@rolly-dev/wasm-signer 0.13.1 → 1.1.0

package/dist/web/README.md

@@ -89,7 +89,7 @@ poseidon2_hash(BigUint64Array.from([1n]));
 | `derive_session_key`       | `Uint8Array(32)`               | `BigUint64Array(4)` | MetaMask sig → session key                   |
 | `session_public_key`       | `(BigUint64Array(4), bigint)` | `BigUint64Array(4)` | pk_hash = Poseidon2(session_key, expiry)       |
 | `compute_server_seed_hash` | `BigUint64Array(8)`            | `BigUint64Array(4)` | Full hash of server seed                     |
-| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(2)` | First 2 elements (circuit leaf format)       |
+| `seed_hash_truncated`      | `BigUint64Array(8)`            | `BigUint64Array(3)` | First 3 elements (circuit leaf format, 192-bit commitment) |
 | `goldilocks_modulus`       | —                              | `bigint`          | Returns p = 2^64 - 2^32 + 1                   |
 | `goldilocks_reduce`        | `bigint`                       | `bigint`          | Reduce mod p                                   |
 
@@ -107,6 +107,42 @@ module.exports = { experiments: { asyncWebAssembly: true } };
 
 **Next.js** — conditional exports auto-resolve: Node.js entry on server, browser entry on client.
 
+## Dice — range constraints
+
+Roll number: `[0, 999]` (TOTAL_RANGE = 1000).
+win_numbers (wn): `[1, 950]` (MIN_RANGE..=MAX_RANGE).
+
+### prediction_range constraints per mode
+
+| Mode  | wn formula                                     | prediction\[0\] | prediction\[1\] | wn range   |
+|-------|-------------------------------------------------|-----------------|-----------------|------------|
+| Under | `prediction[0]`                                 | `[1, 950]`      | unused (0)      | `[1, 950]` |
+| Over  | `999 − prediction[0]`                           | `[49, 998]`     | unused (0)      | `[1, 950]` |
+| In    | `prediction[1] − prediction[0] + 1`             | `[0, 999]`      | `[0, 999]`      | `[1, 950]` |
+| Out   | `1000 − (prediction[1] − prediction[0] + 1)`    | `[0, 999]`      | `[0, 999]`      | `[1, 950]` |
+
+**Under** — `prediction[0]` ∈ `[1, 950]` (= wn directly). Win: `roll < prediction[0]`.
+
+**Over** — `prediction[0]` ∈ `[49, 998]` (lower: `999 − 950 = 49`, upper: `999 − 1 = 998`). Win: `roll > prediction[0]`.
+
+**In** — `prediction[0] <= prediction[1]`, span ∈ `[1, 950]`. Win: `prediction[0] <= roll <= prediction[1]`.
+
+**Out** — `prediction[0] <= prediction[1]`, inner span ∈ `[50, 999]` (wn = `1000 − inner` ∈ `[1, 950]`). Win: `roll < prediction[0] || roll > prediction[1]`.
+
+### Multiplier
+
+`multiplier = floor(9_900_000 / wn)` (scaled ×10000).
+
+| wn  | multiplier | display   |
+|-----|-----------|-----------|
+| 1   | 9_900_000 | 990.0000x |
+| 500 | 19_800    | 1.9800x   |
+| 950 | 10_421    | 1.0421x   |
+
+### RTP
+
+Theoretical: **98.998%** (floor-division costs ~0.002%). House edge: **~1.002%**. Max win cap: 10,000 USDT (business rule, not formula).
+
 ## License
 
 MIT

package/dist/web/rolly_wasm_signer.d.ts

@@ -18,11 +18,38 @@ export function amount_split(amount: bigint): Uint32Array;
  */
 export function compute_address_hash(address_hex: string): BigUint64Array;
 
+/**
+ * Compute dice multiplier × 10000 from win_numbers count.
+ *
+ * Formula: `9_900_000 / win_numbers` (integer division = floor).
+ * `win_numbers` must be in [1, 950].
+ */
+export function compute_multi_dice(win_numbers: number): bigint;
+
+/**
+ * Full dice payout computation — pure integer arithmetic, zero floats.
+ *
+ * `random`: 4 Goldilocks field elements (Poseidon2 output).
+ * `bet_atomic`: bet in atomic units (1 USDT = 1_000_000).
+ * `game_mode`: 0=Under, 1=Over, 2=In, 3=Out.
+ * `prediction_lo` / `prediction_hi`: prediction range bounds (0..999).
+ *
+ * Returns `BigUint64Array[4]`: `[win_amount, roll_number, is_win (0|1), multiplier×10000]`.
+ */
+export function compute_payout_dice(random: BigUint64Array, bet_atomic: bigint, game_mode: number, prediction_lo: number, prediction_hi: number): BigUint64Array;
+
+/**
+ * Extract dice roll number [0, 1000) from Poseidon2 random output.
+ *
+ * `random` must be exactly 4 elements. Returns `random[0] % 1000`.
+ */
+export function compute_roll_dice(random: BigUint64Array): number;
+
 /**
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -86,6 +113,41 @@ export function goldilocks_modulus(): bigint;
  */
 export function goldilocks_reduce(value: bigint): bigint;
 
