@theqrl/mldsa87 1.1.1 → 2.0.0

package/README.md

@@ -26,12 +26,13 @@ const pk = new Uint8Array(CryptoPublicKeyBytes);  // 2592 bytes
 const sk = new Uint8Array(CryptoSecretKeyBytes);  // 4896 bytes
 cryptoSignKeypair(null, pk, sk);  // null = random seed
 
-// Sign a message (uses default "ZOND" context)
+// Sign a message
 const message = new TextEncoder().encode('Hello, quantum world!');
-const signedMessage = cryptoSign(message, sk, false);  // false = deterministic
+const ctx = new Uint8Array([0x5a, 0x4f, 0x4e, 0x44]);  // "ZOND"
+const signedMessage = cryptoSign(message, sk, false, ctx);  // false = deterministic
 
-// Verify and extract
-const extracted = cryptoSignOpen(signedMessage, pk);
+// Verify and extract (context must match)
+const extracted = cryptoSignOpen(signedMessage, pk, ctx);
 if (extracted === undefined) {
   throw new Error('Invalid signature');
 }
@@ -40,20 +41,21 @@ console.log(new TextDecoder().decode(extracted));  // "Hello, quantum world!"
 
 ## Context Parameter
 
-ML-DSA-87 supports a context parameter for domain separation (FIPS 204 feature). This allows the same keypair to be used safely across different applications.
+ML-DSA-87 requires a context parameter for domain separation (FIPS 204 feature). This allows the same keypair to be used safely across different applications.
 
 ```javascript
-// With custom context
+// With application-specific context
 const ctx = new TextEncoder().encode('my-app-v1');
 const signed = cryptoSign(message, sk, false, ctx);
 const extracted = cryptoSignOpen(signed, pk, ctx);
 
 // Context must match for verification
-cryptoSignOpen(signed, pk);  // undefined - wrong context (default "ZOND")
-cryptoSignOpen(signed, pk, ctx);  // message - correct context
+const wrongCtx = new Uint8Array(0);
+cryptoSignOpen(signed, pk, wrongCtx);  // undefined - wrong context
+cryptoSignOpen(signed, pk, ctx);       // message - correct context
 ```
 
-The default context is `"ZOND"` (for QRL Zond network compatibility). Context can be 0-255 bytes.
+Context is a required `Uint8Array` and can be 0-255 bytes. Use an empty `Uint8Array(0)` if no domain separation is needed.
 
 ## API
 
@@ -77,26 +79,26 @@ Generate a keypair from a seed.
 - `sk`: `Uint8Array(4896)` - output buffer for secret key
 - Returns: The seed used (useful when `seed` is `null`)
 
-#### `cryptoSign(message, sk, randomized, context?)`
+#### `cryptoSign(message, sk, randomized, context)`
 
 Sign a message (combined mode: returns signature || message).
 
 - `message`: `Uint8Array` or `string` - message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `sk`: `Uint8Array(4896)` - secret key
 - `randomized`: `boolean` - `true` for hedged signing, `false` for deterministic
-- `context`: `Uint8Array` (optional) - context string, 0-255 bytes. Default: `"ZOND"`
+- `context`: `Uint8Array` - context string for domain separation, 0-255 bytes
 - Returns: `Uint8Array` containing signature + message
 
-#### `cryptoSignOpen(signedMessage, pk, context?)`
+#### `cryptoSignOpen(signedMessage, pk, context)`
 
 Verify and extract message from signed message.
 
 - `signedMessage`: `Uint8Array` - output from `cryptoSign()`
 - `pk`: `Uint8Array(2592)` - public key
-- `context`: `Uint8Array` (optional) - must match signing context
+- `context`: `Uint8Array` - must match signing context
 - Returns: Original message if valid, `undefined` if verification fails
 
-#### `cryptoSignSignature(sig, message, sk, randomized, context?)`
+#### `cryptoSignSignature(sig, message, sk, randomized, context)`
 
 Create a detached signature.
 
