@reclaimprotocol/attestor-core 5.0.3 → 5.0.4

package/lib/utils/zk.js

@@ -0,0 +1,577 @@
+import { concatenateUint8Arrays, crypto, generateIV } from '@reclaimprotocol/tls';
+import { ceilToBlockSizeMultiple, CONFIG as ZK_CONFIG, generateProof, getBlockSizeBytes, makeLocalFileFetch, makeRemoteFileFetch, verifyProof } from '@reclaimprotocol/zk-symmetric-crypto';
+import { makeGnarkOPRFOperator, makeGnarkZkOperator, } from '@reclaimprotocol/zk-symmetric-crypto/gnark';
+import { makeSnarkJsZKOperator } from '@reclaimprotocol/zk-symmetric-crypto/snarkjs';
+import PQueue from 'p-queue';
+import { DEFAULT_REMOTE_FILE_FETCH_BASE_URL, DEFAULT_ZK_CONCURRENCY, TOPRF_DOMAIN_SEPARATOR } from "../config/index.js";
+import { ZKProofEngine } from "../proto/api.js";
+import { detectEnvironment, getEnvVariable } from "./env.js";
+import { AttestorError } from "./error.js";
+import { getPureCiphertext, getRecordIV, getZkAlgorithmForCipherSuite, isTls13Suite, strToUint8Array } from "./generics.js";
+import { logger as LOGGER } from "./logger.js";
+import { binaryHashToStr, isFullyRedacted, isRedactionCongruent, REDACTION_CHAR_CODE } from "./redactions.js";
+const ZK_CONCURRENCY = +(getEnvVariable('ZK_CONCURRENCY') || DEFAULT_ZK_CONCURRENCY);
+export async function makeZkProofGenerator({ zkOperators, oprfOperators, logger = LOGGER, zkProofConcurrency = ZK_CONCURRENCY, cipherSuite, zkEngine = 'snarkjs' }) {
+    const zkQueue = new PQueue({ concurrency: zkProofConcurrency, autoStart: true });
+    const packetsToProve = [];
+    logger = logger.child({ module: 'zk', zkEngine });
+    let zkProofsToGen = 0;
+    return {
+        /**
+         * Adds the given packet to the list of packets to
+         * generate ZK proofs for.
+         *
+         * Call `generateProofs()` to finally generate the proofs
+         */
+        async addPacketToProve(packet, { redactedPlaintext, toprfs = [], overshotToprfFromPrevBlock }, onGeneratedProofs, getNextPacket) {
+            if (packet.type === 'plaintext') {
+                throw new Error('Cannot generate proof for plaintext');
+            }
+            const alg = getZkAlgorithmForCipherSuite(cipherSuite);
+            const chunkSizeBytes = getChunkSizeBytes(alg);
+            const key = await crypto.exportKey(packet.encKey);
+            const iv = packet.iv;
+            const ciphertext = getPureCiphertext(packet.ciphertext, cipherSuite);
+            // if the packet starts with TOPRF overflow from previous packet,
+            // we can just redact that part of the ciphertext as it's not required
+            // to be proven. Decrypting the raw ciphertext of this part would also
+            // reveal the raw underlying text, which we don't want.
+            if (overshotToprfFromPrevBlock) {
+                redactedPlaintext.set(new Uint8Array(overshotToprfFromPrevBlock.length)
+                    .fill(REDACTION_CHAR_CODE));
+            }
+            const trueCiphertextLength = isTls13Suite(cipherSuite)
+                ? ciphertext.length - 1 // remove content type byte
+                : ciphertext.length;
+            const packetToProve = {
+                onGeneratedProofs,
+                algorithm: alg,
+                proofsToGenerate: [],
+                toprfsToGenerate: [],
+                iv: packet.fixedIv,
+            };
+            // first we'll handle all TOPRF blocks
+            // we do these first, because they can span multiple chunks
+            // & we need to be able to span the right chunks
+            for (const toprf of toprfs) {
+                // if the TOPRF data overshoots the ciphertext length,
+                // then it means that the OPRF data is spread across multiple
+                // TLS records & we need to include the next record's ciphertext
+                // in our proof.