+/**
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
+ *
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
+ *
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
+ *
+ * ```js
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
+ * ```
+ */
+export function hash_balance_leaf(raw: BigUint64Array): BigUint64Array;
+
+/**
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
+ *
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
+ *
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
+ *
+ * ```js
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
+ * ```
+ */
+export function make_main_leaf(balance_hash: BigUint64Array, pk_hash: BigUint64Array, address_hash: BigUint64Array): BigUint64Array;
+
 /**
  * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
@@ -113,13 +175,15 @@ export function poseidon2_hash(input: BigUint64Array): BigUint64Array;
 export function poseidon2_two_to_one(left: BigUint64Array, right: BigUint64Array): BigUint64Array;
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  */
 export function seed_hash_truncated(server_seed: BigUint64Array): BigUint64Array;
 
@@ -169,11 +233,16 @@ export interface InitOutput {
     readonly memory: WebAssembly.Memory;
     readonly amount_split: (a: number, b: bigint) => void;
     readonly compute_address_hash: (a: number, b: number, c: number) => void;
+    readonly compute_multi_dice: (a: number) => bigint;
+    readonly compute_payout_dice: (a: number, b: number, c: number, d: bigint, e: number, f: number, g: number) => void;
+    readonly compute_roll_dice: (a: number, b: number) => number;
     readonly compute_server_seed_hash: (a: number, b: number, c: number) => void;
     readonly derive_session_key: (a: number, b: number, c: number) => void;
     readonly generate_user_seed: (a: number) => void;
     readonly goldilocks_fields_to_hex: (a: number, b: number, c: number) => void;
     readonly goldilocks_reduce: (a: bigint) => bigint;
+    readonly hash_balance_leaf: (a: number, b: number, c: number) => void;
+    readonly make_main_leaf: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
     readonly poseidon2_hash: (a: number, b: number, c: number) => void;
     readonly poseidon2_two_to_one: (a: number, b: number, c: number, d: number, e: number) => void;
     readonly seed_hash_truncated: (a: number, b: number, c: number) => void;

package/dist/web/rolly_wasm_signer.js

@@ -47,11 +47,70 @@ export function compute_address_hash(address_hex) {
     }
 }
 
+/**
+ * Compute dice multiplier × 10000 from win_numbers count.
+ *
+ * Formula: `9_900_000 / win_numbers` (integer division = floor).
+ * `win_numbers` must be in [1, 950].
+ * @param {number} win_numbers
+ * @returns {bigint}
+ */
+export function compute_multi_dice(win_numbers) {
+    const ret = wasm.compute_multi_dice(win_numbers);
+    return BigInt.asUintN(64, ret);
+}
+
+/**
+ * Full dice payout computation — pure integer arithmetic, zero floats.
+ *
+ * `random`: 4 Goldilocks field elements (Poseidon2 output).
+ * `bet_atomic`: bet in atomic units (1 USDT = 1_000_000).
+ * `game_mode`: 0=Under, 1=Over, 2=In, 3=Out.
+ * `prediction_lo` / `prediction_hi`: prediction range bounds (0..999).
+ *
+ * Returns `BigUint64Array[4]`: `[win_amount, roll_number, is_win (0|1), multiplier×10000]`.
+ * @param {BigUint64Array} random
+ * @param {bigint} bet_atomic
+ * @param {number} game_mode
+ * @param {number} prediction_lo
+ * @param {number} prediction_hi
+ * @returns {BigUint64Array}
+ */
+export function compute_payout_dice(random, bet_atomic, game_mode, prediction_lo, prediction_hi) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray64ToWasm0(random, wasm.__wbindgen_export3);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.compute_payout_dice(retptr, ptr0, len0, bet_atomic, game_mode, prediction_lo, prediction_hi);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var v2 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v2;
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+
+/**
+ * Extract dice roll number [0, 1000) from Poseidon2 random output.
+ *
+ * `random` must be exactly 4 elements. Returns `random[0] % 1000`.
+ * @param {BigUint64Array} random
+ * @returns {number}
+ */
+export function compute_roll_dice(random) {
+    const ptr0 = passArray64ToWasm0(random, wasm.__wbindgen_export3);
+    const len0 = WASM_VECTOR_LEN;
+    const ret = wasm.compute_roll_dice(ptr0, len0);
+    return ret >>> 0;
+}
+
 /**
  * Full Poseidon2 hash of an 8-element server seed.
  *
  * Returns all 4 hash elements.  Note: the circuit stores only the
- * **first 2 elements** as the leaf commitment (see `seed_hash_truncated`).
+ * **first 3 elements** as the leaf commitment (see `seed_hash_truncated`).
  * This full variant is useful for client-side verification where all
  * 4 elements may be needed.
  *
@@ -191,6 +250,79 @@ export function goldilocks_reduce(value) {
     return BigInt.asUintN(64, ret);
 }
 
