@mysten/seal 0.3.0 → 0.3.1

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @mysten/seal
 
+## 0.3.1
+
+### Patch Changes
+
+- d2ef9ef: Update encryption format, and export errors
+
 ## 0.3.0
 
 ### Minor Changes

package/dist/cjs/decrypt.js

@@ -21,6 +21,7 @@ __export(decrypt_exports, {
   decrypt: () => decrypt
 });
 module.exports = __toCommonJS(decrypt_exports);
+var import_bcs = require("@mysten/bcs");
 var import_shamir_secret_sharing = require("shamir-secret-sharing");
 var import_bls12381 = require("./bls12381.js");
 var import_dem = require("./dem.js");
@@ -46,12 +47,12 @@ async function decrypt({ encryptedObject, keys }) {
   const nonce = import_bls12381.G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);
   const shares = inKeystore.map((i) => {
     const [objectId, index] = encryptedObject.services[i];
-    const info = new Uint8Array([index]);
     const share = import_ibe.BonehFranklinBLS12381Services.decrypt(
       nonce,
       keys.get(`${fullId}:${objectId}`),
       encryptedShares[i],
-      info
+      (0, import_bcs.fromHex)(fullId),
+      [objectId, index]
     );
     return { index, share };
   });

package/dist/cjs/decrypt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/decrypt.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i: number) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst info = new Uint8Array([index]);\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tinfo,\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst key = await combine(shares);\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\ttry {\n\t\t\t// Decrypt the ciphertext with the key.\n\t\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\ttry {\n\t\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else {\n\t\tthrow new Error('Invalid encrypted object');\n\t}\n}\n\n/**\n * Helper function that combines the shares into the key.\n * @param shares - The shares to combine.\n * @returns - The combined key.\n */\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid shares length');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,mCAA2C;AAI3C,sBAA0B;AAC1B,iBAAsC;AACtC,mBAAgE;AAChE,iBAAmD;AACnD,iBAAsC;AAEtC,mBAA6B;AAc7B,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,qCAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,aAAS,2BAAa,gBAAK,gBAAgB,WAAW,gBAAgB,EAAE;AAG9E,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,0BAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAc;AAC5C,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC;AACnC,UAAM,QAAQ,yCAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,MACjB;AAAA,IACD;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,MAAM,MAAM,QAAQ,MAAM;AAChC,QAAM,aAAS,sBAAU,sBAAW,KAAK,GAAG;AAC5C,MAAI,gBAAgB,WAAW,WAAW;AACzC,QAAI;AAEH,aAAO,qBAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC5D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,WAAW,gBAAgB,WAAW,YAAY;AACjD,QAAI;AACH,aAAO,sBAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC7D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AACD;AAOA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,aAAO,6BAAAA;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i: number) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst key = await combine(shares);\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\ttry {\n\t\t\t// Decrypt the ciphertext with the key.\n\t\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\ttry {\n\t\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else {\n\t\tthrow new Error('Invalid encrypted object');\n\t}\n}\n\n/**\n * Helper function that combines the shares into the key.\n * @param shares - The shares to combine.\n * @returns - The combined key.\n */\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid shares length');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,mCAA2C;AAI3C,sBAA0B;AAC1B,iBAAsC;AACtC,mBAAgE;AAChE,iBAAmD;AACnD,iBAAsC;AAEtC,mBAA6B;AAc7B,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,qCAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,aAAS,2BAAa,gBAAK,gBAAgB,WAAW,gBAAgB,EAAE;AAG9E,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,0BAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAc;AAC5C,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,yCAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,UACjB,oBAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,MAAM,MAAM,QAAQ,MAAM;AAChC,QAAM,aAAS,sBAAU,sBAAW,KAAK,GAAG;AAC5C,MAAI,gBAAgB,WAAW,WAAW;AACzC,QAAI;AAEH,aAAO,qBAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC5D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,WAAW,gBAAgB,WAAW,YAAY;AACjD,QAAI;AACH,aAAO,sBAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC7D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AACD;AAOA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,aAAO,6BAAAA;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
   "names": ["externalCombine"]
 }

package/dist/cjs/encrypt.js

@@ -57,7 +57,7 @@ async function encrypt({
     (0, import_bcs.fromHex)(fullId),
     shares.map(({ share, index }) => ({
       msg: share,
-      info: new Uint8Array([index])
+      index
     })),
     (0, import_kdf.deriveKey)(import_kdf.KeyPurpose.EncryptedRandomness, key)
   );

package/dist/cjs/encrypt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/encrypt.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, keyServers.length, threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tinfo: new Uint8Array([index]),\n\t\t})),\n\t\tderiveKey(KeyPurpose.EncryptedRandomness, key),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map((server, i) => [\n\t\tserver.objectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: { msg: Uint8Array; info: Uint8Array }[],\n\trandomnessKey: Uint8Array,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\trandomnessKey,\n\t\t\t);\n\t}\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid threshold or number of shares');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,mBAAmC;AACnC,mCAAuC;AAGvC,IAAAA,cAAgC;AAEhC,mBAA0B;AAC1B,iBAAmD;AACnD,iBAAsC;AAEtC,IAAAC,gBAA6B;AAEtB,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,KAAC,iCAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,aAAS,sBAAU,sBAAW,KAAK,GAAG;AAC5C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,QAAQ,SAAS;AAG5D,QAAM,aAAS,4BAAa,gBAAK,WAAW,EAAE;AAC9C,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,QACA,oBAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC;AAAA,IAC7B,EAAE;AAAA,QACF,sBAAU,sBAAW,qBAAqB,GAAG;AAAA,EAC9C;AAGA,QAAM,WAA+B,WAAW,IAAI,CAAC,QAAQ,MAAM;AAAA,IAClE,OAAO;AAAA,IACP,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,4BAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,eACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,yCAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACxD,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,aAAO,6BAAAC,OAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, keyServers.length, threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tindex,\n\t\t})),\n\t\tderiveKey(KeyPurpose.EncryptedRandomness, key),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map((server, i) => [\n\t\tserver.objectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: { msg: Uint8Array; index: number }[],\n\trandomnessKey: Uint8Array,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\trandomnessKey,\n\t\t\t);\n\t}\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid threshold or number of shares');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,mBAAmC;AACnC,mCAAuC;AAGvC,IAAAA,cAAgC;AAEhC,mBAA0B;AAC1B,iBAAmD;AACnD,iBAAsC;AAEtC,IAAAC,gBAA6B;AAEtB,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,KAAC,iCAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,aAAS,sBAAU,sBAAW,KAAK,GAAG;AAC5C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,QAAQ,SAAS;AAG5D,QAAM,aAAS,4BAAa,gBAAK,WAAW,EAAE;AAC9C,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,QACA,oBAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL;AAAA,IACD,EAAE;AAAA,QACF,sBAAU,sBAAW,qBAAqB,GAAG;AAAA,EAC9C;AAGA,QAAM,WAA+B,WAAW,IAAI,CAAC,QAAQ,MAAM;AAAA,IAClE,OAAO;AAAA,IACP,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,4BAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,eACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,yCAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACxD,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,aAAO,6BAAAC,OAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
   "names": ["import_bcs", "import_utils", "KemType", "DemType", "externalSplit"]
 }