@@ -104,17 +106,17 @@ Create a detached signature.
 - `message`: `Uint8Array` or `string` - message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `sk`: `Uint8Array(4896)` - secret key
 - `randomized`: `boolean` - `true` for hedged, `false` for deterministic
-- `context`: `Uint8Array` (optional) - context string, 0-255 bytes
+- `context`: `Uint8Array` - context string for domain separation, 0-255 bytes
 - Returns: `0` on success
 
-#### `cryptoSignVerify(sig, message, pk, context?)`
+#### `cryptoSignVerify(sig, message, pk, context)`
 
 Verify a detached signature.
 
 - `sig`: `Uint8Array(4627)` - signature to verify
 - `message`: `Uint8Array` or `string` - original message bytes; if `string`, it must be hex only (optional `0x`, even length). Plain-text strings are not accepted.
 - `pk`: `Uint8Array(2592)` - public key
-- `context`: `Uint8Array` (optional) - must match signing context
+- `context`: `Uint8Array` - must match signing context
 - Returns: `true` if valid, `false` otherwise
 
 **Note:** To sign or verify plain text, convert it to bytes (e.g., `new TextEncoder().encode('Hello')`). String inputs are interpreted as hex only.

package/dist/cjs/mldsa87.js

@@ -553,7 +553,7 @@ function cAddQ(a) {
 
 function ntt(a) {
   let k = 0;
-  let j = 0;
+  let j;
 
   for (let len = 128; len > 0; len >>= 1) {
     for (let start = 0; start < N; start = j + len) {
@@ -569,7 +569,7 @@ function ntt(a) {
 
 function invNTTToMont(a) {
   const f = 41978n; // mont^2/256
-  let j = 0;
+  let j;
   let k = 256;
 
   for (let len = 1; len < N; len <<= 1) {
@@ -1486,13 +1486,6 @@ function isZero(buffer) {
   return acc === 0;
 }
 
-/**
- * Default signing context ("ZOND" in ASCII).
- * Used for domain separation per FIPS 204.
- * @constant {Uint8Array}
- */
-const DEFAULT_CTX = new Uint8Array([0x5a, 0x4f, 0x4e, 0x44]); // "ZOND"
-
 /**
  * Convert hex string to Uint8Array with strict validation.
  *
@@ -1566,9 +1559,9 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
     }
   } catch (e) {
     if (e instanceof TypeError) {
-      throw new Error(`pk/sk cannot be null`);
+      throw new Error(`pk/sk cannot be null`, { cause: e });
     } else {
-      throw new Error(`${e.message}`);
+      throw new Error(`${e.message}`, { cause: e });
     }
   }
 
@@ -1647,21 +1640,22 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
  * @returns {number} 0 on success
- * @throws {Error} If sk is wrong size or context exceeds 255 bytes
+ * @throws {Error} If ctx is missing, sk is wrong size, or context exceeds 255 bytes
  *
  * @example
  * const sig = new Uint8Array(CryptoBytes);
- * cryptoSignSignature(sig, message, sk, false);
- * // Or with custom context:
- * cryptoSignSignature(sig, message, sk, false, new Uint8Array([0x01, 0x02]));
+ * const ctx = new Uint8Array([0x01, 0x02]);
+ * cryptoSignSignature(sig, message, sk, false, ctx);
  */
-function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
   if (!sig || sig.length < CryptoBytes) {
     throw new Error(`sig must be at least ${CryptoBytes} bytes`);
   }
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
@@ -1788,16 +1782,18 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
  * @throws {Error} If signing fails
  *
  * @example
- * const signedMsg = cryptoSign(message, sk, false);
+ * const signedMsg = cryptoSign(message, sk, false, ctx);
  * // signedMsg contains: signature (4627 bytes) || message
  */
-function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+function cryptoSign(msg, sk, randomizedSigning, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   const msgBytes = messageToBytes(msg);
 
