@verbeth/sdk 0.1.4 → 0.1.5

package/dist/src/crypto(old).js

@@ -0,0 +1,137 @@
+// packages/sdk/src/crypto.ts
+import nacl from 'tweetnacl';
+import { keccak256, toUtf8Bytes, dataSlice } from 'ethers';
+import { sha256 } from '@noble/hashes/sha2';
+import { hkdf } from '@noble/hashes/hkdf';
+import { encodePayload, decodePayload, encodeStructuredContent, decodeStructuredContent, extractKeysFromHandshakeResponse } from './payload.js';
+/**
+ * Encrypts a structured payload (JSON-serializable objects)
+ */
+export function encryptStructuredPayload(payload, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey) {
+    // encode payload as binary JSON
+    const plaintext = encodeStructuredContent(payload);
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const box = nacl.box(plaintext, nonce, recipientPublicKey, ephemeralSecretKey);
+    let sig;
+    if (staticSigningSecretKey && staticSigningPublicKey) {
+        const dataToSign = Buffer.concat([ephemeralPublicKey, nonce, box]);
+        sig = nacl.sign.detached(dataToSign, staticSigningSecretKey);
+    }
+    return encodePayload(ephemeralPublicKey, nonce, box, sig);
+}
+/**
+ * Decrypts a structured payload with converter function
+ */
+export function decryptStructuredPayload(payloadJson, recipientSecretKey, converter, staticSigningPublicKey) {
+    const { epk, nonce, ciphertext, sig } = decodePayload(payloadJson);
+    if (sig && staticSigningPublicKey) {
+        const dataToVerify = Buffer.concat([epk, nonce, ciphertext]);
+        const valid = nacl.sign.detached.verify(dataToVerify, sig, staticSigningPublicKey);
+        if (!valid)
+            return null;
+    }
+    const box = nacl.box.open(ciphertext, nonce, epk, recipientSecretKey);
+    if (!box)
+        return null;
+    return decodeStructuredContent(box, converter);
+}
+//  wrappers for encrypting and decrypting messages
+export function encryptMessage(message, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey) {
+    const payload = { content: message };
+    return encryptStructuredPayload(payload, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey);
+}
+export function decryptMessage(payloadJson, recipientSecretKey, staticSigningPublicKey) {
+    const result = decryptStructuredPayload(payloadJson, recipientSecretKey, (obj) => obj, staticSigningPublicKey);
+    return result ? result.content : null;
+}
+/**
+ * Decrypts handshake response and extracts individual keys from unified format
+ */
+export function decryptHandshakeResponse(payloadJson, initiatorEphemeralSecretKey) {
+    return decryptStructuredPayload(payloadJson, initiatorEphemeralSecretKey, (obj) => {
+        if (!obj.identityProof) {
+            throw new Error("Invalid handshake response: missing identityProof");
+        }
+        return {
+            unifiedPubKeys: Uint8Array.from(Buffer.from(obj.unifiedPubKeys, 'base64')),
+            ephemeralPubKey: Uint8Array.from(Buffer.from(obj.ephemeralPubKey, 'base64')),
+            note: obj.note,
+            identityProof: obj.identityProof
+        };
+    });
+}
+/**
+ * helper to decrypt handshake response and extract individual keys
+ */
+export function decryptAndExtractHandshakeKeys(payloadJson, initiatorEphemeralSecretKey) {
+    const decrypted = decryptHandshakeResponse(payloadJson, initiatorEphemeralSecretKey);
+    if (!decrypted)
+        return null;
+    const extracted = extractKeysFromHandshakeResponse(decrypted);
+    if (!extracted)
+        return null;
+    return {
+        identityPubKey: extracted.identityPubKey,
+        signingPubKey: extracted.signingPubKey,
+        ephemeralPubKey: extracted.ephemeralPubKey,
+        note: decrypted.note,
+        identityProof: decrypted.identityProof
+    };
+}
+/**
+ * HKDF(sha256) on shared secret, info="verbeth:hsr", then Keccak-256 -> bytes32 (0x...)
+ */
+function finalizeHsrTag(shared) {
+    const okm = hkdf(sha256, shared, new Uint8Array(0), toUtf8Bytes("verbeth:hsr"), 32);
+    return keccak256(okm);
+}
+/**
+ * Responder: tag = H( KDF( ECDH(r, viewPubA), "verbeth:hsr"))
+ */
+export function computeTagFromResponder(rSecretKey, viewPubA) {
+    const shared = nacl.scalarMult(rSecretKey, viewPubA);
+    return finalizeHsrTag(shared);
+}
+/**
+ * Initiator: tag = H( KDF( ECDH(viewPrivA, R), "verbeth:hsr"))
+ */
+export function computeTagFromInitiator(viewPrivA, R) {
+    const shared = nacl.scalarMult(viewPrivA, R);
+    return finalizeHsrTag(shared);
+}
+/**
+ * Derives a bytes32 topic from the shared secret via HKDF(SHA256) + Keccak-256.
+ * - info: domain separation (e.g., "verbeth:topic-out:v1")
+ * - salt: recommended to use a tag as salt (stable and shareable)
+ */
+function deriveTopic(shared, info, salt) {
+    const okm = hkdf(sha256, shared, salt ?? new Uint8Array(0), new TextEncoder().encode(info), 32);
+    return keccak256(okm);
+}
+export function deriveLongTermShared(myIdentitySecretKey, theirIdentityPublicKey) {
+    return nacl.scalarMult(myIdentitySecretKey, theirIdentityPublicKey);
+}
+/**
+ * Directional duplex topics (Initiator-Responder, Responder-Initiator).
+ * Recommended salt: tag (bytes)
+ */
+export function deriveDuplexTopics(myIdentitySecretKey, theirIdentityPublicKey, salt) {
+    const shared = deriveLongTermShared(myIdentitySecretKey, theirIdentityPublicKey);
+    const topicOut = deriveTopic(shared, "verbeth:topic-out:v1", salt);
+    const topicIn = deriveTopic(shared, "verbeth:topic-in:v1", salt);
+    const chkFull = keccak256(Buffer.concat([
+        toUtf8Bytes("verbeth:topic-chk:v1"),
+        Buffer.from(topicOut.slice(2), 'hex'),
+        Buffer.from(topicIn.slice(2), 'hex'),
+    ]));
+    const checksum = dataSlice(chkFull, 8);
+    return { topicOut, topicIn, checksum };
+}
+export function verifyDuplexTopicsChecksum(topicOut, topicIn, checksum) {
+    const chkFull = keccak256(Buffer.concat([
+        toUtf8Bytes("verbeth:topic-chk:v1"),
+        Buffer.from(topicOut.slice(2), 'hex'),
+        Buffer.from(topicIn.slice(2), 'hex'),
+    ]));
+    return dataSlice(chkFull, 8) === checksum;
+}

