signet-protocol 0.1.0 → 1.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "signet-protocol",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "description": "Decentralised identity verification protocol for Nostr",
   "type": "module",
   "main": "./dist/index.js",
@@ -46,7 +46,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/forgesworn/signet-protocol.git"
+    "url": "https://github.com/forgesworn/signet.git"
   },
   "dependencies": {
     "@forgesworn/range-proof": "^2.0.0",
@@ -73,4 +73,4 @@
     "type": "lightning",
     "url": "lightning:thedonkey@strike.me"
   }
-}
+}

package/dist/key-derivation.d.ts

@@ -1,43 +0,0 @@
-/** Encode a 32-byte private key as an nsec bech32 string (NIP-19) */
-export declare function encodeNsec(privateKey: string): string;
-/** Encode a 32-byte public key as an npub bech32 string (NIP-19) */
-export declare function encodeNpub(publicKey: string): string;
-/** Decode an nsec bech32 string to private + public key hex (NIP-19) */
-export declare function decodeNsec(nsec: string): {
-    privateKey: string;
-    publicKey: string;
-};
-/** NIP-06 derivation path: m/44'/1237'/0'/0/0 */
-export declare const NIP06_DERIVATION_PATH = "m/44'/1237'/0'/0/0";
-/** Parse a BIP-32 derivation path into numeric indices.
- *  Retained for backwards compatibility — @scure/bip32 handles paths internally. */
-export declare function parsePath(path: string): number[];
-/** Derive a private key at the given BIP-32 path from a seed.
- *  Uses @scure/bip32 (audited BIP-32 implementation by paulmillr). */
-export declare function deriveKeyFromSeed(seed: Uint8Array, path: string): Uint8Array;
-/** Derive a Nostr keypair from a BIP-39 mnemonic using NIP-06 path.
- *
- *  SECURITY NOTE: Intermediate Uint8Arrays (seed, key bytes) are zeroed after use,
- *  but the returned hex strings are JS primitives and cannot be wiped from memory.
- *  This is a fundamental limitation of the JavaScript runtime. */
-export declare function deriveNostrKeyPair(mnemonic: string, passphrase?: string): {
-    privateKey: string;
-    publicKey: string;
-};
-/** Create a full Signet identity from a mnemonic.
- *
- * WARNING: The returned object contains the mnemonic alongside the private key.
- * Do not serialise, log, or persist this object without first removing the
- * mnemonic. The caller is responsible for discarding the mnemonic as quickly
- * as possible. Mnemonics must never be stored in plaintext (use crypto-store.ts). */
-export declare function createIdentityFromMnemonic(mnemonic: string, passphrase?: string): {
-    mnemonic: string;
-    privateKey: string;
-    publicKey: string;
-};
-/** Derive a child account keypair (e.g., for a child's account) at a given account index */
-export declare function deriveChildAccount(mnemonic: string, accountIndex: number, passphrase?: string): {
-    privateKey: string;
-    publicKey: string;
-};
-//# sourceMappingURL=key-derivation.d.ts.map

package/dist/key-derivation.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"key-derivation.d.ts","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":"AAsGA,qEAAqE;AACrE,wBAAgB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAKrD;AAED,oEAAoE;AACpE,wBAAgB,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAKpD;AAED,wEAAwE;AACxE,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAUlF;AAED,iDAAiD;AACjD,eAAO,MAAM,qBAAqB,uBAAuB,CAAC;AAQ1D;oFACoF;AACpF,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBhD;AAED;sEACsE;AACtE,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,UAAU,CAU5E;AAED;;;;kEAIkE;AAClE,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAa3C;AAED;;;;;qFAKqF;AACrF,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAG7D;AAED,4FAA4F;AAC5F,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAe3C"}

package/dist/key-derivation.js

@@ -1,212 +0,0 @@
-// NIP-06 Nostr Key Derivation & NIP-19 nsec/npub encoding
-// Derives Nostr keypairs from BIP-39 mnemonics via @scure/bip32
-// Also provides nsec/npub bech32 encoding (NIP-19)
-import { secp256k1 } from '@noble/curves/secp256k1';
-import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
-import { mnemonicToSeedSync } from '@scure/bip39';
-import { HDKey } from '@scure/bip32';
-import { zeroBytes } from './utils.js';
-import { SignetValidationError, SignetCryptoError } from './errors.js';
-// --- Bech32 encoding/decoding (BIP-173) for NIP-19 nsec/npub ---
-const BECH32_CHARSET = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l';
-function bech32Polymod(values) {
-    const GEN = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
-    let chk = 1;
-    for (const v of values) {
