@vocdoni/davinci-sdk 0.1.1 → 0.1.2

package/dist/index.js

@@ -2,8 +2,28 @@
 
 var axios = require('axios');
 var davinciContracts = require('@vocdoni/davinci-contracts');
-var snarkjs = require('snarkjs');
 var ethers = require('ethers');
+var snarkjs = require('snarkjs');
+var circomlibjs = require('circomlibjs');
+
+function _interopNamespaceDefault(e) {
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+
+var snarkjs__namespace = /*#__PURE__*/_interopNamespaceDefault(snarkjs);
 
 var ElectionResultsTypeNames = /* @__PURE__ */ ((ElectionResultsTypeNames2) => {
   ElectionResultsTypeNames2["SINGLE_CHOICE_MULTIQUESTION"] = "single-choice-multiquestion";
@@ -1882,97 +1902,6 @@ class ProcessOrchestrationService {
   }
 }
 
-class CircomProof {
-  constructor(opts = {}) {
-    // simple in-memory cache keyed by URL
-    this.wasmCache = /* @__PURE__ */ new Map();
-    this.zkeyCache = /* @__PURE__ */ new Map();
-    this.vkeyCache = /* @__PURE__ */ new Map();
-    this.wasmUrl = opts.wasmUrl;
-    this.zkeyUrl = opts.zkeyUrl;
-    this.vkeyUrl = opts.vkeyUrl;
-    this.wasmHash = opts.wasmHash;
-    this.zkeyHash = opts.zkeyHash;
-    this.vkeyHash = opts.vkeyHash;
-  }
-  /**
-   * Computes SHA-256 hash of the given data and compares it with the expected hash.
-   * @param data - The data to hash (string or ArrayBuffer or Uint8Array)
-   * @param expectedHash - The expected SHA-256 hash in hexadecimal format
-   * @param filename - The filename for error reporting
-   * @throws Error if the computed hash doesn't match the expected hash
-   */
-  verifyHash(data, expectedHash, filename) {
-    let bytes;
-    if (typeof data === "string") {
-      bytes = new TextEncoder().encode(data);
-    } else if (data instanceof ArrayBuffer) {
-      bytes = new Uint8Array(data);
-    } else {
-      bytes = data;
-    }
-    const computedHash = ethers.sha256(bytes).slice(2);
-    if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
-      throw new Error(
-        `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
-      );
-    }
-  }
-  /**
-   * Generate a zk‐SNARK proof.
-   * If you didn't pass wasmUrl/zkeyUrl in the constructor you must supply them here.
-   */
-  async generate(inputs, urls = {}) {
-    const wasmUrl = urls.wasmUrl ?? this.wasmUrl;
-    const zkeyUrl = urls.zkeyUrl ?? this.zkeyUrl;
-    if (!wasmUrl) throw new Error("`wasmUrl` is required to generate a proof");
-    if (!zkeyUrl) throw new Error("`zkeyUrl` is required to generate a proof");
-    let wasmBin = this.wasmCache.get(wasmUrl);
-    if (!wasmBin) {
-      const r = await fetch(wasmUrl);
-      if (!r.ok) throw new Error(`Failed to fetch wasm at ${wasmUrl}: ${r.status}`);
-      const buf = await r.arrayBuffer();
-      wasmBin = new Uint8Array(buf);
-      if (this.wasmHash) {
-        this.verifyHash(wasmBin, this.wasmHash, "circuit.wasm");
-      }
-      this.wasmCache.set(wasmUrl, wasmBin);
-    }
-    let zkeyBin = this.zkeyCache.get(zkeyUrl);
-    if (!zkeyBin) {
-      const r = await fetch(zkeyUrl);
-      if (!r.ok) throw new Error(`Failed to fetch zkey at ${zkeyUrl}: ${r.status}`);
-      const buf = await r.arrayBuffer();
-      zkeyBin = new Uint8Array(buf);
-      if (this.zkeyHash) {
-        this.verifyHash(zkeyBin, this.zkeyHash, "proving_key.zkey");
-      }
-      this.zkeyCache.set(zkeyUrl, zkeyBin);
-    }
-    const { proof, publicSignals } = await snarkjs.groth16.fullProve(inputs, wasmBin, zkeyBin);
-    return {
-      proof,
-      publicSignals
-    };
-  }
-  async verify(proof, publicSignals, urlOverride) {
-    const vkeyUrl = urlOverride ?? this.vkeyUrl;
-    if (!vkeyUrl) throw new Error("`vkeyUrl` is required to verify a proof");
-    let vk = this.vkeyCache.get(vkeyUrl);
-    if (!vk) {
-      const r = await fetch(vkeyUrl);
-      if (!r.ok) throw new Error(`Failed to fetch vkey at ${vkeyUrl}: ${r.status}`);
-      const vkeyText = await r.text();
-      if (this.vkeyHash) {
-        this.verifyHash(vkeyText, this.vkeyHash, "verification_key.json");
-      }
-      vk = JSON.parse(vkeyText);
-      this.vkeyCache.set(vkeyUrl, vk);
-    }
-    return snarkjs.groth16.verify(vk, publicSignals, proof);
-  }
-}
-
 var VoteStatus = /* @__PURE__ */ ((VoteStatus2) => {
   VoteStatus2["Pending"] = "pending";
   VoteStatus2["Verified"] = "verified";
