@waku/rln 0.1.3-f6d5deb → 0.1.4-0e49a1e.0

package/bundle/packages/rln/dist/utils/epoch.js

@@ -0,0 +1,39 @@
+import '../../../interfaces/dist/protocols.js';
+import '../../../interfaces/dist/connection_manager.js';
+import '../../../interfaces/dist/health_indicator.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base10.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base16.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base2.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base256emoji.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base32.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base36.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base58.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base64.js';
+import '../../../../node_modules/multiformats/dist/src/bases/base8.js';
+import '../../../../node_modules/multiformats/dist/src/bases/identity.js';
+import '../../../../node_modules/multiformats/dist/src/codecs/json.js';
+import { Logger } from '../../../utils/dist/logger/index.js';
+
+const DefaultEpochUnitSeconds = 10; // the rln-relay epoch length in seconds
+const log = new Logger("waku:rln:epoch");
+function dateToEpoch(timestamp, epochUnitSeconds = DefaultEpochUnitSeconds) {
+    const time = timestamp.getTime();
+    const epoch = Math.floor(time / 1000 / epochUnitSeconds);
+    log.info("generated epoch", epoch);
+    return epoch;
+}
+function epochIntToBytes(epoch) {
+    const bytes = new Uint8Array(32);
+    const db = new DataView(bytes.buffer);
+    db.setUint32(0, epoch, true);
+    log.info("encoded epoch", epoch, bytes);
+    return bytes;
+}
+function epochBytesToInt(bytes) {
+    const dv = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+    const epoch = dv.getUint32(0, true);
+    log.info("decoded epoch", epoch, bytes);
+    return epoch;
+}
+
+export { dateToEpoch, epochBytesToInt, epochIntToBytes };

package/bundle/packages/rln/dist/utils/hash.js

@@ -0,0 +1,10 @@
+import { poseidonHash as poseidonHash$1 } from '../../../../node_modules/@waku/zerokit-rln-wasm/rln_wasm.js';
+import { writeUIntLE, concatenate } from './bytes.js';
+
+function poseidonHash(...input) {
+    const inputLen = writeUIntLE(new Uint8Array(8), input.length, 0, 8);
+    const lenPrefixedData = concatenate(inputLen, ...input);
+    return poseidonHash$1(lenPrefixedData);
+}
+
+export { poseidonHash };

package/bundle/packages/rln/dist/utils/metamask.js

@@ -0,0 +1,14 @@
+import { Web3Provider } from '../../../../node_modules/@ethersproject/providers/lib.esm/web3-provider.js';
+
+const extractMetaMaskSigner = async () => {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const ethereum = window.ethereum;
+    if (!ethereum) {
+        throw Error("Missing or invalid Ethereum provider. Please install a Web3 wallet such as MetaMask.");
+    }
+    await ethereum.request({ method: "eth_requestAccounts" });
+    const provider = new Web3Provider(ethereum, "any");
+    return provider.getSigner();
+};
+
+export { extractMetaMaskSigner };

