@rolly-dev/wasm-signer 0.12.0 → 1.0.0

package/dist/web/rolly_wasm_signer.js

@@ -18,7 +18,7 @@ export function amount_split(amount) {
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v1 = getArrayU32FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 4, 4);
+        wasm.__wbindgen_export2(r0, r1 * 4, 4);
         return v1;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -34,13 +34,13 @@ export function amount_split(amount) {
 export function compute_address_hash(address_hex) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(address_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passStringToWasm0(address_hex, wasm.__wbindgen_export3, wasm.__wbindgen_export4);
         const len0 = WASM_VECTOR_LEN;
         wasm.compute_address_hash(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -51,7 +51,7 @@ export function compute_address_hash(address_hex) {
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -62,89 +62,13 @@ export function compute_address_hash(address_hex) {
 export function compute_server_seed_hash(server_seed) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(server_seed, wasm.__wbindgen_export);
+        const ptr0 = passArray64ToWasm0(server_seed, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
         wasm.compute_server_seed_hash(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
-        return v2;
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-    }
-}
-
-/**
- * Compute the transaction message hash (for debugging / verification).
- *
- * Returns `BigUint64Array` of length 4 — the same hash the circuit computes.
- *
- * ```js
- * const hash = compute_tx_msg_hash(5, userId, 0, amountLo, amountHi);
- * ```
- * @param {number} tx_type
- * @param {number} user_id
- * @param {number} currency_id
- * @param {number} amount_lo
- * @param {number} amount_hi
- * @param {bigint} session_expiry
- * @returns {BigUint64Array}
- */
-export function compute_tx_msg_hash(tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry) {
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        wasm.compute_tx_msg_hash(retptr, tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var v1 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
-        return v1;
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-    }
-}
-
-/**
- * Create a `bet_auth` MAC that proves the user authorized this specific bet.
- *
- * ```text
- * bet_auth = Poseidon2(
- *     session_key[0..4],   // 4 field elements (private)
- *     amount_lo,           // lower  32 bits of bet_amount
- *     amount_hi,           // upper  32 bits of bet_amount
- *     nonce,               // monotonic counter, prevents replay
- * )
- * ```
- *
- * The circuit verifies two things:
- *   1. `session_pk == Poseidon2(session_key)` — knowledge of key
- *   2. `bet_auth  == Poseidon2(session_key ‖ amount_lo ‖ amount_hi ‖ nonce)`
- *
- * The lo/hi split matches `src/circuit/main_circuit.rs` witness assignment:
- *   `amount as u32` / `(amount >> 32) as u32`, both via `from_canonical_u32`.
- *
- * **Parameters**
- * - `session_key` : 4 × u64  (private, from `derive_session_key`)
- * - `bet_amount`  : u64      (in smallest currency units)
- * - `nonce`       : u64      (incrementing per-session counter)
- *
- * **Returns**: 4 × u64 (`bet_auth` hash)
- * @param {BigUint64Array} session_key
- * @param {bigint} bet_amount
- * @param {bigint} nonce
- * @returns {BigUint64Array}
- */
-export function create_bet_auth(session_key, bet_amount, nonce) {
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(session_key, wasm.__wbindgen_export);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.create_bet_auth(retptr, ptr0, len0, bet_amount, nonce);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -172,13 +96,13 @@ export function create_bet_auth(session_key, bet_amount, nonce) {
 export function derive_session_key(sig_bytes) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray8ToWasm0(sig_bytes, wasm.__wbindgen_export);
+        const ptr0 = passArray8ToWasm0(sig_bytes, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
         wasm.derive_session_key(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -210,7 +134,7 @@ export function generate_user_seed() {
         return getStringFromWasm0(r0, r1);
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred1_0, deferred1_1, 1);
+        wasm.__wbindgen_export2(deferred1_0, deferred1_1, 1);
     }
 }
 
@@ -231,7 +155,7 @@ export function goldilocks_fields_to_hex(fields) {
     let deferred2_1;
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(fields, wasm.__wbindgen_export);
+        const ptr0 = passArray64ToWasm0(fields, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
         wasm.goldilocks_fields_to_hex(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -241,7 +165,7 @@ export function goldilocks_fields_to_hex(fields) {
         return getStringFromWasm0(r0, r1);
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
+        wasm.__wbindgen_export2(deferred2_0, deferred2_1, 1);
     }
 }
 
