@umbra-privacy/sdk 1.0.0

package/dist/cryptography-BTGC72u-.d.cts

@@ -0,0 +1,4809 @@
+/**
+ * Branded Types Infrastructure
+ *
+ * Provides compile-time nominal typing for the SDK through a hierarchical branded type system.
+ * Branded types prevent accidental mixing of structurally identical values — for example,
+ * passing a `U64` where a `U128` is expected, or a `RcPlaintext` where a `RcCiphertext` is
+ * required. Because TypeScript uses structural typing, two types with the same underlying
+ * representation (e.g. both `bigint`) are otherwise interchangeable, which is a silent source
+ * of hard-to-detect bugs in cryptographic and protocol code.
+ *
+ * ## The Branded Type Pattern
+ *
+ * A branded type is formed by intersecting a base type `T` with an object carrying a unique
+ * phantom symbol property. The symbol is declared with `declare const ... : unique symbol`,
+ * which guarantees TypeScript treats it as distinct from every other symbol — the brand itself
+ * never exists at runtime and adds zero bytes to the value.
+ *
+ * ```
+ * type UserId = BrandedType<string, "UserId">;
+ * //            ^^^^^^^^^^ string — the runtime representation
+ * //                       ^^^^^^^^ "UserId" — the phantom brand
+ * ```
+ *
+ * ## Hierarchical Brands
+ *
+ * The module supports up to five levels of brand hierarchy through `SubBrandedType`,
+ * `SubSubBrandedType`, etc. A sub-brand inherits structural compatibility with its parent,
+ * allowing a more specific type to be used wherever the parent is accepted, but not vice versa.
+ * This mirrors subtype relationships (e.g. `U32LeBytes ⊆ LeBytes ⊆ Bytes`).
+ *
+ * ## Utility Types
+ *
+ * `UnwrapBrand` and `ExtractBrand` are provided for generic code that needs to inspect or
+ * strip the brand layer without discarding the base type information.
+ *
+ * @packageDocumentation
+ * @module common/branded
+ */
+/**
+ * Unique symbol used as the primary brand property key.
+ *
+ * @remarks
+ * Declared with `unique symbol` so TypeScript guarantees no two declarations of
+ * `BrandSymbol` can be the same symbol, making it impossible to accidentally collide
+ * with user-defined properties. The value never exists at runtime.
+ *
+ * @internal
+ */
+declare const BrandSymbol: unique symbol;
+/**
+ * Unique symbol used as the sub-brand property key.
+ *
+ * @remarks
+ * Attached to a branded type by `SubBrandedType` to create a second phantom dimension
+ * that distinguishes sub-types from their parent without breaking parent assignability.
+ *
+ * @internal
+ */
+declare const SubBrandSymbol: unique symbol;
+/**
+ * Unique symbol used as the sub-sub-brand property key.
+ *
+ * @remarks
+ * Attached by `SubSubBrandedType` to create a third phantom dimension.
+ *
+ * @internal
+ */
+declare const SubSubBrandSymbol: unique symbol;
+/**
+ * Unique symbol used as the sub-sub-sub-brand property key.
+ *
+ * @remarks
+ * Attached by `SubSubSubBrandedType` to create a fourth phantom dimension.
+ *
+ * @internal
+ */
+declare const SubSubSubBrandSymbol: unique symbol;
+/**
+ * Unique symbol used as the sub-sub-sub-sub-brand property key.
+ *
+ * @remarks
+ * Attached by `SubSubSubSubBrandedType` to create a fifth phantom dimension.
+ *
+ * @internal
+ */
+declare const SubSubSubSubBrandSymbol: unique symbol;
+/**
+ * Creates a branded (nominally typed) variant of a base type.
+ *
+ * @remarks
+ * The brand is encoded as a readonly phantom property keyed by `BrandSymbol` whose
+ * value type is the string literal `Brand`. Because `BrandSymbol` is a `unique symbol`,
+ * no two `BrandedType` declarations share the same property key unless they name the same
+ * `Brand` string. This makes cross-brand assignment a compile-time error.
+ *
+ * At runtime the intersection carries no extra data — branded values are stored and
+ * transmitted identically to their base type.
+ *
+ * Use `UnwrapBrand` to recover `Base` and `ExtractBrand` to recover `Brand` from a
+ * `BrandedType` in generic contexts.
+ *
+ * @typeParam Base - The underlying runtime type (e.g. `bigint`, `Uint8Array`, `string`).
+ * @typeParam Brand - A unique string literal that names this brand (e.g. `"U64"`, `"UserId"`).
+ *
+ * @example
+ * ```typescript
+ * // Define two distinct identifier types with the same underlying representation.
+ * type UserId = BrandedType<string, "UserId">;
+ * type PostId = BrandedType<string, "PostId">;
+ *
+ * // Values must be explicitly branded at the boundary.
+ * const userId: UserId = "user-123" as UserId;
+ * const postId: PostId = "post-456" as PostId;
+ *
+ * // TypeScript rejects accidental mixing:
+ * const invalid: PostId = userId; // Error: Type 'UserId' is not assignable to type 'PostId'.
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Numeric brands prevent silent precision loss in the SDK.
+ * type U64  = BrandedType<bigint, "U64">;
+ * type U128 = BrandedType<bigint, "U128">;
+ *
+ * function encryptU64(value: U64): void { ... }
+ * encryptU64(myU128Value); // Compile-time error — prevents protocol bugs.
+ * ```
+ *
+ * @public
+ */
+type BrandedType<Base, Brand extends string> = Base & {
+    readonly [BrandSymbol]: Brand;
+};
+/**
+ * Extracts the base (unbranded) type from a `BrandedType`.
+ *
+ * @remarks
+ * Useful in generic utilities that need to operate on the underlying representation
+ * without caring about the nominal layer. For non-branded types, `T` is returned
+ * unchanged, making this safe to apply unconditionally.
+ *
+ * @typeParam T - A `BrandedType` or plain type to unwrap.
+ *
+ * @example
+ * ```typescript
+ * type UserId = BrandedType<string, "UserId">;
+ * type Base = UnwrapBrand<UserId>; // string
+ *
+ * // Non-branded types pass through unchanged.
+ * type Plain = UnwrapBrand<number>; // number
+ * ```
+ *
+ * @public
+ */
+type UnwrapBrand<T> = T extends BrandedType<infer Base, string> ? Base : T;
+/**
+ * Extracts the brand string literal from a `BrandedType`.
+ *
+ * @remarks
+ * Returns `never` for types that are not `BrandedType` instances. Useful when building
+ * generic error messages or runtime assertions that need to name the expected brand.
+ *
+ * @typeParam T - A `BrandedType` from which to extract the brand name.
+ *
+ * @example
+ * ```typescript
+ * type UserId = BrandedType<string, "UserId">;
+ * type Name = ExtractBrand<UserId>; // "UserId"
+ *
+ * // Non-branded types yield never.
+ * type Nothing = ExtractBrand<string>; // never
+ * ```
+ *
+ * @public
+ */
+type ExtractBrand<T> = T extends BrandedType<unknown, infer Brand> ? Brand : never;
+/**
+ * Creates a sub-branded type that is a more specific variant of an existing `BrandedType`.
+ *
+ * @remarks
+ * A sub-branded type carries both the parent brand (via `[BrandSymbol]`) and its own
+ * sub-brand (via `[SubBrandSymbol]`). This means:
+ *
+ * - A `SubBrandedType<Parent, Sub>` is assignable to `Parent` (narrower types are compatible).
+ * - `Parent` is NOT assignable to `SubBrandedType<Parent, Sub>` (you cannot widen without
+ *   an explicit assertion).
+ *
+ * This is used in the SDK to model byte-array hierarchies such as:
+ * `Bytes` → `LeBytes` → `U32LeBytes`.
+ *
+ * @typeParam Parent - The parent `BrandedType` to extend. Must already be a `BrandedType`.
+ * @typeParam SubBrand - A unique string literal for the sub-brand (e.g. `"LeBytes"`).
+ *
+ * @example
+ * ```typescript
+ * type Bytes    = BrandedType<Uint8Array, "Bytes">;
+ * type LeBytes  = SubBrandedType<Bytes, "LeBytes">;
+ * type BeBytes  = SubBrandedType<Bytes, "BeBytes">;
+ *
+ * declare const le: LeBytes;
+ * declare const be: BeBytes;
+ *
+ * const asBytes: Bytes = le;  // OK — LeBytes ⊆ Bytes
+ * const invalid: BeBytes = le; // Error — LeBytes is not BeBytes
+ * ```
+ *
+ * @public
+ */
+type SubBrandedType<Parent extends BrandedType<unknown, string>, SubBrand extends string> = Parent & {
+    readonly [SubBrandSymbol]: SubBrand;
+};
+/**
+ * Creates a sub-sub-branded type for the third level of the brand hierarchy.
+ *
+ * @remarks
+ * Inherits both the parent brand and the sub-brand, adding a third phantom dimension via
+ * `[SubSubBrandSymbol]`. A `SubSubBrandedType` is assignable to its `SubBrandedType`
+ * parent and transitively to the root `BrandedType`, but nothing in the hierarchy can
+ * be widened to a `SubSubBrandedType` without an explicit assertion.
+ *
+ * Typical usage in the SDK:
+ * `Bytes` → `LeBytes` → `U32LeBytes`
+ *
+ * @typeParam Parent - The parent `SubBrandedType` to extend.
+ * @typeParam SubSubBrand - A unique string literal for this level (e.g. `"U32LeBytes"`).
+ *
+ * @example
+ * ```typescript
+ * type Bytes       = BrandedType<Uint8Array, "Bytes">;
+ * type LeBytes     = SubBrandedType<Bytes, "LeBytes">;
+ * type U32LeBytes  = SubSubBrandedType<LeBytes, "U32LeBytes">;
+ *
+ * declare const u32: U32LeBytes;
+ * const asLe: LeBytes = u32;  // OK
+ * const asBytes: Bytes = u32; // OK
+ * ```
+ *
+ * @public
+ */
+type SubSubBrandedType<Parent extends SubBrandedType<BrandedType<unknown, string>, string>, SubSubBrand extends string> = Parent & {
+    readonly [SubSubBrandSymbol]: SubSubBrand;
+};
+/**
+ * Creates a sub-sub-sub-branded type for the fourth level of the brand hierarchy.
+ *
+ * @remarks
+ * Adds a fourth phantom dimension via `[SubSubSubBrandSymbol]` on top of a
+ * `SubSubBrandedType` parent. Assignable to all ancestor levels.
+ *
+ * Typical usage in the SDK:
+ * `Bytes` → `LeBytes` → `U256LeBytes` → `Keccak256Hash`
+ *
+ * @typeParam Parent - The parent `SubSubBrandedType` to extend.
+ * @typeParam SubSubSubBrand - A unique string literal for this level (e.g. `"Keccak256Hash"`).
+ *
+ * @example
+ * ```typescript
+ * type Bytes          = BrandedType<Uint8Array, "Bytes">;
+ * type LeBytes        = SubBrandedType<Bytes, "LeBytes">;
+ * type U32LeBytes     = SubSubBrandedType<LeBytes, "U32LeBytes">;
+ * type ValidU32LeBytes = SubSubSubBrandedType<U32LeBytes, "ValidU32LeBytes">;
+ *
+ * declare const v: ValidU32LeBytes;
+ * const asU32: U32LeBytes = v; // OK
+ * const asLe: LeBytes     = v; // OK
+ * const asBytes: Bytes    = v; // OK
+ * ```
+ *
+ * @public
+ */
+type SubSubSubBrandedType<Parent extends SubSubBrandedType<SubBrandedType<BrandedType<unknown, string>, string>, string>, SubSubSubBrand extends string> = Parent & {
+    readonly [SubSubSubBrandSymbol]: SubSubSubBrand;
+};
+/**
+ * Creates a sub-sub-sub-sub-branded type for the fifth level of the brand hierarchy.
+ *
+ * @remarks
+ * Adds a fifth phantom dimension via `[SubSubSubSubBrandSymbol]` on top of a
+ * `SubSubSubBrandedType` parent. This is the deepest level of branding supported by the
+ * SDK. Assignable to all four ancestor levels.
+ *
+ * Example chain used in the SDK for master seed derivation:
+ * `Bytes` → `LeBytes` → `U512LeBytes` → `Keccak512Hash` → `MasterSeed`
+ *
+ * @typeParam Parent - The parent `SubSubSubBrandedType` to extend.
+ * @typeParam SubSubSubSubBrand - A unique string literal for this level (e.g. `"MasterSeed"`).
+ *
+ * @example
+ * ```typescript
+ * type Bytes          = BrandedType<Uint8Array, "Bytes">;
+ * type LeBytes        = SubBrandedType<Bytes, "LeBytes">;
+ * type U512LeBytes    = SubSubBrandedType<LeBytes, "U512LeBytes">;
+ * type Keccak512Hash  = SubSubSubBrandedType<U512LeBytes, "Keccak512Hash">;
+ * type MasterSeed     = SubSubSubSubBrandedType<Keccak512Hash, "MasterSeed">;
+ *
+ * // MasterSeed is assignable to every ancestor level.
+ * declare const seed: MasterSeed;
+ * const asHash: Keccak512Hash  = seed; // OK
+ * const asU512: U512LeBytes    = seed; // OK
+ * const asLe: LeBytes          = seed; // OK
+ * const asBytes: Bytes         = seed; // OK
+ * ```
+ *
+ * @public
+ */
+type SubSubSubSubBrandedType<Parent extends SubSubSubBrandedType<SubSubBrandedType<SubBrandedType<BrandedType<unknown, string>, string>, string>, string>, SubSubSubSubBrand extends string> = Parent & {
+    readonly [SubSubSubSubBrandSymbol]: SubSubSubSubBrand;
+};
+
+/**
+ * Mathematics Types Module
+ *
+ * This module provides a comprehensive set of branded types and runtime assertions
+ * for mathematical primitives used throughout the SDK. These types ensure compile-time
+ * safety by preventing accidental mixing of incompatible numeric representations.
+ *
+ * ## Overview
+ *
+ * The module is organized into several categories:
+ *
+ * ### Byte Array Types
+ * - **Base types**: `LeBytes` (little-endian), `BeBytes` (big-endian)
+ * - **Sized types**: `U8LeBytes`, `U16LeBytes`, ..., `U1024LeBytes` (and BE equivalents)
+ *
+ * ### Integer Types
+ * - **Unsigned**: `U8`, `U16`, `U32`, `U64`, `U128`, `U256`, `U512`, `U1024`
+ * - **Signed**: `I8`, `I16`, `I32`, `I64`, `I128`, `I256`, `I512`, `I1024`
+ *
+ * ### Constants
+ * - Maximum values for unsigned types (`U8_MAX`, `U16_MAX`, etc.)
+ * - Min/max values for signed types (`I8_MIN`, `I8_MAX`, etc.)
+ * - Byte lengths for sized arrays (`U8_BYTE_LENGTH`, etc.)
+ *
+ * ### Assertion Functions
+ * - Runtime validation functions that throw `MathematicsAssertionError` on failure
+ * - Return branded types on success for type-safe usage
+ *
+ * ## Usage Example
+ *
+ * ```typescript
+ * import { assertU256, assertU256LeBytes, U256, U256LeBytes } from "./mathematics";
+ *
+ * // Validate and brand a bigint as U256
+ * const value: U256 = assertU256(12345n);
+ *
+ * // Validate and brand a byte array
+ * const bytes: U256LeBytes = assertU256LeBytes(new Uint8Array(32));
+ *
+ * // Type errors are caught at compile time
+ * function processU256(value: U256): void { ... }
+ * processU256(12345n); // Error: bigint is not assignable to U256
+ * processU256(assertU256(12345n)); // OK
+ * ```
+ *
+ * @module types/mathematics
+ * @see {@link ./branded} for the underlying branded type utilities
+ * @packageDocumentation
+ */
+
+/**
+ * Generic branded byte array base type.
+ *
+ * This is the root type for all byte array types in the SDK.
+ * All specialized byte array types (LeBytes, BeBytes, X25519Bytes, etc.)
+ * derive from this type.
+ *
+ * Use this type when:
+ * - Endianness is not relevant to the operation
+ * - Endianness is handled externally
+ * - Working with raw binary data without numeric interpretation
+ *
+ * @example
+ * ```typescript
+ * function hashBytes(data: Bytes): Bytes {
+ *     // Endianness doesn't matter for hashing
+ *     return sha256(data);
+ * }
+ * ```
+ *
+ * @public
+ */
+type Bytes = BrandedType<Uint8Array, "Bytes">;
+/**
+ * Little-endian byte array base type.
+ *
+ * Little-endian format stores the **least significant byte first**.
+ * This is the native byte order for:
+ * - x86 and x64 processors (Intel, AMD)
+ * - ARM processors (in little-endian mode)
+ * - Most modern desktop and mobile CPUs
+ *
+ * @remarks
+ * Little-endian is often more efficient for arithmetic operations
+ * as the least significant bytes can be processed first.
+ *
+ * @example
+ * ```typescript
+ * // The 32-bit number 0x12345678 in little-endian:
+ * // Memory layout: [0x78, 0x56, 0x34, 0x12]
+ * //                 LSB                  MSB
+ * const leBytes = assertLeBytes(new Uint8Array([0x78, 0x56, 0x34, 0x12]));
+ *
+ * // Converting to number (conceptually):
+ * // 0x78 + (0x56 << 8) + (0x34 << 16) + (0x12 << 24) = 0x12345678
+ * ```
+ *
+ * @see {@link BeBytes} for big-endian representation
+ * @public
+ */
+type LeBytes = SubBrandedType<Bytes, "LeBytes">;
+/**
+ * Big-endian byte array base type.
+ *
+ * Big-endian format stores the **most significant byte first**.
+ * This is used in:
+ * - Network protocols (TCP/IP) - hence "network byte order"
+ * - Many file formats (JPEG, PNG headers)
+ * - Java's DataInputStream/DataOutputStream
+ * - Most cryptographic specifications
+ *
+ * @remarks
+ * Big-endian is often more human-readable as bytes appear in the
+ * same order as the hexadecimal representation.
+ *
+ * @example
+ * ```typescript
+ * // The 32-bit number 0x12345678 in big-endian:
+ * // Memory layout: [0x12, 0x34, 0x56, 0x78]
+ * //                 MSB                  LSB
+ * const beBytes = assertBeBytes(new Uint8Array([0x12, 0x34, 0x56, 0x78]));
+ *
+ * // The hex string "12345678" maps directly to bytes
+ * ```
+ *
+ * @see {@link LeBytes} for little-endian representation
+ * @public
+ */
+type BeBytes = SubBrandedType<Bytes, "BeBytes">;
+/**
+ * 8-bit (1 byte) little-endian byte array.
+ *
+ * Represents a single byte, which is endianness-agnostic.
+ * Included for API consistency with larger sizes.