package/dist/src/crypto.d.ts

@@ -1,46 +1,24 @@
 import { HandshakeResponseContent } from './payload.js';
 import { IdentityProof } from './types.js';
 /**
- * Encrypts a structured payload (JSON-serializable objects)
+ * Encrypts a structured payload (JSON-serializable objects) using NaCl box.
+ * Used for handshake responses where ratchet is not yet established.
  */
 export declare function encryptStructuredPayload<T>(payload: T, recipientPublicKey: Uint8Array, ephemeralSecretKey: Uint8Array, ephemeralPublicKey: Uint8Array, staticSigningSecretKey?: Uint8Array, staticSigningPublicKey?: Uint8Array): string;
 /**
- * Decrypts a structured payload with converter function
+ * Decrypts a structured payload with converter function.
+ * Used for handshake responses where ratchet is not yet established.
  */
 export declare function decryptStructuredPayload<T>(payloadJson: string, recipientSecretKey: Uint8Array, converter: (obj: any) => T, staticSigningPublicKey?: Uint8Array): T | null;
-export declare function encryptMessage(message: string, recipientPublicKey: Uint8Array, ephemeralSecretKey: Uint8Array, ephemeralPublicKey: Uint8Array, staticSigningSecretKey?: Uint8Array, staticSigningPublicKey?: Uint8Array): string;
-export declare function decryptMessage(payloadJson: string, recipientSecretKey: Uint8Array, staticSigningPublicKey?: Uint8Array): string | null;
-/**
- * Decrypts handshake response and extracts individual keys from unified format
- */
 export declare function decryptHandshakeResponse(payloadJson: string, initiatorEphemeralSecretKey: Uint8Array): HandshakeResponseContent | null;
-/**
- * helper to decrypt handshake response and extract individual keys
- */
 export declare function decryptAndExtractHandshakeKeys(payloadJson: string, initiatorEphemeralSecretKey: Uint8Array): {
     identityPubKey: Uint8Array;
     signingPubKey: Uint8Array;
     ephemeralPubKey: Uint8Array;
+    kemCiphertext?: Uint8Array;
     note?: string;
     identityProof: IdentityProof;
 } | null;
-/**
- * Responder: tag = H( KDF( ECDH(r, viewPubA), "verbeth:hsr"))
- */
-export declare function computeTagFromResponder(rSecretKey: Uint8Array, viewPubA: Uint8Array): `0x${string}`;
-/**
- * Initiator: tag = H( KDF( ECDH(viewPrivA, R), "verbeth:hsr"))
- */
-export declare function computeTagFromInitiator(viewPrivA: Uint8Array, R: Uint8Array): `0x${string}`;
-export declare function deriveLongTermShared(myIdentitySecretKey: Uint8Array, theirIdentityPublicKey: Uint8Array): Uint8Array;
-/**
- * Directional duplex topics (Initiator-Responder, Responder-Initiator).
- * Recommended salt: tag (bytes)
- */
-export declare function deriveDuplexTopics(myIdentitySecretKey: Uint8Array, theirIdentityPublicKey: Uint8Array, salt?: Uint8Array): {
-    topicOut: `0x${string}`;
-    topicIn: `0x${string}`;
-    checksum: `0x${string}`;
-};
-export declare function verifyDuplexTopicsChecksum(topicOut: `0x${string}`, topicIn: `0x${string}`, checksum: `0x${string}`): boolean;
+export declare function computeHybridTagFromResponder(rSecretKey: Uint8Array, viewPubA: Uint8Array, kemSecret: Uint8Array): `0x${string}`;
+export declare function computeHybridTagFromInitiator(viewPrivA: Uint8Array, R: Uint8Array, kemSecret: Uint8Array): `0x${string}`;
 //# sourceMappingURL=crypto.d.ts.map