package/bundle/packages/rln/dist/zerokit.js

@@ -0,0 +1,128 @@
+import { generateExtendedMembershipKey, generateSeededExtendedMembershipKey, insertMember, setLeavesFrom, deleteLeaf, getRoot, getSerializedRLNWitness, RLNWitnessToJson, generate_rln_proof_with_witness, verifyRLNProof, verifyWithRoots } from '../../../node_modules/@waku/zerokit-rln-wasm/rln_wasm.js';
+import { DEFAULT_RATE_LIMIT, RATE_LIMIT_PARAMS } from './contract/constants.js';
+import { IdentityCredential } from './identity.js';
+import { Proof, proofToBytes } from './proof.js';
+import { writeUIntLE, concatenate } from './utils/bytes.js';
+import { epochIntToBytes, dateToEpoch } from './utils/epoch.js';
+
+class Zerokit {
+    zkRLN;
+    witnessCalculator;
+    rateLimit;
+    constructor(zkRLN, witnessCalculator, rateLimit = DEFAULT_RATE_LIMIT) {
+        this.zkRLN = zkRLN;
+        this.witnessCalculator = witnessCalculator;
+        this.rateLimit = rateLimit;
+    }
+    get getZkRLN() {
+        return this.zkRLN;
+    }
+    get getWitnessCalculator() {
+        return this.witnessCalculator;
+    }
+    get getRateLimit() {
+        return this.rateLimit;
+    }
+    generateIdentityCredentials() {
+        const memKeys = generateExtendedMembershipKey(this.zkRLN); // TODO: rename this function in zerokit rln-wasm
+        return IdentityCredential.fromBytes(memKeys);
+    }
+    generateSeededIdentityCredential(seed) {
+        const stringEncoder = new TextEncoder();
+        const seedBytes = stringEncoder.encode(seed);
+        // TODO: rename this function in zerokit rln-wasm
+        const memKeys = generateSeededExtendedMembershipKey(this.zkRLN, seedBytes);
+        return IdentityCredential.fromBytes(memKeys);
+    }
+    insertMember(idCommitment) {
+        insertMember(this.zkRLN, idCommitment);
+    }
+    insertMembers(index, ...idCommitments) {
+        // serializes a seq of IDCommitments to a byte seq
+        // the order of serialization is |id_commitment_len<8>|id_commitment<var>|
+        const idCommitmentLen = writeUIntLE(new Uint8Array(8), idCommitments.length, 0, 8);
+        const idCommitmentBytes = concatenate(idCommitmentLen, ...idCommitments);
+        setLeavesFrom(this.zkRLN, index, idCommitmentBytes);
+    }
+    deleteMember(index) {
+        deleteLeaf(this.zkRLN, index);
+    }
+    getMerkleRoot() {
+        return getRoot(this.zkRLN);
+    }
+    serializeMessage(uint8Msg, memIndex, epoch, idKey, rateLimit) {
+        // calculate message length
+        const msgLen = writeUIntLE(new Uint8Array(8), uint8Msg.length, 0, 8);
+        const memIndexBytes = writeUIntLE(new Uint8Array(8), memIndex, 0, 8);
+        const rateLimitBytes = writeUIntLE(new Uint8Array(8), rateLimit ?? this.rateLimit, 0, 8);
+        // [ id_key<32> | id_index<8> | epoch<32> | signal_len<8> | signal<var> | rate_limit<8> ]
+        return concatenate(idKey, memIndexBytes, epoch, msgLen, uint8Msg, rateLimitBytes);
+    }
+    async generateRLNProof(msg, index, epoch, idSecretHash, rateLimit) {
