@sip-protocol/sdk 0.2.0 → 0.2.2

package/dist/proofs/noir.mjs

@@ -0,0 +1,790 @@
+import {
+  fulfillment_proof_default,
+  funding_proof_default,
+  validity_proof_default
+} from "../chunk-VITVG25F.mjs";
+import {
+  ProofError,
+  ProofGenerationError
+} from "../chunk-UHZKNGIT.mjs";
+
+// src/proofs/noir.ts
+import { Noir } from "@noir-lang/noir_js";
+import { UltraHonkBackend } from "@aztec/bb.js";
+import { secp256k1 } from "@noble/curves/secp256k1";
+var NoirProofProvider = class {
+  framework = "noir";
+  _isReady = false;
+  config;
+  // Circuit instances
+  fundingNoir = null;
+  fundingBackend = null;
+  validityNoir = null;
+  validityBackend = null;
+  fulfillmentNoir = null;
+  fulfillmentBackend = null;
+  constructor(config = {}) {
+    this.config = {
+      backend: "barretenberg",
+      verbose: false,
+      ...config
+    };
+  }
+  get isReady() {
+    return this._isReady;
+  }
+  /**
+   * Derive secp256k1 public key coordinates from a private key
+   *
+   * Utility method that can be used to generate public key coordinates
+   * for use in ValidityProofParams.senderPublicKey or NoirProviderConfig.oraclePublicKey
+   *
+   * @param privateKey - 32-byte private key
+   * @returns X and Y coordinates as 32-byte arrays
+   *
+   * @example
+   * ```typescript
+   * const privateKey = new Uint8Array(32).fill(1) // Your secret key
+   * const publicKey = NoirProofProvider.derivePublicKey(privateKey)
+   *
+   * // Use for oracle configuration
+   * const provider = new NoirProofProvider({
+   *   oraclePublicKey: publicKey
+   * })
+   *
+   * // Or use for validity proof params
+   * const validityParams = {
+   *   // ... other params
+   *   senderPublicKey: {
+   *     x: new Uint8Array(publicKey.x),
+   *     y: new Uint8Array(publicKey.y)
+   *   }
+   * }
+   * ```
+   */
+  static derivePublicKey(privateKey) {
+    const uncompressedPubKey = secp256k1.getPublicKey(privateKey, false);
+    const x = Array.from(uncompressedPubKey.slice(1, 33));
+    const y = Array.from(uncompressedPubKey.slice(33, 65));
+    return { x, y };
+  }
+  /**
+   * Initialize the Noir provider
+   *
+   * Loads circuit artifacts and initializes the proving backend.
+   */
+  async initialize() {
+    if (this._isReady) {
+      return;
+    }
+    try {
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Initializing...");
+      }
+      const fundingCircuit = funding_proof_default;
+      this.fundingBackend = new UltraHonkBackend(fundingCircuit.bytecode);
+      this.fundingNoir = new Noir(fundingCircuit);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Funding circuit loaded");
+        const artifactVersion = funding_proof_default.noir_version;
+        console.log(`[NoirProofProvider] Noir version: ${artifactVersion ?? "unknown"}`);
+      }
+      const validityCircuit = validity_proof_default;
+      this.validityBackend = new UltraHonkBackend(validityCircuit.bytecode);
+      this.validityNoir = new Noir(validityCircuit);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Validity circuit loaded");
+      }
+      const fulfillmentCircuit = fulfillment_proof_default;
+      this.fulfillmentBackend = new UltraHonkBackend(fulfillmentCircuit.bytecode);
+      this.fulfillmentNoir = new Noir(fulfillmentCircuit);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Fulfillment circuit loaded");
+      }
+      this._isReady = true;
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Initialization complete");
+      }
+    } catch (error) {
+      throw new ProofError(
+        `Failed to initialize NoirProofProvider: ${error instanceof Error ? error.message : String(error)}`,
+        "SIP_4003" /* PROOF_NOT_IMPLEMENTED */,
+        { context: { error } }
+      );
+    }
+  }
+  /**
+   * Generate a Funding Proof using Noir circuits
+   *
+   * Proves: balance >= minimumRequired without revealing balance
+   *
+   * @see docs/specs/FUNDING-PROOF.md
+   */
+  async generateFundingProof(params) {
+    this.ensureReady();
+    if (!this.fundingNoir || !this.fundingBackend) {
+      throw new ProofGenerationError(
+        "funding",
+        "Funding circuit not initialized"
+      );
+    }
+    try {
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Generating funding proof...");
+      }
+      const { commitmentHash, blindingField } = await this.computeCommitmentHash(
+        params.balance,
+        params.blindingFactor,
+        params.assetId
+      );
+      const witnessInputs = {
+        // Public inputs
+        commitment_hash: commitmentHash,
+        minimum_required: params.minimumRequired.toString(),
+        asset_id: this.assetIdToField(params.assetId),
+        // Private inputs
+        balance: params.balance.toString(),
+        blinding: blindingField
+      };
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Witness inputs:", {
+          commitment_hash: commitmentHash,
