@omnituum/pqc-shared 0.2.6

package/dist/crypto/index.d.ts

@@ -0,0 +1,641 @@
+import { E as ENVELOPE_VERSION, f as ENVELOPE_SUITE, g as ENVELOPE_AEAD } from '../version-BygzPVGs.js';
+import * as _noble_ciphers_utils from '@noble/ciphers/utils';
+
+/**
+ * Omnituum PQC Shared - Kyber ML-KEM-768
+ *
+ * Browser-compatible Kyber operations using kyber-crystals.
+ * NIST Level 3 security - quantum-resistant.
+ */
+interface KyberKeypair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+}
+interface KyberKeypairB64 {
+    publicB64: string;
+    secretB64: string;
+}
+interface KyberEncapsulation {
+    ciphertext: Uint8Array;
+    sharedSecret: Uint8Array;
+}
+declare function isKyberAvailable(): Promise<boolean>;
+/**
+ * Generate a Kyber ML-KEM-768 keypair.
+ */
+declare function generateKyberKeypair(): Promise<KyberKeypairB64 | null>;
+/**
+ * Encapsulate a shared secret using Kyber ML-KEM-768.
+ */
+declare function kyberEncapsulate(pubKeyB64: string): Promise<KyberEncapsulation>;
+/**
+ * Decapsulate a shared secret using Kyber ML-KEM-768.
+ */
+declare function kyberDecapsulate(kemCiphertextB64: string, secretKeyB64: string): Promise<Uint8Array>;
+/**
+ * Wrap a message key using Kyber shared secret.
+ */
+declare function kyberWrapKey(sharedSecret: Uint8Array, msgKey32: Uint8Array): {
+    nonce: string;
+    wrapped: string;
+};
+/**
+ * Unwrap a message key using Kyber shared secret.
+ */
+declare function kyberUnwrapKey(sharedSecret: Uint8Array, nonceB64: string, wrappedB64: string): Uint8Array | null;
+
+/**
+ * Omnituum PQC Shared - Hybrid Encryption
+ *
+ * Post-quantum secure hybrid encryption combining:
+ * - X25519 ECDH (classical, proven security)
+ * - Kyber ML-KEM-768 (post-quantum, NIST Level 3)
+ *
+ * Both key exchanges must succeed for decryption, providing
+ * security against both classical and quantum attacks.
+ */
+
+interface HybridIdentity {
+    /** Unique identifier */
+    id: string;
+    /** Display name */
+    name: string;
+    /** X25519 public key (hex) */
+    x25519PubHex: string;
+    /** X25519 secret key (hex) - keep private! */
+    x25519SecHex: string;
+    /** Kyber public key (base64) */
+    kyberPubB64: string;
+    /** Kyber secret key (base64) - keep private! */
+    kyberSecB64: string;
+    /** Creation timestamp */
+    createdAt: string;
+    /** Last rotation timestamp */
+    lastRotatedAt?: string;
+    /** Key rotation count */
+    rotationCount: number;
+}
+interface HybridPublicKeys {
+    /** X25519 public key (hex) */
+    x25519PubHex: string;
+    /** Kyber public key (base64) */
+    kyberPubB64: string;
+}
+interface HybridSecretKeys {
+    /** X25519 secret key (hex) */
+    x25519SecHex: string;
+    /** Kyber secret key (base64) */
+    kyberSecB64: string;
+}
+interface HybridEnvelope {
+    /** Version identifier (FROZEN - see pqc-docs/specs/envelope.v1.md) */
+    v: typeof ENVELOPE_VERSION;
+    /** Algorithm suite */
+    suite: typeof ENVELOPE_SUITE;
+    /** AEAD algorithm */
+    aead: typeof ENVELOPE_AEAD;
+    /** X25519 ephemeral public key (hex) */
+    x25519Epk: string;
+    /** X25519 wrapped content key */
+    x25519Wrap: {
+        nonce: string;
+        wrapped: string;
+    };
+    /** Kyber KEM ciphertext (base64) */
+    kyberKemCt: string;
+    /** Kyber wrapped content key */
+    kyberWrap: {
+        nonce: string;
+        wrapped: string;
+    };
+    /** Content encryption nonce (base64) */
+    contentNonce: string;
+    /** Encrypted content (base64) */
+    ciphertext: string;
+    /** Metadata */
+    meta: {
+        createdAt: string;
+        senderName?: string;
+        senderId?: string;
+    };
+}
+/**
+ * Generate a new hybrid identity with both X25519 and Kyber keys.
