@zhoujun_aptos/octopus-ts-sdk-min 0.22.7 → 0.23.0

package/dist/common/index.d.ts

@@ -150,12 +150,46 @@ declare function keygen$3(schemeId?: number): DecryptionKey$1;
 declare function deriveEncryptionKey(dk: DecryptionKey$1): EncryptionKey$1;
 declare function encrypt$3(ek: EncryptionKey$1, msg: Uint8Array): Ciphertext$5;
 declare function encryptWithRandomness$2(ek: EncryptionKey$1, msg: Uint8Array, randomness: Uint8Array): Ciphertext$5;
-declare function decrypt$3(dk: DecryptionKey$1, ciphertext: Ciphertext$5): Uint8Array | undefined;
+declare function decrypt$2(dk: DecryptionKey$1, ciphertext: Ciphertext$5): Uint8Array | undefined;
 
 declare const index$5_SCHEME_SIMPLE_ELGAMAL_RISTRETTO255: typeof SCHEME_SIMPLE_ELGAMAL_RISTRETTO255;
 declare const index$5_deriveEncryptionKey: typeof deriveEncryptionKey;
 declare namespace index$5 {
-  export { Ciphertext$5 as Ciphertext, DecryptionKey$1 as DecryptionKey, EncryptionKey$1 as EncryptionKey, index$5_SCHEME_SIMPLE_ELGAMAL_RISTRETTO255 as SCHEME_SIMPLE_ELGAMAL_RISTRETTO255, decrypt$3 as decrypt, index$5_deriveEncryptionKey as deriveEncryptionKey, encrypt$3 as encrypt, encryptWithRandomness$2 as encryptWithRandomness, keygen$3 as keygen };
+  export { Ciphertext$5 as Ciphertext, DecryptionKey$1 as DecryptionKey, EncryptionKey$1 as EncryptionKey, index$5_SCHEME_SIMPLE_ELGAMAL_RISTRETTO255 as SCHEME_SIMPLE_ELGAMAL_RISTRETTO255, decrypt$2 as decrypt, index$5_deriveEncryptionKey as deriveEncryptionKey, encrypt$3 as encrypt, encryptWithRandomness$2 as encryptWithRandomness, keygen$3 as keygen };
+}
+
+declare class Result<T> {
+    isOk: boolean;
+    okValue?: T;
+    errValue?: any;
+    extra?: any;
+    private constructor();
+    static Ok<T>(args: {
+        value: T;
+        extra?: any;
+    }): Result<T>;
+    static Err<T>(args: {
+        error: any;
+        extra?: any;
+    }): Result<T>;
+    /**
+     * You write a closure that either returns a T or throws, and we wrap it to return a Result<T>.
+     * Your closure is also given an `extra` dictionary to record additional context.
+     */
+    static capture<T>({ task, recordsExecutionTimeMs }: {
+        task: (extra: Record<string, any>) => T;
+        recordsExecutionTimeMs: boolean;
+    }): Result<T>;
+    /**
+     * You write an async closure that either returns a T or throws, and we wrap it to return a Result<T>.
+     * Your closure is also given an `extra` dictionary to record additional context.
+     */
+    static captureAsync<T>({ task, recordsExecutionTimeMs }: {
+        task: (extra: Record<string, any>) => Promise<T>;
+        recordsExecutionTimeMs: boolean;
+    }): Promise<Result<T>>;
+    unwrapOrThrow(tothrow: any): T;
+    unwrapErrOrThrow(tothrow: any): any | undefined;
 }
 