+          minimum_required: params.minimumRequired.toString(),
+          asset_id: this.assetIdToField(params.assetId),
+          balance: "[PRIVATE]",
+          blinding: "[PRIVATE]"
+        });
+      }
+      const { witness } = await this.fundingNoir.execute(witnessInputs);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Witness generated, creating proof...");
+      }
+      const proofData = await this.fundingBackend.generateProof(witness);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Proof generated successfully");
+      }
+      const publicInputs = [
+        `0x${commitmentHash}`,
+        `0x${params.minimumRequired.toString(16).padStart(16, "0")}`,
+        `0x${this.assetIdToField(params.assetId)}`
+      ];
+      const proof = {
+        type: "funding",
+        proof: `0x${Buffer.from(proofData.proof).toString("hex")}`,
+        publicInputs
+      };
+      return {
+        proof,
+        publicInputs
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("Insufficient balance")) {
+        throw new ProofGenerationError(
+          "funding",
+          "Insufficient balance to generate proof",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Commitment hash mismatch")) {
+        throw new ProofGenerationError(
+          "funding",
+          "Commitment hash verification failed",
+          error instanceof Error ? error : void 0
+        );
+      }
+      throw new ProofGenerationError(
+        "funding",
+        `Failed to generate funding proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Generate a Validity Proof using Noir circuits
+   *
+   * Proves: Intent is authorized by sender without revealing identity
+   *
+   * @see docs/specs/VALIDITY-PROOF.md
+   */
+  async generateValidityProof(params) {
+    this.ensureReady();
+    if (!this.validityNoir || !this.validityBackend) {
+      throw new ProofGenerationError(
+        "validity",
+        "Validity circuit not initialized"
+      );
+    }
+    try {
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Generating validity proof...");
+      }
+      const intentHashField = this.hexToField(params.intentHash);
+      const senderAddressField = this.hexToField(params.senderAddress);
+      const senderBlindingField = this.bytesToField(params.senderBlinding);
+      const senderSecretField = this.bytesToField(params.senderSecret);
+      const nonceField = this.bytesToField(params.nonce);
+      const { commitmentX, commitmentY } = await this.computeSenderCommitment(
+        senderAddressField,
+        senderBlindingField
+      );
+      const nullifier = await this.computeNullifier(
+        senderSecretField,
+        intentHashField,
+        nonceField
+      );
+      const signature = Array.from(params.authorizationSignature);
+      const messageHash = this.fieldToBytes32(intentHashField);
+      let pubKeyX;
+      let pubKeyY;
+      if (params.senderPublicKey) {
+        pubKeyX = Array.from(params.senderPublicKey.x);
+        pubKeyY = Array.from(params.senderPublicKey.y);
+      } else {
+        const coords = this.getPublicKeyCoordinates(params.senderSecret);
+        pubKeyX = coords.x;
+        pubKeyY = coords.y;
+      }
+      const witnessInputs = {
+        // Public inputs
+        intent_hash: intentHashField,
+        sender_commitment_x: commitmentX,
+        sender_commitment_y: commitmentY,
+        nullifier,
+        timestamp: params.timestamp.toString(),
+        expiry: params.expiry.toString(),
+        // Private inputs
+        sender_address: senderAddressField,
+        sender_blinding: senderBlindingField,
+        sender_secret: senderSecretField,
+        pub_key_x: pubKeyX,
+        pub_key_y: pubKeyY,
+        signature,
+        message_hash: messageHash,
+        nonce: nonceField
+      };
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Validity witness inputs:", {
+          intent_hash: intentHashField,
+          sender_commitment_x: commitmentX,
+          sender_commitment_y: commitmentY,
+          nullifier,
+          timestamp: params.timestamp,
+          expiry: params.expiry,
+          sender_address: "[PRIVATE]",
+          sender_blinding: "[PRIVATE]",
+          sender_secret: "[PRIVATE]",
+          signature: "[PRIVATE]"
+        });
+      }
+      const { witness } = await this.validityNoir.execute(witnessInputs);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Validity witness generated, creating proof...");
+      }
+      const proofData = await this.validityBackend.generateProof(witness);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Validity proof generated successfully");
+      }
+      const publicInputs = [
+        `0x${intentHashField}`,
+        `0x${commitmentX}`,
+        `0x${commitmentY}`,
+        `0x${nullifier}`,
+        `0x${params.timestamp.toString(16).padStart(16, "0")}`,