+/**
+ * Hash a raw 7-element balance leaf → 4-element Merkle node.
+ *
+ * Raw layout: `[balance_lo, balance_hi, seed_hash_0, seed_hash_1, seed_hash_2, credit_lo, credit_hi]`
+ *
+ * Identical to `hash_balance_leaf` in `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * **Input** : `BigUint64Array` of exactly 7 elements (each < `GOLDILOCKS_P`).
+ * **Output**: `BigUint64Array` of length 4 (one `HashOut`).
+ *
+ * ```js
+ * const raw = BigUint64Array.from([balLo, balHi, seed0, seed1, seed2, credLo, credHi]);
+ * const balanceHash = hash_balance_leaf(raw);  // length 4
+ * ```
+ * @param {BigUint64Array} raw
+ * @returns {BigUint64Array}
+ */
+export function hash_balance_leaf(raw) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray64ToWasm0(raw, wasm.__wbindgen_export3);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.hash_balance_leaf(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var v2 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v2;
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+
+/**
+ * Build a main Merkle tree leaf from balance_hash, pk_hash, and address_hash.
+ *
+ * `main_leaf = Poseidon2(balance_hash[4] || pk_hash[0..2] || address_hash[0..2])`
+ *
+ * Uses truncated (128-bit) pk/address hashes to keep the preimage at 8 elements
+ * (single Poseidon2 permutation round). Identical to `make_main_leaf` in
+ * `prover/circuit/src/helpers/leaf_ops.rs`.
+ *
+ * All three inputs must be exactly 4 elements.
+ * **Output**: `BigUint64Array` of length 4 (the Merkle leaf hash).
+ *
+ * ```js
+ * const leaf = make_main_leaf(balanceHash, pkHash, addressHash);
+ * ```
+ * @param {BigUint64Array} balance_hash
+ * @param {BigUint64Array} pk_hash
+ * @param {BigUint64Array} address_hash
+ * @returns {BigUint64Array}
+ */
+export function make_main_leaf(balance_hash, pk_hash, address_hash) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passArray64ToWasm0(balance_hash, wasm.__wbindgen_export3);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passArray64ToWasm0(pk_hash, wasm.__wbindgen_export3);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passArray64ToWasm0(address_hash, wasm.__wbindgen_export3);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.make_main_leaf(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var v4 = getArrayU64FromWasm0(r0, r1).slice();
+        wasm.__wbindgen_export2(r0, r1 * 8, 8);
+        return v4;
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+
 /**
  * Poseidon2 hash of an arbitrary number of Goldilocks field elements.
  *
@@ -253,13 +385,15 @@ export function poseidon2_two_to_one(left, right) {
 }
 
 /**
- * Truncated seed hash — first 2 elements of `Poseidon2(server_seed)`.
+ * Truncated seed hash — first 3 elements of `Poseidon2(server_seed)`.
  *
+ * 192 bits of commitment → ~96-bit collision resistance, which closes the
+ * multi-preimage grinding vector that an earlier 128-bit truncation left open.
  * This is the exact format stored in the Merkle-tree leaf and verified
  * by the circuit.  Matches `seed_hash_truncated` in
- * `src/block_builder/builder.rs` and `src/circuit/main_circuit.rs`.
+ * `src/block_builder/builder.rs` and `src/circuit/slot/fairness.rs`.
  *
- * Returns `BigUint64Array` of length 2: `[h[0], h[1]]`.
+ * Returns `BigUint64Array` of length 3: `[h[0], h[1], h[2]]`.
  * @param {BigUint64Array} server_seed
  * @returns {BigUint64Array}
  */

