@permissionless-technologies/upp-sdk 0.1.0

package/dist/keys/index.d.cts

@@ -0,0 +1,158 @@
+import { K as KeyDerivationConfig, M as MasterKeys, b as StarkMasterKeys, a as DualMasterKeys, A as AuditKeyExport } from '../types-CJSbxv4q.cjs';
+export { D as DEFAULT_KEY_DERIVATION_CONFIG, O as OneTimeKeys, P as ProvingSystem, S as SerializedKeys, c as StealthAddressComponents, T as TransactionViewingKey } from '../types-CJSbxv4q.cjs';
+import { Hex, Address } from 'viem';
+import { M as M31Secret } from '../keccak-m31-B_AqBbRF.cjs';
+
+/**
+ * Key Derivation from Wallet Signature (Post-Quantum / Hash-Based)
+ *
+ * Derives keys from an Ethereum wallet signature using only hash functions.
+ * No elliptic curve operations — quantum-resistant by design.
+ *
+ * Security Model:
+ * - Keys are derived deterministically from the signature
+ * - No seed phrase management required
+ * - Same signature always produces same keys
+ * - Ownership proven via hash preimage (Poseidon), not discrete log
+ */
+
+/**
+ * Derive master keys from a wallet signature (hash-based, post-quantum)
+ *
+ * This replaces the previous BabyJubJub-based derivation.
+ * Instead of curve points, we use Poseidon hashes for ownership proofs.
+ *
+ * @param signature - The wallet signature (from personal_sign or EIP-712)
+ * @param config - Optional key derivation configuration
+ * @returns Master keys for stealth operations
+ *
+ * @example
+ * ```ts
+ * const signature = await walletClient.signMessage({
+ *   message: 'UPP Stealth Key Derivation v1'
+ * })
+ * const keys = await deriveKeysFromSignature(signature)
+ * // keys.ownerHash is Poseidon(spendingSecret) — used in note commitments
+ * ```
+ */
+declare function deriveKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): Promise<MasterKeys>;
+/**
+ * Get the message to sign for key derivation
+ */
+declare function getKeyDerivationMessage(config?: KeyDerivationConfig): string;
+/**
+ * Verify that keys match a given signature
+ */
+declare function verifyKeysMatchSignature(keys: MasterKeys, signature: Hex, config?: KeyDerivationConfig): Promise<boolean>;
+/**
+ * Derive STARK master keys from a wallet signature (M31/Keccak, post-quantum)
+ *
+ * Uses domain-separated keccak256 to derive M31 secrets, then keccak_m31
+ * for owner/viewing hashes. No elliptic curve operations.
+ *
+ * @param signature - The wallet signature (same one used for SNARK keys)
+ * @param config - Optional key derivation configuration
+ * @returns STARK master keys for stealth operations
+ */
+declare function deriveStarkKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): StarkMasterKeys;
+/**
+ * Derive both SNARK and STARK keys from a single wallet signature.
+ *
+ * Same seed, domain-separated derivation. Breaking BJJ (quantum) does NOT
+ * compromise STARK keys — keccak preimage resistance provides 2^128 quantum security.
+ */
+declare function deriveDualKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): Promise<DualMasterKeys>;
+/**
+ * Derive a nullifier key from the spending secret
+ *
+ * nullifier = Poseidon(nullifierKey, leafIndex, commitment)
+ */
+declare function deriveNullifierKey(spendingSecret: bigint): Promise<bigint>;
+
+/**
+ * Per-Transaction Viewing Key Derivation (Post-Quantum, Hash-Based)
+ *
+ * Implements hierarchical viewing keys using Poseidon hash instead of ECDH.
+ *
+ * Key Properties:
+ * - Per-note decryption key: Poseidon(viewingSecret, nonce)
