@rolly-dev/wasm-signer 0.12.0 → 1.0.0

package/README.md

@@ -23,7 +23,6 @@ const {
   poseidon2_hash,
   derive_session_key,
   session_public_key,
-  create_bet_auth,
 } = require('@rolly-dev/wasm-signer');
 
 const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
@@ -36,10 +35,11 @@ const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
 import {
   poseidon2_hash,
   derive_session_key,
-  create_bet_auth,
+  session_public_key,
 } from '@rolly-dev/wasm-signer';
 
-const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
+const sessionKey = derive_session_key(metamaskSignatureBytes);
+const pkHash = session_public_key(sessionKey, BigInt(expiryTimestamp));
 ```
 
 ### React
@@ -47,17 +47,15 @@ const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
 ```jsx
 import { useRollyWasm } from '@rolly-dev/wasm-signer/react';
 
-function BetButton({ sessionKey, amount, nonce }) {
-  const { ready, create_bet_auth } = useRollyWasm();
+function SessionInfo({ sessionKey, expiry }) {
+  const { ready, session_public_key } = useRollyWasm();
 
   if (!ready) return <span>Loading...</span>;
 
-  const handleBet = () => {
-    const auth = create_bet_auth(sessionKey, BigInt(amount), BigInt(nonce));
-    // send auth to server...
-  };
+  const pkHash = session_public_key(sessionKey, BigInt(expiry));
+  // register pkHash on-chain via key_register tx...
 
-  return <button onClick={handleBet}>Place Bet</button>;
+  return <div>Session active until {new Date(Number(expiry) * 1000).toLocaleString()}</div>;
 }
 ```
 
@@ -89,10 +87,9 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `poseidon2_hash`           | `BigUint64Array`               | `BigUint64Array(4)` | Hash N field elements                        |
 | `poseidon2_two_to_one`     | `BigUint64Array(4)` × 2        | `BigUint64Array(4)` | Merkle hash: H(left‖right)                   |
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
-| `session_public_key`       | `BigUint64Array(4)`            | `BigUint64Array(4)` | session_pk = H(session_key)                  |
-| `create_bet_auth`          | `(BigUint64Array(4), bigint, bigint)` | `BigUint64Array(4)` | MAC = H(sk‖amount_lo‖amount_hi‖nonce)  |
+| `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 

package/dist/node/README.md

@@ -23,7 +23,6 @@ const {
   poseidon2_hash,
   derive_session_key,
   session_public_key,
-  create_bet_auth,
 } = require('@rolly-dev/wasm-signer');
 
 const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
@@ -36,10 +35,11 @@ const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
 import {
   poseidon2_hash,
   derive_session_key,
-  create_bet_auth,
+  session_public_key,
 } from '@rolly-dev/wasm-signer';
 
-const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
+const sessionKey = derive_session_key(metamaskSignatureBytes);
+const pkHash = session_public_key(sessionKey, BigInt(expiryTimestamp));
 ```
 
 ### React
@@ -47,17 +47,15 @@ const hash = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
 ```jsx
 import { useRollyWasm } from '@rolly-dev/wasm-signer/react';
 
-function BetButton({ sessionKey, amount, nonce }) {
-  const { ready, create_bet_auth } = useRollyWasm();
+function SessionInfo({ sessionKey, expiry }) {
+  const { ready, session_public_key } = useRollyWasm();
 
   if (!ready) return <span>Loading...</span>;
 
-  const handleBet = () => {
-    const auth = create_bet_auth(sessionKey, BigInt(amount), BigInt(nonce));
-    // send auth to server...
-  };
+  const pkHash = session_public_key(sessionKey, BigInt(expiry));
+  // register pkHash on-chain via key_register tx...
 
-  return <button onClick={handleBet}>Place Bet</button>;
+  return <div>Session active until {new Date(Number(expiry) * 1000).toLocaleString()}</div>;
 }
 ```
 
@@ -89,10 +87,9 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `poseidon2_hash`           | `BigUint64Array`               | `BigUint64Array(4)` | Hash N field elements                        |
 | `poseidon2_two_to_one`     | `BigUint64Array(4)` × 2        | `BigUint64Array(4)` | Merkle hash: H(left‖right)                   |
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
-| `session_public_key`       | `BigUint64Array(4)`            | `BigUint64Array(4)` | session_pk = H(session_key)                  |
-| `create_bet_auth`          | `(BigUint64Array(4), bigint, bigint)` | `BigUint64Array(4)` | MAC = H(sk‖amount_lo‖amount_hi‖nonce)  |
+| `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 

package/dist/node/rolly_wasm_signer.d.ts

@@ -22,7 +22,7 @@ export function compute_address_hash(address_hex: string): BigUint64Array;
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -30,45 +30,6 @@ export function compute_address_hash(address_hex: string): BigUint64Array;
  */
 export function compute_server_seed_hash(server_seed: BigUint64Array): BigUint64Array;
 
