@zama-fhe/relayer-sdk 0.3.0-3 → 0.3.0-5

package/bundle.d.ts

@@ -10,9 +10,16 @@ export {
   FhevmInstance,
   FhevmInstanceConfig,
   createInstance,
-  EncryptionTypes,
+  EncryptionBits,
   ENCRYPTION_TYPES,
-  DecryptedResults,
+  UserDecryptResults,
+  PublicDecryptResults,
+  ClearValueType,
+  ClearValues,
   initSDK,
   SepoliaConfig,
+  Auth,
+  BearerToken,
+  ApiKeyCookie,
+  ApiKeyHeader,
 } from './lib/web';

package/lib/node.cjs

@@ -56,6 +56,9 @@ const bytesToBigInt = function (byteArray) {
         .join('');
     return BigInt(`0x${hex}`);
 };
+function ensure0x(s) {
+    return !s.startsWith('0x') ? `0x${s}` : s;
+}
 
 function setAuth(init, auth) {
     if (auth) {
@@ -562,6 +565,17 @@ const NumEncryptedBits = {
     7: 160, // eaddress
     8: 256, // euint256
 };
+function getHandleType(handle) {
+    if (handle.length !== 66) {
+        throw new Error(`Handle ${handle} is not of valid length`);
+    }
+    const hexPair = handle.slice(-4, -2).toLowerCase();
+    const typeDiscriminant = parseInt(hexPair, 16);
+    if (!(typeDiscriminant in NumEncryptedBits)) {
+        throw new Error(`Handle ${handle} is not of valid type`);
+    }
+    return typeDiscriminant;
+}
 function checkEncryptedBits(handles) {
     let total = 0;
     for (const handle of handles) {
@@ -590,37 +604,30 @@ const aclABI$1 = [
 ];
 const MAX_USER_DECRYPT_CONTRACT_ADDRESSES = 10;
 const MAX_USER_DECRYPT_DURATION_DAYS = BigInt(365);
-function formatAccordingToType(decryptedBigInt, type) {
+function formatAccordingToType(clearValueAsBigInt, type) {
     if (type === 0) {
         // ebool
-        return decryptedBigInt === BigInt(1);
+        return clearValueAsBigInt === BigInt(1);
     }
     else if (type === 7) {
         // eaddress
-        return getAddress$1('0x' + decryptedBigInt.toString(16).padStart(40, '0'));
-    }
-    else if (type === 9) {
-        // ebytes64
-        return '0x' + decryptedBigInt.toString(16).padStart(128, '0');
+        return getAddress$1('0x' + clearValueAsBigInt.toString(16).padStart(40, '0'));
     }
-    else if (type === 10) {
-        // ebytes128
-        return '0x' + decryptedBigInt.toString(16).padStart(256, '0');
+    else if (type > 8 || type == 1) {
+        // type == 1 : euint4 (not supported)
+        throw new Error(`Unsupported handle type ${type}`);
     }
-    else if (type === 11) {
-        // ebytes256
-        return '0x' + decryptedBigInt.toString(16).padStart(512, '0');
-    } // euintXXX
-    return decryptedBigInt;
+    // euintXXX
+    return clearValueAsBigInt;
 }
-function buildUserDecryptedResult(handles, listBigIntDecryptions) {
+function buildUserDecryptResults(handles, listBigIntDecryptions) {
     let typesList = [];
     for (const handle of handles) {
         const hexPair = handle.slice(-4, -2).toLowerCase();
         const typeDiscriminant = parseInt(hexPair, 16);
         typesList.push(typeDiscriminant);
     }
-    let results = {};
+    const results = {};
     handles.forEach((handle, idx) => (results[handle] = formatAccordingToType(listBigIntDecryptions[idx], typesList[idx])));
     return results;
 }
@@ -726,7 +733,7 @@ const userDecryptRequest = (kmsSigners, gatewayChainId, chainId, verifyingContra
         };
         const decryption = TKMS.process_user_decryption_resp_from_js(client, payloadForVerification, eip712Domain, json.response, pubKey, privKey, true);
         const listBigIntDecryptions = decryption.map((d) => bytesToBigInt(d.bytes));
-        const results = buildUserDecryptedResult(handles.map((h) => h.handle), listBigIntDecryptions);
+        const results = buildUserDecryptResults(handles.map((h) => h.handle), listBigIntDecryptions);
         return results;
     }
     catch (e) {
@@ -781,7 +788,7 @@ const createEncryptedInput = ({ aclContractAddress, chainId, tfheCompactPublicKe
             checkEncryptedValue(Number(value), 1);
             checkLimit(2);
             builder.push_boolean(!!value);
-            bits.push(1); // ebool takes 2 encrypted bits
+            bits.push(2); // ebool takes 2 encrypted bits
             return this;
         },
         add8(value) {
@@ -835,36 +842,6 @@ const createEncryptedInput = ({ aclContractAddress, chainId, tfheCompactPublicKe
             bits.push(256);
             return this;
         },
-        addBytes64(value) {
-            if (value.length !== 64)
-                throw Error('Uncorrect length of input Uint8Array, should be 64 for an ebytes64');
-            const bigIntValue = bytesToBigInt(value);
-            checkEncryptedValue(bigIntValue, 512);
-            checkLimit(512);
-            builder.push_u512(bigIntValue);
-            bits.push(512);
-            return this;
-        },
-        addBytes128(value) {
-            if (value.length !== 128)
-                throw Error('Uncorrect length of input Uint8Array, should be 128 for an ebytes128');
-            const bigIntValue = bytesToBigInt(value);
-            checkEncryptedValue(bigIntValue, 1024);
-            checkLimit(1024);
-            builder.push_u1024(bigIntValue);
-            bits.push(1024);
-            return this;
-        },
-        addBytes256(value) {
-            if (value.length !== 256)
-                throw Error('Uncorrect length of input Uint8Array, should be 256 for an ebytes256');
-            const bigIntValue = bytesToBigInt(value);
-            checkEncryptedValue(bigIntValue, 2048);
-            checkLimit(2048);
-            builder.push_u2048(bigIntValue);
-            bits.push(2048);
-            return this;
-        },
         getBits() {
             return bits;
         },
@@ -897,18 +874,37 @@ const createEncryptedInput = ({ aclContractAddress, chainId, tfheCompactPublicKe
     };
 };
 