+                // At most we support the OPRF data being spread across 2 records
+                const toprfDistFromEnd = trueCiphertextLength
+                    - (toprf.dataLocation.fromIndex + toprf.dataLocation.length);
+                if (toprfDistFromEnd < 0) {
+                    const nextPacket = getNextPacket();
+                    if (nextPacket?.type !== 'ciphertext') {
+                        throw new AttestorError('ERROR_INTERNAL', 'TOPRF data overshoots ciphertext length, '
+                            + 'but no next ciphertext packet found');
+                    }
+                    if (nextPacket.encKey !== packet.encKey) {
+                        throw new AttestorError('ERROR_INTERNAL', 'TOPRF data overshoots ciphertext length, '
+                            + 'but next packet has different encryption key');
+                    }
+                    const nextCiphertext = nextPacket.ciphertext
+                        .slice(0, Math.abs(toprfDistFromEnd));
+                    const iv = nextPacket.iv;
+                    toprf.overshoot = {
+                        ciphertext: nextCiphertext,
+                        iv,
+                        recordNumber: nextPacket.recordNumber,
+                    };
+                }
+                const fromIndex = getIdealOffsetForToprfBlock(alg, toprf);
+                const toIndex = Math
+                    .min(fromIndex + chunkSizeBytes, ciphertext.length);
+                // ensure this OPRF block doesn't overlap with any other OPRF block
+                const slice = { fromIndex, toIndex };
+                packetToProve.toprfsToGenerate.push(getTOPRFProofGenerationParamsForSlice({
+                    key,
+                    iv,
+                    ciphertext,
+                    slice,
+                    toprf: {
+                        ...toprf,
+                        dataLocation: {
+                            ...toprf.dataLocation,
+                            fromIndex: toprf.dataLocation.fromIndex - fromIndex
+                        }
+                    }
+                }));
+                zkProofsToGen += 1;
+                // we'll redact the OPRF part of the plaintext to not reveal
+                // the actual plaintext to the attestor
+                const pktToIndex = Math.min(trueCiphertextLength, toprf.dataLocation.fromIndex + toprf.dataLocation.length);
+                const pktFromIndex = toprf.dataLocation.fromIndex;
+                for (let i = pktFromIndex; i < pktToIndex; i++) {
+                    redactedPlaintext[i] = REDACTION_CHAR_CODE;
+                }
+            }
+            for (let i = 0; i < ciphertext.length; i += chunkSizeBytes) {
+                const slice = {
+                    fromIndex: i,
+                    toIndex: Math.min(i + chunkSizeBytes, ciphertext.length)
+                };
+                const proofParams = getProofGenerationParamsForSlice({ key, iv, ciphertext, redactedPlaintext, slice });
+                if (!proofParams) {
+                    continue;
+                }
+                packetToProve.proofsToGenerate.push(proofParams);
+                zkProofsToGen += 1;
+            }
+            packetsToProve.push(packetToProve);
+        },
+        getTotalChunksToProve() {
+            return zkProofsToGen;
+        },
+        async generateProofs(onChunkDone) {
+            if (!packetsToProve.length) {
+                return;
+            }
+            const start = Date.now();
+            const tasks = [];
+            for (const { onGeneratedProofs, algorithm, proofsToGenerate, toprfsToGenerate } of packetsToProve) {
+                const proofs = [];
+                const toprfs = [];
+                let proofsLeft = proofsToGenerate.length
+                    + toprfsToGenerate.length;
+                for (const proofToGen of proofsToGenerate) {
+                    tasks.push(zkQueue.add(async () => {
+                        const proof = await generateZkProofForChunk(algorithm, proofToGen);