   const sm = new Uint8Array(CryptoBytes + msgBytes.length);
@@ -1824,17 +1820,19 @@ function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
  * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
  * @returns {boolean} true if signature is valid, false otherwise
  *
  * @example
- * const isValid = cryptoSignVerify(signature, message, pk);
+ * const isValid = cryptoSignVerify(signature, message, pk, ctx);
  * if (!isValid) {
  *   throw new Error('Invalid signature');
  * }
  */
-function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
+function cryptoSignVerify(sig, m, pk, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (ctx.length > 255) return false;
   let i;
   const buf = new Uint8Array(K * PolyW1PackedBytes);
@@ -1922,17 +1920,19 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
  *
  * @param {Uint8Array} sm - Signed message (signature || message)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
  * @returns {Uint8Array|undefined} The original message if valid, undefined if verification fails
  *
  * @example
- * const message = cryptoSignOpen(signedMsg, pk);
+ * const message = cryptoSignOpen(signedMsg, pk, ctx);
  * if (message === undefined) {
  *   throw new Error('Invalid signature');
  * }
  */
-function cryptoSignOpen(sm, pk, ctx = DEFAULT_CTX) {
+function cryptoSignOpen(sm, pk, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (sm.length < CryptoBytes) {
     return undefined;
   }

package/dist/mjs/mldsa87.js

@@ -174,7 +174,7 @@ function cAddQ(a) {
 
 function ntt(a) {
   let k = 0;
-  let j = 0;
+  let j;
 
   for (let len = 128; len > 0; len >>= 1) {
     for (let start = 0; start < N; start = j + len) {
@@ -190,7 +190,7 @@ function ntt(a) {
 
 function invNTTToMont(a) {
   const f = 41978n; // mont^2/256
-  let j = 0;
+  let j;
   let k = 256;
 
   for (let len = 1; len < N; len <<= 1) {
@@ -1107,13 +1107,6 @@ function isZero(buffer) {
   return acc === 0;
 }
 
-/**
- * Default signing context ("ZOND" in ASCII).
- * Used for domain separation per FIPS 204.
- * @constant {Uint8Array}
- */
-const DEFAULT_CTX = new Uint8Array([0x5a, 0x4f, 0x4e, 0x44]); // "ZOND"
-
 /**
  * Convert hex string to Uint8Array with strict validation.
  *
@@ -1187,9 +1180,9 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
     }
   } catch (e) {
     if (e instanceof TypeError) {
-      throw new Error(`pk/sk cannot be null`);
+      throw new Error(`pk/sk cannot be null`, { cause: e });
     } else {
-      throw new Error(`${e.message}`);
+      throw new Error(`${e.message}`, { cause: e });
     }
   }
 
@@ -1268,21 +1261,22 @@ function cryptoSignKeypair(passedSeed, pk, sk) {
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce for hedged signing.
  *   If false, use deterministic nonce derived from message and key.
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
  * @returns {number} 0 on success
- * @throws {Error} If sk is wrong size or context exceeds 255 bytes
+ * @throws {Error} If ctx is missing, sk is wrong size, or context exceeds 255 bytes
  *
  * @example
  * const sig = new Uint8Array(CryptoBytes);
- * cryptoSignSignature(sig, message, sk, false);
- * // Or with custom context:
- * cryptoSignSignature(sig, message, sk, false, new Uint8Array([0x01, 0x02]));
+ * const ctx = new Uint8Array([0x01, 0x02]);
+ * cryptoSignSignature(sig, message, sk, false, ctx);
  */
-function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx) {
   if (!sig || sig.length < CryptoBytes) {
     throw new Error(`sig must be at least ${CryptoBytes} bytes`);
   }
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (ctx.length > 255) throw new Error(`invalid context length: ${ctx.length} (max 255)`);
   if (sk.length !== CryptoSecretKeyBytes) {
     throw new Error(`invalid sk length ${sk.length} | Expected length ${CryptoSecretKeyBytes}`);
@@ -1409,16 +1403,18 @@ function cryptoSignSignature(sig, m, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * @param {string|Uint8Array} msg - Message to sign (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} sk - Secret key (must be CryptoSecretKeyBytes = 4896 bytes)
  * @param {boolean} randomizedSigning - If true, use random nonce; if false, deterministic
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string for domain separation (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string for domain separation (max 255 bytes).
  * @returns {Uint8Array} Signed message (CryptoBytes + msg.length bytes)
  * @throws {Error} If signing fails
  *
  * @example
- * const signedMsg = cryptoSign(message, sk, false);
+ * const signedMsg = cryptoSign(message, sk, false, ctx);
  * // signedMsg contains: signature (4627 bytes) || message
  */
-function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
+function cryptoSign(msg, sk, randomizedSigning, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   const msgBytes = messageToBytes(msg);
 