+ * - AES key: keccak256(perNoteKey) for symmetric encryption
+ *
+ * Derivation:
+ *   perNoteKey = Poseidon(viewingSecret, nonce)
+ *   aesKey = keccak256(perNoteKey)
+ *
+ * SECURITY (v4):
+ * Audit exports contain per-note decryption keys derived from viewingSecret + nonce.
+ * This prevents master key recovery: knowing Poseidon(viewingSecret, nonce) doesn't
+ * reveal viewingSecret due to the one-wayness of Poseidon.
+ */
+
+/**
+ * Derive a per-note decryption key from master viewing secret and nonce
+ *
+ * @param viewingSecret - Master viewing secret
+ * @param nonce - Unique per-note nonce
+ * @returns Per-note decryption key as hex
+ */
+declare function derivePerNoteKey(viewingSecret: bigint, nonce: bigint): Promise<Hex>;
+/**
+ * Derive per-note key from MasterKeys convenience wrapper
+ */
+declare function derivePerNoteKeyFromKeys(keys: MasterKeys, nonce: bigint): Promise<Hex>;
+/**
+ * Note reference for audit export
+ */
+interface NoteReference {
+    /** The Merkle leaf index (for locating the on-chain event) */
+    leafIndex: number;
+    /** The nonce used in per-note key derivation */
+    nonce: bigint;
+}
+/**
+ * Export viewing keys for specific notes
+ *
+ * Creates an export package that can be shared with an auditor.
+ * The auditor can use these keys to decrypt the specified notes,
+ * but cannot derive keys for other notes.
+ *
+ * @param keys - Master keys
+ * @param signerAddress - The Ethereum address that signed to derive keys
+ * @param notes - Array of note references (leafIndex + nonce) to export
+ * @returns Audit key export package
+ */
+declare function exportViewingKeysForAudit(keys: MasterKeys, signerAddress: Address, notes: NoteReference[]): Promise<AuditKeyExport>;
+/**
+ * Validate an audit key export
+ */
+declare function validateAuditKeyExport(exportData: AuditKeyExport): {
+    valid: boolean;
+    error?: string;
+};
+/**
+ * Look up a decryption key from an audit export by leaf index
+ *
+ * Returns the per-note decryption key for direct use in AES-GCM decryption.
+ * Derive AES key: keccak256(decryptionKey)
+ */
+declare function getViewingKeyFromExport(exportData: AuditKeyExport, leafIndex: number): Hex | null;
+/**
+ * Derive a STARK per-note decryption key from viewing secret and nonce.
+ *
+ * Uses keccak_m31 instead of Poseidon — purely symmetric, post-quantum safe.
+ * The nonce is encoded as a single M31 element appended to the viewing secret.
+ *
+ * perNoteDigest = keccak_m31(viewingSecret[0..8], nonce)
+ * aesKey = keccak256(perNoteDigest_packed_as_16_LE_bytes)
+ *
+ * @param starkViewingSecret - 8 M31 limbs (the master STARK viewing secret)
+ * @param nonce - Per-note nonce (M31 range)
+ * @returns 32-byte AES key as hex
+ */
+declare function deriveStarkPerNoteKey(starkViewingSecret: M31Secret, nonce: bigint): Hex;
+/**
+ * Derive STARK per-note key from StarkMasterKeys convenience wrapper
+ */
+declare function deriveStarkPerNoteKeyFromKeys(keys: StarkMasterKeys, nonce: bigint): Hex;
+
+export { AuditKeyExport, DualMasterKeys, KeyDerivationConfig, MasterKeys, type NoteReference, StarkMasterKeys, deriveDualKeysFromSignature, deriveKeysFromSignature, deriveNullifierKey, derivePerNoteKey, derivePerNoteKeyFromKeys, deriveStarkKeysFromSignature, deriveStarkPerNoteKey, deriveStarkPerNoteKeyFromKeys, exportViewingKeysForAudit, getKeyDerivationMessage, getViewingKeyFromExport, validateAuditKeyExport, verifyKeysMatchSignature };

