@waku/rln 0.1.8-e224c05.0 → 0.1.8-e800af3.0

package/bundle/packages/proto/dist/generated/topic_only_message.js

@@ -0,0 +1,63 @@
+import { decodeMessage } from '../../../../node_modules/protons-runtime/dist/src/decode.js';
+import { encodeMessage } from '../../../../node_modules/protons-runtime/dist/src/encode.js';
+import '../../../../node_modules/protons-runtime/dist/src/codec.js';
+import { message } from '../../../../node_modules/protons-runtime/dist/src/codecs/message.js';
+import '../../../../node_modules/protons-runtime/dist/src/utils/float.js';
+import '../../../../node_modules/protons-runtime/dist/src/utils/longbits.js';
+import '../../../../node_modules/protons-runtime/dist/src/utils/writer.js';
+
+/* eslint-disable import/export */
+/* eslint-disable complexity */
+/* eslint-disable @typescript-eslint/no-namespace */
+/* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
+/* eslint-disable import/consistent-type-specifier-style */
+/* eslint-disable @typescript-eslint/no-unused-vars */
+var TopicOnlyMessage;
+(function (TopicOnlyMessage) {
+    let _codec;
+    TopicOnlyMessage.codec = () => {
+        if (_codec == null) {
+            _codec = message((obj, w, opts = {}) => {
+                if (opts.lengthDelimited !== false) {
+                    w.fork();
+                }
+                if ((obj.contentTopic != null && obj.contentTopic !== '')) {
+                    w.uint32(18);
+                    w.string(obj.contentTopic);
+                }
+                if (opts.lengthDelimited !== false) {
+                    w.ldelim();
+                }
+            }, (reader, length, opts = {}) => {
+                const obj = {
+                    contentTopic: ''
+                };
+                const end = length == null ? reader.len : reader.pos + length;
+                while (reader.pos < end) {
+                    const tag = reader.uint32();
+                    switch (tag >>> 3) {
+                        case 2: {
+                            obj.contentTopic = reader.string();
+                            break;
+                        }
+                        default: {
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                }
+                return obj;
+            });
+        }
+        return _codec;
+    };
+    TopicOnlyMessage.encode = (obj) => {
+        return encodeMessage(obj, TopicOnlyMessage.codec());
+    };
+    TopicOnlyMessage.decode = (buf, opts) => {
+        return decodeMessage(buf, TopicOnlyMessage.codec(), opts);
+    };
+})(TopicOnlyMessage || (TopicOnlyMessage = {}));
+
+export { TopicOnlyMessage };

