npm - @vocdoni/davinci-sdk - Versions diffs - 0.1.1 → 0.1.2 - Mend

@vocdoni/davinci-sdk 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.umd.js CHANGED Viewed

@@ -1,8 +1,27 @@
 (function (global, factory) {
-  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('axios'), require('@vocdoni/davinci-contracts'), require('snarkjs'), require('ethers')) :
-  typeof define === 'function' && define.amd ? define(['exports', 'axios', '@vocdoni/davinci-contracts', 'snarkjs', 'ethers'], factory) :
-  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.VocdoniSDK = {}, global.axios, global.davinciContracts, global.snarkjs, global.ethers));
-})(this, (function (exports, axios, davinciContracts, snarkjs, ethers) { 'use strict';
+  typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('axios'), require('@vocdoni/davinci-contracts'), require('ethers'), require('snarkjs'), require('circomlibjs')) :
+  typeof define === 'function' && define.amd ? define(['exports', 'axios', '@vocdoni/davinci-contracts', 'ethers', 'snarkjs', 'circomlibjs'], factory) :
+  (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.VocdoniSDK = {}, global.axios, global.davinciContracts, global.ethers, global.snarkjs, global.circomlibjs));
+})(this, (function (exports, axios, davinciContracts, ethers, snarkjs, circomlibjs) { 'use strict';
+  function _interopNamespaceDefault(e) {
+    var n = Object.create(null);
+    if (e) {
+      Object.keys(e).forEach(function (k) {
+        if (k !== 'default') {
+          var d = Object.getOwnPropertyDescriptor(e, k);
+          Object.defineProperty(n, k, d.get ? d : {
+            enumerable: true,
+            get: function () { return e[k]; }
+          });
+        }
+      });
+    }
+    n.default = e;
+    return Object.freeze(n);
+  }
+  var snarkjs__namespace = /*#__PURE__*/_interopNamespaceDefault(snarkjs);
   var ElectionResultsTypeNames = /* @__PURE__ */ ((ElectionResultsTypeNames2) => {
     ElectionResultsTypeNames2["SINGLE_CHOICE_MULTIQUESTION"] = "single-choice-multiquestion";
@@ -1881,97 +1900,6 @@
     }
   }
-  class CircomProof {
-    constructor(opts = {}) {
-      // simple in-memory cache keyed by URL
-      this.wasmCache = /* @__PURE__ */ new Map();
-      this.zkeyCache = /* @__PURE__ */ new Map();
-      this.vkeyCache = /* @__PURE__ */ new Map();
-      this.wasmUrl = opts.wasmUrl;
-      this.zkeyUrl = opts.zkeyUrl;
-      this.vkeyUrl = opts.vkeyUrl;
-      this.wasmHash = opts.wasmHash;
-      this.zkeyHash = opts.zkeyHash;
-      this.vkeyHash = opts.vkeyHash;
-    }
-    /**
-     * Computes SHA-256 hash of the given data and compares it with the expected hash.
-     * @param data - The data to hash (string or ArrayBuffer or Uint8Array)
-     * @param expectedHash - The expected SHA-256 hash in hexadecimal format
-     * @param filename - The filename for error reporting
-     * @throws Error if the computed hash doesn't match the expected hash
-     */
-    verifyHash(data, expectedHash, filename) {
-      let bytes;
-      if (typeof data === "string") {
-        bytes = new TextEncoder().encode(data);
-      } else if (data instanceof ArrayBuffer) {
-        bytes = new Uint8Array(data);
-      } else {
-        bytes = data;
-      }
-      const computedHash = ethers.sha256(bytes).slice(2);
-      if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
-        throw new Error(
-          `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
-        );
-      }
-    }
-    /**
-     * Generate a zk‐SNARK proof.
-     * If you didn't pass wasmUrl/zkeyUrl in the constructor you must supply them here.