package/dist/keys/index.d.ts

@@ -0,0 +1,158 @@
+import { K as KeyDerivationConfig, M as MasterKeys, b as StarkMasterKeys, a as DualMasterKeys, A as AuditKeyExport } from '../types-mLybMxNR.js';
+export { D as DEFAULT_KEY_DERIVATION_CONFIG, O as OneTimeKeys, P as ProvingSystem, S as SerializedKeys, c as StealthAddressComponents, T as TransactionViewingKey } from '../types-mLybMxNR.js';
+import { Hex, Address } from 'viem';
+import { M as M31Secret } from '../keccak-m31-B_AqBbRF.js';
+
+/**
+ * Key Derivation from Wallet Signature (Post-Quantum / Hash-Based)
+ *
+ * Derives keys from an Ethereum wallet signature using only hash functions.
+ * No elliptic curve operations — quantum-resistant by design.
+ *
+ * Security Model:
+ * - Keys are derived deterministically from the signature
+ * - No seed phrase management required
+ * - Same signature always produces same keys
+ * - Ownership proven via hash preimage (Poseidon), not discrete log
+ */
+
+/**
+ * Derive master keys from a wallet signature (hash-based, post-quantum)
+ *
+ * This replaces the previous BabyJubJub-based derivation.
+ * Instead of curve points, we use Poseidon hashes for ownership proofs.
+ *
+ * @param signature - The wallet signature (from personal_sign or EIP-712)
+ * @param config - Optional key derivation configuration
+ * @returns Master keys for stealth operations
+ *
+ * @example
+ * ```ts
+ * const signature = await walletClient.signMessage({
+ *   message: 'UPP Stealth Key Derivation v1'
+ * })
+ * const keys = await deriveKeysFromSignature(signature)
+ * // keys.ownerHash is Poseidon(spendingSecret) — used in note commitments
+ * ```
+ */
+declare function deriveKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): Promise<MasterKeys>;
+/**
+ * Get the message to sign for key derivation
+ */
+declare function getKeyDerivationMessage(config?: KeyDerivationConfig): string;
+/**
+ * Verify that keys match a given signature
+ */
+declare function verifyKeysMatchSignature(keys: MasterKeys, signature: Hex, config?: KeyDerivationConfig): Promise<boolean>;
+/**
+ * Derive STARK master keys from a wallet signature (M31/Keccak, post-quantum)
+ *
+ * Uses domain-separated keccak256 to derive M31 secrets, then keccak_m31
+ * for owner/viewing hashes. No elliptic curve operations.
+ *
+ * @param signature - The wallet signature (same one used for SNARK keys)
+ * @param config - Optional key derivation configuration
+ * @returns STARK master keys for stealth operations
+ */
+declare function deriveStarkKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): StarkMasterKeys;
+/**
+ * Derive both SNARK and STARK keys from a single wallet signature.
+ *
+ * Same seed, domain-separated derivation. Breaking BJJ (quantum) does NOT
+ * compromise STARK keys — keccak preimage resistance provides 2^128 quantum security.
+ */
+declare function deriveDualKeysFromSignature(signature: Hex, config?: KeyDerivationConfig): Promise<DualMasterKeys>;
+/**
+ * Derive a nullifier key from the spending secret
+ *
+ * nullifier = Poseidon(nullifierKey, leafIndex, commitment)
+ */
+declare function deriveNullifierKey(spendingSecret: bigint): Promise<bigint>;
+
+/**
+ * Per-Transaction Viewing Key Derivation (Post-Quantum, Hash-Based)
+ *
+ * Implements hierarchical viewing keys using Poseidon hash instead of ECDH.
+ *
+ * Key Properties:
+ * - Per-note decryption key: Poseidon(viewingSecret, nonce)
+ * - AES key: keccak256(perNoteKey) for symmetric encryption
+ *
+ * Derivation:
+ *   perNoteKey = Poseidon(viewingSecret, nonce)
+ *   aesKey = keccak256(perNoteKey)
+ *
+ * SECURITY (v4):
+ * Audit exports contain per-note decryption keys derived from viewingSecret + nonce.
+ * This prevents master key recovery: knowing Poseidon(viewingSecret, nonce) doesn't
+ * reveal viewingSecret due to the one-wayness of Poseidon.
+ */
+
+/**
+ * Derive a per-note decryption key from master viewing secret and nonce
+ *
+ * @param viewingSecret - Master viewing secret
+ * @param nonce - Unique per-note nonce
+ * @returns Per-note decryption key as hex
+ */
+declare function derivePerNoteKey(viewingSecret: bigint, nonce: bigint): Promise<Hex>;
+/**
+ * Derive per-note key from MasterKeys convenience wrapper
+ */
+declare function derivePerNoteKeyFromKeys(keys: MasterKeys, nonce: bigint): Promise<Hex>;
+/**
+ * Note reference for audit export
+ */
+interface NoteReference {
+    /** The Merkle leaf index (for locating the on-chain event) */
+    leafIndex: number;
+    /** The nonce used in per-note key derivation */
+    nonce: bigint;
+}
+/**
+ * Export viewing keys for specific notes
+ *
+ * Creates an export package that can be shared with an auditor.
+ * The auditor can use these keys to decrypt the specified notes,
+ * but cannot derive keys for other notes.
+ *
+ * @param keys - Master keys
+ * @param signerAddress - The Ethereum address that signed to derive keys
+ * @param notes - Array of note references (leafIndex + nonce) to export
+ * @returns Audit key export package
+ */
+declare function exportViewingKeysForAudit(keys: MasterKeys, signerAddress: Address, notes: NoteReference[]): Promise<AuditKeyExport>;
+/**
+ * Validate an audit key export
+ */
+declare function validateAuditKeyExport(exportData: AuditKeyExport): {
+    valid: boolean;
+    error?: string;
+};
+/**
+ * Look up a decryption key from an audit export by leaf index
+ *
+ * Returns the per-note decryption key for direct use in AES-GCM decryption.
+ * Derive AES key: keccak256(decryptionKey)
+ */
+declare function getViewingKeyFromExport(exportData: AuditKeyExport, leafIndex: number): Hex | null;
+/**
+ * Derive a STARK per-note decryption key from viewing secret and nonce.
+ *
+ * Uses keccak_m31 instead of Poseidon — purely symmetric, post-quantum safe.
+ * The nonce is encoded as a single M31 element appended to the viewing secret.
+ *
+ * perNoteDigest = keccak_m31(viewingSecret[0..8], nonce)
+ * aesKey = keccak256(perNoteDigest_packed_as_16_LE_bytes)
+ *
+ * @param starkViewingSecret - 8 M31 limbs (the master STARK viewing secret)
+ * @param nonce - Per-note nonce (M31 range)
+ * @returns 32-byte AES key as hex
+ */
+declare function deriveStarkPerNoteKey(starkViewingSecret: M31Secret, nonce: bigint): Hex;
+/**
+ * Derive STARK per-note key from StarkMasterKeys convenience wrapper
+ */
+declare function deriveStarkPerNoteKeyFromKeys(keys: StarkMasterKeys, nonce: bigint): Hex;
+
+export { AuditKeyExport, DualMasterKeys, KeyDerivationConfig, MasterKeys, type NoteReference, StarkMasterKeys, deriveDualKeysFromSignature, deriveKeysFromSignature, deriveNullifierKey, derivePerNoteKey, derivePerNoteKeyFromKeys, deriveStarkKeysFromSignature, deriveStarkPerNoteKey, deriveStarkPerNoteKeyFromKeys, exportViewingKeysForAudit, getKeyDerivationMessage, getViewingKeyFromExport, validateAuditKeyExport, verifyKeysMatchSignature };