package/bundle/packages/rln/dist/codec.js

@@ -0,0 +1,92 @@
+import '../../../node_modules/multiformats/dist/src/bases/base10.js';
+import '../../../node_modules/multiformats/dist/src/bases/base16.js';
+import '../../../node_modules/multiformats/dist/src/bases/base2.js';
+import '../../../node_modules/multiformats/dist/src/bases/base256emoji.js';
+import '../../../node_modules/multiformats/dist/src/bases/base32.js';
+import '../../../node_modules/multiformats/dist/src/bases/base36.js';
+import '../../../node_modules/multiformats/dist/src/bases/base58.js';
+import '../../../node_modules/multiformats/dist/src/bases/base64.js';
+import '../../../node_modules/multiformats/dist/src/bases/base8.js';
+import '../../../node_modules/multiformats/dist/src/bases/identity.js';
+import '../../../node_modules/multiformats/dist/src/codecs/json.js';
+import { Logger } from '../../utils/dist/logger.js';
+import { toRLNSignal, RlnMessage } from './message.js';
+
+const log = new Logger("waku:rln:encoder");
+class RLNEncoder {
+    encoder;
+    rlnInstance;
+    index;
+    idSecretHash;
+    constructor(encoder, rlnInstance, index, identityCredential) {
+        this.encoder = encoder;
+        this.rlnInstance = rlnInstance;
+        this.index = index;
+        if (index < 0)
+            throw new Error("Invalid membership index");
+        this.idSecretHash = identityCredential.IDSecretHash;
+    }
+    async toWire(message) {
+        message.rateLimitProof = await this.generateProof(message);
+        log.info("Proof generated", message.rateLimitProof);
+        return this.encoder.toWire(message);
+    }
+    async toProtoObj(message) {
+        const protoMessage = await this.encoder.toProtoObj(message);
+        if (!protoMessage)
+            return;
+        protoMessage.contentTopic = this.contentTopic;
+        protoMessage.rateLimitProof = await this.generateProof(message);
+        log.info("Proof generated", protoMessage.rateLimitProof);
+        return protoMessage;
+    }
+    async generateProof(message) {
+        const signal = toRLNSignal(this.contentTopic, message);
+        return this.rlnInstance.zerokit.generateRLNProof(signal, this.index, message.timestamp, this.idSecretHash);
+    }
+    get pubsubTopic() {
+        return this.encoder.pubsubTopic;
+    }
+    get routingInfo() {
+        return this.encoder.routingInfo;
+    }
+    get contentTopic() {
+        return this.encoder.contentTopic;
+    }
+    get ephemeral() {
+        return this.encoder.ephemeral;
+    }
+}
+const createRLNEncoder = (options) => {
+    return new RLNEncoder(options.encoder, options.rlnInstance, options.index, options.credential);
+};
+class RLNDecoder {
+    rlnInstance;
+    decoder;
+    constructor(rlnInstance, decoder) {
+        this.rlnInstance = rlnInstance;
+        this.decoder = decoder;
+    }
+    get pubsubTopic() {
+        return this.decoder.pubsubTopic;
+    }
+    get contentTopic() {
+        return this.decoder.contentTopic;
+    }
+    fromWireToProtoObj(bytes) {
+        const protoMessage = this.decoder.fromWireToProtoObj(bytes);
+        log.info("Message decoded", protoMessage);
+        return Promise.resolve(protoMessage);
+    }
+    async fromProtoObj(pubsubTopic, proto) {
+        const msg = await this.decoder.fromProtoObj(pubsubTopic, proto);
+        if (!msg)
+            return;
+        return new RlnMessage(this.rlnInstance, msg, proto.rateLimitProof);
+    }
+}
+const createRLNDecoder = (options) => {
+    return new RLNDecoder(options.rlnInstance, options.decoder);
+};
+
+export { RLNDecoder, RLNEncoder, createRLNDecoder, createRLNEncoder };

package/bundle/packages/rln/dist/contract/constants.js

@@ -17,16 +17,23 @@ const PRICE_CALCULATOR_CONTRACT = {
  * @see https://github.com/waku-org/specs/blob/master/standards/core/rln-contract.md#implementation-suggestions
  */
 const RATE_LIMIT_TIERS = {
-    STANDARD: 300,
-    MAX: 600
+    LOW: 20, // Suggested minimum rate - 20 messages per epoch
+    MEDIUM: 200,
+    HIGH: 600 // Suggested maximum rate - 600 messages per epoch
 };
 // Global rate limit parameters
 const RATE_LIMIT_PARAMS = {
-    MIN_RATE: RATE_LIMIT_TIERS.STANDARD,
-    MAX_RATE: RATE_LIMIT_TIERS.MAX,
-    MAX_TOTAL_RATE: 160_000,
-    EPOCH_LENGTH: 600
+    MIN_RATE: RATE_LIMIT_TIERS.LOW,
+    MAX_RATE: RATE_LIMIT_TIERS.HIGH,
+    MAX_TOTAL_RATE: 160_000, // Maximum total rate limit across all memberships
+    EPOCH_LENGTH: 600 // Epoch length in seconds (10 minutes)
 };
+/**
+ * Default Q value for the RLN contract
+ * This is the upper bound for the ID commitment
+ * @see https://github.com/waku-org/specs/blob/master/standards/core/rln-contract.md#implementation-suggestions
+ */
+const RLN_Q = BigInt("21888242871839275222246405745257275088548364400416034343698204186575808495617");
 const DEFAULT_RATE_LIMIT = RATE_LIMIT_PARAMS.MAX_RATE;
 
