@silencelaboratories/walletprovider-sdk 0.2.0 → 1.3.0

package/README.md

@@ -1,105 +1,103 @@
 # walletprovider-sdk
 
-The frontend library for Silent Network.
-
-# Demo
-
-Under the [demo](./demo) directory we provide the sample webpage that shows example usage of the library.
-In order to run it execute the following:
-
-1. Build the library
-
-```
-npm install
-npm run build
-```
-
-2. Run the demo
-
-```
-cd demo
-npm install
-npm run dev
+The client library for Silent Network Wallet Provider Service.
+
+- [Installing](#installing)
+- [Quick start](#quick-start)
+- [Documentation](#documentation)
+- [Features](#features)
+  - [Overview](#overview)
+  - [Authentication](#authentication)
+  - [Keygen](#keygen)
+  - [Signing](#signing)
+- [Development](#development)
+  - [Build the library](#build-the-library)
+  - [End to end tests](#end-to-end-tests)
+  - [Generate the documentation](#generate-the-documentation)
+  - [Lint the code](#lint-the-code)
+
+# Installing
+
+```sh
+npm i @silencelaboratories/walletprovider-sdk
 ```
 
-The demo fetches configuration from the `.env` file. We provided example `.env` [here](./demo/.env).
+# Quick start
 
-The demo communicates with [backend service](#the-backend). Run it before using the demo page.
+Check the [demo](./demo/README.md) for a quick start guide.
 
-# Using the library
+# Documentation
 
-The library is published on [npmjs](https://www.npmjs.com/package/@silencelaboratories/walletprovider-sdk) registry.
+For description of classes, interfaces, types, please refer to [documentation](./docs/walletprovider-sdk.md).
 
-Install it in your project as usual:
+# Features
 
-```
-npm i @silencelaboratories/walletprovider-sdk
-```
-
-## The backend
+- Authentication
+- Keygen
+- Signing
 
-The library communicates with backend service. The example implementation of such service is accessible [here](https://shipyard.rs/silencelaboratories/crates/wallet-provider-service). Please refer to backend documentation in order to run the service.
+## Overview
 
-Frontend uses [WalletProviderServiceClient](./docs/walletprovider-sdk.walletproviderserviceclient.md) object in order to connect to the backend and send requests.
+The library provides API to authenticate, generate keys, and sign messages against the Silent Network. Before sending request for a distributed key or signature, users need to be authenticated to the Silent Network.
 
-# Documentation
-
-For description of classes, interfaces, types, please refer to [documentation](./docs/walletprovider-sdk.md).
+Once authenticated, users register an ephemeral signing key pair and associate it with their identity. The ephemeral signing keys can later be used to authorize signing requests for duration of the session without the need for repeated user interaction, providing a seamless and secure authentication mechanism.
 
 ## Authentication
 
+Users authenticate to Silent Network using 2 methods [Wallet-based](./docs/walletprovider-sdk.eoaauth.md) or [Passkey](./docs/walletprovider-sdk.passkeyauth.md).
 
-Users authenticate using **EOA wallet** or **Passkey** during **key generation** and register an ephemeral signing key pair and associates it with their identity.
-
-Frontend can later use the ephemeral signing key pair to authorize **signing requests** for duration of the session without the need for repeated user interaction, providing a seamless and secure authentication mechanism.
+- [Wallet-based](./docs/walletprovider-sdk.eoaauth.md) authenticate users using their digital wallet, it runs at the same time users start doing **keygen**.
 
-Key generation:
-- [EOAAuth](./docs/walletprovider-sdk.eoaauth.md) to authenticate the user **during keygen**. The `EOAAuth` object is created with the user's wallet address.
+- [Passkey](./docs/walletprovider-sdk.passkeyauth.md) has 2 steps: **register** and **login**. The user registers a passkey with the network, then logs in with the passkey while starting the **keygen** process.
 
-- [PasskeyAuth](./docs/walletprovider-sdk.passkeyauth.md) to authenticate the user **during keygen**. The `PasskeyAuth` object is created with the [PasskeyUser](./docs/walletprovider-sdk.passkeyuser.md), [RelyingPartyConfig](./docs/walletprovider-sdk.relyingpartyconfig.md).
 
-- The ephemeral public key and lifetime of the key in seconds will be associated with both `EOAAuth` and `PasskeyAuth` objects.
+The [ephemeral public claim](./docs/walletprovider-sdk.eoaauth.ephclaim.md) will be associated with both [EOAAuth](./docs/walletprovider-sdk.eoaauth.md) and [PasskeyAuth](./docs/walletprovider-sdk.passkeyauth.md) objects.
 
-Signature generation:
-- [EphAuth](./docs/walletprovider-sdk.ephauth.md) to authenticate the user **during signing**. The `EphAuth` object is created with the ephemeral keypair.
+- Users will use [EphAuth](./docs/walletprovider-sdk.ephauth.md) to do non-interactive authenticate **during signing**.
+- The library supports 2 signing algorithms for ephemeral signing keys: `secp256k1, ed25519`
 
 ## Keygen
 
-
-The full working example is in the [demo](https://github.com/silence-laboratories/walletprovider-sdk/blob/a75d7a009fb4d3629d353d53f8c27c34190c9035/demo/src/routes/%2Bpage.svelte#L89).
+The full working example is in the [demo](https://github.com/silence-laboratories/walletprovider-sdk/blob/main/demo/src/routes/%2Bpage.svelte#L172).
 The core object to use is the [NetworkSigner](./docs/walletprovider-sdk.networksigner.md). It allows to generate keys and do signatures. 
 
-In order to create your keys, you need two other components. The [WalletProviderServiceClient](./docs/walletprovider-sdk.walletproviderserviceclient.md) that connects to the Backend part of the SDK, and the **authentication module**. 
+In order to create your keys, you need two other components. The [WalletProviderServiceClient](./docs/walletprovider-sdk.walletproviderserviceclient.md) that connects to the Backend part of the SDK, and the **authenticator module**. 
 
 ### Authenticate with EOA wallet
 We provide EOA authentication via [EOAAuth](./docs/walletprovider-sdk.eoaauth.md) module. Let's create the `NetworkSigner` with associated `EOAAuth` object.
 
