@umbra-privacy/sdk 1.0.0 → 2.0.0

package/dist/types-DKEDUlH9.d.ts

@@ -0,0 +1,1296 @@
+import { S as SubSubBrandedType, b as SubBrandedType, B as Bytes, a as SubSubSubBrandedType, c as SubSubSubSubBrandedType, d as U512LeBytes, e as U256LeBytes } from './types-C_V_CaKK.js';
+import { B as Bn254FieldElement } from './types-CW0oTT0j.js';
+
+/**
+ * Key Derivation Types
+ *
+ * This module defines branded types for Curve25519 (Ed25519/X25519) key exchange,
+ * Keccak hashing, master seeds, and hierarchical viewing key derivation.
+ *
+ * @remarks
+ * All types in this module are "branded" nominal types built on top of primitive
+ * TypeScript types (`Uint8Array` or `bigint`). Branding prevents accidental
+ * cross-use of structurally identical values that have different semantic meanings
+ * (e.g., passing an X25519 public key where a private key is expected).
+ *
+ * ## Type Hierarchy Overview
+ *
+ * ```
+ * Bytes
+ *   └── X25519Bytes (32 bytes, endianness-agnostic)
+ *         ├── X25519PrivateKey   — secret scalar; never share
+ *         ├── X25519PublicKey    — public curve point; safe to share
+ *         └── SharedSecret       — ECDH output; feed into a KDF before use
+ *
+ * LeBytes
+ *   └── U256LeBytes
+ *         └── Keccak256Hash      — 32-byte Keccak-256 digest
+ *   └── U512LeBytes
+ *         └── Keccak512Hash      — 64-byte Keccak-512 digest
+ *               ├── MasterSeed   — root of the key hierarchy; 64 bytes
+ *               └── GenerationSeed — ephemeral seed input; 64 bytes
+ *
+ * bigint
+ *   └── U256
+ *         └── Bn254FieldElement
+ *               ├── MasterViewingKey          — < 2^252, views all txs
+ *               ├── YearlyViewingKey          — views one calendar year
+ *               ├── MonthlyViewingKey         — views one calendar month
+ *               ├── DailyViewingKey           — views one calendar day
+ *               ├── HourlyViewingKey          — views one calendar hour
+ *               ├── MinuteViewingKey          — views one calendar minute
+ *               ├── SecondViewingKey          — views one calendar second
+ *               └── MintViewingKey            — views one token (mint)
+ * ```
+ *
+ * ## Security Model
+ *
+ * - The `MasterSeed` is the single secret from which all other keys are derived.
+ *   Compromising it compromises the entire key hierarchy.
+ * - KMAC256 domain separation ensures that different derived keys are
+ *   computationally independent: knowledge of one does not reveal another.
+ * - Viewing keys (MVK and sub-keys) grant read-only access to transaction
+ *   history and can be selectively shared for compliance purposes.
+ * - X25519 private keys are used for ECDH with token senders to enable
+ *   encrypted token account balance decryption.
+ *
+ * @packageDocumentation
+ * @public
+ *
+ * @module crypto/key-derivation/types
+ */
+
+/**
+ * Exact byte length of X25519 keys and shared secrets.
+ *
+ * @remarks
+ * X25519 operates on Curve25519 in Montgomery form. All values — private keys,
+ * public keys, and ECDH shared secrets — are exactly 32 bytes (256 bits).
+ * This constant is used as the canonical length assertion for all X25519 types.
+ *
+ * @public
+ */
+declare const X25519_BYTE_LENGTH = 32;
+/**
+ * Base branded byte-array type for X25519 key exchange operations.
+ *
+ * X25519 is an elliptic curve Diffie-Hellman (ECDH) protocol using Curve25519
+ * in Montgomery form. All X25519 values (public keys, private keys, shared
+ * secrets) are exactly 32 bytes.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Used as the parent brand for X25519PrivateKey, X25519PublicKey, and SharedSecret
+ * - Parallel to LeBytes/BeBytes as a sub-brand of Bytes
+ * - Endianness-agnostic: the X25519 spec defines a fixed byte ordering
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         ├── X25519PrivateKey
+ *         ├── X25519PublicKey
+ *         └── SharedSecret
+ * ```
+ *
+ * @see {@link X25519PrivateKey}
+ * @see {@link X25519PublicKey}
+ * @see {@link SharedSecret}
+ * @see https://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * @see https://tools.ietf.org/html/rfc7748
+ * @public
+ */
+type X25519Bytes = SubBrandedType<Bytes, "X25519Bytes">;
+/**
+ * X25519 private key for elliptic curve Diffie-Hellman key exchange.
+ *
+ * A private key is a 32-byte scalar derived from the master seed via KMAC256
+ * with domain separator `"UserAccountX25519Keypair"`. It is used together
+ * with a counterparty's public key to compute a shared secret.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - MUST be kept secret and never shared or logged
+ * - The X25519 algorithm applies RFC 8032 clamping to the scalar during use
+ * - In Umbra, private keys are derived deterministically from the master seed;
+ *   they must never be generated independently with a random number generator
+ *
+ * ## Security Warning
+ *
+ * Exposure of this key allows the holder to decrypt all balances encrypted to
+ * the corresponding public key. Store it only in memory during use.
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── X25519PrivateKey (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Generate a new private key
+ * const rawPrivateKey = crypto.getRandomValues(new Uint8Array(32));
+ * assertX25519PrivateKey(rawPrivateKey);
+ * // rawPrivateKey is now typed as X25519PrivateKey
+ *
+ * // Derive the public key
+ * const publicKey = x25519GetPublicKey(rawPrivateKey);
+ * ```
+ *
+ * @see {@link assertX25519PrivateKey}
+ * @see {@link X25519Keypair}
+ * @see https://tools.ietf.org/html/rfc7748#section-5
+ * @public
+ */
+type X25519PrivateKey = SubSubBrandedType<X25519Bytes, "X25519PrivateKey">;
+/**
+ * X25519 public key for elliptic curve Diffie-Hellman key exchange.