+/**
+ * **FHE Type Mapping for Input Builders**
+ * * Maps the **number of encrypted bits** used by a FHEVM primary type
+ * to its corresponding **FheTypeId**. This constant is primarily used by
+ * `EncryptedInput` and `RelayerEncryptedInput` builders to determine the correct
+ * input type and calculate the total required bit-length.
+ *
+ * **Structure: \{ Encrypted Bit Length: FheTypeId \}**
+ *
+ * | Bits | FheTypeId | FHE Type Name | Note |
+ * | :--- | :-------- | :------------ | :--- |
+ * | 2    | 0         | `ebool`         | The boolean type. |
+ * | (N/A)| 1         | `euint4`        | **Deprecated** and omitted from this map. |
+ * | 8    | 2         | `euint8`        | |
+ * | 16   | 3         | `euint16`       | |
+ * | 32   | 4         | `euint32`       | |
+ * | 64   | 5         | `euint64`       | |
+ * | 128  | 6         | `euint128`      | |
+ * | 160  | 7         | `eaddress`      | Used for encrypted Ethereum addresses. |
+ * | 256  | 8         | `euint256`      | The maximum supported integer size. |
+ */
 const ENCRYPTION_TYPES = {
-    1: 0, // ebool takes 2 encrypted bits
-    8: 2,
-    16: 3,
-    32: 4,
-    64: 5,
-    128: 6,
-    160: 7,
-    256: 8,
-    512: 9,
-    1024: 10,
-    2048: 11,
+    2: 0, // ebool (FheTypeId=0) is using 2 encrypted bits
+    // euint4 (FheTypeId=1) is deprecated
+    8: 2, // euint8 (FheTypeId=2) is using 8 encrypted bits
+    16: 3, // euint16 (FheTypeId=3) is using 16 encrypted bits
+    32: 4, // euint32 (FheTypeId=4) is using 32 encrypted bits
+    64: 5, // euint64 (FheTypeId=5) is using 64 encrypted bits
+    128: 6, // euint128 (FheTypeId=128) is using 128 encrypted bits
+    160: 7, // eaddress (FheTypeId=7) is using 160 encrypted bits
+    256: 8, // euint256 (FheTypeId=8) is using 256 encrypted bits
 };
 