package/dist/src/crypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAMA,OAAO,EAML,wBAAwB,EAEzB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE3C;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EACxC,OAAO,EAAE,CAAC,EACV,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,sBAAsB,CAAC,EAAE,UAAU,EACnC,sBAAsB,CAAC,EAAE,UAAU,GAClC,MAAM,CAcR;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EACxC,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,UAAU,EAC9B,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,EAC1B,sBAAsB,CAAC,EAAE,UAAU,GAClC,CAAC,GAAG,IAAI,CAaV;AAGD,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,sBAAsB,CAAC,EAAE,UAAU,EACnC,sBAAsB,CAAC,EAAE,UAAU,GAClC,MAAM,CAUR;AAED,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,UAAU,EAC9B,sBAAsB,CAAC,EAAE,UAAU,GAClC,MAAM,GAAG,IAAI,CAQf;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,EACnB,2BAA2B,EAAE,UAAU,GACtC,wBAAwB,GAAG,IAAI,CAgBjC;AAED;;GAEG;AACH,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,MAAM,EACnB,2BAA2B,EAAE,UAAU,GACtC;IACD,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;IAC1B,eAAe,EAAE,UAAU,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;CAC9B,GAAG,IAAI,CAcP;AAWD;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,UAAU,GACnB,KAAK,MAAM,EAAE,CAGf;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,UAAU,EACrB,CAAC,EAAE,UAAU,GACZ,KAAK,MAAM,EAAE,CAGf;AAkBD,wBAAgB,oBAAoB,CAClC,mBAAmB,EAAE,UAAU,EAC/B,sBAAsB,EAAE,UAAU,GACjC,UAAU,CAEZ;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,mBAAmB,EAAE,UAAU,EAC/B,sBAAsB,EAAE,UAAU,EAClC,IAAI,CAAC,EAAE,UAAU,GAChB;IAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,KAAK,MAAM,EAAE,CAAC;IAAC,QAAQ,EAAE,KAAK,MAAM,EAAE,CAAA;CAAE,CAW9E;AAED,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,KAAK,MAAM,EAAE,EACvB,OAAO,EAAE,KAAK,MAAM,EAAE,EACtB,QAAQ,EAAE,KAAK,MAAM,EAAE,GACtB,OAAO,CAOT"}
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/crypto.ts"],"names":[],"mappings":"AAkBA,OAAO,EAKL,wBAAwB,EAEzB,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAM3C;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EACxC,OAAO,EAAE,CAAC,EACV,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,kBAAkB,EAAE,UAAU,EAC9B,sBAAsB,CAAC,EAAE,UAAU,EACnC,sBAAsB,CAAC,EAAE,UAAU,GAClC,MAAM,CAcR;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EACxC,WAAW,EAAE,MAAM,EACnB,kBAAkB,EAAE,UAAU,EAC9B,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,EAC1B,sBAAsB,CAAC,EAAE,UAAU,GAClC,CAAC,GAAG,IAAI,CAaV;AAOD,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,MAAM,EACnB,2BAA2B,EAAE,UAAU,GACtC,wBAAwB,GAAG,IAAI,CAiBjC;AAGD,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,MAAM,EACnB,2BAA2B,EAAE,UAAU,GACtC;IACD,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;IAC1B,eAAe,EAAE,UAAU,CAAC;IAC5B,aAAa,CAAC,EAAE,UAAU,CAAC;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;CAC9B,GAAG,IAAI,CAeP;AAWD,wBAAgB,6BAA6B,CAC3C,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,UAAU,EACpB,SAAS,EAAE,UAAU,GACpB,KAAK,MAAM,EAAE,CAGf;AAED,wBAAgB,6BAA6B,CAC3C,SAAS,EAAE,UAAU,EACrB,CAAC,EAAE,UAAU,EACb,SAAS,EAAE,UAAU,GACpB,KAAK,MAAM,EAAE,CAGf"}

