hyper-multisig 1.0.2 → 1.0.4

package/index.js

@@ -27,7 +27,13 @@ const SignRequest = require('hypercore-signing-request')
 const Hyperdrive = require('hyperdrive')
 const z32 = require('z32')
 
-const MultisigUtil = require('./lib/util')
+const { getCoreKey, getManifest, getCoreInfo } = require('./lib/core')
+const { signCore, signDrive } = require('./lib/sign')
+const {
+  verifyCoreRequestable,
+  verifyCoreCommittable,
+  verifyCoreCommitted
+} = require('./lib/verify')
 
 class HyperMultisig {
   constructor(store, swarm) {
@@ -37,7 +43,7 @@ class HyperMultisig {
     this.swarm = swarm
   }
 
-  static getCoreKey = MultisigUtil.getCoreKey
+  static getCoreKey = getCoreKey
 
   /**
    * @param {string[]} publicKeys
@@ -45,7 +51,7 @@ class HyperMultisig {
    * @return {Promise<{ manifest: Manifest, key: Buffer, core: Hypercore }>}
    */
   async createCore(publicKeys, namespace, { quorum } = {}) {
-    const manifest = MultisigUtil.getManifest(publicKeys, namespace, { quorum })
+    const manifest = getManifest(publicKeys, namespace, { quorum })
     const core = this.store.get({ manifest })
     await core.ready()
     return { manifest, key: core.key, core }
@@ -80,9 +86,9 @@ class HyperMultisig {
       await srcCore.ready()
       this.swarm.join(srcCore.discoveryKey, { client: true, server: false })
 
-      if (!force) await MultisigUtil.verifyCoreRequestable(srcCore, length, { peerUpdateTimeout })
+      if (!force) await verifyCoreRequestable(srcCore, length, { peerUpdateTimeout })
 
-      const manifest = MultisigUtil.getManifest(publicKeys, namespace, { quorum })
+      const manifest = getManifest(publicKeys, namespace, { quorum })
       const request = await SignRequest.generate(srcCore, { manifest, length })
       return { manifest, request }
     })
@@ -104,7 +110,7 @@ class HyperMultisig {
 
       if (!force) {
         runner.emit('verify-db-requestable-start')
-        await MultisigUtil.verifyCoreRequestable(srcDrive.core, length, {
+        await verifyCoreRequestable(srcDrive.core, length, {
           peerUpdateTimeout,
           coreId: 'db'
         })
@@ -113,14 +119,14 @@ class HyperMultisig {
         const contentLength = await srcDrive.getBlobsLength(length)
 
         runner.emit('verify-blobs-requestable-start')
-        await MultisigUtil.verifyCoreRequestable(srcDrive.blobs.core, contentLength, {
+        await verifyCoreRequestable(srcDrive.blobs.core, contentLength, {
           peerUpdateTimeout,
           coreId: 'blobs'
         })
       }
 
       runner.emit('creating-drive')
-      const manifest = MultisigUtil.getManifest(publicKeys, namespace, { quorum })
+      const manifest = getManifest(publicKeys, namespace, { quorum })
       const request = await SignRequest.generateDrive(srcDrive, { manifest, length })
       return { manifest, request }
     })
@@ -152,7 +158,7 @@ class HyperMultisig {
 
       if (!force) {
         runner.emit('verify-committable-start', srcCore.key, core.key)
-        await MultisigUtil.verifyCoreCommittable(srcCore, core, length, {
+        await verifyCoreCommittable(srcCore, core, length, {
           skipTargetChecks,
           peerUpdateTimeout
         })
@@ -160,8 +166,8 @@ class HyperMultisig {
 
       const signResponses = []
       for (const response of responses) {
-        const res = cenc.decode(CoreSign.messages.Response, z32.decode(response))
-        await CoreSign.verify(response, request, z32.encode(res.publicKey))
+        const res = cenc.decode(CoreSign.Response, z32.decode(response))
+        await CoreSign.verify(z32.decode(response), z32.decode(request), res.publicKey)
         const publicKeyHex = res.publicKey.toString('hex')
         signResponses[publicKeyHex] = res
       }
@@ -177,19 +183,19 @@ class HyperMultisig {
       })
 