+ *
+ * @remarks
+ * - Size: 1 byte
+ * - Value range: [0, 255] (0x00 to 0xFF)
+ *
+ * @example
+ * ```typescript
+ * const byte = assertU8LeBytes(new Uint8Array([0xFF]));
+ * // Represents the value 255
+ * ```
+ *
+ * @see {@link assertU8LeBytes}
+ * @public
+ */
+type U8LeBytes = SubSubBrandedType<LeBytes, "U8LeBytes">;
+/**
+ * 16-bit (2 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 2 bytes
+ * - Value range: [0, 65,535] (0x0000 to 0xFFFF)
+ *
+ * @example
+ * ```typescript
+ * // Value 0x1234 in little-endian
+ * const bytes = assertU16LeBytes(new Uint8Array([0x34, 0x12]));
+ * ```
+ *
+ * @see {@link assertU16LeBytes}
+ * @public
+ */
+type U16LeBytes = SubSubBrandedType<LeBytes, "U16LeBytes">;
+/**
+ * 32-bit (4 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 4 bytes
+ * - Value range: [0, 4,294,967,295] (0x00000000 to 0xFFFFFFFF)
+ * - Common use: IPv4 addresses, 32-bit hashes, timestamps
+ *
+ * @example
+ * ```typescript
+ * // Value 0x12345678 in little-endian
+ * const bytes = assertU32LeBytes(new Uint8Array([0x78, 0x56, 0x34, 0x12]));
+ * ```
+ *
+ * @see {@link assertU32LeBytes}
+ * @public
+ */
+type U32LeBytes = SubSubBrandedType<LeBytes, "U32LeBytes">;
+/**
+ * 64-bit (8 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 8 bytes
+ * - Value range: [0, 2^64 - 1]
+ * - Common use: Timestamps with nanosecond precision, large counters
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU64LeBytes(new Uint8Array(8));
+ * ```
+ *
+ * @see {@link assertU64LeBytes}
+ * @public
+ */
+type U64LeBytes = SubSubBrandedType<LeBytes, "U64LeBytes">;
+/**
+ * 128-bit (16 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 16 bytes
+ * - Value range: [0, 2^128 - 1]
+ * - Common use: UUIDs, AES block size
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU128LeBytes(new Uint8Array(16));
+ * ```
+ *
+ * @see {@link assertU128LeBytes}
+ * @public
+ */
+type U128LeBytes = SubSubBrandedType<LeBytes, "U128LeBytes">;
+/**
+ * 256-bit (32 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 32 bytes
+ * - Value range: [0, 2^256 - 1]
+ * - Common use: SHA-256 hashes, elliptic curve scalars, private keys
+ *
+ * @example
+ * ```typescript
+ * // A 256-bit cryptographic scalar
+ * const scalar = assertU256LeBytes(new Uint8Array(32));
+ * ```
+ *
+ * @see {@link assertU256LeBytes}
+ * @public
+ */
+type U256LeBytes = SubSubBrandedType<LeBytes, "U256LeBytes">;
+/**
+ * 512-bit (64 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 64 bytes
+ * - Value range: [0, 2^512 - 1]
+ * - Common use: SHA-512 hashes, extended keys
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU512LeBytes(new Uint8Array(64));
+ * ```
+ *
+ * @see {@link assertU512LeBytes}
+ * @public
+ */
+type U512LeBytes = SubSubBrandedType<LeBytes, "U512LeBytes">;
+/**
+ * 1024-bit (128 bytes) little-endian byte array.
+ *
+ * @remarks
+ * - Size: 128 bytes
+ * - Value range: [0, 2^1024 - 1]
+ * - Common use: RSA keys, large cryptographic values
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU1024LeBytes(new Uint8Array(128));
+ * ```
+ *
+ * @see {@link assertU1024LeBytes}
+ * @public
+ */
+type U1024LeBytes = SubSubBrandedType<LeBytes, "U1024LeBytes">;
+/**
+ * 8-bit (1 byte) big-endian byte array.
+ *
+ * Represents a single byte, which is endianness-agnostic.
+ * Included for API consistency with larger sizes.
+ *
+ * @remarks
+ * - Size: 1 byte
+ * - Value range: [0, 255] (0x00 to 0xFF)
+ *
+ * @example
+ * ```typescript
+ * const byte = assertU8BeBytes(new Uint8Array([0xFF]));
+ * ```
+ *
+ * @see {@link assertU8BeBytes}
+ * @public
+ */
+type U8BeBytes = SubSubBrandedType<BeBytes, "U8BeBytes">;
+/**
+ * 16-bit (2 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 2 bytes
+ * - Value range: [0, 65,535]
+ * - Common use: Network port numbers, protocol headers
+ *
+ * @example
+ * ```typescript
+ * // Value 0x1234 in big-endian (network byte order)
+ * const bytes = assertU16BeBytes(new Uint8Array([0x12, 0x34]));
+ * ```
+ *
+ * @see {@link assertU16BeBytes}
+ * @public
+ */
+type U16BeBytes = SubSubBrandedType<BeBytes, "U16BeBytes">;
+/**
+ * 32-bit (4 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 4 bytes
+ * - Value range: [0, 4,294,967,295]
+ * - Common use: Network addresses, protocol fields
+ *
+ * @example
+ * ```typescript
+ * // Value 0x12345678 in big-endian
+ * const bytes = assertU32BeBytes(new Uint8Array([0x12, 0x34, 0x56, 0x78]));
+ * ```
+ *
+ * @see {@link assertU32BeBytes}
+ * @public
+ */
+type U32BeBytes = SubSubBrandedType<BeBytes, "U32BeBytes">;
+/**
+ * 64-bit (8 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 8 bytes
+ * - Value range: [0, 2^64 - 1]
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU64BeBytes(new Uint8Array(8));
+ * ```
+ *
+ * @see {@link assertU64BeBytes}
+ * @public
+ */
+type U64BeBytes = SubSubBrandedType<BeBytes, "U64BeBytes">;
+/**
+ * 128-bit (16 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 16 bytes
+ * - Value range: [0, 2^128 - 1]
+ * - Common use: UUIDs in standard format, IPv6 addresses
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU128BeBytes(new Uint8Array(16));
+ * ```
+ *
+ * @see {@link assertU128BeBytes}
+ * @public
+ */
+type U128BeBytes = SubSubBrandedType<BeBytes, "U128BeBytes">;
+/**
+ * 256-bit (32 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 32 bytes
+ * - Value range: [0, 2^256 - 1]
+ * - Common use: Ethereum addresses (20 bytes, but often padded), field elements
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU256BeBytes(new Uint8Array(32));
+ * ```
+ *
+ * @see {@link assertU256BeBytes}
+ * @public
+ */
+type U256BeBytes = SubSubBrandedType<BeBytes, "U256BeBytes">;
+/**
+ * 512-bit (64 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 64 bytes
+ * - Value range: [0, 2^512 - 1]
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU512BeBytes(new Uint8Array(64));
+ * ```
+ *
+ * @see {@link assertU512BeBytes}
+ * @public
+ */
+type U512BeBytes = SubSubBrandedType<BeBytes, "U512BeBytes">;
+/**
+ * 1024-bit (128 bytes) big-endian byte array.
+ *
+ * @remarks
+ * - Size: 128 bytes
+ * - Value range: [0, 2^1024 - 1]
+ *
+ * @example
+ * ```typescript
+ * const bytes = assertU1024BeBytes(new Uint8Array(128));
+ * ```
+ *
+ * @see {@link assertU1024BeBytes}
+ * @public
+ */
+type U1024BeBytes = SubSubBrandedType<BeBytes, "U1024BeBytes">;
+/**
+ * Base type for all unsigned integers.
+ *
+ * Unsigned integers represent non-negative whole numbers (0, 1, 2, ...).
+ * All specific unsigned integer types (`U8`, `U16`, etc.) are sub-brands of this type.
+ *
+ * @remarks
+ * - Uses JavaScript's `BigInt` for arbitrary precision arithmetic
+ * - No upper bound at the base type level (bounds are enforced by sub-types)
+ * - Guaranteed to be non-negative (>= 0)
+ *
+ * ## Type Hierarchy
+ * ```
+ * bigint
+ *   └── UnsignedInteger (branded, value >= 0)
+ *         ├── U8   (0 to 255)
+ *         ├── U16  (0 to 65,535)
+ *         ├── U32  (0 to 4,294,967,295)
+ *         └── ...
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const value = assertUnsignedInteger(12345n);
+ * // value is typed as UnsignedInteger
+ *
+ * // Can be assigned to functions expecting UnsignedInteger
+ * function processUnsigned(n: UnsignedInteger): void { ... }
+ * processUnsigned(value); // OK
+ * ```
+ *
+ * @see {@link assertUnsignedInteger}
+ * @public
+ */
+type UnsignedInteger = BrandedType<bigint, "UnsignedInteger">;
+/**
+ * Base type for all signed integers.
+ *
+ * Signed integers represent whole numbers including negatives (..., -2, -1, 0, 1, 2, ...).
+ * All specific signed integer types (`I8`, `I16`, etc.) are sub-brands of this type.
+ *
+ * @remarks
+ * - Uses JavaScript's `BigInt` for arbitrary precision arithmetic
+ * - No bounds at the base type level (bounds are enforced by sub-types)
+ * - Two's complement representation is assumed for negative values
+ *
+ * ## Two's Complement
+ * Two's complement is the standard way computers represent signed integers:
+ * - Positive numbers are represented normally
+ * - Negative numbers: invert all bits and add 1
+ * - Example (8-bit): -1 = 0xFF, -128 = 0x80
+ *
+ * ## Type Hierarchy
+ * ```
+ * bigint
+ *   └── SignedInteger (branded)
+ *         ├── I8   (-128 to 127)
+ *         ├── I16  (-32,768 to 32,767)
+ *         ├── I32  (-2,147,483,648 to 2,147,483,647)
+ *         └── ...
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const value = assertSignedInteger(-12345n);
+ * // value is typed as SignedInteger
+ * ```
+ *
+ * @see {@link assertSignedInteger}
+ * @public
+ */
+type SignedInteger = BrandedType<bigint, "SignedInteger">;
+/**
+ * 8-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 8 bits (1 byte)
+ * - Range: [0, 255] or [0x00, 0xFF]
+ * - Max value: 2^8 - 1 = 255
+ *
+ * ## Common Uses
+ * - Single byte values
+ * - Color channel values (RGB)
+ * - Character codes (ASCII)
+ * - Small counters and flags
+ *
+ * @example
+ * ```typescript
+ * const red: U8 = assertU8(255n);   // Maximum red
+ * const green: U8 = assertU8(128n); // Medium green
+ * const blue: U8 = assertU8(0n);    // No blue
+ * ```
+ *
+ * @see {@link assertU8}
+ * @see {@link U8_MAX}
+ * @public
+ */
+type U8 = SubBrandedType<UnsignedInteger, "U8">;
+/**
+ * 16-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 16 bits (2 bytes)
+ * - Range: [0, 65,535] or [0x0000, 0xFFFF]
+ * - Max value: 2^16 - 1 = 65,535
+ *
+ * ## Common Uses
+ * - Port numbers (0-65535)
+ * - Unicode code points (BMP)
+ * - Audio samples (16-bit PCM)
+ * - Small array indices
+ *
+ * @example
+ * ```typescript
+ * const port: U16 = assertU16(443n);    // HTTPS port
+ * const sample: U16 = assertU16(32768n); // Audio sample
+ * ```
+ *
+ * @see {@link assertU16}
+ * @see {@link U16_MAX}
+ * @public
+ */
+type U16 = SubBrandedType<UnsignedInteger, "U16">;
+/**
+ * 32-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 32 bits (4 bytes)
+ * - Range: [0, 4,294,967,295] or [0x00000000, 0xFFFFFFFF]
+ * - Max value: 2^32 - 1 = 4,294,967,295 (~4.3 billion)
+ *
+ * ## Common Uses
+ * - IPv4 addresses
+ * - Unix timestamps (until 2038)
+ * - Array indices
+ * - Color values (RGBA packed)
+ * - CRC32 checksums
+ *
+ * @example
+ * ```typescript
+ * const timestamp: U32 = assertU32(1704067200n); // 2024-01-01 00:00:00 UTC
+ * const ipAddress: U32 = assertU32(0x7F000001n); // 127.0.0.1
+ * ```
+ *
+ * @see {@link assertU32}
+ * @see {@link U32_MAX}
+ * @public
+ */
+type U32 = SubBrandedType<UnsignedInteger, "U32">;
+/**
+ * 64-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 64 bits (8 bytes)
+ * - Range: [0, 18,446,744,073,709,551,615]
+ * - Max value: 2^64 - 1 (~18.4 quintillion)
+ *
+ * ## Common Uses
+ * - High-precision timestamps (nanoseconds)
+ * - File sizes
+ * - Database primary keys
+ * - Memory addresses
+ * - Large counters
+ *
+ * @example
+ * ```typescript
+ * const nanoTimestamp: U64 = assertU64(1704067200000000000n);
+ * const fileSize: U64 = assertU64(1099511627776n); // 1 TiB
+ * ```
+ *
+ * @see {@link assertU64}
+ * @see {@link U64_MAX}
+ * @public
+ */
+type U64 = SubBrandedType<UnsignedInteger, "U64">;
+/**
+ * 128-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 128 bits (16 bytes)
+ * - Range: [0, 2^128 - 1]
+ * - Max value: ~3.4 × 10^38
+ *
+ * ## Common Uses
+ * - UUIDs (128-bit identifiers)
+ * - IPv6 addresses
+ * - Cryptographic nonces
+ * - Very large counters
+ *
+ * @example
+ * ```typescript
+ * const uuid: U128 = assertU128(0x550e8400e29b41d4a716446655440000n);
+ * ```
+ *
+ * @see {@link assertU128}
+ * @see {@link U128_MAX}
+ * @public
+ */
+type U128 = SubBrandedType<UnsignedInteger, "U128">;
+/**
+ * 256-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 256 bits (32 bytes)
+ * - Range: [0, 2^256 - 1]
+ * - Max value: ~1.16 × 10^77
+ *
+ * ## Common Uses
+ * - Elliptic curve field elements (BN254, secp256k1)
+ * - Cryptographic scalars and private keys
+ * - SHA-256 hash outputs
+ * - Blockchain addresses and balances
+ *
+ * ## Cryptographic Significance
+ * 256 bits provides approximately 128 bits of security for symmetric
+ * operations and is the standard size for modern elliptic curves.
+ *
+ * @example
+ * ```typescript
+ * // A private key (256-bit scalar)
+ * const privateKey: U256 = assertU256(
+ *     0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdefn
+ * );
+ *
+ * // A SHA-256 hash interpreted as a number
+ * const hashValue: U256 = assertU256(hashAsNumber);
+ * ```
+ *
+ * @see {@link assertU256}
+ * @see {@link U256_MAX}
+ * @public
+ */
+type U256 = SubBrandedType<UnsignedInteger, "U256">;
+/**
+ * 512-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 512 bits (64 bytes)
+ * - Range: [0, 2^512 - 1]
+ *
+ * ## Common Uses
+ * - SHA-512 hash outputs
+ * - Extended cryptographic keys
+ * - Large field elements
+ *
+ * @example
+ * ```typescript
+ * const hash: U512 = assertU512(sha512HashValue);
+ * ```
+ *
+ * @see {@link assertU512}
+ * @see {@link U512_MAX}
+ * @public
+ */
+type U512 = SubBrandedType<UnsignedInteger, "U512">;
+/**
+ * 1024-bit unsigned integer.
+ *
+ * @remarks
+ * - Bit width: 1024 bits (128 bytes)
+ * - Range: [0, 2^1024 - 1]
+ *
+ * ## Common Uses
+ * - RSA key components
+ * - Very large cryptographic values
+ * - Pairing-based cryptography
+ *
+ * @example
+ * ```typescript
+ * const rsaModulus: U1024 = assertU1024(modulusValue);
+ * ```
+ *
+ * @see {@link assertU1024}
+ * @see {@link U1024_MAX}
+ * @public
+ */
+type U1024 = SubBrandedType<UnsignedInteger, "U1024">;
+/**
+ * 8-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 8 bits (1 byte)
+ * - Range: [-128, 127] or [-2^7, 2^7 - 1]
+ * - Uses two's complement representation
+ *
+ * ## Two's Complement Values
+ * - 0x00 = 0
+ * - 0x7F = 127 (maximum positive)
+ * - 0x80 = -128 (minimum negative)
+ * - 0xFF = -1
+ *
+ * @example
+ * ```typescript
+ * const positive: I8 = assertI8(127n);
+ * const negative: I8 = assertI8(-128n);
+ * const zero: I8 = assertI8(0n);
+ * ```
+ *
+ * @see {@link assertI8}
+ * @see {@link I8_MIN}
+ * @see {@link I8_MAX}
+ * @public
+ */
+type I8 = SubBrandedType<SignedInteger, "I8">;
+/**
+ * 16-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 16 bits (2 bytes)
+ * - Range: [-32,768, 32,767] or [-2^15, 2^15 - 1]
+ * - Uses two's complement representation
+ *
+ * ## Common Uses
+ * - Audio samples (16-bit signed PCM)
+ * - Small offsets and deltas
+ *
+ * @example
+ * ```typescript
+ * const audioSample: I16 = assertI16(-16384n);
+ * ```
+ *
+ * @see {@link assertI16}
+ * @see {@link I16_MIN}
+ * @see {@link I16_MAX}
+ * @public
+ */
+type I16 = SubBrandedType<SignedInteger, "I16">;
+/**
+ * 32-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 32 bits (4 bytes)
+ * - Range: [-2,147,483,648, 2,147,483,647] or [-2^31, 2^31 - 1]
+ * - Uses two's complement representation
+ *
+ * ## Common Uses
+ * - General-purpose integers
+ * - Array indices (with negative sentinel values)
+ * - Differences and offsets
+ *
+ * @example
+ * ```typescript
+ * const offset: I32 = assertI32(-1000n);
+ * const index: I32 = assertI32(42n);
+ * ```
+ *
+ * @see {@link assertI32}
+ * @see {@link I32_MIN}
+ * @see {@link I32_MAX}
+ * @public
+ */
+type I32 = SubBrandedType<SignedInteger, "I32">;
+/**
+ * 64-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 64 bits (8 bytes)
+ * - Range: [-9,223,372,036,854,775,808, 9,223,372,036,854,775,807]
+ * - Range: [-2^63, 2^63 - 1]
+ * - Uses two's complement representation
+ *
+ * ## Common Uses
+ * - Large offsets and differences
+ * - Signed timestamps
+ * - Financial calculations (with appropriate scaling)
+ *
+ * @example
+ * ```typescript
+ * const difference: I64 = assertI64(-1000000000000n);
+ * ```
+ *
+ * @see {@link assertI64}
+ * @see {@link I64_MIN}
+ * @see {@link I64_MAX}
+ * @public
+ */
+type I64 = SubBrandedType<SignedInteger, "I64">;
+/**
+ * 128-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 128 bits (16 bytes)
+ * - Range: [-2^127, 2^127 - 1]
+ * - Uses two's complement representation
+ *
+ * @example
+ * ```typescript
+ * const value: I128 = assertI128(-170141183460469231731687303715884105728n);
+ * ```
+ *
+ * @see {@link assertI128}
+ * @see {@link I128_MIN}
+ * @see {@link I128_MAX}
+ * @public
+ */
+type I128 = SubBrandedType<SignedInteger, "I128">;
+/**
+ * 256-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 256 bits (32 bytes)
+ * - Range: [-2^255, 2^255 - 1]
+ * - Uses two's complement representation
+ *
+ * ## Common Uses
+ * - Signed cryptographic values
+ * - Large signed arithmetic
+ *
+ * @example
+ * ```typescript
+ * const signedScalar: I256 = assertI256(-12345678901234567890n);
+ * ```
+ *
+ * @see {@link assertI256}
+ * @see {@link I256_MIN}
+ * @see {@link I256_MAX}
+ * @public
+ */
+type I256 = SubBrandedType<SignedInteger, "I256">;
+/**
+ * 512-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 512 bits (64 bytes)
+ * - Range: [-2^511, 2^511 - 1]
+ * - Uses two's complement representation
+ *
+ * @example
+ * ```typescript
+ * const value: I512 = assertI512(-1n);
+ * ```
+ *
+ * @see {@link assertI512}
+ * @see {@link I512_MIN}
+ * @see {@link I512_MAX}
+ * @public
+ */
+type I512 = SubBrandedType<SignedInteger, "I512">;
+/**
+ * 1024-bit signed integer.