@@ -1984,11 +1913,15 @@ var VoteStatus = /* @__PURE__ */ ((VoteStatus2) => {
 })(VoteStatus || {});
 
 class VoteOrchestrationService {
-  constructor(apiService, getCrypto, signer, censusProviders = {}, config = {}) {
+  constructor(apiService, getBallotInputGenerator, signer, censusProviders = {}, config = {}) {
     this.apiService = apiService;
-    this.getCrypto = getCrypto;
+    this.getBallotInputGenerator = getBallotInputGenerator;
     this.signer = signer;
     this.censusProviders = censusProviders;
+    // Cache for circuit files
+    this.wasmCache = /* @__PURE__ */ new Map();
+    this.zkeyCache = /* @__PURE__ */ new Map();
+    this.vkeyCache = /* @__PURE__ */ new Map();
     this.verifyCircuitFiles = config.verifyCircuitFiles ?? true;
     this.verifyProof = config.verifyProof ?? true;
   }
@@ -2038,7 +1971,7 @@ class VoteOrchestrationService {
     if (process.census.censusOrigin === CensusOrigin.CSP) {
       voteRequest.censusProof = censusProof;
     }
-    await this.submitVoteRequest(voteRequest);
+    await this.apiService.sequencer.submitVote(voteRequest);
     const status = await this.apiService.sequencer.getVoteStatus(config.processId, voteId);
     return {
       voteId,
@@ -2187,30 +2120,29 @@ class VoteOrchestrationService {
     throw new Error(`Unsupported census origin: ${censusOrigin}`);
   }
   /**
-   * Generate vote proof inputs using DavinciCrypto
+   * Generate vote proof inputs using BallotInputGenerator
    */
   async generateVoteProofInputs(processId, voterAddress, encryptionKey, ballotMode, choices, weight, customRandomness) {
-    const crypto = await this.getCrypto();
+    const generator = await this.getBallotInputGenerator();
     this.validateChoices(choices, ballotMode);
-    const fieldValues = choices.map((choice) => choice.toString());
-    const inputs = {
-      address: voterAddress.replace(/^0x/, ""),
-      processID: processId.replace(/^0x/, ""),
-      encryptionKey: [encryptionKey.x, encryptionKey.y],
-      ballotMode,
-      weight,
-      fieldValues
-    };
+    let k;
     if (customRandomness) {
       const hexRandomness = customRandomness.startsWith("0x") ? customRandomness : "0x" + customRandomness;
-      const k = BigInt(hexRandomness).toString();
-      inputs.k = k;
+      k = BigInt(hexRandomness).toString();
     }
-    const cryptoOutput = await crypto.proofInputs(inputs);
+    const result = await generator.generateInputs(
+      processId.replace(/^0x/, ""),
+      voterAddress.replace(/^0x/, ""),
+      encryptionKey,
+      ballotMode,
+      choices,
+      weight,
+      k
+    );
     return {
-      voteId: cryptoOutput.voteId,
-      cryptoOutput,
-      circomInputs: cryptoOutput.circomInputs
+      voteId: result.voteId,
+      cryptoOutput: result,
+      circomInputs: result.circomInputs
     };
   }
   /**
@@ -2227,29 +2159,79 @@ class VoteOrchestrationService {
     }
   }
   /**
-   * Generate zk-SNARK proof using CircomProof
+   * Verify hash of downloaded file
+   */
+  verifyHash(data, expectedHash, filename) {
+    const computedHash = ethers.sha256(data).slice(2);
+    if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+      throw new Error(
+        `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+      );
+    }
+  }
+  /**
+   * Generate zk-SNARK proof using snarkjs directly (no CircomProof wrapper)
    */
   async generateZkProof(circomInputs) {
     const info = await this.apiService.sequencer.getInfo();
-    const circomProof = new CircomProof({
-      wasmUrl: info.circuitUrl,
-      zkeyUrl: info.provingKeyUrl,
-      vkeyUrl: info.verificationKeyUrl,
-      // Only pass hashes if verifyCircuitFiles is enabled
-      ...this.verifyCircuitFiles && {
-        wasmHash: info.circuitHash,
-        zkeyHash: info.provingKeyHash,
-        vkeyHash: info.verificationKeyHash
+    let wasmBytes = this.wasmCache.get(info.circuitUrl);
+    if (!wasmBytes) {
+      const response = await fetch(info.circuitUrl);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch WASM at ${info.circuitUrl}: ${response.status}`);
       }
-    });
-    const { proof, publicSignals } = await circomProof.generate(circomInputs);
+      const buffer = await response.arrayBuffer();
+      wasmBytes = new Uint8Array(buffer);
+      if (this.verifyCircuitFiles) {