-     */
-    async generate(inputs, urls = {}) {
-      const wasmUrl = urls.wasmUrl ?? this.wasmUrl;
-      const zkeyUrl = urls.zkeyUrl ?? this.zkeyUrl;
-      if (!wasmUrl) throw new Error("`wasmUrl` is required to generate a proof");
-      if (!zkeyUrl) throw new Error("`zkeyUrl` is required to generate a proof");
-      let wasmBin = this.wasmCache.get(wasmUrl);
-      if (!wasmBin) {
-        const r = await fetch(wasmUrl);
-        if (!r.ok) throw new Error(`Failed to fetch wasm at ${wasmUrl}: ${r.status}`);
-        const buf = await r.arrayBuffer();
-        wasmBin = new Uint8Array(buf);
-        if (this.wasmHash) {
-          this.verifyHash(wasmBin, this.wasmHash, "circuit.wasm");
-        }
-        this.wasmCache.set(wasmUrl, wasmBin);
-      }
-      let zkeyBin = this.zkeyCache.get(zkeyUrl);
-      if (!zkeyBin) {
-        const r = await fetch(zkeyUrl);
-        if (!r.ok) throw new Error(`Failed to fetch zkey at ${zkeyUrl}: ${r.status}`);
-        const buf = await r.arrayBuffer();
-        zkeyBin = new Uint8Array(buf);
-        if (this.zkeyHash) {
-          this.verifyHash(zkeyBin, this.zkeyHash, "proving_key.zkey");
-        }
-        this.zkeyCache.set(zkeyUrl, zkeyBin);
-      }
-      const { proof, publicSignals } = await snarkjs.groth16.fullProve(inputs, wasmBin, zkeyBin);
-      return {
-        proof,
-        publicSignals
-      };
-    }
-    async verify(proof, publicSignals, urlOverride) {
-      const vkeyUrl = urlOverride ?? this.vkeyUrl;
-      if (!vkeyUrl) throw new Error("`vkeyUrl` is required to verify a proof");
-      let vk = this.vkeyCache.get(vkeyUrl);
-      if (!vk) {
-        const r = await fetch(vkeyUrl);
-        if (!r.ok) throw new Error(`Failed to fetch vkey at ${vkeyUrl}: ${r.status}`);
-        const vkeyText = await r.text();
-        if (this.vkeyHash) {
-          this.verifyHash(vkeyText, this.vkeyHash, "verification_key.json");
-        }
-        vk = JSON.parse(vkeyText);
-        this.vkeyCache.set(vkeyUrl, vk);
-      }
-      return snarkjs.groth16.verify(vk, publicSignals, proof);
-    }
-  }
   var VoteStatus = /* @__PURE__ */ ((VoteStatus2) => {
     VoteStatus2["Pending"] = "pending";
     VoteStatus2["Verified"] = "verified";
@@ -1983,11 +1911,15 @@
   })(VoteStatus || {});
   class VoteOrchestrationService {
-    constructor(apiService, getCrypto, signer, censusProviders = {}, config = {}) {
+    constructor(apiService, getBallotInputGenerator, signer, censusProviders = {}, config = {}) {
       this.apiService = apiService;
-      this.getCrypto = getCrypto;
+      this.getBallotInputGenerator = getBallotInputGenerator;
       this.signer = signer;
       this.censusProviders = censusProviders;
+      // Cache for circuit files
+      this.wasmCache = /* @__PURE__ */ new Map();
+      this.zkeyCache = /* @__PURE__ */ new Map();
+      this.vkeyCache = /* @__PURE__ */ new Map();
       this.verifyCircuitFiles = config.verifyCircuitFiles ?? true;
       this.verifyProof = config.verifyProof ?? true;
     }
@@ -2037,7 +1969,7 @@
       if (process.census.censusOrigin === CensusOrigin.CSP) {
         voteRequest.censusProof = censusProof;
       }
-      await this.submitVoteRequest(voteRequest);
+      await this.apiService.sequencer.submitVote(voteRequest);
       const status = await this.apiService.sequencer.getVoteStatus(config.processId, voteId);
       return {
         voteId,
@@ -2186,30 +2118,29 @@
       throw new Error(`Unsupported census origin: ${censusOrigin}`);
     }
     /**
-     * Generate vote proof inputs using DavinciCrypto
+     * Generate vote proof inputs using BallotInputGenerator
      */
     async generateVoteProofInputs(processId, voterAddress, encryptionKey, ballotMode, choices, weight, customRandomness) {
-      const crypto = await this.getCrypto();
+      const generator = await this.getBallotInputGenerator();
       this.validateChoices(choices, ballotMode);
-      const fieldValues = choices.map((choice) => choice.toString());
-      const inputs = {
-        address: voterAddress.replace(/^0x/, ""),
-        processID: processId.replace(/^0x/, ""),
-        encryptionKey: [encryptionKey.x, encryptionKey.y],
-        ballotMode,
-        weight,
-        fieldValues
-      };
+      let k;
       if (customRandomness) {
         const hexRandomness = customRandomness.startsWith("0x") ? customRandomness : "0x" + customRandomness;
-        const k = BigInt(hexRandomness).toString();
-        inputs.k = k;
+        k = BigInt(hexRandomness).toString();
       }
-      const cryptoOutput = await crypto.proofInputs(inputs);
+      const result = await generator.generateInputs(
+        processId.replace(/^0x/, ""),
+        voterAddress.replace(/^0x/, ""),
+        encryptionKey,
+        ballotMode,
+        choices,
+        weight,
+        k
+      );
       return {
-        voteId: cryptoOutput.voteId,
-        cryptoOutput,
-        circomInputs: cryptoOutput.circomInputs
+        voteId: result.voteId,
+        cryptoOutput: result,
+        circomInputs: result.circomInputs
       };
     }
     /**
@@ -2226,29 +2157,79 @@
       }
     }
     /**
-     * Generate zk-SNARK proof using CircomProof
+     * Verify hash of downloaded file
+     */
+    verifyHash(data, expectedHash, filename) {
+      const computedHash = ethers.sha256(data).slice(2);
+      if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+        throw new Error(
+          `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+        );