 const MAX_UINT64 = BigInt('18446744073709551615'); // 2^64 - 1
@@ -1137,6 +1133,74 @@ function isThresholdReached(kmsSigners, recoveredAddresses, threshold) {
     }
     return recoveredAddresses.length >= threshold;
 }
+function abiEncodeClearValues(clearValues) {
+    const handlesBytes32Hex = Object.keys(clearValues);
+    const abiTypes = [];
+    const abiValues = [];
+    for (let i = 0; i < handlesBytes32Hex.length; ++i) {
+        const handle = handlesBytes32Hex[i];
+        const handleType = getHandleType(handle);
+        let clearTextValue = clearValues[handle];
+        if (typeof clearTextValue === 'boolean') {
+            clearTextValue = clearTextValue ? '0x01' : '0x00';
+        }
+        const clearTextValueBigInt = BigInt(clearTextValue);
+        //abiTypes.push(fhevmTypeInfo.solidityTypeName);
+        abiTypes.push('uint256');
+        switch (handleType) {
+            // eaddress
+            case 7: {
+                // string
+                abiValues.push(`0x${clearTextValueBigInt.toString(16).padStart(40, '0')}`);
+                break;
+            }
+            // ebool
+            case 0: {
+                // bigint (0 or 1)
+                if (clearTextValueBigInt !== BigInt(0) &&
+                    clearTextValueBigInt !== BigInt(1)) {
+                    throw new Error(`Invalid ebool clear text value ${clearTextValueBigInt}. Expecting 0 or 1.`);
+                }
+                abiValues.push(clearTextValueBigInt);
+                break;
+            }
+            case 2: //euint8
+            case 3: //euint16
+            case 4: //euint32
+            case 5: //euint64
+            case 6: //euint128
+            case 7: {
+                //euint256
+                // bigint
+                abiValues.push(clearTextValueBigInt);
+                break;
+            }
+            default: {
+                throw new Error(`Unsupported Fhevm primitive type id: ${handleType}`);
+            }
+        }
+    }
+    const abiCoder = ethers.ethers.AbiCoder.defaultAbiCoder();
+    // ABI encode the decryptedResult as done in the KMS, since all decrypted values
+    // are native static types, thay have same abi-encoding as uint256:
+    const abiEncodedClearValues = abiCoder.encode(abiTypes, abiValues);
+    return {
+        abiTypes,
+        abiValues,
+        abiEncodedClearValues,
+    };
+}
+function buildDecryptionProof(kmsSignatures, extraData) {
+    // Build the decryptionProof as numSigners + KMS signatures + extraData
+    const packedNumSigners = ethers.ethers.solidityPacked(['uint8'], [kmsSignatures.length]);
+    const packedSignatures = ethers.ethers.solidityPacked(Array(kmsSignatures.length).fill('bytes'), kmsSignatures);
+    const decryptionProof = ethers.ethers.concat([
+        packedNumSigners,
+        packedSignatures,
+        extraData,
+    ]);
+    return decryptionProof;
+}
 const CiphertextType = {
     0: 'bool',
     2: 'uint256',
@@ -1147,7 +1211,7 @@ const CiphertextType = {
     7: 'address',
     8: 'uint256',
 };
-function deserializeDecryptedResult(handles, decryptedResult) {
+function deserializeClearValues(handles, decryptedResult) {
     let typesList = [];
     for (const handle of handles) {
         const hexPair = handle.slice(-4, -2).toLowerCase();
@@ -1166,7 +1230,7 @@ function deserializeDecryptedResult(handles, decryptedResult) {
     const decoded = coder.decode(['uint256', ...abiTypes, 'bytes[]'], restoredEncoded);
     // strip dummy first/last element
     const rawValues = decoded.slice(1, 1 + typesList.length);
-    let results = {};
+    const results = {};
     handles.forEach((handle, idx) => (results[handle] = rawValues[idx]));
     return results;
 }
@@ -1211,22 +1275,26 @@ const publicDecryptRequest = (kmsSigners, thresholdSigners, gatewayChainId, veri
         ],
     };
     const result = json.response[0];
-    const decryptedResult = result.decrypted_value.startsWith('0x')
-        ? result.decrypted_value
-        : `0x${result.decrypted_value}`;
-    const signatures = result.signatures;
+    const decryptedResult = ensure0x(result.decrypted_value);
+    const kmsSignatures = result.signatures.map(ensure0x);
+    // TODO result.extra_data (RelayerPublicDecryptJsonResponse)
     const signedExtraData = '0x';
-    const recoveredAddresses = signatures.map((signature) => {
-        const sig = signature.startsWith('0x') ? signature : `0x${signature}`;
-        const recoveredAddress = ethers.ethers.verifyTypedData(domain, types, { ctHandles: handles, decryptedResult, extraData: signedExtraData }, sig);
+    const recoveredAddresses = kmsSignatures.map((kmsSignature) => {
+        const recoveredAddress = ethers.ethers.verifyTypedData(domain, types, { ctHandles: handles, decryptedResult, extraData: signedExtraData }, kmsSignature);
         return recoveredAddress;
     });
     const thresholdReached = isThresholdReached(kmsSigners, recoveredAddresses, thresholdSigners);
     if (!thresholdReached) {
         throw Error('KMS signers threshold is not reached');
     }
-    const results = deserializeDecryptedResult(handles, decryptedResult);
-    return results;
+    const clearValues = deserializeClearValues(handles, decryptedResult);
+    const abiEnc = abiEncodeClearValues(clearValues);
+    const decryptionProof = buildDecryptionProof(kmsSignatures, signedExtraData);
+    return {
+        clearValues,
+        abiEncodedClearValues: abiEnc.abiEncodedClearValues,
+        decryptionProof,
+    };
 };
 