+ *
+ * A public key is a 32-byte Montgomery curve point derived from a private key
+ * via scalar multiplication of the Curve25519 base point. It is stored on-chain
+ * in the encrypted token account and used by token senders to encrypt balances
+ * for the account holder.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Safe to transmit over insecure channels and store on-chain
+ * - Derived from the corresponding X25519PrivateKey
+ * - Used as input to X25519 ECDH: both parties independently compute the same shared secret
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── X25519PublicKey (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Receive a public key from another party
+ * const theirPublicKey = receivePublicKey();
+ * assertX25519PublicKey(theirPublicKey);
+ * // theirPublicKey is now typed as X25519PublicKey
+ *
+ * // Compute shared secret
+ * const sharedSecret = x25519(myPrivateKey, theirPublicKey);
+ * ```
+ *
+ * @see {@link assertX25519PublicKey}
+ * @see {@link X25519Keypair}
+ * @see https://tools.ietf.org/html/rfc7748#section-5
+ * @public
+ */
+type X25519PublicKey = SubSubBrandedType<X25519Bytes, "X25519PublicKey">;
+/**
+ * ECDH shared secret produced by an X25519 key exchange operation.
+ *
+ * This type represents the raw 32-byte output of `X25519(privateKey, publicKey)`.
+ * Both communicating parties independently compute the same shared secret by
+ * swapping the public key and private key roles.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - MUST be processed by a Key Derivation Function (KDF) before use as an
+ *   encryption key. Raw shared secrets have low-order bits that are not
+ *   uniformly distributed.
+ * - Never transmit, log, or store the raw shared secret.
+ *
+ * ## Security Warning
+ *
+ * Do not use the raw shared secret directly as an AES or ChaCha20 key. Always
+ * derive a symmetric key using a proper KDF (e.g., HKDF or KMAC256).
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── SharedSecret (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // After performing X25519 key exchange
+ * const rawSharedSecret = x25519(myPrivateKey, theirPublicKey);
+ * assertSharedSecret(rawSharedSecret);
+ * // rawSharedSecret is now typed as SharedSecret
+ *
+ * // Derive an encryption key from the shared secret (required)
+ * const encryptionKey = kdf(rawSharedSecret);
+ * ```
+ *
+ * @see {@link assertSharedSecret}
+ * @see https://tools.ietf.org/html/rfc7748#section-6
+ * @public
+ */
+type SharedSecret = SubSubBrandedType<X25519Bytes, "SharedSecret">;
+/**
+ * An X25519 key pair consisting of a private key and its corresponding public key.
+ *
+ * X25519 is an elliptic curve Diffie-Hellman (ECDH) protocol using Curve25519
+ * in Montgomery form. In Umbra, this keypair is derived deterministically from
+ * the master seed and is used to establish shared secrets with token senders,
+ * enabling the account holder to decrypt their encrypted balance.
+ *
+ * @remarks
+ * ## Key Generation
+ * - Private key: 32 bytes derived via KMAC256 from the master seed
+ * - Public key: Scalar multiplication of the private key with the Curve25519 base point
+ *
+ * ## Security Properties
+ * - Private key MUST be kept secret; it enables decryption of all balances sent to this account
+ * - Public key can be freely shared and is stored on-chain in the token account PDA
+ * - Shared secret is computed as: `X25519(myPrivate, senderPublic)` — symmetric by construction
+ * - Compromise of the private key does not reveal the master seed or other derived keys
+ *
+ * ## Use Cases in Umbra
+ * - `registerTokenPublicKey`: The public key is registered on-chain for a token account
+ * - Balance decryption: The private key is used to decrypt AES-GCM ciphertexts from senders
+ * - ECDH with ephemeral sender keys for forward secrecy of individual transfers
+ *
+ * @example
+ * ```typescript
+ * import { X25519Keypair, generateX25519Keypair } from "./cryptography";
+ *
+ * // Generate a new keypair
+ * const keypair: X25519Keypair = await generateX25519Keypair();
+ *
+ * // Share public key with peer
+ * sendPublicKey(peer, keypair.publicKey);
+ *
+ * // Compute shared secret with peer's public key
+ * const sharedSecret = x25519(keypair.privateKey, peerPublicKey);
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Ephemeral key exchange for forward secrecy
+ * const ephemeralKeypair: X25519Keypair = await generateX25519Keypair();
+ *
+ * // Use ephemeral keypair for this session only
+ * const sessionKey = deriveSessionKey(
+ *     x25519(ephemeralKeypair.privateKey, recipientPublicKey)
+ * );
+ *
+ * // Discard private key after use for forward secrecy
+ * ```
+ *
+ * @see {@link assertX25519Keypair}
+ * @see {@link X25519PrivateKey}
+ * @see {@link X25519PublicKey}
+ * @public
+ */
+interface X25519Keypair {
+    /**
+     * The X25519 private key (32 bytes).
+     *
+     * This key MUST be kept secret. It is used to:
+     * - Compute shared secrets with other parties' public keys
+     * - Derive the corresponding public key
+     *
+     * @remarks
+     * The private key is derived from the master seed via KMAC256 with the
+     * domain separator `"UserAccountX25519Keypair"`. The X25519 algorithm applies
+     * RFC 8032 §5.1.5 clamping to the scalar during use.
+     *
+     * @readonly
+     */
+    readonly privateKey: X25519PrivateKey;
+    /**
+     * The X25519 public key (32 bytes).
+     *
+     * This key can be freely shared. It is:
+     * - Computed from the private key via scalar multiplication with the base point
+     * - Used by other parties to compute shared secrets with their own private key
+     * - Stored on-chain in the Umbra token account PDA
+     * - Safe to transmit over insecure channels
+     *
+     * @readonly
+     */
+    readonly publicKey: X25519PublicKey;
+}
+/**
+ * Ed25519 keypair for digital signatures on the Edwards form of Curve25519.
+ *
+ * Ed25519 is the signing scheme defined in RFC 8032. In Umbra, an Ed25519
+ * keypair is derived from the same 32-byte seed as the corresponding X25519
+ * keypair (they are related via the birational equivalence of Curve25519 in
+ * Edwards vs Montgomery form). The Ed25519 public key is used as the on-chain
+ * signer identity in registration transactions.