 declare const SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK = 0;
@@ -208,8 +242,12 @@ declare function derivePublicKey(privateKey: MasterPrivateKey): MasterPublicKey;
 declare function encrypt$2(publicKey: MasterPublicKey, id: Uint8Array, plaintext: Uint8Array): Ciphertext$4;
 /** Do NOT use this, unless you are a maintainer. Use `encrypt` instead. */
 declare function encryptWithRandomness$1(publicKey: MasterPublicKey, id: Uint8Array, plaintext: Uint8Array, randomness: Uint8Array): Ciphertext$4;
+/** @deprecated Use tryExtract instead */
 declare function extract(privateKey: MasterPrivateKey, id: Uint8Array): IdentityPrivateKey;
-declare function decrypt$2(identityKey: IdentityPrivateKey, ciphertext: Ciphertext$4): Uint8Array | undefined;
+declare function tryExtract$1(privateKey: MasterPrivateKey, id: Uint8Array): Result<IdentityPrivateKey>;
+/** @deprecated Use tryDecrypt instead */
+declare function decrypt$1(identityKey: IdentityPrivateKey, ciphertext: Ciphertext$4): Uint8Array | undefined;
+declare function tryDecrypt$2(identityKey: IdentityPrivateKey, ciphertext: Ciphertext$4): Result<Uint8Array>;
 
 type index$4_IdentityPrivateKey = IdentityPrivateKey;
 declare const index$4_IdentityPrivateKey: typeof IdentityPrivateKey;
@@ -221,7 +259,7 @@ declare const index$4_SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK: typeof S
 declare const index$4_derivePublicKey: typeof derivePublicKey;
 declare const index$4_extract: typeof extract;
 declare namespace index$4 {
-  export { Ciphertext$4 as Ciphertext, index$4_IdentityPrivateKey as IdentityPrivateKey, index$4_MasterPrivateKey as MasterPrivateKey, index$4_MasterPublicKey as MasterPublicKey, index$4_SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK as SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK, decrypt$2 as decrypt, index$4_derivePublicKey as derivePublicKey, encrypt$2 as encrypt, encryptWithRandomness$1 as encryptWithRandomness, index$4_extract as extract, keygen$2 as keygen };
+  export { Ciphertext$4 as Ciphertext, index$4_IdentityPrivateKey as IdentityPrivateKey, index$4_MasterPrivateKey as MasterPrivateKey, index$4_MasterPublicKey as MasterPublicKey, index$4_SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK as SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK, decrypt$1 as decrypt, index$4_derivePublicKey as derivePublicKey, encrypt$2 as encrypt, encryptWithRandomness$1 as encryptWithRandomness, index$4_extract as extract, keygen$2 as keygen, tryDecrypt$2 as tryDecrypt, tryExtract$1 as tryExtract };
 }
 
 declare class SchnorrRistretto255SigningKey {
@@ -325,46 +363,17 @@ declare class Ciphertext$3 {
 declare function keygen(scheme?: number): Key;
 declare function encrypt$1(key: Key, plaintext: Uint8Array): Ciphertext$3;
 declare function encryptWithRandomness(key: Key, plaintext: Uint8Array, randomness: Uint8Array): Ciphertext$3;
-declare function decrypt$1(key: Key, ciphertext: Ciphertext$3): Uint8Array | undefined;
+/** @deprecated Use tryDecrypt instead */
+declare function decrypt(key: Key, ciphertext: Ciphertext$3): Uint8Array | undefined;
+declare function tryDecrypt$1(key: Key, ciphertext: Ciphertext$3): Result<Uint8Array>;
 
