@taquito/sapling 24.3.0-beta.1 → 24.3.0-beta.3

package/README.md

@@ -24,7 +24,7 @@ The returned balance is in mutez.
 import { TezosToolkit, RpcReadAdapter } from '@taquito/taquito';
 import { SaplingToolkit, InMemorySpendingKey } from '@taquito/sapling';
 
-const tezos = new TezosToolkit('https://ghostnet.tezos.ecadinfra.com/');
+const tezos = new TezosToolkit('https://shadownet.tezos.ecadinfra.com/');
 
 const saplingContract = await tezos.contract.at('KT1UYwMR6Q6LZnwQEi77DSBrAjKT1tEJb245');
 
@@ -50,7 +50,7 @@ A shielded transaction allows sending tokens from a Tezos account (tz1, tz2, tz3
 import { TezosToolkit, RpcReadAdapter } from '@taquito/taquito';
 import { SaplingToolkit, InMemorySpendingKey } from '@taquito/sapling';
 
-const tezos = new TezosToolkit('https://ghostnet.tezos.ecadinfra.com/');
+const tezos = new TezosToolkit('https://shadownet.tezos.ecadinfra.com/');
 // set up your signer on the TezosToolkit as usual
 const saplingContract = await tezos.contract.at('KT1UYwMR6Q6LZnwQEi77DSBrAjKT1tEJb245');
 

package/SAPLING_PARAMS_PROVENANCE.md

@@ -0,0 +1,24 @@
+## Sapling Parameter Provenance
+
+The `saplingOutputParams.js` file in this package and the `saplingSpendParams.js` file in the sibling `@taquito/sapling-spend-params` package are vendored copies of the Sapling proving parameters distributed by the Zcash project.
+
+Source:
+- `https://download.z.cash/downloads/sapling-spend.params`
+- `https://download.z.cash/downloads/sapling-output.params`
+
+Verification data:
+- `sapling-spend.params`
+  - Size: `47,958,396` bytes
+  - SHA-256: `8e48ffd23abb3a5fd9c5589204f32d9c31285a04b78096ba40a79b75677efc13`
+- `sapling-output.params`
+  - Size: `3,592,860` bytes
+  - SHA-256: `2f0ebbcbb9bb0bcffe95a397e7eba89c29eb4dde6191c339db88570e3f3fb0e4`
+
+Why these files are vendored:
+- `@taquito/sapling` previously fetched them during `postinstall`, which made installs network-dependent.
+- Vendoring keeps published packages self-contained and makes builds reproducible.
+- These parameters are treated as fixed trusted setup artifacts, not routine updatable assets.
+
+Maintainer note:
+- `fetch-sapling-params.js` is retained only as a repo-maintenance helper to regenerate the vendored wrapper files from the exact raw parameter files above.
+- Any regeneration should be exceptional, manually reviewed, and accompanied by explicit provenance updates in this file.

package/dist/lib/sapling-keys/helpers.js

@@ -4,7 +4,8 @@ exports.decryptKey = decryptKey;
 const errors_1 = require("../errors");
 const typedarray_to_buffer_1 = require("typedarray-to-buffer");
 const nacl_1 = require("@stablelib/nacl");
-const pbkdf2_1 = require("pbkdf2");
+const pbkdf2_js_1 = require("@noble/hashes/pbkdf2.js");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
 const utils_1 = require("@taquito/utils");
 const core_1 = require("@taquito/core");
 function decryptKey(spendingKey, password) {
@@ -30,7 +31,7 @@ function decryptKey(spendingKey, password) {
         }
         const salt = (0, typedarray_to_buffer_1.default)(keyArr.slice(0, 8));
         const encryptedSk = (0, typedarray_to_buffer_1.default)(keyArr.slice(8));
-        const encryptionKey = pbkdf2_1.default.pbkdf2Sync(password, salt, 32768, 32, 'sha512');
+        const encryptionKey = (0, pbkdf2_js_1.pbkdf2)(sha2_js_1.sha512, password, salt, { c: 32768, dkLen: 32 });
         // Zero nonce is safe: fresh random salt per encryption produces unique PBKDF2-derived key.
         // See: https://gitlab.com/tezos/tezos/-/blob/master/src/lib_signer_backends/encrypted.ml
         const decrypted = (0, nacl_1.openSecretBox)(new Uint8Array(encryptionKey), new Uint8Array(24), // zero nonce - uniqueness provided by per-encryption derived key