+ *
+ * @remarks
+ * - Bit width: 1024 bits (128 bytes)
+ * - Range: [-2^1023, 2^1023 - 1]
+ * - Uses two's complement representation
+ *
+ * @example
+ * ```typescript
+ * const value: I1024 = assertI1024(0n);
+ * ```
+ *
+ * @see {@link assertI1024}
+ * @see {@link I1024_MIN}
+ * @see {@link I1024_MAX}
+ * @public
+ */
+type I1024 = SubBrandedType<SignedInteger, "I1024">;
+/**
+ * Maximum value for an 8-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 255 (0xFF)
+ * - Formula: 2^8 - 1
+ *
+ * @example
+ * ```typescript
+ * if (value > U8_MAX) {
+ *     throw new Error("Value exceeds U8 range");
+ * }
+ * ```
+ *
+ * @see {@link U8}
+ * @public
+ */
+declare const U8_MAX = 255n;
+/**
+ * Maximum value for a 16-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 65,535 (0xFFFF)
+ * - Formula: 2^16 - 1
+ *
+ * @example
+ * ```typescript
+ * if (portNumber > U16_MAX) {
+ *     throw new Error("Port number exceeds U16 range");
+ * }
+ * ```
+ *
+ * @see {@link U16}
+ * @public
+ */
+declare const U16_MAX = 65535n;
+/**
+ * Maximum value for a 32-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 4,294,967,295 (0xFFFFFFFF)
+ * - Formula: 2^32 - 1
+ *
+ * @example
+ * ```typescript
+ * if (timestamp > U32_MAX) {
+ *     throw new Error("Timestamp exceeds U32 range (Year 2038 problem)");
+ * }
+ * ```
+ *
+ * @see {@link U32}
+ * @public
+ */
+declare const U32_MAX = 4294967295n;
+/**
+ * Maximum value for a 64-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 18,446,744,073,709,551,615 (0xFFFFFFFFFFFFFFFF)
+ * - Formula: 2^64 - 1
+ *
+ * @example
+ * ```typescript
+ * if (counter > U64_MAX) {
+ *     throw new Error("Counter exceeds U64 range");
+ * }
+ * ```
+ *
+ * @see {@link U64}
+ * @public
+ */
+declare const U64_MAX = 18446744073709551615n;
+/**
+ * Maximum value for a 128-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 2^128 - 1
+ * - Approximately: 3.4 × 10^38
+ *
+ * @example
+ * ```typescript
+ * if (value > U128_MAX) {
+ *     throw new Error("Value exceeds U128 range");
+ * }
+ * ```
+ *
+ * @see {@link U128}
+ * @public
+ */
+declare const U128_MAX: bigint;
+/**
+ * Maximum value for a 256-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 2^256 - 1
+ * - Approximately: 1.16 × 10^77
+ * - This exceeds the estimated number of atoms in the observable universe
+ *
+ * @example
+ * ```typescript
+ * // Validate a field element is within BN254 range (BN254 prime < U256_MAX)
+ * if (fieldElement > U256_MAX) {
+ *     throw new Error("Field element exceeds U256 range");
+ * }
+ * ```
+ *
+ * @see {@link U256}
+ * @public
+ */
+declare const U256_MAX: bigint;
+/**
+ * Maximum value for a 512-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 2^512 - 1
+ *
+ * @example
+ * ```typescript
+ * if (value > U512_MAX) {
+ *     throw new Error("Value exceeds U512 range");
+ * }
+ * ```
+ *
+ * @see {@link U512}
+ * @public
+ */
+declare const U512_MAX: bigint;
+/**
+ * Maximum value for a 1024-bit unsigned integer.
+ *
+ * @remarks
+ * - Value: 2^1024 - 1
+ *
+ * @example
+ * ```typescript
+ * if (rsaModulus > U1024_MAX) {
+ *     throw new Error("RSA modulus exceeds U1024 range");
+ * }
+ * ```
+ *
+ * @see {@link U1024}
+ * @public
+ */
+declare const U1024_MAX: bigint;
+/**
+ * Minimum value for an 8-bit signed integer.
+ *
+ * @remarks
+ * - Value: -128 (0x80 in two's complement)
+ * - Formula: -2^7
+ *
+ * @see {@link I8}
+ * @public
+ */
+declare const I8_MIN: bigint;
+/**
+ * Maximum value for an 8-bit signed integer.
+ *
+ * @remarks
+ * - Value: 127 (0x7F)
+ * - Formula: 2^7 - 1
+ *
+ * @see {@link I8}
+ * @public
+ */
+declare const I8_MAX: bigint;
+/**
+ * Minimum value for a 16-bit signed integer.
+ *
+ * @remarks
+ * - Value: -32,768
+ * - Formula: -2^15
+ *
+ * @see {@link I16}
+ * @public
+ */
+declare const I16_MIN: bigint;
+/**
+ * Maximum value for a 16-bit signed integer.
+ *
+ * @remarks
+ * - Value: 32,767
+ * - Formula: 2^15 - 1
+ *
+ * @see {@link I16}
+ * @public
+ */
+declare const I16_MAX: bigint;
+/**
+ * Minimum value for a 32-bit signed integer.
+ *
+ * @remarks
+ * - Value: -2,147,483,648
+ * - Formula: -2^31
+ *
+ * @see {@link I32}
+ * @public
+ */
+declare const I32_MIN: bigint;
+/**
+ * Maximum value for a 32-bit signed integer.
+ *
+ * @remarks
+ * - Value: 2,147,483,647
+ * - Formula: 2^31 - 1
+ *
+ * @see {@link I32}
+ * @public
+ */
+declare const I32_MAX: bigint;
+/**
+ * Minimum value for a 64-bit signed integer.
+ *
+ * @remarks
+ * - Value: -9,223,372,036,854,775,808
+ * - Formula: -2^63
+ *
+ * @see {@link I64}
+ * @public
+ */
+declare const I64_MIN: bigint;
+/**
+ * Maximum value for a 64-bit signed integer.
+ *
+ * @remarks
+ * - Value: 9,223,372,036,854,775,807
+ * - Formula: 2^63 - 1
+ *
+ * @see {@link I64}
+ * @public
+ */
+declare const I64_MAX: bigint;
+/**
+ * Minimum value for a 128-bit signed integer.
+ *
+ * @remarks
+ * - Formula: -2^127
+ *
+ * @see {@link I128}
+ * @public
+ */
+declare const I128_MIN: bigint;
+/**
+ * Maximum value for a 128-bit signed integer.
+ *
+ * @remarks
+ * - Formula: 2^127 - 1
+ *
+ * @see {@link I128}
+ * @public
+ */
+declare const I128_MAX: bigint;
+/**
+ * Minimum value for a 256-bit signed integer.
+ *
+ * @remarks
+ * - Formula: -2^255
+ *
+ * @see {@link I256}
+ * @public
+ */
+declare const I256_MIN: bigint;
+/**
+ * Maximum value for a 256-bit signed integer.
+ *
+ * @remarks
+ * - Formula: 2^255 - 1
+ *
+ * @see {@link I256}
+ * @public
+ */
+declare const I256_MAX: bigint;
+/**
+ * Minimum value for a 512-bit signed integer.
+ *
+ * @remarks
+ * - Formula: -2^511
+ *
+ * @see {@link I512}
+ * @public
+ */
+declare const I512_MIN: bigint;
+/**
+ * Maximum value for a 512-bit signed integer.
+ *
+ * @remarks
+ * - Formula: 2^511 - 1
+ *
+ * @see {@link I512}
+ * @public
+ */
+declare const I512_MAX: bigint;
+/**
+ * Minimum value for a 1024-bit signed integer.
+ *
+ * @remarks
+ * - Formula: -2^1023
+ *
+ * @see {@link I1024}
+ * @public
+ */
+declare const I1024_MIN: bigint;
+/**
+ * Maximum value for a 1024-bit signed integer.
+ *
+ * @remarks
+ * - Formula: 2^1023 - 1
+ *
+ * @see {@link I1024}
+ * @public
+ */
+declare const I1024_MAX: bigint;
+/**
+ * Expected byte length for 8-bit values.
+ *
+ * @remarks Value: 1 byte
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U8_BYTE_LENGTH); // 1 byte
+ * ```
+ *
+ * @see {@link U8LeBytes}
+ * @see {@link U8BeBytes}
+ * @public
+ */
+declare const U8_BYTE_LENGTH = 1;
+/**
+ * Expected byte length for 16-bit values.
+ *
+ * @remarks Value: 2 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U16_BYTE_LENGTH); // 2 bytes
+ * ```
+ *
+ * @see {@link U16LeBytes}
+ * @see {@link U16BeBytes}
+ * @public
+ */
+declare const U16_BYTE_LENGTH = 2;
+/**
+ * Expected byte length for 32-bit values.
+ *
+ * @remarks Value: 4 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U32_BYTE_LENGTH); // 4 bytes
+ * ```
+ *
+ * @see {@link U32LeBytes}
+ * @see {@link U32BeBytes}
+ * @public
+ */
+declare const U32_BYTE_LENGTH = 4;
+/**
+ * Expected byte length for 64-bit values.
+ *
+ * @remarks Value: 8 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U64_BYTE_LENGTH); // 8 bytes
+ * ```
+ *
+ * @see {@link U64LeBytes}
+ * @see {@link U64BeBytes}
+ * @public
+ */
+declare const U64_BYTE_LENGTH = 8;
+/**
+ * Expected byte length for 128-bit values.
+ *
+ * @remarks Value: 16 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U128_BYTE_LENGTH); // 16 bytes
+ * ```
+ *
+ * @see {@link U128LeBytes}
+ * @see {@link U128BeBytes}
+ * @public
+ */
+declare const U128_BYTE_LENGTH = 16;
+/**
+ * Expected byte length for 256-bit values.
+ *
+ * @remarks Value: 32 bytes
+ *
+ * @example
+ * ```typescript
+ * // Allocate a buffer for a 256-bit cryptographic scalar
+ * const scalarBytes = new Uint8Array(U256_BYTE_LENGTH); // 32 bytes
+ * ```
+ *
+ * @see {@link U256LeBytes}
+ * @see {@link U256BeBytes}
+ * @public
+ */
+declare const U256_BYTE_LENGTH = 32;
+/**
+ * Expected byte length for 512-bit values.
+ *
+ * @remarks Value: 64 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U512_BYTE_LENGTH); // 64 bytes
+ * ```
+ *
+ * @see {@link U512LeBytes}
+ * @see {@link U512BeBytes}
+ * @public
+ */
+declare const U512_BYTE_LENGTH = 64;
+/**
+ * Expected byte length for 1024-bit values.
+ *
+ * @remarks Value: 128 bytes
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(U1024_BYTE_LENGTH); // 128 bytes
+ * ```
+ *
+ * @see {@link U1024LeBytes}
+ * @see {@link U1024BeBytes}
+ * @public
+ */
+declare const U1024_BYTE_LENGTH = 128;
+/**
+ * Error thrown when a value fails a mathematical type assertion.
+ *
+ * This error provides detailed information about why an assertion failed,
+ * including the actual value, the expected type, and the constraint that
+ * was violated.
+ *
+ * @remarks
+ * All assertion functions in this module throw this error type on failure.
+ * You can catch this specific error type to handle assertion failures
+ * differently from other errors.
+ *
+ * ## Error Properties
+ * - `value`: The actual value that failed assertion
+ * - `expectedType`: The type that was expected (e.g., "U8", "U256LeBytes")
+ * - `constraint`: Optional description of the constraint that was violated
+ *
+ * @example
+ * ```typescript
+ * import { assertU8, MathematicsAssertionError } from "./mathematics";
+ *
+ * try {
+ *     const value = assertU8(256n); // Will throw
+ * } catch (error) {
+ *     if (error instanceof MathematicsAssertionError) {
+ *         console.error(`Assertion failed for ${error.expectedType}`);
+ *         console.error(`Value: ${error.value}`);
+ *         console.error(`Constraint: ${error.constraint}`);
+ *         // Output:
+ *         // Assertion failed for U8
+ *         // Value: 256
+ *         // Constraint: 0 <= value <= 255
+ *     }
+ * }
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Custom error handling
+ * function safeParseU8(value: bigint): U8 | null {
+ *     try {
+ *         return assertU8(value);
+ *     } catch (error) {
+ *         if (error instanceof MathematicsAssertionError) {
+ *             console.warn(`Invalid U8 value: ${value}`);
+ *             return null;
+ *         }
+ *         throw error; // Re-throw unexpected errors
+ *     }
+ * }
+ * ```
+ *
+ * @sealed
+ * @public
+ */
+declare class MathematicsAssertionError extends Error {
+    /**
+     * The actual value that failed the assertion.
+     *
+     * @remarks
+     * This can be any type depending on what was being asserted.
+     * For integer assertions, this will be a `bigint`.
+     * For byte array assertions, this will be a `Uint8Array`.
+     *
+     * @readonly
+     */
+    readonly value: unknown;
+    /**
+     * The type that was expected.
+     *
+     * @remarks
+     * This is the branded type name (e.g., "U8", "U256", "U32LeBytes").
+     *
+     * @readonly
+     */
+    readonly expectedType: string;
+    /**
+     * Description of the constraint that was violated.
+     *
+     * @remarks
+     * This is `undefined` if only a type check failed (e.g., expected bigint, got string).
+     * It contains a human-readable constraint description when a value is out of range.
+     *
+     * @example
+     * - "0 <= value <= 255" for U8 range violations
+     * - "length === 32" for U256LeBytes length violations
+     * - "value >= 0" for negative unsigned integer attempts
+     *
+     * @readonly
+     */
+    readonly constraint: string | undefined;
+    /**
+     * Creates a new MathematicsAssertionError.
+     *
+     * @param message - Human-readable error message
+     * @param options - Error details
+     * @param options.value - The value that failed assertion
+     * @param options.expectedType - The expected type name
+     * @param options.constraint - Optional constraint description
+     */
+    constructor(message: string, options: {
+        value: unknown;
+        expectedType: string;
+        constraint?: string;
+    });
+}
+/**
+ * Asserts that a value is a valid Uint8Array and narrows it to `Bytes`.
+ *
+ * This is the base assertion for all byte array types. It validates that
+ * the input is a `Uint8Array` instance.
+ *
+ * @param value - The Uint8Array to assert
+ * @throws {MathematicsAssertionError} If the value is not a Uint8Array
+ *
+ * @example
+ * ```typescript
+ * const rawBytes = new Uint8Array([0x01, 0x02, 0x03]);
+ * assertBytes(rawBytes);
+ * // rawBytes is now typed as Bytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link Bytes}
+ * @public
+ */
+declare function assertBytes(value: Uint8Array): asserts value is Bytes;
+/**
+ * Asserts that a value is a valid Uint8Array and narrows it to `LeBytes`.
+ *
+ * This function validates that the input is a `Uint8Array` instance and
+ * uses TypeScript's type narrowing to treat it as a little-endian byte array.
+ * No length validation is performed.
+ *
+ * @param value - The Uint8Array to assert
+ * @throws {MathematicsAssertionError} If the value is not a Uint8Array
+ *
+ * @remarks
+ * This is the base assertion for little-endian byte arrays.
+ * For sized byte arrays, use the specific assertions like `assertU32LeBytes`.
+ *
+ * @example
+ * ```typescript
+ * // Brand a byte array as little-endian
+ * const rawBytes = new Uint8Array([0x78, 0x56, 0x34, 0x12]);
+ * assertLeBytes(rawBytes);
+ * // rawBytes is now typed as LeBytes
+ *
+ * // The branded type prevents mixing with big-endian
+ * function processLittleEndian(bytes: LeBytes): void { ... }
+ * processLittleEndian(rawBytes); // OK after assertion
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link LeBytes}
+ * @public
+ */
+declare function assertLeBytes(value: Uint8Array): asserts value is LeBytes;
+/**
+ * Asserts that a value is a valid Uint8Array and narrows it to `BeBytes`.
+ *
+ * This function validates that the input is a `Uint8Array` instance and
+ * uses TypeScript's type narrowing to treat it as a big-endian byte array.
+ * No length validation is performed.
+ *
+ * @param value - The Uint8Array to assert
+ * @throws {MathematicsAssertionError} If the value is not a Uint8Array
+ *
+ * @remarks
+ * This is the base assertion for big-endian byte arrays.
+ * For sized byte arrays, use the specific assertions like `assertU32BeBytes`.
+ *
+ * @example
+ * ```typescript
+ * // Brand a byte array as big-endian (network byte order)
+ * const rawBytes = new Uint8Array([0x12, 0x34, 0x56, 0x78]);
+ * assertBeBytes(rawBytes);
+ * // rawBytes is now typed as BeBytes
+ *
+ * // Use for network protocol data
+ * function sendNetworkData(bytes: BeBytes): void { ... }
+ * sendNetworkData(rawBytes); // OK after assertion
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link BeBytes}
+ * @public
+ */
+declare function assertBeBytes(value: Uint8Array): asserts value is BeBytes;
+/**
+ * Asserts that a value is a 1-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 1 byte)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const byte = new Uint8Array([0xFF]);
+ * assertU8LeBytes(byte);
+ * // byte is now typed as U8LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U8LeBytes}
+ * @public
+ */
+declare function assertU8LeBytes(value: Uint8Array): asserts value is U8LeBytes;
+/**
+ * Asserts that a value is a 2-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 2 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * // 0x1234 in little-endian
+ * const bytes = new Uint8Array([0x34, 0x12]);
+ * assertU16LeBytes(bytes);
+ * // bytes is now typed as U16LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U16LeBytes}
+ * @public
+ */
+declare function assertU16LeBytes(value: Uint8Array): asserts value is U16LeBytes;
+/**
+ * Asserts that a value is a 4-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 4 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * // 0x12345678 in little-endian
+ * const bytes = new Uint8Array([0x78, 0x56, 0x34, 0x12]);
+ * assertU32LeBytes(bytes);
+ * // bytes is now typed as U32LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U32LeBytes}
+ * @public
+ */
+declare function assertU32LeBytes(value: Uint8Array): asserts value is U32LeBytes;
+/**
+ * Asserts that a value is an 8-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 8 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(8);
+ * assertU64LeBytes(bytes);
+ * // bytes is now typed as U64LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U64LeBytes}
+ * @public
+ */
+declare function assertU64LeBytes(value: Uint8Array): asserts value is U64LeBytes;
+/**
+ * Asserts that a value is a 16-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 16 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(16);
+ * assertU128LeBytes(bytes);
+ * // bytes is now typed as U128LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U128LeBytes}
+ * @public
+ */
+declare function assertU128LeBytes(value: Uint8Array): asserts value is U128LeBytes;
+/**
+ * Asserts that a value is a 32-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 32 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @remarks
+ * 32-byte arrays are commonly used for:
+ * - SHA-256 hash outputs
+ * - Elliptic curve scalars
+ * - Private keys
+ *
+ * @example
+ * ```typescript
+ * // Create a 256-bit scalar representation
+ * const scalar = new Uint8Array(32);
+ * assertU256LeBytes(scalar);
+ * // scalar is now typed as U256LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U256LeBytes}
+ * @public
+ */
+declare function assertU256LeBytes(value: Uint8Array): asserts value is U256LeBytes;
+/**
+ * Asserts that a value is a 64-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 64 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(64);
+ * assertU512LeBytes(bytes);
+ * // bytes is now typed as U512LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U512LeBytes}
+ * @public
+ */
+declare function assertU512LeBytes(value: Uint8Array): asserts value is U512LeBytes;
+/**
+ * Asserts that a value is a 128-byte little-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 128 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(128);
+ * assertU1024LeBytes(bytes);
+ * // bytes is now typed as U1024LeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U1024LeBytes}
+ * @public
+ */
+declare function assertU1024LeBytes(value: Uint8Array): asserts value is U1024LeBytes;
+/**
+ * Asserts that a value is a 1-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 1 byte)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const byte = new Uint8Array([0xFF]);
+ * assertU8BeBytes(byte);
+ * // byte is now typed as U8BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U8BeBytes}
+ * @public
+ */
+declare function assertU8BeBytes(value: Uint8Array): asserts value is U8BeBytes;
+/**
+ * Asserts that a value is a 2-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 2 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * // Network port 443 in big-endian
+ * const portBytes = new Uint8Array([0x01, 0xBB]);
+ * assertU16BeBytes(portBytes);
+ * // portBytes is now typed as U16BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U16BeBytes}
+ * @public
+ */
+declare function assertU16BeBytes(value: Uint8Array): asserts value is U16BeBytes;
+/**
+ * Asserts that a value is a 4-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 4 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * // IP address 127.0.0.1 in big-endian
+ * const ipBytes = new Uint8Array([127, 0, 0, 1]);
+ * assertU32BeBytes(ipBytes);
+ * // ipBytes is now typed as U32BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U32BeBytes}
+ * @public
+ */
+declare function assertU32BeBytes(value: Uint8Array): asserts value is U32BeBytes;
+/**
+ * Asserts that a value is an 8-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 8 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(8);
+ * assertU64BeBytes(bytes);
+ * // bytes is now typed as U64BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U64BeBytes}
+ * @public
+ */
+declare function assertU64BeBytes(value: Uint8Array): asserts value is U64BeBytes;
+/**
+ * Asserts that a value is a 16-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 16 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * // UUID bytes in big-endian format
+ * const uuidBytes = new Uint8Array(16);
+ * assertU128BeBytes(uuidBytes);
+ * // uuidBytes is now typed as U128BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U128BeBytes}
+ * @public
+ */
+declare function assertU128BeBytes(value: Uint8Array): asserts value is U128BeBytes;
+/**
+ * Asserts that a value is a 32-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 32 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @remarks
+ * Big-endian 256-bit arrays are common in cryptographic specifications
+ * and blockchain protocols.