+ */
+declare function generateHybridIdentity(name: string): Promise<HybridIdentity | null>;
+/**
+ * Rotate keys for an existing identity.
+ */
+declare function rotateHybridIdentity(identity: HybridIdentity): Promise<HybridIdentity | null>;
+/**
+ * Extract public keys from identity.
+ */
+declare function getPublicKeys(identity: HybridIdentity): HybridPublicKeys;
+/**
+ * Extract secret keys from identity.
+ */
+declare function getSecretKeys(identity: HybridIdentity): HybridSecretKeys;
+/**
+ * Encrypt a message using hybrid X25519 + Kyber encryption.
+ *
+ * @param plaintext - Message to encrypt (string or bytes)
+ * @param recipientPublicKeys - Recipient's public keys
+ * @param sender - Optional sender identity for metadata
+ */
+declare function hybridEncrypt(plaintext: string | Uint8Array, recipientPublicKeys: HybridPublicKeys, sender?: {
+    name?: string;
+    id?: string;
+}): Promise<HybridEnvelope>;
+/**
+ * Decrypt a hybrid envelope.
+ *
+ * Tries Kyber first (post-quantum), falls back to X25519 (classical).
+ * Both must be valid for the envelope to be considered secure.
+ *
+ * @param envelope - Encrypted envelope
+ * @param secretKeys - Recipient's secret keys
+ * @returns Decrypted plaintext as bytes
+ */
+declare function hybridDecrypt(envelope: HybridEnvelope, secretKeys: HybridSecretKeys): Promise<Uint8Array>;
+/**
+ * Decrypt and decode as UTF-8 string.
+ */
+declare function hybridDecryptToString(envelope: HybridEnvelope, secretKeys: HybridSecretKeys): Promise<string>;
+
+/**
+ * Omnituum PQC Shared - X25519 Key Exchange
+ *
+ * Browser-compatible X25519 operations using tweetnacl.
+ * Provides key generation, ECDH, and NaCl box operations.
+ */
+interface X25519Keypair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+}
+interface X25519KeypairHex {
+    publicHex: string;
+    secretHex: string;
+    publicBytes: Uint8Array;
+    secretBytes: Uint8Array;
+}
+interface ClassicalWrap {
+    ephPubKey: string;
+    nonce: string;
+    boxed: string;
+}
+/**
+ * Generate a new random X25519 keypair.
+ */
+declare function generateX25519Keypair(): X25519KeypairHex;
+/**
+ * Generate a deterministic X25519 keypair from a 32-byte seed.
+ */
+declare function generateX25519KeypairFromSeed(seed: Uint8Array): X25519Keypair;
+/**
+ * Wrap a symmetric key for a recipient using X25519 ECDH.
+ * Creates an ephemeral keypair and encrypts the key using NaCl box.
+ */
+declare function boxWrapWithX25519(symKey32: Uint8Array, recipientPubKeyHex: string): ClassicalWrap;
+/**
+ * Unwrap a symmetric key using X25519 ECDH.
+ */
+declare function boxUnwrapWithX25519(wrap: ClassicalWrap, recipientSecretKey32: Uint8Array): Uint8Array | null;
+/**
+ * Perform raw X25519 ECDH to derive a shared secret.
+ */
+declare function x25519SharedSecret(ourSecretKey: Uint8Array, theirPublicKey: Uint8Array): Uint8Array;
+declare function deriveKeyFromShared(shared: Uint8Array, salt: string, info: string): Uint8Array;
+
+/**
+ * Omnituum PQC Shared - Dilithium ML-DSA-65 Signatures
+ *
+ * Post-quantum digital signatures using ML-DSA-65 (formerly CRYSTALS-Dilithium).
+ * NIST Level 3 security - quantum-resistant.
+ *
+ * Uses @noble/post-quantum for browser-compatible implementation.
+ */
+interface DilithiumKeypair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+}
+interface DilithiumKeypairB64 {
+    publicB64: string;
+    secretB64: string;
+}
+interface DilithiumSignature {
+    /** Signature (base64) */
+    signature: string;
+    /** Algorithm identifier */
+    algorithm: 'ML-DSA-65';
+}
+declare function isDilithiumAvailable(): Promise<boolean>;
+/**
+ * Generate a Dilithium ML-DSA-65 keypair.