   const sm = new Uint8Array(CryptoBytes + msgBytes.length);
@@ -1445,17 +1441,19 @@ function cryptoSign(msg, sk, randomizedSigning, ctx = DEFAULT_CTX) {
  * @param {Uint8Array} sig - Signature to verify (must be CryptoBytes = 4627 bytes)
  * @param {string|Uint8Array} m - Message that was signed (hex string, optional 0x prefix, or Uint8Array)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
  * @returns {boolean} true if signature is valid, false otherwise
  *
  * @example
- * const isValid = cryptoSignVerify(signature, message, pk);
+ * const isValid = cryptoSignVerify(signature, message, pk, ctx);
  * if (!isValid) {
  *   throw new Error('Invalid signature');
  * }
  */
-function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
+function cryptoSignVerify(sig, m, pk, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (ctx.length > 255) return false;
   let i;
   const buf = new Uint8Array(K * PolyW1PackedBytes);
@@ -1543,17 +1541,19 @@ function cryptoSignVerify(sig, m, pk, ctx = DEFAULT_CTX) {
  *
  * @param {Uint8Array} sm - Signed message (signature || message)
  * @param {Uint8Array} pk - Public key (must be CryptoPublicKeyBytes = 2592 bytes)
- * @param {Uint8Array} [ctx=DEFAULT_CTX] - Context string used during signing (max 255 bytes).
- *   Defaults to "ZOND" for QRL compatibility.
+ * @param {Uint8Array} ctx - Context string used during signing (max 255 bytes).
  * @returns {Uint8Array|undefined} The original message if valid, undefined if verification fails
  *
  * @example
- * const message = cryptoSignOpen(signedMsg, pk);
+ * const message = cryptoSignOpen(signedMsg, pk, ctx);
  * if (message === undefined) {
  *   throw new Error('Invalid signature');
  * }
  */
-function cryptoSignOpen(sm, pk, ctx = DEFAULT_CTX) {
+function cryptoSignOpen(sm, pk, ctx) {
+  if (!(ctx instanceof Uint8Array)) {
+    throw new TypeError('ctx is required and must be a Uint8Array');
+  }
   if (sm.length < CryptoBytes) {
     return undefined;
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@theqrl/mldsa87",
-  "version": "1.1.1",
+  "version": "2.0.0",
   "description": "ML-DSA-87 cryptography",
   "keywords": [
     "ml-dsa",
@@ -53,20 +53,39 @@
     "node": ">=20.19.0"
   },
   "devDependencies": {
-    "@eslint/js": "^10.0.1",
-    "@rollup/plugin-node-resolve": "^16.0.3",
-    "c8": "^10.1.3",
-    "chai": "^6.2.2",
-    "eslint": "^10.0.0",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-import-x": "^4.15.0",
-    "eslint-plugin-prettier": "^5.5.4",
-    "globals": "^17.3.0",
-    "mocha": "^11.7.5",
-    "prettier": "^3.8.1",
-    "rollup": "^4.57.1"
+    "@eslint/js": "10.0.1",
+    "@rollup/plugin-node-resolve": "16.0.3",
+    "c8": "11.0.0",
+    "chai": "6.2.2",
+    "eslint": "10.0.3",
+    "eslint-config-prettier": "10.1.8",
+    "eslint-plugin-import-x": "4.16.2",
+    "eslint-plugin-prettier": "5.5.5",
+    "globals": "17.4.0",
+    "minimatch": "10.2.4",
+    "mocha": "11.7.5",
+    "prettier": "3.8.1",
+    "rollup": "4.59.0",
+    "serialize-javascript": "7.0.4",
+    "tar": "7.5.11"
   },
   "dependencies": {
-    "@noble/hashes": "^2.0.1"
+    "@noble/hashes": "2.0.1"
+  },
+  "overrides": {
+    "diff": "8.0.3",
+    "minimatch": "10.2.4"
+  },
+  "c8": {
+    "include": [
+      "src/**"
+    ],
+    "exclude": [
+      "**/dist/**",
+      "**/test/**",
+      "**/browser-tests/**",
+      "**/*.d.ts"
+    ],
+    "all": true
   }
 }