+ *
+ * @example
+ * ```typescript
+ * // Hash output in standard big-endian format
+ * assertU256BeBytes(sha256Result);
+ * // sha256Result is now typed as U256BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U256BeBytes}
+ * @public
+ */
+declare function assertU256BeBytes(value: Uint8Array): asserts value is U256BeBytes;
+/**
+ * Asserts that a value is a 64-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 64 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(64);
+ * assertU512BeBytes(bytes);
+ * // bytes is now typed as U512BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U512BeBytes}
+ * @public
+ */
+declare function assertU512BeBytes(value: Uint8Array): asserts value is U512BeBytes;
+/**
+ * Asserts that a value is a 128-byte big-endian byte array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 128 bytes)
+ * @throws {MathematicsAssertionError} If not a Uint8Array or wrong length
+ *
+ * @example
+ * ```typescript
+ * const bytes = new Uint8Array(128);
+ * assertU1024BeBytes(bytes);
+ * // bytes is now typed as U1024BeBytes
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U1024BeBytes}
+ * @public
+ */
+declare function assertU1024BeBytes(value: Uint8Array): asserts value is U1024BeBytes;
+/**
+ * Asserts that a value is a non-negative bigint and narrows it to `UnsignedInteger`.
+ *
+ * This is the base assertion for all unsigned integer types.
+ * It validates that the value is a `bigint` and is non-negative (>= 0).
+ *
+ * @param value - The bigint to assert (must be >= 0)
+ * @throws {MathematicsAssertionError} If not a bigint or if negative
+ *
+ * @remarks
+ * Use this when you need to ensure a value is unsigned but don't need
+ * a specific bit-width constraint.
+ *
+ * @example
+ * ```typescript
+ * const value = 12345n;
+ * assertUnsignedInteger(value);
+ * // value is now typed as UnsignedInteger
+ *
+ * assertUnsignedInteger(-1n); // Throws: negative value
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link UnsignedInteger}
+ * @public
+ */
+declare function assertUnsignedInteger(value: bigint): asserts value is UnsignedInteger;
+/**
+ * Asserts that a value is a bigint and narrows it to `SignedInteger`.
+ *
+ * This is the base assertion for all signed integer types.
+ * It only validates that the value is a `bigint` (no range constraints).
+ *
+ * @param value - The bigint to assert
+ * @throws {MathematicsAssertionError} If not a bigint
+ *
+ * @remarks
+ * Use this when you need to ensure a value is a bigint but don't need
+ * a specific bit-width constraint.
+ *
+ * @example
+ * ```typescript
+ * const value = -12345n;
+ * assertSignedInteger(value);
+ * // value is now typed as SignedInteger
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link SignedInteger}
+ * @public
+ */
+declare function assertSignedInteger(value: bigint): asserts value is SignedInteger;
+/**
+ * Asserts that a value is a valid 8-bit unsigned integer (0 to 255).
+ *
+ * @param value - The bigint to assert (must be in range [0, 255])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const value = 255n;
+ * assertU8(value);
+ * // value is now typed as U8
+ *
+ * assertU8(256n);  // Throws: exceeds maximum
+ * assertU8(-1n);   // Throws: below minimum
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U8}
+ * @public
+ */
+declare function assertU8(value: bigint): asserts value is U8;
+/**
+ * Asserts that a value is a valid 16-bit unsigned integer (0 to 65,535).
+ *
+ * @param value - The bigint to assert (must be in range [0, 65535])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const port = 443n;
+ * assertU16(port);
+ * // port is now typed as U16
+ *
+ * assertU16(65536n);  // Throws: exceeds maximum
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U16}
+ * @public
+ */
+declare function assertU16(value: bigint): asserts value is U16;
+/**
+ * Asserts that a value is a valid 32-bit unsigned integer (0 to 4,294,967,295).
+ *
+ * @param value - The bigint to assert (must be in range [0, 4294967295])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const timestamp = 1704067200n;
+ * assertU32(timestamp);
+ * // timestamp is now typed as U32
+ *
+ * assertU32(4294967296n);  // Throws: exceeds maximum (2^32)
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U32}
+ * @public
+ */
+declare function assertU32(value: bigint): asserts value is U32;
+/**
+ * Asserts that a value is a valid 64-bit unsigned integer.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^64 - 1])
+ * @param name - The name of the variable being asserted, used in error messages for context.
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @defaultValue `name` defaults to `"value"`
+ *
+ * @example
+ * ```typescript
+ * const large = 18446744073709551615n;
+ * assertU64(large, "large");
+ * // large is now typed as U64
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U64}
+ * @public
+ */
+declare function assertU64(value: bigint, name?: string): asserts value is U64;
+/**
+ * Asserts that a value is a valid 128-bit unsigned integer.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^128 - 1])
+ * @param name - The name of the variable being asserted, used in error messages for context.
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @defaultValue `name` defaults to `"value"`
+ *
+ * @example
+ * ```typescript
+ * const uuid = 0x550e8400e29b41d4a716446655440000n;
+ * assertU128(uuid, "uuid");
+ * // uuid is now typed as U128
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U128}
+ * @public
+ */
+declare function assertU128(value: bigint, name?: string): asserts value is U128;
+/**
+ * Asserts that a value is a valid 256-bit unsigned integer.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^256 - 1])
+ * @param name - The name of the variable being asserted, used in error messages for context.
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @defaultValue `name` defaults to `"value"`
+ *
+ * @remarks
+ * This is commonly used for elliptic curve operations where scalars
+ * and field elements must be within the 256-bit range.
+ *
+ * @example
+ * ```typescript
+ * // Validate a private key is in valid range
+ * assertU256(secretKeyBigInt, "secretKeyBigInt");
+ * // secretKeyBigInt is now typed as U256
+ *
+ * // Validate a hash value
+ * assertU256(sha256AsBigInt, "sha256AsBigInt");
+ * // sha256AsBigInt is now typed as U256
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U256}
+ * @public
+ */
+declare function assertU256(value: bigint, name?: string): asserts value is U256;
+/**
+ * Asserts that a value is a valid 512-bit unsigned integer.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^512 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * assertU512(sha512AsBigInt);
+ * // sha512AsBigInt is now typed as U512
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U512}
+ * @public
+ */
+declare function assertU512(value: bigint): asserts value is U512;
+/**
+ * Asserts that a value is a valid 1024-bit unsigned integer.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^1024 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * assertU1024(modulusBigInt);
+ * // modulusBigInt is now typed as U1024
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link U1024}
+ * @public
+ */
+declare function assertU1024(value: bigint): asserts value is U1024;
+/**
+ * Asserts that a value is a valid 8-bit signed integer (-128 to 127).
+ *
+ * @param value - The bigint to assert (must be in range [-128, 127])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const value = 127n;
+ * assertI8(value);
+ * // value is now typed as I8
+ *
+ * assertI8(128n);   // Throws: exceeds maximum
+ * assertI8(-129n);  // Throws: below minimum
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I8}
+ * @public
+ */
+declare function assertI8(value: bigint): asserts value is I8;
+/**
+ * Asserts that a value is a valid 16-bit signed integer (-32,768 to 32,767).
+ *
+ * @param value - The bigint to assert (must be in range [-32768, 32767])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const audioSample = -16384n;
+ * assertI16(audioSample);
+ * // audioSample is now typed as I16
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I16}
+ * @public
+ */
+declare function assertI16(value: bigint): asserts value is I16;
+/**
+ * Asserts that a value is a valid 32-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2147483648, 2147483647])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const offset = -1000n;
+ * assertI32(offset);
+ * // offset is now typed as I32
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I32}
+ * @public
+ */
+declare function assertI32(value: bigint): asserts value is I32;
+/**
+ * Asserts that a value is a valid 64-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2^63, 2^63 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const difference = -1000000000000n;
+ * assertI64(difference);
+ * // difference is now typed as I64
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I64}
+ * @public
+ */
+declare function assertI64(value: bigint): asserts value is I64;
+/**
+ * Asserts that a value is a valid 128-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2^127, 2^127 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const value = -170141183460469231731687303715884105728n;
+ * assertI128(value);
+ * // value is now typed as I128
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I128}
+ * @public
+ */
+declare function assertI128(value: bigint): asserts value is I128;
+/**
+ * Asserts that a value is a valid 256-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2^255, 2^255 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const signedScalar = -12345678901234567890n;
+ * assertI256(signedScalar);
+ * // signedScalar is now typed as I256
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I256}
+ * @public
+ */
+declare function assertI256(value: bigint): asserts value is I256;
+/**
+ * Asserts that a value is a valid 512-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2^511, 2^511 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const value = -1n;
+ * assertI512(value);
+ * // value is now typed as I512
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I512}
+ * @public
+ */
+declare function assertI512(value: bigint): asserts value is I512;
+/**
+ * Asserts that a value is a valid 1024-bit signed integer.
+ *
+ * @param value - The bigint to assert (must be in range [-2^1023, 2^1023 - 1])
+ * @throws {MathematicsAssertionError} If not a bigint or out of range
+ *
+ * @example
+ * ```typescript
+ * const value = 0n;
+ * assertI1024(value);
+ * // value is now typed as I1024
+ * ```
+ *
+ * @returns `void` — type narrowing is applied to the argument in-place.
+ * @see {@link I1024}
+ * @public
+ */
+declare function assertI1024(value: bigint): asserts value is I1024;
+
+/**
+ * Cryptography Types
+ *
+ * This module defines branded types for cryptographic primitives used throughout the SDK.
+ * These types provide compile-time safety for elliptic curve field elements and cipher operations.
+ *
+ * ## Overview
+ *
+ * The module includes:
+ * - **Field Elements**: Types for elliptic curve operations (BN254, Curve25519)
+ * - **Cipher Types**: Poseidon and Rescue cipher primitives
+ * - **Constants**: Field primes for validation
+ * - **Assertions**: Runtime validation functions
+ *
+ * @remarks
+ * All numeric cryptographic types use TypeScript branded types (phantom type tags) to prevent
+ * accidental mixing of values from different domains. For example, a `PoseidonKey` cannot be
+ * passed where a `RcKey` is expected, even though both are ultimately bigints. This catches
+ * a large class of cryptographic misuse bugs at compile time rather than runtime.
+ *
+ * Byte-array types (X25519, AES, Groth16 proof components) use Uint8Array sub-brands so that
+ * the TypeScript compiler enforces correct sizes and semantics at every call site.
+ *
+ * @packageDocumentation
+ * @module types/cryptography
+ */
+
+/**
+ * The prime field modulus for BN254 (alt_bn128) curve.
+ *
+ * @remarks
+ * This is the order of the scalar field Fr for the BN254 pairing-friendly elliptic curve.
+ * Value: 21888242871839275222246405745257275088548364400416034343698204186575808495617
+ *
+ * All `Bn254FieldElement` values and derived types (Poseidon keys, hashes, viewing keys)
+ * must be strictly less than this constant.
+ *
+ * @see {@link Bn254FieldElement}
+ * @see {@link assertBn254FieldElement}
+ * @public
+ */
+declare const BN254_FIELD_PRIME = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+/**
+ * The prime field modulus for Curve25519.
+ *
+ * @remarks
+ * Value: 2^255 - 19 = 57896044618658097711785492504343953926634992332820282019728792003956564819949
+ *
+ * All `Curve25519FieldElement` values and derived types (Rescue cipher types, RcEncryptionNonce)
+ * must be strictly less than this constant.
+ *
+ * @see {@link Curve25519FieldElement}
+ * @see {@link assertCurve25519FieldElement}
+ * @public
+ */
+declare const CURVE25519_FIELD_PRIME: bigint;
+/**
+ * Error thrown when a cryptographic type assertion fails.
+ *
+ * This error provides detailed information about why an assertion failed,
+ * including the actual value, the expected type, and the constraint that
+ * was violated.
+ *
+ * @remarks
+ * Every `assertXxx` function in this module throws `CryptographyAssertionError` on failure.
+ * Catch this specific type when you need to handle assertion failures differently from
+ * other runtime errors (e.g., to provide user-friendly validation messages or to fall back
+ * to a safe default).
+ *
+ * @example
+ * ```typescript
+ * import { assertBn254FieldElement, CryptographyAssertionError } from "./cryptography";
+ *
+ * try {
+ *     const value = assertBn254FieldElement(-1n); // Will throw
+ * } catch (error) {
+ *     if (error instanceof CryptographyAssertionError) {
+ *         console.error(`Assertion failed for ${error.expectedType}`);
+ *         console.error(`Value: ${error.value}`);
+ *         console.error(`Constraint: ${error.constraint}`);
+ *     }
+ * }
+ * ```
+ *
+ * @sealed
+ * @public
+ */
+declare class CryptographyAssertionError extends Error {
+    /**
+     * The actual value that failed the assertion.
+     * @readonly
+     */
+    readonly value: unknown;
+    /**
+     * The type that was expected (e.g., "Bn254FieldElement", "PoseidonKey").
+     * @readonly
+     */
+    readonly expectedType: string;
+    /**
+     * Description of the constraint that was violated.
+     *
+     * @remarks
+     * Will be `undefined` when the failure is purely a type mismatch (e.g., received a string
+     * instead of a bigint). Contains a human-readable range or length constraint when the value
+     * was the correct type but out of the valid range.
+     *
+     * @example `"value >= 0"`, `"value < BN254_FIELD_PRIME"`, `"length === 32"`
+     * @readonly
+     */
+    readonly constraint: string | undefined;
+    /**
+     * Creates a new CryptographyAssertionError.
+     *
+     * @param message - Human-readable error message describing what went wrong
+     * @param options - Structured error details for programmatic inspection
+     * @param options.value - The value that failed the assertion
+     * @param options.expectedType - Name of the branded type that was expected
+     * @param options.constraint - Optional human-readable constraint that was violated
+     */
+    constructor(message: string, options: {
+        value: unknown;
+        expectedType: string;
+        constraint?: string;
+    });
+}
+/**
+ * Field element for the BN254 (alt_bn128) elliptic curve.
+ *
+ * BN254 is a pairing-friendly elliptic curve widely used in zero-knowledge proofs.
+ * The field prime is: 21888242871839275222246405745257275088548364400416034343698204186575808495617
+ *
+ * @remarks
+ * - Used in Ethereum precompiles (EIP-196, EIP-197)
+ * - Provides ~100 bits of security
+ * - Supports efficient pairing operations
+ * - Valid range: [0, BN254_FIELD_PRIME - 1]
+ * - Encoded as a TypeScript `bigint`; the sub-brand prevents mixing with Curve25519 or raw U256 values
+ *
+ * This is the base type for all Poseidon cipher types and all viewing key types used in the
+ * Umbra protocol.
+ *
+ * @see {@link BN254_FIELD_PRIME}
+ * @see {@link assertBn254FieldElement}
+ * @see https://eips.ethereum.org/EIPS/eip-196
+ * @public
+ */
+type Bn254FieldElement = SubSubBrandedType<U256, "Bn254FieldElement">;
+/**
+ * Field element for the Curve25519 elliptic curve.
+ *
+ * Curve25519 is a Montgomery curve designed for high-speed Diffie-Hellman key exchange.
+ * The field prime is: 2^255 - 19
+ *
+ * @remarks
+ * - Provides ~128 bits of security
+ * - Designed to be resistant to timing attacks
+ * - Used in Ed25519 signatures and X25519 key exchange
+ * - Valid range: [0, CURVE25519_FIELD_PRIME - 1]
+ * - Encoded as a TypeScript `bigint`; the sub-brand prevents mixing with BN254 field values
+ *
+ * This is the base type for all Rescue cipher types (RcCiphertext, RcPlaintext, RcKey, RcCounter).
+ *
+ * @see {@link CURVE25519_FIELD_PRIME}
+ * @see {@link assertCurve25519FieldElement}
+ * @see https://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * @public
+ */
+type Curve25519FieldElement = SubSubBrandedType<U256, "Curve25519FieldElement">;
+/**
+ * Byte length for all X25519 key exchange values (keys and shared secrets).
+ *
+ * @remarks
+ * X25519 public keys, private keys, and shared secrets are all exactly 32 bytes (256 bits)
+ * as specified in RFC 7748. This constant is used by all X25519 assertion functions.
+ *
+ * @see {@link assertX25519Bytes}
+ * @see {@link assertX25519PrivateKey}
+ * @see {@link assertX25519PublicKey}
+ * @see {@link assertSharedSecret}
+ * @public
+ */
+declare const X25519_BYTE_LENGTH = 32;
+/**
+ * Byte array type for X25519 key exchange operations.
+ *
+ * X25519 is an elliptic curve Diffie-Hellman (ECDH) protocol using Curve25519.
+ * All X25519 values (public keys, private keys, shared secrets) are exactly 32 bytes.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Used for X25519 key exchange operations
+ * - Parallel to LeBytes/BeBytes as a sub-brand of Bytes
+ * - Endianness-agnostic (X25519 spec defines byte order)
+ * - This is the base type from which `X25519PrivateKey`, `X25519PublicKey`, and `SharedSecret` are derived
+ *
+ * @see {@link X25519_BYTE_LENGTH}
+ * @see {@link X25519PrivateKey}
+ * @see {@link X25519PublicKey}
+ * @see {@link SharedSecret}
+ * @see https://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * @see https://tools.ietf.org/html/rfc7748
+ * @public
+ */
+type X25519Bytes = SubBrandedType<Bytes, "X25519Bytes">;
+/**
+ * X25519 private key for elliptic curve Diffie-Hellman key exchange.