-export { DEFAULT_RATE_LIMIT, PRICE_CALCULATOR_CONTRACT, RATE_LIMIT_PARAMS, RATE_LIMIT_TIERS, RLN_CONTRACT };
+export { DEFAULT_RATE_LIMIT, PRICE_CALCULATOR_CONTRACT, RATE_LIMIT_PARAMS, RATE_LIMIT_TIERS, RLN_CONTRACT, RLN_Q };

package/bundle/packages/rln/dist/contract/rln_base_contract.js

@@ -10,6 +10,7 @@ import '../../../../node_modules/multiformats/dist/src/bases/base8.js';
 import '../../../../node_modules/multiformats/dist/src/bases/identity.js';
 import '../../../../node_modules/multiformats/dist/src/codecs/json.js';
 import { Logger } from '../../../utils/dist/logger.js';
+import { BytesUtils } from '../utils/bytes.js';
 import { RLN_ABI } from './abi/rln.js';
 import { DEFAULT_RATE_LIMIT, RATE_LIMIT_PARAMS, PRICE_CALCULATOR_CONTRACT } from './constants.js';
 import { MembershipState } from './types.js';
@@ -413,7 +414,7 @@ class RLNBaseContract {
     async registerWithPermitAndErase(identity, permit, idCommitmentsToErase) {
         try {
             log.info(`Registering identity with permit and rate limit: ${this.rateLimit} messages/epoch`);
-            const txRegisterResponse = await this.contract.registerWithPermit(permit.owner, permit.deadline, permit.v, permit.r, permit.s, identity.IDCommitmentBigInt, this.rateLimit, idCommitmentsToErase.map((id) => BigNumber.from(id)));
+            const txRegisterResponse = await this.contract.registerWithPermit(permit.owner, permit.deadline, permit.v, permit.r, permit.s, BytesUtils.buildBigIntFromUint8ArrayBE(identity.IDCommitment), this.rateLimit, idCommitmentsToErase.map((id) => BigNumber.from(id)));
             const txRegisterReceipt = await txRegisterResponse.wait();
             const memberRegistered = txRegisterReceipt.events?.find((event) => event.event === "MembershipRegistered");
             if (!memberRegistered || !memberRegistered.args) {