package/dist/cjs/ibe.d.ts

@@ -23,12 +23,12 @@ export declare abstract class IBEServers {
      * Encrypt a batch of messages for the given identity.
      *
      * @param id The identity.
-     * @param msgAndInfos The messages and an additional info parameter which will be included in the KDF.
+     * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.
      * @returns The encrypted messages.
      */
-    abstract encryptBatched(id: Uint8Array, msgAndInfos: {
+    abstract encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
+        index: number;
     }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
 }
 /**
@@ -38,9 +38,9 @@ export declare abstract class IBEServers {
 export declare class BonehFranklinBLS12381Services extends IBEServers {
     readonly publicKeys: G2Element[];
     constructor(services: KeyServer[]);
-    encryptBatched(id: Uint8Array, msgAndInfos: {
+    encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
+        index: number;
     }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
     /**
      * Returns true if the user secret key is valid for the given public key and id.
@@ -59,5 +59,5 @@ export declare class BonehFranklinBLS12381Services extends IBEServers {
      * @param info An info parameter also included in the KDF.
      * @returns The decrypted message.
      */
-    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, info: Uint8Array): Uint8Array;
+    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, id: Uint8Array, [objectId, index]: [string, number]): Uint8Array;
 }

package/dist/cjs/ibe.js

@@ -46,13 +46,13 @@ class BonehFranklinBLS12381Services extends IBEServers {
     super(services.map((service) => service.objectId));
     this.publicKeys = services.map((service) => import_bls12381.G2Element.fromBytes(service.pk));
   }
-  encryptBatched(id, msgAndInfos, randomnessKey) {
-    if (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndInfos.length) {
+  encryptBatched(id, msgAndIndices, randomnessKey) {
+    if (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {
       throw new Error("Invalid public keys");
     }
     const [r, nonce, keys] = encapBatched(this.publicKeys, id);
-    const encryptedShares = msgAndInfos.map(
-      (msgAndInfo, i) => (0, import_utils.xor)(msgAndInfo.msg, (0, import_kdf.kdf)(keys[i], msgAndInfo.info))
+    const encryptedShares = msgAndIndices.map(
+      (msgAndIndex, i) => (0, import_utils.xor)(msgAndIndex.msg, (0, import_kdf.kdf)(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index))
     );
     const encryptedRandomness = (0, import_utils.xor)(randomnessKey, r.toBytes());
     return {
@@ -85,8 +85,8 @@ class BonehFranklinBLS12381Services extends IBEServers {
    * @param info An info parameter also included in the KDF.
    * @returns The decrypted message.
    */
-  static decrypt(nonce, sk, ciphertext, info) {
-    return (0, import_utils.xor)(ciphertext, (0, import_kdf.kdf)(decap(nonce, sk), info));
+  static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
+    return (0, import_utils.xor)(ciphertext, (0, import_kdf.kdf)(decap(nonce, sk), nonce, id, objectId, index));
   }
 }
 function encapBatched(publicKeys, id) {

package/dist/cjs/ibe.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/ibe.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.objectIds.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndInfos The messages and an additional info parameter which will be included in the KDF.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndInfos: { msg: Uint8Array; info: Uint8Array }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndInfos: { msg: Uint8Array; info: Uint8Array }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndInfos.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = msgAndInfos.map((msgAndInfo, i) =>\n\t\t\txor(msgAndInfo.msg, kdf(keys[i], msgAndInfo.info)),\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tinfo: Uint8Array,\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), info));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAA6C;AAC7C,iBAAoB;AAEpB,mBAAoB;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,UAAU;AAAA,EACvB;AAcD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,aACA,eACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,YAAY,QAAQ;AAClF,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,YAAY;AAAA,MAAI,CAAC,YAAY,UACpD,kBAAI,WAAW,SAAK,gBAAI,KAAK,CAAC,GAAG,WAAW,IAAI,CAAC;AAAA,IAClD;AACA,UAAM,0BAAsB,kBAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,0BAAU,UAAU,CAAC,EAAE,QAAQ;AACjE,UAAM,MAAM,0BAAU,gBAAY,oBAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAC1E,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,MACa;AACb,eAAO,kBAAI,gBAAY,gBAAI,MAAM,OAAO,EAAE,GAAG,IAAI,CAAC;AAAA,EACnD;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,uBAAO,OAAO;AACxB,QAAM,QAAQ,0BAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,0BAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC1E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.objectIds.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = msgAndIndices.map((msgAndIndex, i) =>\n\t\t\txor(msgAndIndex.msg, kdf(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index)),\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AAIxB,sBAA6C;AAC7C,iBAAoB;AAEpB,mBAAoB;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,UAAU;AAAA,EACvB;AAcD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,0BAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,eACA,eACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,cAAc,QAAQ;AACpF,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,cAAc;AAAA,MAAI,CAAC,aAAa,UACvD,kBAAI,YAAY,SAAK,gBAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,YAAY,KAAK,CAAC;AAAA,IACnF;AACA,UAAM,0BAAsB,kBAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,0BAAU,UAAU,CAAC,EAAE,QAAQ;AACjE,UAAM,MAAM,0BAAU,gBAAY,oBAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAC1E,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,eAAO,kBAAI,gBAAY,gBAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,uBAAO,OAAO;AACxB,QAAM,QAAQ,0BAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,0BAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC1E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
   "names": []
 }

package/dist/cjs/index.d.ts

@@ -1,3 +1,4 @@
 export { getAllowlistedKeyServers } from './key-server.js';
 export { SealClient, type SealClientOptions } from './client.js';
 export { SessionKey } from './session-key.js';
+export * from './error.js';

package/dist/cjs/index.js

@@ -15,6 +15,7 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var index_exports = {};
 __export(index_exports, {
@@ -26,4 +27,5 @@ module.exports = __toCommonJS(index_exports);
 var import_key_server = require("./key-server.js");
 var import_client = require("./client.js");
 var import_session_key = require("./session-key.js");
+__reExport(index_exports, require("./error.js"), module.exports);
 //# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getAllowlistedKeyServers } from './key-server.js';\nexport { SealClient, type SealClientOptions } from './client.js';\nexport { SessionKey } from './session-key.js';\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,wBAAyC;AACzC,oBAAmD;AACnD,yBAA2B;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getAllowlistedKeyServers } from './key-server.js';\nexport { SealClient, type SealClientOptions } from './client.js';\nexport { SessionKey } from './session-key.js';\nexport * from './error.js';\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,wBAAyC;AACzC,oBAAmD;AACnD,yBAA2B;AAC3B,0BAAc,uBANd;",
   "names": []
 }

package/dist/cjs/kdf.d.ts

@@ -1,4 +1,4 @@
-import type { GTElement } from './bls12381.js';
+import type { G2Element, GTElement } from './bls12381.js';
 /**
  * The default key derivation function.
  *
@@ -6,7 +6,7 @@ import type { GTElement } from './bls12381.js';
  * @param info Optional context and application specific information.
  * @returns The derived key.
  */
-export declare function kdf(element: GTElement, info: Uint8Array): Uint8Array;
+export declare function kdf(element: GTElement, nonce: G2Element, id: Uint8Array, objectId: string, index: number): Uint8Array;
 export declare enum KeyPurpose {
     EncryptedRandomness = 0,
     DEM = 1

package/dist/cjs/kdf.js

@@ -23,10 +23,12 @@ __export(kdf_exports, {
   kdf: () => kdf
 });
 module.exports = __toCommonJS(kdf_exports);
+var import_bcs = require("@mysten/bcs");
 var import_hkdf = require("@noble/hashes/hkdf");
 var import_hmac = require("@noble/hashes/hmac");
 var import_sha3 = require("@noble/hashes/sha3");
-function kdf(element, info) {
+var import_bls12381 = require("./bls12381.js");
+function kdf(element, nonce, id, objectId, index) {
   const GT_ELEMENT_BYTE_LENGTH = 576;
   const PERMUTATION = [0, 2, 4, 1, 3, 5];
   const COEFFICIENT_SIZE = GT_ELEMENT_BYTE_LENGTH / PERMUTATION.length;
@@ -38,7 +40,13 @@ function kdf(element, info) {
       pi * COEFFICIENT_SIZE
     );
   });
-  return (0, import_hkdf.hkdf)(import_sha3.sha3_256, permutedBytes, "", info, 32);
+  const inputBytes = new Uint8Array([
+    ...permutedBytes,
+    ...nonce.toBytes(),
+    ...import_bls12381.G1Element.hashToCurve(id).toBytes()
+  ]);
+  const info = new Uint8Array([...(0, import_bcs.fromHex)(objectId), index]);
+  return (0, import_hkdf.hkdf)(import_sha3.sha3_256, inputBytes, "", info, 32);
 }
 var KeyPurpose = /* @__PURE__ */ ((KeyPurpose2) => {
   KeyPurpose2[KeyPurpose2["EncryptedRandomness"] = 0] = "EncryptedRandomness";