+        this.verifyHash(wasmBytes, info.circuitHash, "circuit.wasm");
+      }
+      this.wasmCache.set(info.circuitUrl, wasmBytes);
+    }
+    let zkeyBytes = this.zkeyCache.get(info.provingKeyUrl);
+    if (!zkeyBytes) {
+      const response = await fetch(info.provingKeyUrl);
+      if (!response.ok) {
+        throw new Error(`Failed to fetch zkey at ${info.provingKeyUrl}: ${response.status}`);
+      }
+      const buffer = await response.arrayBuffer();
+      zkeyBytes = new Uint8Array(buffer);
+      if (this.verifyCircuitFiles) {
+        this.verifyHash(zkeyBytes, info.provingKeyHash, "proving_key.zkey");
+      }
+      this.zkeyCache.set(info.provingKeyUrl, zkeyBytes);
+    }
+    const { proof, publicSignals } = await snarkjs__namespace.groth16.fullProve(
+      circomInputs,
+      wasmBytes,
+      zkeyBytes
+    );
     if (this.verifyProof) {
-      const isValid = await circomProof.verify(proof, publicSignals);
+      let vkey = this.vkeyCache.get(info.verificationKeyUrl);
+      if (!vkey) {
+        const response = await fetch(info.verificationKeyUrl);
+        if (!response.ok) {
+          throw new Error(`Failed to fetch vkey at ${info.verificationKeyUrl}: ${response.status}`);
+        }
+        const vkeyText = await response.text();
+        if (this.verifyCircuitFiles) {
+          const vkeyBytes = new TextEncoder().encode(vkeyText);
+          this.verifyHash(vkeyBytes, info.verificationKeyHash, "verification_key.json");
+        }
+        vkey = JSON.parse(vkeyText);
+        this.vkeyCache.set(info.verificationKeyUrl, vkey);
+      }
+      const isValid = await snarkjs__namespace.groth16.verify(vkey, publicSignals, proof);
       if (!isValid) {
         throw new Error("Generated proof is invalid");
       }
     }
-    return { proof, publicSignals };
+    const voteProof = {
+      pi_a: proof.pi_a,
+      pi_b: proof.pi_b,
+      pi_c: proof.pi_c,
+      protocol: proof.protocol
+    };
+    return { proof: voteProof, publicSignals };
   }
   hexToBytes(hex) {
     const clean = hex.replace(/^0x/, "");
@@ -2264,22 +2246,6 @@ class VoteOrchestrationService {
   async signVote(voteId) {
     return this.signer.signMessage(this.hexToBytes(voteId));
   }
-  /**
-   * Submit the vote request to the sequencer
-   */
-  async submitVoteRequest(voteRequest) {
-    const ballotProof = {
-      pi_a: voteRequest.ballotProof.pi_a,
-      pi_b: voteRequest.ballotProof.pi_b,
-      pi_c: voteRequest.ballotProof.pi_c,
-      protocol: voteRequest.ballotProof.protocol
-    };
-    const request = {
-      ...voteRequest,
-      ballotProof
-    };
-    await this.apiService.sequencer.submitVote(request);
-  }
 }
 
 class OrganizationRegistryService extends SmartContractService {
@@ -2378,6 +2344,97 @@ class OrganizationRegistryService extends SmartContractService {
   }
 }
 
+class CircomProof {
+  constructor(opts = {}) {
+    // simple in-memory cache keyed by URL
+    this.wasmCache = /* @__PURE__ */ new Map();
+    this.zkeyCache = /* @__PURE__ */ new Map();
+    this.vkeyCache = /* @__PURE__ */ new Map();
+    this.wasmUrl = opts.wasmUrl;
+    this.zkeyUrl = opts.zkeyUrl;
+    this.vkeyUrl = opts.vkeyUrl;
+    this.wasmHash = opts.wasmHash;
+    this.zkeyHash = opts.zkeyHash;
+    this.vkeyHash = opts.vkeyHash;
+  }
+  /**
+   * Computes SHA-256 hash of the given data and compares it with the expected hash.
+   * @param data - The data to hash (string or ArrayBuffer or Uint8Array)
+   * @param expectedHash - The expected SHA-256 hash in hexadecimal format
+   * @param filename - The filename for error reporting
+   * @throws Error if the computed hash doesn't match the expected hash
+   */
+  verifyHash(data, expectedHash, filename) {
+    let bytes;
+    if (typeof data === "string") {
+      bytes = new TextEncoder().encode(data);
+    } else if (data instanceof ArrayBuffer) {
+      bytes = new Uint8Array(data);
+    } else {
+      bytes = data;
+    }
+    const computedHash = ethers.sha256(bytes).slice(2);
+    if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+      throw new Error(
+        `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+      );
+    }
+  }
+  /**
+   * Generate a zk‐SNARK proof.
+   * If you didn't pass wasmUrl/zkeyUrl in the constructor you must supply them here.