package/dist/src/crypto.js

@@ -1,11 +1,26 @@
 // packages/sdk/src/crypto.ts
+/**
+ * This module handles:
+ * - Handshake encryption/decryption
+ * - Tag computation for handshake responses
+ *
+ * Post-handshake message encryption uses the ratchet module.
+ * See `ratchet/encrypt.ts` and `ratchet/decrypt.ts` for Double Ratchet.
+ *
+ * Topic derivation is handled entirely by the ratchet module.
+ * See `ratchet/kdf.ts` for `deriveTopicFromDH`.
+ */
 import nacl from 'tweetnacl';
-import { keccak256, toUtf8Bytes, dataSlice } from 'ethers';
+import { keccak256, toUtf8Bytes } from 'ethers';
 import { sha256 } from '@noble/hashes/sha2';
 import { hkdf } from '@noble/hashes/hkdf';
 import { encodePayload, decodePayload, encodeStructuredContent, decodeStructuredContent, extractKeysFromHandshakeResponse } from './payload.js';
+// =============================================================================
+// Handshake Encryption
+// =============================================================================
 /**
- * Encrypts a structured payload (JSON-serializable objects)
+ * Encrypts a structured payload (JSON-serializable objects) using NaCl box.
+ * Used for handshake responses where ratchet is not yet established.
  */
 export function encryptStructuredPayload(payload, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey) {
     // encode payload as binary JSON
@@ -20,7 +35,8 @@ export function encryptStructuredPayload(payload, recipientPublicKey, ephemeralS
     return encodePayload(ephemeralPublicKey, nonce, box, sig);
 }
 /**
- * Decrypts a structured payload with converter function
+ * Decrypts a structured payload with converter function.
+ * Used for handshake responses where ratchet is not yet established.
  */
 export function decryptStructuredPayload(payloadJson, recipientSecretKey, converter, staticSigningPublicKey) {
     const { epk, nonce, ciphertext, sig } = decodePayload(payloadJson);
@@ -35,18 +51,9 @@ export function decryptStructuredPayload(payloadJson, recipientSecretKey, conver
         return null;
     return decodeStructuredContent(box, converter);
 }
-//  wrappers for encrypting and decrypting messages
-export function encryptMessage(message, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey) {
-    const payload = { content: message };
-    return encryptStructuredPayload(payload, recipientPublicKey, ephemeralSecretKey, ephemeralPublicKey, staticSigningSecretKey, staticSigningPublicKey);
-}
-export function decryptMessage(payloadJson, recipientSecretKey, staticSigningPublicKey) {
-    const result = decryptStructuredPayload(payloadJson, recipientSecretKey, (obj) => obj, staticSigningPublicKey);
-    return result ? result.content : null;
-}
-/**
- * Decrypts handshake response and extracts individual keys from unified format
- */
+// =============================================================================
+// Handshake Response Decryption
+// =============================================================================
 export function decryptHandshakeResponse(payloadJson, initiatorEphemeralSecretKey) {
     return decryptStructuredPayload(payloadJson, initiatorEphemeralSecretKey, (obj) => {
         if (!obj.identityProof) {
@@ -55,14 +62,12 @@ export function decryptHandshakeResponse(payloadJson, initiatorEphemeralSecretKe
         return {
             unifiedPubKeys: Uint8Array.from(Buffer.from(obj.unifiedPubKeys, 'base64')),
             ephemeralPubKey: Uint8Array.from(Buffer.from(obj.ephemeralPubKey, 'base64')),
+            ...(obj.kemCiphertext && { kemCiphertext: Uint8Array.from(Buffer.from(obj.kemCiphertext, 'base64')) }),
             note: obj.note,
-            identityProof: obj.identityProof
+            identityProof: obj.identityProof,
         };
     });
 }
-/**
- * helper to decrypt handshake response and extract individual keys
- */
 export function decryptAndExtractHandshakeKeys(payloadJson, initiatorEphemeralSecretKey) {
     const decrypted = decryptHandshakeResponse(payloadJson, initiatorEphemeralSecretKey);
     if (!decrypted)
@@ -74,64 +79,23 @@ export function decryptAndExtractHandshakeKeys(payloadJson, initiatorEphemeralSe
         identityPubKey: extracted.identityPubKey,
         signingPubKey: extracted.signingPubKey,
         ephemeralPubKey: extracted.ephemeralPubKey,
+        kemCiphertext: decrypted.kemCiphertext,
         note: decrypted.note,
         identityProof: decrypted.identityProof
     };
 }
-/**
- * HKDF(sha256) on shared secret, info="verbeth:hsr", then Keccak-256 -> bytes32 (0x...)
- */
-function finalizeHsrTag(shared) {
-    const okm = hkdf(sha256, shared, new Uint8Array(0), toUtf8Bytes("verbeth:hsr"), 32);
+// =============================================================================
+// Hybrid Tag Computation (PQ-Secure)
+// =============================================================================
+function finalizeHybridHsrTag(kemSecret, ecdhShared) {
+    const okm = hkdf(sha256, kemSecret, ecdhShared, toUtf8Bytes("verbeth:hsr-hybrid:v1"), 32);
     return keccak256(okm);
 }
-/**
- * Responder: tag = H( KDF( ECDH(r, viewPubA), "verbeth:hsr"))
- */
-export function computeTagFromResponder(rSecretKey, viewPubA) {
-    const shared = nacl.scalarMult(rSecretKey, viewPubA);
-    return finalizeHsrTag(shared);
-}
-/**
- * Initiator: tag = H( KDF( ECDH(viewPrivA, R), "verbeth:hsr"))
- */
-export function computeTagFromInitiator(viewPrivA, R) {
-    const shared = nacl.scalarMult(viewPrivA, R);
-    return finalizeHsrTag(shared);
-}
-/**
- * Derives a bytes32 topic from the shared secret via HKDF(SHA256) + Keccak-256.
- * - info: domain separation (e.g., "verbeth:topic-out:v1")
- * - salt: recommended to use a tag as salt (stable and shareable)
- */
-function deriveTopic(shared, info, salt) {
-    const okm = hkdf(sha256, shared, salt ?? new Uint8Array(0), new TextEncoder().encode(info), 32);
-    return keccak256(okm);
-}
-export function deriveLongTermShared(myIdentitySecretKey, theirIdentityPublicKey) {
-    return nacl.scalarMult(myIdentitySecretKey, theirIdentityPublicKey);
-}
-/**
- * Directional duplex topics (Initiator-Responder, Responder-Initiator).
- * Recommended salt: tag (bytes)
- */
-export function deriveDuplexTopics(myIdentitySecretKey, theirIdentityPublicKey, salt) {
-    const shared = deriveLongTermShared(myIdentitySecretKey, theirIdentityPublicKey);
-    const topicOut = deriveTopic(shared, "verbeth:topic-out:v1", salt);
-    const topicIn = deriveTopic(shared, "verbeth:topic-in:v1", salt);
-    const chkFull = keccak256(Buffer.concat([
-        toUtf8Bytes("verbeth:topic-chk:v1"),
-        Buffer.from(topicOut.slice(2), 'hex'),
-        Buffer.from(topicIn.slice(2), 'hex'),
-    ]));
-    const checksum = dataSlice(chkFull, 8);
-    return { topicOut, topicIn, checksum };
+export function computeHybridTagFromResponder(rSecretKey, viewPubA, kemSecret) {
+    const ecdhShared = nacl.scalarMult(rSecretKey, viewPubA);
+    return finalizeHybridHsrTag(kemSecret, ecdhShared);
 }
-export function verifyDuplexTopicsChecksum(topicOut, topicIn, checksum) {
-    const chkFull = keccak256(Buffer.concat([
-        toUtf8Bytes("verbeth:topic-chk:v1"),
-        Buffer.from(topicOut.slice(2), 'hex'),
-        Buffer.from(topicIn.slice(2), 'hex'),
-    ]));
-    return dataSlice(chkFull, 8) === checksum;
+export function computeHybridTagFromInitiator(viewPrivA, R, kemSecret) {
+    const ecdhShared = nacl.scalarMult(viewPrivA, R);
+    return finalizeHybridHsrTag(kemSecret, ecdhShared);
 }