package/dist/cjs/kdf.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/kdf.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport type { GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(element: GTElement, info: Uint8Array): Uint8Array {\n\t// This permutation flips the order of 6 pairs of coefficients of the GT element.\n\t// The permutation may be computed as:\n\t// for i in 0..3 {\n\t//   for j in 0..2 {\n\t//     PERMUTATION[i + j * 3] = i * 2 + j;\n\t//   }\n\t// }\n\tconst GT_ELEMENT_BYTE_LENGTH = 576;\n\tconst PERMUTATION = [0, 2, 4, 1, 3, 5];\n\tconst COEFFICIENT_SIZE = GT_ELEMENT_BYTE_LENGTH / PERMUTATION.length;\n\n\tconst bytes = element.toBytes();\n\tlet permutedBytes = new Uint8Array(GT_ELEMENT_BYTE_LENGTH);\n\tPERMUTATION.forEach((pi, i) => {\n\t\tpermutedBytes.set(\n\t\t\tbytes.slice(i * COEFFICIENT_SIZE, (i + 1) * COEFFICIENT_SIZE),\n\t\t\tpi * COEFFICIENT_SIZE,\n\t\t);\n\t});\n\treturn hkdf(sha3_256, permutedBytes, '', info, 32);\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nexport function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([0]));\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([1]));\n\t}\n}\n"],
-  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,kBAAqB;AACrB,kBAAqB;AACrB,kBAAyB;AAWlB,SAAS,IAAI,SAAoB,MAA8B;AAQrE,QAAM,yBAAyB;AAC/B,QAAM,cAAc,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACrC,QAAM,mBAAmB,yBAAyB,YAAY;AAE9D,QAAM,QAAQ,QAAQ,QAAQ;AAC9B,MAAI,gBAAgB,IAAI,WAAW,sBAAsB;AACzD,cAAY,QAAQ,CAAC,IAAI,MAAM;AAC9B,kBAAc;AAAA,MACb,MAAM,MAAM,IAAI,mBAAmB,IAAI,KAAK,gBAAgB;AAAA,MAC5D,KAAK;AAAA,IACN;AAAA,EACD,CAAC;AACD,aAAO,kBAAK,sBAAU,eAAe,IAAI,MAAM,EAAE;AAClD;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKL,SAAS,UAAU,SAAqB,SAAiC;AAC/E,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,iBAAO,kBAAK,sBAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,IACnD,KAAK;AACJ,iBAAO,kBAAK,sBAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,EACpD;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { hkdf } from '@noble/hashes/hkdf';\nimport { hmac } from '@noble/hashes/hmac';\nimport { sha3_256 } from '@noble/hashes/sha3';\n\nimport { G1Element } from './bls12381.js';\nimport type { G2Element, GTElement } from './bls12381.js';\n\n/**\n * The default key derivation function.\n *\n * @param element The GTElement to derive the key from.\n * @param info Optional context and application specific information.\n * @returns The derived key.\n */\nexport function kdf(\n\telement: GTElement,\n\tnonce: G2Element,\n\tid: Uint8Array,\n\tobjectId: string,\n\tindex: number,\n): Uint8Array {\n\t// This permutation flips the order of 6 pairs of coefficients of the GT element.\n\t// The permutation may be computed as:\n\t// for i in 0..3 {\n\t//   for j in 0..2 {\n\t//     PERMUTATION[i + j * 3] = i * 2 + j;\n\t//   }\n\t// }\n\tconst GT_ELEMENT_BYTE_LENGTH = 576;\n\tconst PERMUTATION = [0, 2, 4, 1, 3, 5];\n\tconst COEFFICIENT_SIZE = GT_ELEMENT_BYTE_LENGTH / PERMUTATION.length;\n\n\tconst bytes = element.toBytes();\n\tlet permutedBytes = new Uint8Array(GT_ELEMENT_BYTE_LENGTH);\n\tPERMUTATION.forEach((pi, i) => {\n\t\tpermutedBytes.set(\n\t\t\tbytes.slice(i * COEFFICIENT_SIZE, (i + 1) * COEFFICIENT_SIZE),\n\t\t\tpi * COEFFICIENT_SIZE,\n\t\t);\n\t});\n\tconst inputBytes = new Uint8Array([\n\t\t...permutedBytes,\n\t\t...nonce.toBytes(),\n\t\t...G1Element.hashToCurve(id).toBytes(),\n\t]);\n\tconst info = new Uint8Array([...fromHex(objectId), index]);\n\treturn hkdf(sha3_256, inputBytes, '', info, 32);\n}\n\nexport enum KeyPurpose {\n\tEncryptedRandomness,\n\tDEM,\n}\n\nexport function deriveKey(purpose: KeyPurpose, baseKey: Uint8Array): Uint8Array {\n\tswitch (purpose) {\n\t\tcase KeyPurpose.EncryptedRandomness:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([0]));\n\t\tcase KeyPurpose.DEM:\n\t\t\treturn hmac(sha3_256, baseKey, new Uint8Array([1]));\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,iBAAwB;AACxB,kBAAqB;AACrB,kBAAqB;AACrB,kBAAyB;AAEzB,sBAA0B;AAUnB,SAAS,IACf,SACA,OACA,IACA,UACA,OACa;AAQb,QAAM,yBAAyB;AAC/B,QAAM,cAAc,CAAC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AACrC,QAAM,mBAAmB,yBAAyB,YAAY;AAE9D,QAAM,QAAQ,QAAQ,QAAQ;AAC9B,MAAI,gBAAgB,IAAI,WAAW,sBAAsB;AACzD,cAAY,QAAQ,CAAC,IAAI,MAAM;AAC9B,kBAAc;AAAA,MACb,MAAM,MAAM,IAAI,mBAAmB,IAAI,KAAK,gBAAgB;AAAA,MAC5D,KAAK;AAAA,IACN;AAAA,EACD,CAAC;AACD,QAAM,aAAa,IAAI,WAAW;AAAA,IACjC,GAAG;AAAA,IACH,GAAG,MAAM,QAAQ;AAAA,IACjB,GAAG,0BAAU,YAAY,EAAE,EAAE,QAAQ;AAAA,EACtC,CAAC;AACD,QAAM,OAAO,IAAI,WAAW,CAAC,OAAG,oBAAQ,QAAQ,GAAG,KAAK,CAAC;AACzD,aAAO,kBAAK,sBAAU,YAAY,IAAI,MAAM,EAAE;AAC/C;AAEO,IAAK,aAAL,kBAAKA,gBAAL;AACN,EAAAA,wBAAA;AACA,EAAAA,wBAAA;AAFW,SAAAA;AAAA,GAAA;AAKL,SAAS,UAAU,SAAqB,SAAiC;AAC/E,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,iBAAO,kBAAK,sBAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,IACnD,KAAK;AACJ,iBAAO,kBAAK,sBAAU,SAAS,IAAI,WAAW,CAAC,CAAC,CAAC,CAAC;AAAA,EACpD;AACD;",
   "names": ["KeyPurpose"]
 }