@@ -268,31 +192,32 @@ export function goldilocks_reduce(value) {
 }
 
 /**
- * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
  *
- * Mirrors `builder.hash_n_to_hash_no_pad::<Poseidon2Hash>(...)` inside
- * the circuit and `Poseidon2Hash::hash_no_pad` in `src/block_builder`.
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
  *
- * **Input** : `BigUint64Array` — each element must be < `GOLDILOCKS_P`.
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
  * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
  *
  * ```js
- * const h = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
- * // h.length === 4
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
  * ```
- * @param {BigUint64Array} input
+ * @param {BigUint64Array} raw
  * @returns {BigUint64Array}
  */
-export function poseidon2_hash(input) {
+export function hash_balance_leaf(raw) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(input, wasm.__wbindgen_export);
+        const ptr0 = passArray64ToWasm0(raw, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
-        wasm.poseidon2_hash(retptr, ptr0, len0);
+        wasm.hash_balance_leaf(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -300,117 +225,71 @@ export function poseidon2_hash(input) {
 }
 
 /**
- * Merkle-tree hash: Poseidon2(left[4] ‖ right[4]).
- *
- * Identical to `poseidon_hash(left, right)` in `src/merkletree/hash.rs`.
- * Input ordering is critical — `left` concatenated before `right`.
- *
- * Both arrays **must** have exactly 4 elements (one `HashOut` each).
- * @param {BigUint64Array} left
- * @param {BigUint64Array} right
- * @returns {BigUint64Array}
- */
-export function poseidon2_two_to_one(left, right) {
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(left, wasm.__wbindgen_export);
-        const len0 = WASM_VECTOR_LEN;
-        const ptr1 = passArray64ToWasm0(right, wasm.__wbindgen_export);
-        const len1 = WASM_VECTOR_LEN;
-        wasm.poseidon2_two_to_one(retptr, ptr0, len0, ptr1, len1);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var v3 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
-        return v3;
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-    }
-}
-
-/**
- * Derive a Schnorr secret key from entropy bytes (e.g. MetaMask signature).
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
  *
- * Takes at least 32 bytes, uses `Scalar::decode_reduce` to map them into
- * the ECgFp5 scalar field. Returns hex-encoded secret key (80 chars = 40 bytes).
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
  *
- * ```js
- * const skHex = schnorr_keygen(sigBytes.slice(0, 32));
- * ```
- * @param {Uint8Array} entropy
- * @returns {string}
- */
-export function schnorr_keygen(entropy) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray8ToWasm0(entropy, wasm.__wbindgen_export);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.schnorr_keygen(retptr, ptr0, len0);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        deferred2_0 = r0;
-        deferred2_1 = r1;
-        return getStringFromWasm0(r0, r1);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
-    }
-}
-
-/**
- * Get the w-encoding of a public key as 5 Goldilocks field elements (for circuit witness).
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
  *
- * Returns `BigUint64Array` of length 5.
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
  *
  * ```js
- * const encode = schnorr_pk_encode(pkHex);
- * // encode.length === 5
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
  * ```
- * @param {string} pk_hex
+ * @param {BigUint64Array} balance_hash
+ * @param {BigUint64Array} pk_hash
+ * @param {BigUint64Array} address_hash
  * @returns {BigUint64Array}
  */
-export function schnorr_pk_encode(pk_hex) {
+export function make_main_leaf(balance_hash, pk_hash, address_hash) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(pk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passArray64ToWasm0(balance_hash, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
-        wasm.schnorr_pk_encode(retptr, ptr0, len0);
+        const ptr1 = passArray64ToWasm0(pk_hash, wasm.__wbindgen_export3);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passArray64ToWasm0(address_hash, wasm.__wbindgen_export3);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.make_main_leaf(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
-        return v2;
+        var v4 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v4;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
     }
 }
 