package/dist/web/rolly_wasm_signer_bg.wasm.d.ts

@@ -3,11 +3,16 @@
 export const memory: WebAssembly.Memory;
 export const amount_split: (a: number, b: bigint) => void;
 export const compute_address_hash: (a: number, b: number, c: number) => void;
+export const compute_multi_dice: (a: number) => bigint;
+export const compute_payout_dice: (a: number, b: number, c: number, d: bigint, e: number, f: number, g: number) => void;
+export const compute_roll_dice: (a: number, b: number) => number;
 export const compute_server_seed_hash: (a: number, b: number, c: number) => void;
 export const derive_session_key: (a: number, b: number, c: number) => void;
 export const generate_user_seed: (a: number) => void;
 export const goldilocks_fields_to_hex: (a: number, b: number, c: number) => void;
 export const goldilocks_reduce: (a: bigint) => bigint;
+export const hash_balance_leaf: (a: number, b: number, c: number) => void;
+export const make_main_leaf: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => void;
 export const poseidon2_hash: (a: number, b: number, c: number) => void;
 export const poseidon2_two_to_one: (a: number, b: number, c: number, d: number, e: number) => void;
 export const seed_hash_truncated: (a: number, b: number, c: number) => void;

package/js/browser.d.mts

@@ -13,6 +13,11 @@ export {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } from '../dist/web/rolly_wasm_signer.js';
 
 export { default as init } from '../dist/web/rolly_wasm_signer.js';

package/js/browser.mjs

@@ -15,4 +15,9 @@ export {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } from '../dist/web/rolly_wasm_signer.js';

package/js/index.d.ts

@@ -13,4 +13,9 @@ export {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } from '../dist/node-inline/rolly_wasm_signer.js';

package/js/node-inline.cjs

@@ -17,4 +17,9 @@ module.exports = {
   goldilocks_reduce:        wasm.goldilocks_reduce,
   amount_split:             wasm.amount_split,
   compute_address_hash:     wasm.compute_address_hash,
+  hash_balance_leaf:        wasm.hash_balance_leaf,
+  make_main_leaf:           wasm.make_main_leaf,
+  compute_payout_dice:      wasm.compute_payout_dice,
+  compute_roll_dice:        wasm.compute_roll_dice,
+  compute_multi_dice:       wasm.compute_multi_dice,
 };

package/js/node-inline.mjs

@@ -13,4 +13,9 @@ export {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } from '../dist/node-inline/rolly_wasm_signer.mjs';

package/js/node.cjs

@@ -17,4 +17,9 @@ module.exports = {
   goldilocks_reduce:        wasm.goldilocks_reduce,
   amount_split:             wasm.amount_split,
   compute_address_hash:     wasm.compute_address_hash,
+  hash_balance_leaf:        wasm.hash_balance_leaf,
+  make_main_leaf:           wasm.make_main_leaf,
+  compute_payout_dice:      wasm.compute_payout_dice,
+  compute_roll_dice:        wasm.compute_roll_dice,
+  compute_multi_dice:       wasm.compute_multi_dice,
 };

package/js/node.mjs

@@ -18,4 +18,9 @@ export const {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } = wasm;

package/js/react.d.mts

@@ -15,6 +15,11 @@ export interface RollyWasmResult {
   goldilocks_reduce:        (value: bigint) => bigint;
   amount_split:             (amount: bigint) => Uint32Array;
   compute_address_hash:     (address_hex: string) => BigUint64Array;
+  hash_balance_leaf:        (raw: BigUint64Array) => BigUint64Array;
+  make_main_leaf:           (balance_hash: BigUint64Array, pk_hash: BigUint64Array, address_hash: BigUint64Array) => BigUint64Array;
+  compute_payout_dice:      (random: BigUint64Array, bet_atomic: bigint, game_mode: number, prediction_lo: number, prediction_hi: number) => BigUint64Array;
+  compute_roll_dice:        (random: BigUint64Array) => number;
+  compute_multi_dice:       (win_numbers: number) => bigint;
 }
 
 export function useRollyWasm(): RollyWasmResult;

package/js/react.mjs

@@ -14,6 +14,11 @@ import init, {
   goldilocks_reduce,
   amount_split,
   compute_address_hash,
+  hash_balance_leaf,
+  make_main_leaf,
+  compute_payout_dice,
+  compute_roll_dice,
+  compute_multi_dice,
 } from '../dist/web/rolly_wasm_signer.js';
 
 let _ready = false;
@@ -41,6 +46,11 @@ const fns = {
   goldilocks_reduce:        guard(goldilocks_reduce),
   amount_split:             guard(amount_split),
   compute_address_hash:     guard(compute_address_hash),
+  hash_balance_leaf:        guard(hash_balance_leaf),
+  make_main_leaf:           guard(make_main_leaf),
+  compute_payout_dice:      guard(compute_payout_dice),
+  compute_roll_dice:        guard(compute_roll_dice),
+  compute_multi_dice:       guard(compute_multi_dice),
 };
 
 /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rolly-dev/wasm-signer",
-  "version": "0.13.1",
+  "version": "1.1.0",
   "description": "Poseidon2 hashing & bet signing for Rolly ZK-Rollup (WASM, Goldilocks field)",
   "type": "module",
   "exports": {