       runner.emit('commit-start')
-      const batch = await MultisigUtil.signCore(core, srcCore, signatures, {
+      const batch = await signCore(core, srcCore, signatures, {
         end: length,
         commit: !dryRun
       })
 
       if (!force && !dryRun) {
         runner.emit('verify-committed-start', core.key)
-        await MultisigUtil.verifyCoreCommitted(core, { minPeers: minFullCopies })
+        await verifyCoreCommitted(core, { minPeers: minFullCopies })
       }
 
       const result = {
-        destCore: await MultisigUtil.getCoreInfo(core),
-        srcCore: await MultisigUtil.getCoreInfo(srcCore),
+        destCore: await getCoreInfo(core),
+        srcCore: await getCoreInfo(srcCore),
         batch
       }
 
@@ -220,12 +226,12 @@ class HyperMultisig {
 
       if (!force) {
         runner.emit('verify-committable-start', srcDrive.db.core.key, core.key)
-        await MultisigUtil.verifyCoreCommittable(srcDrive.db.core, core, length, {
+        await verifyCoreCommittable(srcDrive.db.core, core, length, {
           skipTargetChecks,
           peerUpdateTimeout,
           coreId: 'db'
         })
-        await MultisigUtil.verifyCoreCommittable(srcDrive.blobs.core, blobsCore, blobsLength, {
+        await verifyCoreCommittable(srcDrive.blobs.core, blobsCore, blobsLength, {
           skipTargetChecks,
           peerUpdateTimeout,
           coreId: 'blobs'
@@ -234,8 +240,8 @@ class HyperMultisig {
 
       const signResponses = []
       for (const response of responses) {
-        const res = cenc.decode(CoreSign.messages.Response, z32.decode(response))
-        await CoreSign.verify(response, request, z32.encode(res.publicKey))
+        const res = cenc.decode(CoreSign.Response, z32.decode(response))
+        await CoreSign.verify(z32.decode(response), z32.decode(request), res.publicKey)
         const publicKeyHex = res.publicKey.toString('hex')
         signResponses[publicKeyHex] = res
       }
@@ -253,7 +259,7 @@ class HyperMultisig {
       const blobsSignatures = allSignatures.map((item) => item?.[1])
 
       runner.emit('commit-start')
-      const { batch, blobsBatch } = await MultisigUtil.signDrive(
+      const { batch, blobsBatch } = await signDrive(
         core,
         srcDrive.core,
         signatures,
@@ -265,19 +271,19 @@ class HyperMultisig {
 
       if (!force && !dryRun) {
         runner.emit('verify-committed-start', core.key)
-        await MultisigUtil.verifyCoreCommitted(core)
-        await MultisigUtil.verifyCoreCommitted(blobsCore)
+        await verifyCoreCommitted(core)
+        await verifyCoreCommitted(blobsCore)
       }
 
       const result = {
         db: {
-          destCore: await MultisigUtil.getCoreInfo(core),
-          srcCore: await MultisigUtil.getCoreInfo(srcDrive.core),
+          destCore: await getCoreInfo(core),
+          srcCore: await getCoreInfo(srcDrive.core),
           batch
         },
         blobs: {
-          destCore: await MultisigUtil.getCoreInfo(blobsCore),
-          srcCore: await MultisigUtil.getCoreInfo(srcDrive.blobs.core),
+          destCore: await getCoreInfo(blobsCore),
+          srcCore: await getCoreInfo(srcDrive.blobs.core),
           batch: blobsBatch
         }
       }