package/dist/cjs/version.d.ts

@@ -1 +1 @@
-export declare const PACKAGE_VERSION = "0.3.0";
+export declare const PACKAGE_VERSION = "0.3.1";

package/dist/cjs/version.js

@@ -21,5 +21,5 @@ __export(version_exports, {
   PACKAGE_VERSION: () => PACKAGE_VERSION
 });
 module.exports = __toCommonJS(version_exports);
-const PACKAGE_VERSION = "0.3.0";
+const PACKAGE_VERSION = "0.3.1";
 //# sourceMappingURL=version.js.map

package/dist/cjs/version.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/version.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.3.0';\n"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '0.3.1';\n"],
   "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAKO,MAAM,kBAAkB;",
   "names": []
 }

package/dist/esm/decrypt.js

@@ -1,3 +1,4 @@
+import { fromHex } from "@mysten/bcs";
 import { combine as externalCombine } from "shamir-secret-sharing";
 import { G2Element } from "./bls12381.js";
 import { AesGcm256, Hmac256Ctr } from "./dem.js";
@@ -23,12 +24,12 @@ async function decrypt({ encryptedObject, keys }) {
   const nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);
   const shares = inKeystore.map((i) => {
     const [objectId, index] = encryptedObject.services[i];
-    const info = new Uint8Array([index]);
     const share = BonehFranklinBLS12381Services.decrypt(
       nonce,
       keys.get(`${fullId}:${objectId}`),
       encryptedShares[i],
-      info
+      fromHex(fullId),
+      [objectId, index]
     );
     return { index, share };
   });

package/dist/esm/decrypt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/decrypt.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i: number) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst info = new Uint8Array([index]);\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tinfo,\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst key = await combine(shares);\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\ttry {\n\t\t\t// Decrypt the ciphertext with the key.\n\t\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\ttry {\n\t\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else {\n\t\tthrow new Error('Invalid encrypted object');\n\t}\n}\n\n/**\n * Helper function that combines the shares into the key.\n * @param shares - The shares to combine.\n * @returns - The combined key.\n */\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid shares length');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
-  "mappings": "AAGA,SAAS,WAAW,uBAAuB;AAI3C,SAAS,iBAAiB;AAC1B,SAAS,WAAW,kBAAkB;AACtC,SAAS,wBAAwB,+BAA+B;AAChE,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAc7B,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,wBAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,SAAS,aAAa,KAAK,gBAAgB,WAAW,gBAAgB,EAAE;AAG9E,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,UAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAc;AAC5C,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,OAAO,IAAI,WAAW,CAAC,KAAK,CAAC;AACnC,UAAM,QAAQ,8BAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,MACjB;AAAA,IACD;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,MAAM,MAAM,QAAQ,MAAM;AAChC,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,MAAI,gBAAgB,WAAW,WAAW;AACzC,QAAI;AAEH,aAAO,UAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC5D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,WAAW,gBAAgB,WAAW,YAAY;AACjD,QAAI;AACH,aAAO,WAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC7D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AACD;AAOA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,SAAO;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { combine as externalCombine } from 'shamir-secret-sharing';\n\nimport type { EncryptedObject } from './bcs.js';\nimport type { G1Element } from './bls12381.js';\nimport { G2Element } from './bls12381.js';\nimport { AesGcm256, Hmac256Ctr } from './dem.js';\nimport { InvalidCiphertextError, UnsupportedFeatureError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyCacheKey } from './types.js';\nimport { createFullId } from './utils.js';\n\nexport interface DecryptOptions {\n\tencryptedObject: typeof EncryptedObject.$inferType;\n\tkeys: Map<KeyCacheKey, G1Element>;\n}\n\n/**\n * Decrypt the given encrypted bytes with the given cached secret keys for the full ID.\n * It's assumed that fetchKeys has been called to fetch the secret keys for enough key servers\n * otherwise, this will throw an error.\n *\n * @returns - The decrypted plaintext corresponding to ciphertext.\n */\nexport async function decrypt({ encryptedObject, keys }: DecryptOptions): Promise<Uint8Array> {\n\tif (!encryptedObject.encryptedShares.BonehFranklinBLS12381) {\n\t\tthrow new UnsupportedFeatureError('Encryption mode not supported');\n\t}\n\n\tconst fullId = createFullId(DST, encryptedObject.packageId, encryptedObject.id);\n\n\t// Get the indices of the service whose keys are in the keystore.\n\tconst inKeystore = encryptedObject.services\n\t\t.map((_, i) => i)\n\t\t.filter((i) => keys.has(`${fullId}:${encryptedObject.services[i][0]}`));\n\n\tif (inKeystore.length < encryptedObject.threshold) {\n\t\tthrow new Error('Not enough shares. Please fetch more keys.');\n\t}\n\n\tconst encryptedShares = encryptedObject.encryptedShares.BonehFranklinBLS12381.encryptedShares;\n\tif (encryptedShares.length !== encryptedObject.services.length) {\n\t\tthrow new InvalidCiphertextError(\n\t\t\t`Mismatched shares ${encryptedShares.length} and services ${encryptedObject.services.length}`,\n\t\t);\n\t}\n\n\tconst nonce = G2Element.fromBytes(encryptedObject.encryptedShares.BonehFranklinBLS12381.nonce);\n\n\t// Decrypt each share.\n\tconst shares = inKeystore.map((i: number) => {\n\t\tconst [objectId, index] = encryptedObject.services[i];\n\t\t// Use the index as the unique info parameter to allow for multiple shares per key server.\n\t\tconst share = BonehFranklinBLS12381Services.decrypt(\n\t\t\tnonce,\n\t\t\tkeys.get(`${fullId}:${objectId}`)!,\n\t\t\tencryptedShares[i],\n\t\t\tfromHex(fullId),\n\t\t\t[objectId, index],\n\t\t);\n\t\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share.\n\t\treturn { index, share };\n\t});\n\n\t// Combine the decrypted shares into the key.\n\tconst key = await combine(shares);\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tif (encryptedObject.ciphertext.Aes256Gcm) {\n\t\ttry {\n\t\t\t// Decrypt the ciphertext with the key.\n\t\t\treturn AesGcm256.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else if (encryptedObject.ciphertext.Plain) {\n\t\t// In case `Plain` mode is used, return the key.\n\t\treturn demKey;\n\t} else if (encryptedObject.ciphertext.Hmac256Ctr) {\n\t\ttry {\n\t\t\treturn Hmac256Ctr.decrypt(demKey, encryptedObject.ciphertext);\n\t\t} catch {\n\t\t\tthrow new Error('Decryption failed');\n\t\t}\n\t} else {\n\t\tthrow new Error('Invalid encrypted object');\n\t}\n}\n\n/**\n * Helper function that combines the shares into the key.\n * @param shares - The shares to combine.\n * @returns - The combined key.\n */\nasync function combine(shares: { index: number; share: Uint8Array }[]): Promise<Uint8Array> {\n\tif (shares.length === 0) {\n\t\tthrow new Error('Invalid shares length');\n\t} else if (shares.length === 1) {\n\t\t// The Shamir secret sharing library expects at least two shares.\n\t\t// If there is only one and the threshold is 1, the reconstructed secret is the same as the share.\n\t\treturn Promise.resolve(shares[0].share);\n\t}\n\n\t// The Shamir secret sharing library expects the index/x-coordinate to be at the end of the share\n\treturn externalCombine(\n\t\tshares.map(({ index, share }) => {\n\t\t\tconst packedShare = new Uint8Array(share.length + 1);\n\t\t\tpackedShare.set(share, 0);\n\t\t\tpackedShare[share.length] = index;\n\t\t\treturn packedShare;\n\t\t}),\n\t);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,WAAW,uBAAuB;AAI3C,SAAS,iBAAiB;AAC1B,SAAS,WAAW,kBAAkB;AACtC,SAAS,wBAAwB,+BAA+B;AAChE,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAc7B,eAAsB,QAAQ,EAAE,iBAAiB,KAAK,GAAwC;AAC7F,MAAI,CAAC,gBAAgB,gBAAgB,uBAAuB;AAC3D,UAAM,IAAI,wBAAwB,+BAA+B;AAAA,EAClE;AAEA,QAAM,SAAS,aAAa,KAAK,gBAAgB,WAAW,gBAAgB,EAAE;AAG9E,QAAM,aAAa,gBAAgB,SACjC,IAAI,CAAC,GAAG,MAAM,CAAC,EACf,OAAO,CAAC,MAAM,KAAK,IAAI,GAAG,MAAM,IAAI,gBAAgB,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAEvE,MAAI,WAAW,SAAS,gBAAgB,WAAW;AAClD,UAAM,IAAI,MAAM,4CAA4C;AAAA,EAC7D;AAEA,QAAM,kBAAkB,gBAAgB,gBAAgB,sBAAsB;AAC9E,MAAI,gBAAgB,WAAW,gBAAgB,SAAS,QAAQ;AAC/D,UAAM,IAAI;AAAA,MACT,qBAAqB,gBAAgB,MAAM,iBAAiB,gBAAgB,SAAS,MAAM;AAAA,IAC5F;AAAA,EACD;AAEA,QAAM,QAAQ,UAAU,UAAU,gBAAgB,gBAAgB,sBAAsB,KAAK;AAG7F,QAAM,SAAS,WAAW,IAAI,CAAC,MAAc;AAC5C,UAAM,CAAC,UAAU,KAAK,IAAI,gBAAgB,SAAS,CAAC;AAEpD,UAAM,QAAQ,8BAA8B;AAAA,MAC3C;AAAA,MACA,KAAK,IAAI,GAAG,MAAM,IAAI,QAAQ,EAAE;AAAA,MAChC,gBAAgB,CAAC;AAAA,MACjB,QAAQ,MAAM;AAAA,MACd,CAAC,UAAU,KAAK;AAAA,IACjB;AAEA,WAAO,EAAE,OAAO,MAAM;AAAA,EACvB,CAAC;AAGD,QAAM,MAAM,MAAM,QAAQ,MAAM;AAChC,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,MAAI,gBAAgB,WAAW,WAAW;AACzC,QAAI;AAEH,aAAO,UAAU,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC5D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,WAAW,gBAAgB,WAAW,OAAO;AAE5C,WAAO;AAAA,EACR,WAAW,gBAAgB,WAAW,YAAY;AACjD,QAAI;AACH,aAAO,WAAW,QAAQ,QAAQ,gBAAgB,UAAU;AAAA,IAC7D,QAAQ;AACP,YAAM,IAAI,MAAM,mBAAmB;AAAA,IACpC;AAAA,EACD,OAAO;AACN,UAAM,IAAI,MAAM,0BAA0B;AAAA,EAC3C;AACD;AAOA,eAAe,QAAQ,QAAqE;AAC3F,MAAI,OAAO,WAAW,GAAG;AACxB,UAAM,IAAI,MAAM,uBAAuB;AAAA,EACxC,WAAW,OAAO,WAAW,GAAG;AAG/B,WAAO,QAAQ,QAAQ,OAAO,CAAC,EAAE,KAAK;AAAA,EACvC;AAGA,SAAO;AAAA,IACN,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,MAAM;AAChC,YAAM,cAAc,IAAI,WAAW,MAAM,SAAS,CAAC;AACnD,kBAAY,IAAI,OAAO,CAAC;AACxB,kBAAY,MAAM,MAAM,IAAI;AAC5B,aAAO;AAAA,IACR,CAAC;AAAA,EACF;AACD;",
   "names": []
 }