+ *
+ * @remarks
+ * ## Key Derivation
+ * - Seed: First 32 bytes of a 64-byte KMAC256 output keyed by the master seed
+ * - Public key: Derived via `ed25519.getPublicKey(seed)`; uses SHA-512 internally
+ * - The relationship to X25519: the Ed25519 public key can be converted to the
+ *   Montgomery form via `ed25519.utils.toMontgomery(edPublicKey)`
+ *
+ * ## Relationship to X25519
+ * - Ed25519 uses compressed Edwards curve coordinates
+ * - X25519 uses Montgomery curve coordinates
+ * - Both represent points on the same underlying elliptic curve (Curve25519)
+ * - The birational map between them is cheap and deterministic
+ *
+ * @example
+ * ```typescript
+ * import { ed25519 } from "@noble/curves/ed25519";
+ *
+ * const seed = crypto.getRandomValues(new Uint8Array(32));
+ * const publicKey = ed25519.getPublicKey(seed);
+ *
+ * const keypair: Ed25519Keypair = { seed, publicKey };
+ * ```
+ *
+ * @see {@link assertEd25519Keypair}
+ * @see {@link Curve25519KeypairResult}
+ * @public
+ */
+interface Ed25519Keypair {
+    /**
+     * The Ed25519 private key seed (32 bytes).
+     *
+     * This is the raw 32-byte seed from which both the signing scalar and the
+     * public key are derived (via SHA-512 key expansion defined in RFC 8032).
+     * MUST be kept secret.
+     */
+    readonly seed: Uint8Array;
+    /**
+     * The Ed25519 public key (32 bytes).
+     *
+     * A compressed Edwards curve point derived from the seed via SHA-512 key
+     * expansion and scalar multiplication. Can be freely shared and is used
+     * as the on-chain signer identity.
+     */
+    readonly publicKey: Uint8Array;
+}
+/**
+ * Combined Curve25519 keypair result containing both Ed25519 and X25519 keypairs.
+ *
+ * This interface represents the result of deriving both Ed25519 (Edwards curve)
+ * and X25519 (Montgomery curve) keypairs from a single 32-byte seed. Both
+ * keypairs are cryptographically linked through the same underlying Curve25519
+ * and are derived together for efficiency.
+ *
+ * @remarks
+ * ## Derivation Pipeline
+ *
+ * 1. **Ed25519 Keypair**:
+ *    - Input: First 32 bytes of a 64-byte KMAC256 output
+ *    - Output: Ed25519 public key via `ed25519.getPublicKey(seed)`
+ *
+ * 2. **X25519 Keypair**:
+ *    - Hash seed with SHA-512 → 64 bytes
+ *    - Clamp first 32 bytes per RFC 8032 §5.1.5
+ *    - Use clamped bytes as X25519 private key
+ *    - Derive X25519 public key via birational map: `ed25519.utils.toMontgomery(ed25519Pub)`
+ *
+ * ## Security Properties
+ *
+ * - **Deterministic**: Same master seed always produces the same keypairs
+ * - **Domain Separated**: Independent from all other key derivations via KMAC256
+ * - **Cryptographically Linked**: Both keypairs share the same Curve25519 foundation
+ *
+ * @example
+ * ```typescript
+ * import { getUserAccountX25519KeypairDeriver } from "@umbra-privacy/sdk";
+ *
+ * const generator = getUserAccountX25519KeypairDeriver({ client });
+ * const result: Curve25519KeypairResult = await generator();
+ *
+ * // Use Ed25519 for signing
+ * const signature = ed25519.sign(message, result.ed25519Keypair.seed);
+ *
+ * // Use X25519 for key exchange
+ * const sharedSecret = x25519.getSharedSecret(
+ *   result.x25519Keypair.privateKey,
+ *   peerPublicKey
+ * );
+ * ```
+ *
+ * @see {@link Ed25519Keypair}
+ * @see {@link X25519Keypair}
+ * @see {@link assertCurve25519KeypairResult}
+ * @public
+ */
+interface Curve25519KeypairResult {
+    /**
+     * Ed25519 keypair for digital signatures.
+     *
+     * Contains the 32-byte seed and the derived 32-byte compressed Edwards
+     * public key. Used as the on-chain signer for registration transactions.
+     */
+    readonly ed25519Keypair: Ed25519Keypair;
+    /**
+     * X25519 keypair for Diffie-Hellman key exchange.
+     *
+     * Contains the RFC 8032-clamped 32-byte private key (derived from SHA-512
+     * of the Ed25519 seed) and the derived 32-byte Montgomery public key (via
+     * birational conversion from the Ed25519 public key).
+     */
+    readonly x25519Keypair: X25519Keypair;
+}
+/**
+ * Output of the Keccak-256 (pre-NIST SHA3-256) hash function.
+ *
+ * Keccak-256 produces a 256-bit (32-byte) digest. It is widely used in
+ * Ethereum-ecosystem applications and is distinct from the NIST standardized
+ * SHA3-256 (which uses a different padding rule).
+ *
+ * @remarks
+ * - Always exactly 32 bytes (256 bits)
+ * - Stored in little-endian byte order as a branded U256LeBytes
+ * - Collision-resistant and preimage-resistant under standard assumptions
+ * - NOT the same as NIST SHA3-256: uses original Keccak padding (0x01 vs 0x06)
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base branded type)
+ *   └── LeBytes (little-endian sub-brand)
+ *         └── U256LeBytes (256-bit sized sub-sub-brand)
+ *               └── Keccak256Hash (hash-specific sub-sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { assertKeccak256Hash, Keccak256Hash } from "./cryptography";
+ *
+ * const hashBytes = keccak256(data);
+ * assertKeccak256Hash(hashBytes);
+ * // hashBytes is now typed as Keccak256Hash
+ * ```
+ *
+ * @see {@link assertKeccak256Hash}
+ * @public
+ */
+type Keccak256Hash = SubSubSubBrandedType<U256LeBytes, "Keccak256Hash">;
+/**
+ * Output of the Keccak-512 (pre-NIST SHA3-512) hash function.
