@mysten/seal 0.2.0 → 0.3.1

package/dist/esm/error.js

@@ -0,0 +1,155 @@
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var _SealAPIError_static, generate_fn;
+class SealError extends Error {
+}
+class UserError extends SealError {
+}
+const _SealAPIError = class _SealAPIError extends SealError {
+  constructor(message, requestId, status) {
+    super(message);
+    this.requestId = requestId;
+    this.status = status;
+  }
+  static async assertResponse(response, requestId) {
+    var _a;
+    if (response.ok) {
+      return;
+    }
+    let errorInstance;
+    try {
+      const text = await response.text();
+      const error = JSON.parse(text)["error"];
+      errorInstance = __privateMethod(_a = _SealAPIError, _SealAPIError_static, generate_fn).call(_a, error, requestId);
+    } catch (e) {
+      errorInstance = new GeneralError(response.statusText, requestId, response.status);
+    }
+    throw errorInstance;
+  }
+};
+_SealAPIError_static = new WeakSet();
+generate_fn = function(message, requestId, status) {
+  switch (message) {
+    case "InvalidPTB":
+      return new InvalidPTBError(requestId);
+    case "InvalidPackage":
+      return new InvalidPackageError(requestId);
+    case "NoAccess":
+      return new NoAccessError(requestId);
+    case "InvalidCertificate":
+      return new ExpiredSessionKeyError(requestId);
+    case "OldPackageVersion":
+      return new OldPackageError(requestId);
+    case "InvalidSignature":
+      return new InvalidUserSignatureError(requestId);
+    case "InvalidSessionSignature":
+      return new InvalidSessionKeySignatureError(requestId);
+    case "Failure":
+      return new InternalError(requestId);
+    default:
+      return new GeneralError(message, requestId, status);
+  }
+};
+__privateAdd(_SealAPIError, _SealAPIError_static);
+let SealAPIError = _SealAPIError;
+class InvalidPTBError extends SealAPIError {
+  constructor(requestId) {
+    super("PTB does not conform to the expected format", requestId);
+  }
+}
+class InvalidPackageError extends SealAPIError {
+  constructor(requestId) {
+    super("Package ID used in PTB is invalid", requestId);
+  }
+}
+class OldPackageError extends SealAPIError {
+  constructor(requestId) {
+    super("PTB must call the latest version of the package", requestId);
+  }
+}
+class InvalidUserSignatureError extends SealAPIError {
+  constructor(requestId) {
+    super("User signature on the session key is invalid", requestId);
+  }
+}
+class InvalidSessionKeySignatureError extends SealAPIError {
+  constructor(requestId) {
+    super("Session key signature is invalid", requestId);
+  }
+}
+class NoAccessError extends SealAPIError {
+  constructor(requestId) {
+    super("User does not have access to one or more of the requested keys", requestId);
+  }
+}
+class ExpiredSessionKeyError extends SealAPIError {
+  constructor(requestId) {
+    super("Session key has expired", requestId);
+  }
+}
+class InternalError extends SealAPIError {
+  constructor(requestId) {
+    super("Internal server error, caller should retry", requestId);
+  }
+}
+class GeneralError extends SealAPIError {
+}
+class InvalidPersonalMessageSignatureError extends UserError {
+}
+class InvalidGetObjectError extends UserError {
+}
+class UnsupportedFeatureError extends UserError {
+}
+class UnsupportedNetworkError extends UserError {
+}
+class InvalidKeyServerError extends UserError {
+}
+class InvalidCiphertextError extends UserError {
+}
+class InvalidThresholdError extends UserError {
+}
+class InconsistentKeyServersError extends UserError {
+}
+function toMajorityError(errors) {
+  let maxCount = 0;
+  let majorityError = errors[0];
+  const counts = /* @__PURE__ */ new Map();
+  for (const error of errors) {
+    const errorName = error.constructor.name;
+    const newCount = (counts.get(errorName) || 0) + 1;
+    counts.set(errorName, newCount);
+    if (newCount > maxCount) {
+      maxCount = newCount;
+      majorityError = error;
+    }
+  }
+  return majorityError;
+}
+export {
+  ExpiredSessionKeyError,
+  GeneralError,
+  InconsistentKeyServersError,
+  InternalError,
+  InvalidCiphertextError,
+  InvalidGetObjectError,
+  InvalidKeyServerError,
+  InvalidPTBError,
+  InvalidPackageError,
+  InvalidPersonalMessageSignatureError,
+  InvalidSessionKeySignatureError,
+  InvalidThresholdError,
+  InvalidUserSignatureError,
+  NoAccessError,
+  OldPackageError,
+  SealAPIError,
+  SealError,
+  UnsupportedFeatureError,
+  UnsupportedNetworkError,
+  UserError,
+  toMajorityError
+};
+//# sourceMappingURL=error.js.map