package/src/index.d.ts

@@ -56,12 +56,12 @@ export function cryptoSignKeypair(
 ): Uint8Array;
 
 /**
- * Create a signature for a message with optional context
+ * Create a signature for a message
  * @param sig - Output buffer for signature (must be CryptoBytes length minimum)
  * @param m - Message to sign (hex string or Uint8Array; strings are parsed as hex only)
  * @param sk - Secret key
  * @param randomizedSigning - If true, use random nonce; if false, deterministic
- * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
+ * @param ctx - Context string (max 255 bytes)
  * @returns 0 on success
  * @throws Error if sk is wrong size or context too long
  */
@@ -70,7 +70,7 @@ export function cryptoSignSignature(
   m: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean,
-  ctx?: Uint8Array
+  ctx: Uint8Array
 ): number;
 
 /**
@@ -78,7 +78,7 @@ export function cryptoSignSignature(
  * @param msg - Message to sign
  * @param sk - Secret key
  * @param randomizedSigning - If true, use random nonce; if false, deterministic
- * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
+ * @param ctx - Context string (max 255 bytes)
  * @returns Signed message (signature || message)
  * @throws Error if signing fails
  */
@@ -86,35 +86,35 @@ export function cryptoSign(
   msg: Uint8Array | string,
   sk: Uint8Array,
   randomizedSigning: boolean,
-  ctx?: Uint8Array
+  ctx: Uint8Array
 ): Uint8Array;
 
 /**
- * Verify a signature with optional context
+ * Verify a signature
  * @param sig - Signature to verify
  * @param m - Message that was signed (hex string or Uint8Array; strings are parsed as hex only)
  * @param pk - Public key
- * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
+ * @param ctx - Context string (max 255 bytes)
  * @returns true if signature is valid, false otherwise
  */
 export function cryptoSignVerify(
   sig: Uint8Array,
   m: Uint8Array | string,
   pk: Uint8Array,
-  ctx?: Uint8Array
+  ctx: Uint8Array
 ): boolean;
 
 /**
  * Open a signed message (verify and extract message)
  * @param sm - Signed message (signature || message)
  * @param pk - Public key
- * @param ctx - Optional context string (max 255 bytes, defaults to "ZOND")
+ * @param ctx - Context string (max 255 bytes)
  * @returns Message if valid, undefined if verification fails
  */
 export function cryptoSignOpen(
   sm: Uint8Array,
   pk: Uint8Array,
-  ctx?: Uint8Array
+  ctx: Uint8Array
 ): Uint8Array | undefined;
 
 // Utility functions