 type index$2_Key = Key;
 declare const index$2_Key: typeof Key;
+declare const index$2_decrypt: typeof decrypt;
 declare const index$2_encryptWithRandomness: typeof encryptWithRandomness;
 declare const index$2_keygen: typeof keygen;
 declare namespace index$2 {
-  export { Ciphertext$3 as Ciphertext, index$2_Key as Key, decrypt$1 as decrypt, encrypt$1 as encrypt, index$2_encryptWithRandomness as encryptWithRandomness, index$2_keygen as keygen };
-}
-
-declare class Result<T> {
-    isOk: boolean;
-    okValue?: T;
-    errValue?: any;
-    extra?: any;
-    private constructor();
-    static Ok<T>(args: {
-        value: T;
-        extra?: any;
-    }): Result<T>;
-    static Err<T>(args: {
-        error: any;
-        extra?: any;
-    }): Result<T>;
-    /**
-     * You write a closure that either returns a T or throws, and we wrap it to return a Result<T>.
-     * Your closure is also given an `extra` dictionary to record additional context.
-     */
-    static capture<T>({ task, recordsExecutionTimeMs }: {
-        task: (extra: Record<string, any>) => T;
-        recordsExecutionTimeMs: boolean;
-    }): Result<T>;
-    /**
-     * You write an async closure that either returns a T or throws, and we wrap it to return a Result<T>.
-     * Your closure is also given an `extra` dictionary to record additional context.
-     */
-    static captureAsync<T>({ task, recordsExecutionTimeMs }: {
-        task: (extra: Record<string, any>) => Promise<T>;
-        recordsExecutionTimeMs: boolean;
-    }): Promise<Result<T>>;
+  export { Ciphertext$3 as Ciphertext, index$2_Key as Key, index$2_decrypt as decrypt, encrypt$1 as encrypt, index$2_encryptWithRandomness as encryptWithRandomness, index$2_keygen as keygen, tryDecrypt$1 as tryDecrypt };
 }
 
 declare class WorkerConfig {
@@ -384,6 +393,7 @@ declare class WorkerConfig {
     toPrettyJson(): string;
 }
 declare function view(aptos: Aptos, worker: AccountAddress): Promise<WorkerConfig>;
+/** @deprecated Use getAsync instead */
 declare function get(workerEndpoint: string): Promise<WorkerConfig>;
 declare function getAsync(workerEndpoint: string): Promise<Result<WorkerConfig>>;
 declare function randWorker(): {
@@ -914,11 +924,11 @@ declare function encrypt({ committee, encryptionKey, contractId, domain, plainte
     fullDecryptionDomain: FullDecryptionDomain;
     ciphertext: Ciphertext;
 };
-declare function decrypt({ decryptionKey, ciphertext }: {
+declare function tryDecrypt({ decryptionKey, ciphertext }: {
     decryptionKey: DecryptionKey;
     ciphertext: Ciphertext;
-}): Uint8Array | undefined;
-declare function verifyAndExtract({ ibeMsk, committee, contractId, domain, proof }: {
+}): Result<Uint8Array>;
+declare function tryExtract({ ibeMsk, committee, contractId, domain, proof }: {
     ibeMsk: MasterPrivateKey;
     committee: Committee;
     contractId: ContractID;
@@ -940,11 +950,11 @@ type index_FullDecryptionDomain = FullDecryptionDomain;
 declare const index_FullDecryptionDomain: typeof FullDecryptionDomain;
 type index_ProofOfPermission = ProofOfPermission;
 declare const index_ProofOfPermission: typeof ProofOfPermission;
-declare const index_decrypt: typeof decrypt;
 declare const index_encrypt: typeof encrypt;
-declare const index_verifyAndExtract: typeof verifyAndExtract;
+declare const index_tryDecrypt: typeof tryDecrypt;
+declare const index_tryExtract: typeof tryExtract;
 declare namespace index {
-  export { index_Ciphertext as Ciphertext, index_Committee as Committee, index_ContractID as ContractID, index_DecryptionKey as DecryptionKey, index_EncryptionKey as EncryptionKey, index_FullDecryptionDomain as FullDecryptionDomain, index_ProofOfPermission as ProofOfPermission, index_decrypt as decrypt, index_encrypt as encrypt, index_verifyAndExtract as verifyAndExtract };
+  export { index_Ciphertext as Ciphertext, index_Committee as Committee, index_ContractID as ContractID, index_DecryptionKey as DecryptionKey, index_EncryptionKey as EncryptionKey, index_FullDecryptionDomain as FullDecryptionDomain, index_ProofOfPermission as ProofOfPermission, index_encrypt as encrypt, index_tryDecrypt as tryDecrypt, index_tryExtract as tryExtract };
 }
 
 declare const CONTRACT_ADDRESS_HEX: string;
@@ -998,4 +1008,4 @@ declare class WorkerTask {
     };
 }
 