package/dist/esm/encrypt.js

@@ -31,7 +31,7 @@ async function encrypt({
     fromHex(fullId),
     shares.map(({ share, index }) => ({
       msg: share,
-      info: new Uint8Array([index])
+      index
     })),
     deriveKey(KeyPurpose.EncryptedRandomness, key)
   );

package/dist/esm/encrypt.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/encrypt.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, keyServers.length, threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tinfo: new Uint8Array([index]),\n\t\t})),\n\t\tderiveKey(KeyPurpose.EncryptedRandomness, key),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map((server, i) => [\n\t\tserver.objectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: { msg: Uint8Array; info: Uint8Array }[],\n\trandomnessKey: Uint8Array,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\trandomnessKey,\n\t\t\t);\n\t}\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid threshold or number of shares');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
-  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,0BAA0B;AACnC,SAAS,SAAS,qBAAqB;AAGvC,SAAS,uBAAuB;AAEhC,SAAS,iBAAiB;AAC1B,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAEtB,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,CAAC,mBAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,QAAQ,SAAS;AAG5D,QAAM,SAAS,aAAa,KAAK,WAAW,EAAE;AAC9C,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,QAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC;AAAA,IAC7B,EAAE;AAAA,IACF,UAAU,WAAW,qBAAqB,GAAG;AAAA,EAC9C;AAGA,QAAM,WAA+B,WAAW,IAAI,CAAC,QAAQ,MAAM;AAAA,IAClE,OAAO;AAAA,IACP,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,gBAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKA,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,eACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,8BAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACxD,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,SAAO,cAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\nimport { isValidSuiObjectId } from '@mysten/sui/utils';\nimport { split as externalSplit } from 'shamir-secret-sharing';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport { EncryptedObject } from './bcs.js';\nimport type { EncryptionInput } from './dem.js';\nimport { UserError } from './error.js';\nimport { BonehFranklinBLS12381Services, DST } from './ibe.js';\nimport { deriveKey, KeyPurpose } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { createFullId } from './utils.js';\n\nexport const MAX_U8 = 255;\n\n/**\n * Given full ID and what key servers to use, return the encrypted message under the identity and return the bcs bytes of the encrypted object.\n *\n * @param keyServers - A list of KeyServers (same server can be used multiple times)\n * @param kemType - The type of KEM to use.\n * @param packageId - packageId\n * @param id - id\n * @param encryptionInput - Input to the encryption. Should be one of the EncryptionInput types, AesGcmEncryptionInput or Plain.\n * @param threshold - The threshold for the TSS encryption.\n * @returns The bcs bytes of the encrypted object containing all metadata and the 256-bit symmetric key that was used to encrypt the object.\n * Since the key can be used to decrypt, it should not be shared but can be used eg. for backup.\n */\nexport async function encrypt({\n\tkeyServers,\n\tkemType,\n\tthreshold,\n\tpackageId,\n\tid,\n\tencryptionInput,\n}: {\n\tkeyServers: KeyServer[];\n\tkemType: KemType;\n\tthreshold: number;\n\tpackageId: string;\n\tid: string;\n\tencryptionInput: EncryptionInput;\n}): Promise<{\n\tencryptedObject: Uint8Array;\n\tkey: Uint8Array;\n}> {\n\t// Check inputs\n\tif (\n\t\tkeyServers.length < threshold ||\n\t\tthreshold === 0 ||\n\t\tkeyServers.length > MAX_U8 ||\n\t\tthreshold > MAX_U8 ||\n\t\t!isValidSuiObjectId(packageId)\n\t) {\n\t\tthrow new UserError(\n\t\t\t`Invalid key servers or threshold ${threshold} for ${keyServers.length} key servers for package ${packageId}`,\n\t\t);\n\t}\n\n\t// Generate a random symmetric key and encrypt the encryption input using this key.\n\tconst key = await encryptionInput.generateKey();\n\tconst demKey = deriveKey(KeyPurpose.DEM, key);\n\tconst ciphertext = await encryptionInput.encrypt(demKey);\n\n\t// Split the symmetric key into shares and encrypt each share with the public keys of the key servers.\n\tconst shares = await split(key, keyServers.length, threshold);\n\n\t// Encrypt the shares with the public keys of the key servers.\n\tconst fullId = createFullId(DST, packageId, id);\n\tconst encryptedShares = encryptBatched(\n\t\tkeyServers,\n\t\tkemType,\n\t\tfromHex(fullId),\n\t\tshares.map(({ share, index }) => ({\n\t\t\tmsg: share,\n\t\t\tindex,\n\t\t})),\n\t\tderiveKey(KeyPurpose.EncryptedRandomness, key),\n\t);\n\n\t// Services and indices of their shares are stored as a tuple\n\tconst services: [string, number][] = keyServers.map((server, i) => [\n\t\tserver.objectId,\n\t\tshares[i].index,\n\t]);\n\n\treturn {\n\t\tencryptedObject: EncryptedObject.serialize({\n\t\t\tversion: 0,\n\t\t\tpackageId,\n\t\t\tid,\n\t\t\tservices,\n\t\t\tthreshold,\n\t\t\tencryptedShares,\n\t\t\tciphertext,\n\t\t}).toBytes(),\n\t\tkey: demKey,\n\t};\n}\n\nexport enum KemType {\n\tBonehFranklinBLS12381DemCCA = 0,\n}\n\nexport enum DemType {\n\tAesGcm256 = 0,\n\tHmac256Ctr = 1,\n}\n\nfunction encryptBatched(\n\tkeyServers: KeyServer[],\n\tkemType: KemType,\n\tid: Uint8Array,\n\tshares: { msg: Uint8Array; index: number }[],\n\trandomnessKey: Uint8Array,\n): typeof IBEEncryptions.$inferType {\n\tswitch (kemType) {\n\t\tcase KemType.BonehFranklinBLS12381DemCCA:\n\t\t\treturn new BonehFranklinBLS12381Services(keyServers).encryptBatched(\n\t\t\t\tid,\n\t\t\t\tshares,\n\t\t\t\trandomnessKey,\n\t\t\t);\n\t}\n}\n\nasync function split(\n\tsecret: Uint8Array,\n\tn: number,\n\tthreshold: number,\n): Promise<{ index: number; share: Uint8Array }[]> {\n\t// The externalSplit function is from the 'shamir-secret-sharing' package and requires t > 1 and n >= 2.\n\t// So we handle the special cases here.\n\tif (n === 0 || threshold === 0 || threshold > n) {\n\t\tthrow new Error('Invalid threshold or number of shares');\n\t} else if (threshold === 1) {\n\t\t// If the threshold is 1, the secret is not split.\n\t\tconst result = [];\n\t\tfor (let i = 0; i < n; i++) {\n\t\t\t// The shared polynomial is a constant in this case, so the index doesn't matter.\n\t\t\t// To make sure they are unique, we use a counter.\n\t\t\tresult.push({ share: secret, index: i });\n\t\t}\n\t\treturn Promise.resolve(result);\n\t}\n\n\treturn externalSplit(secret, n, threshold).then((share) =>\n\t\tshare.map((s) => ({\n\t\t\tshare: s.subarray(0, s.length - 1),\n\t\t\t// split() returns the share index in the last byte\n\t\t\tindex: s[s.length - 1],\n\t\t})),\n\t);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AACxB,SAAS,0BAA0B;AACnC,SAAS,SAAS,qBAAqB;AAGvC,SAAS,uBAAuB;AAEhC,SAAS,iBAAiB;AAC1B,SAAS,+BAA+B,WAAW;AACnD,SAAS,WAAW,kBAAkB;AAEtC,SAAS,oBAAoB;AAEtB,MAAM,SAAS;AActB,eAAsB,QAAQ;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD,GAUG;AAEF,MACC,WAAW,SAAS,aACpB,cAAc,KACd,WAAW,SAAS,UACpB,YAAY,UACZ,CAAC,mBAAmB,SAAS,GAC5B;AACD,UAAM,IAAI;AAAA,MACT,oCAAoC,SAAS,QAAQ,WAAW,MAAM,4BAA4B,SAAS;AAAA,IAC5G;AAAA,EACD;AAGA,QAAM,MAAM,MAAM,gBAAgB,YAAY;AAC9C,QAAM,SAAS,UAAU,WAAW,KAAK,GAAG;AAC5C,QAAM,aAAa,MAAM,gBAAgB,QAAQ,MAAM;AAGvD,QAAM,SAAS,MAAM,MAAM,KAAK,WAAW,QAAQ,SAAS;AAG5D,QAAM,SAAS,aAAa,KAAK,WAAW,EAAE;AAC9C,QAAM,kBAAkB;AAAA,IACvB;AAAA,IACA;AAAA,IACA,QAAQ,MAAM;AAAA,IACd,OAAO,IAAI,CAAC,EAAE,OAAO,MAAM,OAAO;AAAA,MACjC,KAAK;AAAA,MACL;AAAA,IACD,EAAE;AAAA,IACF,UAAU,WAAW,qBAAqB,GAAG;AAAA,EAC9C;AAGA,QAAM,WAA+B,WAAW,IAAI,CAAC,QAAQ,MAAM;AAAA,IAClE,OAAO;AAAA,IACP,OAAO,CAAC,EAAE;AAAA,EACX,CAAC;AAED,SAAO;AAAA,IACN,iBAAiB,gBAAgB,UAAU;AAAA,MAC1C,SAAS;AAAA,MACT;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC,EAAE,QAAQ;AAAA,IACX,KAAK;AAAA,EACN;AACD;AAEO,IAAK,UAAL,kBAAKA,aAAL;AACN,EAAAA,kBAAA,iCAA8B,KAA9B;AADW,SAAAA;AAAA,GAAA;AAIL,IAAK,UAAL,kBAAKC,aAAL;AACN,EAAAA,kBAAA,eAAY,KAAZ;AACA,EAAAA,kBAAA,gBAAa,KAAb;AAFW,SAAAA;AAAA,GAAA;AAKZ,SAAS,eACR,YACA,SACA,IACA,QACA,eACmC;AACnC,UAAQ,SAAS;AAAA,IAChB,KAAK;AACJ,aAAO,IAAI,8BAA8B,UAAU,EAAE;AAAA,QACpD;AAAA,QACA;AAAA,QACA;AAAA,MACD;AAAA,EACF;AACD;AAEA,eAAe,MACd,QACA,GACA,WACkD;AAGlD,MAAI,MAAM,KAAK,cAAc,KAAK,YAAY,GAAG;AAChD,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACxD,WAAW,cAAc,GAAG;AAE3B,UAAM,SAAS,CAAC;AAChB,aAAS,IAAI,GAAG,IAAI,GAAG,KAAK;AAG3B,aAAO,KAAK,EAAE,OAAO,QAAQ,OAAO,EAAE,CAAC;AAAA,IACxC;AACA,WAAO,QAAQ,QAAQ,MAAM;AAAA,EAC9B;AAEA,SAAO,cAAc,QAAQ,GAAG,SAAS,EAAE;AAAA,IAAK,CAAC,UAChD,MAAM,IAAI,CAAC,OAAO;AAAA,MACjB,OAAO,EAAE,SAAS,GAAG,EAAE,SAAS,CAAC;AAAA;AAAA,MAEjC,OAAO,EAAE,EAAE,SAAS,CAAC;AAAA,IACtB,EAAE;AAAA,EACH;AACD;",
   "names": ["KemType", "DemType"]
 }