package/lib/core.js

@@ -0,0 +1,96 @@
+/**
+ * @typedef {{
+ *   version: number
+ *   hash: string
+ *   quorum: number
+ *   signers: Array<{
+ *     signature: string
+ *     publicKey: Buffer
+ *     namespace: Buffer
+ *   }>
+ * }} Manifest
+ * @typedef {{
+ *   key: string
+ *   length: number
+ *   treeHash: string
+ * }} CoreInfo
+ */
+
+const Hypercore = require('hypercore')
+const crypto = require('hypercore-crypto')
+const idEnc = require('hypercore-id-encoding')
+
+/**
+ * @param {string[]} publicKeys
+ * @param {string} namespace
+ * @param {{ quorum?: number }} [opts]
+ * @return {string}
+ */
+function getCoreKey(publicKeys, namespace, { quorum } = {}) {
+  const manifest = getManifest(publicKeys, namespace, { quorum })
+  return Hypercore.key(manifest)
+}
+
+/**
+ * @param {string[]} publicKeys
+ * @param {string} namespace
+ * @param {{ quorum?: number }} [opts]
+ * @return {Manifest}
+ */
+function getManifest(publicKeys, namespace, { quorum } = {}) {
+  if (!quorum) quorum = Math.floor(publicKeys.length / 2) + 1
+
+  return {
+    version: 1,
+    hash: 'blake2b',
+    quorum,
+    signers: publicKeys.map((publicKey) => ({
+      signature: 'ed25519',
+      publicKey: idEnc.decode(publicKey),
+      namespace: idEnc.decode(getNamespace(namespace))
+    }))
+  }
+}
+
+/**
+ * @param {string} namespace
+ * @return {string}
+ */
+function getNamespace(namespace) {
+  return idEnc.normalize(crypto.hash(Buffer.from(namespace)))
+}
+
+/**
+ * @param {Manifest} manifest
+ */
+function normalizeManifest(manifest) {
+  return {
+    ...manifest,
+    signers: manifest.signers.map((signer) => ({
+      ...signer,
+      publicKey: idEnc.normalize(signer.publicKey),
+      namespace: idEnc.normalize(signer.namespace)
+    }))
+  }
+}
+
+/**
+ * @param {Hypercore} core
+ * @return {Promise<{ key: string, length: number, treeHash: string }>}
+ */
+async function getCoreInfo(core) {
+  await core.ready()
+  return {
+    key: idEnc.normalize(core.key),
+    length: core.length,
+    treeHash: idEnc.normalize(await core.treeHash())
+  }
+}
+
+module.exports = {
+  getCoreKey,
+  getManifest,
+  getNamespace,
+  normalizeManifest,
+  getCoreInfo
+}