+      }
+    }
+    /**
+     * Generate zk-SNARK proof using snarkjs directly (no CircomProof wrapper)
      */
     async generateZkProof(circomInputs) {
       const info = await this.apiService.sequencer.getInfo();
-      const circomProof = new CircomProof({
-        wasmUrl: info.circuitUrl,
-        zkeyUrl: info.provingKeyUrl,
-        vkeyUrl: info.verificationKeyUrl,
-        // Only pass hashes if verifyCircuitFiles is enabled
-        ...this.verifyCircuitFiles && {
-          wasmHash: info.circuitHash,
-          zkeyHash: info.provingKeyHash,
-          vkeyHash: info.verificationKeyHash
+      let wasmBytes = this.wasmCache.get(info.circuitUrl);
+      if (!wasmBytes) {
+        const response = await fetch(info.circuitUrl);
+        if (!response.ok) {
+          throw new Error(`Failed to fetch WASM at ${info.circuitUrl}: ${response.status}`);
         }
-      });
-      const { proof, publicSignals } = await circomProof.generate(circomInputs);
+        const buffer = await response.arrayBuffer();
+        wasmBytes = new Uint8Array(buffer);
+        if (this.verifyCircuitFiles) {
+          this.verifyHash(wasmBytes, info.circuitHash, "circuit.wasm");
+        }
+        this.wasmCache.set(info.circuitUrl, wasmBytes);
+      }
+      let zkeyBytes = this.zkeyCache.get(info.provingKeyUrl);
+      if (!zkeyBytes) {
+        const response = await fetch(info.provingKeyUrl);
+        if (!response.ok) {
+          throw new Error(`Failed to fetch zkey at ${info.provingKeyUrl}: ${response.status}`);
+        }
+        const buffer = await response.arrayBuffer();
+        zkeyBytes = new Uint8Array(buffer);
+        if (this.verifyCircuitFiles) {
+          this.verifyHash(zkeyBytes, info.provingKeyHash, "proving_key.zkey");
+        }
+        this.zkeyCache.set(info.provingKeyUrl, zkeyBytes);
+      }
+      const { proof, publicSignals } = await snarkjs__namespace.groth16.fullProve(
+        circomInputs,
+        wasmBytes,
+        zkeyBytes
+      );
       if (this.verifyProof) {
-        const isValid = await circomProof.verify(proof, publicSignals);
+        let vkey = this.vkeyCache.get(info.verificationKeyUrl);
+        if (!vkey) {
+          const response = await fetch(info.verificationKeyUrl);
+          if (!response.ok) {
+            throw new Error(`Failed to fetch vkey at ${info.verificationKeyUrl}: ${response.status}`);
+          }
+          const vkeyText = await response.text();
+          if (this.verifyCircuitFiles) {
+            const vkeyBytes = new TextEncoder().encode(vkeyText);
+            this.verifyHash(vkeyBytes, info.verificationKeyHash, "verification_key.json");
+          }
+          vkey = JSON.parse(vkeyText);
+          this.vkeyCache.set(info.verificationKeyUrl, vkey);
+        }
+        const isValid = await snarkjs__namespace.groth16.verify(vkey, publicSignals, proof);
         if (!isValid) {
           throw new Error("Generated proof is invalid");
         }
       }
-      return { proof, publicSignals };
+      const voteProof = {
+        pi_a: proof.pi_a,
+        pi_b: proof.pi_b,
+        pi_c: proof.pi_c,
+        protocol: proof.protocol
+      };
+      return { proof: voteProof, publicSignals };
     }
     hexToBytes(hex) {
       const clean = hex.replace(/^0x/, "");
@@ -2263,22 +2244,6 @@
     async signVote(voteId) {
       return this.signer.signMessage(this.hexToBytes(voteId));
     }
-    /**
-     * Submit the vote request to the sequencer
-     */
-    async submitVoteRequest(voteRequest) {
-      const ballotProof = {
-        pi_a: voteRequest.ballotProof.pi_a,
-        pi_b: voteRequest.ballotProof.pi_b,
-        pi_c: voteRequest.ballotProof.pi_c,
-        protocol: voteRequest.ballotProof.protocol
-      };
-      const request = {
-        ...voteRequest,
-        ballotProof
-      };
-      await this.apiService.sequencer.submitVote(request);
-    }
   }
   class OrganizationRegistryService extends SmartContractService {
@@ -2377,6 +2342,97 @@
     }
   }
+  class CircomProof {
+    constructor(opts = {}) {
+      // simple in-memory cache keyed by URL
+      this.wasmCache = /* @__PURE__ */ new Map();
+      this.zkeyCache = /* @__PURE__ */ new Map();
+      this.vkeyCache = /* @__PURE__ */ new Map();
+      this.wasmUrl = opts.wasmUrl;
+      this.zkeyUrl = opts.zkeyUrl;
+      this.vkeyUrl = opts.vkeyUrl;
+      this.wasmHash = opts.wasmHash;
+      this.zkeyHash = opts.zkeyHash;
+      this.vkeyHash = opts.vkeyHash;
+    }
+    /**
+     * Computes SHA-256 hash of the given data and compares it with the expected hash.
+     * @param data - The data to hash (string or ArrayBuffer or Uint8Array)
+     * @param expectedHash - The expected SHA-256 hash in hexadecimal format
+     * @param filename - The filename for error reporting
+     * @throws Error if the computed hash doesn't match the expected hash
+     */
+    verifyHash(data, expectedHash, filename) {
+      let bytes;
+      if (typeof data === "string") {
+        bytes = new TextEncoder().encode(data);
+      } else if (data instanceof ArrayBuffer) {
+        bytes = new Uint8Array(data);
+      } else {
+        bytes = data;
+      }
+      const computedHash = ethers.sha256(bytes).slice(2);
+      if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+        throw new Error(
+          `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+        );
+      }
+    }
+    /**
+     * Generate a zk‐SNARK proof.