+        `0x${params.expiry.toString(16).padStart(16, "0")}`
+      ];
+      const proof = {
+        type: "validity",
+        proof: `0x${Buffer.from(proofData.proof).toString("hex")}`,
+        publicInputs
+      };
+      return {
+        proof,
+        publicInputs
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("Sender commitment")) {
+        throw new ProofGenerationError(
+          "validity",
+          "Sender commitment verification failed",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Invalid ECDSA")) {
+        throw new ProofGenerationError(
+          "validity",
+          "Authorization signature verification failed",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Nullifier mismatch")) {
+        throw new ProofGenerationError(
+          "validity",
+          "Nullifier derivation failed",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Intent expired")) {
+        throw new ProofGenerationError(
+          "validity",
+          "Intent has expired (timestamp >= expiry)",
+          error instanceof Error ? error : void 0
+        );
+      }
+      throw new ProofGenerationError(
+        "validity",
+        `Failed to generate validity proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Generate a Fulfillment Proof using Noir circuits
+   *
+   * Proves: Solver correctly executed the intent and delivered the required
+   * output to the recipient, without revealing execution path or liquidity sources.
+   *
+   * @see docs/specs/FULFILLMENT-PROOF.md
+   */
+  async generateFulfillmentProof(params) {
+    this.ensureReady();
+    if (!this.fulfillmentNoir || !this.fulfillmentBackend) {
+      throw new ProofGenerationError(
+        "fulfillment",
+        "Fulfillment circuit not initialized"
+      );
+    }
+    try {
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Generating fulfillment proof...");
+      }
+      const intentHashField = this.hexToField(params.intentHash);
+      const recipientStealthField = this.hexToField(params.recipientStealth);
+      const { commitmentX, commitmentY } = await this.computeOutputCommitment(
+        params.outputAmount,
+        params.outputBlinding
+      );
+      const solverSecretField = this.bytesToField(params.solverSecret);
+      const solverId = await this.computeSolverId(solverSecretField);
+      const outputBlindingField = this.bytesToField(params.outputBlinding);
+      const attestation = params.oracleAttestation;
+      const attestationRecipientField = this.hexToField(attestation.recipient);
+      const attestationTxHashField = this.hexToField(attestation.txHash);
+      const oracleSignature = Array.from(attestation.signature);
+      const oracleMessageHash = await this.computeOracleMessageHash(
+        attestation.recipient,
+        attestation.amount,
+        attestation.txHash,
+        attestation.blockNumber
+      );
+      const oraclePubKeyX = this.config.oraclePublicKey?.x ?? new Array(32).fill(0);
+      const oraclePubKeyY = this.config.oraclePublicKey?.y ?? new Array(32).fill(0);
+      if (!this.config.oraclePublicKey && this.config.verbose) {
+        console.warn("[NoirProofProvider] Warning: No oracle public key configured. Using placeholder keys.");
+      }
+      const witnessInputs = {
+        // Public inputs
+        intent_hash: intentHashField,
+        output_commitment_x: commitmentX,
+        output_commitment_y: commitmentY,
+        recipient_stealth: recipientStealthField,
+        min_output_amount: params.minOutputAmount.toString(),
+        solver_id: solverId,
+        fulfillment_time: params.fulfillmentTime.toString(),
+        expiry: params.expiry.toString(),
+        // Private inputs
+        output_amount: params.outputAmount.toString(),
+        output_blinding: outputBlindingField,
+        solver_secret: solverSecretField,
+        attestation_recipient: attestationRecipientField,
+        attestation_amount: attestation.amount.toString(),
+        attestation_tx_hash: attestationTxHashField,
+        attestation_block: attestation.blockNumber.toString(),
+        oracle_signature: oracleSignature,
+        oracle_message_hash: oracleMessageHash,
+        oracle_pub_key_x: oraclePubKeyX,
+        oracle_pub_key_y: oraclePubKeyY
+      };
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Fulfillment witness inputs:", {
+          intent_hash: intentHashField,
+          output_commitment_x: commitmentX,
+          output_commitment_y: commitmentY,
+          recipient_stealth: recipientStealthField,
+          min_output_amount: params.minOutputAmount.toString(),
+          solver_id: solverId,
+          fulfillment_time: params.fulfillmentTime,
+          expiry: params.expiry,
+          output_amount: "[PRIVATE]",
+          output_blinding: "[PRIVATE]",
+          solver_secret: "[PRIVATE]",
+          oracle_attestation: "[PRIVATE]"