-        const b = chk >> 25;
-        chk = ((chk & 0x1ffffff) << 5) ^ v;
-        for (let i = 0; i < 5; i++) {
-            if ((b >> i) & 1)
-                chk ^= GEN[i];
-        }
-    }
-    return chk;
-}
-function bech32HrpExpand(hrp) {
-    const ret = [];
-    for (let i = 0; i < hrp.length; i++)
-        ret.push(hrp.charCodeAt(i) >> 5);
-    ret.push(0);
-    for (let i = 0; i < hrp.length; i++)
-        ret.push(hrp.charCodeAt(i) & 31);
-    return ret;
-}
-function bech32CreateChecksum(hrp, data) {
-    const values = bech32HrpExpand(hrp).concat(data).concat([0, 0, 0, 0, 0, 0]);
-    const polymod = bech32Polymod(values) ^ 1;
-    const ret = [];
-    for (let i = 0; i < 6; i++)
-        ret.push((polymod >> (5 * (5 - i))) & 31);
-    return ret;
-}
-function bech32VerifyChecksum(hrp, data) {
-    return bech32Polymod(bech32HrpExpand(hrp).concat(data)) === 1;
-}
-function bech32Encode(hrp, data) {
-    const checksum = bech32CreateChecksum(hrp, data);
-    const combined = data.concat(checksum);
-    let ret = hrp + '1';
-    for (const d of combined)
-        ret += BECH32_CHARSET[d];
-    return ret;
-}
-function bech32Decode(str) {
-    const lower = str.toLowerCase();
-    if (lower !== str && str.toUpperCase() !== str) {
-        throw new SignetValidationError('Mixed-case bech32 string');
-    }
-    const s = lower;
-    const pos = s.lastIndexOf('1');
-    if (pos < 1 || pos + 7 > s.length || s.length > 90) {
-        throw new SignetValidationError('Invalid bech32 string');
-    }
-    const hrp = s.slice(0, pos);
-    const dataChars = s.slice(pos + 1);
-    const data = [];
-    for (const c of dataChars) {
-        const idx = BECH32_CHARSET.indexOf(c);
-        if (idx === -1)
-            throw new SignetValidationError(`Invalid bech32 character: ${c}`);
-        data.push(idx);
-    }
-    if (!bech32VerifyChecksum(hrp, data)) {
-        throw new SignetValidationError('Invalid bech32 checksum');
-    }
-    return { hrp, data: data.slice(0, data.length - 6) };
-}
-function convertBits(data, fromBits, toBits, pad) {
-    let acc = 0;
-    let bits = 0;
-    const ret = [];
-    const maxv = (1 << toBits) - 1;
-    for (const value of data) {
-        if (value < 0 || value >> fromBits !== 0)
-            throw new SignetValidationError('Invalid value for convertBits');
-        acc = (acc << fromBits) | value;
-        bits += fromBits;
-        while (bits >= toBits) {
-            bits -= toBits;
-            ret.push((acc >> bits) & maxv);
-        }
-    }
-    if (pad) {
-        if (bits > 0)
-            ret.push((acc << (toBits - bits)) & maxv);
-    }
-    else if (bits >= fromBits || ((acc << (toBits - bits)) & maxv) !== 0) {
-        throw new SignetValidationError('Invalid padding in convertBits');
-    }
-    return ret;
-}
-/** Encode a 32-byte private key as an nsec bech32 string (NIP-19) */
-export function encodeNsec(privateKey) {
-    const bytes = hexToBytes(privateKey);
-    if (bytes.length !== 32)
-        throw new SignetValidationError('Private key must be 32 bytes');
-    const data5bit = convertBits(Array.from(bytes), 8, 5, true);
-    return bech32Encode('nsec', data5bit);
-}
-/** Encode a 32-byte public key as an npub bech32 string (NIP-19) */
-export function encodeNpub(publicKey) {
-    const bytes = hexToBytes(publicKey);
-    if (bytes.length !== 32)
-        throw new SignetValidationError('Public key must be 32 bytes');
-    const data5bit = convertBits(Array.from(bytes), 8, 5, true);
-    return bech32Encode('npub', data5bit);
-}
-/** Decode an nsec bech32 string to private + public key hex (NIP-19) */
-export function decodeNsec(nsec) {
-    const { hrp, data } = bech32Decode(nsec);
-    if (hrp !== 'nsec')
-        throw new SignetValidationError(`Expected nsec prefix, got ${hrp}`);
-    const bytes = convertBits(data, 5, 8, false);
-    if (bytes.length !== 32)
-        throw new SignetValidationError('Invalid nsec: decoded to wrong length');
-    const privateKey = bytesToHex(new Uint8Array(bytes));
-    // Derive x-only public key from private key
-    const fullPubkey = secp256k1.getPublicKey(new Uint8Array(bytes), true);
-    const publicKey = bytesToHex(fullPubkey.slice(1));
-    return { privateKey, publicKey };
-}
-/** NIP-06 derivation path: m/44'/1237'/0'/0/0 */
-export const NIP06_DERIVATION_PATH = "m/44'/1237'/0'/0/0";
-/** Maximum derivation path depth — prevents CPU-bound DoS on untrusted paths */
-const MAX_PATH_DEPTH = 10;
-/** Hardened offset for BIP-32 */
-const HARDENED_OFFSET = 0x80000000;
-/** Parse a BIP-32 derivation path into numeric indices.