+     * If you didn't pass wasmUrl/zkeyUrl in the constructor you must supply them here.
+     */
+    async generate(inputs, urls = {}) {
+      const wasmUrl = urls.wasmUrl ?? this.wasmUrl;
+      const zkeyUrl = urls.zkeyUrl ?? this.zkeyUrl;
+      if (!wasmUrl) throw new Error("`wasmUrl` is required to generate a proof");
+      if (!zkeyUrl) throw new Error("`zkeyUrl` is required to generate a proof");
+      let wasmBin = this.wasmCache.get(wasmUrl);
+      if (!wasmBin) {
+        const r = await fetch(wasmUrl);
+        if (!r.ok) throw new Error(`Failed to fetch wasm at ${wasmUrl}: ${r.status}`);
+        const buf = await r.arrayBuffer();
+        wasmBin = new Uint8Array(buf);
+        if (this.wasmHash) {
+          this.verifyHash(wasmBin, this.wasmHash, "circuit.wasm");
+        }
+        this.wasmCache.set(wasmUrl, wasmBin);
+      }
+      let zkeyBin = this.zkeyCache.get(zkeyUrl);
+      if (!zkeyBin) {
+        const r = await fetch(zkeyUrl);
+        if (!r.ok) throw new Error(`Failed to fetch zkey at ${zkeyUrl}: ${r.status}`);
+        const buf = await r.arrayBuffer();
+        zkeyBin = new Uint8Array(buf);
+        if (this.zkeyHash) {
+          this.verifyHash(zkeyBin, this.zkeyHash, "proving_key.zkey");
+        }
+        this.zkeyCache.set(zkeyUrl, zkeyBin);
+      }
+      const { proof, publicSignals } = await snarkjs.groth16.fullProve(inputs, wasmBin, zkeyBin);
+      return {
+        proof,
+        publicSignals
+      };
+    }
+    async verify(proof, publicSignals, urlOverride) {
+      const vkeyUrl = urlOverride ?? this.vkeyUrl;
+      if (!vkeyUrl) throw new Error("`vkeyUrl` is required to verify a proof");
+      let vk = this.vkeyCache.get(vkeyUrl);
+      if (!vk) {
+        const r = await fetch(vkeyUrl);
+        if (!r.ok) throw new Error(`Failed to fetch vkey at ${vkeyUrl}: ${r.status}`);
+        const vkeyText = await r.text();
+        if (this.vkeyHash) {
+          this.verifyHash(vkeyText, this.vkeyHash, "verification_key.json");
+        }
+        vk = JSON.parse(vkeyText);
+        this.vkeyCache.set(vkeyUrl, vk);
+      }
+      return snarkjs.groth16.verify(vk, publicSignals, proof);
+    }
+  }
   class DavinciCrypto {
     constructor(opts) {
       this.initialized = false;
@@ -2560,6 +2616,518 @@
     }
   }
+  class DavinciCSP {
+    constructor(opts) {
+      this.initialized = false;
+      const { wasmExecUrl, wasmUrl, initTimeoutMs, wasmExecHash, wasmHash } = opts;
+      if (!wasmExecUrl) throw new Error("`wasmExecUrl` is required");
+      if (!wasmUrl) throw new Error("`wasmUrl` is required");
+      this.wasmExecUrl = wasmExecUrl;
+      this.wasmUrl = wasmUrl;
+      this.initTimeoutMs = initTimeoutMs ?? 5e3;
+      this.wasmExecHash = wasmExecHash;
+      this.wasmHash = wasmHash;
+    }
+    static {
+      // Cache for wasm files
+      this.wasmExecCache = /* @__PURE__ */ new Map();
+    }
+    static {
+      this.wasmBinaryCache = /* @__PURE__ */ new Map();
+    }
+    /**
+     * Computes SHA-256 hash of the given data and compares it with the expected hash.
+     * @param data - The data to hash (string or ArrayBuffer)
+     * @param expectedHash - The expected SHA-256 hash in hexadecimal format
+     * @param filename - The filename for error reporting
+     * @throws Error if the computed hash doesn't match the expected hash
+     */
+    verifyHash(data, expectedHash, filename) {
+      let bytes;
+      if (typeof data === "string") {
+        bytes = new TextEncoder().encode(data);
+      } else {
+        bytes = new Uint8Array(data);
+      }
+      const computedHash = ethers.sha256(bytes).slice(2);
+      if (computedHash.toLowerCase() !== expectedHash.toLowerCase()) {
+        throw new Error(
+          `Hash verification failed for ${filename}. Expected: ${expectedHash.toLowerCase()}, Computed: ${computedHash.toLowerCase()}`
+        );
+      }
+    }
+    /**
+     * Must be awaited before calling CSP functions.
+     * Safe to call multiple times.