 ```ts
+const algSign = 'secp256k1'; // Signing algorithms of ephemeral key
 // Generate ephemeral secret key esk
-const sk = ed.utils.randomPrivateKey();
-ephSK = sk;
+const sk = generateEphPrivateKey(algSign);
 // Derive public part epk from esk
-ephPK = await ed.getPublicKeyAsync(sk);
+const ephPK = getEphPublicKey(sk, algSign);
 // Arbitrary ID to identify the ephemeral key
 const ephId = uuidv4();
-// Create a client that connects to the backend service
-const wpClient = await createWalletProviderService(clusterConfig);
+// Create ephemeral key claim instance based on the ephemeral key
+const ephClaim = new EphKeyClaim(
+  ephId,
+  ephPK,
+  algSign,
+  // Lifetime of one hour
+  60 * 60,
+);
 
 // Create EOA authenticator, signature will include epk
 const eoaAuth = new EOAAuth(
-  ephId,
   accountsFromBrowserWallet[0],
   new BrowserWallet(),
-  ephPK,
-  // Lifetime of one hour
-  60 * 60,
+  ephClaim
 );
 
+// Create a client that connects to the backend service
+const wpClient = await createWalletProviderService(clusterConfig);
+
 // Create a new signer instance
 const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, eoaAuth);
 ```
 
-Now you can generate a key, using the [authenticateAndCreateKey](./docs/walletprovider-sdk.networksigner.authenticateandcreatekey.md) method. The method accepts optional permissions. No permissions means _allow all operations_.
+Now you can generate a key, using the [generateKey](./docs/walletprovider-sdk.networksigner.generatekey.md) method. The method accepts optional permissions. No permissions means _allow all operations_.
 
 ```ts
 const permissions = {
@@ -118,26 +116,55 @@ const permissions = {
 };
 