 /**
- * Compute pk_hash = Poseidon2(w_encoding[5]) from a hex-encoded public key.
+ * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
- * The w-encoding is the 40-byte (80 hex) representation returned by `schnorr_pubkey`.
- * pk_hash is stored in the Merkle tree to bind the Schnorr key to an account.
+ * Mirrors `builder.hash_n_to_hash_no_pad::<Poseidon2Hash>(...)` inside
+ * the circuit and `Poseidon2Hash::hash_no_pad` in `src/block_builder`.
  *
- * Returns `BigUint64Array` of length 4.
+ * **Input** : `BigUint64Array` — each element must be < `GOLDILOCKS_P`.
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
  *
  * ```js
- * const pkHash = schnorr_pk_hash(pkHex);
+ * const h = poseidon2_hash(BigUint64Array.from([1n, 2n, 3n]));
+ * // h.length === 4
  * ```
- * @param {string} pk_hex
+ * @param {BigUint64Array} input
  * @returns {BigUint64Array}
  */
-export function schnorr_pk_hash(pk_hex) {
+export function poseidon2_hash(input) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(pk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passArray64ToWasm0(input, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
-        wasm.schnorr_pk_hash(retptr, ptr0, len0);
+        wasm.poseidon2_hash(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -418,169 +297,57 @@ export function schnorr_pk_hash(pk_hex) {
 }
 
 /**
- * Compute pk_hash as a hex string (for convenience).
- *
- * ```js
- * const pkHashHex = schnorr_pk_hash_hex(pkHex);
- * ```
- * @param {string} pk_hex
- * @returns {string}
- */
-export function schnorr_pk_hash_hex(pk_hex) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(pk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.schnorr_pk_hash_hex(retptr, ptr0, len0);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        deferred2_0 = r0;
-        deferred2_1 = r1;
-        return getStringFromWasm0(r0, r1);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
-    }
-}
-
-/**
- * Compute the Schnorr public key from a hex-encoded secret key.
+ * Merkle-tree hash: Poseidon2(left[4] ‖ right[4]).
  *
- * Returns hex-encoded w-encoding of the ECgFp5 point (80 chars = 40 bytes).
+ * Identical to `poseidon_hash(left, right)` in `src/merkletree/hash.rs`.
+ * Input ordering is critical — `left` concatenated before `right`.
  *
- * ```js
- * const pkHex = schnorr_pubkey(skHex);
- * ```
- * @param {string} sk_hex
- * @returns {string}
+ * Both arrays **must** have exactly 4 elements (one `HashOut` each).
+ * @param {BigUint64Array} left
+ * @param {BigUint64Array} right
+ * @returns {BigUint64Array}
  */
-export function schnorr_pubkey(sk_hex) {
-    let deferred2_0;
-    let deferred2_1;
+export function poseidon2_two_to_one(left, right) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(sk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passArray64ToWasm0(left, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
-        wasm.schnorr_pubkey(retptr, ptr0, len0);
+        const ptr1 = passArray64ToWasm0(right, wasm.__wbindgen_export3);
+        const len1 = WASM_VECTOR_LEN;
+        wasm.poseidon2_two_to_one(retptr, ptr0, len0, ptr1, len1);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        deferred2_0 = r0;
-        deferred2_1 = r1;
-        return getStringFromWasm0(r0, r1);
+        var v3 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v3;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
     }
 }
 