package/lib/sign.js

@@ -0,0 +1,130 @@
+/**
+ * @typedef {{
+ *   key: string
+ *   length: number
+ *   treeHash: string
+ * }} CoreInfo
+ */
+
+const { assemble, partialSignature } = require('hypercore/lib/multisig')
+
+const { getCoreInfo } = require('./core')
+
+/**
+ * @param {Hypercore} core
+ * @param {Hypercore} batch
+ * @param {Buffer[]} signatures
+ * @param {{
+ *   length?: number
+ *   start?: number
+ *   end?: number
+ *   commit?: boolean
+ * }} opts
+ * @return {Promise<CoreInfo>}
+ */
+async function signCore(core, fromCore, signatures, { length, start, end, commit } = {}) {
+  /** @type {Hypercore | null} */
+  let batch = null
+  try {
+    batch = await createUpdateBatch(core, fromCore, { start, end })
+    if (commit) {
+      await commitUpdateBatch(core, batch, signatures, { length })
+    }
+    const batchInfo = await getCoreInfo(batch)
+    return batchInfo
+  } finally {
+    if (batch) await batch.close()
+  }
+}
+
+/**
+ * @param {Hypercore} core
+ * @param {Hypercore} fromCore
+ * @param {Buffer[]} signatures
+ * @param {Hypercore} blobsCore
+ * @param {Hypercore} fromBlobsCore
+ * @param {Buffer[]} blobsSignatures
+ * @param {{
+ *   start?: number
+ *   end?: number
+ *   length?: number
+ *   blobsStart?: number
+ *   blobsEnd?: number
+ *   blobsLength?: number
+ *   commit?: boolean
+ * }} opts
+ * @return {Promise<{ batch: CoreInfo, blobsBatch: CoreInfo }>}
+ */
+async function signDrive(
+  core,
+  fromCore,
+  signatures,
+  blobsCore,
+  fromBlobsCore,
+  blobsSignatures,
+  { start, end, length, blobsStart, blobsEnd, blobsLength, commit } = {}
+) {
+  const blobsBatch = await signCore(blobsCore, fromBlobsCore, blobsSignatures, {
+    start: blobsStart,
+    end: blobsEnd,
+    length: blobsLength,
+    commit
+  })
+  const batch = await signCore(core, fromCore, signatures, {
+    start,
+    end,
+    length,
+    commit
+  })
+  return { batch, blobsBatch }
+}
+
+/**
+ * @param {Hypercore} core
+ * @param {Hypercore} fromCore
+ * @param {{ start?: number, end?: number }} opts
+ * @return {Promise<Hypercore>}
+ */
+async function createUpdateBatch(core, fromCore, { start, end } = {}) {
+  start = start ?? core.length
+  end = end ?? fromCore.length
+
+  const download = fromCore.download({ start, end })
+  await download.done()
+
+  /** @type {Hypercore} */
+  const batch = core.session({ name: 'batch', overwrite: true })
+  for (let idx = start; idx < end; idx += 1) {
+    await batch.append(await fromCore.get(idx))
+  }
+  return batch
+}
+
+/**
+ * @param {Hypercore} core
+ * @param {Hypercore} batch
+ * @param {Buffer[]} signatures
+ * @param {{ length?: number }} opts
+ */
+async function commitUpdateBatch(core, batch, signatures, { length } = {}) {
+  length = length || batch.length
+
+  const proofs = await Promise.all(
+    signatures.map(async (sig, idx) => {
+      if (!sig) return null
+      const proof = await partialSignature(batch, idx, length, length, sig) // idx is important here, must match with the signers index
+      return proof
+    })
+  )
+  const validProofs = proofs.filter(Boolean)
+  const multisig = assemble(validProofs)
+
+  await core.commit(batch, { signature: multisig, length })
+}
+
+module.exports = {
+  signCore,
+  signDrive,
+  createUpdateBatch,
+  commitUpdateBatch
+}