+                        onChunkDone?.();
+                        proofs.push(proof);
+                        proofsLeft -= 1;
+                        if (proofsLeft === 0) {
+                            onGeneratedProofs(proofs, toprfs);
+                        }
+                    }, { throwOnTimeout: true }));
+                }
+                for (const toprfToGen of toprfsToGenerate) {
+                    tasks.push(zkQueue.add(async () => {
+                        const toprf = await generateOprfProofForChunk(algorithm, toprfToGen);
+                        onChunkDone?.();
+                        toprfs.push(toprf);
+                        proofsLeft -= 1;
+                        if (proofsLeft === 0) {
+                            onGeneratedProofs(proofs, toprfs);
+                        }
+                    }, { throwOnTimeout: true }));
+                }
+            }
+            await Promise.all(tasks);
+            logger?.info({ durationMs: Date.now() - start, zkProofsToGen }, 'generated ZK proofs');
+            // reset the packets to prove
+            packetsToProve.splice(0, packetsToProve.length);
+            zkProofsToGen = 0;
+            // release ZK resources to free up memory
+            const alg = getZkAlgorithmForCipherSuite(cipherSuite);
+            const zkOperator = await getZkOperatorForAlgorithm(alg);
+            zkOperator.release?.();
+        },
+    };
+    async function generateZkProofForChunk(algorithm, { startIdx, redactedPlaintext, privateInput, publicInput }) {
+        const operator = getZkOperatorForAlgorithm(algorithm);
+        const proof = await generateProof({ algorithm, privateInput, publicInput, operator, logger });
+        logger?.debug({ startIdx }, 'generated proof for chunk');
+        return {
+            proofData: typeof proof.proofData === 'string'
+                ? strToUint8Array(proof.proofData)
+                : proof.proofData,
+            decryptedRedactedCiphertext: proof.plaintext || new Uint8Array(),
+            redactedPlaintext,
+            startIdx
+        };
+    }
+    async function generateOprfProofForChunk(algorithm, { startIdx, privateInput, publicInput, toprf }) {
+        const operator = getOprfOperatorForAlgorithm(algorithm);
+        const toprfLocations = [];
+        if (toprf?.overshoot) {
+            const { dataLocation, overshoot: { ciphertext } } = toprf;
+            toprfLocations.push({
+                pos: dataLocation.fromIndex,
+                len: dataLocation.length - ciphertext.length
+            }, {
+                pos: ceilToBlockSizeMultiple(dataLocation.fromIndex + dataLocation.length, algorithm),
+                len: ciphertext.length
+            });
+        }
+        else if (toprf) {
+            toprfLocations.push({
+                pos: toprf.dataLocation.fromIndex,
+                len: toprf.dataLocation.length,
+            });
+        }
+        const proof = await generateProof({
+            algorithm,
+            privateInput,
+            publicInput,
+            operator,
+            logger,
+            ...(toprf
+                ? {
+                    toprf: {
+                        locations: toprfLocations,
+                        output: toprf.nullifier,
+                        responses: toprf.responses,
+                        domainSeparator: TOPRF_DOMAIN_SEPARATOR
+                    },
+                    mask: toprf.mask,
+                }
+                : {})
+        });
+        logger?.debug({ toprfLocations }, 'generated TOPRF proof for chunk');
+        return {
+            startIdx,
+            proofData: typeof proof.proofData === 'string'
+                ? strToUint8Array(proof.proofData)
+                : proof.proofData,
+            payload: toprf,
+        };
+    }
+    function getZkOperatorForAlgorithm(algorithm) {
+        return zkOperators?.[algorithm]
+            || makeDefaultZkOperator(algorithm, zkEngine, logger);
+    }
+    function getOprfOperatorForAlgorithm(algorithm) {
+        return oprfOperators?.[algorithm]