 /**
@@ -1336,23 +1404,23 @@ const generateKeypair = () => {
 global.fetch = fetchRetry(global.fetch, { retries: 5, retryDelay: 500 });
 const SepoliaConfig = {
     // ACL_CONTRACT_ADDRESS (FHEVM Host chain)
-    aclContractAddress: '0x687820221192C5B662b25367F70076A37bc79b6c',
+    aclContractAddress: '0xf0Ffdc93b7E186bC2f8CB3dAA75D86d1930A433D',
     // KMS_VERIFIER_CONTRACT_ADDRESS (FHEVM Host chain)
-    kmsContractAddress: '0x1364cBBf2cDF5032C47d8226a6f6FBD2AFCDacAC',
+    kmsContractAddress: '0xbE0E383937d564D7FF0BC3b46c51f0bF8d5C311A',
     // INPUT_VERIFIER_CONTRACT_ADDRESS (FHEVM Host chain)
-    inputVerifierContractAddress: '0xbc91f3daD1A5F19F8390c400196e58073B6a0BC4',
+    inputVerifierContractAddress: '0xBBC1fFCdc7C316aAAd72E807D9b0272BE8F84DA0',
     // DECRYPTION_ADDRESS (Gateway chain)
-    verifyingContractAddressDecryption: '0xb6E160B1ff80D67Bfe90A85eE06Ce0A2613607D1',
+    verifyingContractAddressDecryption: '0x5D8BD78e2ea6bbE41f26dFe9fdaEAa349e077478',
     // INPUT_VERIFICATION_ADDRESS (Gateway chain)
-    verifyingContractAddressInputVerification: '0x7048C39f048125eDa9d678AEbaDfB22F7900a29F',
+    verifyingContractAddressInputVerification: '0x483b9dE06E4E4C7D35CCf5837A1668487406D955',
     // FHEVM Host chain id
     chainId: 11155111,
     // Gateway chain id
-    gatewayChainId: 55815,
+    gatewayChainId: 10901,
     // Optional RPC provider to host chain
-    network: 'https://eth-sepolia.public.blastapi.io',
+    network: 'https://ethereum-sepolia-rpc.publicnode.com',
     // Relayer URL
-    relayerUrl: 'https://relayer.testnet.zama.cloud',
+    relayerUrl: 'https://relayer.testnet.zama.org',
 };
 const createInstance = async (config) => {
     const { verifyingContractAddressDecryption, verifyingContractAddressInputVerification, publicKey, kmsContractAddress, aclContractAddress, gatewayChainId, auth, } = config;

package/lib/node.d.ts

@@ -6,7 +6,7 @@ import { TfheCompactPublicKey } from 'node-tfhe';
 /**
  * Custom cookie authentication
  */
-declare type ApiKeyCookie = {
+export declare type ApiKeyCookie = {
     __type: 'ApiKeyCookie';
     /**
      * The cookie name. The default value is `x-api-key`.
@@ -21,7 +21,7 @@ declare type ApiKeyCookie = {
 /**
  * Custom header authentication
  */
-declare type ApiKeyHeader = {
+export declare type ApiKeyHeader = {
     __type: 'ApiKeyHeader';
     /**
      * The header name. The default value is `x-api-key`.
@@ -40,12 +40,12 @@ declare type ApiKeyHeader = {
  * - Custom header
  * - Custom cookie
  */
-declare type Auth = BearerToken | ApiKeyHeader | ApiKeyCookie;
+export declare type Auth = BearerToken | ApiKeyHeader | ApiKeyCookie;
 
 /**
  * Bearer Token Authentication
  */
-declare type BearerToken = {
+export declare type BearerToken = {
     __type: 'BearerToken';
     /**
      * The Bearer token.
@@ -53,6 +53,10 @@ declare type BearerToken = {
     token: string;
 };
 