 /**
- * Sign a ChangePubKey (tx_type=9) transaction in (s, e) format.
- *
- * msg_hash = Poseidon2(9, user_id, new_pk_hash[0..4])
- *
- * The old key signs this message to authorize key rotation.
- *
- * Returns a JS object: `{ pubkey: "hex", sig_s: "hex", sig_e: "hex" }`
- *
- * ```js
- * const sig = schnorr_sign_cpk(oldSkHex, userId, newPkHashArray);
- * ```
- * @param {string} old_sk_hex
- * @param {number} user_id
- * @param {BigUint64Array} new_pk_hash
- * @returns {any}
- */
-export function schnorr_sign_cpk(old_sk_hex, user_id, new_pk_hash) {
-    const ptr0 = passStringToWasm0(old_sk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    const ptr1 = passArray64ToWasm0(new_pk_hash, wasm.__wbindgen_export);
-    const len1 = WASM_VECTOR_LEN;
-    const ret = wasm.schnorr_sign_cpk(ptr0, len0, user_id, ptr1, len1);
-    return takeObject(ret);
-}
-
-/**
- * Sign a transaction with Schnorr (ECgFp5) in (s, e) format.
- *
- * msg_hash = Poseidon2(tx_type, user_id, currency_id, amount_lo, amount_hi)
- *
- * Returns a JS object: `{ pubkey: "hex", sig_s: "hex", sig_e: "hex" }`
- *
- * ```js
- * const sig = schnorr_sign_tx(skHex, 5, userId, 0, amountLo, amountHi);
- * // sig.pubkey (80 hex), sig.sig_s (80 hex), sig.sig_e (80 hex)
- * ```
- * @param {string} sk_hex
- * @param {number} tx_type
- * @param {number} user_id
- * @param {number} currency_id
- * @param {number} amount_lo
- * @param {number} amount_hi
- * @param {bigint} session_expiry
- * @returns {any}
- */
-export function schnorr_sign_tx(sk_hex, tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry) {
-    const ptr0 = passStringToWasm0(sk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    const ret = wasm.schnorr_sign_tx(ptr0, len0, tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry);
-    return takeObject(ret);
-}
-
-/**
- * Verify a Schnorr signature (s, e) for a transaction.
- *
- * Algorithm: R_v = s·G + e·pk, e_v = H(R_v‖pk‖msg), check e == e_v.
- *
- * Returns `true` if signature is valid, `false` otherwise.
- *
- * ```js
- * const ok = schnorr_verify_tx(pubkeyHex, sigSHex, sigEHex, 5, userId, 0, amountLo, amountHi);
- * ```
- * @param {string} pk_hex
- * @param {string} sig_s_hex
- * @param {string} sig_e_hex
- * @param {number} tx_type
- * @param {number} user_id
- * @param {number} currency_id
- * @param {number} amount_lo
- * @param {number} amount_hi
- * @param {bigint} session_expiry
- * @returns {boolean}
- */
-export function schnorr_verify_tx(pk_hex, sig_s_hex, sig_e_hex, tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry) {
-    const ptr0 = passStringToWasm0(pk_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len0 = WASM_VECTOR_LEN;
-    const ptr1 = passStringToWasm0(sig_s_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len1 = WASM_VECTOR_LEN;
-    const ptr2 = passStringToWasm0(sig_e_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-    const len2 = WASM_VECTOR_LEN;
-    const ret = wasm.schnorr_verify_tx(ptr0, len0, ptr1, len1, ptr2, len2, tx_type, user_id, currency_id, amount_lo, amount_hi, session_expiry);
-    return ret !== 0;
-}
-
-/**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  * @param {BigUint64Array} server_seed
  * @returns {BigUint64Array}
  */
 export function seed_hash_truncated(server_seed) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(server_seed, wasm.__wbindgen_export);
+        const ptr0 = passArray64ToWasm0(server_seed, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
         wasm.seed_hash_truncated(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -588,25 +355,27 @@ export function seed_hash_truncated(server_seed) {
 }
 
 /**
- * Compute the public key for a session: `session_pk = Poseidon2(session_key)`.
+ * Compute the public key for a session: `pk_hash = Poseidon2(session_key[4], expiry)`.
  *
- * The public key is stored in the user-asset Merkle leaf and verified
- * inside the circuit (the prover must know the preimage `session_key`).
+ * The public key hash is stored in the user-asset Merkle leaf and verified
+ * inside the circuit (the prover must know the preimage `session_key` + `expiry`).
  *
  * `session_key` must be exactly 4 elements (output of `derive_session_key`).
+ * `session_expiry` is the Unix timestamp after which the session is invalid.
  * @param {BigUint64Array} session_key
+ * @param {bigint} session_expiry
  * @returns {BigUint64Array}
  */
-export function session_public_key(session_key) {
+export function session_public_key(session_key, session_expiry) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passArray64ToWasm0(session_key, wasm.__wbindgen_export);
+        const ptr0 = passArray64ToWasm0(session_key, wasm.__wbindgen_export3);
         const len0 = WASM_VECTOR_LEN;
-        wasm.session_public_key(retptr, ptr0, len0);
+        wasm.session_public_key(retptr, ptr0, len0, session_expiry);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -632,13 +401,13 @@ export function session_public_key(session_key) {
 export function string_to_user_seed(input) {
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(input, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passStringToWasm0(input, wasm.__wbindgen_export3, wasm.__wbindgen_export4);
         const len0 = WASM_VECTOR_LEN;
         wasm.string_to_user_seed(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
         var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
         var v2 = getArrayU64FromWasm0(r0, r1).slice();
-        wasm.__wbindgen_export4(r0, r1 * 8, 8);
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
         return v2;
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
@@ -663,7 +432,7 @@ export function string_to_user_seed_hex(input) {
     let deferred2_1;
     try {
         const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(input, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const ptr0 = passStringToWasm0(input, wasm.__wbindgen_export3, wasm.__wbindgen_export4);
         const len0 = WASM_VECTOR_LEN;
         wasm.string_to_user_seed_hex(retptr, ptr0, len0);
         var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
@@ -673,20 +442,13 @@ export function string_to_user_seed_hex(input) {
         return getStringFromWasm0(r0, r1);
     } finally {
         wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
+        wasm.__wbindgen_export2(deferred2_0, deferred2_1, 1);
     }
 }
 