package/dist/keys/index.js

@@ -0,0 +1,7 @@
+export { DEFAULT_KEY_DERIVATION_CONFIG, deriveDualKeysFromSignature, deriveKeysFromSignature, deriveNullifierKey, derivePerNoteKey, derivePerNoteKeyFromKeys, deriveStarkKeysFromSignature, deriveStarkPerNoteKey, deriveStarkPerNoteKeyFromKeys, exportViewingKeysForAudit, getKeyDerivationMessage, getViewingKeyFromExport, validateAuditKeyExport, verifyKeysMatchSignature } from '../chunk-2JQISXBD.js';
+import '../chunk-5V5HSN6Y.js';
+import '../chunk-W77GRBO4.js';
+import '../chunk-V23OSL25.js';
+import '../chunk-Z6ZWNWWR.js';
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/keys/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"index.js"}

package/dist/merkle-7KS2EHRF.js

@@ -0,0 +1,5 @@
+export { MAX_TREE_DEPTH, MerkleTree, buildMerkleTree, getMerkleProof, verifyMerkleProof } from './chunk-ZU6J7KMY.js';
+import './chunk-V23OSL25.js';
+import './chunk-Z6ZWNWWR.js';
+//# sourceMappingURL=merkle-7KS2EHRF.js.map
+//# sourceMappingURL=merkle-7KS2EHRF.js.map

package/dist/merkle-7KS2EHRF.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"merkle-7KS2EHRF.js"}