+ *
+ * @returns Keypair with base64-encoded keys, or null if unavailable
+ */
+declare function generateDilithiumKeypair(): Promise<DilithiumKeypairB64 | null>;
+/**
+ * Generate a deterministic Dilithium keypair from a seed.
+ *
+ * @param seed - 32-byte seed
+ * @returns Keypair
+ */
+declare function generateDilithiumKeypairFromSeed(seed: Uint8Array): Promise<DilithiumKeypair>;
+/**
+ * Sign a message using Dilithium ML-DSA-65.
+ *
+ * @param message - Message to sign (Uint8Array or string)
+ * @param secretKeyB64 - Secret key (base64)
+ * @returns Signature object
+ */
+declare function dilithiumSign(message: Uint8Array | string, secretKeyB64: string): Promise<DilithiumSignature>;
+/**
+ * Sign raw bytes (returns raw signature).
+ */
+declare function dilithiumSignRaw(message: Uint8Array, secretKey: Uint8Array): Promise<Uint8Array>;
+/**
+ * Verify a Dilithium signature.
+ *
+ * @param message - Original message
+ * @param signatureB64 - Signature (base64)
+ * @param publicKeyB64 - Public key (base64)
+ * @returns true if signature is valid
+ */
+declare function dilithiumVerify(message: Uint8Array | string, signatureB64: string, publicKeyB64: string): Promise<boolean>;
+/**
+ * Verify raw signature bytes.
+ */
+declare function dilithiumVerifyRaw(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
+/** ML-DSA-65 public key size */
+declare const DILITHIUM_PUBLIC_KEY_SIZE = 1952;
+/** ML-DSA-65 secret key size */
+declare const DILITHIUM_SECRET_KEY_SIZE = 4032;
+/** ML-DSA-65 signature size */
+declare const DILITHIUM_SIGNATURE_SIZE = 3309;
+/** Algorithm identifier */
+declare const DILITHIUM_ALGORITHM = "ML-DSA-65";
+
+/**
+ * Omnituum PQC Shared - BLAKE3 Hash Primitive
+ *
+ * BLAKE3 is a cryptographic hash function that provides:
+ * - Fast performance (faster than SHA-256, SHA-3)
+ * - 256-bit security (collision resistance)
+ * - Variable output length (default 32 bytes)
+ *
+ * Used in Noise protocols for transcript hashing.
+ */
+interface Blake3Options {
+    /** Output length in bytes (default: 32) */
+    outputLength?: number;
+    /** Optional key for keyed hashing (32 bytes) */
+    key?: Uint8Array;
+    /** Optional context string for domain separation */
+    context?: string;
+}
+/**
+ * Compute BLAKE3 hash of input data.
+ *
+ * @param data - Data to hash (Uint8Array or string)
+ * @param options - Optional configuration
+ * @returns BLAKE3 hash (default 32 bytes)
+ *
+ * @example
+ * ```ts
+ * // Simple hash
+ * const hash = blake3(new Uint8Array([1, 2, 3]));
+ *
+ * // Hash with context (domain separation)
+ * const hash = blake3(data, { context: 'MyApp v1.0 signing' });
+ *
+ * // Keyed hash (requires 32-byte key)
+ * const hash = blake3(data, { key: keyBytes });
+ *
+ * // Variable output length
+ * const hash = blake3(data, { outputLength: 64 });
+ * ```
+ */
+declare function blake3(data: Uint8Array | string, options?: Blake3Options): Uint8Array;
+/**
+ * Compute BLAKE3 hash and return as hex string.
+ */
+declare function blake3Hex(data: Uint8Array | string, options?: Blake3Options): string;
+/**
+ * Create a keyed BLAKE3 hash (MAC).
+ *
+ * @param key - 32-byte key
+ * @param data - Data to hash
+ * @returns BLAKE3-MAC (32 bytes by default)
+ */
+declare function blake3Mac(key: Uint8Array, data: Uint8Array, outputLength?: number): Uint8Array;
+/**
+ * Derive a key from a context and key material using BLAKE3.
+ * This uses BLAKE3's built-in KDF mode.