+        });
+      }
+      const { witness } = await this.fulfillmentNoir.execute(witnessInputs);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Fulfillment witness generated, creating proof...");
+      }
+      const proofData = await this.fulfillmentBackend.generateProof(witness);
+      if (this.config.verbose) {
+        console.log("[NoirProofProvider] Fulfillment proof generated successfully");
+      }
+      const publicInputs = [
+        `0x${intentHashField}`,
+        `0x${commitmentX}`,
+        `0x${commitmentY}`,
+        `0x${recipientStealthField}`,
+        `0x${params.minOutputAmount.toString(16).padStart(16, "0")}`,
+        `0x${solverId}`,
+        `0x${params.fulfillmentTime.toString(16).padStart(16, "0")}`,
+        `0x${params.expiry.toString(16).padStart(16, "0")}`
+      ];
+      const proof = {
+        type: "fulfillment",
+        proof: `0x${Buffer.from(proofData.proof).toString("hex")}`,
+        publicInputs
+      };
+      return {
+        proof,
+        publicInputs
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("Output below minimum")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Output amount is below minimum required",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Commitment") && message.includes("mismatch")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Output commitment verification failed",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Recipient mismatch")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Attestation recipient does not match",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Invalid oracle")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Oracle attestation signature is invalid",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Unauthorized solver")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Solver not authorized for this intent",
+          error instanceof Error ? error : void 0
+        );
+      }
+      if (message.includes("Fulfillment after expiry")) {
+        throw new ProofGenerationError(
+          "fulfillment",
+          "Fulfillment occurred after intent expiry",
+          error instanceof Error ? error : void 0
+        );
+      }
+      throw new ProofGenerationError(
+        "fulfillment",
+        `Failed to generate fulfillment proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Verify a Noir proof
+   */
+  async verifyProof(proof) {
+    this.ensureReady();
+    let backend = null;
+    switch (proof.type) {
+      case "funding":
+        backend = this.fundingBackend;
+        break;
+      case "validity":
+        backend = this.validityBackend;
+        break;
+      case "fulfillment":
+        backend = this.fulfillmentBackend;
+        break;
+      default:
+        throw new ProofError(
+          `Unknown proof type: ${proof.type}`,
+          "SIP_4003" /* PROOF_NOT_IMPLEMENTED */
+        );
+    }
+    if (!backend) {
+      throw new ProofError(
+        `${proof.type} backend not initialized`,
+        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
+      );
+    }
+    try {
+      const proofHex = proof.proof.startsWith("0x") ? proof.proof.slice(2) : proof.proof;
+      const proofBytes = new Uint8Array(Buffer.from(proofHex, "hex"));
+      const isValid = await backend.verifyProof({
+        proof: proofBytes,
+        publicInputs: proof.publicInputs.map(
+          (input) => input.startsWith("0x") ? input.slice(2) : input
+        )
+      });
+      return isValid;
+    } catch (error) {
+      if (this.config.verbose) {
+        console.error("[NoirProofProvider] Verification error:", error);
+      }
+      return false;
+    }
+  }
+  /**
+   * Destroy the provider and free resources
+   */
+  async destroy() {
+    if (this.fundingBackend) {
+      await this.fundingBackend.destroy();
+      this.fundingBackend = null;
+    }
+    if (this.validityBackend) {
+      await this.validityBackend.destroy();
+      this.validityBackend = null;
+    }
+    if (this.fulfillmentBackend) {
+      await this.fulfillmentBackend.destroy();
+      this.fulfillmentBackend = null;
+    }
+    this.fundingNoir = null;
+    this.validityNoir = null;
+    this.fulfillmentNoir = null;
+    this._isReady = false;
+  }
+  // ─── Private Methods ───────────────────────────────────────────────────────
+  ensureReady() {
+    if (!this._isReady) {
+      throw new ProofError(
+        "NoirProofProvider not initialized. Call initialize() first.",
+        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
+      );
+    }
+  }
+  /**
+   * Compute the commitment hash that the circuit expects
+   *
+   * The circuit computes:
+   * 1. commitment = pedersen_commitment([balance, blinding])
+   * 2. commitment_hash = pedersen_hash([commitment.x, commitment.y, asset_id])
+   *
+   * We need to compute this outside to pass as a public input.