+ *
+ * Keccak-512 produces a 512-bit (64-byte) digest, providing a higher security
+ * margin than Keccak-256. In Umbra, it is used as the basis for master seed
+ * generation: high-entropy user input is hashed with Keccak-512 to produce
+ * the canonical 64-byte master seed.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Stored in little-endian byte order as a branded U512LeBytes
+ * - Provides 256-bit pre-image security and 256-bit collision resistance
+ * - Used as the foundation for {@link MasterSeed} and {@link GenerationSeed}
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base branded type)
+ *   └── LeBytes (little-endian sub-brand)
+ *         └── U512LeBytes (512-bit sized sub-sub-brand)
+ *               └── Keccak512Hash (hash-specific sub-sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { assertKeccak512Hash, Keccak512Hash } from "./cryptography";
+ *
+ * const hashBytes = keccak512(entropy);
+ * assertKeccak512Hash(hashBytes);
+ * // hashBytes is now typed as Keccak512Hash
+ * ```
+ *
+ * @see {@link assertKeccak512Hash}
+ * @see {@link MasterSeed}
+ * @public
+ */
+type Keccak512Hash = SubSubSubBrandedType<U512LeBytes, "Keccak512Hash">;
+/**
+ * Strict upper bound for master viewing key values (exclusive).
+ *
+ * @remarks
+ * Master viewing keys are constrained to be strictly less than 2^252 (rather
+ * than the full BN254 field prime which is close to 2^254). This tighter bound
+ * is required for compatibility with ZK circuits that perform range checks on
+ * field element inputs. After KMAC256 derivation, the raw value is ANDed with
+ * `2^252 - 1` to enforce the constraint.
+ *
+ * @see {@link MasterViewingKey}
+ * @see {@link assertMasterViewingKey}
+ * @public
+ */
+declare const MASTER_VIEWING_KEY_MAX: bigint;
+/**
+ * Master seed for hierarchical deterministic key derivation.
+ *
+ * The master seed is the root secret of the entire Umbra key hierarchy. All
+ * other keys — X25519 keypairs, Poseidon keys, master viewing key, and all
+ * time-scoped viewing keys — are derived from it deterministically via KMAC256.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Generated by hashing high-entropy user input with Keccak-512
+ * - MUST be kept secret at all times; its compromise reveals all derived keys
+ * - Should originate from at least 256 bits of cryptographically secure entropy
+ * - Can reconstruct the full key hierarchy when combined with the client's version
+ *   and network metadata
+ *
+ * ## Security Considerations
+ * - Store securely and encrypted at rest (e.g., hardware-backed keystore)
+ * - Never log, transmit over insecure channels, or expose in error messages
+ * - Consider hardware security module (HSM) integration for production deployments
+ * - Backup procedures should use offline, air-gapped storage
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── LeBytes
+ *         └── U512LeBytes
+ *               └── Keccak512Hash
+ *                     └── MasterSeed
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { assertMasterSeed, MasterSeed } from "./cryptography";
+ *
+ * // Generate master seed from entropy
+ * const entropy = crypto.getRandomValues(new Uint8Array(32));
+ * const seedBytes = keccak512(entropy);
+ * assertMasterSeed(seedBytes);
+ * // seedBytes is now typed as MasterSeed
+ *
+ * // Derive master viewing key
+ * const masterViewingKey = deriveMasterViewingKey(seedBytes);
+ * ```
+ *
+ * @see {@link assertMasterSeed}
+ * @see {@link MasterViewingKey}
+ * @public
+ */
+type MasterSeed = SubSubSubSubBrandedType<Keccak512Hash, "MasterSeed">;
+/**
+ * Generation seed for ephemeral single-use key derivation.
+ *
+ * A generation seed serves as input to the ephemeral master seed generator,
+ * producing a single-use 64-byte value from which an ephemeral key sub-hierarchy
+ * can be derived. Using a generation seed instead of the master seed directly
+ * prevents long-lived secrets from being exposed in ephemeral operations.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Derived from external entropy or protocol-specific deterministic data
+ * - Semantically distinct from MasterSeed: it is an input, not a derived root
+ * - After all required ephemeral keys are derived, the generation seed should
+ *   be discarded to limit its exposure window
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── LeBytes
+ *         └── U512LeBytes
+ *               └── Keccak512Hash
+ *                     └── GenerationSeed
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { assertGenerationSeed, GenerationSeed } from "./cryptography";
+ *
+ * // Create generation seed from protocol data
+ * const seedBytes = keccak512(protocolData);
+ * assertGenerationSeed(seedBytes);
+ * // seedBytes is now typed as GenerationSeed
+ *
+ * // Use to generate ephemeral master seed
+ * const ephemeralSeed = generateEphemeralMasterSeed(seedBytes);
+ * ```
+ *
+ * @see {@link assertGenerationSeed}
+ * @see {@link MasterSeed}
+ * @public
+ */
+type GenerationSeed = SubSubSubSubBrandedType<Keccak512Hash, "GenerationSeed">;
+/**
+ * Master viewing key (MVK) for full privacy-preserving transaction visibility.
+ *
+ * The master viewing key is derived from the master seed via KMAC256 and serves
+ * as the root of a Poseidon-based hierarchical viewing key tree. Holding the MVK
+ * allows an auditor or compliance tool to view ALL transactions across ALL tokens
+ * and ALL time periods, without gaining spending capability.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field, constrained to be < 2^252
+ * - Derived deterministically from the master seed using KMAC256
+ * - Derivation: `KMAC256(key="Umbra Privacy - MasterViewingKey - {offset}", msg=masterSeed)`, then ANDed with `2^252 - 1`
+ * - The 252-bit constraint ensures compatibility with ZK circuits
+ * - Can be shared to grant full read-only access to the user's history
+ *
+ * ## Type Hierarchy
+ * All viewing keys are siblings under Bn254FieldElement (NOT subbrands of each other):
+ * ```
+ * bigint (base)
+ *   └── U256 (SubBrandedType)
+ *         └── Bn254FieldElement (SubSubBrandedType)
+ *               ├── MasterViewingKey       (SubSubSubBrandedType)
+ *               ├── YearlyViewingKey
+ *               ├── MonthlyViewingKey
+ *               ├── DailyViewingKey
+ *               ├── HourlyViewingKey
+ *               ├── MinuteViewingKey
+ *               ├── SecondViewingKey
+ *               └── MintViewingKey
+ * ```
+ *
+ * ## Derivation Hierarchy (NOT type hierarchy)
+ * ```
+ * MasterSeed
+ *   └── MasterViewingKey (views all time, all tokens)
+ *         └── MintViewingKey  = Poseidon(MVK, mintLow, mintHigh)
+ *               └── YearlyViewingKey  = Poseidon(MintVK, year)
+ *                     └── MonthlyViewingKey = Poseidon(YearlyVK, month)
+ *                           └── DailyViewingKey   = Poseidon(MonthlyVK, day)
+ *                                 └── HourlyViewingKey  = Poseidon(DailyVK, hour)
+ *                                       └── MinuteViewingKey  = Poseidon(HourlyVK, minute)
+ *                                             └── SecondViewingKey  = Poseidon(MinuteVK, second)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { MasterViewingKey, assertMasterViewingKey } from "./cryptography";
+ *
+ * const mvk = deriveMasterViewingKey(masterSeed);
+ * assertMasterViewingKey(mvk);
+ *
+ * // Grant viewing access to auditor (full access — all tokens, all time)
+ * shareViewingKey(auditor, mvk);
+ * ```
+ *
+ * @see {@link assertMasterViewingKey}
+ * @see {@link MASTER_VIEWING_KEY_MAX}
+ * @see {@link MintViewingKey}
+ * @public
+ */
+type MasterViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MasterViewingKey">;
+/**
+ * Yearly viewing key for time-scoped transaction visibility.