- *  Retained for backwards compatibility — @scure/bip32 handles paths internally. */
-export function parsePath(path) {
-    if (!path.startsWith('m/')) {
-        throw new SignetValidationError('Derivation path must start with m/');
-    }
-    const segments = path.slice(2).split('/');
-    if (segments.length > MAX_PATH_DEPTH) {
-        throw new SignetValidationError(`Derivation path too deep: ${segments.length} levels (max ${MAX_PATH_DEPTH})`);
-    }
-    return segments
-        .map((segment) => {
-        const hardened = segment.endsWith("'") || segment.endsWith('h');
-        const index = parseInt(hardened ? segment.slice(0, -1) : segment, 10);
-        if (isNaN(index) || index < 0) {
-            throw new SignetValidationError(`Invalid path segment: ${segment}`);
-        }
-        return hardened ? index + HARDENED_OFFSET : index;
-    });
-}
-/** Derive a private key at the given BIP-32 path from a seed.
- *  Uses @scure/bip32 (audited BIP-32 implementation by paulmillr). */
-export function deriveKeyFromSeed(seed, path) {
-    // Validate path depth before delegating to @scure/bip32
-    parsePath(path);
-    const master = HDKey.fromMasterSeed(seed);
-    const child = master.derive(path);
-    if (!child.privateKey) {
-        throw new SignetCryptoError('Key derivation produced no private key');
-    }
-    // Return a copy — HDKey owns its internal buffer
-    return Uint8Array.from(child.privateKey);
-}
-/** Derive a Nostr keypair from a BIP-39 mnemonic using NIP-06 path.
- *
- *  SECURITY NOTE: Intermediate Uint8Arrays (seed, key bytes) are zeroed after use,
- *  but the returned hex strings are JS primitives and cannot be wiped from memory.
- *  This is a fundamental limitation of the JavaScript runtime. */
-export function deriveNostrKeyPair(mnemonic, passphrase) {
-    const seed = mnemonicToSeedSync(mnemonic, passphrase);
-    const privateKeyBytes = deriveKeyFromSeed(seed, NIP06_DERIVATION_PATH);
-    zeroBytes(seed);
-    const privateKey = bytesToHex(privateKeyBytes);
-    // x-only public key (BIP-340 / Nostr convention)
-    const fullPubkey = secp256k1.getPublicKey(privateKeyBytes, true); // 33 bytes compressed
-    // Drop the prefix byte to get x-only (32 bytes)
-    const publicKey = bytesToHex(fullPubkey.slice(1));
-    zeroBytes(privateKeyBytes);
-    return { privateKey, publicKey };
-}
-/** Create a full Signet identity from a mnemonic.
- *
- * WARNING: The returned object contains the mnemonic alongside the private key.