+   */
+  async generate(inputs, urls = {}) {
+    const wasmUrl = urls.wasmUrl ?? this.wasmUrl;
+    const zkeyUrl = urls.zkeyUrl ?? this.zkeyUrl;
+    if (!wasmUrl) throw new Error("`wasmUrl` is required to generate a proof");
+    if (!zkeyUrl) throw new Error("`zkeyUrl` is required to generate a proof");
+    let wasmBin = this.wasmCache.get(wasmUrl);
+    if (!wasmBin) {
+      const r = await fetch(wasmUrl);
+      if (!r.ok) throw new Error(`Failed to fetch wasm at ${wasmUrl}: ${r.status}`);
+      const buf = await r.arrayBuffer();
+      wasmBin = new Uint8Array(buf);
+      if (this.wasmHash) {
+        this.verifyHash(wasmBin, this.wasmHash, "circuit.wasm");
+      }
+      this.wasmCache.set(wasmUrl, wasmBin);
+    }
+    let zkeyBin = this.zkeyCache.get(zkeyUrl);
+    if (!zkeyBin) {
+      const r = await fetch(zkeyUrl);
+      if (!r.ok) throw new Error(`Failed to fetch zkey at ${zkeyUrl}: ${r.status}`);
+      const buf = await r.arrayBuffer();
+      zkeyBin = new Uint8Array(buf);
+      if (this.zkeyHash) {
+        this.verifyHash(zkeyBin, this.zkeyHash, "proving_key.zkey");
+      }
+      this.zkeyCache.set(zkeyUrl, zkeyBin);
+    }
+    const { proof, publicSignals } = await snarkjs.groth16.fullProve(inputs, wasmBin, zkeyBin);
+    return {
+      proof,
+      publicSignals
+    };
+  }
+  async verify(proof, publicSignals, urlOverride) {
+    const vkeyUrl = urlOverride ?? this.vkeyUrl;
+    if (!vkeyUrl) throw new Error("`vkeyUrl` is required to verify a proof");
+    let vk = this.vkeyCache.get(vkeyUrl);
+    if (!vk) {
+      const r = await fetch(vkeyUrl);
+      if (!r.ok) throw new Error(`Failed to fetch vkey at ${vkeyUrl}: ${r.status}`);
+      const vkeyText = await r.text();
+      if (this.vkeyHash) {
+        this.verifyHash(vkeyText, this.vkeyHash, "verification_key.json");
+      }
+      vk = JSON.parse(vkeyText);
+      this.vkeyCache.set(vkeyUrl, vk);
+    }
+    return snarkjs.groth16.verify(vk, publicSignals, proof);
+  }
+}
+
 class DavinciCrypto {
   constructor(opts) {
     this.initialized = false;
@@ -2561,6 +2618,518 @@ class DavinciCrypto {
   }
 }
 
+class DavinciCSP {
+  constructor(opts) {
+    this.initialized = false;
+    const { wasmExecUrl, wasmUrl, initTimeoutMs, wasmExecHash, wasmHash } = opts;
+    if (!wasmExecUrl) throw new Error("`wasmExecUrl` is required");
+    if (!wasmUrl) throw new Error("`wasmUrl` is required");
+    this.wasmExecUrl = wasmExecUrl;
+    this.wasmUrl = wasmUrl;
+    this.initTimeoutMs = initTimeoutMs ?? 5e3;
+    this.wasmExecHash = wasmExecHash;
+    this.wasmHash = wasmHash;
+  }
+  static {
+    // Cache for wasm files
+    this.wasmExecCache = /* @__PURE__ */ new Map();
+  }
+  static {
+    this.wasmBinaryCache = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Computes SHA-256 hash of the given data and compares it with the expected hash.
+   * @param data - The data to hash (string or ArrayBuffer)
+   * @param expectedHash - The expected SHA-256 hash in hexadecimal format
+   * @param filename - The filename for error reporting
+   * @throws Error if the computed hash doesn't match the expected hash
+   */
+  verifyHash(data, expectedHash, filename) {
+    let bytes;
+    if (typeof data === "string") {
+      bytes = new TextEncoder().encode(data);
+    } else {
+      bytes = new Uint8Array(data);
+    }
+    const computedHash = ethers.sha256(bytes).slice(2);
+    if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+      throw new Error(
+        `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+      );
+    }
+  }
+  /**
+   * Must be awaited before calling CSP functions.
+   * Safe to call multiple times.
+   */
+  async init() {
+    if (this.initialized) return;
+    let shimCode = DavinciCSP.wasmExecCache.get(this.wasmExecUrl);
+    if (!shimCode) {
+      const shim = await fetch(this.wasmExecUrl);
+      if (!shim.ok) {
+        throw new Error(`Failed to fetch wasm_exec.js from ${this.wasmExecUrl}`);
+      }
+      shimCode = await shim.text();
+      if (this.wasmExecHash) {
+        this.verifyHash(shimCode, this.wasmExecHash, "wasm_exec.js");
+      }
+      DavinciCSP.wasmExecCache.set(this.wasmExecUrl, shimCode);
+    }
+    new Function(shimCode)();
+    if (typeof globalThis.Go !== "function") {
+      throw new Error("Global `Go` constructor not found after loading wasm_exec.js");
+    }
+    this.go = new globalThis.Go();
+    let bytes = DavinciCSP.wasmBinaryCache.get(this.wasmUrl);
+    if (!bytes) {
+      const resp = await fetch(this.wasmUrl);
+      if (!resp.ok) {
+        throw new Error(`Failed to fetch davinci_crypto.wasm from ${this.wasmUrl}`);
+      }
+      bytes = await resp.arrayBuffer();
+      if (this.wasmHash) {
+        this.verifyHash(bytes, this.wasmHash, "davinci_crypto.wasm");
+      }
+      DavinciCSP.wasmBinaryCache.set(this.wasmUrl, bytes);
+    }
+    const { instance } = await WebAssembly.instantiate(bytes, this.go.importObject);
+    this.go.run(instance).catch(() => {
+    });
+    const deadline = Date.now() + this.initTimeoutMs;
+    while (Date.now() < deadline && !globalThis.DavinciCrypto) {
+      await new Promise((r) => setTimeout(r, 50));
+    }
+    if (!globalThis.DavinciCrypto) {
+      throw new Error("`DavinciCrypto` not initialized within timeout");
+    }
+    this.initialized = true;
+  }
+  /**
+   * Generate a CSP (Credential Service Provider) signature for census proof.