package/bundle/packages/rln/dist/contract/rln_contract.js

@@ -0,0 +1,109 @@
+import { hexToBytes } from '../../../utils/dist/bytes/index.js';
+import { Logger } from '../../../utils/dist/logger.js';
+import { MerkleRootTracker } from '../root_tracker.js';
+import { BytesUtils } from '../utils/bytes.js';
+import { RLNBaseContract } from './rln_base_contract.js';
+import { BigNumber } from '../../../../node_modules/@ethersproject/bignumber/lib.esm/bignumber.js';
+
+const log = new Logger("waku:rln:contract");
+class RLNContract extends RLNBaseContract {
+    instance;
+    merkleRootTracker;
+    /**
+     * Asynchronous initializer for RLNContract.
+     * Allows injecting a mocked contract for testing purposes.
+     */
+    static async init(rlnInstance, options) {
+        const rlnContract = new RLNContract(rlnInstance, options);
+        return rlnContract;
+    }
+    constructor(rlnInstance, options) {
+        super(options);
+        this.instance = rlnInstance;
+        const initialRoot = rlnInstance.zerokit.getMerkleRoot();
+        this.merkleRootTracker = new MerkleRootTracker(5, initialRoot);
+    }
+    processEvents(events) {
+        const toRemoveTable = new Map();
+        const toInsertTable = new Map();
+        events.forEach((evt) => {
+            if (!evt.args) {
+                return;
+            }
+            if (evt.event === "MembershipErased" ||
+                evt.event === "MembershipExpired") {
+                let index = evt.args.index;
+                if (!index) {
+                    return;
+                }
+                if (typeof index === "number" || typeof index === "string") {
+                    index = BigNumber.from(index);
+                }
+                else {
+                    log.error("Index is not a number or string", {
+                        index,
+                        event: evt
+                    });
+                    return;
+                }
+                const toRemoveVal = toRemoveTable.get(evt.blockNumber);
+                if (toRemoveVal != undefined) {
+                    toRemoveVal.push(index.toNumber());
+                    toRemoveTable.set(evt.blockNumber, toRemoveVal);
+                }
+                else {
+                    toRemoveTable.set(evt.blockNumber, [index.toNumber()]);
+                }
+            }
+            else if (evt.event === "MembershipRegistered") {
+                let eventsPerBlock = toInsertTable.get(evt.blockNumber);
+                if (eventsPerBlock == undefined) {
+                    eventsPerBlock = [];
+                }
+                eventsPerBlock.push(evt);
+                toInsertTable.set(evt.blockNumber, eventsPerBlock);
+            }
+        });
+        this.removeMembers(this.instance, toRemoveTable);
+        this.insertMembers(this.instance, toInsertTable);
+    }
+    insertMembers(rlnInstance, toInsert) {
+        toInsert.forEach((events, blockNumber) => {
+            events.forEach((evt) => {
+                if (!evt.args)
+                    return;
+                const _idCommitment = evt.args.idCommitment;
+                let index = evt.args.index;
+                if (!_idCommitment || !index) {
+                    return;
+                }
+                if (typeof index === "number" || typeof index === "string") {
+                    index = BigNumber.from(index);
+                }
+                const idCommitment = BytesUtils.zeroPadLE(hexToBytes(_idCommitment), 32);
+                rlnInstance.zerokit.insertMember(idCommitment);
+                const numericIndex = index.toNumber();
+                this._members.set(numericIndex, {
+                    index,
+                    idCommitment: _idCommitment
+                });
+            });
+            const currentRoot = rlnInstance.zerokit.getMerkleRoot();
+            this.merkleRootTracker.pushRoot(blockNumber, currentRoot);
+        });
+    }
+    removeMembers(rlnInstance, toRemove) {
+        const removeDescending = new Map([...toRemove].reverse());
+        removeDescending.forEach((indexes, blockNumber) => {
+            indexes.forEach((index) => {
+                if (this._members.has(index)) {
+                    this._members.delete(index);
+                    rlnInstance.zerokit.deleteMember(index);
+                }
+            });
+            this.merkleRootTracker.backFill(blockNumber);
+        });
+    }
+}
+
+export { RLNContract };

package/bundle/packages/rln/dist/credentials_manager.js

@@ -1,3 +1,5 @@
+import { hmac } from '../../../node_modules/@noble/hashes/esm/hmac.js';
+import { sha256 } from '../../../node_modules/@noble/hashes/esm/sha2.js';
 import '../../../node_modules/multiformats/dist/src/bases/base10.js';
 import '../../../node_modules/multiformats/dist/src/bases/base16.js';
 import '../../../node_modules/multiformats/dist/src/bases/base2.js';
@@ -10,15 +12,18 @@ import '../../../node_modules/multiformats/dist/src/bases/base8.js';
 import '../../../node_modules/multiformats/dist/src/bases/identity.js';
 import '../../../node_modules/multiformats/dist/src/codecs/json.js';
 import { Logger } from '../../utils/dist/logger.js';
-import { RLN_CONTRACT } from './contract/constants.js';
+import { RLN_CONTRACT, RLN_Q } from './contract/constants.js';
 import { RLNBaseContract } from './contract/rln_base_contract.js';
+import { IdentityCredential } from './identity.js';
 import { Keystore } from './keystore/keystore.js';
+import { BytesUtils } from './utils/bytes.js';
 import { extractMetaMaskSigner } from './utils/metamask.js';
 import './utils/epoch.js';
 