package/dist/esm/error.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/error.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport class SealError extends Error {}\n\nexport class UserError extends SealError {}\n\n// Errors returned by the Seal server\nexport class SealAPIError extends SealError {\n\tconstructor(\n\t\tmessage: string,\n\t\tpublic requestId?: string,\n\t\tpublic status?: number,\n\t) {\n\t\tsuper(message);\n\t}\n\n\tstatic #generate(message: string, requestId: string, status?: number) {\n\t\tswitch (message) {\n\t\t\tcase 'InvalidPTB':\n\t\t\t\treturn new InvalidPTBError(requestId);\n\t\t\tcase 'InvalidPackage':\n\t\t\t\treturn new InvalidPackageError(requestId);\n\t\t\tcase 'NoAccess':\n\t\t\t\treturn new NoAccessError(requestId);\n\t\t\tcase 'InvalidCertificate':\n\t\t\t\treturn new ExpiredSessionKeyError(requestId);\n\t\t\tcase 'OldPackageVersion':\n\t\t\t\treturn new OldPackageError(requestId);\n\t\t\tcase 'InvalidSignature':\n\t\t\t\treturn new InvalidUserSignatureError(requestId);\n\t\t\tcase 'InvalidSessionSignature':\n\t\t\t\treturn new InvalidSessionKeySignatureError(requestId);\n\t\t\tcase 'Failure':\n\t\t\t\treturn new InternalError(requestId);\n\t\t\tdefault:\n\t\t\t\treturn new GeneralError(message, requestId, status);\n\t\t}\n\t}\n\n\tstatic async assertResponse(response: Response, requestId: string) {\n\t\tif (response.ok) {\n\t\t\treturn;\n\t\t}\n\t\tlet errorInstance: SealAPIError;\n\t\ttry {\n\t\t\tconst text = await response.text();\n\t\t\tconst error = JSON.parse(text)['error'];\n\t\t\terrorInstance = SealAPIError.#generate(error, requestId);\n\t\t} catch (e) {\n\t\t\t// If we can't parse the response as JSON or if it doesn't have the expected format,\n\t\t\t// fall back to using the status text\n\t\t\terrorInstance = new GeneralError(response.statusText, requestId, response.status);\n\t\t}\n\t\tthrow errorInstance;\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the PTB is invalid\n\nexport class InvalidPTBError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB does not conform to the expected format', requestId);\n\t}\n}\n\nexport class InvalidPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Package ID used in PTB is invalid', requestId);\n\t}\n}\n\nexport class OldPackageError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('PTB must call the latest version of the package', requestId);\n\t}\n}\n\n// Errors returned by the Seal server that indicate that the user's signature is invalid\n\nexport class InvalidUserSignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User signature on the session key is invalid', requestId);\n\t}\n}\n\nexport class InvalidSessionKeySignatureError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key signature is invalid', requestId);\n\t}\n}\n\n/** Server error indicating that the user does not have access to one or more of the requested keys */\nexport class NoAccessError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('User does not have access to one or more of the requested keys', requestId);\n\t}\n}\n\n/** Server error indicating that the session key has expired */\nexport class ExpiredSessionKeyError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Session key has expired', requestId);\n\t}\n}\n\n/** Internal server error, caller should retry */\nexport class InternalError extends SealAPIError {\n\tconstructor(requestId?: string) {\n\t\tsuper('Internal server error, caller should retry', requestId);\n\t}\n}\n\n/** General server errors that are not specific to the Seal API (e.g., 404 \"Not Found\") */\nexport class GeneralError extends SealAPIError {}\n\n// Errors returned by the SDK\nexport class InvalidPersonalMessageSignatureError extends UserError {}\nexport class InvalidGetObjectError extends UserError {}\nexport class UnsupportedFeatureError extends UserError {}\nexport class UnsupportedNetworkError extends UserError {}\nexport class InvalidKeyServerError extends UserError {}\nexport class InvalidCiphertextError extends UserError {}\nexport class InvalidThresholdError extends UserError {}\nexport class InconsistentKeyServersError extends UserError {}\n\nexport function toMajorityError(errors: Error[]): Error {\n\tlet maxCount = 0;\n\tlet majorityError = errors[0];\n\tconst counts = new Map<string, number>();\n\tfor (const error of errors) {\n\t\tconst errorName = error.constructor.name;\n\t\tconst newCount = (counts.get(errorName) || 0) + 1;\n\t\tcounts.set(errorName, newCount);\n\n\t\tif (newCount > maxCount) {\n\t\t\tmaxCount = newCount;\n\t\t\tmajorityError = error;\n\t\t}\n\t}\n\n\treturn majorityError;\n}\n"],
+  "mappings": ";;;;;;AAAA;AAGO,MAAM,kBAAkB,MAAM;AAAC;AAE/B,MAAM,kBAAkB,UAAU;AAAC;AAGnC,MAAM,gBAAN,MAAM,sBAAqB,UAAU;AAAA,EAC3C,YACC,SACO,WACA,QACN;AACD,UAAM,OAAO;AAHN;AACA;AAAA,EAGR;AAAA,EAyBA,aAAa,eAAe,UAAoB,WAAmB;AAxCpE;AAyCE,QAAI,SAAS,IAAI;AAChB;AAAA,IACD;AACA,QAAI;AACJ,QAAI;AACH,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO;AACtC,sBAAgB,oCAAa,mCAAb,SAAuB,OAAO;AAAA,IAC/C,SAAS,GAAG;AAGX,sBAAgB,IAAI,aAAa,SAAS,YAAY,WAAW,SAAS,MAAM;AAAA,IACjF;AACA,UAAM;AAAA,EACP;AACD;AAhDO;AASC,cAAS,SAAC,SAAiB,WAAmB,QAAiB;AACrE,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,oBAAoB,SAAS;AAAA,IACzC,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC,KAAK;AACJ,aAAO,IAAI,uBAAuB,SAAS;AAAA,IAC5C,KAAK;AACJ,aAAO,IAAI,gBAAgB,SAAS;AAAA,IACrC,KAAK;AACJ,aAAO,IAAI,0BAA0B,SAAS;AAAA,IAC/C,KAAK;AACJ,aAAO,IAAI,gCAAgC,SAAS;AAAA,IACrD,KAAK;AACJ,aAAO,IAAI,cAAc,SAAS;AAAA,IACnC;AACC,aAAO,IAAI,aAAa,SAAS,WAAW,MAAM;AAAA,EACpD;AACD;AA9BM,aAAM,eAAN;AAAA,IAAM,eAAN;AAoDA,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,+CAA+C,SAAS;AAAA,EAC/D;AACD;AAEO,MAAM,4BAA4B,aAAa;AAAA,EACrD,YAAY,WAAoB;AAC/B,UAAM,qCAAqC,SAAS;AAAA,EACrD;AACD;AAEO,MAAM,wBAAwB,aAAa;AAAA,EACjD,YAAY,WAAoB;AAC/B,UAAM,mDAAmD,SAAS;AAAA,EACnE;AACD;AAIO,MAAM,kCAAkC,aAAa;AAAA,EAC3D,YAAY,WAAoB;AAC/B,UAAM,gDAAgD,SAAS;AAAA,EAChE;AACD;AAEO,MAAM,wCAAwC,aAAa;AAAA,EACjE,YAAY,WAAoB;AAC/B,UAAM,oCAAoC,SAAS;AAAA,EACpD;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,kEAAkE,SAAS;AAAA,EAClF;AACD;AAGO,MAAM,+BAA+B,aAAa;AAAA,EACxD,YAAY,WAAoB;AAC/B,UAAM,2BAA2B,SAAS;AAAA,EAC3C;AACD;AAGO,MAAM,sBAAsB,aAAa;AAAA,EAC/C,YAAY,WAAoB;AAC/B,UAAM,8CAA8C,SAAS;AAAA,EAC9D;AACD;AAGO,MAAM,qBAAqB,aAAa;AAAC;AAGzC,MAAM,6CAA6C,UAAU;AAAC;AAC9D,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,gCAAgC,UAAU;AAAC;AACjD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,+BAA+B,UAAU;AAAC;AAChD,MAAM,8BAA8B,UAAU;AAAC;AAC/C,MAAM,oCAAoC,UAAU;AAAC;AAErD,SAAS,gBAAgB,QAAwB;AACvD,MAAI,WAAW;AACf,MAAI,gBAAgB,OAAO,CAAC;AAC5B,QAAM,SAAS,oBAAI,IAAoB;AACvC,aAAW,SAAS,QAAQ;AAC3B,UAAM,YAAY,MAAM,YAAY;AACpC,UAAM,YAAY,OAAO,IAAI,SAAS,KAAK,KAAK;AAChD,WAAO,IAAI,WAAW,QAAQ;AAE9B,QAAI,WAAW,UAAU;AACxB,iBAAW;AACX,sBAAgB;AAAA,IACjB;AAAA,EACD;AAEA,SAAO;AACR;",
+  "names": []
+}