+        if (epoch === undefined) {
+            epoch = epochIntToBytes(dateToEpoch(new Date()));
+        }
+        else if (epoch instanceof Date) {
+            epoch = epochIntToBytes(dateToEpoch(epoch));
+        }
+        const effectiveRateLimit = rateLimit ?? this.rateLimit;
+        if (epoch.length !== 32)
+            throw new Error("invalid epoch");
+        if (idSecretHash.length !== 32)
+            throw new Error("invalid id secret hash");
+        if (index < 0)
+            throw new Error("index must be >= 0");
+        if (effectiveRateLimit < RATE_LIMIT_PARAMS.MIN_RATE ||
+            effectiveRateLimit > RATE_LIMIT_PARAMS.MAX_RATE) {
+            throw new Error(`Rate limit must be between ${RATE_LIMIT_PARAMS.MIN_RATE} and ${RATE_LIMIT_PARAMS.MAX_RATE}`);
+        }
+        const serialized_msg = this.serializeMessage(msg, index, epoch, idSecretHash, effectiveRateLimit);
+        const rlnWitness = getSerializedRLNWitness(this.zkRLN, serialized_msg);
+        const inputs = RLNWitnessToJson(this.zkRLN, rlnWitness);
+        const calculatedWitness = await this.witnessCalculator.calculateWitness(inputs, false);
+        const proofBytes = generate_rln_proof_with_witness(this.zkRLN, calculatedWitness, rlnWitness);
+        return new Proof(proofBytes);
+    }
+    verifyRLNProof(proof, msg, rateLimit) {
+        let pBytes;
+        if (proof instanceof Uint8Array) {
+            pBytes = proof;
+        }
+        else {
+            pBytes = proofToBytes(proof);
+        }
+        // calculate message length
+        const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+        const rateLimitBytes = writeUIntLE(new Uint8Array(8), rateLimit ?? this.rateLimit, 0, 8);
+        return verifyRLNProof(this.zkRLN, concatenate(pBytes, msgLen, msg, rateLimitBytes));
+    }
+    verifyWithRoots(proof, msg, roots, rateLimit) {
+        let pBytes;
+        if (proof instanceof Uint8Array) {
+            pBytes = proof;
+        }
+        else {
+            pBytes = proofToBytes(proof);
+        }
+        // calculate message length
+        const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+        const rateLimitBytes = writeUIntLE(new Uint8Array(8), rateLimit ?? this.rateLimit, 0, 8);
+        const rootsBytes = concatenate(...roots);
+        return verifyWithRoots(this.zkRLN, concatenate(pBytes, msgLen, msg, rateLimitBytes), rootsBytes);
+    }
+    verifyWithNoRoot(proof, msg, rateLimit) {
+        let pBytes;
+        if (proof instanceof Uint8Array) {
+            pBytes = proof;
+        }
+        else {
+            pBytes = proofToBytes(proof);
+        }
+        // calculate message length
+        const msgLen = writeUIntLE(new Uint8Array(8), msg.length, 0, 8);
+        const rateLimitBytes = writeUIntLE(new Uint8Array(8), rateLimit ?? this.rateLimit, 0, 8);
+        return verifyWithRoots(this.zkRLN, concatenate(pBytes, msgLen, msg, rateLimitBytes), new Uint8Array());
+    }
+}
+
+export { Zerokit };