package/dist/esm/ibe.d.ts

@@ -23,12 +23,12 @@ export declare abstract class IBEServers {
      * Encrypt a batch of messages for the given identity.
      *
      * @param id The identity.
-     * @param msgAndInfos The messages and an additional info parameter which will be included in the KDF.
+     * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.
      * @returns The encrypted messages.
      */
-    abstract encryptBatched(id: Uint8Array, msgAndInfos: {
+    abstract encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
+        index: number;
     }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
 }
 /**
@@ -38,9 +38,9 @@ export declare abstract class IBEServers {
 export declare class BonehFranklinBLS12381Services extends IBEServers {
     readonly publicKeys: G2Element[];
     constructor(services: KeyServer[]);
-    encryptBatched(id: Uint8Array, msgAndInfos: {
+    encryptBatched(id: Uint8Array, msgAndIndices: {
         msg: Uint8Array;
-        info: Uint8Array;
+        index: number;
     }[], randomnessKey: Uint8Array): typeof IBEEncryptions.$inferType;
     /**
      * Returns true if the user secret key is valid for the given public key and id.
@@ -59,5 +59,5 @@ export declare class BonehFranklinBLS12381Services extends IBEServers {
      * @param info An info parameter also included in the KDF.
      * @returns The decrypted message.
      */
-    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, info: Uint8Array): Uint8Array;
+    static decrypt(nonce: G2Element, sk: G1Element, ciphertext: Uint8Array, id: Uint8Array, [objectId, index]: [string, number]): Uint8Array;
 }

package/dist/esm/ibe.js

@@ -20,13 +20,13 @@ class BonehFranklinBLS12381Services extends IBEServers {
     super(services.map((service) => service.objectId));
     this.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));
   }
-  encryptBatched(id, msgAndInfos, randomnessKey) {
-    if (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndInfos.length) {
+  encryptBatched(id, msgAndIndices, randomnessKey) {
+    if (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {
       throw new Error("Invalid public keys");
     }
     const [r, nonce, keys] = encapBatched(this.publicKeys, id);
-    const encryptedShares = msgAndInfos.map(
-      (msgAndInfo, i) => xor(msgAndInfo.msg, kdf(keys[i], msgAndInfo.info))
+    const encryptedShares = msgAndIndices.map(
+      (msgAndIndex, i) => xor(msgAndIndex.msg, kdf(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index))
     );
     const encryptedRandomness = xor(randomnessKey, r.toBytes());
     return {
@@ -59,8 +59,8 @@ class BonehFranklinBLS12381Services extends IBEServers {
    * @param info An info parameter also included in the KDF.
    * @returns The decrypted message.
    */
-  static decrypt(nonce, sk, ciphertext, info) {
-    return xor(ciphertext, kdf(decap(nonce, sk), info));
+  static decrypt(nonce, sk, ciphertext, id, [objectId, index]) {
+    return xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));
   }
 }
 function encapBatched(publicKeys, id) {