+export declare type ClearValues = Record<`0x${string}`, ClearValueType>;
+
+export declare type ClearValueType = bigint | boolean | `0x${string}`;
+
 /**
  * Creates an EIP712 structure specifically for user decrypt requests
  *
@@ -78,8 +82,6 @@ export declare const createTfheKeypair: () => {
 
 export declare const createTfhePublicKey: () => string;
 
-export declare type DecryptedResults = Record<string, bigint | boolean | string>;
-
 export declare type EIP712 = {
     domain: {
         chainId: number;
@@ -99,8 +101,29 @@ export declare type EIP712Type = {
     type: string;
 };
 
+/**
+ * **FHE Type Mapping for Input Builders**
+ * * Maps the **number of encrypted bits** used by a FHEVM primary type
+ * to its corresponding **FheTypeId**. This constant is primarily used by
+ * `EncryptedInput` and `RelayerEncryptedInput` builders to determine the correct
+ * input type and calculate the total required bit-length.
+ *
+ * **Structure: \{ Encrypted Bit Length: FheTypeId \}**
+ *
+ * | Bits | FheTypeId | FHE Type Name | Note |
+ * | :--- | :-------- | :------------ | :--- |
+ * | 2    | 0         | `ebool`         | The boolean type. |
+ * | (N/A)| 1         | `euint4`        | **Deprecated** and omitted from this map. |
+ * | 8    | 2         | `euint8`        | |
+ * | 16   | 3         | `euint16`       | |
+ * | 32   | 4         | `euint32`       | |
+ * | 64   | 5         | `euint64`       | |
+ * | 128  | 6         | `euint128`      | |
+ * | 160  | 7         | `eaddress`      | Used for encrypted Ethereum addresses. |
+ * | 256  | 8         | `euint256`      | The maximum supported integer size. |
+ */
 export declare const ENCRYPTION_TYPES: {
-    1: number;
+    2: number;
     8: number;
     16: number;
     32: number;
@@ -108,12 +131,9 @@ export declare const ENCRYPTION_TYPES: {
     128: number;
     160: number;
     256: number;
-    512: number;
-    1024: number;
-    2048: number;
 };
 
-export declare type EncryptionTypes = keyof typeof ENCRYPTION_TYPES;
+export declare type EncryptionBits = keyof typeof ENCRYPTION_TYPES;
 
 export declare type FhevmInstance = {
     createEncryptedInput: (contractAddress: string, userAddress: string) => RelayerEncryptedInput;
@@ -122,8 +142,8 @@ export declare type FhevmInstance = {
         privateKey: string;
     };
     createEIP712: (publicKey: string, contractAddresses: string[], startTimestamp: string | number, durationDays: string | number) => EIP712;
-    publicDecrypt: (handles: (string | Uint8Array)[]) => Promise<DecryptedResults>;
-    userDecrypt: (handles: HandleContractPair[], privateKey: string, publicKey: string, signature: string, contractAddresses: string[], userAddress: string, startTimestamp: string | number, durationDays: string | number) => Promise<DecryptedResults>;
+    publicDecrypt: (handles: (string | Uint8Array)[]) => Promise<PublicDecryptResults>;
+    userDecrypt: (handles: HandleContractPair[], privateKey: string, publicKey: string, signature: string, contractAddresses: string[], userAddress: string, startTimestamp: string | number, durationDays: string | number) => Promise<UserDecryptResults>;
     getPublicKey: () => {
         publicKeyId: string;
         publicKey: Uint8Array;
@@ -166,8 +186,14 @@ export declare type HandleContractPair = {
     contractAddress: string;
 };
 
+export declare type PublicDecryptResults = {
+    clearValues: ClearValues;
+    abiEncodedClearValues: `0x${string}`;
+    decryptionProof: `0x${string}`;
+};
+
 export declare type PublicParams<T = TFHEType['CompactPkeCrs']> = {
-    [key in EncryptionTypes]?: {
+    2048: {
         publicParams: T;
         publicParamsId: string;
     };
@@ -182,7 +208,7 @@ export declare type RelayerEncryptedInput = {
     add128: (value: number | bigint) => RelayerEncryptedInput;
     add256: (value: number | bigint) => RelayerEncryptedInput;
     addAddress: (value: string) => RelayerEncryptedInput;
-    getBits: () => EncryptionTypes[];
+    getBits: () => EncryptionBits[];
     encrypt: (options?: {
         auth?: Auth;
     }) => Promise<{
@@ -204,4 +230,6 @@ export declare type TFHEType = {
     ZkComputeLoad: any;
 };
 
+export declare type UserDecryptResults = ClearValues;
+
 export { }