package/dist/lib/sapling-keys/in-memory-proving-key.js

@@ -13,7 +13,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
 var _InMemoryProvingKey_provingKey;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.InMemoryProvingKey = void 0;
-const sapling = require("@airgap/sapling-wasm");
+const sapling = require("@taquito/sapling-wasm");
 const helpers_1 = require("./helpers");
 /**
  * holds the proving key, create proof for spend descriptions

package/dist/lib/sapling-keys/in-memory-spending-key.js

@@ -14,9 +14,9 @@ var _InMemorySpendingKey_spendingKeyBuf, _InMemorySpendingKey_saplingViewingKey;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.InMemorySpendingKey = void 0;
 const in_memory_viewing_key_1 = require("./in-memory-viewing-key");
-const sapling = require("@airgap/sapling-wasm");
+const sapling = require("@taquito/sapling-wasm");
 const utils_1 = require("@taquito/utils");
-const bip39 = require("bip39");
+const bip39 = require("@scure/bip39");
 const helpers_1 = require("./helpers");
 /**
  * holds the spending key, create proof and signature for spend descriptions

package/dist/lib/sapling-keys/in-memory-viewing-key.js

@@ -14,7 +14,7 @@ var _InMemoryViewingKey_fullViewingKey;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.InMemoryViewingKey = void 0;
 const utils_1 = require("@taquito/utils");
-const sapling = require("@airgap/sapling-wasm");
+const sapling = require("@taquito/sapling-wasm");
 const helpers_1 = require("./helpers");
 /**
  * Holds the viewing key

package/dist/lib/sapling-module-wrapper.js

@@ -1,20 +1,28 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SaplingWrapper = void 0;
-const sapling = require("@airgap/sapling-wasm");
-const random_1 = require("@stablelib/random");
+const sapling = require("@taquito/sapling-wasm");
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const saplingOutputParams = require('../saplingOutputParams');
 // eslint-disable-next-line @typescript-eslint/no-var-requires
-const saplingSpendParams = require('../saplingSpendParams');
+const saplingSpendParams = require('@taquito/sapling-spend-params');
 let cachedParams;
+const getRandomValueSource = () => {
+    const crypto = globalThis.crypto;
+    if (!crypto?.getRandomValues) {
+        throw new Error('Sapling randomness requires globalThis.crypto.getRandomValues');
+    }
+    return crypto;
+};
 class SaplingWrapper {
     async withProvingContext(action) {
         await this.initSaplingParameters();
         return sapling.withProvingContext(action);
     }
     getRandomBytes(length) {
-        return (0, random_1.randomBytes)(length);
+        const bytes = new Uint8Array(length);
+        getRandomValueSource().getRandomValues(bytes);
+        return bytes;
     }
     async randR() {
         return sapling.randR();

package/dist/lib/sapling-state/sapling-state.js

@@ -7,10 +7,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SaplingState = void 0;
 const errors_1 = require("../errors");
-const sapling_wasm_1 = require("@airgap/sapling-wasm");
+const sapling_wasm_1 = require("@taquito/sapling-wasm");
 const utils_1 = require("./utils");
 const utils_2 = require("@taquito/utils");
 const bignumber_js_1 = require("bignumber.js");
+const BigNumber = bignumber_js_1.default;
 /**
  * The SaplingState class's main purpose is to provide a Merkle path for the forger and the transaction builder, so that it may verify that the Sapling transaction is valid
  *
@@ -130,7 +131,7 @@ class SaplingState {
         }
         else {
             let nextPos, nextTree, otherTree;
-            const fullTree = new bignumber_js_1.default(2).pow(height - 1);
+            const fullTree = new BigNumber(2).pow(height - 1);
             if (position.lt(fullTree)) {
                 nextPos = position;
                 nextTree = tree[1];