package/dist/esm/ibe.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/ibe.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.objectIds.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndInfos The messages and an additional info parameter which will be included in the KDF.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndInfos: { msg: Uint8Array; info: Uint8Array }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndInfos: { msg: Uint8Array; info: Uint8Array }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndInfos.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = msgAndInfos.map((msgAndInfo, i) =>\n\t\t\txor(msgAndInfo.msg, kdf(keys[i], msgAndInfo.info)),\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tinfo: Uint8Array,\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), info));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
-  "mappings": "AAGA,SAAS,eAAe;AAIxB,SAAS,WAAW,WAAW,cAAc;AAC7C,SAAS,WAAW;AAEpB,SAAS,WAAW;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,UAAU;AAAA,EACvB;AAcD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,aACA,eACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,YAAY,QAAQ;AAClF,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,YAAY;AAAA,MAAI,CAAC,YAAY,MACpD,IAAI,WAAW,KAAK,IAAI,KAAK,CAAC,GAAG,WAAW,IAAI,CAAC;AAAA,IAClD;AACA,UAAM,sBAAsB,IAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,UAAU,UAAU,CAAC,EAAE,QAAQ;AACjE,UAAM,MAAM,UAAU,YAAY,QAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAC1E,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,MACa;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,IAAI,CAAC;AAAA,EACnD;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,UAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC1E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex } from '@mysten/bcs';\n\nimport type { IBEEncryptions } from './bcs.js';\nimport type { GTElement } from './bls12381.js';\nimport { G1Element, G2Element, Scalar } from './bls12381.js';\nimport { kdf } from './kdf.js';\nimport type { KeyServer } from './key-server.js';\nimport { xor } from './utils.js';\n\n/**\n * The domain separation tag for the hash-to-group function.\n */\nexport const DST: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-00');\n\n/**\n * The domain separation tag for the signing proof of possession.\n */\nexport const DST_POP: Uint8Array = new TextEncoder().encode('SUI-SEAL-IBE-BLS12381-POP-00');\n\n/**\n * The interface for the key servers.\n */\nexport abstract class IBEServers {\n\tobjectIds: string[];\n\n\tconstructor(objectIds: string[]) {\n\t\tthis.objectIds = objectIds;\n\t}\n\n\t/**\n\t * The number of key servers.\n\t */\n\tsize(): number {\n\t\treturn this.objectIds.length;\n\t}\n\n\t/**\n\t * Encrypt a batch of messages for the given identity.\n\t *\n\t * @param id The identity.\n\t * @param msgAndIndices The messages and the corresponding indices of the share being encrypted.\n\t * @returns The encrypted messages.\n\t */\n\tabstract encryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType;\n}\n\n/**\n * Identity-based encryption based on the Boneh-Franklin IBE scheme.\n * This object represents a set of key servers that can be used to encrypt messages for a given identity.\n */\nexport class BonehFranklinBLS12381Services extends IBEServers {\n\treadonly publicKeys: G2Element[];\n\n\tconstructor(services: KeyServer[]) {\n\t\tsuper(services.map((service) => service.objectId));\n\t\tthis.publicKeys = services.map((service) => G2Element.fromBytes(service.pk));\n\t}\n\n\tencryptBatched(\n\t\tid: Uint8Array,\n\t\tmsgAndIndices: { msg: Uint8Array; index: number }[],\n\t\trandomnessKey: Uint8Array,\n\t): typeof IBEEncryptions.$inferType {\n\t\tif (this.publicKeys.length === 0 || this.publicKeys.length !== msgAndIndices.length) {\n\t\t\tthrow new Error('Invalid public keys');\n\t\t}\n\t\tconst [r, nonce, keys] = encapBatched(this.publicKeys, id);\n\t\tconst encryptedShares = msgAndIndices.map((msgAndIndex, i) =>\n\t\t\txor(msgAndIndex.msg, kdf(keys[i], nonce, id, this.objectIds[i], msgAndIndex.index)),\n\t\t);\n\t\tconst encryptedRandomness = xor(randomnessKey, r.toBytes());\n\n\t\treturn {\n\t\t\tBonehFranklinBLS12381: {\n\t\t\t\tnonce: nonce.toBytes(),\n\t\t\t\tencryptedShares,\n\t\t\t\tencryptedRandomness,\n\t\t\t},\n\t\t\t$kind: 'BonehFranklinBLS12381',\n\t\t};\n\t}\n\n\t/**\n\t * Returns true if the user secret key is valid for the given public key and id.\n\t * @param user_secret_key - The user secret key.\n\t * @param id - The identity.\n\t * @param public_key - The public key.\n\t * @returns True if the user secret key is valid for the given public key and id.