+     */
+    async init() {
+      if (this.initialized) return;
+      let shimCode = DavinciCSP.wasmExecCache.get(this.wasmExecUrl);
+      if (!shimCode) {
+        const shim = await fetch(this.wasmExecUrl);
+        if (!shim.ok) {
+          throw new Error(`Failed to fetch wasm_exec.js from ${this.wasmExecUrl}`);
+        }
+        shimCode = await shim.text();
+        if (this.wasmExecHash) {
+          this.verifyHash(shimCode, this.wasmExecHash, "wasm_exec.js");
+        }
+        DavinciCSP.wasmExecCache.set(this.wasmExecUrl, shimCode);
+      }
+      new Function(shimCode)();
+      if (typeof globalThis.Go !== "function") {
+        throw new Error("Global `Go` constructor not found after loading wasm_exec.js");
+      }
+      this.go = new globalThis.Go();
+      let bytes = DavinciCSP.wasmBinaryCache.get(this.wasmUrl);
+      if (!bytes) {
+        const resp = await fetch(this.wasmUrl);
+        if (!resp.ok) {
+          throw new Error(`Failed to fetch davinci_crypto.wasm from ${this.wasmUrl}`);
+        }
+        bytes = await resp.arrayBuffer();
+        if (this.wasmHash) {
+          this.verifyHash(bytes, this.wasmHash, "davinci_crypto.wasm");
+        }
+        DavinciCSP.wasmBinaryCache.set(this.wasmUrl, bytes);
+      }
+      const { instance } = await WebAssembly.instantiate(bytes, this.go.importObject);
+      this.go.run(instance).catch(() => {
+      });
+      const deadline = Date.now() + this.initTimeoutMs;
+      while (Date.now() < deadline && !globalThis.DavinciCrypto) {
+        await new Promise((r) => setTimeout(r, 50));
+      }
+      if (!globalThis.DavinciCrypto) {
+        throw new Error("`DavinciCrypto` not initialized within timeout");
+      }
+      this.initialized = true;
+    }
+    /**
+     * Generate a CSP (Credential Service Provider) signature for census proof.
+     * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+     * @param privKey - The private key in hex format
+     * @param processId - The process ID in hex format
+     * @param address - The address in hex format
+     * @param weight - The vote weight as a decimal string
+     * @returns The CSP proof as a parsed JSON object
+     * @throws if called before `await init()`, or if Go returns an error
+     */
+    async cspSign(censusOrigin, privKey, processId, address, weight) {
+      if (!this.initialized) {
+        throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+      }
+      const raw = globalThis.DavinciCrypto.cspSign(censusOrigin, privKey, processId, address, weight);
+      if (raw.error) {
+        throw new Error(`Go/WASM cspSign error: ${raw.error}`);
+      }
+      if (!raw.data) {
+        throw new Error("Go/WASM cspSign returned no data");
+      }
+      return raw.data;
+    }
+    /**
+     * Verify a CSP (Credential Service Provider) proof.
+     * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+     * @param root - The census root
+     * @param address - The address
+     * @param weight - The vote weight as a decimal string
+     * @param processId - The process ID
+     * @param publicKey - The public key
+     * @param signature - The signature
+     * @returns The verification result
+     * @throws if called before `await init()`, or if Go returns an error
+     */
+    async cspVerify(censusOrigin, root, address, weight, processId, publicKey, signature) {
+      if (!this.initialized) {
+        throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+      }
+      const cspProof = {
+        censusOrigin,
+        root,
+        address,
+        weight,
+        processId,
+        publicKey,
+        signature
+      };
+      const raw = globalThis.DavinciCrypto.cspVerify(JSON.stringify(cspProof));
+      if (raw.error) {
+        throw new Error(`Go/WASM cspVerify error: ${raw.error}`);
+      }
+      if (!raw.data) {
+        throw new Error("Go/WASM cspVerify returned no data");
+      }
+      return raw.data;
+    }
+    /**
+     * Generate a CSP (Credential Service Provider) census root.
+     * @param censusOrigin - The census origin type (e.g., CensusOrigin.CSP)
+     * @param privKey - The private key in hex format
+     * @returns The census root as a hexadecimal string
+     * @throws if called before `await init()`, or if Go returns an error
+     */
+    async cspCensusRoot(censusOrigin, privKey) {
+      if (!this.initialized) {
+        throw new Error("DavinciCSP not initialized \u2014 call `await init()` first");
+      }
+      const raw = globalThis.DavinciCrypto.cspCensusRoot(censusOrigin, privKey);
+      if (raw.error) {
+        throw new Error(`Go/WASM cspCensusRoot error: ${raw.error}`);
+      }
+      if (!raw.data) {
+        throw new Error("Go/WASM cspCensusRoot returned no data");
+      }
+      return raw.data.root;
+    }
+  }
+  function getRandomBytes(n) {
+    if (typeof globalThis.crypto !== "undefined" && globalThis.crypto.getRandomValues) {
+      return globalThis.crypto.getRandomValues(new Uint8Array(n));
+    }
+    throw new Error("Crypto not available");
+  }
+  async function buildElGamal() {
+    const babyjub = await circomlibjs.buildBabyjub();
+    const F = babyjub.F;