package/lib/verify.js

@@ -0,0 +1,136 @@
+const b4a = require('b4a')
+
+const MultisigError = require('./error')
+
+async function verifyCoreRequestable(
+  srcCore,
+  length,
+  { minPeers = 2, peerUpdateTimeout = 5000, coreId } = {}
+) {
+  await waitUntilCoreLength(srcCore, length, { timeout: peerUpdateTimeout })
+
+  if (length > srcCore.length) {
+    throw MultisigError.SOURCE_CORE_TOO_SMALL(length, { coreId })
+  }
+
+  await waitUntilSufficientPeers(srcCore, { minPeers, timeout: peerUpdateTimeout })
+
+  const nrSrcPeers = srcCore.peers.length
+  if (nrSrcPeers < minPeers) {
+    throw MultisigError.SOURCE_CORE_INSUFFICIENT_PEERS(nrSrcPeers, minPeers)
+  }
+
+  await waitUntilFullySeeded(srcCore, { minPeers, timeout: peerUpdateTimeout })
+
+  let srcFullCopies = 0
+  for (const p of srcCore.peers) {
+    if (p.remoteContiguousLength === srcCore.length) srcFullCopies++
+  }
+  if (srcFullCopies < minPeers) {
+    throw MultisigError.SOURCE_CORE_NOT_FULLY_SEEDED(srcFullCopies, minPeers, { coreId })
+  }
+}
+
+async function verifyCoreCommittable(
+  srcCore,
+  tgtCore,
+  length,
+  { minPeers = 2, skipTargetChecks = false, peerUpdateTimeout = 5000, coreId } = {}
+) {
+  await waitUntilCoreLength(srcCore, length, { timeout: peerUpdateTimeout })
+
+  if (length > srcCore.length) {
+    throw MultisigError.SOURCE_CORE_TOO_SMALL(length, { coreId })
+  }
+
+  // Either it corrupts the core, or it's a no-op (re-signing already signed data). There's no possible upside.
+  if (tgtCore.length > srcCore.length) {
+    throw MultisigError.TARGET_CORE_TOO_BIG()
+  }
+
+  await waitUntilSufficientPeers(srcCore, { minPeers, timeout: peerUpdateTimeout })
+
+  const nrSrcPeers = srcCore.peers.length
+  if (nrSrcPeers < minPeers) {
+    throw MultisigError.SOURCE_CORE_INSUFFICIENT_PEERS(nrSrcPeers, minPeers)
+  }
+
+  await waitUntilFullySeeded(srcCore, { minPeers, timeout: peerUpdateTimeout })
+
+  let srcFullCopies = 0
+  for (const p of srcCore.peers) {
+    if (p.remoteContiguousLength === srcCore.length) srcFullCopies++
+  }
+  if (srcFullCopies < minPeers) {
+    throw MultisigError.SOURCE_CORE_NOT_FULLY_SEEDED(srcFullCopies, minPeers, { coreId })
+  }
+
+  if (skipTargetChecks) {
+    // no checks on the target if it's the first commit
+    if (tgtCore.length > 0) throw MultisigError.TARGET_NOT_EMPTY()
+    return
+  }
+
+  await waitUntilSufficientPeers(tgtCore, { minPeers, timeout: peerUpdateTimeout })
+
+  const tgtPeers = tgtCore.peers.length
+  if (tgtPeers < minPeers) {
+    throw MultisigError.TARGET_CORE_INSUFFICIENT_PEERS(tgtPeers, minPeers, { coreId })
+  }
+
+  await waitUntilFullySeeded(tgtCore, { minPeers, timeout: peerUpdateTimeout })
+
+  let tgtFullCopies = 0
+  for (const p of tgtCore.peers) {
+    if (p.remoteContiguousLength === tgtCore.length) tgtFullCopies++
+  }
+  if (tgtFullCopies < minPeers) {
+    throw MultisigError.TARGET_CORE_NOT_FULLY_SEEDED(tgtFullCopies, minPeers, { coreId })
+  }
+
+  if (!b4a.equals(await tgtCore.treeHash(tgtCore.length), await srcCore.treeHash(tgtCore.length))) {
+    throw MultisigError.INCOMPATIBLE_SOURCE_AND_TARGET({ coreId })
+  }
+}
+
+async function verifyCoreCommitted(tgtCore, { minPeers = 2 } = {}) {
+  let tgtFullCopies = 0
+  for (const p of tgtCore.peers) {
+    if (p.remoteContiguousLength === tgtCore.length) tgtFullCopies++
+  }
+  if (tgtFullCopies < minPeers) {
+    await new Promise((resolve) => setTimeout(resolve, 100))
+    await verifyCoreCommitted(tgtCore, { minPeers })
+  }
+}
+
+async function waitUntilCoreLength(core, length, { timeout = 5000 } = {}) {
+  return await waitUntil(() => core.length >= length, { timeout })
+}
+
+async function waitUntilSufficientPeers(core, { minPeers = 2, timeout = 5000 } = {}) {
+  return await waitUntil(() => core.peers?.length >= minPeers, { timeout })
+}
+
+async function waitUntilFullySeeded(core, { minPeers = 2, timeout = 5000 } = {}) {
+  return await waitUntil(
+    () => core.peers?.filter((p) => p.remoteContiguousLength === core.length).length >= minPeers,
+    { timeout }
+  )
+}
+
+async function waitUntil(conditionFn, { timeout = 5000, interval = 100 } = {}) {
+  if (await conditionFn()) return true
+  if (timeout < 0) return false
+  await new Promise((resolve) => setTimeout(resolve, interval))
+  return waitUntil(conditionFn, { timeout: timeout - interval, interval })
+}
+
+module.exports = {
+  verifyCoreRequestable,
+  verifyCoreCommittable,
+  verifyCoreCommitted,
+  waitUntilCoreLength,
+  waitUntilSufficientPeers,
+  waitUntilFullySeeded
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hyper-multisig",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Multisig hypercore and hyperdrive",
   "main": "index.js",
   "files": [
@@ -20,7 +20,7 @@
     "hypercore": "^11.24.0",
     "hypercore-crypto": "^3.6.1",
     "hypercore-id-encoding": "^1.3.0",
-    "hypercore-sign": "^3.0.0",
+    "hypercore-sign": "^4.0.1",
     "hypercore-signing-request": "^4.0.2",
     "hyperdrive": "^13.2.1",
     "z32": "^1.1.0"