+            || makeDefaultOPRFOperator(algorithm, zkEngine, logger);
+    }
+}
+/**
+ * Verify the given ZK proof
+ */
+export async function verifyZkPacket({ cipherSuite, ciphertext, zkReveal, zkOperators, oprfOperators, logger = LOGGER, zkEngine = 'snarkjs', iv, recordNumber, toprfOvershotNullifier, getNextPacket }) {
+    const { proofs, toprfs } = zkReveal;
+    const algorithm = getZkAlgorithmForCipherSuite(cipherSuite);
+    const recordIV = getRecordIV(ciphertext, cipherSuite);
+    ciphertext = new Uint8Array(getPureCiphertext(ciphertext, cipherSuite));
+    const realRedactedPlaintext = new Uint8Array(ciphertext.length).fill(REDACTION_CHAR_CODE);
+    const replacements = await Promise.all(toprfs.map(async (toprf, i) => {
+        try {
+            return await verifyToprfProofPacket(toprf);
+        }
+        catch (e) {
+            e.message += ` (TOPRF proof ${i}, `
+                + `from ${toprf.payload?.dataLocation?.fromIndex}, `
+                + `record ${recordNumber})`;
+            throw e;
+        }
+    }));
+    await Promise.all(proofs.map(async (proof, i) => {
+        try {
+            await verifyZkProofPacket(proof);
+        }
+        catch (e) {
+            e.message +=
+                ` (ZK proof ${i}, startIdx ${proof.startIdx}, record ${recordNumber})`;
+            throw e;
+        }
+    }));
+    for (const { set, startIdx } of replacements) {
+        realRedactedPlaintext.set(set, startIdx);
+    }
+    /**
+     * to verify if the user has given us the correct redacted plaintext,
+     * and isn't providing plaintext that they haven't proven they have
+     * we start with a fully redacted plaintext, and then replace the
+     * redacted parts with the plaintext that the user has provided
+     * in the proofs
+     */
+    if (toprfOvershotNullifier) {
+        realRedactedPlaintext.set(toprfOvershotNullifier);
+    }
+    return { redactedPlaintext: realRedactedPlaintext };
+    async function verifyZkProofPacket({ proofData, decryptedRedactedCiphertext, redactedPlaintext, startIdx, }) {
+        // get the ciphertext chunk we received from the server
+        // the ZK library, will verify that the decrypted redacted
+        // ciphertext matches the ciphertext received from the server
+        const ciphertextChunkEnd = startIdx + redactedPlaintext.length;
+        const ciphertextChunk = ciphertext.slice(startIdx, ciphertextChunkEnd);
+        // redact ciphertext if plaintext is redacted
+        // to prepare for decryption in ZK circuit
+        // the ZK circuit will take in the redacted ciphertext,
+        // which shall produce the redacted plaintext
+        for (let i = 0; i < ciphertextChunk.length; i++) {
+            if (redactedPlaintext[i] === REDACTION_CHAR_CODE) {
+                ciphertextChunk[i] = REDACTION_CHAR_CODE;
+            }
+        }
+        let nonce = concatenateUint8Arrays([iv, recordIV]);
+        if (!recordIV.length) {
+            nonce = generateIV(nonce, recordNumber);
+        }
+        const ciphertextInput = {
+            ciphertext: ciphertextChunk,
+            iv: nonce,
+            offsetBytes: startIdx
+        };
+        if (!isRedactionCongruent(redactedPlaintext, decryptedRedactedCiphertext)) {
+            throw new Error('redacted ciphertext not congruent');
+        }
+        await verifyProof({
+            proof: {
+                algorithm,
+                proofData: proofData,
+                plaintext: decryptedRedactedCiphertext,
+            },
+            publicInput: ciphertextInput,
+            logger,
+            operator: getZkOperator()
+        });
+        logger?.debug({ startIdx, endIdx: startIdx + redactedPlaintext.length }, 'verified proof');
+        realRedactedPlaintext.set(redactedPlaintext, startIdx);
+    }
+    async function verifyToprfProofPacket({ startIdx, proofData, payload: toprf }) {
+        if (!toprf?.dataLocation || !toprf.responses || !toprf.nullifier) {
+            throw new Error('invalid TOPRF proof payload');
+        }
+        const { dataLocation, nullifier } = toprf;