- * Do not serialise, log, or persist this object without first removing the
- * mnemonic. The caller is responsible for discarding the mnemonic as quickly
- * as possible. Mnemonics must never be stored in plaintext (use crypto-store.ts). */
-export function createIdentityFromMnemonic(mnemonic, passphrase) {
-    const { privateKey, publicKey } = deriveNostrKeyPair(mnemonic, passphrase);
-    return { mnemonic, privateKey, publicKey };
-}
-/** Derive a child account keypair (e.g., for a child's account) at a given account index */
-export function deriveChildAccount(mnemonic, accountIndex, passphrase) {
-    if (!Number.isSafeInteger(accountIndex) || accountIndex < 0 || accountIndex > 0x7fffffff) {
-        throw new SignetValidationError('accountIndex must be an integer in [0, 2^31 - 1]');
-    }
-    const seed = mnemonicToSeedSync(mnemonic, passphrase);
-    const path = `m/44'/1237'/${accountIndex}'/0/0`;
-    const privateKeyBytes = deriveKeyFromSeed(seed, path);
-    zeroBytes(seed);
-    const privateKey = bytesToHex(privateKeyBytes);
-    const fullPubkey = secp256k1.getPublicKey(privateKeyBytes, true);
-    const publicKey = bytesToHex(fullPubkey.slice(1));
-    zeroBytes(privateKeyBytes);
-    return { privateKey, publicKey };
-}
-//# sourceMappingURL=key-derivation.js.map

package/dist/key-derivation.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"key-derivation.js","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,gEAAgE;AAChE,mDAAmD;AAEnD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAEvE,kEAAkE;AAElE,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAE1D,SAAS,aAAa,CAAC,MAAgB;IACrC,MAAM,GAAG,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IACzE,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;QACpB,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC;gBAAE,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW,EAAE,IAAc;IACvD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAW,EAAE,IAAc;IACvD,OAAO,aAAa,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;AAChE,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,IAAc;IAC/C,MAAM,QAAQ,GAAG,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IACpB,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,GAAG,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC;IACnD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAChC,IAAI,KAAK,KAAK,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,GAAG,EAAE,CAAC;QAC/C,MAAM,IAAI,qBAAqB,CAAC,0BAA0B,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACnD,MAAM,IAAI,qBAAqB,CAAC,uBAAuB,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACtC,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,qBAAqB,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IACD,IAAI,CAAC,oBAAoB,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,qBAAqB,CAAC,yBAAyB,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,IAAc,EAAE,QAAgB,EAAE,MAAc,EAAE,GAAY;IACjF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/B,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QACzB,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,IAAI,QAAQ,KAAK,CAAC;YAAE,MAAM,IAAI,qBAAqB,CAAC,+BAA+B,CAAC,CAAC;QAC3G,GAAG,GAAG,CAAC,GAAG,IAAI,QAAQ,CAAC,GAAG,KAAK,CAAC;QAChC,IAAI,IAAI,QAAQ,CAAC;QACjB,OAAO,IAAI,IAAI,MAAM,EAAE,CAAC;YACtB,IAAI,IAAI,MAAM,CAAC;YACf,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IACD,IAAI,GAAG,EAAE,CAAC;QACR,IAAI,IAAI,GAAG,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1D,CAAC;SAAM,IAAI,IAAI,IAAI,QAAQ,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,qBAAqB,CAAC,gCAAgC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,UAAU,CAAC,UAAkB;IAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACrC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IACzF,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC5D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,qBAAqB,CAAC,6BAA6B,CAAC,CAAC;IACxF,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC;IAC5D,OAAO,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,UAAU,CAAC,IAAY;IACrC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACzC,IAAI,GAAG,KAAK,MAAM;QAAE,MAAM,IAAI,qBAAqB,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;IACxF,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;IAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAClG,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IACrD,4CAA4C;IAC5C,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAED,iDAAiD;AACjD,MAAM,CAAC,MAAM,qBAAqB,GAAG,oBAAoB,CAAC;AAE1D,gFAAgF;AAChF,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