 const log = new Logger("waku:credentials");
 /**
  * Manages credentials for RLN
+ * This is a lightweight implementation of the RLN contract that doesn't require Zerokit
  * It is used to register membership and generate identity credentials
  */
 class RLNCredentialsManager {
@@ -59,7 +64,7 @@ class RLNCredentialsManager {
             this.contract = await RLNBaseContract.create({
                 address: address,
                 signer: signer,
-                rateLimit: rateLimit ?? this.zerokit.rateLimit
+                rateLimit: rateLimit ?? this.zerokit?.rateLimit
             });
             log.info("RLNCredentialsManager successfully started");
             this.started = true;
@@ -80,8 +85,15 @@ class RLNCredentialsManager {
         log.info("Registering membership");
         let identity = "identity" in options && options.identity;
         if ("signature" in options) {
-            log.info("Using Zerokit to generate identity");
-            identity = this.zerokit.generateSeededIdentityCredential(options.signature);
+            log.info("Generating identity from signature");
+            if (this.zerokit) {
+                log.info("Using Zerokit to generate identity");
+                identity = this.zerokit.generateSeededIdentityCredential(options.signature);
+            }
+            else {
+                log.info("Using local implementation to generate identity");
+                identity = await this.generateSeededIdentityCredential(options.signature);
+            }
         }
         if (!identity) {
             log.error("Missing signature or identity to register membership");
@@ -170,6 +182,35 @@ class RLNCredentialsManager {
             throw Error(`Failed to verify chain coordinates: credentials chainID=${chainId} is not equal to registryContract chainID=${currentChainId}`);
         }
     }
+    /**
+     * Generates an identity credential from a seed string
+     * This is a pure implementation that doesn't rely on Zerokit
+     * @param seed A string seed to generate the identity from
+     * @returns IdentityCredential
+     */
+    async generateSeededIdentityCredential(seed) {
+        log.info("Generating seeded identity credential");
+        // Convert the seed to bytes
+        const encoder = new TextEncoder();
+        const seedBytes = encoder.encode(seed);
+        // Generate deterministic values using HMAC-SHA256
+        // We use different context strings for each component to ensure they're different
+        const idTrapdoorBE = hmac(sha256, seedBytes, encoder.encode("IDTrapdoor"));
+        const idNullifierBE = hmac(sha256, seedBytes, encoder.encode("IDNullifier"));
+        const combinedBytes = new Uint8Array([...idTrapdoorBE, ...idNullifierBE]);
+        const idSecretHashBE = sha256(combinedBytes);
+        const idCommitmentRawBE = sha256(idSecretHashBE);
+        const idCommitmentBE = this.reduceIdCommitment(idCommitmentRawBE);
+        log.info("Successfully generated identity credential, storing in Big Endian format");
+        return new IdentityCredential(idTrapdoorBE, idNullifierBE, idSecretHashBE, idCommitmentBE);
+    }
+    /**
+     * Helper: take 32-byte BE, reduce mod Q, return 32-byte BE
+     */
+    reduceIdCommitment(bytesBE, limit = RLN_Q) {
+        const nBE = BytesUtils.buildBigIntFromUint8ArrayBE(bytesBE);
+        return BytesUtils.bigIntToUint8Array32BE(nBE % limit);
+    }
 }
 
 export { RLNCredentialsManager };

package/bundle/packages/rln/dist/identity.js

@@ -14,7 +14,8 @@ class IdentityCredential {
         this.IDNullifier = IDNullifier;
         this.IDSecretHash = IDSecretHash;
         this.IDCommitment = IDCommitment;
-        this.IDCommitmentBigInt = BytesUtils.toBigInt(IDCommitment);
+        this.IDCommitmentBigInt =
+            BytesUtils.buildBigIntFromUint8ArrayBE(IDCommitment);
     }
     static fromBytes(memKeys) {
         if (memKeys.length < 128) {