-/**
- * Compute the transaction message hash (for debugging / verification).
- *
- * Returns `BigUint64Array` of length 4 — the same hash the circuit computes.
- *
- * ```js
- * const hash = compute_tx_msg_hash(5, userId, 0, amountLo, amountHi);
- * ```
- */
-export function compute_tx_msg_hash(tx_type: number, user_id: number, currency_id: number, amount_lo: number, amount_hi: number, session_expiry: bigint): BigUint64Array;
-
-/**
- * Create a `bet_auth` MAC that proves the user authorized this specific bet.
- *
- * ```text
- * bet_auth = Poseidon2(
- *     session_key[0..4],   // 4 field elements (private)
- *     amount_lo,           // lower  32 bits of bet_amount
- *     amount_hi,           // upper  32 bits of bet_amount
- *     nonce,               // monotonic counter, prevents replay
- * )
- * ```
- *
- * The circuit verifies two things:
- *   1. `session_pk == Poseidon2(session_key)` — knowledge of key
- *   2. `bet_auth  == Poseidon2(session_key ‖ amount_lo ‖ amount_hi ‖ nonce)`
- *
- * The lo/hi split matches `src/circuit/main_circuit.rs` witness assignment:
- *   `amount as u32` / `(amount >> 32) as u32`, both via `from_canonical_u32`.
- *
- * **Parameters**
- * - `session_key` : 4 × u64  (private, from `derive_session_key`)
- * - `bet_amount`  : u64      (in smallest currency units)
- * - `nonce`       : u64      (incrementing per-session counter)
- *
- * **Returns**: 4 × u64 (`bet_auth` hash)
- */
-export function create_bet_auth(session_key: BigUint64Array, bet_amount: bigint, nonce: bigint): BigUint64Array;
-
 /**
  * Derive a session key from 32 bytes of entropy (e.g. MetaMask signature).
  *
@@ -126,151 +87,89 @@ export function goldilocks_modulus(): bigint;
 export function goldilocks_reduce(value: bigint): bigint;
 
 /**
- * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
- *
- * Mirrors `builder.hash_n_to_hash_no_pad::<Poseidon2Hash>(...)` inside
- * the circuit and `Poseidon2Hash::hash_no_pad` in `src/block_builder`.
- *
- * **Input** : `BigUint64Array` — each element must be < `GOLDILOCKS_P`.
- * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
- *
- * ```js
- * const h = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
- * // h.length === 4
- * ```
- */
-export function poseidon2_hash(input: BigUint64Array): BigUint64Array;
-
-/**
- * Merkle-tree hash: Poseidon2(left[4] ‖ right[4]).
- *
- * Identical to `poseidon_hash(left, right)` in `src/merkletree/hash.rs`.
- * Input ordering is critical — `left` concatenated before `right`.
- *
- * Both arrays **must** have exactly 4 elements (one `HashOut` each).
- */
-export function poseidon2_two_to_one(left: BigUint64Array, right: BigUint64Array): BigUint64Array;
-
-/**
- * Derive a Schnorr secret key from entropy bytes (e.g. MetaMask signature).
- *
- * Takes at least 32 bytes, uses `Scalar::decode_reduce` to map them into
- * the ECgFp5 scalar field. Returns hex-encoded secret key (80 chars = 40 bytes).
- *
- * ```js
- * const skHex = schnorr_keygen(sigBytes.slice(0, 32));
- * ```
- */
-export function schnorr_keygen(entropy: Uint8Array): string;
-
-/**
- * Get the w-encoding of a public key as 5 Goldilocks field elements (for circuit witness).
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
  *
- * Returns `BigUint64Array` of length 5.
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
  *
- * ```js
- * const encode = schnorr_pk_encode(pkHex);
- * // encode.length === 5
- * ```
- */
-export function schnorr_pk_encode(pk_hex: string): BigUint64Array;
-
-/**
- * Compute pk_hash = Poseidon2(w_encoding[5]) from a hex-encoded public key.
- *
- * The w-encoding is the 40-byte (80 hex) representation returned by `schnorr_pubkey`.
- * pk_hash is stored in the Merkle tree to bind the Schnorr key to an account.
- *
- * Returns `BigUint64Array` of length 4.
- *
- * ```js
- * const pkHash = schnorr_pk_hash(pkHex);
- * ```
- */
-export function schnorr_pk_hash(pk_hex: string): BigUint64Array;
-
-/**
- * Compute pk_hash as a hex string (for convenience).
- *
- * ```js
- * const pkHashHex = schnorr_pk_hash_hex(pkHex);
- * ```
- */
-export function schnorr_pk_hash_hex(pk_hex: string): string;
-
-/**
- * Compute the Schnorr public key from a hex-encoded secret key.
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
  *
- * Returns hex-encoded w-encoding of the ECgFp5 point (80 chars = 40 bytes).
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
  *
  * ```js
- * const pkHex = schnorr_pubkey(skHex);
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
  * ```
  */
-export function schnorr_pubkey(sk_hex: string): string;
+export function hash_balance_leaf(raw: BigUint64Array): BigUint64Array;
 