-export { elgamal as ElGamal, index$5 as Enc, group as Group, index$4 as IBE, index$3 as Sig, silent_setup_encryption as SilentSetupEncryption, index$1 as SilentSetupEncryptionXChain, index$2 as Sym, index as ThresholdIbe, utils as Utils, worker_config as WorkerConfig, WorkerTask };
+export { elgamal as ElGamal, index$5 as Enc, group as Group, index$4 as IBE, Result, index$3 as Sig, silent_setup_encryption as SilentSetupEncryption, index$1 as SilentSetupEncryptionXChain, index$2 as Sym, index as ThresholdIbe, utils as Utils, worker_config as WorkerConfig, WorkerTask };

package/dist/common/index.js

@@ -34,6 +34,7 @@ __export(index_exports, {
   Enc: () => enc_exports,
   Group: () => group_exports,
   IBE: () => ibe_exports,
+  Result: () => Result,
   Sig: () => sig_exports,
   SilentSetupEncryption: () => silent_setup_encryption_exports,
   SilentSetupEncryptionXChain: () => silent_setup_encryption_xchain_exports,
@@ -752,7 +753,9 @@ __export(ibe_exports, {
   encrypt: () => encrypt4,
   encryptWithRandomness: () => encryptWithRandomness4,
   extract: () => extract2,
-  keygen: () => keygen4
+  keygen: () => keygen4,
+  tryDecrypt: () => tryDecrypt2,
+  tryExtract: () => tryExtract
 });
 var import_ts_sdk6 = require("@aptos-labs/ts-sdk");
 var import_utils9 = require("@noble/curves/abstract/utils");
@@ -761,6 +764,84 @@ var import_utils9 = require("@noble/curves/abstract/utils");
 var import_bls12_381 = require("@noble/curves/bls12-381");
 var import_utils6 = require("@noble/curves/utils");
 var import_utils7 = require("@noble/hashes/utils");
+
+// src/result.ts
+var Result = class _Result {
+  isOk;
+  okValue;
+  errValue;
+  extra;
+  constructor({ isOk, okValue, errValue, extra }) {
+    this.isOk = isOk;
+    this.okValue = okValue;
+    this.errValue = errValue;
+    this.extra = extra;
+  }
+  static Ok(args) {
+    return new _Result({ isOk: true, okValue: args.value, extra: args.extra });
+  }
+  static Err(args) {
+    return new _Result({ isOk: false, errValue: args.error, extra: args.extra });
+  }
+  /**
+   * You write a closure that either returns a T or throws, and we wrap it to return a Result<T>.
+   * Your closure is also given an `extra` dictionary to record additional context.
+   */
+  static capture({ task, recordsExecutionTimeMs = false }) {
+    const start = performance.now();
+    var extra = {};
+    var error;
+    var okValue;
+    try {
+      okValue = task(extra);
+    } catch (caught) {
+      error = caught;
+    } finally {
+      if (recordsExecutionTimeMs) {
+        extra["_sdk_execution_time_ms"] = performance.now() - start;
+      }
+      if (error !== void 0) {
+        return _Result.Err({ error, extra });
+      } else {
+        return _Result.Ok({ value: okValue, extra });
+      }
+    }
+  }
+  /**
+   * You write an async closure that either returns a T or throws, and we wrap it to return a Result<T>.
+   * Your closure is also given an `extra` dictionary to record additional context.
+   */
+  static async captureAsync({ task, recordsExecutionTimeMs = false }) {
+    var extra = {};
+    const start = performance.now();
+    var error;
+    var okValue;
+    try {
+      okValue = await task(extra);
+    } catch (caught) {
+      error = caught;
+    } finally {
+      if (recordsExecutionTimeMs) {
+        extra["_sdk_execution_time_ms"] = performance.now() - start;
+      }
+      if (error !== void 0) {
+        return _Result.Err({ error, extra });
+      } else {
+        return _Result.Ok({ value: okValue, extra });
+      }
+    }
+  }
+  unwrapOrThrow(tothrow) {
+    if (!this.isOk) throw tothrow;
+    return this.okValue;
+  }
+  unwrapErrOrThrow(tothrow) {
+    if (this.isOk) throw tothrow;
+    return this.errValue;
+  }
+};
+
+// src/ibe/otp_hmac_boneh_franklin_bls12381_short_pk.ts
 var DST_OTP = new TextEncoder().encode("BONEH_FRANKLIN_BLS12381_SHORT_PK/OTP");
 var DST_ID_HASH = new TextEncoder().encode("BONEH_FRANKLIN_BLS12381_SHORT_PK/HASH_ID_TO_CURVE");
 var DST_MAC = new TextEncoder().encode("BONEH_FRANKLIN_BLS12381_SHORT_PK/MAC");
@@ -894,6 +975,21 @@ function decrypt3(identityKey, ciphertext) {
   const plaintext = xorBytes(otp, ciphertext.symmetricCiph);
   return plaintext;
 }
+function tryDecrypt(identityKey, ciphertext) {
+  const task = (_extra) => {
+    const seedElementGt = import_bls12_381.bls12_381.pairing(ciphertext.c0, identityKey.privatePointG2);
+    const seed = bls12381GtReprNobleToAptos(import_bls12_381.bls12_381.fields.Fp12.toBytes(seedElementGt));
+    const macKey = kdf(seed, DST_MAC, 32);
+    const macAnother = hmac_sha3_256(macKey, ciphertext.symmetricCiph);
+    if ((0, import_utils7.bytesToHex)(ciphertext.mac) !== (0, import_utils7.bytesToHex)(macAnother)) {
+      throw "decryption failed";
+    }
+    const otp = kdf(seed, DST_OTP, ciphertext.symmetricCiph.length);
+    const plaintext = xorBytes(otp, ciphertext.symmetricCiph);
+    return plaintext;
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
+}
 