+    function randomScalar() {
+      const bytes = getRandomBytes(32);
+      let bi = 0n;
+      for (let i = 0; i < bytes.length; i++) {
+        bi += BigInt(bytes[i]) << BigInt(8 * i);
+      }
+      return bi % babyjub.order;
+    }
+    function generateKeyPair() {
+      const privKey = randomScalar();
+      const pubKey = babyjub.mulPointEscalar(babyjub.Base8, privKey);
+      return { privKey, pubKey };
+    }
+    function encrypt(msg, pubKey, k) {
+      const kVal = BigInt(k);
+      const mVal = BigInt(msg);
+      const c1 = babyjub.mulPointEscalar(babyjub.Base8, kVal);
+      const s = babyjub.mulPointEscalar(pubKey, kVal);
+      const mPoint = babyjub.mulPointEscalar(babyjub.Base8, mVal);
+      const c2 = babyjub.addPoint(mPoint, s);
+      return { c1, c2 };
+    }
+    return {
+      babyjub,
+      F,
+      encrypt,
+      generateKeyPair,
+      randomScalar,
+      packPoint: babyjub.packPoint,
+      unpackPoint: babyjub.unpackPoint
+    };
+  }
+  const FIELD_MODULUS = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+  const SCALING_FACTOR = 6360561867910373094066688120553762416144456282423235903351243436111059670888n;
+  function modInverse(a, m) {
+    let [old_r, r] = [a, m];
+    let [old_s, s] = [1n, 0n];
+    while (r !== 0n) {
+      const quotient = old_r / r;
+      [old_r, r] = [r, old_r - quotient * r];
+      [old_s, s] = [s, old_s - quotient * s];
+    }
+    return (old_s % m + m) % m;
+  }
+  function mod(n, m) {
+    return (n % m + m) % m;
+  }
+  function fromRTEtoTE(x, y) {
+    const negF = mod(-SCALING_FACTOR, FIELD_MODULUS);
+    const negFInv = modInverse(negF, FIELD_MODULUS);
+    const xTE = mod(x * negFInv, FIELD_MODULUS);
+    return [xTE, y];
+  }
+  function hexToDecimal(hex) {
+    const cleanHex = hex.startsWith("0x") || hex.startsWith("0X") ? hex : "0x" + hex;
+    return BigInt(cleanHex).toString();
+  }
+  function parseBallotMode(ballotMode) {
+    return {
+      numFields: ballotMode.numFields,
+      uniqueValues: ballotMode.uniqueValues ? 1 : 0,
+      maxValue: parseInt(ballotMode.maxValue),
+      minValue: parseInt(ballotMode.minValue),
+      maxValueSum: parseInt(ballotMode.maxValueSum),
+      minValueSum: parseInt(ballotMode.minValueSum),
+      costExponent: ballotMode.costExponent,
+      costFromWeight: ballotMode.costFromWeight ? 1 : 0
+    };
+  }
+  class BallotBuilder {
+    constructor(elgamal, poseidon) {
+      this.elgamal = elgamal;
+      this.poseidon = poseidon;
+      this.F = poseidon.F;
+    }
+    static async build() {
+      const elgamal = await buildElGamal();
+      const poseidon = await circomlibjs.buildPoseidon();
+      return new BallotBuilder(elgamal, poseidon);
+    }
+    randomK() {
+      return this.elgamal.randomScalar().toString();
+    }
+    derivePoseidonChain(seedK, n) {
+      let current = BigInt(seedK);
+      const out = [current.toString()];
+      for (let i = 0; i < n; i++) {
+        const h = this.poseidon([current]);
+        const hBig = BigInt(this.F.toString(h, 10));
+        out.push(hBig.toString());
+        current = hBig;
+      }
+      return out;
+    }
+    // Matches circuits/lib/multiposeidon.circom logic
+    multiHash(inputs) {
+      const nInputs = inputs.length;
+      if (nInputs <= 16) {
+        return this.F.toObject(this.poseidon(inputs));
+      }
+      const chunks = [];
+      for (let i = 0; i < nInputs; i += 16) {
+        chunks.push(inputs.slice(i, i + 16));
+      }
+      const intermediateHashes = [];
+      for (const chunk of chunks) {
+        intermediateHashes.push(this.F.toObject(this.poseidon(chunk)));
+      }
+      return this.F.toObject(this.poseidon(intermediateHashes));
+    }
+    encryptFields(fields, pubKey, seedK, nFields) {
+      const paddedFields = [...fields];
+      while (paddedFields.length < nFields) {
+        paddedFields.push(0);
+      }
+      const ks = this.derivePoseidonChain(seedK, nFields);
+      const cipherfields = [];
+      for (let i = 0; i < nFields; i++) {
+        const k = ks[i + 1];
+        const msg = BigInt(paddedFields[i]);
+        const enc = this.elgamal.encrypt(msg, pubKey, k);
+        cipherfields.push([
+          [this.elgamal.F.toString(enc.c1[0], 10), this.elgamal.F.toString(enc.c1[1], 10)],
+          [this.elgamal.F.toString(enc.c2[0], 10), this.elgamal.F.toString(enc.c2[1], 10)]
+        ]);
+      }
+      return { cipherfields, paddedFields };
+    }
+    computeVoteID(processId, address, k) {
+      const h = this.poseidon([BigInt(processId), BigInt(address), BigInt(k)]);
+      const hBig = BigInt(this.F.toString(h, 10));
+      const mask = (1n << 160n) - 1n;
+      return (hBig & mask).toString();
+    }
+    computeInputsHash(inputs) {
+      return this.multiHash(inputs).toString();
+    }
+    /**
+     * Creates a public key point from TE coordinates (as strings or bigints).
+     * Use this when you already have coordinates in TE format.
+     */
+    createPubKeyFromTE(x, y) {
+      return [this.elgamal.F.e(BigInt(x)), this.elgamal.F.e(BigInt(y))];
+    }
+    /**
+     * Creates a public key point from RTE coordinates (as strings or bigints).