 /**
- * Sign a ChangePubKey (tx_type=9) transaction in (s, e) format.
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
  *
- * msg_hash = Poseidon2(9, user_id, new_pk_hash[0..4])
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
  *
- * The old key signs this message to authorize key rotation.
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
  *
- * Returns a JS object: `{ pubkey: "hex", sig_s: "hex", sig_e: "hex" }`
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
  *
  * ```js
- * const sig = schnorr_sign_cpk(oldSkHex, userId, newPkHashArray);
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
  * ```
  */
-export function schnorr_sign_cpk(old_sk_hex: string, user_id: number, new_pk_hash: BigUint64Array): any;
+export function make_main_leaf(balance_hash: BigUint64Array, pk_hash: BigUint64Array, address_hash: BigUint64Array): BigUint64Array;
 
 /**
- * Sign a transaction with Schnorr (ECgFp5) in (s, e) format.
+ * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
- * msg_hash = Poseidon2(tx_type, user_id, currency_id, amount_lo, amount_hi)
+ * Mirrors `builder.hash_n_to_hash_no_pad::<Poseidon2Hash>(...)` inside
+ * the circuit and `Poseidon2Hash::hash_no_pad` in `src/block_builder`.
  *
- * Returns a JS object: `{ pubkey: "hex", sig_s: "hex", sig_e: "hex" }`
+ * **Input** : `BigUint64Array` — each element must be < `GOLDILOCKS_P`.
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
  *
  * ```js
- * const sig = schnorr_sign_tx(skHex, 5, userId, 0, amountLo, amountHi);
- * // sig.pubkey (80 hex), sig.sig_s (80 hex), sig.sig_e (80 hex)
+ * const h = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
+ * // h.length === 4
  * ```
  */
-export function schnorr_sign_tx(sk_hex: string, tx_type: number, user_id: number, currency_id: number, amount_lo: number, amount_hi: number, session_expiry: bigint): any;
+export function poseidon2_hash(input: BigUint64Array): BigUint64Array;
 
 /**
- * Verify a Schnorr signature (s, e) for a transaction.
- *
- * Algorithm: R_v = s·G + e·pk, e_v = H(R_v‖pk‖msg), check e == e_v.
+ * Merkle-tree hash: Poseidon2(left[4] ‖ right[4]).
  *
- * Returns `true` if signature is valid, `false` otherwise.
+ * Identical to `poseidon_hash(left, right)` in `src/merkletree/hash.rs`.
+ * Input ordering is critical — `left` concatenated before `right`.
  *
- * ```js
- * const ok = schnorr_verify_tx(pubkeyHex, sigSHex, sigEHex, 5, userId, 0, amountLo, amountHi);
- * ```
+ * Both arrays **must** have exactly 4 elements (one `HashOut` each).
  */
-export function schnorr_verify_tx(pk_hex: string, sig_s_hex: string, sig_e_hex: string, tx_type: number, user_id: number, currency_id: number, amount_lo: number, amount_hi: number, session_expiry: bigint): boolean;
+export function poseidon2_two_to_one(left: BigUint64Array, right: BigUint64Array): BigUint64Array;
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  */
 export function seed_hash_truncated(server_seed: BigUint64Array): BigUint64Array;
 
 /**
- * Compute the public key for a session: `session_pk = Poseidon2(session_key)`.
+ * Compute the public key for a session: `pk_hash = Poseidon2(session_key[4], expiry)`.
  *
- * The public key is stored in the user-asset Merkle leaf and verified
- * inside the circuit (the prover must know the preimage `session_key`).
+ * The public key hash is stored in the user-asset Merkle leaf and verified
+ * inside the circuit (the prover must know the preimage `session_key` + `expiry`).
  *
  * `session_key` must be exactly 4 elements (output of `derive_session_key`).
+ * `session_expiry` is the Unix timestamp after which the session is invalid.
  */
-export function session_public_key(session_key: BigUint64Array): BigUint64Array;
+export function session_public_key(session_key: BigUint64Array, session_expiry: bigint): BigUint64Array;
 
 /**
  * Convert a user seed string to 4 Goldilocks field elements.