package/dist/esm/ibe.d.ts

@@ -1,6 +1,6 @@
+import type { IBEEncryptions } from './bcs.js';
 import { G1Element, G2Element } from './bls12381.js';
 import type { KeyServer } from './key-server.js';
-import type { IBEEncryptionsType } from './types.js';
 /**
  * The domain separation tag for the hash-to-group function.
  */
@@ -13,12 +13,8 @@ export declare const DST_POP: Uint8Array;
  * The interface for the key servers.
  */
 export declare abstract class IBEServers {
-    protected readonly object_ids: Uint8Array[];
-    protected constructor(object_ids: Uint8Array[]);
-    /**
-     * The object IDs of the key servers.
-     */
-    getObjectIds(): Uint8Array[];
+    objectIds: string[];
+    constructor(objectIds: string[]);
     /**
      * The number of key servers.
      */
@@ -27,25 +23,25 @@ export declare abstract class IBEServers {
      * Encrypt a batch of messages for the given identity.
      *
      * @param id The identity.
-     * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.
+     * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.
      * @returns The encrypted messages.
      */
-    abstract encryptBatched(id: Uint8Array, msg_and_infos: {
+    abstract encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
-    }[]): IBEEncryptionsType;
+        index: number;
+    }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
 }
 /**
  * Identity-based encryption based on the Boneh-Franklin IBE scheme.
  * This object represents a set of key servers that can be used to encrypt messages for a given identity.
  */
 export declare class BonehFranklinBLS12381Services extends IBEServers {
-    readonly public_keys: G2Element[];
+    readonly publicKeys: G2Element[];
     constructor(services: KeyServer[]);
-    encryptBatched(id: Uint8Array, msg_and_infos: {
+    encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
-    }[]): IBEEncryptionsType;
+        index: number;
+    }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
     /**
      * Returns true if the user secret key is valid for the given public key and id.
      * @param user_secret_key - The user secret key.
@@ -53,7 +49,7 @@ export declare class BonehFranklinBLS12381Services extends IBEServers {
      * @param public_key - The public key.
      * @returns True if the user secret key is valid for the given public key and id.
      */
-    static verifyUserSecretKey(user_secret_key: G1Element, id: Uint8Array, public_key: G2Element): boolean;
+    static verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean;
     /**
      * Identity-based decryption.
      *
@@ -63,5 +59,5 @@ export declare class BonehFranklinBLS12381Services extends IBEServers {
      * @param info An info parameter also included in the KDF.
      * @returns The decrypted message.
      */
-    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, info: Uint8Array): Uint8Array;
+    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, id: Uint8Array, [objectId, index]: [string, number]): Uint8Array;
 }