+ *
+ * A private key is a 32-byte value that should be generated using a
+ * cryptographically secure random number generator. It is used together
+ * with a public key to compute a shared secret.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Must be kept secret and never shared
+ * - Should be generated using crypto.getRandomValues() or similar CSPRNG
+ * - The X25519 algorithm applies clamping to the private key during use
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── X25519PrivateKey (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Generate a new private key
+ * const rawPrivateKey = crypto.getRandomValues(new Uint8Array(32));
+ * assertX25519PrivateKey(rawPrivateKey);
+ * // rawPrivateKey is now typed as X25519PrivateKey
+ *
+ * // Derive the public key
+ * const publicKey = x25519GetPublicKey(rawPrivateKey);
+ * ```
+ *
+ * @see https://tools.ietf.org/html/rfc7748#section-5
+ * @public
+ */
+type X25519PrivateKey = SubSubBrandedType<X25519Bytes, "X25519PrivateKey">;
+/**
+ * X25519 public key for elliptic curve Diffie-Hellman key exchange.
+ *
+ * A public key is a 32-byte value derived from a private key. It can be
+ * freely shared and is used by other parties to compute a shared secret.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Can be shared publicly
+ * - Derived from a corresponding X25519PrivateKey
+ * - Used as input to X25519 key exchange
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── X25519PublicKey (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Receive a public key from another party
+ * const theirPublicKey = receivePublicKey();
+ * assertX25519PublicKey(theirPublicKey);
+ * // theirPublicKey is now typed as X25519PublicKey
+ *
+ * // Compute shared secret
+ * const sharedSecret = x25519(myPrivateKey, theirPublicKey);
+ * ```
+ *
+ * @see https://tools.ietf.org/html/rfc7748#section-5
+ * @public
+ */
+type X25519PublicKey = SubSubBrandedType<X25519Bytes, "X25519PublicKey">;
+/**
+ * Shared secret produced by X25519 key exchange.
+ *
+ * This type represents the output of an X25519 ECDH operation, which combines
+ * a private key with a public key to produce a shared secret that both parties
+ * can compute independently.
+ *
+ * @remarks
+ * - Size: 32 bytes (256 bits)
+ * - Should be used as input to a Key Derivation Function (KDF)
+ * - Never use raw shared secrets directly as encryption keys
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── X25519Bytes (sub-brand, 32 bytes)
+ *         └── SharedSecret (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // After performing X25519 key exchange
+ * const rawSharedSecret = x25519(myPrivateKey, theirPublicKey);
+ * assertSharedSecret(rawSharedSecret);
+ * // rawSharedSecret is now typed as SharedSecret
+ *
+ * // Derive an encryption key from the shared secret
+ * const encryptionKey = kdf(rawSharedSecret);
+ * ```
+ *
+ * @see https://tools.ietf.org/html/rfc7748#section-6
+ * @public
+ */
+type SharedSecret = SubSubBrandedType<X25519Bytes, "SharedSecret">;
+/**
+ * Plaintext input for Poseidon cipher encryption.
+ *
+ * Poseidon is a cryptographic hash function and cipher optimized for
+ * zero-knowledge proof systems. It operates natively on field elements.
+ *
+ * @remarks
+ * Must be a valid BN254 field element (less than the field prime). Plaintext values that
+ * represent token amounts or account balances are encoded as field elements before being
+ * passed to the Poseidon cipher.
+ *
+ * @see {@link assertPoseidonPlaintext}
+ * @see {@link BN254_FIELD_PRIME}
+ * @public
+ */
+type PoseidonPlaintext = SubSubSubBrandedType<Bn254FieldElement, "PoseidonPlaintext">;
+/**
+ * Hash output from the Poseidon hash function.
+ *
+ * The Poseidon hash function produces a single field element as output.
+ * It is collision-resistant and designed for efficient verification in SNARKs.
+ *
+ * @remarks
+ * Output is always a valid BN254 field element. Used extensively in the Umbra protocol for
+ * UTXO commitment construction, nullifier derivation, and Merkle tree nodes.
+ *
+ * @see {@link assertPoseidonHash}
+ * @public
+ */
+type PoseidonHash = SubSubSubBrandedType<Bn254FieldElement, "PoseidonHash">;
+/**
+ * Encryption key for the Poseidon cipher.
+ *
+ * Keys should be generated using a cryptographically secure random number generator
+ * and must be valid BN254 field elements.
+ *
+ * @remarks
+ * Key security depends on uniform random sampling from the field. In the Umbra protocol,
+ * Poseidon keys are derived deterministically from viewing keys and are scoped per-transaction.
+ *
+ * @see {@link assertPoseidonKey}
+ * @public
+ */
+type PoseidonKey = SubSubSubBrandedType<Bn254FieldElement, "PoseidonKey">;
+/**
+ * Ciphertext output from Poseidon cipher encryption.
+ *
+ * The ciphertext is a field element that can only be decrypted
+ * with the corresponding PoseidonKey.
+ *
+ * @remarks
+ * Ciphertext is indistinguishable from random field elements under the security assumptions of
+ * Poseidon. In the Umbra protocol, Poseidon ciphertexts are stored on-chain to represent
+ * encrypted token balances in confidential token accounts.
+ *
+ * @see {@link assertPoseidonCiphertext}
+ * @see {@link PoseidonKey}
+ * @public
+ */
+type PoseidonCiphertext = SubSubSubBrandedType<Bn254FieldElement, "PoseidonCiphertext">;
+/**
+ * Counter value for the Poseidon cipher.
+ *
+ * Used as a nonce or counter in counter-mode encryption operations
+ * with the Poseidon cipher. Similar to RcCounter but operates on
+ * the BN254 field for compatibility with Poseidon's field arithmetic.
+ *
+ * @remarks
+ * - Must be a valid BN254 field element (less than the field prime)
+ * - Should be unique for each encryption operation with the same key
+ * - Commonly used in counter-mode constructions for deterministic encryption
+ * - Reusing a counter with the same key may compromise security
+ *
+ * @example
+ * ```typescript
+ * // Create a counter for Poseidon encryption
+ * const counter = 0n;
+ * assertPoseidonCounter(counter);
+ * // counter is now typed as PoseidonCounter
+ *
+ * // Increment for next encryption
+ * const nextCounter = counter + 1n;
+ * assertPoseidonCounter(nextCounter);
+ * ```
+ *
+ * @see {@link assertPoseidonCounter}
+ * @public
+ */
+type PoseidonCounter = SubSubSubBrandedType<Bn254FieldElement, "PoseidonCounter">;
+/**
+ * Keystream value generated by the Poseidon keystream generator.
+ *
+ * A keystream is a pseudo-random value derived from a master key and counter
+ * using the Poseidon PRF. It is used in stream cipher operations to encrypt
+ * plaintext data (e.g., `ciphertext = plaintext + keystream`).
+ *
+ * @remarks
+ * - Must be a valid BN254 field element (less than the field prime)
+ * - Derived deterministically from (key, counter, evaluation_point)
+ * - Different counters produce different keystreams for the same key
+ * - Should be used only once per encryption operation
+ *
+ * ## Generation Formula
+ *
+ * ```
+ * keystream = Poseidon([transactionViewingKey, counter, evaluationPoint])
+ * ```
+ *
+ * Where `evaluationPoint` is a domain separation constant (typically 2).
+ *
+ * @example
+ * ```typescript
+ * const keystreamGenerator = getPoseidonKeystreamGenerator();
+ * const keystreamMap = await keystreamGenerator([0n, 1n, 2n], masterKey);
+ *
+ * const keystream0 = keystreamMap.get(0n); // PoseidonKeystream for counter 0
+ * const ciphertext = (plaintext + keystream0) % BN254_FIELD_PRIME;
+ * ```
+ *
+ * @see {@link assertPoseidonKeystream}
+ * @see {@link PoseidonKey}
+ * @see {@link PoseidonCounter}
+ * @public
+ */
+type PoseidonKeystream = SubSubSubBrandedType<Bn254FieldElement, "PoseidonKeystream">;
+/**
+ * Ciphertext output from Rescue cipher encryption.
+ *
+ * Rescue is an algebraic hash function and cipher designed for
+ * zero-knowledge applications with a focus on STARK-friendliness.
+ *
+ * @remarks
+ * Operates on Curve25519 field elements for compatibility with X25519 key exchange and
+ * Ed25519 signatures. Used in the Umbra protocol for encrypting user account data that
+ * is decryptable by the MXE (multi-party execution environment) network.
+ *
+ * @see {@link assertRcCiphertext}
+ * @see {@link RcKey}
+ * @public
+ */
+type RcCiphertext = SubSubSubBrandedType<Curve25519FieldElement, "RcCiphertext">;
+/**
+ * Plaintext input for Rescue cipher encryption.
+ *
+ * @remarks
+ * Must be a valid Curve25519 field element (less than 2^255 - 19). Represents the raw
+ * data to be encrypted with the Rescue cipher before being stored as `RcCiphertext`.
+ *
+ * @see {@link assertRcPlaintext}
+ * @public
+ */
+type RcPlaintext = SubSubSubBrandedType<Curve25519FieldElement, "RcPlaintext">;
+/**
+ * Encryption key for the Rescue cipher.
+ *
+ * @remarks
+ * Keys should be generated using a cryptographically secure random number generator.
+ * Must be a valid Curve25519 field element (less than 2^255 - 19). In the Umbra protocol,
+ * Rescue keys are typically derived from X25519 shared secrets via a KDF.
+ *
+ * @see {@link assertRcKey}
+ * @public
+ */
+type RcKey = SubSubSubBrandedType<Curve25519FieldElement, "RcKey">;
+/**
+ * Counter value for the Rescue cipher.
+ *
+ * Used as a nonce or counter in counter-mode encryption operations.
+ *
+ * @remarks
+ * Must be a valid Curve25519 field element (less than 2^255 - 19).
+ * Should be unique for each encryption operation with the same key.
+ * Reusing a counter with the same key may compromise confidentiality.
+ *
+ * @see {@link assertRcCounter}
+ * @public
+ */
+type RcCounter = SubSubSubBrandedType<Curve25519FieldElement, "RcCounter">;
+/**
+ * Encryption nonce for the Rescue cipher.
+ *
+ * A nonce (number used once) is a unique value used to ensure that the same
+ * plaintext encrypted with the same key produces different ciphertexts.
+ *
+ * @remarks
+ * - Must be a valid U128 (128-bit unsigned integer, range [0, 2^128 - 1])
+ * - Must be unique for each encryption operation with the same key
+ * - Reusing a nonce with the same key compromises security
+ * - Can be generated randomly or as a counter
+ * - 128-bit nonces provide sufficient uniqueness for most applications
+ *
+ * ## Type Hierarchy
+ * ```
+ * bigint
+ *   └── UnsignedInteger (branded, value >= 0)
+ *         └── U128 (sub-brand, value < 2^128)
+ *               └── RcEncryptionNonce (sub-sub-brand)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Generate a random nonce
+ * const randomNonce = generateRandomNonce();
+ *
+ * // Or use a counter-based nonce
+ * const counterNonce = createRcEncryptionNonce(encryptionCounter++);
+ * ```
+ *
+ * @see {@link assertRcEncryptionNonce}
+ * @see {@link Nonce}
+ * @public
+ */
+type RcEncryptionNonce = SubSubBrandedType<U128, "RcEncryptionNonce">;
+/**
+ * Asserts that a value is a valid BN254 field element.
+ *
+ * Validates that the value is a `bigint` and is within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @param name - The name of the variable being asserted (used in error messages)
+ * @defaultValue `name` — `"value"`
+ * @throws {CryptographyAssertionError} If `value` is not a bigint, is negative, or is
+ *   greater than or equal to `BN254_FIELD_PRIME`
+ * @returns `void` — narrows the type of `value` to `Bn254FieldElement` on success
+ *
+ * @example
+ * ```typescript
+ * const value = 12345n;
+ * assertBn254FieldElement(value, "value");
+ * // value is now typed as Bn254FieldElement
+ *
+ * assertBn254FieldElement(-1n, "myValue"); // Throws: myValue is negative
+ * assertBn254FieldElement(BN254_FIELD_PRIME, "myValue"); // Throws: myValue exceeds field prime
+ * ```
+ *
+ * @public
+ */
+declare function assertBn254FieldElement(value: bigint, name?: string): asserts value is Bn254FieldElement;
+/**
+ * Asserts that a value is a valid Curve25519 field element.
+ *
+ * Validates that the value is a `bigint` and is within the Curve25519 field prime (2^255 - 19).
+ *
+ * @param value - The bigint to assert (must be in range [0, CURVE25519_FIELD_PRIME - 1])
+ * @param name - The name of the variable being asserted (used in error messages)
+ * @defaultValue `name` — `"value"`
+ * @throws {CryptographyAssertionError} If `value` is not a bigint, is negative, or is
+ *   greater than or equal to `CURVE25519_FIELD_PRIME`
+ * @returns `void` — narrows the type of `value` to `Curve25519FieldElement` on success
+ *
+ * @example
+ * ```typescript
+ * const value = 12345n;
+ * assertCurve25519FieldElement(value, "value");
+ * // value is now typed as Curve25519FieldElement
+ *
+ * assertCurve25519FieldElement(-1n, "myValue"); // Throws: myValue is negative
+ * ```
+ *
+ * @public
+ */
+declare function assertCurve25519FieldElement(value: bigint, name?: string): asserts value is Curve25519FieldElement;
+/**
+ * Asserts that a value is a valid X25519 byte array (32 bytes).
+ *
+ * X25519 operations (public keys, private keys, shared secrets) all use
+ * 32-byte values. This assertion validates that the input is a `Uint8Array`
+ * with exactly 32 bytes.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `X25519_BYTE_LENGTH` bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `X25519Bytes` on success
+ *
+ * @example
+ * ```typescript
+ * const rawBytes = new Uint8Array(32);
+ * assertX25519Bytes(rawBytes);
+ * // rawBytes is now typed as X25519Bytes
+ *
+ * assertX25519Bytes(new Uint8Array(31)); // Throws: wrong length
+ * ```
+ *
+ * @public
+ */
+declare function assertX25519Bytes(value: Uint8Array): asserts value is X25519Bytes;
+/**
+ * Asserts that a value is a valid X25519 private key.
+ *
+ * A private key must be exactly 32 bytes. This assertion validates both
+ * the type and the length of the input.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `X25519_BYTE_LENGTH` bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `X25519PrivateKey` on success
+ *
+ * @remarks
+ * **Security Warning**: Private keys must be kept secret. Never log, transmit, or expose private
+ * keys. Use secure storage mechanisms such as encrypted local storage or a hardware wallet.
+ *
+ * @example
+ * ```typescript
+ * // Generate a new private key
+ * const rawKey = crypto.getRandomValues(new Uint8Array(32));
+ * assertX25519PrivateKey(rawKey);
+ * // rawKey is now typed as X25519PrivateKey
+ * ```
+ *
+ * @public
+ */
+declare function assertX25519PrivateKey(value: Uint8Array): asserts value is X25519PrivateKey;
+/**
+ * Asserts that a value is a valid X25519 public key.
+ *
+ * A public key must be exactly 32 bytes. This assertion validates both
+ * the type and the length of the input.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `X25519_BYTE_LENGTH` bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `X25519PublicKey` on success
+ *
+ * @example
+ * ```typescript
+ * // Receive and validate a public key
+ * const theirKey = receivePublicKey();
+ * assertX25519PublicKey(theirKey);
+ * // theirKey is now typed as X25519PublicKey
+ *
+ * // Use in key exchange
+ * const sharedSecret = x25519(myPrivateKey, theirKey);
+ * ```
+ *
+ * @public
+ */
+declare function assertX25519PublicKey(value: Uint8Array): asserts value is X25519PublicKey;
+/**
+ * Asserts that a value is a valid X25519 shared secret.
+ *
+ * A shared secret is the result of an X25519 Diffie-Hellman key exchange.
+ * It must be exactly 32 bytes. This assertion validates both the type
+ * and the length of the input.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `X25519_BYTE_LENGTH` bytes)
+ * @throws {CryptographyAssertionError} If the value is not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `SharedSecret` on success
+ *
+ * @remarks
+ * Shared secrets should never be used directly as encryption keys.
+ * Always use a Key Derivation Function (KDF) like HKDF to derive
+ * encryption keys from shared secrets.
+ *
+ * @example
+ * ```typescript
+ * // After performing X25519 key exchange
+ * const rawSecret = x25519(privateKey, publicKey);
+ * assertSharedSecret(rawSecret);
+ * // rawSecret is now typed as SharedSecret
+ *
+ * // Use with a KDF (recommended)
+ * const encryptionKey = hkdf(rawSecret, salt, info);
+ * ```
+ *
+ * @public
+ */
+declare function assertSharedSecret(value: Uint8Array): asserts value is SharedSecret;
+/**
+ * Asserts that a value is a valid Poseidon plaintext.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds BN254 field prime
+ * @returns `void` — narrows the type of `value` to `PoseidonPlaintext` on success
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonPlaintext(messageAsBigInt);
+ * // messageAsBigInt is now typed as PoseidonPlaintext
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonPlaintext(value: bigint): asserts value is PoseidonPlaintext;
+/**
+ * Asserts that a value is a valid Poseidon hash.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds BN254 field prime
+ * @returns `void` — narrows the type of `value` to `PoseidonHash` on success
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonHash(hashOutputBigInt);
+ * // hashOutputBigInt is now typed as PoseidonHash
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonHash(value: bigint): asserts value is PoseidonHash;
+/**
+ * Asserts that a value is a valid Poseidon key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds BN254 field prime
+ * @returns `void` — narrows the type of `value` to `PoseidonKey` on success
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonKey(secretKeyBigInt);
+ * // secretKeyBigInt is now typed as PoseidonKey
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonKey(value: bigint): asserts value is PoseidonKey;
+/**
+ * Asserts that a value is a valid Poseidon ciphertext.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds BN254 field prime
+ * @returns `void` — narrows the type of `value` to `PoseidonCiphertext` on success
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonCiphertext(encryptedBigInt);
+ * // encryptedBigInt is now typed as PoseidonCiphertext
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonCiphertext(value: bigint): asserts value is PoseidonCiphertext;
+/**
+ * Asserts that a value is a valid Poseidon counter.
+ *
+ * Validates that the value is a `bigint` and is within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the BN254 field prime
+ * - Counters should be unique for each encryption operation with the same key
+ * - Commonly incremented sequentially starting from 0
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonCounter(counterBigInt);
+ * // counterBigInt is now typed as PoseidonCounter
+ *
+ * assertPoseidonCounter(-1n); // Throws: negative value
+ * assertPoseidonCounter(BN254_FIELD_PRIME); // Throws: exceeds field prime
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonCounter(value: bigint): asserts value is PoseidonCounter;
+/**
+ * Asserts that a value is a valid Poseidon keystream.
+ *
+ * Validates that the value is a `bigint` and is within the BN254 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the BN254 field prime
+ * - Keystreams are derived from (key, counter) pairs using Poseidon PRF
+ *
+ * @example
+ * ```typescript
+ * assertPoseidonKeystream(keystreamBigInt);
+ * // keystreamBigInt is now typed as PoseidonKeystream
+ *
+ * assertPoseidonKeystream(-1n); // Throws: negative value
+ * assertPoseidonKeystream(BN254_FIELD_PRIME); // Throws: exceeds field prime
+ * ```
+ *
+ * @public
+ */
+declare function assertPoseidonKeystream(value: bigint): asserts value is PoseidonKeystream;
+/**
+ * Asserts that a value is a valid Rescue cipher ciphertext.