package/dist/src/executor.d.ts

@@ -20,8 +20,7 @@ export declare class BaseSmartAccountExecutor implements IExecutor {
     private subAccountAddress?;
     private logChainInterface;
     private chainId;
-    constructor(baseAccountProvider: any, logChainAddress: string, chainId?: number, // Base mainnet by default
-    paymasterServiceUrl?: string | undefined, subAccountAddress?: string | undefined);
+    constructor(baseAccountProvider: any, logChainAddress: string, chainId?: number, paymasterServiceUrl?: string | undefined, subAccountAddress?: string | undefined);
     sendMessage(ciphertext: Uint8Array, topic: string, timestamp: number, nonce: bigint): Promise<any>;
     initiateHandshake(recipientHash: string, pubKeys: string, ephemeralPubKey: string, plaintextPayload: Uint8Array): Promise<any>;
     respondToHandshake(inResponseTo: string, responderEphemeralR: string, ciphertext: Uint8Array): Promise<any>;

package/dist/src/executor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/executor.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,MAAM,EACN,QAAQ,EAER,YAAY,EAGb,MAAM,QAAQ,CAAC;AAOhB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAOrE,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAGpE;AA0BD,MAAM,WAAW,SAAS;IACxB,WAAW,CACT,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhB,iBAAiB,CACf,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhB,kBAAkB,CAChB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC,CAAC;CACjB;AAGD,qBAAa,WAAY,YAAW,SAAS;IAC/B,OAAO,CAAC,QAAQ;gBAAR,QAAQ,EAAE,UAAU;IAElC,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAIT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAST,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;CAGhB;AAGD,qBAAa,wBAAyB,YAAW,SAAS;IAKtD,OAAO,CAAC,mBAAmB;IAC3B,OAAO,CAAC,eAAe;IAEvB,OAAO,CAAC,mBAAmB,CAAC;IAC5B,OAAO,CAAC,iBAAiB,CAAC;IAR5B,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,OAAO,CAAS;gBAGd,mBAAmB,EAAE,GAAG,EACxB,eAAe,EAAE,MAAM,EAC/B,OAAO,SAAO,EAAE,0BAA0B;IAClC,mBAAmB,CAAC,EAAE,MAAM,YAAA,EAC5B,iBAAiB,CAAC,EAAE,MAAM,YAAA;IAiB9B,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAiBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAeT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAeD,YAAY;CAkD3B;AAGD,qBAAa,cAAe,YAAW,SAAS;IAK5C,OAAO,CAAC,mBAAmB;IAC3B,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,kBAAkB;IAP5B,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,qBAAqB,CAAY;gBAG/B,mBAAmB,EAAE,MAAM,EAC3B,eAAe,EAAE,MAAM,EACvB,aAAa,EAAE,GAAG,EAClB,kBAAkB,EAAE,GAAG;IAc3B,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAkBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAkBT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAkBD,aAAa;CA8B5B;AAGD,qBAAa,wBAAyB,YAAW,SAAS;IAOtD,OAAO,CAAC,mBAAmB;IAE3B,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,kBAAkB;IAC1B,OAAO,CAAC,MAAM;IAVhB,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,qBAAqB,CAAY;IACzC,OAAO,CAAC,kBAAkB,CAAW;IACrC,OAAO,CAAC,IAAI,CAAgB;gBAGlB,mBAAmB,EAAE,MAAM,EACnC,kBAAkB,EAAE,QAAQ,GAAG,YAAY,EACnC,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE,GAAG,EACvB,MAAM,EAAE,MAAM;IAiBlB,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAkBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAkBT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAkBD,mBAAmB;CAoDlC;AAED,qBAAa,eAAe;IAC1B,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,GAAG,SAAS;IAIjD,MAAM,CAAC,sBAAsB,CAC3B,mBAAmB,EAAE,GAAG,EACxB,eAAe,EAAE,MAAM,EACvB,OAAO,SAAO,EACd,mBAAmB,CAAC,EAAE,MAAM,EAC5B,iBAAiB,CAAC,EAAE,MAAM,GACzB,SAAS;IAUZ,MAAM,CAAC,YAAY,CACjB,mBAAmB,EAAE,MAAM,EAC3B,kBAAkB,EAAE,MAAM,EAC1B,eAAe,EAAE,MAAM,EACvB,aAAa,EAAE,GAAG,EAClB,kBAAkB,EAAE,GAAG,GACtB,SAAS;IASZ,MAAM,CAAC,sBAAsB,CAC3B,mBAAmB,EAAE,MAAM,EAC3B,kBAAkB,EAAE,QAAQ,GAAG,YAAY,EAC3C,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE,GAAG,EACvB,MAAM,EAAE,MAAM,GACb,SAAS;WAWC,UAAU,CACrB,eAAe,EAAE,GAAG,EACpB,QAAQ,EAAE,UAAU,EACpB,OAAO,CAAC,EAAE;QACR,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,kBAAkB,CAAC,EAAE,QAAQ,GAAG,YAAY,CAAC;QAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,aAAa,CAAC,EAAE,GAAG,CAAC;QACpB,mBAAmB,CAAC,EAAE,GAAG,CAAC;QAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;KAC7B,GACA,OAAO,CAAC,SAAS,CAAC;CAkEtB"}