+   * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+   * @param privKey - The private key in hex format
+   * @param processId - The process ID in hex format
+   * @param address - The address in hex format
+   * @param weight - The vote weight as a decimal string
+   * @returns The CSP proof as a parsed JSON object
+   * @throws if called before `await init()`, or if Go returns an error
+   */
+  async cspSign(censusOrigin, privKey, processId, address, weight) {
+    if (!this.initialized) {
+      throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+    }
+    const raw = globalThis.DavinciCrypto.cspSign(censusOrigin, privKey, processId, address, weight);
+    if (raw.error) {
+      throw new Error(`Go/WASM cspSign error: ${raw.error}`);
+    }
+    if (!raw.data) {
+      throw new Error("Go/WASM cspSign returned no data");
+    }
+    return raw.data;
+  }
+  /**
+   * Verify a CSP (Credential Service Provider) proof.
+   * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+   * @param root - The census root
+   * @param address - The address
+   * @param weight - The vote weight as a decimal string
+   * @param processId - The process ID
+   * @param publicKey - The public key
+   * @param signature - The signature
+   * @returns The verification result
+   * @throws if called before `await init()`, or if Go returns an error
+   */
+  async cspVerify(censusOrigin, root, address, weight, processId, publicKey, signature) {
+    if (!this.initialized) {
+      throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+    }
+    const cspProof = {
+      censusOrigin,
+      root,
+      address,
+      weight,
+      processId,
+      publicKey,
+      signature
+    };
+    const raw = globalThis.DavinciCrypto.cspVerify(JSON.stringify(cspProof));
+    if (raw.error) {
+      throw new Error(`Go/WASM cspVerify error: ${raw.error}`);
+    }
+    if (!raw.data) {
+      throw new Error("Go/WASM cspVerify returned no data");
+    }
+    return raw.data;
+  }
+  /**
+   * Generate a CSP (Credential Service Provider) census root.
+   * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+   * @param privKey - The private key in hex format
+   * @returns The census root as a hexadecimal string
+   * @throws if called before `await init()`, or if Go returns an error
+   */
+  async cspCensusRoot(censusOrigin, privKey) {
+    if (!this.initialized) {
+      throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+    }
+    const raw = globalThis.DavinciCrypto.cspCensusRoot(censusOrigin, privKey);
+    if (raw.error) {
+      throw new Error(`Go/WASM cspCensusRoot error: ${raw.error}`);
+    }
+    if (!raw.data) {
+      throw new Error("Go/WASM cspCensusRoot returned no data");
+    }
+    return raw.data.root;
+  }
+}
+
+function getRandomBytes(n) {
+  if (typeof globalThis.crypto !== "undefined" && globalThis.crypto.getRandomValues) {
+    return globalThis.crypto.getRandomValues(new Uint8Array(n));
+  }
+  throw new Error("Crypto not available");
+}
+async function buildElGamal() {
+  const babyjub = await circomlibjs.buildBabyjub();
+  const F = babyjub.F;
+  function randomScalar() {
+    const bytes = getRandomBytes(32);
+    let bi = 0n;
+    for (let i = 0; i < bytes.length; i++) {
+      bi += BigInt(bytes[i]) << BigInt(8 * i);
+    }
+    return bi % babyjub.order;
+  }
+  function generateKeyPair() {
+    const privKey = randomScalar();
+    const pubKey = babyjub.mulPointEscalar(babyjub.Base8, privKey);
+    return { privKey, pubKey };
+  }
+  function encrypt(msg, pubKey, k) {
+    const kVal = BigInt(k);
+    const mVal = BigInt(msg);
+    const c1 = babyjub.mulPointEscalar(babyjub.Base8, kVal);
+    const s = babyjub.mulPointEscalar(pubKey, kVal);
+    const mPoint = babyjub.mulPointEscalar(babyjub.Base8, mVal);
+    const c2 = babyjub.addPoint(mPoint, s);
+    return { c1, c2 };
+  }
+  return {
+    babyjub,
+    F,
+    encrypt,
+    generateKeyPair,
+    randomScalar,
+    packPoint: babyjub.packPoint,
+    unpackPoint: babyjub.unpackPoint
+  };
+}
+
+const FIELD_MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+const SCALING_FACTOR = 6360561867910373094066688120553762416144456282423235903351243436111059670888n;