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/checksum.js

@@ -0,0 +1,52 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as checksum$1 } from '../../../../../../_virtual/checksum.js';
+import '../node_modules/ethereum-cryptography/sha256.js';
+import { u as utilsExports } from '../node_modules/ethereum-cryptography/utils.js';
+import { __exports as sha256 } from '../../../../../../_virtual/sha256.js';
+
+var __awaiter = (commonjsGlobal && commonjsGlobal.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(checksum$1, "__esModule", { value: true });
+checksum$1.verifyChecksum = checksum$1.checksum = checksum$1.defaultSha256Module = undefined;
+const sha256_1 = sha256;
+const utils_1 = utilsExports;
+// default checksum configuration
+function defaultSha256Module() {
+    return {
+        function: "sha256",
+    };
+}
+checksum$1.defaultSha256Module = defaultSha256Module;
+// checksum operations
+function checksumData(key, ciphertext) {
+    return utils_1.concatBytes(key.slice(16), ciphertext);
+}
+function checksum(mod, key, ciphertext) {
+    if (mod.function === "sha256") {
+        return Promise.resolve(sha256_1.sha256(checksumData(key, ciphertext)));
+    }
+    else {
+        throw new Error("Invalid checksum type");
+    }
+}
+checksum$1.checksum = checksum;
+function verifyChecksum(mod, key, ciphertext) {
+    return __awaiter(this, undefined, undefined, function* () {
+        if (mod.function === "sha256") {
+            return utils_1.equalsBytes(utils_1.hexToBytes(mod.message), sha256_1.sha256(checksumData(key, ciphertext)));
+        }
+        else {
+            throw new Error("Invalid checksum type");
+        }
+    });
+}
+checksum$1.verifyChecksum = verifyChecksum;
+
+export { checksum$1 as default };