+ *
+ * Validates that the value is a `bigint` and is within the Curve25519 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^255 - 19 - 1])
+ * @param name - The name of the variable being asserted (for error messages)
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the Curve25519 field prime (2^255 - 19)
+ *
+ * @example
+ * ```typescript
+ * assertRcCiphertext(encryptedBigInt, "encryptedBigInt");
+ * // encryptedBigInt is now typed as RcCiphertext
+ *
+ * assertRcCiphertext(-1n, "myValue"); // Throws: myValue is negative
+ * assertRcCiphertext(CURVE25519_FIELD_PRIME, "myValue"); // Throws: myValue exceeds field prime
+ * ```
+ *
+ * @public
+ */
+declare function assertRcCiphertext(value: bigint, name?: string): asserts value is RcCiphertext;
+/**
+ * Asserts that a value is a valid Rescue cipher plaintext.
+ *
+ * Validates that the value is a `bigint` and is within the Curve25519 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^255 - 19 - 1])
+ * @param name - The name of the variable being asserted (for error messages)
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the Curve25519 field prime (2^255 - 19)
+ *
+ * @example
+ * ```typescript
+ * assertRcPlaintext(messageBigInt, "messageBigInt");
+ * // messageBigInt is now typed as RcPlaintext
+ *
+ * assertRcPlaintext(-1n, "myValue"); // Throws: myValue is negative
+ * ```
+ *
+ * @public
+ */
+declare function assertRcPlaintext(value: bigint, name?: string): asserts value is RcPlaintext;
+/**
+ * Asserts that a value is a valid Rescue cipher key.
+ *
+ * Validates that the value is a `bigint` and is within the Curve25519 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^255 - 19 - 1])
+ * @param name - The name of the variable being asserted (for error messages)
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the Curve25519 field prime (2^255 - 19)
+ * - Keys should be generated using a cryptographically secure random number generator
+ *
+ * @example
+ * ```typescript
+ * assertRcKey(secretKeyBigInt, "secretKeyBigInt");
+ * // secretKeyBigInt is now typed as RcKey
+ *
+ * assertRcKey(-1n, "myKey"); // Throws: myKey is negative
+ * ```
+ *
+ * @public
+ */
+declare function assertRcKey(value: bigint, name?: string): asserts value is RcKey;
+/**
+ * Asserts that a value is a valid Rescue cipher counter.
+ *
+ * Validates that the value is a `bigint` and is within the Curve25519 field prime.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^255 - 19 - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than the Curve25519 field prime (2^255 - 19)
+ * - Counters should be unique for each encryption operation with the same key
+ *
+ * @example
+ * ```typescript
+ * assertRcCounter(counterBigInt);
+ * // counterBigInt is now typed as RcCounter
+ *
+ * assertRcCounter(-1n); // Throws: negative value
+ * ```
+ *
+ * @public
+ */
+declare function assertRcCounter(value: bigint): asserts value is RcCounter;
+/**
+ * Asserts that a value is a valid Rescue cipher encryption nonce.
+ *
+ * Validates that the value is a `bigint` and is within the U128 range.
+ *
+ * @param value - The bigint to assert (must be in range [0, 2^128 - 1])
+ * @param name - The name of the variable being asserted (for error messages)
+ * @throws {CryptographyAssertionError} If not a bigint or out of range
+ *
+ * @remarks
+ * - Input must be a non-negative bigint
+ * - Value must be less than or equal to 2^128 - 1
+ * - Nonces must be unique for each encryption operation with the same key
+ * - Reusing a nonce with the same key compromises security
+ *
+ * @example
+ * ```typescript
+ * assertRcEncryptionNonce(nonceBigInt, "nonceBigInt");
+ * // nonceBigInt is now typed as RcEncryptionNonce
+ *
+ * assertRcEncryptionNonce(-1n, "myNonce"); // Throws: myNonce is negative
+ * assertRcEncryptionNonce(2n ** 128n, "myNonce"); // Throws: myNonce exceeds U128 max
+ * ```
+ *
+ * @public
+ */
+declare function assertRcEncryptionNonce(value: bigint, name?: string): asserts value is RcEncryptionNonce;
+/**
+ * Output of the Keccak-256 (SHA3-256) hash function.
+ *
+ * Keccak-256 is a cryptographic hash function from the SHA-3 family that produces
+ * a 256-bit (32-byte) digest. It is widely used in blockchain applications,
+ * notably as the primary hash function in Ethereum.
+ *
+ * @remarks
+ * - Always exactly 32 bytes (256 bits)
+ * - Stored in little-endian byte order
+ * - Collision-resistant and preimage-resistant
+ * - NOT the same as NIST SHA3-256 (uses different padding)
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base branded type)
+ *   └── LeBytes (little-endian sub-brand)
+ *         └── U256LeBytes (256-bit sized sub-sub-brand)
+ *               └── Keccak256Hash (hash-specific sub-sub-sub-brand)
+ * ```
+ *
+ * ## Use Cases
+ * - Address derivation in Ethereum-compatible systems
+ * - Commitment schemes
+ * - Merkle tree construction
+ * - General-purpose cryptographic hashing
+ *
+ * @example
+ * ```typescript
+ * import { assertKeccak256Hash, Keccak256Hash } from "./cryptography";
+ *
+ * const hashBytes = keccak256(data);
+ * assertKeccak256Hash(hashBytes);
+ * // hashBytes is now typed as Keccak256Hash
+ * ```
+ *
+ * @see {@link assertKeccak256Hash}
+ * @public
+ */
+type Keccak256Hash = SubSubSubBrandedType<U256LeBytes, "Keccak256Hash">;
+/**
+ * Output of the Keccak-512 (SHA3-512) hash function.
+ *
+ * Keccak-512 is a cryptographic hash function from the SHA-3 family that produces
+ * a 512-bit (64-byte) digest. It provides a higher security margin than Keccak-256
+ * and is used when stronger collision resistance is required.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Stored in little-endian byte order
+ * - Provides 256-bit security against collision attacks
+ * - Used as the basis for master seed derivation
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base branded type)
+ *   └── LeBytes (little-endian sub-brand)
+ *         └── U512LeBytes (512-bit sized sub-sub-brand)
+ *               └── Keccak512Hash (hash-specific sub-sub-sub-brand)
+ * ```
+ *
+ * ## Use Cases
+ * - Master seed generation (see {@link MasterSeed})
+ * - High-security key derivation
+ * - Extended hash outputs for cryptographic protocols
+ *
+ * @example
+ * ```typescript
+ * import { assertKeccak512Hash, Keccak512Hash } from "./cryptography";
+ *
+ * const hashBytes = keccak512(entropy);
+ * assertKeccak512Hash(hashBytes);
+ * // hashBytes is now typed as Keccak512Hash
+ * ```
+ *
+ * @see {@link assertKeccak512Hash}
+ * @see {@link MasterSeed}
+ * @public
+ */
+type Keccak512Hash = SubSubSubBrandedType<U512LeBytes, "Keccak512Hash">;
+/**
+ * Master seed for hierarchical key derivation.
+ *
+ * The master seed is the root of a hierarchical deterministic (HD) key derivation
+ * tree. It is generated from high-entropy input (typically via Keccak-512 hashing)
+ * and is used to derive all other keys in the system.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Generated from Keccak-512 hash of entropy source
+ * - MUST be kept secret - compromise reveals all derived keys
+ * - Should be generated from at least 256 bits of entropy
+ * - Used to derive the master viewing key
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── LeBytes
+ *         └── U512LeBytes
+ *               └── Keccak512Hash
+ *                     └── MasterSeed
+ * ```
+ *
+ * ## Security Considerations
+ * - Store securely (encrypted at rest)
+ * - Never transmit over insecure channels
+ * - Consider using hardware security modules (HSM) for production
+ * - Backup procedures should use secure, offline storage
+ *
+ * @example
+ * ```typescript
+ * import { assertMasterSeed, MasterSeed } from "./cryptography";
+ *
+ * // Generate master seed from entropy
+ * const entropy = crypto.getRandomValues(new Uint8Array(32));
+ * const seedBytes = keccak512(entropy);
+ * assertMasterSeed(seedBytes);
+ * // seedBytes is now typed as MasterSeed
+ *
+ * // Derive master viewing key
+ * const masterViewingKey = deriveMasterViewingKey(seedBytes);
+ * ```
+ *
+ * @see {@link assertMasterSeed}
+ * @see {@link MasterViewingKey}
+ * @public
+ */
+type MasterSeed = SubSubSubSubBrandedType<Keccak512Hash, "MasterSeed">;
+/**
+ * Generation seed for ephemeral key derivation.
+ *
+ * A generation seed is used as input to derive ephemeral master seeds for
+ * single-use key derivation scenarios. This enables forward secrecy by
+ * allowing unique seeds to be generated for each operation.
+ *
+ * @remarks
+ * - Always exactly 64 bytes (512 bits)
+ * - Typically derived from external entropy or protocol-specific data
+ * - Used as input to ephemeral master seed generation
+ * - Different from MasterSeed in that it's meant as an input, not a derived root
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── LeBytes
+ *         └── U512LeBytes
+ *               └── Keccak512Hash
+ *                     └── GenerationSeed
+ * ```
+ *
+ * ## Use Cases
+ * - Ephemeral key generation with deterministic input
+ * - Protocol-specific seed derivation
+ * - Forward secrecy implementations
+ *
+ * @example
+ * ```typescript
+ * import { assertGenerationSeed, GenerationSeed } from "./cryptography";
+ *
+ * // Create generation seed from protocol data
+ * const seedBytes = keccak512(protocolData);
+ * assertGenerationSeed(seedBytes);
+ * // seedBytes is now typed as GenerationSeed
+ *
+ * // Use to generate ephemeral master seed
+ * const ephemeralSeed = generateEphemeralMasterSeed(seedBytes);
+ * ```
+ *
+ * @see {@link assertGenerationSeed}
+ * @public
+ */
+type GenerationSeed = SubSubSubSubBrandedType<Keccak512Hash, "GenerationSeed">;
+/**
+ * Master viewing key for privacy-preserving protocols.
+ *
+ * The master viewing key is derived from the master seed and serves as the root
+ * of the viewing key derivation tree. It can be used to derive time-scoped viewing keys
+ * (yearly, monthly, daily, etc.) for selective disclosure of transaction history.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field (< field prime)
+ * - Derived deterministically from the master seed
+ * - Allows viewing ALL transactions without spending capability
+ * - Can be shared to grant full viewing access
+ *
+ * ## Type Hierarchy
+ * All viewing keys are siblings under Bn254FieldElement (NOT subbrands of each other):
+ * ```
+ * bigint (base)
+ *   └── U256 (SubBrandedType)
+ *         └── Bn254FieldElement (SubSubBrandedType)
+ *               ├── MasterViewingKey (SubSubSubBrandedType)
+ *               ├── YearlyViewingKey (SubSubSubBrandedType)
+ *               ├── MonthlyViewingKey (SubSubSubBrandedType)
+ *               ├── DailyViewingKey (SubSubSubBrandedType)
+ *               ├── HourlyViewingKey (SubSubSubBrandedType)
+ *               ├── MinuteViewingKey (SubSubSubBrandedType)
+ *               └── SecondViewingKey (SubSubSubBrandedType)
+ * ```
+ *
+ * ## Derivation Hierarchy (NOT type hierarchy)
+ * The following shows how keys are DERIVED, not their type relationships:
+ * ```
+ * MasterSeed
+ *   └── MasterViewingKey (views all time)
+ *         ├── YearlyViewingKey (views specific year)
+ *         ├── MonthlyViewingKey (views specific month)
+ *         ├── DailyViewingKey (views specific day)
+ *         ├── HourlyViewingKey (views specific hour)
+ *         ├── MinuteViewingKey (views specific minute)
+ *         └── SecondViewingKey (views specific second)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * import { MasterViewingKey, assertMasterViewingKey } from "./cryptography";
+ *
+ * const mvk = deriveMasterViewingKey(masterSeed);
+ * assertMasterViewingKey(mvk);
+ *
+ * // Grant viewing access to auditor
+ * shareViewingKey(auditor, mvk); // Full access
+ * ```
+ *
+ * @see {@link assertMasterViewingKey}
+ * @see {@link YearlyViewingKey}
+ * @see {@link MintViewingKey}
+ * @public
+ */
+type MasterViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MasterViewingKey">;
+/**
+ * Yearly viewing key for time-scoped transaction viewing.
+ *
+ * A yearly viewing key is derived from the master viewing key and grants
+ * viewing access to all transactions within a specific calendar year.
+ * This enables selective disclosure for annual audits or tax reporting.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from master viewing key + year identifier
+ * - Can view all transactions in the specified year
+ * - Cannot view transactions from other years
+ * - Can derive monthly, daily, and finer-grained keys
+ *
+ * ## Use Cases
+ * - Annual financial audits
+ * - Tax reporting requirements
+ * - Yearly compliance reviews
+ * - Historical transaction analysis for a specific year
+ *
+ * @example
+ * ```typescript
+ * import { YearlyViewingKey, assertYearlyViewingKey } from "./cryptography";
+ *
+ * const yearKey = deriveYearlyViewingKey(masterViewingKey, 2024);
+ * assertYearlyViewingKey(yearKey);
+ *
+ * // Share with tax authority for 2024 audit
+ * shareViewingKey(taxAuthority, yearKey);
+ * ```
+ *
+ * @see {@link assertYearlyViewingKey}
+ * @see {@link MonthlyViewingKey}
+ * @public
+ */
+type YearlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "YearlyViewingKey">;
+/**
+ * Monthly viewing key for time-scoped transaction viewing.
+ *
+ * A monthly viewing key grants viewing access to all transactions within
+ * a specific calendar month. It is derived from the yearly viewing key
+ * and provides more granular access control than yearly keys.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from yearly viewing key + month identifier
+ * - Can view all transactions in the specified month
+ * - Cannot view transactions from other months
+ * - Can derive daily and finer-grained keys
+ *
+ * ## Use Cases
+ * - Monthly financial reconciliation
+ * - Periodic audit sampling
+ * - Subscription billing verification
+ * - Monthly expense reporting
+ *
+ * @example
+ * ```typescript
+ * import { MonthlyViewingKey, assertMonthlyViewingKey } from "./cryptography";
+ *
+ * const monthKey = deriveMonthlyViewingKey(yearlyKey, 6); // June
+ * assertMonthlyViewingKey(monthKey);
+ *
+ * // Share with accountant for monthly review
+ * shareViewingKey(accountant, monthKey);
+ * ```
+ *
+ * @see {@link assertMonthlyViewingKey}
+ * @see {@link DailyViewingKey}
+ * @public
+ */
+type MonthlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MonthlyViewingKey">;
+/**
+ * Daily viewing key for time-scoped transaction viewing.
+ *
+ * A daily viewing key grants viewing access to all transactions within
+ * a specific calendar day. It provides fine-grained access control for
+ * scenarios requiring day-level precision.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from monthly viewing key + day identifier
+ * - Can view all transactions on the specified day
+ * - Cannot view transactions from other days
+ * - Can derive hourly and finer-grained keys
+ *
+ * ## Use Cases
+ * - Daily settlement verification
+ * - Incident investigation for specific dates
+ * - Daily trading activity review
+ * - Point-in-time compliance checks
+ *
+ * @example
+ * ```typescript
+ * import { DailyViewingKey, assertDailyViewingKey } from "./cryptography";
+ *
+ * const dayKey = deriveDailyViewingKey(monthlyKey, 15); // 15th of month
+ * assertDailyViewingKey(dayKey);
+ *
+ * // Share for investigating a specific date
+ * shareViewingKey(investigator, dayKey);
+ * ```
+ *
+ * @see {@link assertDailyViewingKey}
+ * @see {@link HourlyViewingKey}
+ * @public
+ */
+type DailyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "DailyViewingKey">;
+/**
+ * Hourly viewing key for time-scoped transaction viewing.
+ *
+ * An hourly viewing key grants viewing access to all transactions within
+ * a specific hour. This provides very fine-grained access control for
+ * high-frequency trading scenarios or detailed forensic analysis.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from daily viewing key + hour identifier (0-23)
+ * - Can view all transactions in the specified hour
+ * - Cannot view transactions from other hours
+ * - Can derive minute and second-level keys
+ *
+ * ## Use Cases
+ * - High-frequency trading audits
+ * - Incident response for specific time windows
+ * - Market manipulation investigation
+ * - Detailed activity timeline construction
+ *
+ * @example
+ * ```typescript
+ * import { HourlyViewingKey, assertHourlyViewingKey } from "./cryptography";
+ *
+ * const hourKey = deriveHourlyViewingKey(dailyKey, 14); // 2 PM
+ * assertHourlyViewingKey(hourKey);
+ * ```
+ *
+ * @see {@link assertHourlyViewingKey}
+ * @see {@link MinuteViewingKey}
+ * @public
+ */
+type HourlyViewingKey = SubSubSubBrandedType<Bn254FieldElement, "HourlyViewingKey">;
+/**
+ * Minute viewing key for time-scoped transaction viewing.
+ *
+ * A minute viewing key grants viewing access to all transactions within
+ * a specific minute. This provides extremely fine-grained access control
+ * for forensic analysis or real-time monitoring scenarios.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from hourly viewing key + minute identifier (0-59)
+ * - Can view all transactions in the specified minute
+ * - Cannot view transactions from other minutes
+ * - Can derive second-level keys for ultimate precision
+ *
+ * ## Use Cases
+ * - Real-time fraud detection analysis
+ * - Precise transaction timing verification
+ * - Forensic timeline reconstruction
+ * - Flash loan attack investigation
+ *
+ * @example
+ * ```typescript
+ * import { MinuteViewingKey, assertMinuteViewingKey } from "./cryptography";
+ *
+ * const minuteKey = deriveMinuteViewingKey(hourlyKey, 30); // :30 minute
+ * assertMinuteViewingKey(minuteKey);
+ * ```
+ *
+ * @see {@link assertMinuteViewingKey}
+ * @see {@link SecondViewingKey}
+ * @public
+ */
+type MinuteViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MinuteViewingKey">;
+/**
+ * Second viewing key for time-scoped transaction viewing.
+ *
+ * A second viewing key grants viewing access to all transactions within
+ * a specific second. This is the finest granularity of viewing keys and
+ * is primarily used for forensic analysis of specific transactions.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from minute viewing key + second identifier (0-59)
+ * - Can view all transactions in the specified second
+ * - Cannot view transactions from other seconds
+ * - Finest granularity in the viewing key hierarchy
+ *
+ * ## Use Cases
+ * - Precise transaction attribution
+ * - MEV (Maximal Extractable Value) analysis
+ * - Front-running detection
+ * - Block-level transaction ordering analysis
+ *
+ * @example
+ * ```typescript
+ * import { SecondViewingKey, assertSecondViewingKey } from "./cryptography";
+ *
+ * const secondKey = deriveSecondViewingKey(minuteKey, 45); // :45 second
+ * assertSecondViewingKey(secondKey);
+ * ```
+ *
+ * @see {@link assertSecondViewingKey}
+ * @public
+ */
+type SecondViewingKey = SubSubSubBrandedType<Bn254FieldElement, "SecondViewingKey">;
+/**
+ * Mint viewing key for token-specific transaction viewing.
+ *
+ * A mint viewing key grants viewing access to all transactions involving
+ * a specific token (mint address). This allows selective disclosure of
+ * activity for a particular asset without revealing transactions of other tokens.
