@rolly-dev/wasm-signer 0.13.1 → 1.0.0

package/README.md

@@ -89,7 +89,7 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
 | `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 

package/dist/node/README.md

@@ -89,7 +89,7 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
 | `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 

package/dist/node/rolly_wasm_signer.d.ts

@@ -22,7 +22,7 @@ export function compute_address_hash(address_hex: string): BigUint64Array;
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -86,6 +86,41 @@ export function goldilocks_modulus(): bigint;
  */
 export function goldilocks_reduce(value: bigint): bigint;
 
+/**
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
+ *
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
+ *
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
+ *
+ * ```js
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
+ * ```
+ */
+export function hash_balance_leaf(raw: BigUint64Array): BigUint64Array;
+
+/**
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
+ *
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
+ *
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
+ *
+ * ```js
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
+ * ```
+ */
+export function make_main_leaf(balance_hash: BigUint64Array, pk_hash: BigUint64Array, address_hash: BigUint64Array): BigUint64Array;
+
 /**
  * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
@@ -113,13 +148,15 @@ export function poseidon2_hash(input: BigUint64Array): BigUint64Array;
 export function poseidon2_two_to_one(left: BigUint64Array, right: BigUint64Array): BigUint64Array;
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  */
 export function seed_hash_truncated(server_seed: BigUint64Array): BigUint64Array;
 

package/dist/node/rolly_wasm_signer.js

@@ -53,7 +53,7 @@ exports.compute_address_hash = compute_address_hash;
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -199,6 +199,81 @@ function goldilocks_reduce(value) {
 }
 exports.goldilocks_reduce = goldilocks_reduce;
 
+/**
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
+ *
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
+ *
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
+ *
+ * ```js
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
+ * ```
+ * @param {BigUint64Array} raw
+ * @returns {BigUint64Array}
+ */
+function hash_balance_leaf(raw) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray64ToWasm0(raw, wasm.__wbindgen_export3);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.hash_balance_leaf(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var v2 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v2;
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+exports.hash_balance_leaf = hash_balance_leaf;
+
+/**
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
+ *
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
+ *
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
+ *
+ * ```js
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
+ * ```
+ * @param {BigUint64Array} balance_hash
+ * @param {BigUint64Array} pk_hash
+ * @param {BigUint64Array} address_hash
+ * @returns {BigUint64Array}
+ */
+function make_main_leaf(balance_hash, pk_hash, address_hash) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray64ToWasm0(balance_hash, wasm.__wbindgen_export3);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passArray64ToWasm0(pk_hash, wasm.__wbindgen_export3);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passArray64ToWasm0(address_hash, wasm.__wbindgen_export3);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.make_main_leaf(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var v4 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v4;
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+exports.make_main_leaf = make_main_leaf;
+
 /**
  * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
@@ -263,13 +338,15 @@ function poseidon2_two_to_one(left, right) {
 exports.poseidon2_two_to_one = poseidon2_two_to_one;
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  * @param {BigUint64Array} server_seed
  * @returns {BigUint64Array}
  */

package/dist/node/rolly_wasm_signer_bg.wasm.d.ts

@@ -8,6 +8,8 @@ export const derive_session_key: (a: number, b: number, c: number) => void;
 export const generate_user_seed: (a: number) => void;
 export const goldilocks_fields_to_hex: (a: number, b: number, c: number) => void;
 export const goldilocks_reduce: (a: bigint) => bigint;
+export const hash_balance_leaf: (a: number, b: number, c: number) => void;
+export const make_main_leaf: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
 export const poseidon2_hash: (a: number, b: number, c: number) => void;
 export const poseidon2_two_to_one: (a: number, b: number, c: number, d: number, e: number) => void;
 export const seed_hash_truncated: (a: number, b: number, c: number) => void;

package/dist/node-inline/README.md

@@ -89,7 +89,7 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
 | `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 

package/dist/node-inline/rolly_wasm_signer.d.ts

@@ -22,7 +22,7 @@ export function compute_address_hash(address_hex: string): BigUint64Array;
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -86,6 +86,41 @@ export function goldilocks_modulus(): bigint;
  */
 export function goldilocks_reduce(value: bigint): bigint;
 
+/**
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
+ *
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
+ *
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
+ *
+ * ```js
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
+ * ```
+ */
+export function hash_balance_leaf(raw: BigUint64Array): BigUint64Array;
+
+/**
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
+ *
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
+ *
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
+ *
+ * ```js
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
+ * ```
+ */
+export function make_main_leaf(balance_hash: BigUint64Array, pk_hash: BigUint64Array, address_hash: BigUint64Array): BigUint64Array;
+
 /**
  * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
@@ -113,13 +148,15 @@ export function poseidon2_hash(input: BigUint64Array): BigUint64Array;
 export function poseidon2_two_to_one(left: BigUint64Array, right: BigUint64Array): BigUint64Array;
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  */
 export function seed_hash_truncated(server_seed: BigUint64Array): BigUint64Array;