package/lib/util.js

@@ -1,346 +0,0 @@
-/**
- * @typedef {import('corestore')} Corestore
- * @typedef {import('hypercore/lib/download')} Download
- * @typedef {{
- *   version: number
- *   hash: string
- *   quorum: number
- *   signers: Array<{
- *     signature: string
- *     publicKey: Buffer
- *     namespace: Buffer
- *   }>
- * }} Manifest
- * @typedef {{
- *   key: string
- *   length: number
- *   treeHash: string
- * }} CoreInfo
- */
-
-const b4a = require('b4a')
-const Hypercore = require('hypercore')
-const { assemble, partialSignature } = require('hypercore/lib/multisig')
-const crypto = require('hypercore-crypto')
-const idEnc = require('hypercore-id-encoding')
-
-const MultisigError = require('./error')
-
-/**
- * @param {Hypercore} core
- * @param {Hypercore} batch
- * @param {Buffer[]} signatures
- * @param {{
- *   length?: number
- *   start?: number
- *   end?: number
- *   commit?: boolean
- * }} opts
- * @return {Promise<CoreInfo>}
- */
-async function signCore(core, fromCore, signatures, { length, start, end, commit } = {}) {
-  /** @type {Hypercore | null} */
-  let batch = null
-  try {
-    batch = await createUpdateBatch(core, fromCore, { start, end })
-    if (commit) {
-      await commitUpdateBatch(core, batch, signatures, { length })
-    }
-    const batchInfo = await getCoreInfo(batch)
-    return batchInfo
-  } finally {
-    if (batch) await batch.close()
-  }
-}
-
-/**
- * @param {Hypercore} core
- * @param {Hypercore} fromCore
- * @param {Buffer[]} signatures
- * @param {Hypercore} blobsCore
- * @param {Hypercore} fromBlobsCore
- * @param {Buffer[]} blobsSignatures
- * @param {{
- *   start?: number
- *   end?: number
- *   length?: number
- *   blobsStart?: number
- *   blobsEnd?: number
- *   blobsLength?: number
- *   commit?: boolean
- * }} opts
- * @return {Promise<{ batch: CoreInfo, blobsBatch: CoreInfo }>}
- */
-async function signDrive(
-  core,
-  fromCore,
-  signatures,
-  blobsCore,
-  fromBlobsCore,
-  blobsSignatures,
-  { start, end, length, blobsStart, blobsEnd, blobsLength, commit } = {}
-) {
-  const blobsBatch = await signCore(blobsCore, fromBlobsCore, blobsSignatures, {
-    start: blobsStart,
-    end: blobsEnd,
-    length: blobsLength,
-    commit
-  })
-  const batch = await signCore(core, fromCore, signatures, {
-    start,
-    end,
-    length,
-    commit
-  })
-  return { batch, blobsBatch }
-}
-
-/**
- * @param {Hypercore} core
- * @param {Hypercore} fromCore
- * @param {{ start?: number, end?: number }} opts
- * @return {Promise<Hypercore>}
- */
-async function createUpdateBatch(core, fromCore, { start, end } = {}) {
-  start = start ?? core.length
-  end = end ?? fromCore.length
-
-  const download = fromCore.download({ start, end })
-  await download.done()
-
-  /** @type {Hypercore} */
-  const batch = core.session({ name: 'batch', overwrite: true })
-  for (let idx = start; idx < end; idx += 1) {
-    await batch.append(await fromCore.get(idx))
-  }
-  return batch
-}
-
-/**
- * @param {Hypercore} core
- * @param {Hypercore} batch
- * @param {Buffer[]} signatures
- * @param {{ length?: number }} opts
- */
-async function commitUpdateBatch(core, batch, signatures, { length } = {}) {
-  length = length || batch.length
-