+ *
+ * @param context - Domain separation string
+ * @param keyMaterial - Input key material
+ * @param outputLength - Desired output length (default 32)
+ * @returns Derived key
+ */
+declare function blake3DeriveKey(context: string, keyMaterial: Uint8Array, outputLength?: number): Uint8Array;
+/** Default BLAKE3 output length (32 bytes = 256 bits) */
+declare const BLAKE3_OUTPUT_LENGTH = 32;
+/** BLAKE3 key length for keyed mode (32 bytes) */
+declare const BLAKE3_KEY_LENGTH = 32;
+/** BLAKE3 block size (64 bytes) */
+declare const BLAKE3_BLOCK_SIZE = 64;
+
+/**
+ * Omnituum PQC Shared - ChaCha20-Poly1305 Primitives
+ *
+ * AEAD ciphers for authenticated encryption:
+ * - ChaCha20-Poly1305: Standard AEAD (12-byte nonce)
+ * - XChaCha20-Poly1305: Extended nonce variant (24-byte nonce)
+ *
+ * Used in Noise protocols and general-purpose encryption.
+ */
+interface ChaChaPayload {
+    /** Nonce (12 bytes for standard, 24 bytes for xchacha) */
+    nonce: Uint8Array;
+    /** Ciphertext with Poly1305 tag (16 bytes appended) */
+    ciphertext: Uint8Array;
+}
+/**
+ * Encrypt using ChaCha20-Poly1305.
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce (must be unique per key)
+ * @param plaintext - Data to encrypt
+ * @param aad - Optional additional authenticated data
+ * @returns Ciphertext with Poly1305 tag appended
+ */
+declare function chaCha20Poly1305Encrypt(key: Uint8Array, nonce: Uint8Array, plaintext: Uint8Array, aad?: Uint8Array): Uint8Array;
+/**
+ * Decrypt using ChaCha20-Poly1305.
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce
+ * @param ciphertext - Ciphertext with Poly1305 tag
+ * @param aad - Optional additional authenticated data
+ * @returns Plaintext, or null if authentication fails
+ */
+declare function chaCha20Poly1305Decrypt(key: Uint8Array, nonce: Uint8Array, ciphertext: Uint8Array, aad?: Uint8Array): Uint8Array | null;
+/**
+ * Encrypt using XChaCha20-Poly1305 (extended 24-byte nonce).
+ *
+ * XChaCha20-Poly1305 is preferred for most applications because:
+ * - 24-byte nonce can be safely generated randomly
+ * - No nonce collision risk with ~2^80 messages per key
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 24-byte nonce (can be random)
+ * @param plaintext - Data to encrypt
+ * @param aad - Optional additional authenticated data
+ * @returns Ciphertext with Poly1305 tag appended
+ */
+declare function xChaCha20Poly1305Encrypt(key: Uint8Array, nonce: Uint8Array, plaintext: Uint8Array, aad?: Uint8Array): Uint8Array;
+/**
+ * Decrypt using XChaCha20-Poly1305.
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 24-byte nonce
+ * @param ciphertext - Ciphertext with Poly1305 tag
+ * @param aad - Optional additional authenticated data
+ * @returns Plaintext, or null if authentication fails
+ */
+declare function xChaCha20Poly1305Decrypt(key: Uint8Array, nonce: Uint8Array, ciphertext: Uint8Array, aad?: Uint8Array): Uint8Array | null;
+/**
+ * Create an XChaCha20-Poly1305 cipher instance.
+ * Compatible with @noble/ciphers API used in noise-kyber.
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 24-byte nonce
+ * @param aad - Optional additional authenticated data
+ * @returns Cipher with encrypt/decrypt methods
+ */
+declare function createXChaCha20Poly1305(key: Uint8Array, nonce: Uint8Array, aad?: Uint8Array): _noble_ciphers_utils.CipherWithOutput;
+/**
+ * Create a ChaCha20-Poly1305 cipher instance.