 function __wbg_get_imports() {
     const import0 = {
         __proto__: null,
-        __wbg___wbindgen_debug_string_0bc8482c6e3508ae: function(arg0, arg1) {
-            const ret = debugString(getObject(arg1));
-            const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_export, wasm.__wbindgen_export2);
-            const len1 = WASM_VECTOR_LEN;
-            getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
-            getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
-        },
         __wbg___wbindgen_is_function_0095a73b8b156f76: function(arg0) {
             const ret = typeof(getObject(arg0)) === 'function';
             return ret;
@@ -730,10 +492,6 @@ function __wbg_get_imports() {
             const ret = getObject(arg0).msCrypto;
             return addHeapObject(ret);
         },
-        __wbg_new_361308b2356cecd0: function() {
-            const ret = new Object();
-            return addHeapObject(ret);
-        },
         __wbg_new_no_args_1c7c842f08d00ebb: function(arg0, arg1) {
             const ret = new Function(getStringFromWasm0(arg0, arg1));
             return addHeapObject(ret);
@@ -760,10 +518,6 @@ function __wbg_get_imports() {
             const ret = module.require;
             return addHeapObject(ret);
         }, arguments); },
-        __wbg_set_6cb8631f80447a67: function() { return handleError(function (arg0, arg1, arg2) {
-            const ret = Reflect.set(getObject(arg0), getObject(arg1), getObject(arg2));
-            return ret;
-        }, arguments); },
         __wbg_static_accessor_GLOBAL_12837167ad935116: function() {
             const ret = typeof global === 'undefined' ? null : global;
             return isLikeNone(ret) ? 0 : addHeapObject(ret);
@@ -821,71 +575,6 @@ function addHeapObject(obj) {
     return idx;
 }
 
-function debugString(val) {
-    // primitive types
-    const type = typeof val;
-    if (type == 'number' || type == 'boolean' || val == null) {
-        return  `${val}`;
-    }
-    if (type == 'string') {
-        return `"${val}"`;
-    }
-    if (type == 'symbol') {
-        const description = val.description;
-        if (description == null) {
-            return 'Symbol';
-        } else {
-            return `Symbol(${description})`;
-        }
-    }
-    if (type == 'function') {
-        const name = val.name;
-        if (typeof name == 'string' && name.length > 0) {
-            return `Function(${name})`;
-        } else {
-            return 'Function';
-        }
-    }
-    // objects
-    if (Array.isArray(val)) {
-        const length = val.length;
-        let debug = '[';
-        if (length > 0) {
-            debug += debugString(val[0]);
-        }
-        for(let i = 1; i < length; i++) {
-            debug += ', ' + debugString(val[i]);
-        }
-        debug += ']';
-        return debug;
-    }
-    // Test for built-in
-    const builtInMatches = /\[object ([^\]]+)\]/.exec(toString.call(val));
-    let className;
-    if (builtInMatches && builtInMatches.length > 1) {
-        className = builtInMatches[1];
-    } else {
-        // Failed to match the standard '[object ClassName]'
-        return toString.call(val);
-    }
-    if (className == 'Object') {
-        // we're a user defined class or Object
-        // JSON.stringify avoids problems with cycles, and is generally much
-        // easier than looping through ownProperties of `val`.
-        try {
-            return 'Object(' + JSON.stringify(val) + ')';
-        } catch (_) {
-            return 'Object';
-        }
-    }
-    // errors
-    if (val instanceof Error) {
-        return `${val.name}: ${val.message}\n${val.stack}`;
-    }
-    // TODO we could test for more things here, like `Set`s and `Map`s.
-    return className;
-}
-
 function dropObject(idx) {
     if (idx < 132) return;
     heap[idx] = heap_next;
@@ -950,7 +639,7 @@ function handleError(f, args) {
     try {
         return f.apply(this, args);
     } catch (e) {
-        wasm.__wbindgen_export3(addHeapObject(e));
+        wasm.__wbindgen_export(addHeapObject(e));
     }
 }