+   *
+   * **IMPORTANT**: This SDK uses SHA256 as a deterministic stand-in for Pedersen hash.
+   * Both the SDK and circuit MUST use the same hash function. The bundled circuit
+   * artifacts are configured to use SHA256 for compatibility. If you use custom
+   * circuits with actual Pedersen hashing, you must update this implementation.
+   *
+   * @see docs/specs/HASH-COMPATIBILITY.md for hash function requirements
+   */
+  async computeCommitmentHash(balance, blindingFactor, assetId) {
+    const blindingField = this.bytesToField(blindingFactor);
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const { bytesToHex } = await import("@noble/hashes/utils");
+    const preimage = new Uint8Array([
+      ...this.bigintToBytes(balance, 8),
+      ...blindingFactor.slice(0, 32),
+      ...this.hexToBytes(this.assetIdToField(assetId))
+    ]);
+    const hash = sha256(preimage);
+    const commitmentHash = bytesToHex(hash);
+    return { commitmentHash, blindingField };
+  }
+  /**
+   * Convert asset ID to field element
+   */
+  assetIdToField(assetId) {
+    if (assetId.startsWith("0x")) {
+      return assetId.slice(2).padStart(64, "0");
+    }
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(assetId);
+    let result = 0n;
+    for (let i = 0; i < bytes.length && i < 31; i++) {
+      result = result * 256n + BigInt(bytes[i]);
+    }
+    return result.toString(16).padStart(64, "0");
+  }
+  /**
+   * Convert bytes to field element string
+   */
+  bytesToField(bytes) {
+    let result = 0n;
+    const len = Math.min(bytes.length, 31);
+    for (let i = 0; i < len; i++) {
+      result = result * 256n + BigInt(bytes[i]);
+    }
+    return result.toString();
+  }
+  /**
+   * Convert bigint to bytes
+   */
+  bigintToBytes(value, length) {
+    const bytes = new Uint8Array(length);
+    let v = value;
+    for (let i = length - 1; i >= 0; i--) {
+      bytes[i] = Number(v & 0xffn);
+      v = v >> 8n;
+    }
+    return bytes;
+  }
+  /**
+   * Convert hex string to bytes
+   */
+  hexToBytes(hex) {
+    const h = hex.startsWith("0x") ? hex.slice(2) : hex;
+    const bytes = new Uint8Array(h.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+      bytes[i] = parseInt(h.slice(i * 2, i * 2 + 2), 16);
+    }
+    return bytes;
+  }
+  /**
+   * Convert hex string to field element string
+   */
+  hexToField(hex) {
+    const h = hex.startsWith("0x") ? hex.slice(2) : hex;
+    return h.padStart(64, "0");
+  }
+  /**
+   * Convert field string to 32-byte array
+   */
+  fieldToBytes32(field) {
+    const hex = field.padStart(64, "0");
+    const bytes = [];
+    for (let i = 0; i < 32; i++) {
+      bytes.push(parseInt(hex.slice(i * 2, i * 2 + 2), 16));
+    }
+    return bytes;
+  }
+  /**
+   * Compute sender commitment for validity proof
+   *
+   * Uses SHA256 for SDK-side computation. The bundled circuit artifacts
+   * are compiled to use SHA256 for compatibility with this SDK.
+   *
+   * @see computeCommitmentHash for hash function compatibility notes
+   */
+  async computeSenderCommitment(senderAddressField, senderBlindingField) {
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const { bytesToHex } = await import("@noble/hashes/utils");
+    const addressBytes = this.hexToBytes(senderAddressField);
+    const blindingBytes = this.hexToBytes(senderBlindingField.padStart(64, "0"));
+    const preimage = new Uint8Array([...addressBytes, ...blindingBytes]);
+    const hash = sha256(preimage);
+    const commitmentX = bytesToHex(hash.slice(0, 16)).padStart(64, "0");
+    const commitmentY = bytesToHex(hash.slice(16, 32)).padStart(64, "0");
+    return { commitmentX, commitmentY };
+  }
+  /**
+   * Compute nullifier for validity proof
+   *
+   * Uses SHA256 for SDK-side computation. The bundled circuit artifacts
+   * are compiled to use SHA256 for compatibility with this SDK.