+ *
+ * @param key - 32-byte encryption key
+ * @param nonce - 12-byte nonce
+ * @param aad - Optional additional authenticated data
+ * @returns Cipher with encrypt/decrypt methods
+ */
+declare function createChaCha20Poly1305(key: Uint8Array, nonce: Uint8Array, aad?: Uint8Array): _noble_ciphers_utils.CipherWithOutput;
+/** ChaCha20-Poly1305 key size (32 bytes) */
+declare const CHACHA20_KEY_SIZE = 32;
+/** ChaCha20-Poly1305 nonce size (12 bytes) */
+declare const CHACHA20_NONCE_SIZE = 12;
+/** XChaCha20-Poly1305 nonce size (24 bytes) */
+declare const XCHACHA20_NONCE_SIZE = 24;
+/** Poly1305 tag size (16 bytes) */
+declare const POLY1305_TAG_SIZE = 16;
+
+/**
+ * Omnituum PQC Shared - HKDF (HMAC-based Key Derivation Function)
+ *
+ * HKDF is a NIST-approved key derivation function (RFC 5869).
+ * Supports SHA-256 (default) and SHA-512 hash functions.
+ *
+ * Two-step process:
+ * 1. Extract: Derive a pseudorandom key from input keying material
+ * 2. Expand: Generate output keying material from the PRK
+ *
+ * Used in Noise protocols for key derivation.
+ */
+type HkdfHash = 'sha256' | 'sha512';
+interface HkdfOptions {
+    /** Hash function to use (default: 'sha256') */
+    hash?: HkdfHash;
+    /** Context info for domain separation */
+    info?: Uint8Array | string;
+    /** Salt (defaults to zeroes if not provided) */
+    salt?: Uint8Array;
+}
+/**
+ * Derive keys using HKDF (Extract + Expand).
+ *
+ * @param ikm - Input keying material
+ * @param outputLength - Desired output length in bytes
+ * @param options - Optional salt, info, and hash selection
+ * @returns Derived key material
+ *
+ * @example
+ * ```ts
+ * // Basic key derivation
+ * const key = hkdfDerive(sharedSecret, 32);
+ *
+ * // With domain separation
+ * const key = hkdfDerive(sharedSecret, 32, {
+ *   info: 'MyApp v1.0 encryption key'
+ * });
+ *
+ * // With salt
+ * const key = hkdfDerive(sharedSecret, 32, {
+ *   salt: randomSalt,
+ *   info: 'session key'
+ * });
+ * ```
+ */
+declare function hkdfDerive(ikm: Uint8Array, outputLength: number, options?: HkdfOptions): Uint8Array;
+/**
+ * HKDF-Extract: Derive a pseudorandom key from input keying material.
+ *
+ * @param ikm - Input keying material
+ * @param salt - Optional salt (defaults to zeroes)
+ * @param hash - Hash function ('sha256' or 'sha512')
+ * @returns Pseudorandom key (32 bytes for SHA-256, 64 for SHA-512)
+ */
+declare function hkdfExtract(ikm: Uint8Array, salt?: Uint8Array, hash?: HkdfHash): Uint8Array;
+/**
+ * HKDF-Expand: Expand a pseudorandom key into output keying material.
+ *
+ * @param prk - Pseudorandom key (from hkdfExtract)
+ * @param info - Context info for domain separation
+ * @param outputLength - Desired output length in bytes
+ * @param hash - Hash function ('sha256' or 'sha512')
+ * @returns Output keying material
+ */
+declare function hkdfExpand(prk: Uint8Array, info: Uint8Array | string | undefined, outputLength: number, hash?: HkdfHash): Uint8Array;
+/**
+ * HKDF for Noise protocol key derivation.
+ * Splits output into chaining key and output key.
+ *
+ * @param chainingKey - Current chaining key (salt)
+ * @param inputKeyMaterial - New key material to mix in
+ * @returns [newChainingKey, outputKey] - both 32 bytes
+ */
+declare function hkdfSplitForNoise(chainingKey: Uint8Array, inputKeyMaterial: Uint8Array): [Uint8Array, Uint8Array];
+/**
+ * HKDF for Noise protocol with three outputs.
+ * Used when deriving transport keys at the end of handshake.
+ *
+ * @param chainingKey - Current chaining key
+ * @param inputKeyMaterial - Key material to mix
+ * @returns [ck, k1, k2] - chaining key and two output keys
+ */
+declare function hkdfTripleSplitForNoise(chainingKey: Uint8Array, inputKeyMaterial: Uint8Array): [Uint8Array, Uint8Array, Uint8Array];
+/** HKDF-SHA256 output size (32 bytes) */
+declare const HKDF_SHA256_OUTPUT_SIZE = 32;
+/** HKDF-SHA512 output size (64 bytes) */
+declare const HKDF_SHA512_OUTPUT_SIZE = 64;
+/** Maximum HKDF output length for SHA-256 (255 * 32 = 8160 bytes) */
+declare const HKDF_SHA256_MAX_OUTPUT: number;
+/** Maximum HKDF output length for SHA-512 (255 * 64 = 16320 bytes) */
+declare const HKDF_SHA512_MAX_OUTPUT: number;
+
+/**
+ * Omnituum PQC Shared - Cryptographic Primitives
+ *
+ * Pure browser implementation - no Node.js dependencies.