B,iCAAiC;AACjC,MAAM,eAAe,GAAG,UAAU,CAAC;AAEnC;oFACoF;AACpF,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,qBAAqB,CAAC,oCAAoC,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,QAAQ,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;QACrC,MAAM,IAAI,qBAAqB,CAAC,6BAA6B,QAAQ,CAAC,MAAM,gBAAgB,cAAc,GAAG,CAAC,CAAC;IACjH,CAAC;IACD,OAAO,QAAQ;SACZ,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACf,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACtE,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,qBAAqB,CAAC,yBAAyB,OAAO,EAAE,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC;IACpD,CAAC,CAAC,CAAC;AACP,CAAC;AAED;sEACsE;AACtE,MAAM,UAAU,iBAAiB,CAAC,IAAgB,EAAE,IAAY;IAC9D,wDAAwD;IACxD,SAAS,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,IAAI,iBAAiB,CAAC,wCAAwC,CAAC,CAAC;IACxE,CAAC;IACD,iDAAiD;IACjD,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;AAC3C,CAAC;AAED;;;;kEAIkE;AAClE,MAAM,UAAU,kBAAkB,CAChC,QAAgB,EAChB,UAAmB;IAEnB,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACtD,MAAM,eAAe,GAAG,iBAAiB,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACvE,SAAS,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,UAAU,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;IAE/C,iDAAiD;IACjD,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC,CAAC,sBAAsB;IACxF,gDAAgD;IAChD,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,SAAS,CAAC,eAAe,CAAC,CAAC;IAE3B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC;AAED;;;;;qFAKqF;AACrF,MAAM,UAAU,0BAA0B,CACxC,QAAgB,EAChB,UAAmB;IAEnB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC3E,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC7C,CAAC;AAED,4FAA4F;AAC5F,MAAM,UAAU,kBAAkB,CAChC,QAAgB,EAChB,YAAoB,EACpB,UAAmB;IAEnB,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,YAAY,GAAG,CAAC,IAAI,YAAY,GAAG,UAAU,EAAE,CAAC;QACzF,MAAM,IAAI,qBAAqB,CAAC,kDAAkD,CAAC,CAAC;IACtF,CAAC;IACD,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,eAAe,YAAY,OAAO,CAAC;IAChD,MAAM,eAAe,GAAG,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACtD,SAAS,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,UAAU,GAAG,UAAU,CAAC,eAAe,CAAC,CAAC;IAE/C,MAAM,UAAU,GAAG,SAAS,CAAC,YAAY,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,SAAS,CAAC,eAAe,CAAC,CAAC;IAE3B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACnC,CAAC"}

package/dist/shamir.d.ts

@@ -1,55 +0,0 @@
-/**
- * Shamir's Secret Sharing over GF(256).
- *
- * INTENTIONAL DUPLICATION: Dominion Protocol has its own GF(256) Shamir
- * implementation. The low-level maths is identical but the protocols serve
- * different purposes:
- *
- *   - Signet: splits identity keys across PEOPLE (guardian recovery).
- *     Shares are encoded as BIP-39 words for human exchange.
- *   - Dominion: splits content keys across MACHINES (warden relays).
- *     Shares are raw bytes for relay distribution.
- *
- * Coupling the protocols via a shared dependency is worse than ~100 lines
- * of duplicated arithmetic. GF(256) is stable and will never change.
- *
- * See: trott-business/docs/plans/2026-03-12-fathom-alpha-live-design.md
- */
-export interface ShamirShare {
-    id: number;
-    data: Uint8Array;
-}
-/** Addition in GF(256) is XOR */
-export declare function gf256Add(a: number, b: number): number;
-/** Multiplication in GF(256) using log/exp tables */
-export declare function gf256Mul(a: number, b: number): number;
-/** Multiplicative inverse in GF(256) */
-export declare function gf256Inv(a: number): number;
-/**
- * Split a secret into shares using Shamir's Secret Sharing over GF(256).
- *
- * @param secret    The secret bytes to split
- * @param threshold Minimum shares needed to reconstruct (>= 2)
- * @param shares    Total number of shares to create (>= threshold, <= 255)
- * @returns Array of ShamirShare objects
- */
-export declare function splitSecret(secret: Uint8Array, threshold: number, shares: number): ShamirShare[];
-/**
- * Reconstruct a secret from shares using Lagrange interpolation over GF(256).
- *
- * @param shares    Array of shares (at least `threshold` shares)
- * @param threshold The threshold used during splitting
- * @returns The reconstructed secret bytes
- */
-export declare function reconstructSecret(shares: ShamirShare[], threshold: number): Uint8Array;
-/**
- * Encode a share as BIP-39 words.
- * Prepends the share ID byte to the data, then converts to 11-bit groups.
- */
-export declare function shareToWords(share: ShamirShare): string[];
-/**
- * Decode BIP-39 words back to a share.
- * Reverses the encoding from shareToWords.