+function modInverse(a, m) {
+  let [old_r, r] = [a, m];
+  let [old_s, s] = [1n, 0n];
+  while (r !== 0n) {
+    const quotient = old_r / r;
+    [old_r, r] = [r, old_r - quotient * r];
+    [old_s, s] = [s, old_s - quotient * s];
+  }
+  return (old_s % m + m) % m;
+}
+function mod(n, m) {
+  return (n % m + m) % m;
+}
+function fromRTEtoTE(x, y) {
+  const negF = mod(-SCALING_FACTOR, FIELD_MODULUS);
+  const negFInv = modInverse(negF, FIELD_MODULUS);
+  const xTE = mod(x * negFInv, FIELD_MODULUS);
+  return [xTE, y];
+}
+function hexToDecimal(hex) {
+  const cleanHex = hex.startsWith("0x") || hex.startsWith("0X") ? hex : "0x" + hex;
+  return BigInt(cleanHex).toString();
+}
+function parseBallotMode(ballotMode) {
+  return {
+    numFields: ballotMode.numFields,
+    uniqueValues: ballotMode.uniqueValues ? 1 : 0,
+    maxValue: parseInt(ballotMode.maxValue),
+    minValue: parseInt(ballotMode.minValue),
+    maxValueSum: parseInt(ballotMode.maxValueSum),
+    minValueSum: parseInt(ballotMode.minValueSum),
+    costExponent: ballotMode.costExponent,
+    costFromWeight: ballotMode.costFromWeight ? 1 : 0
+  };
+}
+class BallotBuilder {
+  constructor(elgamal, poseidon) {
+    this.elgamal = elgamal;
+    this.poseidon = poseidon;
+    this.F = poseidon.F;
+  }
+  static async build() {
+    const elgamal = await buildElGamal();
+    const poseidon = await circomlibjs.buildPoseidon();
+    return new BallotBuilder(elgamal, poseidon);
+  }
+  randomK() {
+    return this.elgamal.randomScalar().toString();
+  }
+  derivePoseidonChain(seedK, n) {
+    let current = BigInt(seedK);
+    const out = [current.toString()];
+    for (let i = 0; i < n; i++) {
+      const h = this.poseidon([current]);
+      const hBig = BigInt(this.F.toString(h, 10));
+      out.push(hBig.toString());
+      current = hBig;
+    }
+    return out;
+  }
+  // Matches circuits/lib/multiposeidon.circom logic
+  multiHash(inputs) {
+    const nInputs = inputs.length;
+    if (nInputs <= 16) {
+      return this.F.toObject(this.poseidon(inputs));
+    }
+    const chunks = [];
+    for (let i = 0; i < nInputs; i += 16) {
+      chunks.push(inputs.slice(i, i + 16));
+    }
+    const intermediateHashes = [];
+    for (const chunk of chunks) {
+      intermediateHashes.push(this.F.toObject(this.poseidon(chunk)));
+    }
+    return this.F.toObject(this.poseidon(intermediateHashes));
+  }
+  encryptFields(fields, pubKey, seedK, nFields) {
+    const paddedFields = [...fields];
+    while (paddedFields.length < nFields) {
+      paddedFields.push(0);
+    }
+    const ks = this.derivePoseidonChain(seedK, nFields);
+    const cipherfields = [];
+    for (let i = 0; i < nFields; i++) {
+      const k = ks[i + 1];
+      const msg = BigInt(paddedFields[i]);
+      const enc = this.elgamal.encrypt(msg, pubKey, k);
+      cipherfields.push([
+        [this.elgamal.F.toString(enc.c1[0], 10), this.elgamal.F.toString(enc.c1[1], 10)],
+        [this.elgamal.F.toString(enc.c2[0], 10), this.elgamal.F.toString(enc.c2[1], 10)]
+      ]);
+    }
+    return { cipherfields, paddedFields };
+  }
+  computeVoteID(processId, address, k) {
+    const h = this.poseidon([BigInt(processId), BigInt(address), BigInt(k)]);
+    const hBig = BigInt(this.F.toString(h, 10));
+    const mask = (1n << 160n) - 1n;
+    return (hBig & mask).toString();
+  }
+  computeInputsHash(inputs) {
+    return this.multiHash(inputs).toString();
+  }
+  /**
+   * Creates a public key point from TE coordinates (as strings or bigints).
+   * Use this when you already have coordinates in TE format.
+   */
+  createPubKeyFromTE(x, y) {
+    return [this.elgamal.F.e(BigInt(x)), this.elgamal.F.e(BigInt(y))];
+  }
+  /**
+   * Creates a public key point from RTE coordinates (as strings or bigints).
+   * Use this when you have coordinates from a Gnark-based system (like the DAVINCI sequencer).
+   * This automatically converts from RTE to TE format.
+   */
+  createPubKeyFromRTE(x, y) {
+    const [xTE, yTE] = fromRTEtoTE(BigInt(x), BigInt(y));
+    return [this.elgamal.F.e(xTE), this.elgamal.F.e(yTE)];
+  }
+  /**
+   * Generates ballot inputs for the circuit.