+ *
+ * A yearly viewing key grants read-only visibility into all transactions
+ * involving any token within a specific calendar year. It is the first
+ * time-scoped level below the mint viewing key in the derivation hierarchy.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(MintViewingKey, year)`
+ * - Can view all transactions in the specified year across the specified mint
+ * - Cannot view transactions from other years or other mints
+ * - Can be used to derive finer-grained monthly, daily, etc. keys
+ *
+ * ## Use Cases
+ * - Annual financial audits
+ * - Tax reporting and regulatory compliance for a specific fiscal year
+ * - Year-over-year activity comparison
+ *
+ * @example
+ * ```typescript
+ * import { YearlyViewingKey, assertYearlyViewingKey } from "./cryptography";
+ *
+ * const yearKey = deriveYearlyViewingKey(masterViewingKey, 2024);
+ * assertYearlyViewingKey(yearKey);
+ *
+ * // Share with tax authority for 2024 audit
+ * shareViewingKey(taxAuthority, yearKey);
+ * ```
+ *
+ * @see {@link assertYearlyViewingKey}
+ * @see {@link MasterViewingKey}
+ * @public
+ */
+type YearlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "YearlyViewingKey">;
+/**
+ * Monthly viewing key for time-scoped transaction visibility.
+ *
+ * A monthly viewing key grants read-only visibility into all transactions
+ * involving a specific token within a specific calendar month. It provides
+ * more granular access control than yearly keys.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(YearlyViewingKey, month)` where month is 1–12
+ * - Can view all transactions in the specified month for the specified mint
+ * - Cannot view transactions from other months or other mints
+ * - Can derive daily and finer-grained keys
+ *
+ * ## Use Cases
+ * - Monthly financial reconciliation and accounting
+ * - Periodic compliance audit sampling
+ * - Subscription billing verification for monthly periods
+ *
+ * @example
+ * ```typescript
+ * import { MonthlyViewingKey, assertMonthlyViewingKey } from "./cryptography";
+ *
+ * const monthKey = deriveMonthlyViewingKey(yearlyKey, 6); // June
+ * assertMonthlyViewingKey(monthKey);
+ *
+ * // Share with accountant for monthly review
+ * shareViewingKey(accountant, monthKey);
+ * ```
+ *
+ * @see {@link assertMonthlyViewingKey}
+ * @see {@link YearlyViewingKey}
+ * @public
+ */
+type MonthlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MonthlyViewingKey">;
+/**
+ * Daily viewing key for time-scoped transaction visibility.
+ *
+ * A daily viewing key grants read-only visibility into all transactions
+ * involving a specific token within a specific calendar day. It provides
+ * day-level precision for scenarios requiring fine-grained access control.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(MonthlyViewingKey, day)` where day is 1–31
+ * - Can view all transactions on the specified day for the specified mint
+ * - Cannot view transactions from other days or other mints
+ * - Can derive hourly and finer-grained keys
+ *
+ * ## Use Cases
+ * - Daily settlement verification
+ * - Incident investigation for specific dates
+ * - Daily trading activity review and reporting
+ *
+ * @example
+ * ```typescript
+ * import { DailyViewingKey, assertDailyViewingKey } from "./cryptography";
+ *
+ * const dayKey = deriveDailyViewingKey(monthlyKey, 15); // 15th of month
+ * assertDailyViewingKey(dayKey);
+ *
+ * // Share for investigating a specific date
+ * shareViewingKey(investigator, dayKey);
+ * ```
+ *
+ * @see {@link assertDailyViewingKey}
+ * @see {@link MonthlyViewingKey}
+ * @public
+ */
+type DailyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "DailyViewingKey">;
+/**
+ * Hourly viewing key for time-scoped transaction visibility.
+ *
+ * An hourly viewing key grants read-only visibility into all transactions
+ * involving a specific token within a specific hour. This enables very
+ * fine-grained access control for high-frequency trading or forensic scenarios.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(DailyViewingKey, hour)` where hour is 0–23
+ * - Can view all transactions in the specified hour for the specified mint
+ * - Cannot view transactions from other hours or other mints
+ * - Can derive minute and second-level keys
+ *
+ * ## Use Cases
+ * - High-frequency trading audit windows
+ * - Incident response for specific time intervals
+ * - Market manipulation investigation with hour-level isolation
+ *
+ * @example
+ * ```typescript
+ * import { HourlyViewingKey, assertHourlyViewingKey } from "./cryptography";
+ *
+ * const hourKey = deriveHourlyViewingKey(dailyKey, 14); // 2 PM
+ * assertHourlyViewingKey(hourKey);
+ * ```
+ *
+ * @see {@link assertHourlyViewingKey}
+ * @see {@link DailyViewingKey}
+ * @public
+ */
+type HourlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "HourlyViewingKey">;
+/**
+ * Minute viewing key for time-scoped transaction visibility.