+ *
+ * @remarks
+ * - Element of the BN254 scalar field
+ * - Derived from master viewing key + mint address
+ * - Can view all transactions involving the specified mint
+ * - Cannot view transactions involving other mints
+ * - Used as base for time-scoped viewing keys for a specific mint
+ *
+ * ## Derivation
+ *
+ * The mint viewing key is derived using Poseidon hash:
+ * ```
+ * h0 = Poseidon(MVK, mintAddressLow, mintAddressHigh)
+ * ```
+ *
+ * Where:
+ * - MVK is the master viewing key
+ * - mintAddressLow is bytes 0-15 of the mint address (little-endian U128)
+ * - mintAddressHigh is bytes 16-31 of the mint address (little-endian U128)
+ *
+ * ## Use Cases
+ * - Token-specific compliance reporting
+ * - Asset-specific audit trails
+ * - Selective disclosure for specific tokens
+ * - Token holder activity analysis
+ *
+ * @example
+ * ```typescript
+ * import { MintViewingKey, assertMintViewingKey } from "./cryptography";
+ *
+ * const mintKey = deriveMintViewingKey(masterViewingKey, usdcMint);
+ * assertMintViewingKey(mintKey);
+ *
+ * // Share with auditor for USDC-specific review
+ * shareViewingKey(auditor, mintKey);
+ * ```
+ *
+ * @see {@link assertMintViewingKey}
+ * @public
+ */
+type MintViewingKey = SubSubSubBrandedType<Bn254FieldElement, "MintViewingKey">;
+/**
+ * An X25519 key pair consisting of a private key and its corresponding public key.
+ *
+ * X25519 is an elliptic curve Diffie-Hellman (ECDH) protocol using Curve25519.
+ * A keypair consists of:
+ * - A 32-byte private key (random or derived)
+ * - A 32-byte public key (computed from the private key)
+ *
+ * @remarks
+ * ## Key Generation
+ * - Private key: 32 random bytes (optionally clamped per X25519 spec)
+ * - Public key: Scalar multiplication of private key with base point
+ *
+ * ## Security Properties
+ * - Private key MUST be kept secret
+ * - Public key can be freely shared
+ * - Shared secret is computed as: `X25519(myPrivate, theirPublic)`
+ * - Key exchange is symmetric: both parties compute the same shared secret
+ *
+ * ## Use Cases
+ * - End-to-end encryption key establishment
+ * - Ephemeral key exchange for forward secrecy
+ * - Diffie-Hellman key agreement in protocols like Noise, Signal
+ * - Deriving symmetric encryption keys from asymmetric exchange
+ *
+ * @example
+ * ```typescript
+ * import { X25519Keypair, generateX25519Keypair } from "./cryptography";
+ *
+ * // Generate a new keypair
+ * const keypair: X25519Keypair = await generateX25519Keypair();
+ *
+ * // Share public key with peer
+ * sendPublicKey(peer, keypair.publicKey);
+ *
+ * // Compute shared secret with peer's public key
+ * const sharedSecret = x25519(keypair.privateKey, peerPublicKey);
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Ephemeral key exchange for forward secrecy
+ * const ephemeralKeypair: X25519Keypair = await generateX25519Keypair();
+ *
+ * // Use ephemeral keypair for this session only
+ * const sessionKey = deriveSessionKey(
+ *     x25519(ephemeralKeypair.privateKey, recipientPublicKey)
+ * );
+ *
+ * // Discard private key after use for forward secrecy
+ * ```
+ *
+ * @public
+ */
+interface X25519Keypair {
+    /**
+     * The X25519 private key (32 bytes).
+     *
+     * This key MUST be kept secret. It is used to:
+     * - Compute shared secrets with other parties' public keys
+     * - Derive the corresponding public key
+     *
+     * @remarks
+     * The private key should be generated from a cryptographically secure
+     * random source. The X25519 algorithm applies clamping during use.
+     */
+    readonly privateKey: X25519PrivateKey;
+    /**
+     * The X25519 public key (32 bytes).
+     *
+     * This key can be freely shared. It is:
+     * - Computed from the private key via scalar multiplication
+     * - Used by other parties to compute shared secrets
+     * - Safe to transmit over insecure channels
+     */
+    readonly publicKey: X25519PublicKey;
+}
+/**
+ * Asserts that a value is a valid Keccak-256 hash output.
+ *
+ * Validates that the value is a 32-byte Uint8Array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `U256_BYTE_LENGTH` = 32 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `Keccak256Hash` on success
+ *
+ * @example
+ * ```typescript
+ * const hashBytes = keccak256(data);
+ * assertKeccak256Hash(hashBytes);
+ * // hashBytes is now typed as Keccak256Hash
+ * ```
+ *
+ * @public
+ */
+declare function assertKeccak256Hash(value: Uint8Array): asserts value is Keccak256Hash;
+/**
+ * Asserts that a value is a valid Keccak-512 hash output.
+ *
+ * Validates that the value is a 64-byte Uint8Array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `U512_BYTE_LENGTH` = 64 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 64 bytes
+ * @returns `void` — narrows the type of `value` to `Keccak512Hash` on success
+ *
+ * @example
+ * ```typescript
+ * const hashBytes = keccak512(data);
+ * assertKeccak512Hash(hashBytes);
+ * // hashBytes is now typed as Keccak512Hash
+ * ```
+ *
+ * @public
+ */
+declare function assertKeccak512Hash(value: Uint8Array): asserts value is Keccak512Hash;
+/**
+ * Asserts that a value is a valid master seed.
+ *
+ * Validates that the value is a 64-byte Uint8Array (Keccak-512 hash output).
+ *
+ * @param value - The Uint8Array to assert (must be exactly `U512_BYTE_LENGTH` = 64 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 64 bytes
+ * @returns `void` — narrows the type of `value` to `MasterSeed` on success
+ *
+ * @example
+ * ```typescript
+ * const seedBytes = keccak512(entropy);
+ * assertMasterSeed(seedBytes);
+ * // seedBytes is now typed as MasterSeed
+ * ```
+ *
+ * @public
+ */
+declare function assertMasterSeed(value: Uint8Array): asserts value is MasterSeed;
+/**
+ * Asserts that a value is a valid generation seed.
+ *
+ * Validates that the value is a 64-byte Uint8Array (Keccak-512 hash output).
+ *
+ * @param value - The Uint8Array to assert (must be exactly `U512_BYTE_LENGTH` = 64 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 64 bytes
+ * @returns `void` — narrows the type of `value` to `GenerationSeed` on success
+ *
+ * @example
+ * ```typescript
+ * const seedBytes = keccak512(protocolData);
+ * assertGenerationSeed(seedBytes);
+ * // seedBytes is now typed as GenerationSeed
+ * ```
+ *
+ * @public
+ */
+declare function assertGenerationSeed(value: Uint8Array): asserts value is GenerationSeed;
+/**
+ * Asserts that a value is a valid master viewing key.
+ *
+ * Validates that the value is a bigint within the BN254 field.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds BN254 field prime
+ * @returns `void` — narrows the type of `value` to `MasterViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const mvk = deriveMasterViewingKey(masterSeed);
+ * assertMasterViewingKey(mvk);
+ * // mvk is now typed as MasterViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertMasterViewingKey(value: bigint): asserts value is MasterViewingKey;
+/**
+ * Asserts that a value is a valid yearly viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `YearlyViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveYearlyViewingKey(masterViewingKey, 2024n);
+ * assertYearlyViewingKey(key);
+ * // key is now typed as YearlyViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertYearlyViewingKey(value: bigint): asserts value is YearlyViewingKey;
+/**
+ * Asserts that a value is a valid monthly viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `MonthlyViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveMonthlyViewingKey(yearlyViewingKey, 6n);
+ * assertMonthlyViewingKey(key);
+ * // key is now typed as MonthlyViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertMonthlyViewingKey(value: bigint): asserts value is MonthlyViewingKey;
+/**
+ * Asserts that a value is a valid daily viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `DailyViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveDailyViewingKey(monthlyViewingKey, 15n);
+ * assertDailyViewingKey(key);
+ * // key is now typed as DailyViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertDailyViewingKey(value: bigint): asserts value is DailyViewingKey;
+/**
+ * Asserts that a value is a valid hourly viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `HourlyViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveHourlyViewingKey(dailyViewingKey, 14n);
+ * assertHourlyViewingKey(key);
+ * // key is now typed as HourlyViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertHourlyViewingKey(value: bigint): asserts value is HourlyViewingKey;
+/**
+ * Asserts that a value is a valid minute viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `MinuteViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveMinuteViewingKey(hourlyViewingKey, 30n);
+ * assertMinuteViewingKey(key);
+ * // key is now typed as MinuteViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertMinuteViewingKey(value: bigint): asserts value is MinuteViewingKey;
+/**
+ * Asserts that a value is a valid second viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `SecondViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveSecondViewingKey(minuteViewingKey, 45n);
+ * assertSecondViewingKey(key);
+ * // key is now typed as SecondViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertSecondViewingKey(value: bigint): asserts value is SecondViewingKey;
+/**
+ * Asserts that a value is a valid mint viewing key.
+ *
+ * @param value - The bigint to assert (must be in range [0, BN254_FIELD_PRIME - 1])
+ * @throws {CryptographyAssertionError} If not a bigint or out of the BN254 field range
+ * @returns `void` — narrows the type of `value` to `MintViewingKey` on success
+ *
+ * @example
+ * ```typescript
+ * const key = deriveMintViewingKey(masterViewingKey, usdcMintAddress);
+ * assertMintViewingKey(key);
+ * // key is now typed as MintViewingKey
+ * ```
+ *
+ * @public
+ */
+declare function assertMintViewingKey(value: bigint): asserts value is MintViewingKey;
+/**
+ * Asserts that a value is a valid X25519 keypair.
+ *
+ * Validates that the value is an object with valid `privateKey` and `publicKey` fields,
+ * each being a 32-byte Uint8Array.
+ *
+ * @param value - The object to assert (must have `privateKey` and `publicKey` Uint8Array fields)
+ * @throws {CryptographyAssertionError} If the object is missing required fields or either
+ *   field is not a valid 32-byte Uint8Array
+ * @returns `void` — narrows the type of `value` to `X25519Keypair` on success
+ *
+ * @example
+ * ```typescript
+ * const keypair = { privateKey: privKey, publicKey: pubKey };
+ * assertX25519Keypair(keypair);
+ * // keypair is now typed as X25519Keypair
+ * ```
+ *
+ * @public
+ */
+declare function assertX25519Keypair(value: {
+    privateKey: Uint8Array;
+    publicKey: Uint8Array;
+}): asserts value is X25519Keypair;
+/**
+ * A single Base85 limb value.
+ *
+ * Base85 limbs are used to represent 256-bit values as 3 limbs, where each
+ * limb fits within 85 bits (though stored as U128 for convenience).
+ * This representation is commonly used in ZK circuits to handle large
+ * field elements efficiently.
+ *
+ * @remarks
+ * - Each limb must be less than 2^85
+ * - Used in Poseidon hash inputs for ZK proof generation
+ * - Three Base85 limbs can represent a full 256-bit value
+ *
+ * ## Type Hierarchy
+ * ```
+ * bigint
+ *   └── UnsignedInteger
+ *         └── U128
+ *               └── Base85Limb
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const limb = assertBase85Limb(12345n);
+ * // limb is now typed as Base85Limb
+ * ```
+ *
+ * @see {@link assertBase85Limb}
+ * @see {@link Base85LimbTuple}
+ * @see {@link BASE85_LIMB_MAX}
+ * @public
+ */
+type Base85Limb = SubSubBrandedType<U128, "Base85Limb">;
+/**
+ * Maximum value for a Base85 limb.
+ *
+ * @remarks
+ * Value: 2^85 - 1 = 38685626227668133590597631999999999999999999999999999999n (approximately 3.87e25)
+ *
+ * All `Base85Limb` values must be less than or equal to this constant.
+ *
+ * @see {@link Base85Limb}
+ * @see {@link assertBase85Limb}
+ * @public
+ */
+declare const BASE85_LIMB_MAX: bigint;
+/**
+ * A tuple of three Base85 limbs representing a 256-bit value.
+ *
+ * This interface represents a 256-bit value split into three limbs:
+ * - `low`: bits 0-84 (least significant)
+ * - `middle`: bits 85-169
+ * - `high`: bits 170-255 (most significant)
+ *
+ * @remarks
+ * The total bit capacity is 3 * 85 = 255 bits, which is sufficient
+ * for most 256-bit field elements used in cryptography.
+ *
+ * ## Use Cases
+ * - Poseidon hash inputs in ZK circuits
+ * - Field element representations for proof generation
+ * - Efficient arithmetic in constrained environments
+ *
+ * @example
+ * ```typescript
+ * const limbs: Base85LimbTuple = {
+ *   low: assertBase85Limb(lowBits),
+ *   middle: assertBase85Limb(middleBits),
+ *   high: assertBase85Limb(highBits),
+ * };
+ * ```
+ *
+ * @see {@link Base85Limb}
+ * @public
+ */
+interface Base85LimbTuple {
+    /**
+     * The low 85 bits (bits 0-84).
+     */
+    readonly low: Base85Limb;
+    /**
+     * The middle 85 bits (bits 85-169).
+     */
+    readonly middle: Base85Limb;
+    /**
+     * The high bits (bits 170-255).
+     */
+    readonly high: Base85Limb;
+}
+/**
+ * Asserts that a value is a valid Base85 limb.
+ *
+ * Validates that the value is a `bigint` and is within the Base85 range [0, 2^85 - 1].
+ *
+ * @param value - The bigint to assert (must be in range [0, BASE85_LIMB_MAX])
+ * @param name - The name of the variable being asserted (used in error messages)
+ * @defaultValue `name` — `"value"`
+ * @throws {CryptographyAssertionError} If not a bigint, is negative, or exceeds `BASE85_LIMB_MAX`
+ * @returns `void` — narrows the type of `value` to `Base85Limb` on success
+ *
+ * @example
+ * ```typescript
+ * const value = 12345n;
+ * assertBase85Limb(value, "value");
+ * // value is now typed as Base85Limb
+ * ```
+ *
+ * @public
+ */
+declare function assertBase85Limb(value: bigint, name?: string): asserts value is Base85Limb;
+/**
+ * Byte length for G1 points in a Groth16 proof (64 bytes = 2 x 32-byte field elements).
+ *
+ * @remarks
+ * Each G1 point on BN254 is represented as (x, y) where both coordinates are 32-byte
+ * big-endian integers. Used for the `a` and `c` components of a Groth16 proof.
+ *
+ * @see {@link Groth16ProofA}
+ * @see {@link Groth16ProofC}
+ * @public
+ */
+declare const GROTH16_G1_BYTE_LENGTH = 64;
+/**
+ * Byte length for G2 points in a Groth16 proof (128 bytes = 4 x 32-byte field elements).
+ *
+ * @remarks
+ * G2 points on BN254 are in the extension field Fq2, so each coordinate is a pair of
+ * 32-byte field elements: (x0, x1) and (y0, y1). Used for the `b` component of a Groth16 proof.
+ *
+ * @see {@link Groth16ProofB}
+ * @public
+ */
+declare const GROTH16_G2_BYTE_LENGTH = 128;
+/**
+ * The A component of a Groth16 proof (G1 point), serialized as 64 bytes.
+ *
+ * This is an elliptic curve point on the G1 group of the BN254 curve,
+ * serialized as 64 bytes: [x (32 bytes), y (32 bytes)].
+ *
+ * @remarks
+ * - Size: 64 bytes (2 field elements x 32 bytes each)
+ * - Format: [x, y] where each coordinate is 32 bytes big-endian
+ * - Represents a point on the G1 curve
+ * - Part of the zkSNARK proof tuple (A, B, C)
+ *
+ * @see {@link assertGroth16ProofA}
+ * @see {@link Groth16Proof}
+ * @public
+ */
+type Groth16ProofA = SubBrandedType<Bytes, "Groth16ProofA">;
+/**
+ * The B component of a Groth16 proof (G2 point), serialized as 128 bytes.
+ *
+ * This is an elliptic curve point on the G2 group of the BN254 curve,
+ * serialized as 128 bytes: [x0 (32), x1 (32), y0 (32), y1 (32)].
+ *
+ * @remarks
+ * - Size: 128 bytes (4 field elements x 32 bytes each)
+ * - Format: [x0, x1, y0, y1] where each component is 32 bytes big-endian
+ * - Represents a point on the G2 curve (extension field Fq2)
+ * - The x-coordinate is (x0, x1) and y-coordinate is (y0, y1)
+ *
+ * @see {@link assertGroth16ProofB}
+ * @see {@link Groth16Proof}
+ * @public
+ */
+type Groth16ProofB = SubBrandedType<Bytes, "Groth16ProofB">;
+/**
+ * The C component of a Groth16 proof (G1 point), serialized as 64 bytes.
+ *
+ * This is an elliptic curve point on the G1 group of the BN254 curve,
+ * serialized as 64 bytes: [x (32 bytes), y (32 bytes)].
+ *
+ * @remarks
+ * - Size: 64 bytes (2 field elements x 32 bytes each)
+ * - Format: [x, y] where each coordinate is 32 bytes big-endian
+ * - Represents a point on the G1 curve
+ * - Part of the zkSNARK proof tuple (A, B, C)
+ *
+ * @see {@link assertGroth16ProofC}
+ * @see {@link Groth16Proof}
+ * @public
+ */
+type Groth16ProofC = SubBrandedType<Bytes, "Groth16ProofC">;
+/**
+ * Asserts that a value is a valid Groth16ProofA (64 bytes).
+ *
+ * @param value - The Uint8Array to assert (must be exactly `GROTH16_G1_BYTE_LENGTH` = 64 bytes)
+ * @param name - Optional name used in error messages for better diagnostics
+ * @throws {TypeError} If the value is not a Uint8Array or not exactly 64 bytes
+ * @returns `void` — narrows the type of `value` to `Groth16ProofA` on success
+ *
+ * @example
+ * ```typescript
+ * const proofA = new Uint8Array(64);
+ * assertGroth16ProofA(proofA);
+ * // proofA is now typed as Groth16ProofA
+ * ```
+ *
+ * @public
+ */
+declare function assertGroth16ProofA(value: Uint8Array, name?: string): asserts value is Groth16ProofA;
+/**
+ * Asserts that a value is a valid Groth16ProofB (128 bytes).
+ *
+ * @param value - The Uint8Array to assert (must be exactly `GROTH16_G2_BYTE_LENGTH` = 128 bytes)
+ * @param name - Optional name used in error messages for better diagnostics
+ * @throws {TypeError} If the value is not a Uint8Array or not exactly 128 bytes
+ * @returns `void` — narrows the type of `value` to `Groth16ProofB` on success
+ *
+ * @example
+ * ```typescript
+ * const proofB = new Uint8Array(128);
+ * assertGroth16ProofB(proofB);
+ * // proofB is now typed as Groth16ProofB
+ * ```
+ *
+ * @public
+ */
+declare function assertGroth16ProofB(value: Uint8Array, name?: string): asserts value is Groth16ProofB;
+/**
+ * Asserts that a value is a valid Groth16ProofC (64 bytes).
+ *
+ * @param value - The Uint8Array to assert (must be exactly `GROTH16_G1_BYTE_LENGTH` = 64 bytes)
+ * @param name - Optional name used in error messages for better diagnostics
+ * @throws {TypeError} If the value is not a Uint8Array or not exactly 64 bytes
+ * @returns `void` — narrows the type of `value` to `Groth16ProofC` on success
+ *
+ * @example
+ * ```typescript
+ * const proofC = new Uint8Array(64);
+ * assertGroth16ProofC(proofC);
+ * // proofC is now typed as Groth16ProofC
+ * ```
+ *
+ * @public
+ */
+declare function assertGroth16ProofC(value: Uint8Array, name?: string): asserts value is Groth16ProofC;
+/**
+ * A complete Groth16 zero-knowledge proof.
+ *
+ * Groth16 is a pairing-based zkSNARK proof system that produces compact proofs
+ * consisting of three elliptic curve points: A (G1), B (G2), and C (G1).