-  const proofs = await Promise.all(
-    signatures.map(async (sig, idx) => {
-      if (!sig) return null
-      const proof = await partialSignature(batch, idx, length, length, sig) // idx is important here, must match with the signers index
-      return proof
-    })
-  )
-  const validProofs = proofs.filter(Boolean)
-  const multisig = assemble(validProofs)
-
-  await core.commit(batch, { signature: multisig, length })
-}
-
-/**
- * @param {string[]} publicKeys
- * @param {string} namespace
- * @return {string}
- */
-function getCoreKey(publicKeys, namespace) {
-  const manifest = getManifest(publicKeys, namespace)
-  return Hypercore.key(manifest)
-}
-
-/**
- * @param {string[]} publicKeys
- * @param {string} namespace
- * @return {Manifest}
- */
-function getManifest(publicKeys, namespace, { quorum } = {}) {
-  if (!quorum) quorum = Math.floor(publicKeys.length / 2) + 1
-
-  return {
-    version: 1,
-    hash: 'blake2b',
-    quorum,
-    signers: publicKeys.map((publicKey) => ({
-      signature: 'ed25519',
-      publicKey: idEnc.decode(publicKey),
-      namespace: idEnc.decode(getNamespace(namespace))
-    }))
-  }
-}
-
-/**
- * @param {string} namespace
- * @return {string}
- */
-function getNamespace(namespace) {
-  return idEnc.normalize(crypto.hash(Buffer.from(namespace)))
-}
-
-/**
- * @param {Manifest} manifest
- */
-function normalizeManifest(manifest) {
-  return {
-    ...manifest,
-    signers: manifest.signers.map((signer) => ({
-      ...signer,
-      publicKey: idEnc.normalize(signer.publicKey),
-      namespace: idEnc.normalize(signer.namespace)
-    }))
-  }
-}
-
-/**
- * @param {Hypercore} core
- * @return {Promise<{ key: string, length: number, treeHash: string }>}
- */
-async function getCoreInfo(core) {
-  await core.ready()
-  return {
-    key: idEnc.normalize(core.key),
-    length: core.length,
-    treeHash: idEnc.normalize(await core.treeHash())
-  }
-}
-
-async function verifyCoreRequestable(
-  srcCore,
-  length,
-  { minPeers = 2, peerUpdateTimeout = 5000, coreId } = {}
-) {
-  await waitUntilCoreLength(srcCore, length, { timeout: peerUpdateTimeout })
-
-  if (length > srcCore.length) {
-    throw MultisigError.SOURCE_CORE_TOO_SMALL(length, { coreId })
-  }
-
-  await waitUntilSufficientPeers(srcCore, { minPeers, timeout: peerUpdateTimeout })
-
-  const nrSrcPeers = srcCore.peers.length
-  if (nrSrcPeers < minPeers) {
-    throw MultisigError.SOURCE_CORE_INSUFFICIENT_PEERS(nrSrcPeers, minPeers)
-  }
-
-  await waitUntilFullySeeded(srcCore, { minPeers, timeout: peerUpdateTimeout })
-
-  let srcFullCopies = 0
-  for (const p of srcCore.peers) {
-    if (p.remoteContiguousLength === srcCore.length) srcFullCopies++
-  }
-  if (srcFullCopies < minPeers) {
-    throw MultisigError.SOURCE_CORE_NOT_FULLY_SEEDED(srcFullCopies, minPeers, { coreId })
-  }
-}
-
-async function verifyCoreCommittable(
-  srcCore,
-  tgtCore,
-  length,
-  { minPeers = 2, skipTargetChecks = false, peerUpdateTimeout = 5000, coreId } = {}
-) {
-  await waitUntilCoreLength(srcCore, length, { timeout: peerUpdateTimeout })
-
-  if (length > srcCore.length) {
-    throw MultisigError.SOURCE_CORE_TOO_SMALL(length, { coreId })
-  }
-
-  // Either it corrupts the core, or it's a no-op (re-signing already signed data). There's no possible upside.