+ *
+ * A minute viewing key grants read-only visibility into all transactions
+ * within a specific minute. This provides extremely fine-grained access control
+ * for forensic analysis or real-time monitoring.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(HourlyViewingKey, minute)` where minute is 0–59
+ * - Can view all transactions in the specified minute for the specified mint
+ * - Cannot view transactions from other minutes or other mints
+ * - Can derive second-level keys for ultimate precision
+ *
+ * ## Use Cases
+ * - Real-time fraud detection in narrow windows
+ * - Precise transaction timing verification
+ * - Forensic timeline reconstruction at minute granularity
+ *
+ * @example
+ * ```typescript
+ * import { MinuteViewingKey, assertMinuteViewingKey } from "./cryptography";
+ *
+ * const minuteKey = deriveMinuteViewingKey(hourlyKey, 30); // :30 minute
+ * assertMinuteViewingKey(minuteKey);
+ * ```
+ *
+ * @see {@link assertMinuteViewingKey}
+ * @see {@link HourlyViewingKey}
+ * @public
+ */
+type MinuteViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MinuteViewingKey">;
+/**
+ * Second viewing key — the finest granularity of the viewing key hierarchy.
+ *
+ * A second viewing key grants read-only visibility into all transactions
+ * within a specific second. This is the leaf level of the time-scoped
+ * viewing key tree and is primarily used for forensic analysis of
+ * individual transactions.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(MinuteViewingKey, second)` where second is 0–59
+ * - Can view all transactions in the specified second for the specified mint
+ * - Cannot view transactions from other seconds or other mints
+ * - Finest time granularity; no further time-scoped sub-keys exist
+ *
+ * ## Use Cases
+ * - Precise transaction attribution and sequencing
+ * - MEV (Maximal Extractable Value) and front-running detection
+ * - Block-level transaction ordering analysis
+ *
+ * @example
+ * ```typescript
+ * import { SecondViewingKey, assertSecondViewingKey } from "./cryptography";
+ *
+ * const secondKey = deriveSecondViewingKey(minuteKey, 45); // :45 second
+ * assertSecondViewingKey(secondKey);
+ * ```
+ *
+ * @see {@link assertSecondViewingKey}
+ * @see {@link MinuteViewingKey}
+ * @public
+ */
+type SecondViewingKey = SubSubSubBrandedType<Bn254FieldElement, "SecondViewingKey">;
+/**
+ * Mint viewing key for token-specific transaction visibility.
+ *
+ * A mint viewing key grants read-only visibility into all transactions involving
+ * a specific SPL token mint address. It is derived directly from the master
+ * viewing key and the mint's address split into 128-bit halves.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field: range [0, BN254_FIELD_PRIME)
+ * - Derivation: `Poseidon(MVK, mintAddressLow, mintAddressHigh)` where
+ *   `mintAddressLow` = bytes 0–15 of the mint address (LE U128) and
+ *   `mintAddressHigh` = bytes 16–31 (LE U128)
+ * - Grants visibility into all transactions for the specified mint across all time
+ * - Cannot view transactions involving other mints
+ * - Serves as the base for all time-scoped viewing keys for this mint
+ *
+ * ## Use Cases
+ * - Token-specific compliance reporting (e.g., USDC activity only)
+ * - Asset-specific audit trails for regulated token issuers
+ * - Selective disclosure for specific token positions
+ *
+ * @example
+ * ```typescript
+ * import { MintViewingKey, assertMintViewingKey } from "./cryptography";
+ *
+ * const mintKey = deriveMintViewingKey(masterViewingKey, usdcMint);
+ * assertMintViewingKey(mintKey);
+ *
+ * // Share with auditor for USDC-specific review (no access to other tokens)
+ * shareViewingKey(auditor, mintKey);
+ * ```
+ *
+ * @see {@link assertMintViewingKey}
+ * @see {@link MasterViewingKey}
+ * @public
+ */
+type MintViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MintViewingKey">;
+/**
+ * Asserts that a value is a valid X25519 byte array (exactly 32 bytes).
+ *
+ * X25519 operations (public keys, private keys, shared secrets) all operate on
+ * 32-byte values. This assertion validates the runtime type (`Uint8Array`) and
+ * the required byte length.
+ *
+ * @remarks
+ * This is the base assertion for all X25519 types. The more specific assertions
+ * `assertX25519PrivateKey` and `assertX25519PublicKey` delegate to this function
+ * for length and type checks.
+ *
+ * @param value - The Uint8Array to assert as X25519Bytes
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array
+ * @throws {CryptographyAssertionError} If the value is not exactly 32 bytes
+ *
+ * @example
+ * ```typescript
+ * const rawBytes = new Uint8Array(32);
+ * assertX25519Bytes(rawBytes);
+ * // rawBytes is now typed as X25519Bytes
+ *
+ * assertX25519Bytes(new Uint8Array(31)); // Throws: wrong length
+ * ```
+ *
+ * @see {@link X25519Bytes}
+ * @public
+ */
+declare function assertX25519Bytes(value: Uint8Array): asserts value is X25519Bytes;
+/**
+ * Asserts that a value is a valid X25519 private key (exactly 32 bytes).
+ *
+ * A private key must be exactly 32 bytes. This assertion validates both
+ * the runtime type and the length of the input.
+ *
+ * @remarks
+ * **Security Warning**: Private keys must be kept secret. Never log, transmit,
+ * serialize to persistent storage unencrypted, or expose private keys in
+ * error messages. Use secure in-memory storage and zero the buffer after use
+ * where the runtime permits.
+ *
+ * This assertion does NOT verify that the private key is a valid Curve25519
+ * scalar (clamping is applied by the X25519 algorithm itself during use).
+ *
+ * @param value - The Uint8Array to assert as an X25519PrivateKey
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array
+ * @throws {CryptographyAssertionError} If the value is not exactly 32 bytes
+ *
+ * @example
+ * ```typescript
+ * // Derive a private key from master seed (preferred in Umbra)
+ * const rawKey = kmac256DerivedBytes;
+ * assertX25519PrivateKey(rawKey);
+ * // rawKey is now typed as X25519PrivateKey
+ * ```
+ *
+ * @see {@link X25519PrivateKey}
+ * @public
+ */
+declare function assertX25519PrivateKey(value: Uint8Array): asserts value is X25519PrivateKey;
+/**
+ * Asserts that a value is a valid X25519 public key (exactly 32 bytes).