 // Generate a new key
-let resp: KeygenResponse = await sdk.authenticateAndCreateKey(JSON.stringify(permissions));
+let resp: KeygenResponse = await sdk.generateKey(JSON.stringify(permissions));
 ```
 
-Calling this method will cause to the Browser Wallet window to pop up, requesting the User to sign the request.
+Calling this method will cause to the Digital Wallet window to pop up, requesting the User to sign the request.
 
 The returned [KeygenResponse](./docs/walletprovider-sdk.keygenresponse.md) contains `keyId` and `publicKey`. The `publicKey` is the public part of the key generated by Silent Network. Use the `keyId` in subsequent calls to sign.
 
-The `esk` key can be later used by the frontend in subsequent signgen requests for authenticating.
+The ephemeral `sk` key can be later used in subsequent signgen requests for authenticating.
 
 ### Authenticate with Passkey
-We provide Passkey authentication via [PasskeyAuth](./docs/walletprovider-sdk.passkeyauth.md) module. Let's create the `NetworkSigner` with associated `PasskeyAuth` object.
+First, we need to register user passkey to the network. We provide Passkey register via [PasskeyRegister](./docs/walletprovider-sdk.passkeyregister.md) module.
+```ts
+const wpClient = await createWalletProviderService(clusterConfig);
+const rpConfig: RelyingPartyConfig = {
+  rpId: 'localhost',
+  rpName: 'http://localhost:5173',
+};
+const userId = uuidv4();
+const passkeyUser = {
+  id: userId,
+  displayName: 'Alice',
+  name: 'alice@gmail.com ' + userId, // For development purposes
+};
+
+const passkeyAuth = new PasskeyRegister(rpConfig, passkeyUser);
+// Create a new signer instance
+const sdk = new NetworkSigner(wpClient, +threshold, +partiesNumber, passkeyAuth);
+
+// Register a new passkey
+let resp: RegisterPasskeyResponse = await sdk.registerPasskey();
+```
+
+We provide Passkey login authentication via [PasskeyAuth](./docs/walletprovider-sdk.passkeyauth.md) module. Let's create the `NetworkSigner` with associated `PasskeyAuth` object.
 
 ```ts
+const algSign = 'secp256k1'; // Signing algorithms of ephemeral key
 // Generate ephemeral secret key esk
-const sk = ed.utils.randomPrivateKey();
-ephSK = sk;
+const sk = generateEphPrivateKey(algSign);
 // Derive public part epk from esk
-ephPK = await ed.getPublicKeyAsync(sk);
+const ephPK = getEphPublicKey(sk, algSign);
 // Arbitrary ID to identify the ephemeral key
 const ephId = uuidv4();
+// Create ephemeral key claim instance based on the ephemeral key
+const ephClaim = new EphKeyClaim(
+  ephId,
+  ephPK,
+  // Lifetime of one hour
+  60 * 60,
+);
 // Create a client that connects to the backend service
 const wpClient = await createWalletProviderService(clusterConfig);
 // Here we configure the relying party for local development
@@ -145,50 +172,40 @@ const rpConfig: RelyingPartyConfig = {
   rpId: 'localhost',
   rpName: 'http://localhost:5173',
 };
-// Information about the owner of the passkey 
-const passkeyUser: PasskeyUser = {
-  id: userId,
-  displayName: 'Alice',
-  name: 'alice@gmail.com ' + userId, // For development purposes
-};
 
 // Get passkey credential id from your storage
 const credentialId = getPasskeyCredentialId();
-// Create EOA authenticator, signature will include epk
+// Create Passkey authenticator, signature will include epk
 const passkeyAuth = new PasskeyAuth(
   rpConfig,
-  passkeyUser,
-  ephId,
-  ephPK,
-  // Lifetime of one hour
-  60 * 60,
-  // If credentialId is null, we will do passkey register, otherwise, we will do passkey auth/login
+  // We will do passkey auth/login with the provided credentialId
   credentialId,
+  ephClaim,
 );
 
 // Create a new signer instance
 const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, passkeyAuth);
 ```
 
-Now you can generate a key like in the EOA example by calling the [authenticateAndCreateKey](./docs/walletprovider-sdk.networksigner.authenticateandcreatekey.md) method. 
+Now you can generate a key like in the EOA example by calling the [generateKey](./docs/walletprovider-sdk.networksigner.generatekey.md) method. 
 
-Calling this method will prompt the browser to request Passkey User Verification. Once user verification is done, the [KeygenResponse](./docs/walletprovider-sdk.keygenresponse.md) is returned.
+Calling this method will prompt the device to request [Passkey User Verification](https://web.dev/articles/webauthn-user-verification). Once user verification is done, the [KeygenResponse](./docs/walletprovider-sdk.keygenresponse.md) is returned.
 
-The `esk` key can be later used by the frontend in subsequent signgen requests for authenticating.
+The `sk` key can be later used in subsequent signgen requests.
 
 ## Signing
 
-The full signing example is [here](https://github.com/silence-laboratories/walletprovider-sdk/blob/a75d7a009fb4d3629d353d53f8c27c34190c9035/demo/src/routes/%2Bpage.svelte#L170).
+The full signing example is [here](https://github.com/silence-laboratories/walletprovider-sdk/blob/main/demo/src/routes/%2Bpage.svelte#L228).
 
-Let's create NetworkSigner for signing. Note the `EphAuth` is used to avoid user interaction when generating the signatures.
+The workflow is similar to the keygen process. The core objects to use are the [NetworkSigner](./docs/walletprovider-sdk.networksigner.md), WalletProviderServiceClient, and the [ephemeral authenticator module](./docs/walletprovider-sdk.ephauth.md).
 ```ts
-const authModule = new EphAuth(ephId, ephSK);
+const authModule = new EphAuth(selectedEphId, ephSK, selectedEphSignAlg);
 // Create a new signer instance
 const sdk = new NetworkSigner(wpClient, threshold, partiesNumber, authModule);
 ```
 
 
-Use the [NetworkSigner.authenticateAndSign](./docs/walletprovider-sdk.networksigner.authenticateandsign.md) method in order to generate a signature.
+Use the [NetworkSigner.signMessage](./docs/walletprovider-sdk.networksigner.signMessage.md) method in order to generate a signature.
 