\n\t */\n\tstatic verifyUserSecretKey(userSecretKey: G1Element, id: string, publicKey: G2Element): boolean {\n\t\tconst lhs = userSecretKey.pairing(G2Element.generator()).toBytes();\n\t\tconst rhs = G1Element.hashToCurve(fromHex(id)).pairing(publicKey).toBytes();\n\t\treturn lhs.length === rhs.length && lhs.every((value, index) => value === rhs[index]);\n\t}\n\n\t/**\n\t * Identity-based decryption.\n\t *\n\t * @param nonce The encryption nonce.\n\t * @param sk The user secret key.\n\t * @param ciphertext The encrypted message.\n\t * @param info An info parameter also included in the KDF.\n\t * @returns The decrypted message.\n\t */\n\tstatic decrypt(\n\t\tnonce: G2Element,\n\t\tsk: G1Element,\n\t\tciphertext: Uint8Array,\n\t\tid: Uint8Array,\n\t\t[objectId, index]: [string, number],\n\t): Uint8Array {\n\t\treturn xor(ciphertext, kdf(decap(nonce, sk), nonce, id, objectId, index));\n\t}\n}\n\n/**\n * Batched identity-based key-encapsulation mechanism: encapsulate multiple keys for given identity using different key servers.\n *\n * @param publicKeys Public keys for a set of key servers.\n * @param id The identity used to encapsulate the keys.\n * @returns A common nonce of the keys and a list of keys, 32 bytes each.\n */\nfunction encapBatched(publicKeys: G2Element[], id: Uint8Array): [Scalar, G2Element, GTElement[]] {\n\tif (publicKeys.length === 0) {\n\t\tthrow new Error('No public keys provided');\n\t}\n\tconst r = Scalar.random();\n\tconst nonce = G2Element.generator().multiply(r);\n\tconst gid = G1Element.hashToCurve(id).multiply(r);\n\treturn [r, nonce, publicKeys.map((public_key) => gid.pairing(public_key))];\n}\n\n/**\n * Decapsulate a key using a user secret key and the nonce.\n *\n * @param usk The user secret key.\n * @param nonce The nonce.\n * @returns The encapsulated key.\n */\nfunction decap(nonce: G2Element, usk: G1Element): GTElement {\n\treturn usk.pairing(nonce);\n}\n"],
+  "mappings": "AAGA,SAAS,eAAe;AAIxB,SAAS,WAAW,WAAW,cAAc;AAC7C,SAAS,WAAW;AAEpB,SAAS,WAAW;AAKb,MAAM,MAAkB,IAAI,YAAY,EAAE,OAAO,0BAA0B;AAK3E,MAAM,UAAsB,IAAI,YAAY,EAAE,OAAO,8BAA8B;AAKnF,MAAe,WAAW;AAAA,EAGhC,YAAY,WAAqB;AAChC,SAAK,YAAY;AAAA,EAClB;AAAA;AAAA;AAAA;AAAA,EAKA,OAAe;AACd,WAAO,KAAK,UAAU;AAAA,EACvB;AAcD;AAMO,MAAM,sCAAsC,WAAW;AAAA,EAG7D,YAAY,UAAuB;AAClC,UAAM,SAAS,IAAI,CAAC,YAAY,QAAQ,QAAQ,CAAC;AACjD,SAAK,aAAa,SAAS,IAAI,CAAC,YAAY,UAAU,UAAU,QAAQ,EAAE,CAAC;AAAA,EAC5E;AAAA,EAEA,eACC,IACA,eACA,eACmC;AACnC,QAAI,KAAK,WAAW,WAAW,KAAK,KAAK,WAAW,WAAW,cAAc,QAAQ;AACpF,YAAM,IAAI,MAAM,qBAAqB;AAAA,IACtC;AACA,UAAM,CAAC,GAAG,OAAO,IAAI,IAAI,aAAa,KAAK,YAAY,EAAE;AACzD,UAAM,kBAAkB,cAAc;AAAA,MAAI,CAAC,aAAa,MACvD,IAAI,YAAY,KAAK,IAAI,KAAK,CAAC,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,GAAG,YAAY,KAAK,CAAC;AAAA,IACnF;AACA,UAAM,sBAAsB,IAAI,eAAe,EAAE,QAAQ,CAAC;AAE1D,WAAO;AAAA,MACN,uBAAuB;AAAA,QACtB,OAAO,MAAM,QAAQ;AAAA,QACrB;AAAA,QACA;AAAA,MACD;AAAA,MACA,OAAO;AAAA,IACR;AAAA,EACD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,OAAO,oBAAoB,eAA0B,IAAY,WAA+B;AAC/F,UAAM,MAAM,cAAc,QAAQ,UAAU,UAAU,CAAC,EAAE,QAAQ;AACjE,UAAM,MAAM,UAAU,YAAY,QAAQ,EAAE,CAAC,EAAE,QAAQ,SAAS,EAAE,QAAQ;AAC1E,WAAO,IAAI,WAAW,IAAI,UAAU,IAAI,MAAM,CAAC,OAAO,UAAU,UAAU,IAAI,KAAK,CAAC;AAAA,EACrF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,OAAO,QACN,OACA,IACA,YACA,IACA,CAAC,UAAU,KAAK,GACH;AACb,WAAO,IAAI,YAAY,IAAI,MAAM,OAAO,EAAE,GAAG,OAAO,IAAI,UAAU,KAAK,CAAC;AAAA,EACzE;AACD;AASA,SAAS,aAAa,YAAyB,IAAkD;AAChG,MAAI,WAAW,WAAW,GAAG;AAC5B,UAAM,IAAI,MAAM,yBAAyB;AAAA,EAC1C;AACA,QAAM,IAAI,OAAO,OAAO;AACxB,QAAM,QAAQ,UAAU,UAAU,EAAE,SAAS,CAAC;AAC9C,QAAM,MAAM,UAAU,YAAY,EAAE,EAAE,SAAS,CAAC;AAChD,SAAO,CAAC,GAAG,OAAO,WAAW,IAAI,CAAC,eAAe,IAAI,QAAQ,UAAU,CAAC,CAAC;AAC1E;AASA,SAAS,MAAM,OAAkB,KAA2B;AAC3D,SAAO,IAAI,QAAQ,KAAK;AACzB;",
   "names": []
 }

package/dist/esm/index.d.ts

@@ -1,3 +1,4 @@
 export { getAllowlistedKeyServers } from './key-server.js';
 export { SealClient, type SealClientOptions } from './client.js';
 export { SessionKey } from './session-key.js';
+export * from './error.js';

package/dist/esm/index.js

@@ -1,6 +1,7 @@
 import { getAllowlistedKeyServers } from "./key-server.js";
 import { SealClient } from "./client.js";
 import { SessionKey } from "./session-key.js";
+export * from "./error.js";
 export {
   SealClient,
   SessionKey,

package/dist/esm/index.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/index.ts"],
-  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getAllowlistedKeyServers } from './key-server.js';\nexport { SealClient, type SealClientOptions } from './client.js';\nexport { SessionKey } from './session-key.js';\n"],
-  "mappings": "AAGA,SAAS,gCAAgC;AACzC,SAAS,kBAA0C;AACnD,SAAS,kBAAkB;",
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { getAllowlistedKeyServers } from './key-server.js';\nexport { SealClient, type SealClientOptions } from './client.js';\nexport { SessionKey } from './session-key.js';\nexport * from './error.js';\n"],
+  "mappings": "AAGA,SAAS,gCAAgC;AACzC,SAAS,kBAA0C;AACnD,SAAS,kBAAkB;AAC3B,cAAc;",
   "names": []
 }