+{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../src/executor.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,MAAM,EACN,QAAQ,EAER,YAAY,EAGb,MAAM,QAAQ,CAAC;AAOhB,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oCAAoC,CAAC;AAMrE,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAGpE;AA0BD,MAAM,WAAW,SAAS;IACxB,WAAW,CACT,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhB,iBAAiB,CACf,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC,CAAC;IAEhB,kBAAkB,CAChB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC,CAAC;CACjB;AAGD,qBAAa,WAAY,YAAW,SAAS;IAC/B,OAAO,CAAC,QAAQ;gBAAR,QAAQ,EAAE,UAAU;IAElC,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAIT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAST,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;CAGhB;AAGD,qBAAa,wBAAyB,YAAW,SAAS;IAKtD,OAAO,CAAC,mBAAmB;IAC3B,OAAO,CAAC,eAAe;IAEvB,OAAO,CAAC,mBAAmB,CAAC;IAC5B,OAAO,CAAC,iBAAiB,CAAC;IAR5B,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,OAAO,CAAS;gBAGd,mBAAmB,EAAE,GAAG,EACxB,eAAe,EAAE,MAAM,EAC/B,OAAO,SAAO,EACN,mBAAmB,CAAC,EAAE,MAAM,YAAA,EAC5B,iBAAiB,CAAC,EAAE,MAAM,YAAA;IAgB9B,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAiBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAeT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAeD,YAAY;CA2C3B;AAGD,qBAAa,cAAe,YAAW,SAAS;IAK5C,OAAO,CAAC,mBAAmB;IAC3B,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,kBAAkB;IAP5B,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,qBAAqB,CAAY;gBAG/B,mBAAmB,EAAE,MAAM,EAC3B,eAAe,EAAE,MAAM,EACvB,aAAa,EAAE,GAAG,EAClB,kBAAkB,EAAE,GAAG;IAa3B,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAkBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAkBT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAkBD,aAAa;CA8B5B;AAGD,qBAAa,wBAAyB,YAAW,SAAS;IAOtD,OAAO,CAAC,mBAAmB;IAE3B,OAAO,CAAC,eAAe;IACvB,OAAO,CAAC,kBAAkB;IAC1B,OAAO,CAAC,MAAM;IAVhB,OAAO,CAAC,iBAAiB,CAAY;IACrC,OAAO,CAAC,qBAAqB,CAAY;IACzC,OAAO,CAAC,kBAAkB,CAAW;IACrC,OAAO,CAAC,IAAI,CAAgB;gBAGlB,mBAAmB,EAAE,MAAM,EACnC,kBAAkB,EAAE,QAAQ,GAAG,YAAY,EACnC,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE,GAAG,EACvB,MAAM,EAAE,MAAM;IAgBlB,WAAW,CACf,UAAU,EAAE,UAAU,EACtB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,GAAG,CAAC;IAkBT,iBAAiB,CACrB,aAAa,EAAE,MAAM,EACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,GAAG,CAAC;IAkBT,kBAAkB,CACtB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,MAAM,EAC3B,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,GAAG,CAAC;YAkBD,mBAAmB;CAiDlC;AAED,qBAAa,eAAe;IAC1B,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,GAAG,SAAS;IAIjD,MAAM,CAAC,sBAAsB,CAC3B,mBAAmB,EAAE,GAAG,EACxB,eAAe,EAAE,MAAM,EACvB,OAAO,SAAO,EACd,mBAAmB,CAAC,EAAE,MAAM,EAC5B,iBAAiB,CAAC,EAAE,MAAM,GACzB,SAAS;IAUZ,MAAM,CAAC,YAAY,CACjB,mBAAmB,EAAE,MAAM,EAC3B,kBAAkB,EAAE,MAAM,EAC1B,eAAe,EAAE,MAAM,EACvB,aAAa,EAAE,GAAG,EAClB,kBAAkB,EAAE,GAAG,GACtB,SAAS;IASZ,MAAM,CAAC,sBAAsB,CAC3B,mBAAmB,EAAE,MAAM,EAC3B,kBAAkB,EAAE,QAAQ,GAAG,YAAY,EAC3C,eAAe,EAAE,MAAM,EACvB,kBAAkB,EAAE,GAAG,EACvB,MAAM,EAAE,MAAM,GACb,SAAS;WAWC,UAAU,CACrB,eAAe,EAAE,GAAG,EACpB,QAAQ,EAAE,UAAU,EACpB,OAAO,CAAC,EAAE;QACR,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,kBAAkB,CAAC,EAAE,QAAQ,GAAG,YAAY,CAAC;QAC7C,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,aAAa,CAAC,EAAE,GAAG,CAAC;QACpB,mBAAmB,CAAC,EAAE,GAAG,CAAC;QAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,iBAAiB,CAAC,EAAE,OAAO,CAAC;KAC7B,GACA,OAAO,CAAC,SAAS,CAAC;CAgEtB"}