+     * Use this when you have coordinates from a Gnark-based system (like the DAVINCI sequencer).
+     * This automatically converts from RTE to TE format.
+     */
+    createPubKeyFromRTE(x, y) {
+      const [xTE, yTE] = fromRTEtoTE(BigInt(x), BigInt(y));
+      return [this.elgamal.F.e(xTE), this.elgamal.F.e(yTE)];
+    }
+    /**
+     * Generates ballot inputs for the circuit.
+     *
+     * IMPORTANT: The pubKey must be in TE (Twisted Edwards) format as used by circomlibjs.
+     * If you have RTE coordinates from a Gnark-based system (like DAVINCI sequencer),
+     * use `createPubKeyFromRTE()` or `generateInputsFromSequencer()` instead.
+     *
+     * @param fields - The vote field values
+     * @param weight - The voter's weight
+     * @param pubKey - Public key as field elements [x, y] in TE format (use createPubKeyFromTE/RTE)
+     * @param processId - Process ID as decimal string
+     * @param address - Voter address as decimal string
+     * @param k - Random k value for encryption
+     * @param config - Ballot configuration
+     * @param circuitCapacity - Number of fields the circuit supports (default: 8)
+     */
+    generateInputs(fields, weight, pubKey, processId, address, k, config, circuitCapacity = 8) {
+      const activeFields = fields.length;
+      const { cipherfields, paddedFields } = this.encryptFields(fields, pubKey, k, circuitCapacity);
+      const voteId = this.computeVoteID(processId, address, k);
+      const inputsList = [];
+      const ffProcessID = mod(BigInt(processId), FIELD_MODULUS);
+      inputsList.push(ffProcessID);
+      inputsList.push(BigInt(activeFields));
+      inputsList.push(BigInt(config.uniqueValues));
+      inputsList.push(BigInt(config.maxValue));
+      inputsList.push(BigInt(config.minValue));
+      inputsList.push(BigInt(config.maxValueSum));
+      inputsList.push(BigInt(config.minValueSum));
+      inputsList.push(BigInt(config.costExponent));
+      inputsList.push(BigInt(config.costFromWeight));
+      inputsList.push(BigInt(this.elgamal.F.toString(pubKey[0], 10)));
+      inputsList.push(BigInt(this.elgamal.F.toString(pubKey[1], 10)));
+      inputsList.push(BigInt(address));
+      inputsList.push(BigInt(voteId));
+      for (const cf of cipherfields) {
+        inputsList.push(BigInt(cf[0][0]));
+        inputsList.push(BigInt(cf[0][1]));
+        inputsList.push(BigInt(cf[1][0]));
+        inputsList.push(BigInt(cf[1][1]));
+      }
+      inputsList.push(BigInt(weight));
+      const inputsHash = this.computeInputsHash(inputsList);
+      return {
+        fields: paddedFields,
+        weight,
+        encryption_pubkey: [
+          this.elgamal.F.toString(pubKey[0], 10),
+          this.elgamal.F.toString(pubKey[1], 10)
+        ],
+        cipherfields,
+        process_id: processId,
+        address,
+        k,
+        vote_id: voteId,
+        inputs_hash: inputsHash,
+        // Config
+        num_fields: activeFields,
+        unique_values: config.uniqueValues,
+        max_value: config.maxValue,
+        min_value: config.minValue,
+        max_value_sum: config.maxValueSum,
+        min_value_sum: config.minValueSum,
+        cost_exponent: config.costExponent,
+        cost_from_weight: config.costFromWeight
+      };
+    }
+    /**
+     * Generates ballot inputs from sequencer data.
+     * This is a convenience method that handles the RTE to TE conversion
+     * for the public key automatically.