+ *
+ * @remarks
+ * ## Proof Structure (256 bytes total)
+ * - `a`: G1 point (64 bytes)
+ * - `b`: G2 point (128 bytes)
+ * - `c`: G1 point (64 bytes)
+ *
+ * ## Security Properties
+ * - Proof size is constant regardless of circuit size
+ * - Verification is efficient (constant time)
+ * - Requires trusted setup (circuit-specific)
+ *
+ * ## Use Cases
+ * - User registration proofs
+ * - Transfer validity proofs
+ * - Balance update proofs
+ *
+ * @example
+ * ```typescript
+ * const proofA = new Uint8Array(64);
+ * const proofB = new Uint8Array(128);
+ * const proofC = new Uint8Array(64);
+ * assertGroth16ProofA(proofA);
+ * assertGroth16ProofB(proofB);
+ * assertGroth16ProofC(proofC);
+ *
+ * const proof: Groth16Proof = {
+ *   a: proofA,
+ *   b: proofB,
+ *   c: proofC,
+ * };
+ * ```
+ *
+ * @see {@link Groth16ProofA}
+ * @see {@link Groth16ProofB}
+ * @see {@link Groth16ProofC}
+ * @see {@link ZkProofBytes}
+ * @public
+ */
+interface Groth16Proof {
+    /**
+     * The A component of the proof (G1 point, 64 bytes).
+     */
+    readonly a: Groth16ProofA;
+    /**
+     * The B component of the proof (G2 point, 128 bytes).
+     */
+    readonly b: Groth16ProofB;
+    /**
+     * The C component of the proof (G1 point, 64 bytes).
+     */
+    readonly c: Groth16ProofC;
+}
+/**
+ * A cryptographic nonce for encryption operations.
+ *
+ * This is an alias for `RcEncryptionNonce` and represents a 128-bit value
+ * used to ensure unique encryption outputs.
+ *
+ * @remarks
+ * - Must be unique for each encryption with the same key
+ * - Reusing a nonce compromises security
+ * - Can be generated randomly or as a counter
+ *
+ * @example
+ * ```typescript
+ * const nonce: Nonce = generateRandomNonce();
+ * ```
+ *
+ * @see {@link RcEncryptionNonce}
+ * @public
+ */
+type Nonce = RcEncryptionNonce;
+/**
+ * Expected byte length for serialized Groth16 proofs.
+ *
+ * @remarks
+ * A Groth16 proof consists of:
+ * - A (G1): 2 * 32 = 64 bytes
+ * - B (G2): 4 * 32 = 128 bytes
+ * - C (G1): 2 * 32 = 64 bytes
+ * Total: 256 bytes
+ *
+ * @see {@link ZkProofBytes}
+ * @see {@link assertZkProofBytes}
+ * @public
+ */
+declare const ZK_PROOF_BYTE_LENGTH = 256;
+/**
+ * Serialized zero-knowledge proof bytes.
+ *
+ * This type represents a Groth16 proof serialized to a byte array,
+ * suitable for transmission over the network or storage on-chain.
+ *
+ * @remarks
+ * - Size: 256 bytes (8 field elements * 32 bytes each)
+ * - Format: [A.x, A.y, B.x0, B.x1, B.y0, B.y1, C.x, C.y]
+ * - Each field element is encoded as 32 bytes (big-endian)
+ *
+ * @example
+ * ```typescript
+ * const proofBytes = serializeGroth16Proof(proof);
+ * assertZkProofBytes(proofBytes);
+ * // proofBytes is now typed as ZkProofBytes
+ * ```
+ *
+ * @see {@link assertZkProofBytes}
+ * @see {@link ZK_PROOF_BYTE_LENGTH}
+ * @public
+ */
+type ZkProofBytes = SubBrandedType<Bytes, "ZkProofBytes">;
+/**
+ * Asserts that a value is a valid serialized ZK proof.
+ *
+ * Validates that the value is a 256-byte Uint8Array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `ZK_PROOF_BYTE_LENGTH` = 256 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 256 bytes
+ * @returns `void` — narrows the type of `value` to `ZkProofBytes` on success
+ *
+ * @example
+ * ```typescript
+ * const proofBytes = new Uint8Array(256);
+ * assertZkProofBytes(proofBytes);
+ * // proofBytes is now typed as ZkProofBytes
+ * ```
+ *
+ * @public
+ */
+declare function assertZkProofBytes(value: Uint8Array): asserts value is ZkProofBytes;
+/**
+ * Byte length for AES-256 keys.
+ *
+ * @remarks
+ * AES-256 requires exactly 32 bytes (256 bits) for the encryption key.
+ *
+ * @see {@link AesKey}
+ * @see {@link assertAesKey}
+ * @public
+ */
+declare const AES_KEY_LENGTH = 32;
+/**
+ * Byte length for AES-GCM initialization vectors.
+ *
+ * @remarks
+ * AES-GCM uses a 12-byte (96-bit) IV as recommended by NIST SP 800-38D.
+ * Each encryption operation must use a unique IV to maintain security.
+ *
+ * @see {@link AES_METADATA_OVERHEAD}
+ * @public
+ */
+declare const AES_IV_LENGTH = 12;
+/**
+ * Byte length for AES-GCM authentication tags.
+ *
+ * @remarks
+ * AES-GCM produces a 16-byte (128-bit) authentication tag for integrity and
+ * authenticity verification. The tag is stored alongside the ciphertext.
+ *
+ * @see {@link AES_METADATA_OVERHEAD}
+ * @public
+ */
+declare const AES_AUTH_TAG_LENGTH = 16;
+/**
+ * Total overhead for AES ciphertext metadata (IV + AuthTag).
+ *
+ * @remarks
+ * The combined ciphertext format is: [IV (12 bytes) | AuthTag (16 bytes) | Ciphertext (N bytes)]
+ * Total overhead: 12 + 16 = 28 bytes. Any `AesCiphertextWithMetadata` must be at least this many bytes.
+ *
+ * @see {@link AesCiphertextWithMetadata}
+ * @see {@link assertAesCiphertextWithMetadata}
+ * @public
+ */
+declare const AES_METADATA_OVERHEAD: number;
+/**
+ * AES-256 encryption key.
+ *
+ * A 32-byte (256-bit) key used for AES-256-GCM encryption. These keys are
+ * derived from master seeds (for ephemeral unlocker) or X25519 shared secrets
+ * (for receiver unlocker).
+ *
+ * @remarks
+ * - Size: 32 bytes exactly
+ * - Must be kept secret and never transmitted in plaintext
+ * - Should be derived using a secure KDF
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── AesKey (sub-sub-brand, 32 bytes)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const key = deriveAesKey(masterSeed, generationIndex);
+ * assertAesKey(key);
+ * // key is now typed as AesKey
+ * ```
+ *
+ * @see {@link AES_KEY_LENGTH}
+ * @see {@link assertAesKey}
+ * @public
+ */
+type AesKey = SubBrandedType<Bytes, "AesKey">;
+/**
+ * AES plaintext input for encryption.
+ *
+ * Variable-length byte array to be encrypted with AES-256-GCM.
+ * For UTXO recovery, this contains: amount (8), modified generation index (16),
+ * destination address (32), and domain separator hash (12) = 68 bytes total.
+ *
+ * @remarks
+ * - Size: Variable (any length)
+ * - Must be a valid Uint8Array
+ * - Content structure depends on the encryption context
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── AesPlaintext (sub-brand, variable length)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const plaintext = buildRecoveryPlaintext(amount, genIndex, destination);
+ * assertAesPlaintext(plaintext);
+ * const ciphertext = await aesEncryptor(key, plaintext);
+ * ```
+ *
+ * @see {@link assertAesPlaintext}
+ * @see {@link AesCiphertextWithMetadata}
+ * @public
+ */
+type AesPlaintext = SubBrandedType<Bytes, "AesPlaintext">;
+/**
+ * AES-GCM ciphertext with embedded metadata.
+ *
+ * A combined format that includes the IV, authentication tag, and encrypted data
+ * in a single byte array. This format is self-contained for decryption.
+ *
+ * ## Layout (28 + N bytes)
+ * ```
+ * [IV (12 bytes) | AuthTag (16 bytes) | Ciphertext (N bytes)]
+ * ```
+ *
+ * @remarks
+ * - Minimum size: 28 bytes (IV + AuthTag with empty plaintext)
+ * - IV is randomly generated per encryption
+ * - AuthTag provides authenticity and integrity verification
+ * - Ciphertext length equals plaintext length
+ *
+ * ## Type Hierarchy
+ * ```
+ * Bytes (base)
+ *   └── AesCiphertextWithMetadata (sub-brand, 28+ bytes)
+ * ```
+ *
+ * @example
+ * ```typescript
+ * const ciphertext = await aesEncryptor(key, plaintext);
+ * assertAesCiphertextWithMetadata(ciphertext);
+ *
+ * // Extract components if needed:
+ * const iv = ciphertext.slice(0, 12);
+ * const authTag = ciphertext.slice(12, 28);
+ * const encrypted = ciphertext.slice(28);
+ * ```
+ *
+ * @see {@link assertAesCiphertextWithMetadata}
+ * @see {@link AES_METADATA_OVERHEAD}
+ * @public
+ */
+type AesCiphertextWithMetadata = SubBrandedType<Bytes, "AesCiphertextWithMetadata">;
+/**
+ * Asserts that a value is a valid AES-256 key.
+ *
+ * Validates that the value is a 32-byte Uint8Array.
+ *
+ * @param value - The Uint8Array to assert (must be exactly `AES_KEY_LENGTH` = 32 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not exactly 32 bytes
+ * @returns `void` — narrows the type of `value` to `AesKey` on success
+ *
+ * @example
+ * ```typescript
+ * const keyBytes = deriveKeyFromSeed(seed);
+ * assertAesKey(keyBytes);
+ * // keyBytes is now typed as AesKey
+ * ```
+ *
+ * @public
+ */
+declare function assertAesKey(value: Uint8Array): asserts value is AesKey;
+/**
+ * Asserts that a value is a valid AES plaintext.
+ *
+ * Validates that the value is a Uint8Array. Plaintext can be any length.
+ *
+ * @param value - The Uint8Array to assert (any non-null Uint8Array is valid)
+ * @throws {CryptographyAssertionError} If not a Uint8Array
+ * @returns `void` — narrows the type of `value` to `AesPlaintext` on success
+ *
+ * @example
+ * ```typescript
+ * const data = new Uint8Array([1, 2, 3, 4]);
+ * assertAesPlaintext(data);
+ * // data is now typed as AesPlaintext
+ * ```
+ *
+ * @public
+ */
+declare function assertAesPlaintext(value: Uint8Array): asserts value is AesPlaintext;
+/**
+ * Asserts that a value is a valid AES ciphertext with metadata.
+ *
+ * Validates that the value is a Uint8Array with at least 28 bytes
+ * (12-byte IV + 16-byte AuthTag + 0 or more bytes of ciphertext).
+ *
+ * @param value - The Uint8Array to assert (must be at least `AES_METADATA_OVERHEAD` = 28 bytes)
+ * @throws {CryptographyAssertionError} If not a Uint8Array or fewer than 28 bytes
+ * @returns `void` — narrows the type of `value` to `AesCiphertextWithMetadata` on success
+ *
+ * @example
+ * ```typescript
+ * const encrypted = await aesEncrypt(key, plaintext);
+ * assertAesCiphertextWithMetadata(encrypted);
+ * // encrypted is now typed as AesCiphertextWithMetadata
+ * ```
+ *
+ * @public
+ */
+declare function assertAesCiphertextWithMetadata(value: Uint8Array): asserts value is AesCiphertextWithMetadata;
+/**
+ * Byte length of optional data fields used in on-chain instructions.
+ *
+ * @remarks
+ * Optional data fields in Arcium/Umbra protocol instructions are always 32 bytes.
+ *
+ * @internal
+ */
+declare const OPTIONAL_DATA_BYTE_LENGTH = 32;
+/**
+ * A 32-byte array for optional data fields in on-chain instructions.
+ *
+ * @remarks
+ * Optional data fields are used in Arcium/Umbra protocol instructions
+ * for passing additional metadata or future-proofing the protocol.
+ *
+ * ## Properties
+ * - Size: 32 bytes exactly
+ * - Content: Arbitrary bytes (meaning depends on context)
+ * - Default: All zeros if not used
+ *
+ * @example
+ * ```typescript
+ * const optionalData = new Uint8Array(32);
+ * assertOptionalData32(optionalData);
+ * // optionalData is now typed as OptionalData32
+ * ```
+ *
+ * @see {@link assertOptionalData32}
+ * @see {@link OPTIONAL_DATA_BYTE_LENGTH}
+ * @public
+ */
+type OptionalData32 = SubBrandedType<Bytes, "OptionalData32">;
+/**
+ * Asserts that a value is a valid 32-byte optional data array.
+ *
+ * Validates that the value is a Uint8Array with exactly 32 bytes.
+ *
+ * @param value - The Uint8Array to assert (must be exactly 32 bytes)
+ * @param name - Optional name for error messages
+ * @throws {CryptographyAssertionError} If not a Uint8Array or not 32 bytes
+ *
+ * @example
+ * ```typescript
+ * const data = new Uint8Array(32);
+ * assertOptionalData32(data);
+ * // data is now typed as OptionalData32
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // With custom name for better error messages
+ * assertOptionalData32(data, "accountInitOptionalData");
+ * ```
+ *
+ * @public
+ */
+declare function assertOptionalData32(value: Uint8Array, name?: string): asserts value is OptionalData32;
+
+export { type X25519PrivateKey as $, type U16LeBytes as A, type BrandedType as B, type Curve25519FieldElement as C, type U256 as D, type U256BeBytes as E, type U256LeBytes as F, type U32 as G, type U32BeBytes as H, type I1024 as I, type U32LeBytes as J, type U512 as K, type LeBytes as L, type U512BeBytes as M, type U512LeBytes as N, type U64 as O, type PoseidonCiphertext as P, type U64BeBytes as Q, type RcCiphertext as R, type SubBrandedType as S, type U64LeBytes as T, type U128 as U, type U8 as V, type U8BeBytes as W, type X25519PublicKey as X, type U8LeBytes as Y, type UnsignedInteger as Z, type X25519Bytes as _, type BeBytes as a, U256_BYTE_LENGTH as a$, type Base85LimbTuple as a0, type Base85Limb as a1, type SubSubBrandedType as a2, type MasterSeed as a3, type Nonce as a4, type OptionalData32 as a5, type AesKey as a6, type AesCiphertextWithMetadata as a7, type AesPlaintext as a8, type PoseidonCounter as a9, I1024_MIN as aA, I128_MAX as aB, I128_MIN as aC, I16_MAX as aD, I16_MIN as aE, I256_MAX as aF, I256_MIN as aG, I32_MAX as aH, I32_MIN as aI, I512_MAX as aJ, I512_MIN as aK, I64_MAX as aL, I64_MIN as aM, I8_MAX as aN, I8_MIN as aO, type Keccak256Hash as aP, type Keccak512Hash as aQ, MathematicsAssertionError as aR, OPTIONAL_DATA_BYTE_LENGTH as aS, type SubSubSubBrandedType as aT, type SubSubSubSubBrandedType as aU, U1024_BYTE_LENGTH as aV, U1024_MAX as aW, U128_BYTE_LENGTH as aX, U128_MAX as aY, U16_BYTE_LENGTH as aZ, U16_MAX as a_, type PoseidonKeystream as aa, type MasterViewingKey as ab, type SecondViewingKey as ac, type DailyViewingKey as ad, type HourlyViewingKey as ae, type MintViewingKey as af, type MinuteViewingKey as ag, type MonthlyViewingKey as ah, type YearlyViewingKey as ai, type Groth16ProofA as aj, type Groth16ProofB as ak, type Groth16ProofC as al, AES_AUTH_TAG_LENGTH as am, AES_IV_LENGTH as an, AES_KEY_LENGTH as ao, AES_METADATA_OVERHEAD as ap, BASE85_LIMB_MAX as aq, BN254_FIELD_PRIME as ar, CURVE25519_FIELD_PRIME as as, CryptographyAssertionError as at, type ExtractBrand as au, GROTH16_G1_BYTE_LENGTH as av, GROTH16_G2_BYTE_LENGTH as aw, type GenerationSeed as ax, type Groth16Proof as ay, I1024_MAX as az, type Bn254FieldElement as b, assertU128BeBytes as b$, U256_MAX as b0, U32_BYTE_LENGTH as b1, U32_MAX as b2, U512_BYTE_LENGTH as b3, U512_MAX as b4, U64_BYTE_LENGTH as b5, U64_MAX as b6, U8_BYTE_LENGTH as b7, U8_MAX as b8, type UnwrapBrand as b9, assertKeccak256Hash as bA, assertKeccak512Hash as bB, assertLeBytes as bC, assertMasterSeed as bD, assertMasterViewingKey as bE, assertMintViewingKey as bF, assertMinuteViewingKey as bG, assertMonthlyViewingKey as bH, assertOptionalData32 as bI, assertPoseidonCiphertext as bJ, assertPoseidonCounter as bK, assertPoseidonHash as bL, assertPoseidonKey as bM, assertPoseidonKeystream as bN, assertPoseidonPlaintext as bO, assertRcCiphertext as bP, assertRcCounter as bQ, assertRcEncryptionNonce as bR, assertRcKey as bS, assertRcPlaintext as bT, assertSecondViewingKey as bU, assertSharedSecret as bV, assertSignedInteger as bW, assertU1024 as bX, assertU1024BeBytes as bY, assertU1024LeBytes as bZ, assertU128 as b_, type X25519Keypair as ba, X25519_BYTE_LENGTH as bb, ZK_PROOF_BYTE_LENGTH as bc, type ZkProofBytes as bd, assertAesCiphertextWithMetadata as be, assertAesKey as bf, assertAesPlaintext as bg, assertBase85Limb as bh, assertBeBytes as bi, assertBn254FieldElement as bj, assertBytes as bk, assertCurve25519FieldElement as bl, assertDailyViewingKey as bm, assertGenerationSeed as bn, assertGroth16ProofA as bo, assertGroth16ProofB as bp, assertGroth16ProofC as bq, assertHourlyViewingKey as br, assertI1024 as bs, assertI128 as bt, assertI16 as bu, assertI256 as bv, assertI32 as bw, assertI512 as bx, assertI64 as by, assertI8 as bz, type Bytes as c, assertU128LeBytes as c0, assertU16 as c1, assertU16BeBytes as c2, assertU16LeBytes as c3, assertU256 as c4, assertU256BeBytes as c5, assertU256LeBytes as c6, assertU32 as c7, assertU32BeBytes as c8, assertU32LeBytes as c9, assertU512 as ca, assertU512BeBytes as cb, assertU512LeBytes as cc, assertU64 as cd, assertU64BeBytes as ce, assertU64LeBytes as cf, assertU8 as cg, assertU8BeBytes as ch, assertU8LeBytes as ci, assertUnsignedInteger as cj, assertX25519Bytes as ck, assertX25519Keypair as cl, assertX25519PrivateKey as cm, assertX25519PublicKey as cn, assertYearlyViewingKey as co, assertZkProofBytes as cp, type I128 as d, type I16 as e, type I256 as f, type I32 as g, type I512 as h, type I64 as i, type I8 as j, type PoseidonHash as k, type PoseidonKey as l, type PoseidonPlaintext as m, type RcCounter as n, type RcEncryptionNonce as o, type RcKey as p, type RcPlaintext as q, type SharedSecret as r, type SignedInteger as s, type U1024 as t, type U1024BeBytes as u, type U1024LeBytes as v, type U128BeBytes as w, type U128LeBytes as x, type U16 as y, type U16BeBytes as z };