+        const ciphertextChunkEnd = Math
+            .min(ciphertext.length, getChunkSizeBytes(algorithm) + startIdx);
+        const isLastChunk = ciphertextChunkEnd >= ciphertext.length;
+        const ciphertextChunk = ciphertext.slice(startIdx, ciphertextChunkEnd);
+        let nonce = concatenateUint8Arrays([iv, recordIV]);
+        if (!recordIV.length) {
+            nonce = generateIV(nonce, recordNumber);
+        }
+        const ciphertextInput = {
+            ciphertext: ciphertextChunk,
+            iv: nonce,
+            offsetBytes: startIdx
+        };
+        let pubInput = ciphertextInput;
+        const nulliferStr = binaryHashToStr(nullifier, dataLocation.length);
+        const locations = [];
+        const toprfEndIdx = dataLocation.fromIndex + dataLocation.length;
+        const trueCiphLen = isLastChunk && isTls13Suite(cipherSuite)
+            ? ciphertextChunk.length - 1
+            : ciphertextChunk.length;
+        const overshoot = toprfEndIdx - trueCiphLen;
+        if (overshoot > 0) {
+            // fetch the overshoot part of the nullifier
+            const nextPkt = getNextPacket(strToUint8Array(nulliferStr.slice(dataLocation.length - overshoot)));
+            if (!nextPkt) {
+                throw new Error('OPRF data overshot, but no next packet found');
+            }
+            const nextRecordIV = getRecordIV(ciphertext, cipherSuite);
+            let nextNonce = concatenateUint8Arrays([iv, nextRecordIV]);
+            if (!nextRecordIV.length) {
+                nextNonce = generateIV(nextNonce, recordNumber + 1);
+            }
+            pubInput = [
+                ciphertextInput,
+                {
+                    ciphertext: nextPkt.slice(0, overshoot),
+                    iv: nextNonce,
+                    offsetBytes: 0,
+                }
+            ];
+            locations.push({
+                pos: dataLocation.fromIndex,
+                len: dataLocation.length - overshoot
+            }, {
+                pos: ceilToBlockSizeMultiple(dataLocation.fromIndex + dataLocation.length, algorithm),
+                len: overshoot
+            });
+        }
+        else {
+            locations.push({
+                pos: dataLocation.fromIndex,
+                len: dataLocation.length,
+            });
+        }
+        await verifyProof({
+            proof: { algorithm, proofData: proofData, plaintext: undefined },
+            publicInput: pubInput,
+            logger,
+            operator: getOprfOperator(),
+            toprf: {
+                locations,
+                domainSeparator: TOPRF_DOMAIN_SEPARATOR,
+                output: nullifier,
+                responses: toprf.responses,
+            }
+        });
+        logger?.debug({ locations }, 'verified TOPRF proof');
+        return {
+            set: strToUint8Array(nulliferStr.slice(0, locations[0].len)),
+            startIdx: locations[0].pos + startIdx,
+        };
+    }
+    function getZkOperator() {
+        return zkOperators?.[algorithm]
+            || makeDefaultZkOperator(algorithm, zkEngine, logger);
+    }
+    function getOprfOperator() {
+        return oprfOperators?.[algorithm]
+            || makeDefaultOPRFOperator(algorithm, zkEngine, logger);
+    }
+}
+// the chunk size of the ZK circuit in bytes
+// this will be >= the block size
+function getChunkSizeBytes(alg) {
+    const { chunkSize, bitsPerWord } = ZK_CONFIG[alg];
+    return chunkSize * bitsPerWord / 8;
+}
+const zkEngines = {};
+const oprfEngines = {};
+const operatorMakers = {
+    'snarkjs': makeSnarkJsZKOperator,
+    'gnark': makeGnarkZkOperator,
+};
+const OPRF_OPERATOR_MAKERS = {
+    'gnark': makeGnarkOPRFOperator
+};
+export function makeDefaultZkOperator(algorithm, zkEngine, logger) {
+    let zkOperators = zkEngines[zkEngine];
+    if (!zkOperators) {
+        zkEngines[zkEngine] = {};
+        zkOperators = zkEngines[zkEngine];
+    }
+    if (!zkOperators[algorithm]) {
+        const opType = getOperatorType();
+        const zkBaseUrl = opType === 'remote' ? getZkResourcesBaseUrl() : undefined;