 // src/ibe/index.ts
 var SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK = 0;
@@ -1124,12 +1220,36 @@ function extract2(privateKey, id) {
   }
   throw new Error(`Unknown scheme: ${privateKey.scheme}`);
 }
+function tryExtract(privateKey, id) {
+  const task = (extra) => {
+    extra["scheme"] = privateKey.scheme;
+    if (privateKey.scheme == SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK) {
+      return new IdentityPrivateKey2(
+        SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK,
+        extract(privateKey.inner, id)
+      );
+    }
+    throw `unknown scheme`;
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
+}
 function decrypt4(identityKey, ciphertext) {
   if (identityKey.scheme == SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK) {
     return decrypt3(identityKey.inner, ciphertext.inner);
   }
   throw new Error(`Unknown scheme: ${identityKey.scheme}`);
 }
+function tryDecrypt2(identityKey, ciphertext) {
+  const task = (extra) => {
+    extra["scheme"] = identityKey.scheme;
+    if (identityKey.scheme == SCHEME_OTP_HAMC_BONEH_FRANKLIN_BLS12381_SHORT_PK) {
+      const innerResult = tryDecrypt(identityKey.inner, ciphertext.inner);
+      return innerResult.unwrapOrThrow("OtpHmacBonehFranklinBls12381ShortPK.tryDecrypt failed");
+    }
+    throw `unknown scheme`;
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
+}
 