+   *
+   * @see computeCommitmentHash for hash function compatibility notes
+   */
+  async computeNullifier(senderSecretField, intentHashField, nonceField) {
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const { bytesToHex } = await import("@noble/hashes/utils");
+    const secretBytes = this.hexToBytes(senderSecretField.padStart(64, "0"));
+    const intentBytes = this.hexToBytes(intentHashField);
+    const nonceBytes = this.hexToBytes(nonceField.padStart(64, "0"));
+    const preimage = new Uint8Array([...secretBytes, ...intentBytes, ...nonceBytes]);
+    const hash = sha256(preimage);
+    return bytesToHex(hash);
+  }
+  /**
+   * Compute output commitment for fulfillment proof
+   *
+   * Uses SHA256 for SDK-side computation. The bundled circuit artifacts
+   * are compiled to use SHA256 for compatibility with this SDK.
+   *
+   * @see computeCommitmentHash for hash function compatibility notes
+   */
+  async computeOutputCommitment(outputAmount, outputBlinding) {
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const { bytesToHex } = await import("@noble/hashes/utils");
+    const amountBytes = this.bigintToBytes(outputAmount, 8);
+    const blindingBytes = outputBlinding.slice(0, 32);
+    const preimage = new Uint8Array([...amountBytes, ...blindingBytes]);
+    const hash = sha256(preimage);
+    const commitmentX = bytesToHex(hash.slice(0, 16)).padStart(64, "0");
+    const commitmentY = bytesToHex(hash.slice(16, 32)).padStart(64, "0");
+    return { commitmentX, commitmentY };
+  }
+  /**
+   * Compute solver ID from solver secret
+   *
+   * Uses SHA256 for SDK-side computation. The bundled circuit artifacts
+   * are compiled to use SHA256 for compatibility with this SDK.
+   *
+   * @see computeCommitmentHash for hash function compatibility notes
+   */
+  async computeSolverId(solverSecretField) {
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const { bytesToHex } = await import("@noble/hashes/utils");
+    const secretBytes = this.hexToBytes(solverSecretField.padStart(64, "0"));
+    const hash = sha256(secretBytes);
+    return bytesToHex(hash);
+  }
+  /**
+   * Compute oracle message hash for fulfillment proof
+   *
+   * Hash of attestation data that oracle signs
+   */
+  async computeOracleMessageHash(recipient, amount, txHash, blockNumber) {
+    const { sha256 } = await import("@noble/hashes/sha256");
+    const recipientBytes = this.hexToBytes(this.hexToField(recipient));
+    const amountBytes = this.bigintToBytes(amount, 8);
+    const txHashBytes = this.hexToBytes(this.hexToField(txHash));
+    const blockBytes = this.bigintToBytes(blockNumber, 8);
+    const preimage = new Uint8Array([
+      ...recipientBytes,
+      ...amountBytes,
+      ...txHashBytes,
+      ...blockBytes
+    ]);
+    const hash = sha256(preimage);
+    return Array.from(hash);
+  }
+  /**
+   * Derive secp256k1 public key coordinates from a private key
+   *
+   * @param privateKey - 32-byte private key as Uint8Array
+   * @returns X and Y coordinates as 32-byte arrays
+   */
+  getPublicKeyCoordinates(privateKey) {
+    const uncompressedPubKey = secp256k1.getPublicKey(privateKey, false);
+    const x = Array.from(uncompressedPubKey.slice(1, 33));
+    const y = Array.from(uncompressedPubKey.slice(33, 65));
+    return { x, y };
+  }
+  /**
+   * Derive public key coordinates from a field string (private key)
+   *
+   * @param privateKeyField - Private key as hex field string
+   * @returns X and Y coordinates as 32-byte arrays
+   */
+  getPublicKeyFromField(privateKeyField) {
+    const privateKeyBytes = this.hexToBytes(privateKeyField.padStart(64, "0"));
+    return this.getPublicKeyCoordinates(privateKeyBytes);
+  }
+};
+export {
+  NoirProofProvider
+};