+   *
+   * IMPORTANT: The pubKey must be in TE (Twisted Edwards) format as used by circomlibjs.
+   * If you have RTE coordinates from a Gnark-based system (like DAVINCI sequencer),
+   * use `createPubKeyFromRTE()` or `generateInputsFromSequencer()` instead.
+   *
+   * @param fields - The vote field values
+   * @param weight - The voter's weight
+   * @param pubKey - Public key as field elements [x, y] in TE format (use createPubKeyFromTE/RTE)
+   * @param processId - Process ID as decimal string
+   * @param address - Voter address as decimal string
+   * @param k - Random k value for encryption
+   * @param config - Ballot configuration
+   * @param circuitCapacity - Number of fields the circuit supports (default: 8)
+   */
+  generateInputs(fields, weight, pubKey, processId, address, k, config, circuitCapacity = 8) {
+    const activeFields = fields.length;
+    const { cipherfields, paddedFields } = this.encryptFields(fields, pubKey, k, circuitCapacity);
+    const voteId = this.computeVoteID(processId, address, k);
+    const inputsList = [];
+    const ffProcessID = mod(BigInt(processId), FIELD_MODULUS);
+    inputsList.push(ffProcessID);
+    inputsList.push(BigInt(activeFields));
+    inputsList.push(BigInt(config.uniqueValues));
+    inputsList.push(BigInt(config.maxValue));
+    inputsList.push(BigInt(config.minValue));
+    inputsList.push(BigInt(config.maxValueSum));
+    inputsList.push(BigInt(config.minValueSum));
+    inputsList.push(BigInt(config.costExponent));
+    inputsList.push(BigInt(config.costFromWeight));
+    inputsList.push(BigInt(this.elgamal.F.toString(pubKey[0], 10)));
+    inputsList.push(BigInt(this.elgamal.F.toString(pubKey[1], 10)));
+    inputsList.push(BigInt(address));
+    inputsList.push(BigInt(voteId));
+    for (const cf of cipherfields) {
+      inputsList.push(BigInt(cf[0][0]));
+      inputsList.push(BigInt(cf[0][1]));
+      inputsList.push(BigInt(cf[1][0]));
+      inputsList.push(BigInt(cf[1][1]));
+    }
+    inputsList.push(BigInt(weight));
+    const inputsHash = this.computeInputsHash(inputsList);
+    return {
+      fields: paddedFields,
+      weight,
+      encryption_pubkey: [
+        this.elgamal.F.toString(pubKey[0], 10),
+        this.elgamal.F.toString(pubKey[1], 10)
+      ],
+      cipherfields,
+      process_id: processId,
+      address,
+      k,
+      vote_id: voteId,
+      inputs_hash: inputsHash,
+      // Config
+      num_fields: activeFields,
+      unique_values: config.uniqueValues,
+      max_value: config.maxValue,
+      min_value: config.minValue,
+      max_value_sum: config.maxValueSum,
+      min_value_sum: config.minValueSum,
+      cost_exponent: config.costExponent,
+      cost_from_weight: config.costFromWeight
+    };
+  }
+  /**
+   * Generates ballot inputs from sequencer data.
+   * This is a convenience method that handles the RTE to TE conversion
+   * for the public key automatically.
+   *
+   * @param sequencerData - Data from the DAVINCI sequencer
+   * @param fields - The vote field values
+   * @param weight - The voter's weight
+   * @param k - Optional random k value (generated if not provided)
+   * @param circuitCapacity - The number of fields the circuit supports (default: 8)
+   */
+  generateInputsFromSequencer(sequencerData, fields, weight, k, circuitCapacity = 8) {
+    const processId = hexToDecimal(sequencerData.processId);
+    const address = hexToDecimal(sequencerData.address);
+    const [pubKeyX_TE, pubKeyY_TE] = fromRTEtoTE(
+      BigInt(sequencerData.pubKeyX),
+      BigInt(sequencerData.pubKeyY)
+    );
+    const pubKey = [this.elgamal.F.e(pubKeyX_TE), this.elgamal.F.e(pubKeyY_TE)];
+    const config = parseBallotMode(sequencerData.ballotMode);
+    const kValue = k ?? this.randomK();
+    return this.generateInputs(fields, weight, pubKey, processId, address, kValue, config, circuitCapacity);
+  }
+}
+
+class BallotInputGenerator {
+  constructor() {
+    this.initialized = false;
+  }
+  /**
+   * Initialize the ballot input generator
+   * Must be called before generating inputs
+   */
+  async init() {
+    if (this.initialized) return;
+    this.builder = await BallotBuilder.build();
+    this.initialized = true;
+  }
+  /**
+   * Generate ballot inputs for voting
+   * @param processId - Process ID (hex string without 0x)
+   * @param address - Voter address (hex string without 0x)
+   * @param encryptionKey - Encryption public key [x, y]
+   * @param ballotMode - Ballot mode configuration
+   * @param choices - Array of voter choices
+   * @param weight - Voter weight
+   * @param customK - Optional custom randomness (will be generated if not provided)