 // src/sig/index.ts
 var sig_exports = {};
@@ -2196,7 +2316,8 @@ __export(sym_exports, {
   decrypt: () => decrypt6,
   encrypt: () => encrypt6,
   encryptWithRandomness: () => encryptWithRandomness6,
-  keygen: () => keygen8
+  keygen: () => keygen8,
+  tryDecrypt: () => tryDecrypt4
 });
 var import_ts_sdk10 = require("@aptos-labs/ts-sdk");
 var import_utils15 = require("@noble/curves/utils");
@@ -2297,6 +2418,16 @@ function decrypt5(key, ciphertext) {
     return void 0;
   }
 }
+function tryDecrypt3(key, ciphertext) {
+  const task = (_extra) => {
+    const gcmInstance = (0, import_aes.gcm)(key.inner, ciphertext.iv);
+    const encryptedData = new Uint8Array(ciphertext.ct.length + ciphertext.tag.length);
+    encryptedData.set(ciphertext.ct, 0);
+    encryptedData.set(ciphertext.tag, ciphertext.ct.length);
+    return gcmInstance.decrypt(encryptedData);
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
+}
 
 // src/sym/index.ts
 var SCHEME_AES256GCM = 0;
@@ -2406,6 +2537,17 @@ function decrypt6(key, ciphertext) {
   }
   throw new Error("Invalid scheme");
 }
+function tryDecrypt4(key, ciphertext) {
+  const task = (extra) => {
+    extra["scheme"] = key.scheme;
+    if (key.scheme === SCHEME_AES256GCM) {
+      const innerResult = tryDecrypt3(key.inner, ciphertext.inner);
+      return innerResult.unwrapOrThrow("AES256GCM decryption failed");
+    }
+    throw `unknown scheme`;
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
+}
 