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/cipher.js

@@ -0,0 +1,65 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as cipher } from '../../../../../../_virtual/cipher.js';
+import '../node_modules/ethereum-cryptography/random.js';
+import '../node_modules/ethereum-cryptography/aes.js';
+import { u as utilsExports } from '../node_modules/ethereum-cryptography/utils.js';
+import { __exports as random } from '../../../../../../_virtual/random.js';
+import { __exports as aes } from '../../../../../../_virtual/aes.js';
+
+var __awaiter = (commonjsGlobal && commonjsGlobal.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(cipher, "__esModule", { value: true });
+var cipherDecrypt_1 = cipher.cipherDecrypt = cipher.cipherEncrypt = cipher.defaultAes128CtrModule = undefined;
+const random_1 = random;
+const aes_1 = aes;
+const utils_1 = utilsExports;
+function defaultAes128CtrModule() {
+    return {
+        function: "aes-128-ctr",
+        params: {
+            iv: utils_1.bytesToHex(random_1.getRandomBytesSync(16)),
+        },
+    };
+}
+cipher.defaultAes128CtrModule = defaultAes128CtrModule;
+function cipherEncrypt(mod, key, data) {
+    return __awaiter(this, undefined, undefined, function* () {
+        if (mod.function === "aes-128-ctr") {
+            try {
+                return yield aes_1.encrypt(data, key, utils_1.hexToBytes(mod.params.iv), mod.function, false);
+            }
+            catch (e) {
+                throw new Error("Unable to encrypt");
+            }
+        }
+        else {
+            throw new Error("Invalid cipher type");
+        }
+    });
+}
+cipher.cipherEncrypt = cipherEncrypt;
+function cipherDecrypt(mod, key) {
+    return __awaiter(this, undefined, undefined, function* () {
+        if (mod.function === "aes-128-ctr") {
+            try {
+                return yield aes_1.decrypt(utils_1.hexToBytes(mod.message), key, utils_1.hexToBytes(mod.params.iv), mod.function, false);
+            }
+            catch (e) {
+                throw new Error("Unable to decrypt");
+            }
+        }
+        else {
+            throw new Error("Invalid cipher type");
+        }
+    });
+}
+cipherDecrypt_1 = cipher.cipherDecrypt = cipherDecrypt;
+
+export { cipherDecrypt_1 as cipherDecrypt, cipher as default };

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/class.js

@@ -0,0 +1,99 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as _class } from '../../../../../../_virtual/class.js';
+import './kdf.js';
+import './checksum.js';
+import './cipher.js';
+import './functional.js';
+import './schema-validation.js';
+import { __exports as kdf } from '../../../../../../_virtual/kdf.js';
+import { __exports as checksum } from '../../../../../../_virtual/checksum.js';
+import { __exports as cipher } from '../../../../../../_virtual/cipher.js';
+import { __exports as functional } from '../../../../../../_virtual/functional.js';
+import { __exports as schemaValidation } from '../../../../../../_virtual/schema-validation.js';
+
+var __awaiter = (commonjsGlobal && commonjsGlobal.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(_class, "__esModule", { value: true });
+_class.Keystore = undefined;
+const kdf_1 = kdf;
+const checksum_1 = checksum;
+const cipher_1 = cipher;
+const functional_1 = functional;
+const schema_validation_1 = schemaValidation;
+/**
+ * Class-based BLS Keystore
+ */
+class Keystore {
+    constructor(obj) {
+        this.version = obj.version;
+        this.uuid = obj.uuid;
+        this.description = obj.description;
+        this.path = obj.path;
+        this.pubkey = obj.pubkey;
+        this.crypto = {
+            kdf: Object.assign({}, obj.crypto.kdf),
+            checksum: Object.assign({}, obj.crypto.checksum),
+            cipher: Object.assign({}, obj.crypto.cipher),
+        };
+    }
+    /**
+     * Create a new Keystore object
+     */
+    static create(password, secret, pubkey, path, description = null, kdfMod = kdf_1.defaultPbkdfModule(), checksumMod = checksum_1.defaultSha256Module(), cipherMod = cipher_1.defaultAes128CtrModule()) {
+        return __awaiter(this, undefined, undefined, function* () {
+            const obj = yield functional_1.create(password, secret, pubkey, path, description, kdfMod, checksumMod, cipherMod);
+            return new Keystore(obj);
+        });
+    }
+    /**
+     * Create a keystore from an unknown object
+     */
+    static fromObject(obj) {
+        schema_validation_1.validateKeystore(obj);
+        return new Keystore(obj);
+    }
+    /**
+     * Parse a keystore from a JSON string
+     */
+    static parse(str) {
+        return Keystore.fromObject(JSON.parse(str));
+    }
+    /**
+     * Decrypt a keystore, returns the secret key or throws on invalid password
+     */
+    decrypt(password) {
+        return __awaiter(this, undefined, undefined, function* () {
+            return functional_1.decrypt(this, password);
+        });
+    }
+    /**
+     * Verify the password as correct or not
+     */
+    verifyPassword(password) {
+        return __awaiter(this, undefined, undefined, function* () {
+            return functional_1.verifyPassword(this, password);
+        });
+    }
+    /**
+     * Return the keystore as a plain object
+     */
+    toObject() {
+        return Object.assign({}, this);
+    }
+    /**
+     * Return the keystore as stringified JSON
+     */
+    stringify() {
+        return JSON.stringify(this.toObject(), null, 2);
+    }
+}
+_class.Keystore = Keystore;
+
+export { _class as default };