 ```ts
 let signMessage = JSON.stringify({
@@ -212,21 +229,17 @@ let signMessage = JSON.stringify({
     requestType: 'accountAbstractionTx',
   });
 
-let resp = await sdk.authenticateAndSign(selectedKeyId, signMessage);
+let resp = await sdk.signMessage(selectedKeyId, signMessage);
 ```
 
 The [SignResponse](./docs/walletprovider-sdk.signresponse.md) contains the signature `sign` and the recovery ID `recid`.
 
+# Development
 
-## Install dependencies
-
-```bash
-npm install
-```
-
-## Build
+## Build the library
 
 ```bash
+npm i
 npm run build
 ```
 
@@ -235,14 +248,14 @@ The output will be in the `dist` folder.
 ## End to end tests
 Please refer to [README.md](./e2e-tests/README.md) for instructions how to execute them.
 
-## Format the code
+## Generate the documentation
 
 ```bash
-npm run format
+npm run docs
 ```
 
-## Generate the documentation
+## Lint the code
 
 ```bash
-npm run docs
+./local_ci.sh
 ```

package/dist/EOAauthentication.d.ts

@@ -1,9 +1,10 @@
 /** Externally Owned Account (EOA) atuhentication. Uses secret key stored on a wallet to sign requests.
  * The requests are presented to the user in a readable form by using TypedData (EIP712).
  */
-import { KeygenSetupOpts } from './networkSigner';
+import { MetadataSetupOpts, KeygenSetupOpts } from './setupMessage';
 import { type UserAuthentication } from './authentication';
 import { type TypedDataDomain } from 'viem';
+import { EphKeyClaim } from './ephemeralAuthentication';
 export type FieldDefinition = {
     name: string;
     type: string;
@@ -44,15 +45,23 @@ export interface IBrowserWallet {
      */
     signTypedData<T>(from: string, request: TypedData<T>): Promise<unknown>;
 }
+type RequestToSign<T> = {
+    setup: T;
+    challenge: string;
+};
+export declare const EIP712SilentShardAuthenticationDomain: {
+    name: string;
+    version: string;
+};
+export declare function createTypedRequest(setup: KeygenSetupOpts | MetadataSetupOpts, aggregated_challenge: string, ephClaim: EphKeyClaim): TypedData<RequestToSign<KeygenSetupOpts | MetadataSetupOpts>>;
 /** Present the request to the User using wallet UI, and ask for sign.
  * The signature is the authorization for keygen operation
  */
-export declare function authenticateUsingEOA({ setup, ephId, eoa, challenge, browserWallet, ephPK, lifetime, }: {
-    setup: KeygenSetupOpts;
-    ephId: string;
+export declare function authenticateUsingEOA({ setup, eoa, challenge, browserWallet, ephClaim, }: {
+    setup: KeygenSetupOpts | MetadataSetupOpts;
     eoa: string;
     challenge: string;
     browserWallet: IBrowserWallet;
-    ephPK: Uint8Array;
-    lifetime: number;
+    ephClaim: EphKeyClaim;
 }): Promise<UserAuthentication>;
+export {};

package/dist/authentication.d.ts

@@ -1,41 +1,46 @@
-import { KeygenSetupOpts, SignSetupOpts } from './networkSigner';
+import { MetadataSetupOpts, KeygenSetupOpts, SignSetupOpts } from './setupMessage';
 import { IBrowserWallet } from './EOAauthentication';
 import { PasskeyUser, RelyingPartyConfig } from './passkeyAuthentication';
+import { EphKeyClaim, SignAlgorithm } from './ephemeralAuthentication';
 /** Type of the request authentication
  * @alpha
  */
 export type UserCredentials = {
     id: string;
-    method: string;
+    method: 'eoa' | 'ephemeral' | 'passkey';
     credentials: string;
-    ephId?: string;
 };
 export type UserAuthentication = {
     credentials: UserCredentials;
     signature: string;
-    passkeyCredentialId?: string;
 };
 export interface AuthModule {
     authenticate({ setup, challenge, }: {
-        setup: KeygenSetupOpts | SignSetupOpts;
+        setup: KeygenSetupOpts | SignSetupOpts | MetadataSetupOpts;
         challenge: string;
     }): Promise<UserAuthentication>;
 }
+export interface DkgAuthModule extends AuthModule {
+    get ephClaim(): EphKeyClaim;
+}
 /** The `EOAAuth` implementing Externally Owned Account authentication.
  * @alpha
  */