-  if (tgtCore.length > srcCore.length) {
-    throw MultisigError.TARGET_CORE_TOO_BIG()
-  }
-
-  await waitUntilSufficientPeers(srcCore, { minPeers, timeout: peerUpdateTimeout })
-
-  const nrSrcPeers = srcCore.peers.length
-  if (nrSrcPeers < minPeers) {
-    throw MultisigError.SOURCE_CORE_INSUFFICIENT_PEERS(nrSrcPeers, minPeers)
-  }
-
-  await waitUntilFullySeeded(srcCore, { minPeers, timeout: peerUpdateTimeout })
-
-  let srcFullCopies = 0
-  for (const p of srcCore.peers) {
-    if (p.remoteContiguousLength === srcCore.length) srcFullCopies++
-  }
-  if (srcFullCopies < minPeers) {
-    throw MultisigError.SOURCE_CORE_NOT_FULLY_SEEDED(srcFullCopies, minPeers, { coreId })
-  }
-
-  if (skipTargetChecks) {
-    // no checks on the target if it's the first commit
-    if (tgtCore.length > 0) throw MultisigError.TARGET_NOT_EMPTY()
-    return
-  }
-
-  await waitUntilSufficientPeers(tgtCore, { minPeers, timeout: peerUpdateTimeout })
-
-  const tgtPeers = tgtCore.peers.length
-  if (tgtPeers < minPeers) {
-    throw MultisigError.TARGET_CORE_INSUFFICIENT_PEERS(tgtPeers, minPeers, { coreId })
-  }
-
-  await waitUntilFullySeeded(tgtCore, { minPeers, timeout: peerUpdateTimeout })
-
-  let tgtFullCopies = 0
-  for (const p of tgtCore.peers) {
-    if (p.remoteContiguousLength === tgtCore.length) tgtFullCopies++
-  }
-  if (tgtFullCopies < minPeers) {
-    throw MultisigError.TARGET_CORE_NOT_FULLY_SEEDED(tgtFullCopies, minPeers, { coreId })
-  }
-
-  if (!b4a.equals(await tgtCore.treeHash(tgtCore.length), await srcCore.treeHash(tgtCore.length))) {
-    throw MultisigError.INCOMPATIBLE_SOURCE_AND_TARGET({ coreId })
-  }
-}
-
-async function verifyCoreCommitted(tgtCore, { minPeers = 2 } = {}) {
-  let tgtFullCopies = 0
-  for (const p of tgtCore.peers) {
-    if (p.remoteContiguousLength === tgtCore.length) tgtFullCopies++
-  }
-  if (tgtFullCopies < minPeers) {
-    await new Promise((resolve) => setTimeout(resolve, 100))
-    await verifyCoreCommitted(tgtCore, { minPeers })
-  }
-}
-
-async function waitUntilCoreLength(core, length, { timeout = 5000 } = {}) {
-  return await waitUntil(() => core.length >= length, { timeout })
-}
-
-async function waitUntilSufficientPeers(core, { minPeers = 2, timeout = 5000 } = {}) {
-  return await waitUntil(() => core.peers?.length >= minPeers, { timeout })
-}
-
-async function waitUntilFullySeeded(core, { minPeers = 2, timeout = 5000 } = {}) {
-  return await waitUntil(
-    () => core.peers?.filter((p) => p.remoteContiguousLength === core.length).length >= minPeers,
-    { timeout }
-  )
-}
-
-async function waitUntil(conditionFn, { timeout = 5000, interval = 100 } = {}) {
-  if (await conditionFn()) return true
-  if (timeout < 0) return false
-  await new Promise((resolve) => setTimeout(resolve, interval))
-  return waitUntil(conditionFn, { timeout: timeout - interval, interval })
-}
-
-module.exports = {
-  signCore,
-  signDrive,
-  createUpdateBatch,
-  commitUpdateBatch,
-  getCoreKey,
-  getManifest,
-  getNamespace,
-  normalizeManifest,
-  getCoreInfo,
-  verifyCoreRequestable,
-  verifyCoreCommittable,
-  verifyCoreCommitted,
-  waitUntilCoreLength,
-  waitUntilSufficientPeers,
-  waitUntilFullySeeded
-}