+ * Uses Web Crypto API and @noble/hashes for all operations.
+ */
+declare const textEncoder: TextEncoder;
+declare const textDecoder: TextDecoder;
+declare function toB64(bytes: Uint8Array): string;
+declare function fromB64(str: string): Uint8Array;
+declare function toHex(bytes: Uint8Array): string;
+declare function fromHex(hex: string): Uint8Array;
+declare function assertLen(label: string, arr: Uint8Array, n: number): void;
+declare function rand32(): Uint8Array;
+declare function rand24(): Uint8Array;
+declare function rand12(): Uint8Array;
+declare function randN(n: number): Uint8Array;
+declare function sha256(bytes: Uint8Array): Uint8Array;
+declare function sha256String(str: string): Uint8Array;
+declare function hkdfSha256(ikm: Uint8Array, opts?: {
+    salt?: Uint8Array;
+    info?: Uint8Array;
+    length?: number;
+}): Uint8Array;
+declare const b64: typeof toB64;
+declare const ub64: typeof fromB64;
+declare const u8: (s: string | Uint8Array) => Uint8Array<ArrayBufferLike>;
+
+/**
+ * Omnituum PQC Shared - NaCl Secretbox Operations
+ *
+ * Symmetric encryption using XSalsa20-Poly1305 (NaCl secretbox).
+ * 32-byte key, 24-byte nonce, authenticated encryption.
+ */
+interface SecretboxPayload {
+    /** Scheme identifier for format detection */
+    scheme: 'nacl.secretbox';
+    /** Nonce (base64, 24 bytes) */
+    nonce: string;
+    /** Ciphertext (base64, includes auth tag) */
+    ciphertext: string;
+}
+/**
+ * Encrypt data using NaCl secretbox (XSalsa20-Poly1305).
+ *
+ * @param key - 32-byte symmetric key
+ * @param plaintext - Data to encrypt
+ * @param nonce - Optional 24-byte nonce (generated if not provided)
+ * @returns Encrypted payload with nonce and ciphertext
+ */
+declare function secretboxEncrypt(key: Uint8Array, plaintext: Uint8Array, nonce?: Uint8Array): SecretboxPayload;
+/**
+ * Encrypt a string using NaCl secretbox.
+ */
+declare function secretboxEncryptString(key: Uint8Array, plaintext: string, nonce?: Uint8Array): SecretboxPayload;
+/**
+ * Decrypt data using NaCl secretbox.
+ *
+ * @param key - 32-byte symmetric key
+ * @param payload - Encrypted payload from secretboxEncrypt
+ * @returns Decrypted data, or null if authentication fails
+ */
+declare function secretboxDecrypt(key: Uint8Array, payload: SecretboxPayload): Uint8Array | null;
+/**
+ * Decrypt to a string using NaCl secretbox.
+ */
+declare function secretboxDecryptString(key: Uint8Array, payload: SecretboxPayload): string | null;
+/**
+ * Raw secretbox encryption (returns raw bytes).
+ */
+declare function secretboxRaw(key: Uint8Array, plaintext: Uint8Array, nonce: Uint8Array): Uint8Array;
+/**
+ * Raw secretbox decryption (returns raw bytes).
+ */
+declare function secretboxOpenRaw(key: Uint8Array, ciphertext: Uint8Array, nonce: Uint8Array): Uint8Array | null;
+interface BoxPayload {
+    /** Nonce (base64, 24 bytes) */
+    nonce: string;
+    /** Ciphertext (base64) */
+    ciphertext: string;
+}
+/**
+ * Encrypt data using NaCl box (X25519 + XSalsa20-Poly1305).