package/dist/merkle-HGDC6OB4.cjs

@@ -0,0 +1,30 @@
+'use strict';
+
+var chunkEUP7MBAH_cjs = require('./chunk-EUP7MBAH.cjs');
+require('./chunk-JWNXBALH.cjs');
+require('./chunk-G7VZBCD6.cjs');
+
+
+
+Object.defineProperty(exports, "MAX_TREE_DEPTH", {
+  enumerable: true,
+  get: function () { return chunkEUP7MBAH_cjs.MAX_TREE_DEPTH; }
+});
+Object.defineProperty(exports, "MerkleTree", {
+  enumerable: true,
+  get: function () { return chunkEUP7MBAH_cjs.MerkleTree; }
+});
+Object.defineProperty(exports, "buildMerkleTree", {
+  enumerable: true,
+  get: function () { return chunkEUP7MBAH_cjs.buildMerkleTree; }
+});
+Object.defineProperty(exports, "getMerkleProof", {
+  enumerable: true,
+  get: function () { return chunkEUP7MBAH_cjs.getMerkleProof; }
+});
+Object.defineProperty(exports, "verifyMerkleProof", {
+  enumerable: true,
+  get: function () { return chunkEUP7MBAH_cjs.verifyMerkleProof; }
+});
+//# sourceMappingURL=merkle-HGDC6OB4.cjs.map
+//# sourceMappingURL=merkle-HGDC6OB4.cjs.map

package/dist/merkle-HGDC6OB4.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"names":[],"mappings":"","file":"merkle-HGDC6OB4.cjs"}