package/dist/src/executor.js

@@ -3,7 +3,6 @@ import { Interface, toBeHex, zeroPadValue, } from "ethers";
 function pack128x128(high, low) {
     return (high << 128n) | (low & ((1n << 128n) - 1n));
 }
-// Unpack a packed 256-bit value into two 128-bit values
 export function split128x128(word) {
     const lowMask = (1n << 128n) - 1n;
     return [word >> 128n, word & lowMask];
@@ -47,8 +46,7 @@ export class EOAExecutor {
 }
 // Base Smart Account Executor - Uses wallet_sendCalls for sponsored transactions
 export class BaseSmartAccountExecutor {
-    constructor(baseAccountProvider, logChainAddress, chainId = 8453, // Base mainnet by default
-    paymasterServiceUrl, subAccountAddress) {
+    constructor(baseAccountProvider, logChainAddress, chainId = 8453, paymasterServiceUrl, subAccountAddress) {
         this.baseAccountProvider = baseAccountProvider;
         this.logChainAddress = logChainAddress;
         this.paymasterServiceUrl = paymasterServiceUrl;
@@ -58,7 +56,6 @@ export class BaseSmartAccountExecutor {
             "function initiateHandshake(bytes32 recipientHash, bytes pubKeys, bytes ephemeralPubKey, bytes plaintextPayload)",
             "function respondToHandshake(bytes32 inResponseTo, bytes32 responderEphemeralR, bytes ciphertext)",
         ]);
-        // Convert chainId to hex
         this.chainId =
             chainId === 8453
                 ? "0x2105" // Base mainnet
@@ -103,7 +100,6 @@ export class BaseSmartAccountExecutor {
     }
     async executeCalls(calls) {
         try {
-            //console.log("DEBUG: Sub account address:", this.subAccountAddress);
             const requestParams = {
                 version: "1.0",
                 chainId: this.chainId,
@@ -112,7 +108,6 @@ export class BaseSmartAccountExecutor {
             //** WORK IN PROGRESS */
             if (this.subAccountAddress) {
                 requestParams.from = this.subAccountAddress;
-                //console.log("DEBUG: Using sub account for transaction");
             }
             if (this.paymasterServiceUrl) {
                 requestParams.capabilities = {
@@ -120,19 +115,15 @@ export class BaseSmartAccountExecutor {
                         url: this.paymasterServiceUrl,
                     },
                 };
-                //console.log("DEBUG: Using paymaster for gas sponsorship");
             }
-            //console.log("DEBUG: Request params:", requestParams);
             const result = await this.baseAccountProvider.request({
                 method: "wallet_sendCalls",
                 params: [requestParams],
             });
-            // first 32 bytes are the actual userop hash
             if (typeof result === "string" &&
                 result.startsWith("0x") &&
                 result.length > 66) {
-                const actualTxHash = "0x" + result.slice(2, 66); // Extract first 32 bytes
-                //console.log("DEBUG: extracted tx hash:", actualTxHash);
+                const actualTxHash = "0x" + result.slice(2, 66);
                 return { hash: actualTxHash };
             }
             return result;
@@ -155,7 +146,6 @@ export class UserOpExecutor {
             "function initiateHandshake(bytes32 recipientHash, bytes pubKeys, bytes ephemeralPubKey, bytes plaintextPayload)",
             "function respondToHandshake(bytes32 inResponseTo, bytes32 responderEphemeralR, bytes ciphertext)",
         ]);
-        // Smart account interface for executing calls to other contracts
         this.smartAccountInterface = new Interface([
             "function execute(address target, uint256 value, bytes calldata data) returns (bytes)",
         ]);
@@ -164,7 +154,7 @@ export class UserOpExecutor {
         const logChainCallData = this.logChainInterface.encodeFunctionData("sendMessage", [ciphertext, topic, timestamp, nonce]);
         const smartAccountCallData = this.smartAccountInterface.encodeFunctionData("execute", [
             this.logChainAddress,
-            0, // value
+            0,
             logChainCallData,
         ]);
         return this.executeUserOp(smartAccountCallData);
@@ -173,7 +163,7 @@ export class UserOpExecutor {
         const logChainCallData = this.logChainInterface.encodeFunctionData("initiateHandshake", [recipientHash, pubKeys, ephemeralPubKey, plaintextPayload]);
         const smartAccountCallData = this.smartAccountInterface.encodeFunctionData("execute", [
             this.logChainAddress,
-            0, // value
+            0,
             logChainCallData,
         ]);
         return this.executeUserOp(smartAccountCallData);
@@ -182,7 +172,7 @@ export class UserOpExecutor {
         const logChainCallData = this.logChainInterface.encodeFunctionData("respondToHandshake", [inResponseTo, responderEphemeralR, ciphertext]);
         const smartAccountCallData = this.smartAccountInterface.encodeFunctionData("execute", [
             this.logChainAddress,
-            0, // value
+            0,
             logChainCallData,
         ]);
         return this.executeUserOp(smartAccountCallData);
@@ -209,7 +199,7 @@ export class UserOpExecutor {
         return receipt;
     }
 }
-// Direct EntryPoint Executor - for local testing (bypasses bundler)
+// Direct EntryPoint Executor (bypasses bundler for local testing)
 export class DirectEntryPointExecutor {
     constructor(smartAccountAddress, entryPointContract, logChainAddress, smartAccountClient, signer) {
         this.smartAccountAddress = smartAccountAddress;
@@ -221,7 +211,6 @@ export class DirectEntryPointExecutor {
             "function initiateHandshake(bytes32 recipientHash, bytes pubKeys, bytes ephemeralPubKey, bytes plaintextPayload)",
             "function respondToHandshake(bytes32 inResponseTo, bytes32 responderEphemeralR, bytes ciphertext)",
         ]);
-        // Smart account interface for executing calls to other contracts
         this.smartAccountInterface = new Interface([
             "function execute(address target, uint256 value, bytes calldata data) returns (bytes)",
         ]);
@@ -241,7 +230,7 @@ export class DirectEntryPointExecutor {
         const logChainCallData = this.logChainInterface.encodeFunctionData("initiateHandshake", [recipientHash, pubKeys, ephemeralPubKey, plaintextPayload]);
         const smartAccountCallData = this.smartAccountInterface.encodeFunctionData("execute", [
             this.logChainAddress,
-            0, // value
+            0,
             logChainCallData,
         ]);
         return this.executeDirectUserOp(smartAccountCallData);
@@ -250,7 +239,7 @@ export class DirectEntryPointExecutor {
         const logChainCallData = this.logChainInterface.encodeFunctionData("respondToHandshake", [inResponseTo, responderEphemeralR, ciphertext]);
         const smartAccountCallData = this.smartAccountInterface.encodeFunctionData("execute", [
             this.logChainAddress,
-            0, // value
+            0,
             logChainCallData,
         ]);
         return this.executeDirectUserOp(smartAccountCallData);
@@ -290,11 +279,8 @@ export class DirectEntryPointExecutor {
                 signature: "0x",
             };
         }
-        // Pad bigints, bytes32 before signing
         const paddedUserOp = padBigints(userOp);
-        //console.log("Padded UserOp:", paddedUserOp);
         const signed = await this.smartAccountClient.signUserOperation(paddedUserOp);
-        // Direct submit to EntryPoint
         const tx = await this.entryPointContract.handleOps([signed], await this.signer.getAddress());
         return tx;
     }
@@ -320,7 +306,6 @@ export class ExecutorFactory {
         try {
             const provider = signerOrAccount?.provider || signerOrAccount;
             if (provider && typeof provider.request === "function") {
-                // test if provider supports wallet_sendCalls
                 const capabilities = await provider
                     .request({
                     method: "wallet_getCapabilities",
@@ -347,7 +332,6 @@ export class ExecutorFactory {
                 return new UserOpExecutor(signerOrAccount.address, options.logChainAddress, options.bundlerClient, signerOrAccount);
             }
         }
-        // default to EOA executor
         return new EOAExecutor(contract);
     }
 }