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/functional.js

@@ -0,0 +1,103 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as functional } from '../../../../../../_virtual/functional.js';
+import require$$0 from '../../../../../../_virtual/index2.js';
+import './kdf.js';
+import './checksum.js';
+import './cipher.js';
+import './password.js';
+import { u as utilsExports } from '../node_modules/ethereum-cryptography/utils.js';
+import { __exports as kdf } from '../../../../../../_virtual/kdf.js';
+import { __exports as checksum } from '../../../../../../_virtual/checksum.js';
+import { __exports as cipher } from '../../../../../../_virtual/cipher.js';
+import { __exports as password } from '../../../../../../_virtual/password.js';
+
+(function (exports) {
+	var __awaiter = (commonjsGlobal && commonjsGlobal.__awaiter) || function (thisArg, _arguments, P, generator) {
+	    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+	    return new (P || (P = Promise))(function (resolve, reject) {
+	        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+	        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+	        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+	        step((generator = generator.apply(thisArg, _arguments || [])).next());
+	    });
+	};
+	Object.defineProperty(exports, "__esModule", { value: true });
+	exports.decrypt = exports.verifyPassword = exports.create = exports.defaultAes128CtrModule = exports.defaultSha256Module = exports.defaultScryptModule = exports.defaultPbkdfModule = undefined;
+	const uuid_1 = require$$0;
+	const kdf_1 = kdf;
+	Object.defineProperty(exports, "defaultPbkdfModule", { enumerable: true, get: function () { return kdf_1.defaultPbkdfModule; } });
+	Object.defineProperty(exports, "defaultScryptModule", { enumerable: true, get: function () { return kdf_1.defaultScryptModule; } });
+	const checksum_1 = checksum;
+	Object.defineProperty(exports, "defaultSha256Module", { enumerable: true, get: function () { return checksum_1.defaultSha256Module; } });
+	const cipher_1 = cipher;
+	Object.defineProperty(exports, "defaultAes128CtrModule", { enumerable: true, get: function () { return cipher_1.defaultAes128CtrModule; } });
+	const password_1 = password;
+	const utils_1 = utilsExports;
+	/**
+	 * Create a new keystore object
+	 *
+	 * @param password password used to encrypt the keystore
+	 * @param secret secret key material to be encrypted
+	 * @param pubkey public key, not checked for validity
+	 * @param path HD path used to generate the secret
+	 * @param kdfMod key derivation function (kdf) configuration module
+	 * @param checksumMod checksum configuration module
+	 * @param cipherMod cipher configuration module
+	 */
+	function create(password, secret, pubkey, path, description = null, kdfMod = kdf_1.defaultPbkdfModule(), checksumMod = checksum_1.defaultSha256Module(), cipherMod = cipher_1.defaultAes128CtrModule()) {
+	    return __awaiter(this, undefined, undefined, function* () {
+	        const encryptionKey = yield kdf_1.kdf(kdfMod, password_1.normalizePassword(password));
+	        const ciphertext = yield cipher_1.cipherEncrypt(cipherMod, encryptionKey.slice(0, 16), secret);
+	        return {
+	            version: 4,
+	            uuid: uuid_1.v4(),
+	            description: description || undefined,
+	            path: path,
+	            pubkey: utils_1.bytesToHex(pubkey),
+	            crypto: {
+	                kdf: {
+	                    function: kdfMod.function,
+	                    params: Object.assign({}, kdfMod.params),
+	                    message: "",
+	                },
+	                checksum: {
+	                    function: checksumMod.function,
+	                    params: {},
+	                    message: utils_1.bytesToHex(yield checksum_1.checksum(checksumMod, encryptionKey, ciphertext)),
+	                },
+	                cipher: {
+	                    function: cipherMod.function,
+	                    params: Object.assign({}, cipherMod.params),
+	                    message: utils_1.bytesToHex(ciphertext),
+	                },
+	            },
+	        };
+	    });
+	}
+	exports.create = create;
+	/**
+	 * Verify the password of a keystore object
+	 */
+	function verifyPassword(keystore, password) {
+	    return __awaiter(this, undefined, undefined, function* () {
+	        const decryptionKey = yield kdf_1.kdf(keystore.crypto.kdf, password_1.normalizePassword(password));
+	        const ciphertext = utils_1.hexToBytes(keystore.crypto.cipher.message);
+	        return checksum_1.verifyChecksum(keystore.crypto.checksum, decryptionKey, ciphertext);
+	    });
+	}
+	exports.verifyPassword = verifyPassword;
+	/**
+	 * Decrypt a keystore, returns the secret key or throws on invalid password
+	 */
+	function decrypt(keystore, password) {
+	    return __awaiter(this, undefined, undefined, function* () {
+	        const decryptionKey = yield kdf_1.kdf(keystore.crypto.kdf, password_1.normalizePassword(password));
+	        const ciphertext = utils_1.hexToBytes(keystore.crypto.cipher.message);
+	        if (!(yield checksum_1.verifyChecksum(keystore.crypto.checksum, decryptionKey, ciphertext))) {
+	            throw new Error("Invalid password");
+	        }
+	        return cipher_1.cipherDecrypt(keystore.crypto.cipher, decryptionKey.slice(0, 16));
+	    });
+	}
+	exports.decrypt = decrypt; 
+} (functional));

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/index.js

@@ -0,0 +1,28 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as lib } from '../../../../../../_virtual/index.js';
+import './types.js';
+import './functional.js';
+import './class.js';
+import './schema-validation.js';
+import { __exports as types } from '../../../../../../_virtual/types.js';
+import { __exports as functional } from '../../../../../../_virtual/functional.js';
+import { __exports as _class } from '../../../../../../_virtual/class.js';
+import { __exports as schemaValidation } from '../../../../../../_virtual/schema-validation.js';
+
+(function (exports) {
+	var __createBinding = (commonjsGlobal && commonjsGlobal.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+	    if (k2 === undefined) k2 = k;
+	    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+	}) : (function(o, m, k, k2) {
+	    if (k2 === undefined) k2 = k;
+	    o[k2] = m[k];
+	}));
+	var __exportStar = (commonjsGlobal && commonjsGlobal.__exportStar) || function(m, exports) {
+	    for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p);
+	};
+	Object.defineProperty(exports, "__esModule", { value: true });
+	__exportStar(types, exports);
+	__exportStar(functional, exports);
+	__exportStar(_class, exports);
+	__exportStar(schemaValidation, exports); 
+} (lib));