+        logger?.info({ type: opType, algorithm, zkBaseUrl }, 'fetching zk operator');
+        const fetcher = opType === 'local'
+            ? makeLocalFileFetch()
+            : makeRemoteFileFetch({ baseUrl: zkBaseUrl, logger });
+        const maker = operatorMakers[zkEngine];
+        if (!maker) {
+            throw new Error(`No ZK operator maker for ${zkEngine}`);
+        }
+        zkOperators[algorithm] = maker({ algorithm, fetcher });
+    }
+    return zkOperators[algorithm];
+}
+function getOperatorType() {
+    const envop = getEnvVariable('ZK_OPERATOR_TYPE');
+    if (envop === 'local' || envop === 'remote') {
+        return envop;
+    }
+    return detectEnvironment() === 'node' ? 'local' : 'remote';
+}
+export function makeDefaultOPRFOperator(algorithm, zkEngine, logger) {
+    let operators = oprfEngines[zkEngine];
+    if (!operators) {
+        oprfEngines[zkEngine] = {};
+        operators = oprfEngines[zkEngine];
+    }
+    if (!operators[algorithm]) {
+        const type = getOperatorType();
+        const zkBaseUrl = type === 'remote' ? getZkResourcesBaseUrl() : undefined;
+        logger?.info({ type, algorithm, zkBaseUrl }, 'fetching oprf operator');
+        const fetcher = type === 'local'
+            ? makeLocalFileFetch()
+            : makeRemoteFileFetch({ baseUrl: zkBaseUrl, logger });
+        const maker = OPRF_OPERATOR_MAKERS[zkEngine];
+        if (!maker) {
+            throw new Error(`No OPRF operator maker for ${zkEngine}`);
+        }
+        operators[algorithm] = maker({ algorithm, fetcher });
+    }
+    return operators[algorithm];
+}
+export function getEngineString(engine) {
+    if (engine === ZKProofEngine.ZK_ENGINE_GNARK) {
+        return 'gnark';
+    }
+    if (engine === ZKProofEngine.ZK_ENGINE_SNARKJS) {
+        return 'snarkjs';
+    }
+    throw new Error(`Unknown ZK engine: ${engine}`);
+}
+export function getEngineProto(engine) {
+    if (engine === 'gnark') {
+        return ZKProofEngine.ZK_ENGINE_GNARK;
+    }
+    if (engine === 'snarkjs') {
+        return ZKProofEngine.ZK_ENGINE_SNARKJS;
+    }
+    throw new Error(`Unknown ZK engine: ${engine}`);
+}
+function getProofGenerationParamsForSlice({ key, iv, ciphertext, redactedPlaintext, slice: { fromIndex, toIndex }, }) {
+    const ciphertextChunk = ciphertext.slice(fromIndex, toIndex);
+    const plaintextChunk = redactedPlaintext.slice(fromIndex, toIndex);
+    if (isFullyRedacted(plaintextChunk)) {
+        return;
+    }
+    // redact ciphertext if plaintext is redacted
+    // to prepare for decryption in ZK circuit
+    // the ZK circuit will take in the redacted ciphertext,
+    // which shall produce the redacted plaintext
+    for (let i = 0; i < ciphertextChunk.length; i++) {
+        if (plaintextChunk[i] === REDACTION_CHAR_CODE) {
+            ciphertextChunk[i] = REDACTION_CHAR_CODE;
+        }
+    }
+    return {
+        startIdx: fromIndex,
+        redactedPlaintext: plaintextChunk,
+        privateInput: { key },
+        publicInput: { ciphertext: ciphertextChunk, iv, offsetBytes: fromIndex },
+    };
+}
+function getTOPRFProofGenerationParamsForSlice({ key, iv, ciphertext, slice: { fromIndex, toIndex }, toprf, }) {
+    const ciphertextChunk = ciphertext.slice(fromIndex, toIndex);
+    if (toprf?.overshoot) {
+        const { overshoot: { ciphertext: overshootCiphertext, iv: overshootIv } } = toprf;
+        return {
+            privateInput: { key },
+            publicInput: [
+                {
+                    ciphertext: ciphertextChunk,
+                    iv,
+                    offsetBytes: fromIndex,
+                },
+                { ciphertext: overshootCiphertext, iv: overshootIv }
+            ],
+            toprf,
+            startIdx: fromIndex,
+        };
+    }
+    return {
+        privateInput: { key },
+        publicInput: { ciphertext: ciphertextChunk, iv, offsetBytes: fromIndex },
+        toprf,
+        startIdx: fromIndex,
+    };
+}
+/**
+ * Get the ideal location to generate a ZK proof for a TOPRF block.