package/dist/esm/ibe.js

@@ -1,42 +1,39 @@
+import { fromHex } from "@mysten/bcs";
 import { G1Element, G2Element, Scalar } from "./bls12381.js";
 import { kdf } from "./kdf.js";
 import { xor } from "./utils.js";
 const DST = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00");
-const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-00-POP");
+const DST_POP = new TextEncoder().encode("SUI-SEAL-IBE-BLS12381-POP-00");
 class IBEServers {
-  constructor(object_ids) {
-    this.object_ids = object_ids;
-  }
-  /**
-   * The object IDs of the key servers.
-   */
-  getObjectIds() {
-    return this.object_ids;
+  constructor(objectIds) {
+    this.objectIds = objectIds;
   }
   /**
    * The number of key servers.
    */
   size() {
-    return this.object_ids.length;
+    return this.objectIds.length;
   }
 }
 class BonehFranklinBLS12381Services extends IBEServers {
   constructor(services) {
     super(services.map((service) => service.objectId));
-    this.public_keys = services.map((service) => G2Element.fromBytes(service.pk));
+    this.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));
   }
-  encryptBatched(id, msg_and_infos) {
-    if (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {
-      throw new Error("Invalid input");
+  encryptBatched(id, msgAndIndices, randomnessKey) {
+    if (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {
+      throw new Error("Invalid public keys");
     }
-    const [nonce, keys] = encapBatched(this.public_keys, id);
-    const encrypted_msgs = msg_and_infos.map(
-      (msg_and_info, i) => xor(msg_and_info.msg, kdf(keys[i], msg_and_info.info))
+    const [r, nonce, keys] = encapBatched(this.publicKeys, id);
+    const encryptedShares = msgAndIndices.map(
+      (msgAndIndex, i) => xor(msgAndIndex.msg, kdf(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index))
     );
+    const encryptedRandomness = xor(randomnessKey, r.toBytes());
     return {
       BonehFranklinBLS12381: {
-        encapsulation: nonce.toBytes(),
-        shares: encrypted_msgs
+        nonce: nonce.toBytes(),
+        encryptedShares,
+        encryptedRandomness
       },
       $kind: "BonehFranklinBLS12381"
     };
@@ -48,9 +45,9 @@ class BonehFranklinBLS12381Services extends IBEServers {
    * @param public_key - The public key.
    * @returns True if the user secret key is valid for the given public key and id.
    */
-  static verifyUserSecretKey(user_secret_key, id, public_key) {
-    const lhs = user_secret_key.pairing(G2Element.generator()).toBytes();
-    const rhs = G1Element.hashToCurve(id).pairing(public_key).toBytes();
+  static verifyUserSecretKey(userSecretKey, id, publicKey) {
+    const lhs = userSecretKey.pairing(G2Element.generator()).toBytes();
+    const rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();
     return lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);
   }
   /**
@@ -62,18 +59,18 @@ class BonehFranklinBLS12381Services extends IBEServers {
    * @param info An info parameter also included in the KDF.
    * @returns The decrypted message.
    */
-  static decrypt(nonce, sk, ciphertext, info) {
-    return xor(ciphertext, kdf(decap(nonce, sk), info));
+  static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
+    return xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));
   }
 }
-function encapBatched(public_keys, id) {
-  if (public_keys.length === 0) {
-    throw new Error("Invalid input");
+function encapBatched(publicKeys, id) {
+  if (publicKeys.length === 0) {
+    throw new Error("No public keys provided");
   }
   const r = Scalar.random();
   const nonce = G2Element.generator().multiply(r);
   const gid = G1Element.hashToCurve(id).multiply(r);
-  return [nonce, public_keys.map((public_key) => gid.pairing(public_key))];
+  return [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];
 }
 function decap(nonce, usk) {
   return usk.pairing(nonce);