+   * @returns Ballot inputs ready for proof generation
+   */
+  async generateInputs(processId, address, encryptionKey, ballotMode, choices, weight, customK) {
+    if (!this.initialized || !this.builder) {
+      throw new Error("BallotInputGenerator not initialized \u2014 call `await init()` first");
+    }
+    const ballotInputs = this.builder.generateInputsFromSequencer(
+      {
+        processId,
+        address: "0x" + address,
+        pubKeyX: encryptionKey.x,
+        pubKeyY: encryptionKey.y,
+        ballotMode: {
+          numFields: ballotMode.numFields,
+          uniqueValues: ballotMode.uniqueValues,
+          maxValue: ballotMode.maxValue,
+          minValue: ballotMode.minValue,
+          maxValueSum: ballotMode.maxValueSum,
+          minValueSum: ballotMode.minValueSum,
+          costExponent: ballotMode.costExponent,
+          costFromWeight: ballotMode.costFromWeight
+        }
+      },
+      choices,
+      parseInt(weight),
+      customK,
+      8
+    );
+    const circomInputs = {
+      fields: ballotInputs.fields.map((f) => f.toString()),
+      num_fields: ballotInputs.num_fields.toString(),
+      unique_values: ballotInputs.unique_values.toString(),
+      max_value: ballotInputs.max_value.toString(),
+      min_value: ballotInputs.min_value.toString(),
+      max_value_sum: ballotInputs.max_value_sum.toString(),
+      min_value_sum: ballotInputs.min_value_sum.toString(),
+      cost_exponent: ballotInputs.cost_exponent.toString(),
+      cost_from_weight: ballotInputs.cost_from_weight.toString(),
+      address: ballotInputs.address,
+      weight: ballotInputs.weight.toString(),
+      process_id: ballotInputs.process_id,
+      vote_id: ballotInputs.vote_id,
+      encryption_pubkey: [
+        ballotInputs.encryption_pubkey[0],
+        ballotInputs.encryption_pubkey[1]
+      ],
+      k: ballotInputs.k,
+      cipherfields: ballotInputs.cipherfields.flat(2),
+      inputs_hash: ballotInputs.inputs_hash
+    };
+    const ciphertexts = ballotInputs.cipherfields.map((cf) => ({
+      c1: [cf[0][0], cf[0][1]],
+      c2: [cf[1][0], cf[1][1]]
+    }));
+    const output = {
+      processId: "0x" + BigInt(ballotInputs.process_id).toString(16).padStart(64, "0"),
+      address: "0x" + BigInt(ballotInputs.address).toString(16).padStart(40, "0"),
+      ballot: {
+        curveType: "bjj_iden3",
+        ciphertexts
+      },
+      ballotInputsHash: ballotInputs.inputs_hash,
+      voteId: "0x" + BigInt(ballotInputs.vote_id).toString(16).padStart(64, "0"),
+      circomInputs
+    };
+    return output;
+  }
+}
+
 class DavinciSDK {
   constructor(config) {
     this.initialized = false;
@@ -2650,6 +3219,30 @@ class DavinciSDK {
     }
     return this.davinciCrypto;
   }
+  /**
+   * Get or initialize the DavinciCSP service for CSP cryptographic operations
+   */
+  async getCSP() {
+    if (!this.davinciCSP) {
+      const info = await this.apiService.sequencer.getInfo();
+      this.davinciCSP = new DavinciCSP({
+        wasmExecUrl: info.ballotProofWasmHelperExecJsUrl,
+        wasmUrl: info.ballotProofWasmHelperUrl
+      });
+      await this.davinciCSP.init();
+    }
+    return this.davinciCSP;
+  }
+  /**
+   * Get or initialize the BallotInputGenerator service for ballot input generation
+   */
+  async getBallotInputGenerator() {
+    if (!this.ballotInputGenerator) {
+      this.ballotInputGenerator = new BallotInputGenerator();
+      await this.ballotInputGenerator.init();
+    }
+    return this.ballotInputGenerator;
+  }
   /**
    * Get the process orchestration service for simplified process creation.
    * Requires a signer with a provider for blockchain interactions.
@@ -2676,7 +3269,7 @@ class DavinciSDK {
     if (!this._voteOrchestrator) {
       this._voteOrchestrator = new VoteOrchestrationService(
         this.apiService,
-        () => this.getCrypto(),
+        () => this.getBallotInputGenerator(),
         this.config.signer,
         this.censusProviders,
         {
@@ -3529,6 +4122,7 @@ class DavinciSDK {
   }
 }
 
+exports.BallotInputGenerator = BallotInputGenerator;
 exports.BaseService = BaseService;
 exports.Census = Census;
 exports.CensusNotUpdatable = CensusNotUpdatable;
@@ -3537,6 +4131,7 @@ exports.CensusOrigin = CensusOrigin;
 exports.CircomProof = CircomProof;
 exports.ContractServiceError = ContractServiceError;
 exports.CspCensus = CspCensus;
+exports.DavinciCSP = DavinciCSP;
 exports.DavinciCrypto = DavinciCrypto;
 exports.DavinciSDK = DavinciSDK;
 exports.ElectionMetadataTemplate = ElectionMetadataTemplate;