+ * Ideally it should be put into a slice that's a divisor of the chunk size,
+ * as that'll minimize the number of proofs that need to be generated.
+ * @returns the offset in bytes
+ */
+function getIdealOffsetForToprfBlock(alg, { dataLocation, overshoot }) {
+    const chunkSizeBytes = getChunkSizeBytes(alg);
+    const blockSizeBytes = getBlockSizeBytes(alg);
+    const offsetChunks = Math
+        .floor(dataLocation.fromIndex / chunkSizeBytes);
+    const endOffsetChunks = Math
+        .floor((dataLocation.fromIndex + dataLocation.length) / chunkSizeBytes);
+    // happy case -- the OPRF block fits into a single chunk, that's a
+    // divisor of the chunk size
+    if (endOffsetChunks === offsetChunks) {
+        const start = offsetChunks * chunkSizeBytes;
+        if (overshoot) {
+            const overshootBlocks = Math
+                .ceil(overshoot.ciphertext.length / blockSizeBytes);
+            return start + (overshootBlocks * blockSizeBytes);
+        }
+        return start;
+    }
+    const offsetBytes = Math
+        .floor(dataLocation.fromIndex / blockSizeBytes) * blockSizeBytes;
+    const endOffsetBytes = Math
+        .ceil((dataLocation.fromIndex + dataLocation.length) / blockSizeBytes);
+    if (endOffsetBytes - offsetBytes > chunkSizeBytes) {
+        throw new AttestorError('ERROR_BAD_REQUEST', 'OPRF data cannot fit into a single chunk');
+    }
+    return offsetBytes;
+}
+function getZkResourcesBaseUrl() {
+    if (typeof ATTESTOR_BASE_URL !== 'string') {
+        return DEFAULT_REMOTE_FILE_FETCH_BASE_URL;
+    }
+    return new URL(DEFAULT_REMOTE_FILE_FETCH_BASE_URL, ATTESTOR_BASE_URL).toString();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reclaimprotocol/attestor-core",
-  "version": "5.0.3",
+  "version": "5.0.4",
   "description": "",
   "type": "module",
   "imports": {
@@ -97,6 +97,7 @@
     "esprima-next": "^5.8.4",
     "ethers": "^6.16.0",
     "https-proxy-agent": "^7.0.6",
+    "ip-address": "^10.2.0",
     "ip-cidr": "^3.1.0",
     "jsonpath-plus": "^10.4.0",
     "koffi": "^2.15.2",
@@ -104,7 +105,7 @@
     "parse5": "^8.0.0",
     "parse5-htmlparser2-tree-adapter": "^8.0.0",
     "pino": "^9.14.0",
-    "re2": "^1.23.3",
+    "re2": "^1.24.0",
     "serve-static": "^1.16.3",
     "snarkjs": "git+https://github.com/reclaimprotocol/snarkjs.git",
     "ws": "^8.20.0",