package/dist/esm/ibe.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/ibe.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport type { IBEEncryptionsType } from './types.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00-POP');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tprotected readonly object_ids: Uint8Array[];\n\n\tprotected constructor(object_ids: Uint8Array[]) {\n\t\tthis.object_ids = object_ids;\n\t}\n\n\t/**\n\t * The object IDs of the key servers.\n\t */\n\tgetObjectIds(): Uint8Array[] {\n\t\treturn this.object_ids;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.object_ids.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msg_and_infos The messages and an additional info parameter which will be included in the KDF.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly public_keys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.public_keys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsg_and_infos: { msg: Uint8Array; info: Uint8Array }[],\n\t): IBEEncryptionsType {\n\t\tif (this.public_keys.length === 0 || this.public_keys.length !== msg_and_infos.length) {\n\t\t\tthrow new Error('Invalid input');\n\t\t}\n\t\tconst [nonce, keys] = encapBatched(this.public_keys, id);\n\t\tconst encrypted_msgs = msg_and_infos.map((msg_and_info, i) =>\n\t\t\txor(msg_and_info.msg, kdf(keys[i], msg_and_info.info)),\n\t\t);\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tencapsulation: nonce.toBytes(),\n\t\t\t\tshares: encrypted_msgs,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(\n\t\tuser_secret_key: G1Element,\n\t\tid: Uint8Array,\n\t\tpublic_key: G2Element,\n\t): boolean {\n\t\tconst lhs = user_secret_key.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(id).pairing(public_key).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tinfo: Uint8Array,\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), info));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param public_keys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(public_keys: G2Element[], id: Uint8Array): [G2Element, GTElement[]] {\n\tif (public_keys.length === 0) {\n\t\tthrow new Error('Invalid input');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [nonce, public_keys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
-  "mappings": "AAIA,SAAS,WAAW,WAAW,cAAc;AAC7C,SAAS,WAAW;AAGpB,SAAS,WAAW;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGtB,YAAY,YAA0B;AAC/C,SAAK,aAAa;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,eAA6B;AAC5B,WAAO,KAAK;AAAA,EACb;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,WAAW;AAAA,EACxB;AAaD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,cAAc,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC7E;AAAA,EAEA,eACC,IACA,eACqB;AACrB,QAAI,KAAK,YAAY,WAAW,KAAK,KAAK,YAAY,WAAW,cAAc,QAAQ;AACtF,YAAM,IAAI,MAAM,eAAe;AAAA,IAChC;AACA,UAAM,CAAC,OAAO,IAAI,IAAI,aAAa,KAAK,aAAa,EAAE;AACvD,UAAM,iBAAiB,cAAc;AAAA,MAAI,CAAC,cAAc,MACvD,IAAI,aAAa,KAAK,IAAI,KAAK,CAAC,GAAG,aAAa,IAAI,CAAC;AAAA,IACtD;AAEA,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,eAAe,MAAM,QAAQ;AAAA,QAC7B,QAAQ;AAAA,MACT;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBACN,iBACA,IACA,YACU;AACV,UAAM,MAAM,gBAAgB,QAAQ,UAAU,UAAU,CAAC,EAAE,QAAQ;AACnE,UAAM,MAAM,UAAU,YAAY,EAAE,EAAE,QAAQ,UAAU,EAAE,QAAQ;AAClE,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,MACa;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,IAAI,CAAC;AAAA,EACnD;AACD;AASA,SAAS,aAAa,aAA0B,IAA0C;AACzF,MAAI,YAAY,WAAW,GAAG;AAC7B,UAAM,IAAI,MAAM,eAAe;AAAA,EAChC;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,UAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,OAAO,YAAY,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AACxE;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.objectIds.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = msgAndIndices.map((msgAndIndex, i) =>\n\t\t\txor(msgAndIndex.msg, kdf(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index)),\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AAIxB,SAAS,WAAW,WAAW,cAAc;AAC7C,SAAS,WAAW;AAEpB,SAAS,WAAW;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,UAAU;AAAA,EACvB;AAcD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,eACA,eACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,cAAc,QAAQ;AACpF,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,cAAc;AAAA,MAAI,CAAC,aAAa,MACvD,IAAI,YAAY,KAAK,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,YAAY,KAAK,CAAC;AAAA,IACnF;AACA,UAAM,sBAAsB,IAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,UAAU,UAAU,CAAC,EAAE,QAAQ;AACjE,UAAM,MAAM,UAAU,YAAY,QAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAC1E,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,UAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC1E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
   "names": []
 }

package/dist/esm/index.d.ts

@@ -1,6 +1,4 @@
-export { AesGcm256 } from './aes.js';
-export { encrypt } from './encrypt.js';
-export { getAllowlistedKeyServers, retrieveKeyServers, verifyKeyServer, type KeyServer, } from './key-server.js';
-export { KeyStore } from './key-store.js';
+export { getAllowlistedKeyServers } from './key-server.js';
+export { SealClient, type SealClientOptions } from './client.js';
 export { SessionKey } from './session-key.js';
-export { EncryptedObject } from './types.js';
+export * from './error.js';

package/dist/esm/index.js

@@ -1,21 +1,10 @@
-import { AesGcm256 } from "./aes.js";
-import { encrypt } from "./encrypt.js";
-import {
-  getAllowlistedKeyServers,
-  retrieveKeyServers,
-  verifyKeyServer
-} from "./key-server.js";
-import { KeyStore } from "./key-store.js";
+import { getAllowlistedKeyServers } from "./key-server.js";
+import { SealClient } from "./client.js";
 import { SessionKey } from "./session-key.js";
-import { EncryptedObject } from "./types.js";
+export * from "./error.js";
 export {
-  AesGcm256,
-  EncryptedObject,
-  KeyStore,
+  SealClient,
   SessionKey,
-  encrypt,
-  getAllowlistedKeyServers,
-  retrieveKeyServers,
-  verifyKeyServer
+  getAllowlistedKeyServers
 };
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { AesGcm256 } from './aes.js';\nexport { encrypt } from './encrypt.js';\nexport {\n\tgetAllowlistedKeyServers,\n\tretrieveKeyServers,\n\tverifyKeyServer,\n\ttype KeyServer,\n} from './key-server.js';\nexport { KeyStore } from './key-store.js';\nexport { SessionKey } from './session-key.js';\nexport { EncryptedObject } from './types.js';\n"],
-  "mappings": "AAGA,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AACxB;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,OAEM;AACP,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAC3B,SAAS,uBAAuB;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getAllowlistedKeyServers } from './key-server.js';\nexport { SealClient, type SealClientOptions } from './client.js';\nexport { SessionKey } from './session-key.js';\nexport * from './error.js';\n"],
+  "mappings": "AAGA,SAAS,gCAAgC;AACzC,SAAS,kBAA0C;AACnD,SAAS,kBAAkB;AAC3B,cAAc;",
   "names": []
 }