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/kdf.js

@@ -0,0 +1,78 @@
+import { commonjsGlobal } from '../../../../../../_virtual/_commonjsHelpers.js';
+import { __exports as kdf$1 } from '../../../../../../_virtual/kdf.js';
+import '../node_modules/ethereum-cryptography/random.js';
+import '../node_modules/ethereum-cryptography/pbkdf2.js';
+import '../node_modules/ethereum-cryptography/scrypt.js';
+import { u as utilsExports } from '../node_modules/ethereum-cryptography/utils.js';
+import { __exports as random } from '../../../../../../_virtual/random.js';
+import { __exports as pbkdf2 } from '../../../../../../_virtual/pbkdf2.js';
+import { __exports as scrypt } from '../../../../../../_virtual/scrypt.js';
+
+var __awaiter = (commonjsGlobal && commonjsGlobal.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(kdf$1, "__esModule", { value: true });
+var kdf_2 = kdf$1.kdf = kdf$1.defaultScryptModule = kdf$1.defaultPbkdfModule = undefined;
+const random_1 = random;
+const pbkdf2_1 = pbkdf2;
+const scrypt_1 = scrypt;
+const utils_1 = utilsExports;
+// default kdf configurations
+function defaultPbkdfModule() {
+    return {
+        function: "pbkdf2",
+        params: {
+            dklen: 32,
+            c: 262144,
+            prf: "hmac-sha256",
+            salt: utils_1.bytesToHex(random_1.getRandomBytesSync(32)),
+        },
+    };
+}
+kdf$1.defaultPbkdfModule = defaultPbkdfModule;
+function defaultScryptModule() {
+    return {
+        function: "scrypt",
+        params: {
+            dklen: 32,
+            n: 262144,
+            r: 8,
+            p: 1,
+            salt: utils_1.bytesToHex(random_1.getRandomBytesSync(32)),
+        },
+    };
+}
+kdf$1.defaultScryptModule = defaultScryptModule;
+// kdf operations
+function kdf(mod, password) {
+    return __awaiter(this, undefined, undefined, function* () {
+        if (mod.function === "pbkdf2") {
+            return yield doPbkdf2(mod.params, password);
+        }
+        else if (mod.function === "scrypt") {
+            return yield doScrypt(mod.params, password);
+        }
+        else {
+            throw new Error("Invalid kdf type");
+        }
+    });
+}
+kdf_2 = kdf$1.kdf = kdf;
+function doPbkdf2(params, password) {
+    return __awaiter(this, undefined, undefined, function* () {
+        return pbkdf2_1.pbkdf2(password, utils_1.hexToBytes(params.salt), params.c, params.dklen, params.prf.slice(5));
+    });
+}
+function doScrypt(params, password) {
+    return __awaiter(this, undefined, undefined, function* () {
+        return scrypt_1.scrypt(password, utils_1.hexToBytes(params.salt), params.n, params.p, params.r, params.dklen);
+    });
+}
+
+export { kdf$1 as default, kdf_2 as kdf };

package/bundle/packages/rln/node_modules/@chainsafe/bls-keystore/lib/password.js

@@ -0,0 +1,17 @@
+import { __exports as password } from '../../../../../../_virtual/password.js';
+import { u as utilsExports } from '../node_modules/ethereum-cryptography/utils.js';
+
+Object.defineProperty(password, "__esModule", { value: true });
+var normalizePassword_1 = password.normalizePassword = undefined;
+const utils_1 = utilsExports;
+function normalizePassword(password) {
+    if (typeof password === "string") {
+        return utils_1.utf8ToBytes(password.normalize("NFKD"));
+    }
+    else {
+        return password;
+    }
+}
+normalizePassword_1 = password.normalizePassword = normalizePassword;
+
+export { password as default, normalizePassword_1 as normalizePassword };