
- * 4. Compute a MAC over the AAD and the ciphertext, <i>mac = <b>hmac</b>(k<sub>2</sub>, aad || c) where k<sub>2</sub> = <b>hmac</b>(key, 2)</i>.
- * 5. Return <i>mac || aad || c</i>.
- */
-export declare class Hmac256Ctr implements EncryptionInput {
-    readonly plaintext: Uint8Array<ArrayBuffer>;
-    readonly aad: Uint8Array<ArrayBuffer>;
-    constructor(msg: Uint8Array<ArrayBuffer>, aad: Uint8Array<ArrayBuffer>);
-    generateKey(): Promise<Uint8Array<ArrayBuffer>>;
-    encrypt(key: Uint8Array): Promise<typeof Ciphertext.$inferInput>;
-    static decrypt(key: Uint8Array, ciphertext: typeof Ciphertext.$inferInput): Promise<Uint8Array>;
-    private static computeMac;
-    private static encryptInCtrMode;
-}