+     *
+     * @param sequencerData - Data from the DAVINCI sequencer
+     * @param fields - The vote field values
+     * @param weight - The voter's weight
+     * @param k - Optional random k value (generated if not provided)
+     * @param circuitCapacity - The number of fields the circuit supports (default: 8)
+     */
+    generateInputsFromSequencer(sequencerData, fields, weight, k, circuitCapacity = 8) {
+      const processId = hexToDecimal(sequencerData.processId);
+      const address = hexToDecimal(sequencerData.address);
+      const [pubKeyX_TE, pubKeyY_TE] = fromRTEtoTE(
+        BigInt(sequencerData.pubKeyX),
+        BigInt(sequencerData.pubKeyY)
+      );
+      const pubKey = [this.elgamal.F.e(pubKeyX_TE), this.elgamal.F.e(pubKeyY_TE)];
+      const config = parseBallotMode(sequencerData.ballotMode);
+      const kValue = k ?? this.randomK();
+      return this.generateInputs(fields, weight, pubKey, processId, address, kValue, config, circuitCapacity);
+    }
+  }
+  class BallotInputGenerator {
+    constructor() {
+      this.initialized = false;
+    }
+    /**
+     * Initialize the ballot input generator
+     * Must be called before generating inputs
+     */
+    async init() {
+      if (this.initialized) return;
+      this.builder = await BallotBuilder.build();
+      this.initialized = true;
+    }
+    /**
+     * Generate ballot inputs for voting
+     * @param processId - Process ID (hex string without 0x)
+     * @param address - Voter address (hex string without 0x)
+     * @param encryptionKey - Encryption public key [x, y]
+     * @param ballotMode - Ballot mode configuration
+     * @param choices - Array of voter choices
+     * @param weight - Voter weight
+     * @param customK - Optional custom randomness (will be generated if not provided)
+     * @returns Ballot inputs ready for proof generation
+     */
+    async generateInputs(processId, address, encryptionKey, ballotMode, choices, weight, customK) {
+      if (!this.initialized || !this.builder) {
+        throw new Error("BallotInputGenerator not initialized \u2014 call `await init()` first");
+      }
+      const ballotInputs = this.builder.generateInputsFromSequencer(
+        {
+          processId,
+          address: "0x" + address,
+          pubKeyX: encryptionKey.x,
+          pubKeyY: encryptionKey.y,
+          ballotMode: {
+            numFields: ballotMode.numFields,
+            uniqueValues: ballotMode.uniqueValues,
+            maxValue: ballotMode.maxValue,
+            minValue: ballotMode.minValue,
+            maxValueSum: ballotMode.maxValueSum,
+            minValueSum: ballotMode.minValueSum,
+            costExponent: ballotMode.costExponent,
+            costFromWeight: ballotMode.costFromWeight
+          }
+        },
+        choices,
+        parseInt(weight),
+        customK,
+        8
+      );
+      const circomInputs = {
+        fields: ballotInputs.fields.map((f) => f.toString()),
+        num_fields: ballotInputs.num_fields.toString(),
+        unique_values: ballotInputs.unique_values.toString(),
+        max_value: ballotInputs.max_value.toString(),
+        min_value: ballotInputs.min_value.toString(),
+        max_value_sum: ballotInputs.max_value_sum.toString(),
+        min_value_sum: ballotInputs.min_value_sum.toString(),
+        cost_exponent: ballotInputs.cost_exponent.toString(),
+        cost_from_weight: ballotInputs.cost_from_weight.toString(),
+        address: ballotInputs.address,
+        weight: ballotInputs.weight.toString(),
+        process_id: ballotInputs.process_id,
+        vote_id: ballotInputs.vote_id,
+        encryption_pubkey: [
+          ballotInputs.encryption_pubkey[0],
+          ballotInputs.encryption_pubkey[1]
+        ],
+        k: ballotInputs.k,
+        cipherfields: ballotInputs.cipherfields.flat(2),
+        inputs_hash: ballotInputs.inputs_hash
+      };
+      const ciphertexts = ballotInputs.cipherfields.map((cf) => ({
+        c1: [cf[0][0], cf[0][1]],
+        c2: [cf[1][0], cf[1][1]]
+      }));
+      const output = {
+        processId: "0x" + BigInt(ballotInputs.process_id).toString(16).padStart(64, "0"),
+        address: "0x" + BigInt(ballotInputs.address).toString(16).padStart(40, "0"),
+        ballot: {
+          curveType: "bjj_iden3",
+          ciphertexts
+        },
+        ballotInputsHash: ballotInputs.inputs_hash,
+        voteId: "0x" + BigInt(ballotInputs.vote_id).toString(16).padStart(64, "0"),
+        circomInputs
+      };
+      return output;
+    }
+  }
   class DavinciSDK {
     constructor(config) {
       this.initialized = false;
@@ -2649,6 +3217,30 @@
       }
       return this.davinciCrypto;
     }
+    /**
+     * Get or initialize the DavinciCSP service for CSP cryptographic operations
+     */
+    async getCSP() {
+      if (!this.davinciCSP) {
+        const info = await this.apiService.sequencer.getInfo();
+        this.davinciCSP = new DavinciCSP({
+          wasmExecUrl: info.ballotProofWasmHelperExecJsUrl,
+          wasmUrl: info.ballotProofWasmHelperUrl
+        });
+        await this.davinciCSP.init();
+      }
+      return this.davinciCSP;
+    }
+    /**
+     * Get or initialize the BallotInputGenerator service for ballot input generation
+     */
+    async getBallotInputGenerator() {
+      if (!this.ballotInputGenerator) {
+        this.ballotInputGenerator = new BallotInputGenerator();
+        await this.ballotInputGenerator.init();
+      }
+      return this.ballotInputGenerator;
+    }
     /**
      * Get the process orchestration service for simplified process creation.
      * Requires a signer with a provider for blockchain interactions.
@@ -2675,7 +3267,7 @@
       if (!this._voteOrchestrator) {
         this._voteOrchestrator = new VoteOrchestrationService(
           this.apiService,
-          () => this.getCrypto(),
+          () => this.getBallotInputGenerator(),
           this.config.signer,
           this.censusProviders,
           {
@@ -3528,6 +4120,7 @@
     }
   }
+  exports.BallotInputGenerator = BallotInputGenerator;
   exports.BaseService = BaseService;
   exports.Census = Census;
   exports.CensusNotUpdatable = CensusNotUpdatable;
@@ -3536,6 +4129,7 @@
   exports.CircomProof = CircomProof;
   exports.ContractServiceError = ContractServiceError;
   exports.CspCensus = CspCensus;
+  exports.DavinciCSP = DavinciCSP;
   exports.DavinciCrypto = DavinciCrypto;
   exports.DavinciSDK = DavinciSDK;
   exports.ElectionMetadataTemplate = ElectionMetadataTemplate;