- */
-export declare function wordsToShare(words: string[]): ShamirShare;
-//# sourceMappingURL=shamir.d.ts.map

package/dist/shamir.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"shamir.d.ts","sourceRoot":"","sources":["../src/shamir.ts"],"names":[],"mappings":"AAQA;;;;;;;;;;;;;;;;GAgBG;AAMH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,UAAU,CAAC;CAClB;AAwCD,iCAAiC;AACjC,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAErD;AAED,qDAAqD;AACrD,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAGrD;AAED,wCAAwC;AACxC,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAG1C;AAkBD;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,UAAU,EAClB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,WAAW,EAAE,CAwCf;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,WAAW,EAAE,EACrB,SAAS,EAAE,MAAM,GAChB,UAAU,CAuDZ;AAMD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,EAAE,CA+BzD;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,WAAW,CAkDzD"}

package/dist/shamir.js

@@ -1,253 +0,0 @@
-// Shamir's Secret Sharing over GF(256)
-// Split secrets into threshold-of-n shares using polynomial interpolation
-import { randomBytes } from '@noble/hashes/utils';
-import { wordlist as BIP39_WORDLIST } from '@scure/bip39/wordlists/english.js';
-import { zeroBytes } from './utils.js';
-import { SignetValidationError, SignetCryptoError } from './errors.js';
-// ---------------------------------------------------------------------------
-// GF(256) Arithmetic — irreducible polynomial 0x11b (same as AES)
-// ---------------------------------------------------------------------------
-const IRREDUCIBLE = 0x11b;
-const GENERATOR = 0x03;
-/** Log table: log_g(i) for i in [0..255]. LOG[0] is unused. */
-const LOG = new Uint8Array(256);
-/** Exp table: g^i for i in [0..255]. EXP[255] wraps to EXP[0]. */
-const EXP = new Uint8Array(256);
-/** Carryless multiplication used only during table construction */
-function gf256MulSlow(a, b) {
-    let result = 0;
-    let aa = a;
-    let bb = b;
-    while (bb > 0) {
-        if (bb & 1)
-            result ^= aa;
-        aa <<= 1;
-        if (aa & 0x100)
-            aa ^= IRREDUCIBLE;
-        bb >>= 1;
-    }
-    return result;
-}
-// Build log/exp tables at module load time using generator 0x03
-{
-    let val = 1;
-    for (let i = 0; i < 255; i++) {
-        EXP[i] = val;
-        LOG[val] = i;
-        val = gf256MulSlow(val, GENERATOR);
-    }
-    // Wrap: makes modular indexing simpler
-    EXP[255] = EXP[0];
-}
-/** Addition in GF(256) is XOR */
-export function gf256Add(a, b) {
-    return a ^ b;
-}
-/** Multiplication in GF(256) using log/exp tables */
-export function gf256Mul(a, b) {
-    if (a === 0 || b === 0)
-        return 0;
-    return EXP[(LOG[a] + LOG[b]) % 255];
-}
-/** Multiplicative inverse in GF(256) */
-export function gf256Inv(a) {
-    if (a === 0)
-        throw new SignetCryptoError('No inverse for zero in GF(256)');
-    return EXP[(255 - LOG[a]) % 255];
-}
-// ---------------------------------------------------------------------------
-// Shamir's Secret Sharing
-// ---------------------------------------------------------------------------
-/**
- * Evaluate a polynomial at x in GF(256) using Horner's method.
- * coeffs[0] is the constant term (the secret byte).
- */
-function evalPoly(coeffs, x) {
-    let result = 0;
-    for (let i = coeffs.length - 1; i >= 0; i--) {
-        result = gf256Add(gf256Mul(result, x), coeffs[i]);
-    }
-    return result;
-}
-/**
- * Split a secret into shares using Shamir's Secret Sharing over GF(256).