package/dist/merkle-mteVOlDf.d.cts

@@ -0,0 +1,188 @@
+/**
+ * BabyJubJub Elliptic Curve Utilities
+ *
+ * Wrapper around circomlibjs BabyJubJub implementation.
+ * Used for stealth addresses, key derivation, and ECDH.
+ *
+ * BabyJubJub is a twisted Edwards curve embedded in BN254's scalar field,
+ * making it efficient for use in zk-SNARKs.
+ */
+/**
+ * A point on the BabyJubJub curve
+ */
+interface Point {
+    x: bigint;
+    y: bigint;
+}
+/**
+ * Get the BabyJubJub subgroup order
+ */
+declare function getSubOrder(): Promise<bigint>;
+/**
+ * Get the generator point (Base8)
+ */
+declare function getBasePoint(): Promise<Point>;
+/**
+ * Check if a point is on the curve
+ */
+declare function isOnCurve(point: Point): Promise<boolean>;
+/**
+ * Scalar multiplication: point * scalar
+ *
+ * @param point - Point on the curve
+ * @param scalar - Scalar value (mod subOrder)
+ * @returns Resulting point
+ */
+declare function mulPointScalar(point: Point, scalar: bigint): Promise<Point>;
+/**
+ * Point addition: p1 + p2
+ */
+declare function addPoints(p1: Point, p2: Point): Promise<Point>;
+/**
+ * Generate public key from private key
+ * pubKey = privateKey * Base8
+ *
+ * @param privateKey - Private key scalar (must be < subOrder)
+ * @returns Public key point
+ */
+declare function privateToPublic(privateKey: bigint): Promise<Point>;
+/**
+ * Compute ECDH shared secret
+ * sharedSecret = myPrivateKey * theirPublicKey
+ *
+ * @param myPrivateKey - Your private key
+ * @param theirPublicKey - Their public key
+ * @returns Shared secret point
+ */
+declare function computeSharedSecret(myPrivateKey: bigint, theirPublicKey: Point): Promise<Point>;
+/**
+ * Pack a point into a single bigint (compressed form)
+ * Uses the x-coordinate and a sign bit for y
+ */
+declare function packPoint(point: Point): bigint;
+/**
+ * Convert a point to tuple format [x, y] for use with snarkjs
+ */
+declare function pointToTuple(point: Point): [bigint, bigint];
+/**
+ * Convert a tuple [x, y] to Point format
+ */
+declare function tupleToPoint(tuple: [bigint, bigint]): Point;
+/**
+ * Derive a per-transaction viewing public key (EVK)
+ *
+ * EVK = MVK_pub + Poseidon(MVK_pub.x, MVK_pub.y, nonce) * Base8
+ *
+ * This allows the sender to derive a unique encryption key for each transaction
+ * without knowing the recipient's private key.
+ *
+ * @param masterViewingPubKey - Recipient's master viewing public key
+ * @param nonce - Unique per-note nonce (R.x — ephemeral public key x-coordinate)
+ * @returns Per-transaction encryption viewing key
+ */
+declare function deriveEncryptionViewingKey(masterViewingPubKey: Point, nonce: bigint): Promise<Point>;
+/**
+ * Derive a per-transaction viewing private key (DVK)
+ *
+ * DVK = MVK_priv + Poseidon(MVK_pub.x, MVK_pub.y, nonce)
+ *
+ * Only the owner with MVK_priv can compute this.
+ * DVK can be shared with auditors to decrypt specific transactions.
+ *
+ * @param masterViewingPrivKey - Owner's master viewing private key
+ * @param masterViewingPubKey - Owner's master viewing public key
+ * @param nonce - Unique per-note nonce (R.x — ephemeral public key x-coordinate)
+ * @returns Per-transaction decryption viewing key
+ */
+declare function deriveDecryptionViewingKey(masterViewingPrivKey: bigint, masterViewingPubKey: Point, nonce: bigint): Promise<bigint>;
+
+/**
+ * Merkle Tree Utilities
+ *
+ * Client-side Merkle tree for computing proofs.
+ * Compatible with LeanIMT on-chain implementation.
+ */
+/**
+ * Maximum tree depth (matches contract)
+ */
+declare const MAX_TREE_DEPTH = 32;
+/**
+ * Merkle proof for a leaf
+ */
+interface MerkleProof {
+    /** Path elements (siblings) */
+    pathElements: bigint[];
+    /** Path indices (0 = left, 1 = right) */
+    pathIndices: number[];
+    /** Leaf index in the tree */
+    leafIndex: number;
+    /** Tree root */
+    root: bigint;
+}
+/**
+ * LeanIMT-compatible Merkle Tree
+ *
+ * Features:
+ * - Dynamic depth (grows as needed)
+ * - Single-child optimization
+ * - Async hash operations (Poseidon is async)
+ */
+declare class MerkleTree {
+    private leaves;
+    private nodes;
+    private cachedRoot;
+    readonly maxDepth: number;
+    constructor(maxDepth?: number);
+    /**
+     * Insert a leaf into the tree
+     */
+    insert(leaf: bigint): number;
+    /**
+     * Get the number of leaves in the tree
+     */
+    get size(): number;
+    /**
+     * Get the current depth of the tree
+     * LeanIMT: depth grows when 2^depth < size
+     */
+    get depth(): number;
+    /**
+     * Check if a leaf exists in the tree
+     */
+    has(leaf: bigint): boolean;
+    /**
+     * Get the index of a leaf
+     */
+    indexOf(leaf: bigint): number;
+    /**
+     * Get the current root (async because of Poseidon)
+     */
+    getRoot(): Promise<bigint>;
+    /**
+     * Get a Merkle proof for a leaf at index
+     */
+    getProof(index: number): Promise<MerkleProof>;
+    /**
+     * Get the hash of a node at (level, index)
+     * level 0 = leaves, higher levels are internal nodes
+     */
+    private getNodeHash;
+    /**
+     * Compute the root hash
+     */
+    private computeRoot;
+}
+/**
+ * Build a Merkle tree from an array of leaves
+ */
+declare function buildMerkleTree(leaves: bigint[]): MerkleTree;
+/**
+ * Get a Merkle proof for a specific leaf (async)
+ */
+declare function getMerkleProof(leaves: bigint[], index: number): Promise<MerkleProof>;
+/**
+ * Verify a Merkle proof (async)
+ */
+declare function verifyMerkleProof(leaf: bigint, proof: MerkleProof): Promise<boolean>;
+
+export { MAX_TREE_DEPTH as M, type Point as P, type MerkleProof as a, MerkleTree as b, addPoints as c, buildMerkleTree as d, computeSharedSecret as e, deriveDecryptionViewingKey as f, deriveEncryptionViewingKey as g, getBasePoint as h, getMerkleProof as i, getSubOrder as j, isOnCurve as k, pointToTuple as l, mulPointScalar as m, privateToPublic as n, packPoint as p, tupleToPoint as t, verifyMerkleProof as v };