package/bundle/packages/rln/dist/keystore/keystore.js

@@ -166,13 +166,18 @@ class Keystore {
             const idTrapdoorLE = Keystore.fromArraylikeToBytes(_.get(obj, "identityCredential.idTrapdoor", []));
             const idNullifierLE = Keystore.fromArraylikeToBytes(_.get(obj, "identityCredential.idNullifier", []));
             const idSecretHashLE = Keystore.fromArraylikeToBytes(_.get(obj, "identityCredential.idSecretHash", []));
-            const idCommitmentBigInt = BytesUtils.toBigInt(idCommitmentLE);
+            // Big Endian
+            const idCommitmentBE = BytesUtils.switchEndianness(idCommitmentLE);
+            const idTrapdoorBE = BytesUtils.switchEndianness(idTrapdoorLE);
+            const idNullifierBE = BytesUtils.switchEndianness(idNullifierLE);
+            const idSecretHashBE = BytesUtils.switchEndianness(idSecretHashLE);
+            const idCommitmentBigInt = BytesUtils.buildBigIntFromUint8ArrayBE(idCommitmentBE);
             return {
                 identity: {
-                    IDCommitment: idCommitmentLE,
-                    IDTrapdoor: idTrapdoorLE,
-                    IDNullifier: idNullifierLE,
-                    IDSecretHash: idSecretHashLE,
+                    IDCommitment: idCommitmentBE,
+                    IDTrapdoor: idTrapdoorBE,
+                    IDNullifier: idNullifierBE,
+                    IDSecretHash: idSecretHashBE,
                     IDCommitmentBigInt: idCommitmentBigInt
                 },
                 membership: {
@@ -209,15 +214,31 @@ class Keystore {
     }
     // follows nwaku implementation
     // https://github.com/waku-org/nwaku/blob/f05528d4be3d3c876a8b07f9bb7dfaae8aa8ec6e/waku/waku_keystore/protocol_types.nim#L98
+    // IdentityCredential is stored in Big Endian format => switch to Little Endian
     static fromIdentityToBytes(options) {
         const { IDCommitment, IDNullifier, IDSecretHash, IDTrapdoor } = options.identity;
+        const idCommitmentLE = BytesUtils.switchEndianness(IDCommitment);
+        const idNullifierLE = BytesUtils.switchEndianness(IDNullifier);
+        const idSecretHashLE = BytesUtils.switchEndianness(IDSecretHash);
+        const idTrapdoorLE = BytesUtils.switchEndianness(IDTrapdoor);
+        // eslint-disable-next-line no-console
+        console.log({
+            idCommitmentBE: IDCommitment,
+            idCommitmentLE,
+            idNullifierBE: IDNullifier,
+            idNullifierLE,
+            idSecretHashBE: IDSecretHash,
+            idSecretHashLE,
+            idTrapdoorBE: IDTrapdoor,
+            idTrapdoorLE
+        });
         return utf8ToBytes(JSON.stringify({
             treeIndex: options.membership.treeIndex,
             identityCredential: {
-                idCommitment: Array.from(IDCommitment),
-                idNullifier: Array.from(IDNullifier),
-                idSecretHash: Array.from(IDSecretHash),
-                idTrapdoor: Array.from(IDTrapdoor)
+                idCommitment: Array.from(idCommitmentLE),
+                idNullifier: Array.from(idNullifierLE),
+                idSecretHash: Array.from(idSecretHashLE),
+                idTrapdoor: Array.from(idTrapdoorLE)
             },
             membershipContract: {
                 chainId: options.membership.chainId,