-export declare class EOAAuth implements AuthModule {
-    /** Ephemeral id identify ephemeral key */
-    ephId: string;
+export declare class EOAAuth implements DkgAuthModule {
     /** An interface to the wallet, like MetaMask, that is used to sign the requests */
-    browserWallet: IBrowserWallet;
-    /** Public key of the ephemeral key */
-    ephPK: Uint8Array;
-    /** Lifetime of the ephemeral key */
-    lifetime: number;
+    private browserWallet;
     /** the ETH address that is used to do EOA authentication */
-    eoa: string;
-    constructor(ephId: string, eoa: string, browserWallet: IBrowserWallet, ephPK: Uint8Array, lifetime?: number);
+    private eoa;
+    /** Ephemeral key claim */
+    ephClaim: EphKeyClaim;
+    /**
+     *
+     * @param eoa - Ethereum address
+     * @param browserWallet - Interface to the wallet provider, like MetaMask, that is used to sign the requests
+     * @param ephClaim - EphKeyClaim instance
+     */
+    constructor(eoa: string, browserWallet: IBrowserWallet, ephClaim: EphKeyClaim);
+    private validateInputs;
     /**
      * Prepares a message to present on the Browser Wallet window and requests to sign it.
      * @param setup - Keygen setup options
@@ -43,8 +48,8 @@ export declare class EOAAuth implements AuthModule {
      *
      * @public
      */
-    authenticate({ setup, challenge }: {
-        setup: KeygenSetupOpts;
+    authenticate({ setup, challenge, }: {
+        setup: KeygenSetupOpts | MetadataSetupOpts;
         challenge: string;
     }): Promise<UserAuthentication>;
 }
@@ -55,13 +60,17 @@ export declare class EOAAuth implements AuthModule {
  * asking the user to sign the request each time.
  * */
 export declare class EphAuth implements AuthModule {
-    /** Ephemeral id identify ephemeral key */
-    ephId: string;
     /** Secret key of the ephemeral keypair */
-    ephSK: Uint8Array;
-    /** Public key of the ephemeral keypair */
-    ephPK: Uint8Array;
-    constructor(ephId: string, ephSK: Uint8Array);
+    private ephSK;
+    /** Ephemeral key claim */
+    private ephClaim;
+    /**
+     *
+     * @param ephId - Ephemeral key ID
+     * @param ephSK - Ephemeral secret key
+     * @param signAlg - Signature algorithm
+     */
+    constructor(ephId: string, ephSK: Uint8Array, signAlg: SignAlgorithm);
     /**
      * Prepares a message to present on the Browser Wallet window and requests to sign it.
      * @param setup - Signgen setup options
@@ -69,30 +78,49 @@ export declare class EphAuth implements AuthModule {
      *
      * @public
      */
-    authenticate({ setup, challenge }: {
-        setup: SignSetupOpts;
+    authenticate({ setup, challenge, }: {
+        setup: SignSetupOpts | MetadataSetupOpts;
         challenge: string;
     }): Promise<UserAuthentication>;
 }
 /** The `AuthModule` implementing Passkey authentication.
  * @alpha
  */
-export declare class PasskeyAuth implements AuthModule {
+export declare class PasskeyAuth implements DkgAuthModule {
     /** Replying party object. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp */
-    rpConfig: RelyingPartyConfig;
-    /** Passkey user information. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#user */
-    user: PasskeyUser;
-    /** Public key of the ephemeral key */
-    ephPK: Uint8Array;
-    /** Lifetime of the ephemeral key */
-    lifetime: number;
-    /** Ephemeral id identify ephemeral key */
-    ephId: string;
-    /** Credential id that user and authenticator acknowledges about */
-    credentialId: string | null;
-    constructor(rpConfig: RelyingPartyConfig, user: PasskeyUser, ephId: string, ephPK: Uint8Array, lifetime: number | undefined, credentialId: string | null);
-    authenticate({ setup, challenge }: {
-        setup: KeygenSetupOpts;
+    private rpConfig;
+    /** ID of the acceptable credential by user. App proves that user has passkey credential by passing the value of this field */