package/dist/lib/sapling-tx-builder/sapling-transactions-builder.js

@@ -17,6 +17,7 @@ const blakejs_1 = require("blakejs");
 const nacl_1 = require("@stablelib/nacl");
 const constants_1 = require("../constants");
 const bignumber_js_1 = require("bignumber.js");
+const BigNumber = bignumber_js_1.default;
 const utils_1 = require("@taquito/utils");
 const helpers_1 = require("../sapling-tx-viewer/helpers");
 const sapling_state_1 = require("../sapling-state/sapling-state");
@@ -85,9 +86,9 @@ class SaplingTransactionBuilder {
             const outputs = [];
             const inputs = [];
             inputs.push(...(await this.prepareSaplingSpendDescription(saplingContext, chosenInputs.inputsToSpend)));
-            let sumAmountOutput = new bignumber_js_1.default(0);
+            let sumAmountOutput = new BigNumber(0);
             for (const i in saplingTransactionParams) {
-                sumAmountOutput = sumAmountOutput.plus(new bignumber_js_1.default(saplingTransactionParams[i].amount));
+                sumAmountOutput = sumAmountOutput.plus(new BigNumber(saplingTransactionParams[i].amount));
                 const [address] = (0, utils_1.b58DecodeAndCheckPrefix)(saplingTransactionParams[i].to, [
                     utils_1.PrefixV2.SaplingAddress,
                 ]);
@@ -111,7 +112,7 @@ class SaplingTransactionBuilder {
                     randomCommitmentTrapdoor: randomCommitmentTrapdoor,
                     outgoingViewingKey: outgoingViewingKey,
                 }, chosenInputs.sumSelectedInputs);
-                sumAmountOutput = sumAmountOutput.plus(new bignumber_js_1.default(payBackAmount));
+                sumAmountOutput = sumAmountOutput.plus(new BigNumber(payBackAmount));
                 outputs.push(payBackOutput);
             }
             const balance = this.calculateTransactionBalance(chosenInputs.sumSelectedInputs.toString(), sumAmountOutput.toString());
@@ -133,7 +134,7 @@ class SaplingTransactionBuilder {
     }
     // sum of values of inputs minus sums of values of output equals balance
     calculateTransactionBalance(inputTotal, outputTotal) {
-        return new bignumber_js_1.default(inputTotal).minus(new bignumber_js_1.default(outputTotal));
+        return new BigNumber(inputTotal).minus(new BigNumber(outputTotal));
     }
     async prepareSaplingOutputDescription(parametersOutputDescription) {
         const ephemeralPrivateKey = await __classPrivateFieldGet(this, _SaplingTransactionBuilder_saplingWrapper, "f").randR();
@@ -186,7 +187,7 @@ class SaplingTransactionBuilder {
         const saplingSpendDescriptions = [];
         for (let i = 0; i < inputsToSpend.length; i++) {
             const amount = (0, helpers_1.convertValueToBigNumber)(inputsToSpend[i].value).toString();
-            const witness = await __classPrivateFieldGet(this, _SaplingTransactionBuilder_saplingState, "f").getWitness(stateTree, new bignumber_js_1.default(inputsToSpend[i].position));
+            const witness = await __classPrivateFieldGet(this, _SaplingTransactionBuilder_saplingState, "f").getWitness(stateTree, new BigNumber(inputsToSpend[i].position));
             const unsignedSpendDescription = __classPrivateFieldGet(this, _SaplingTransactionBuilder_inMemoryProvingKey, "f")
                 ? await __classPrivateFieldGet(this, _SaplingTransactionBuilder_inMemoryProvingKey, "f").prepareSpendDescription({
                     saplingContext,

package/dist/lib/sapling-tx-viewer/sapling-transaction-viewer.js

@@ -13,8 +13,9 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
 var _SaplingTransactionViewer_viewingKeyProvider, _SaplingTransactionViewer_readProvider, _SaplingTransactionViewer_saplingContractId;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SaplingTransactionViewer = void 0;
-const sapling = require("@airgap/sapling-wasm");
+const sapling = require("@taquito/sapling-wasm");
 const bignumber_js_1 = require("bignumber.js");
+const BigNumber = bignumber_js_1.default;
 const utils_1 = require("@taquito/utils");
 const blakejs_1 = require("blakejs");
 const nacl_1 = require("@stablelib/nacl");
@@ -44,7 +45,7 @@ class SaplingTransactionViewer {
      *
      */
     async getBalance() {
-        let balance = new bignumber_js_1.default(0);
+        let balance = new BigNumber(0);
         const { commitments_and_ciphertexts, nullifiers } = await this.getSaplingDiff();
         for (let i = 0; i < commitments_and_ciphertexts.length; i++) {
             const decrypted = await this.decryptCiphertextAsReceiver(commitments_and_ciphertexts[i]);