package/bundle/packages/rln/dist/message.js

@@ -0,0 +1,59 @@
+import { Version } from '../../core/dist/lib/message/version_0.js';
+import '../../core/dist/lib/filter/filter.js';
+import '../../core/dist/lib/light_push/light_push.js';
+import '../../core/dist/lib/store/store.js';
+import '../../core/dist/lib/connection_manager/connection_manager.js';
+import { utf8ToBytes } from '../../utils/dist/bytes/index.js';
+import '../../../node_modules/debug/src/browser.js';
+import '../../core/dist/lib/metadata/metadata.js';
+import { epochBytesToInt } from './utils/epoch.js';
+
+function toRLNSignal(contentTopic, msg) {
+    const contentTopicBytes = utf8ToBytes(contentTopic ?? "");
+    return new Uint8Array([...(msg.payload ?? []), ...contentTopicBytes]);
+}
+class RlnMessage {
+    rlnInstance;
+    msg;
+    rateLimitProof;
+    pubsubTopic = "";
+    version = Version;
+    constructor(rlnInstance, msg, rateLimitProof) {
+        this.rlnInstance = rlnInstance;
+        this.msg = msg;
+        this.rateLimitProof = rateLimitProof;
+    }
+    verify(roots) {
+        return this.rateLimitProof
+            ? this.rlnInstance.zerokit.verifyWithRoots(this.rateLimitProof, toRLNSignal(this.msg.contentTopic, this.msg), roots) // this.rlnInstance.verifyRLNProof once issue status-im/nwaku#1248 is fixed
+            : undefined;
+    }
+    verifyNoRoot() {
+        return this.rateLimitProof
+            ? this.rlnInstance.zerokit.verifyWithNoRoot(this.rateLimitProof, toRLNSignal(this.msg.contentTopic, this.msg)) // this.rlnInstance.verifyRLNProof once issue status-im/nwaku#1248 is fixed
+            : undefined;
+    }
+    get payload() {
+        return this.msg.payload;
+    }
+    get contentTopic() {
+        return this.msg.contentTopic;
+    }
+    get timestamp() {
+        return this.msg.timestamp;
+    }
+    get ephemeral() {
+        return this.msg.ephemeral;
+    }
+    get meta() {
+        return this.msg.meta;
+    }
+    get epoch() {
+        const bytes = this.rateLimitProof?.epoch;
+        if (!bytes)
+            return undefined;
+        return epochBytesToInt(bytes);
+    }
+}
+
+export { RlnMessage, toRLNSignal };

package/bundle/packages/rln/dist/proof.js

@@ -0,0 +1,54 @@
+import { BytesUtils } from './utils/bytes.js';
+import { poseidonHash } from './utils/hash.js';
+import './utils/epoch.js';
+
+const proofOffset = 128;
+const rootOffset = proofOffset + 32;
+const epochOffset = rootOffset + 32;
+const shareXOffset = epochOffset + 32;
+const shareYOffset = shareXOffset + 32;
+const nullifierOffset = shareYOffset + 32;
+const rlnIdentifierOffset = nullifierOffset + 32;
+class ProofMetadata {
+    nullifier;
+    shareX;
+    shareY;
+    externalNullifier;
+    constructor(nullifier, shareX, shareY, externalNullifier) {
+        this.nullifier = nullifier;
+        this.shareX = shareX;
+        this.shareY = shareY;
+        this.externalNullifier = externalNullifier;
+    }
+}
+class Proof {
+    proof;
+    merkleRoot;
+    epoch;
+    shareX;
+    shareY;
+    nullifier;
+    rlnIdentifier;
+    constructor(proofBytes) {
+        if (proofBytes.length < rlnIdentifierOffset) {
+            throw new Error("invalid proof");
+        }
+        // parse the proof as proof<128> | share_y<32> | nullifier<32> | root<32> | epoch<32> | share_x<32> | rln_identifier<32>
+        this.proof = proofBytes.subarray(0, proofOffset);
+        this.merkleRoot = proofBytes.subarray(proofOffset, rootOffset);
+        this.epoch = proofBytes.subarray(rootOffset, epochOffset);
+        this.shareX = proofBytes.subarray(epochOffset, shareXOffset);
+        this.shareY = proofBytes.subarray(shareXOffset, shareYOffset);
+        this.nullifier = proofBytes.subarray(shareYOffset, nullifierOffset);
+        this.rlnIdentifier = proofBytes.subarray(nullifierOffset, rlnIdentifierOffset);
+    }
+    extractMetadata() {
+        const externalNullifier = poseidonHash(this.epoch, this.rlnIdentifier);
+        return new ProofMetadata(this.nullifier, this.shareX, this.shareY, externalNullifier);
+    }
+}
+function proofToBytes(p) {
+    return BytesUtils.concatenate(p.proof, p.merkleRoot, p.epoch, p.shareX, p.shareY, p.nullifier, p.rlnIdentifier);
+}
+
+export { Proof, proofToBytes };