+ *
+ * A public key must be exactly 32 bytes. This assertion validates both
+ * the runtime type and the length of the input.
+ *
+ * @remarks
+ * This assertion does NOT perform curve-point validity checks (checking that
+ * the point lies on Curve25519). The X25519 algorithm itself handles invalid
+ * points by producing the all-zero output, which callers should check for.
+ *
+ * @param value - The Uint8Array to assert as an X25519PublicKey
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array
+ * @throws {CryptographyAssertionError} If the value is not exactly 32 bytes
+ *
+ * @example
+ * ```typescript
+ * // Receive and validate a public key from on-chain storage
+ * const theirKey = fetchPublicKeyFromChain();
+ * assertX25519PublicKey(theirKey);
+ * // theirKey is now typed as X25519PublicKey
+ *
+ * // Use in key exchange
+ * const sharedSecret = x25519(myPrivateKey, theirKey);
+ * ```
+ *
+ * @see {@link X25519PublicKey}
+ * @public
+ */
+declare function assertX25519PublicKey(value: Uint8Array): asserts value is X25519PublicKey;
+/**
+ * Asserts that a value is a valid X25519 shared secret (exactly 32 bytes).
+ *
+ * A shared secret is the raw 32-byte output of an X25519 ECDH operation.
+ * This assertion validates the runtime type and the required byte length.
+ *
+ * @remarks
+ * Shared secrets MUST NOT be used directly as encryption keys. Always derive
+ * a symmetric key from the shared secret using a proper KDF such as HKDF
+ * (RFC 5869) or KMAC256 before use in an authenticated encryption scheme.
+ *
+ * @param value - The Uint8Array to assert as a SharedSecret
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array
+ * @throws {CryptographyAssertionError} If the value is not exactly 32 bytes
+ *
+ * @example
+ * ```typescript
+ * // After performing X25519 key exchange
+ * const rawSecret = x25519(privateKey, publicKey);
+ * assertSharedSecret(rawSecret);
+ * // rawSecret is now typed as SharedSecret
+ *
+ * // Derive an encryption key (required — do not use rawSecret directly)
+ * const encryptionKey = hkdf(rawSecret, salt, info);
+ * ```
+ *
+ * @see {@link SharedSecret}
+ * @public
+ */
+declare function assertSharedSecret(value: Uint8Array): asserts value is SharedSecret;
+/**
+ * Asserts that a value is a valid Keccak-256 hash output (exactly 32 bytes).
+ *
+ * @param value - The Uint8Array to assert as a Keccak256Hash (must be exactly 32 bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 32 bytes
+ *
+ * @example
+ * ```typescript
+ * const hashBytes = keccak256(data);
+ * assertKeccak256Hash(hashBytes);
+ * // hashBytes is now typed as Keccak256Hash
+ * ```
+ *
+ * @see {@link Keccak256Hash}
+ * @public
+ */
+declare function assertKeccak256Hash(value: Uint8Array): asserts value is Keccak256Hash;
+/**
+ * Asserts that a value is a valid Keccak-512 hash output (exactly 64 bytes).
+ *
+ * @param value - The Uint8Array to assert as a Keccak512Hash (must be exactly 64 bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 64 bytes
+ *
+ * @example
+ * ```typescript
+ * const hashBytes = keccak512(data);
+ * assertKeccak512Hash(hashBytes);
+ * // hashBytes is now typed as Keccak512Hash
+ * ```
+ *
+ * @see {@link Keccak512Hash}
+ * @see {@link MasterSeed}
+ * @public
+ */
+declare function assertKeccak512Hash(value: Uint8Array): asserts value is Keccak512Hash;
+/**
+ * Asserts that a value is a valid master seed (exactly 64 bytes).
+ *
+ * Validates that the value is a 64-byte Uint8Array as produced by Keccak-512
+ * hashing. Does not verify the entropy quality of the seed.
+ *
+ * @param value - The Uint8Array to assert as a MasterSeed (must be exactly 64 bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 64 bytes
+ *
+ * @example
+ * ```typescript
+ * const seedBytes = keccak512(entropy);
+ * assertMasterSeed(seedBytes);
+ * // seedBytes is now typed as MasterSeed
+ * ```
+ *
+ * @see {@link MasterSeed}
+ * @public
+ */
+declare function assertMasterSeed(value: Uint8Array): asserts value is MasterSeed;
+/**
+ * Asserts that a value is a valid generation seed (exactly 64 bytes).
+ *
+ * Validates that the value is a 64-byte Uint8Array as produced by Keccak-512
+ * hashing. Structurally identical to MasterSeed but semantically distinct.
+ *
+ * @param value - The Uint8Array to assert as a GenerationSeed (must be exactly 64 bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 64 bytes
+ *
+ * @example
+ * ```typescript
+ * const seedBytes = keccak512(protocolData);
+ * assertGenerationSeed(seedBytes);
+ * // seedBytes is now typed as GenerationSeed
+ * ```
+ *
+ * @see {@link GenerationSeed}
+ * @public
+ */
+declare function assertGenerationSeed(value: Uint8Array): asserts value is GenerationSeed;
+/**
+ * Asserts that a value is a valid master viewing key.
+ *
+ * Validates that the value is a non-negative bigint strictly less than 2^252.
+ * The 2^252 bound is tighter than the BN254 field prime to ensure compatibility
+ * with ZK circuits that perform sub-252-bit range checks.