 // src/worker_config.ts
 var worker_config_exports = {};
@@ -2418,76 +2560,6 @@ __export(worker_config_exports, {
 });
 var import_ts_sdk11 = require("@aptos-labs/ts-sdk");
 var import_utils16 = require("@noble/curves/utils");
-
-// src/result.ts
-var Result = class _Result {
-  isOk;
-  okValue;
-  errValue;
-  extra;
-  constructor({ isOk, okValue, errValue, extra }) {
-    this.isOk = isOk;
-    this.okValue = okValue;
-    this.errValue = errValue;
-    this.extra = extra;
-  }
-  static Ok(args) {
-    return new _Result({ isOk: true, okValue: args.value, extra: args.extra });
-  }
-  static Err(args) {
-    return new _Result({ isOk: false, errValue: args.error, extra: args.extra });
-  }
-  /**
-   * You write a closure that either returns a T or throws, and we wrap it to return a Result<T>.
-   * Your closure is also given an `extra` dictionary to record additional context.
-   */
-  static capture({ task, recordsExecutionTimeMs = false }) {
-    const start = performance.now();
-    var extra = {};
-    var error;
-    var okValue;
-    try {
-      okValue = task(extra);
-    } catch (caught) {
-      error = caught;
-    } finally {
-      if (recordsExecutionTimeMs) {
-        extra["_sdk_execution_time_ms"] = performance.now() - start;
-      }
-      if (error !== void 0) {
-        return _Result.Err({ error, extra });
-      } else {
-        return _Result.Ok({ value: okValue, extra });
-      }
-    }
-  }
-  /**
-   * You write an async closure that either returns a T or throws, and we wrap it to return a Result<T>.
-   * Your closure is also given an `extra` dictionary to record additional context.
-   */
-  static async captureAsync({ task, recordsExecutionTimeMs = false }) {
-    var extra = {};
-    const start = performance.now();
-    var error;
-    var okValue;
-    try {
-      okValue = await task(extra);
-    } catch (caught) {
-      error = caught;
-    } finally {
-      if (recordsExecutionTimeMs) {
-        extra["_sdk_execution_time_ms"] = performance.now() - start;
-      }
-      if (error !== void 0) {
-        return _Result.Err({ error, extra });
-      } else {
-        return _Result.Ok({ value: okValue, extra });
-      }
-    }
-  }
-};
-
-// src/worker_config.ts
 var WorkerConfig = class _WorkerConfig {
   expiryTimeMicrosecs;
   endpoint;
@@ -2615,9 +2687,9 @@ __export(threshold_ibe_exports, {
   EncryptionKey: () => EncryptionKey2,
   FullDecryptionDomain: () => FullDecryptionDomain,
   ProofOfPermission: () => ProofOfPermission3,
-  decrypt: () => decrypt7,
   encrypt: () => encrypt7,
-  verifyAndExtract: () => verifyAndExtract
+  tryDecrypt: () => tryDecrypt5,
+  tryExtract: () => tryExtract2
 });
 var import_ts_sdk14 = require("@aptos-labs/ts-sdk");
 var import_utils19 = require("@noble/hashes/utils");
@@ -3468,21 +3540,29 @@ function encrypt7({ committee, encryptionKey, contractId, domain, plaintext }) {
   const ibeCiphs = symmKeyShares.map((share, idx) => encrypt4(encryptionKey.ibeMpks[idx], fullDecryptionDomain.toBytes(), share.payload));
   return { fullDecryptionDomain, ciphertext: new Ciphertext7(symmCiph, ibeCiphs) };
 }
-function decrypt7({ decryptionKey, ciphertext }) {
-  if (decryptionKey.ibeDecryptionKeys.length !== ciphertext.ibeCiphs.length) {
-    throw new Error("decryptionKey.ibeDecryptionKeys.length !== ciphertext.ibeCiphs.length");
-  }
-  const symmKeyShares = ciphertext.ibeCiphs.map((ibeCiph, idx) => {
-    if (decryptionKey.ibeDecryptionKeys[idx] == null) return null;
-    const sharePayload = decrypt4(decryptionKey.ibeDecryptionKeys[idx], ibeCiph);
-    if (sharePayload == null) return null;
-    return new Share(idx + 1, sharePayload);
-  }).filter((share) => share != null);
-  const symmKeyBytes = combine(symmKeyShares);
-  const symmKey = Key2.fromBytes(symmKeyBytes);
-  return decrypt6(symmKey, ciphertext.aesCiph);
+function tryDecrypt5({ decryptionKey, ciphertext }) {
+  const task = (extra) => {
+    extra["numIbeDecryptionKeys"] = decryptionKey.ibeDecryptionKeys.length;
+    extra["numIbeCiphs"] = ciphertext.ibeCiphs.length;
+    if (decryptionKey.ibeDecryptionKeys.length !== ciphertext.ibeCiphs.length) {
+      throw "decryption key share count does not match ciphertext share count";
+    }
+    const unfilteredSymmKeyShares = ciphertext.ibeCiphs.map((ibeCiph, idx) => {
+      if (decryptionKey.ibeDecryptionKeys[idx] == null) return null;
+      const maybeSharePayload = tryDecrypt2(decryptionKey.ibeDecryptionKeys[idx], ibeCiph);
+      if (!maybeSharePayload.isOk) return null;
+      return new Share(idx + 1, maybeSharePayload.okValue);
+    });
+    extra["symmKeySharePresences"] = unfilteredSymmKeyShares.map((share) => share != null);
+    const symmKeyShares = unfilteredSymmKeyShares.filter((share) => share != null);
+    const symmKeyBytes = combine(symmKeyShares);
+    const symmKey = Key2.fromBytes(symmKeyBytes);
+    const symDecResult = tryDecrypt4(symmKey, ciphertext.aesCiph);
+    return symDecResult.unwrapOrThrow("symmetric decryption failed");
+  };
+  return Result.capture({ task, recordsExecutionTimeMs: true });
 }
-async function verifyAndExtract({ ibeMsk, committee, contractId, domain, proof }) {
+async function tryExtract2({ ibeMsk, committee, contractId, domain, proof }) {
   const task = async (extra) => {
     extra["contractIdScheme"] = contractId.scheme;
     extra["proofScheme"] = proof.scheme;
@@ -4603,6 +4683,7 @@ var RequestForDecryptionKey2 = class _RequestForDecryptionKey {
   Enc,
   Group,
   IBE,
+  Result,
   Sig,
   SilentSetupEncryption,
   SilentSetupEncryptionXChain,