package/dist/src/handshake.d.ts

@@ -0,0 +1,51 @@
+import { Signer } from "ethers";
+import nacl from 'tweetnacl';
+import { IdentityKeyPair, IdentityProof } from './types.js';
+import { IExecutor } from './executor.js';
+export interface KemKeyPair {
+    publicKey: Uint8Array;
+    secretKey: Uint8Array;
+}
+/**
+ * Initiates an on-chain handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint
+ *
+ * @returns Transaction, ephemeral keypair, and KEM keypair (must be persisted for session init)
+ */
+export declare function initiateHandshake({ executor, recipientAddress, identityKeyPair, plaintextPayload, identityProof, }: {
+    executor: IExecutor;
+    recipientAddress: string;
+    identityKeyPair: IdentityKeyPair;
+    plaintextPayload: string;
+    identityProof: IdentityProof;
+    signer?: Signer;
+}): Promise<{
+    tx: any;
+    ephemeralKeyPair: nacl.BoxKeyPair;
+    kemKeyPair: KemKeyPair;
+}>;
+/**
+ * Responds to a handshake with unified keys and mandatory identity proof.
+ * Executor-agnostic: works with EOA, UserOp, and Direct EntryPoint
+ *
+ * If initiator includes KEM public key, encapsulates a shared secret and includes ciphertext in response.
+ *
+ * @returns Transaction, tag, salt, ephemeral keys, and KEM secret
+ */
+export declare function respondToHandshake({ executor, initiatorEphemeralPubKey, responderIdentityKeyPair, note, identityProof, }: {
+    executor: IExecutor;
+    /** Initiator's ephemeral key (32 bytes X25519) OR extended key (1216 bytes: X25519 + ML-KEM) */
+    initiatorEphemeralPubKey: Uint8Array;
+    responderIdentityKeyPair: IdentityKeyPair;
+    note?: string;
+    identityProof: IdentityProof;
+    signer?: Signer;
+}): Promise<{
+    tx: any;
+    salt: Uint8Array;
+    tag: `0x${string}`;
+    responderEphemeralSecret: Uint8Array;
+    responderEphemeralPublic: Uint8Array;
+    kemSharedSecret?: Uint8Array;
+}>;
+//# sourceMappingURL=handshake.d.ts.map

package/dist/src/handshake.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handshake.d.ts","sourceRoot":"","sources":["../../src/handshake.ts"],"names":[],"mappings":"AAEA,OAAO,EAIL,MAAM,EAEP,MAAM,QAAQ,CAAC;AAChB,OAAO,IAAI,MAAM,WAAW,CAAC;AAQ7B,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAI1C,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE,UAAU,CAAC;CACvB;AAED;;;;;GAKG;AACH,wBAAsB,iBAAiB,CAAC,EACtC,QAAQ,EACR,gBAAgB,EAChB,eAAe,EACf,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,eAAe,CAAC;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,aAAa,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC;IACV,EAAE,EAAE,GAAG,CAAC;IACR,gBAAgB,EAAE,IAAI,CAAC,UAAU,CAAC;IAClC,UAAU,EAAE,UAAU,CAAC;CACxB,CAAC,CA4CD;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CAAC,EACvC,QAAQ,EACR,wBAAwB,EACxB,wBAAwB,EACxB,IAAI,EACJ,aAAa,GACd,EAAE;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,gGAAgG;IAChG,wBAAwB,EAAE,UAAU,CAAC;IACrC,wBAAwB,EAAE,eAAe,CAAC;IAC1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,aAAa,CAAC;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC;IACV,EAAE,EAAE,GAAG,CAAC;IACR,IAAI,EAAE,UAAU,CAAC;IACjB,GAAG,EAAE,KAAK,MAAM,EAAE,CAAC;IAEnB,wBAAwB,EAAE,UAAU,CAAC;IAErC,wBAAwB,EAAE,UAAU,CAAC;IAErC,eAAe,CAAC,EAAE,UAAU,CAAC;CAC9B,CAAC,CAuFD"}