package/dist/lib/taquito-sapling.js

@@ -18,6 +18,7 @@ var _SaplingToolkit_inMemorySpendingKey, _SaplingToolkit_saplingId, _SaplingTool
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SaplingToolkit = exports.InMemoryProvingKey = exports.InMemorySpendingKey = exports.InMemoryViewingKey = exports.SaplingTransactionViewer = void 0;
 const bignumber_js_1 = require("bignumber.js");
+const BigNumber = bignumber_js_1.default;
 const taquito_1 = require("@taquito/taquito");
 const utils_1 = require("@taquito/utils");
 const errors_1 = require("./errors");
@@ -122,7 +123,7 @@ class SaplingToolkit {
         const { formatedParams, totalAmount } = this.formatTransactionParams([unshieldedTxParams], this.validateDestinationImplicitAddress);
         const boundData = await this.createBoundData(formatedParams[0].to);
         const root = await this.getRoot();
-        const chosenInputs = await this.selectInputsToSpend(new bignumber_js_1.default(formatedParams[0].amount));
+        const chosenInputs = await this.selectInputsToSpend(new BigNumber(formatedParams[0].amount));
         const { inputs, outputs, signature, balance } = await __classPrivateFieldGet(this, _SaplingToolkit_saplingTxBuilder, "f").createSaplingTx([], totalAmount, boundData, chosenInputs);
         const forgedSaplingTx = __classPrivateFieldGet(this, _SaplingToolkit_saplingForger, "f").forgeSaplingTransaction({
             inputs,
@@ -159,13 +160,13 @@ class SaplingToolkit {
     }
     formatTransactionParams(txParams, validateDestination) {
         const formatedParams = [];
-        let totalAmount = new bignumber_js_1.default(0);
+        let totalAmount = new BigNumber(0);
         txParams.forEach((param) => {
             validateDestination(param.to);
             const amountMutez = param.mutez
                 ? param.amount.toString()
                 : (0, utils_1.format)('tz', 'mutez', param.amount).toString();
-            totalAmount = totalAmount.plus(new bignumber_js_1.default(amountMutez));
+            totalAmount = totalAmount.plus(new BigNumber(amountMutez));
             const memo = param.memo ?? constants_1.DEFAULT_MEMO;
             if (memo.length > __classPrivateFieldGet(this, _SaplingToolkit_memoSize, "f")) {
                 throw new errors_1.InvalidMemo(memo, `expecting length to be less than ${__classPrivateFieldGet(this, _SaplingToolkit_memoSize, "f")}`);
@@ -220,7 +221,7 @@ class SaplingToolkit {
         const saplingTxViewer = await this.getSaplingTransactionViewer();
         const { incoming } = await saplingTxViewer.getIncomingAndOutgoingTransactionsRaw();
         const inputsToSpend = [];
-        let sumSelectedInputs = new bignumber_js_1.default(0);
+        let sumSelectedInputs = new BigNumber(0);
         incoming.forEach((input) => {
             if (!input.isSpent && sumSelectedInputs.isLessThan(amountMutez)) {
                 const txAmount = (0, helpers_1.convertValueToBigNumber)(input.value);
@@ -229,7 +230,7 @@ class SaplingToolkit {
                 inputsToSpend.push(rest);
             }
         });
-        if (sumSelectedInputs.isLessThan(new bignumber_js_1.default(amountMutez))) {
+        if (sumSelectedInputs.isLessThan(new BigNumber(amountMutez))) {
             throw new errors_1.InsufficientBalance(sumSelectedInputs.toString(), amountMutez.toString());
         }
         return { inputsToSpend, sumSelectedInputs };

package/dist/lib/types.js

@@ -1,2 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const bignumber_js_1 = require("bignumber.js");
+const BigNumber = bignumber_js_1.default;

package/dist/lib/version.js

@@ -3,6 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 // IMPORTANT: THIS FILE IS AUTO GENERATED! DO NOT MANUALLY EDIT!
 exports.VERSION = {
-    "commitHash": "05df48fee92f846cba793920d6fa829afd6a1847",
-    "version": "24.3.0-beta.1"
+    "commitHash": "a312cd3f4fc0ab0fb3351bfffe6ad855772cb077",
+    "version": "24.3.0-beta.3"
 };