- *
- * @param secret    The secret bytes to split
- * @param threshold Minimum shares needed to reconstruct (>= 2)
- * @param shares    Total number of shares to create (>= threshold, <= 255)
- * @returns Array of ShamirShare objects
- */
-export function splitSecret(secret, threshold, shares) {
-    if (threshold < 2) {
-        throw new SignetValidationError('Threshold must be at least 2');
-    }
-    if (shares < threshold) {
-        throw new SignetValidationError('Number of shares must be >= threshold');
-    }
-    if (shares > 255) {
-        throw new SignetValidationError('Number of shares must be <= 255');
-    }
-    const secretLen = secret.length;
-    const result = [];
-    // Initialize share data arrays
-    for (let i = 0; i < shares; i++) {
-        result.push({ id: i + 1, data: new Uint8Array(secretLen) });
-    }
-    // For each byte of the secret, build a random polynomial and evaluate
-    for (let byteIdx = 0; byteIdx < secretLen; byteIdx++) {
-        // coeffs[0] = secret byte, coeffs[1..threshold-1] = random
-        const coeffs = new Uint8Array(threshold);
-        coeffs[0] = secret[byteIdx];
-        const rand = randomBytes(threshold - 1);
-        for (let j = 1; j < threshold; j++) {
-            coeffs[j] = rand[j - 1];
-        }
-        // Evaluate at x = 1, 2, ..., shares
-        for (let i = 0; i < shares; i++) {
-            result[i].data[byteIdx] = evalPoly(coeffs, i + 1);
-        }
-        zeroBytes(coeffs);
-        zeroBytes(rand);
-    }
-    return result;
-}
-/**
- * Reconstruct a secret from shares using Lagrange interpolation over GF(256).
- *
- * @param shares    Array of shares (at least `threshold` shares)
- * @param threshold The threshold used during splitting
- * @returns The reconstructed secret bytes
- */
-export function reconstructSecret(shares, threshold) {
-    if (shares.length < threshold) {
-        throw new SignetValidationError(`Need at least ${threshold} shares, got ${shares.length}`);
-    }
-    // Use only the first `threshold` shares
-    const used = shares.slice(0, threshold);
-    // Validate no duplicate share IDs
-    const ids = new Set(used.map(s => s.id));
-    if (ids.size !== used.length) {
-        throw new SignetValidationError('Duplicate share IDs detected — each share must have a unique ID');
-    }
-    // Reject invalid share IDs: x must be in [1, 255] for GF(256)
-    for (const share of used) {
-        if (share.id === 0) {
-            throw new SignetValidationError('Invalid share ID: 0 is not a valid x-coordinate');
-        }
-        if (share.id > 255) {
-            throw new SignetValidationError('Invalid share ID: must be in [1, 255] for GF(256)');
-        }
-    }
-    const secretLen = used[0].data.length;
-    for (const share of used) {
-        if (share.data.length !== secretLen) {
-            throw new SignetValidationError('Inconsistent share lengths — shares may be from different secrets');
-        }
-    }
-    const result = new Uint8Array(secretLen);
-    // Lagrange interpolation at x = 0 for each byte position
-    for (let byteIdx = 0; byteIdx < secretLen; byteIdx++) {
-        let value = 0;
-        for (let i = 0; i < threshold; i++) {
-            const xi = used[i].id;
-            const yi = used[i].data[byteIdx];
-            // Lagrange basis l_i(0) = product of x_j / (x_i ^ x_j) for j != i
-            // In GF(256): subtraction = addition = XOR
-            let basis = 1;
-            for (let j = 0; j < threshold; j++) {
-                if (i === j)
-                    continue;
-                const xj = used[j].id;
-                basis = gf256Mul(basis, gf256Mul(xj, gf256Inv(gf256Add(xi, xj))));
-            }
-            value = gf256Add(value, gf256Mul(yi, basis));
-        }
-        result[byteIdx] = value;
-    }
-    return result;
-}
-// ---------------------------------------------------------------------------
-// BIP-39 Word Encoding
-// ---------------------------------------------------------------------------
-/**
- * Encode a share as BIP-39 words.
- * Prepends the share ID byte to the data, then converts to 11-bit groups.
- */
-export function shareToWords(share) {
-    // Prepend ID byte to data
-    const bytes = new Uint8Array(1 + share.data.length);
-    bytes[0] = share.id;
-    bytes.set(share.data, 1);
-    // Stream bytes into 11-bit word indices using Number (safe up to 53 bits)
-    // We extract words as soon as we have 11 bits, keeping accumulator small
-    const words = [];
-    let bits = 0;
-    let accumulator = 0;
-    for (const byte of bytes) {
-        // accumulator has at most 10 bits here (< 11), so (10 + 8 = 18) fits safely in 32-bit
-        accumulator = ((accumulator << 8) | byte) >>> 0; // >>> 0 ensures unsigned 32-bit
-        bits += 8;
-        while (bits >= 11) {
-            bits -= 11;
-            const index = (accumulator >>> bits) & 0x7ff;
-            words.push(BIP39_WORDLIST[index]);
-            accumulator &= (1 << bits) - 1; // clear extracted bits to keep accumulator small
-        }
-    }
-    // Pad remaining bits on the right to form a final 11-bit group
-    if (bits > 0) {
-        const index = ((accumulator << (11 - bits)) >>> 0) & 0x7ff;
-        words.push(BIP39_WORDLIST[index]);
-    }
-    return words;
-}
-/**
- * Decode BIP-39 words back to a share.