+ *
+ * @param value - The bigint to assert as a MasterViewingKey (must be in range [0, 2^252))
+ * @throws {CryptographyAssertionError} If the value is not a bigint
+ * @throws {CryptographyAssertionError} If the value is negative
+ * @throws {CryptographyAssertionError} If the value is >= 2^252
+ *
+ * @example
+ * ```typescript
+ * const mvk = deriveMasterViewingKey(masterSeed);
+ * assertMasterViewingKey(mvk);
+ * // mvk is now typed as MasterViewingKey
+ * ```
+ *
+ * @see {@link MasterViewingKey}
+ * @see {@link MASTER_VIEWING_KEY_MAX}
+ * @public
+ */
+declare function assertMasterViewingKey(value: bigint): asserts value is MasterViewingKey;
+/**
+ * Asserts that a value is a valid yearly viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link YearlyViewingKey}
+ * @public
+ */
+declare function assertYearlyViewingKey(value: bigint): asserts value is YearlyViewingKey;
+/**
+ * Asserts that a value is a valid monthly viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link MonthlyViewingKey}
+ * @public
+ */
+declare function assertMonthlyViewingKey(value: bigint): asserts value is MonthlyViewingKey;
+/**
+ * Asserts that a value is a valid daily viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link DailyViewingKey}
+ * @public
+ */
+declare function assertDailyViewingKey(value: bigint): asserts value is DailyViewingKey;
+/**
+ * Asserts that a value is a valid hourly viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link HourlyViewingKey}
+ * @public
+ */
+declare function assertHourlyViewingKey(value: bigint): asserts value is HourlyViewingKey;
+/**
+ * Asserts that a value is a valid minute viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link MinuteViewingKey}
+ * @public
+ */
+declare function assertMinuteViewingKey(value: bigint): asserts value is MinuteViewingKey;
+/**
+ * Asserts that a value is a valid second viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link SecondViewingKey}
+ * @public
+ */
+declare function assertSecondViewingKey(value: bigint): asserts value is SecondViewingKey;
+/**
+ * Asserts that a value is a valid mint viewing key.
+ *
+ * Validates that the value is a non-negative bigint within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME))
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @see {@link MintViewingKey}
+ * @public
+ */
+declare function assertMintViewingKey(value: bigint): asserts value is MintViewingKey;
+/**
+ * Asserts that a value is a valid X25519Keypair.
+ *
+ * Validates that the value is a non-null object with valid `privateKey` and
+ * `publicKey` fields, each of which must pass their respective assertions.
+ *
+ * @param value - The object to assert as an X25519Keypair
+ * @throws {CryptographyAssertionError} If the value is not a non-null object
+ * @throws {CryptographyAssertionError} If `privateKey` or `publicKey` are missing
+ * @throws {CryptographyAssertionError} If either key fails its byte-level assertion
+ *
+ * @example
+ * ```typescript
+ * const keypair = { privateKey: privKey, publicKey: pubKey };
+ * assertX25519Keypair(keypair);
+ * // keypair is now typed as X25519Keypair
+ * ```
+ *
+ * @see {@link X25519Keypair}
+ * @see {@link assertX25519PrivateKey}
+ * @see {@link assertX25519PublicKey}
+ * @public
+ */
+declare function assertX25519Keypair(value: {
+    privateKey: Uint8Array;
+    publicKey: Uint8Array;
+}): asserts value is X25519Keypair;
+/**
+ * Asserts that a value is a valid Ed25519Keypair.
+ *
+ * Validates that the value is a non-null object with `seed` (exactly 32 bytes)
+ * and `publicKey` (exactly 32 bytes) properties.
+ *
+ * @param value - The object to assert as an Ed25519Keypair (must have seed and publicKey properties)
+ * @throws {CryptographyAssertionError} If the value is not a non-null object
+ * @throws {CryptographyAssertionError} If `seed` or `publicKey` are missing
+ * @throws {CryptographyAssertionError} If `seed` or `publicKey` are not Uint8Array(32)
+ *
+ * @example
+ * ```typescript
+ * const keypair = { seed, publicKey };
+ * assertEd25519Keypair(keypair);
+ * // keypair is now typed as Ed25519Keypair
+ * ```
+ *
+ * @see {@link Ed25519Keypair}
+ * @public
+ */
+declare function assertEd25519Keypair(value: {
+    seed: Uint8Array;
+    publicKey: Uint8Array;
+}): asserts value is Ed25519Keypair;
+/**
+ * Asserts that a value is a valid Curve25519KeypairResult.
+ *
+ * Validates that the value is a non-null object with valid `ed25519Keypair`
+ * and `x25519Keypair` fields, each of which must pass their respective assertions.
+ *
+ * @param value - The object to assert as a Curve25519KeypairResult
+ * @throws {CryptographyAssertionError} If the value is not a non-null object
+ * @throws {CryptographyAssertionError} If either nested keypair is missing or invalid
+ *
+ * @example
+ * ```typescript
+ * const result = { ed25519Keypair, x25519Keypair };
+ * assertCurve25519KeypairResult(result);
+ * // result is now typed as Curve25519KeypairResult
+ * ```
+ *
+ * @see {@link Curve25519KeypairResult}
+ * @see {@link assertEd25519Keypair}
+ * @see {@link assertX25519Keypair}
+ * @public
+ */
+declare function assertCurve25519KeypairResult(value: {
+    ed25519Keypair: {
+        seed: Uint8Array;
+        publicKey: Uint8Array;
+    };
+    x25519Keypair: {
+        privateKey: Uint8Array;
+        publicKey: Uint8Array;
+    };
+}): asserts value is Curve25519KeypairResult;
+
+export { assertX25519Keypair as A, assertX25519PrivateKey as B, type Curve25519KeypairResult as C, type DailyViewingKey as D, type Ed25519Keypair as E, assertX25519PublicKey as F, type GenerationSeed as G, type HourlyViewingKey as H, assertYearlyViewingKey as I, type Keccak256Hash as K, MASTER_VIEWING_KEY_MAX as M, type SecondViewingKey as S, type X25519Bytes as X, type YearlyViewingKey as Y, type Keccak512Hash as a, type MasterSeed as b, type MasterViewingKey as c, type MintViewingKey as d, type MinuteViewingKey as e, type MonthlyViewingKey as f, type SharedSecret as g, type X25519Keypair as h, type X25519PrivateKey as i, type X25519PublicKey as j, X25519_BYTE_LENGTH as k, assertCurve25519KeypairResult as l, assertDailyViewingKey as m, assertEd25519Keypair as n, assertGenerationSeed as o, assertHourlyViewingKey as p, assertKeccak256Hash as q, assertKeccak512Hash as r, assertMasterSeed as s, assertMasterViewingKey as t, assertMintViewingKey as u, assertMinuteViewingKey as v, assertMonthlyViewingKey as w, assertSecondViewingKey as x, assertSharedSecret as y, assertX25519Bytes as z };