package/dist/esm/kdf.d.ts

@@ -1,4 +1,4 @@
-import type { GTElement } from './bls12381.js';
+import type { G2Element, GTElement } from './bls12381.js';
 /**
  * The default key derivation function.
  *
@@ -6,4 +6,9 @@ import type { GTElement } from './bls12381.js';
  * @param info Optional context and application specific information.
  * @returns The derived key.
  */
-export declare function kdf(element: GTElement, info: Uint8Array): Uint8Array;
+export declare function kdf(element: GTElement, nonce: G2Element, id: Uint8Array, objectId: string, index: number): Uint8Array;
+export declare enum KeyPurpose {
+    EncryptedRandomness = 0,
+    DEM = 1
+}
+export declare function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array): Uint8Array;

package/dist/esm/kdf.js

@@ -1,9 +1,44 @@
+import { fromHex } from "@mysten/bcs";
 import { hkdf } from "@noble/hashes/hkdf";
+import { hmac } from "@noble/hashes/hmac";
 import { sha3_256 } from "@noble/hashes/sha3";
-function kdf(element, info) {
-  return hkdf(sha3_256, element.toBytes(), "", info, 32);
+import { G1Element } from "./bls12381.js";
+function kdf(element, nonce, id, objectId, index) {
+  const GT_ELEMENT_BYTE_LENGTH = 576;
+  const PERMUTATION = [0, 2, 4, 1, 3, 5];
+  const COEFFICIENT_SIZE = GT_ELEMENT_BYTE_LENGTH / PERMUTATION.length;
+  const bytes = element.toBytes();
+  let permutedBytes = new Uint8Array(GT_ELEMENT_BYTE_LENGTH);
+  PERMUTATION.forEach((pi, i) => {
+    permutedBytes.set(
+      bytes.slice(i * COEFFICIENT_SIZE, (i + 1) * COEFFICIENT_SIZE),
+      pi * COEFFICIENT_SIZE
+    );
+  });
+  const inputBytes = new Uint8Array([
+    ...permutedBytes,
+    ...nonce.toBytes(),
+    ...G1Element.hashToCurve(id).toBytes()
+  ]);
+  const info = new Uint8Array([...fromHex(objectId), index]);
+  return hkdf(sha3_256, inputBytes, "", info, 32);
+}
+var KeyPurpose = /* @__PURE__ */ ((KeyPurpose2) => {
+  KeyPurpose2[KeyPurpose2["EncryptedRandomness"] = 0] = "EncryptedRandomness";
+  KeyPurpose2[KeyPurpose2["DEM"] = 1] = "DEM";
+  return KeyPurpose2;
+})(KeyPurpose || {});
+function deriveKey(purpose, baseKey) {
+  switch (purpose) {
+    case 0 /* EncryptedRandomness */:
+      return hmac(sha3_256, baseKey, new Uint8Array([0]));
+    case 1 /* DEM */:
+      return hmac(sha3_256, baseKey, new Uint8Array([1]));
+  }
 }
 export {
+  KeyPurpose,
+  deriveKey,
   kdf
 };
 //# sourceMappingURL=kdf.js.map