+ *
+ * @param plaintext - Data to encrypt
+ * @param nonce - 24-byte nonce
+ * @param recipientPubKey - Recipient's X25519 public key (32 bytes)
+ * @param senderSecKey - Sender's X25519 secret key (32 bytes)
+ * @returns Encrypted ciphertext
+ */
+declare function boxEncrypt(plaintext: Uint8Array, nonce: Uint8Array, recipientPubKey: Uint8Array, senderSecKey: Uint8Array): Uint8Array;
+/**
+ * Decrypt data using NaCl box.
+ *
+ * @param ciphertext - Encrypted data
+ * @param nonce - 24-byte nonce
+ * @param senderPubKey - Sender's X25519 public key (32 bytes)
+ * @param recipientSecKey - Recipient's X25519 secret key (32 bytes)
+ * @returns Decrypted data, or null if authentication fails
+ */
+declare function boxDecrypt(ciphertext: Uint8Array, nonce: Uint8Array, senderPubKey: Uint8Array, recipientSecKey: Uint8Array): Uint8Array | null;
+/** NaCl secretbox key size (32 bytes) */
+declare const SECRETBOX_KEY_SIZE: number;
+/** NaCl secretbox nonce size (24 bytes) */
+declare const SECRETBOX_NONCE_SIZE: number;
+/** NaCl secretbox overhead (16 bytes auth tag) */
+declare const SECRETBOX_OVERHEAD: number;
+/** NaCl box key size (32 bytes) */
+declare const BOX_KEY_SIZE: number;
+/** NaCl box nonce size (24 bytes) */
+declare const BOX_NONCE_SIZE: number;
+
+export { BLAKE3_BLOCK_SIZE, BLAKE3_KEY_LENGTH, BLAKE3_OUTPUT_LENGTH, BOX_KEY_SIZE, BOX_NONCE_SIZE, type Blake3Options, type BoxPayload, CHACHA20_KEY_SIZE, CHACHA20_NONCE_SIZE, type ChaChaPayload, type ClassicalWrap, DILITHIUM_ALGORITHM, DILITHIUM_PUBLIC_KEY_SIZE, DILITHIUM_SECRET_KEY_SIZE, DILITHIUM_SIGNATURE_SIZE, type DilithiumKeypair, type DilithiumKeypairB64, type DilithiumSignature, HKDF_SHA256_MAX_OUTPUT, HKDF_SHA256_OUTPUT_SIZE, HKDF_SHA512_MAX_OUTPUT, HKDF_SHA512_OUTPUT_SIZE, type HkdfHash, type HkdfOptions, type HybridEnvelope, type HybridIdentity, type HybridPublicKeys, type HybridSecretKeys, type KyberEncapsulation, type KyberKeypair, type KyberKeypairB64, POLY1305_TAG_SIZE, SECRETBOX_KEY_SIZE, SECRETBOX_NONCE_SIZE, SECRETBOX_OVERHEAD, type SecretboxPayload, type X25519Keypair, type X25519KeypairHex, XCHACHA20_NONCE_SIZE, assertLen, b64, blake3, blake3DeriveKey, blake3Hex, blake3Mac, boxDecrypt, boxEncrypt, boxUnwrapWithX25519, boxWrapWithX25519, chaCha20Poly1305Decrypt, chaCha20Poly1305Encrypt, createChaCha20Poly1305, createXChaCha20Poly1305, deriveKeyFromShared, dilithiumSign, dilithiumSignRaw, dilithiumVerify, dilithiumVerifyRaw, fromB64, fromHex, generateDilithiumKeypair, generateDilithiumKeypairFromSeed, generateHybridIdentity, generateKyberKeypair, generateX25519Keypair, generateX25519KeypairFromSeed, getPublicKeys, getSecretKeys, hkdfDerive, hkdfExpand, hkdfExtract, hkdfSha256, hkdfSplitForNoise, hkdfTripleSplitForNoise, hybridDecrypt, hybridDecryptToString, hybridEncrypt, isDilithiumAvailable, isKyberAvailable, kyberDecapsulate, kyberEncapsulate, kyberUnwrapKey, kyberWrapKey, rand12, rand24, rand32, randN, rotateHybridIdentity, secretboxDecrypt, secretboxDecryptString, secretboxEncrypt, secretboxEncryptString, secretboxOpenRaw, secretboxRaw, sha256, sha256String, textDecoder, textEncoder, toB64, toHex, u8, ub64, x25519SharedSecret, xChaCha20Poly1305Decrypt, xChaCha20Poly1305Encrypt };