+    private allowCredentialId;
+    /** Ephemeral key claim */
+    ephClaim: EphKeyClaim;
+    /**
+     *
+     * @param rpConfig - Passkey relying party configuration. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp
+     * @param allowCredentialId - ID of the acceptable credential by user. App proves that user has passkey credential by passing the value of this field
+     * @param ephClaim - EphKeyClaim instance
+     */
+    constructor(rpConfig: RelyingPartyConfig, allowCredentialId: string, ephClaim: EphKeyClaim);
+    authenticate({ setup, challenge, }: {
+        setup: KeygenSetupOpts | MetadataSetupOpts;
+        challenge: string;
+    }): Promise<UserAuthentication>;
+}
+/** The `AuthModule` implementing Passkey register.
+ * @alpha
+ */
+export declare class PasskeyRegister implements AuthModule {
+    /** Replying party object. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp */
+    private rpConfig;
+    /** Passkey user information, only requires while registering. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#user */
+    private user;
+    /**
+     *
+     * @param rpConfig - Passkey relying party configuration. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#rp
+     * @param user - Passkey user information, only requires while registering. Read more: https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialCreationOptions#user
+     */
+    constructor(rpConfig: RelyingPartyConfig, user: PasskeyUser);
+    authenticate({ setup, challenge, }: {
+        setup: MetadataSetupOpts;
         challenge: string;
     }): Promise<UserAuthentication>;
 }

package/dist/encoding.d.ts

@@ -1,3 +1,4 @@
 export declare const decodeBase64: (b64: string) => Uint8Array;
 export declare const encodeBase64: (b: Uint8Array) => string;
 export declare const arrayBufferToBase64Url: (a: ArrayBuffer) => string;
+export declare const calculateFinalChallenge: (setupOpts: string) => string;

package/dist/ephemeralAuthentication.d.ts

@@ -1,16 +1,44 @@
 import { UserAuthentication } from './authentication';
-import { SignSetupOpts } from './networkSigner';
-export type EphClaim = {
+import { SignSetupOpts } from './setupMessage';
+/**
+ * Supported signature algorithms for ephemeral key
+ * @alpha
+ */
+export type SignAlgorithm = 'ed25519' | 'secp256k1';
+/** The `EphKeyClaim` object represents the public claim of the ephemeral key.
+ * @alpha
+ */
+export declare class EphKeyClaim {
+    ephId: string;
     ephPK: string;
+    signAlg: SignAlgorithm;
     expiry: number;
-};
+    /**
+     *
+     * @param ephId - Ephemeral key ID
+     * @param ephPK - Ephemeral public key
+     * @param signAlg - Signature algorithm.
+     * @param lifetime - Lifetime of the ephemeral key. Default is 1 hour
+     */
+    constructor(ephId: string, ephPK: Uint8Array, signAlg: SignAlgorithm, lifetime?: number);
+    private validateInputs;
+    toJSON(): string;
+}
 /** Locally sign the signature requests to network without asking the user, the ephSK is registered during keygen.
  * The signature is the authorization for signgen operation
  */
-export declare function authenticateUsingEphKey({ setup, ephId, challenge, ephSK, ephPK, }: {
+export declare function authenticateUsingEphKey({ setup, challenge, ephSK, ephClaim, }: {
     setup: SignSetupOpts;
-    ephId: string;
     challenge: string;
     ephSK: Uint8Array;
-    ephPK: Uint8Array;
+    ephClaim: EphKeyClaim;
 }): Promise<UserAuthentication>;
+export declare function genHexSignature(msg: Uint8Array, ephSK: Uint8Array, signAlg: SignAlgorithm): Promise<string>;
+/** Generate Ephemeral `privateKey`
+ * @public
+ */
+export declare function generateEphPrivateKey(algSign: SignAlgorithm): Uint8Array;
+/** Derive Ephemeral `publicKey` from `privateKey` returned from `generateEphPrivateKey`
+ * @public
+ */
+export declare function getEphPublicKey(ephSK: Uint8Array, algSign: SignAlgorithm): Uint8Array;