package/dist/esm/kdf.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/kdf.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(element: GTElement, info: Uint8Array): Uint8Array {\n\treturn hkdf(sha3_256, element.toBytes(), '', info, 32);\n}\n"],
-  "mappings": "AAGA,SAAS,YAAY;AACrB,SAAS,gBAAgB;AAWlB,SAAS,IAAI,SAAoB,MAA8B;AACrE,SAAO,KAAK,UAAU,QAAQ,QAAQ,GAAG,IAAI,MAAM,EAAE;AACtD;",
-  "names": []
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\t// This permutation flips the order of 6 pairs of coefficients of the GT element.\n\t// The permutation may be computed as:\n\t// for i in 0..3 {\n\t//   for j in 0..2 {\n\t//     PERMUTATION[i + j * 3] = i * 2 + j;\n\t//   }\n\t// }\n\tconst GT_ELEMENT_BYTE_LENGTH = 576;\n\tconst PERMUTATION = [0, 2, 4, 1, 3, 5];\n\tconst COEFFICIENT_SIZE = GT_ELEMENT_BYTE_LENGTH / PERMUTATION.length;\n\n\tconst bytes = element.toBytes();\n\tlet permutedBytes = new Uint8Array(GT_ELEMENT_BYTE_LENGTH);\n\tPERMUTATION.forEach((pi, i) => {\n\t\tpermutedBytes.set(\n\t\t\tbytes.slice(i * COEFFICIENT_SIZE, (i + 1) * COEFFICIENT_SIZE),\n\t\t\tpi * COEFFICIENT_SIZE,\n\t\t);\n\t});\n\tconst inputBytes = new Uint8Array([\n\t\t...permutedBytes,\n\t\t...nonce.toBytes(),\n\t\t...G1Element.hashToCurve(id).toBytes(),\n\t]);\n\tconst info = new Uint8Array([...fromHex(objectId), index]);\n\treturn hkdf(sha3_256, inputBytes, '', info, 32);\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nexport function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([0]));\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([1]));\n\t}\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,YAAY;AACrB,SAAS,YAAY;AACrB,SAAS,gBAAgB;AAEzB,SAAS,iBAAiB;AAUnB,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AAQb,QAAM,yBAAyB;AAC/B,QAAM,cAAc,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACrC,QAAM,mBAAmB,yBAAyB,YAAY;AAE9D,QAAM,QAAQ,QAAQ,QAAQ;AAC9B,MAAI,gBAAgB,IAAI,WAAW,sBAAsB;AACzD,cAAY,QAAQ,CAAC,IAAI,MAAM;AAC9B,kBAAc;AAAA,MACb,MAAM,MAAM,IAAI,mBAAmB,IAAI,KAAK,gBAAgB;AAAA,MAC5D,KAAK;AAAA,IACN;AAAA,EACD,CAAC;AACD,QAAM,aAAa,IAAI,WAAW;AAAA,IACjC,GAAG;AAAA,IACH,GAAG,MAAM,QAAQ;AAAA,IACjB,GAAG,UAAU,YAAY,EAAE,EAAE,QAAQ;AAAA,EACtC,CAAC;AACD,QAAM,OAAO,IAAI,WAAW,CAAC,GAAG,QAAQ,QAAQ,GAAG,KAAK,CAAC;AACzD,SAAO,KAAK,UAAU,YAAY,IAAI,MAAM,EAAE;AAC/C;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKL,SAAS,UAAU,SAAqB,SAAiC;AAC/E,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,KAAK,UAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,IACnD,KAAK;AACJ,aAAO,KAAK,UAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,EACpD;AACD;",
+  "names": ["KeyPurpose"]
 }

package/dist/esm/key-server.d.ts

@@ -1,6 +1,6 @@
 import type { SuiClient } from '@mysten/sui/client';
 export type KeyServer = {
-    objectId: Uint8Array;
+    objectId: string;
     name: string;
     url: string;
     keyType: KeyServerType;
@@ -14,7 +14,7 @@ export declare enum KeyServerType {
  * @param network - The network to use.
  * @returns The object id's of the key servers.
  */
-export declare function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): Uint8Array[];
+export declare function getAllowlistedKeyServers(network: 'testnet' | 'mainnet'): string[];
 /**
  * Given a list of key server object IDs, returns a list of SealKeyServer
  * from onchain state containing name, objectId, URL and pk.
@@ -24,15 +24,15 @@ export declare function getAllowlistedKeyServers(network: 'testnet' | 'mainnet')
  * @returns - An array of SealKeyServer.
  */
 export declare function retrieveKeyServers({ objectIds, client, }: {
-    objectIds: Uint8Array[];
+    objectIds: string[];
     client: SuiClient;
 }): Promise<KeyServer[]>;
 /**
- * Given a KeyServer, fetch the proof of possesion (PoP) from the URL and verify it
+ * Given a KeyServer, fetch the proof of possession (PoP) from the URL and verify it
  * against the pubkey. This should be used only rarely when the dapp uses a dynamic
  * set of key servers.
  *
  * @param server - The KeyServer to verify.
  * @returns - True if the key server is valid, false otherwise.
  */
-export declare function verifyKeyServer(server: KeyServer): Promise<boolean>;
+export declare function verifyKeyServer(server: KeyServer, timeout: number): Promise<boolean>;