- * Reverses the encoding from shareToWords.
- */
-export function wordsToShare(words) {
-    if (words.length === 0)
-        throw new SignetValidationError('Cannot decode empty word list');
-    if (words.length > 256) {
-        throw new SignetValidationError('Word count exceeds maximum (256)');
-    }
-    // Convert words to 11-bit indices
-    const indices = [];
-    for (const word of words) {
-        const idx = BIP39_WORDLIST.indexOf(word.toLowerCase());
-        if (idx === -1)
-            throw new SignetValidationError(`Unknown BIP-39 word: "${word}"`);
-        indices.push(idx);
-    }
-    // Total bits encoded, and how many full bytes that represents
-    const totalBits = indices.length * 11;
-    const totalBytes = Math.floor(totalBits / 8);
-    // Stream 11-bit groups into bytes using safe unsigned arithmetic
-    let bits = 0;
-    let accumulator = 0;
-    const byteList = [];
-    for (const index of indices) {
-        // accumulator has at most 7 bits here (< 8), so (7 + 11 = 18) fits safely in 32-bit
-        accumulator = ((accumulator << 11) | index) >>> 0; // >>> 0 ensures unsigned 32-bit
-        bits += 11;
-        while (bits >= 8) {
-            bits -= 8;
-            byteList.push((accumulator >>> bits) & 0xff);
-            accumulator &= (1 << bits) - 1; // clear extracted bits
-        }
-    }
-    // Only take the expected number of full bytes (discard padding bits)
-    const usable = byteList.slice(0, totalBytes);
-    // Need at least 2 bytes: 1 ID + 1 data byte
-    if (usable.length < 2) {
-        throw new SignetValidationError('Word list too short — need at least 1 ID byte + 1 data byte');
-    }
-    // First byte is the share ID, rest is data
-    const id = usable[0];
-    if (id === 0) {
-        throw new SignetValidationError('Invalid share ID: 0 is not a valid x-coordinate for GF(256)');
-    }
-    const data = new Uint8Array(usable.slice(1));
-    return { id, data };
-}
-//# sourceMappingURL=shamir.js.map

package/dist/shamir.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"shamir.js","sourceRoot":"","sources":["../src/shamir.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,0EAA0E;AAE1E,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,QAAQ,IAAI,cAAc,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA6BvE,8EAA8E;AAC9E,kEAAkE;AAClE,8EAA8E;AAE9E,MAAM,WAAW,GAAG,KAAK,CAAC;AAC1B,MAAM,SAAS,GAAG,IAAI,CAAC;AAEvB,+DAA+D;AAC/D,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAChC,kEAAkE;AAClE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAEhC,mEAAmE;AACnE,SAAS,YAAY,CAAC,CAAS,EAAE,CAAS;IACxC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,EAAE,GAAG,CAAC,CAAC;IACX,IAAI,EAAE,GAAG,CAAC,CAAC;IACX,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QACd,IAAI,EAAE,GAAG,CAAC;YAAE,MAAM,IAAI,EAAE,CAAC;QACzB,EAAE,KAAK,CAAC,CAAC;QACT,IAAI,EAAE,GAAG,KAAK;YAAE,EAAE,IAAI,WAAW,CAAC;QAClC,EAAE,KAAK,CAAC,CAAC;IACX,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gEAAgE;AAChE,CAAC;IACC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QACb,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACb,GAAG,GAAG,YAAY,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACrC,CAAC;IACD,uCAAuC;IACvC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,iCAAiC;AACjC,MAAM,UAAU,QAAQ,CAAC,CAAS,EAAE,CAAS;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,qDAAqD;AACrD,MAAM,UAAU,QAAQ,CAAC,CAAS,EAAE,CAAS;IAC3C,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,wCAAwC;AACxC,MAAM,UAAU,QAAQ,CAAC,CAAS;IAChC,IAAI,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,iBAAiB,CAAC,gCAAgC,CAAC,CAAC;IAC3E,OAAO,GAAG,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E;;;GAGG;AACH,SAAS,QAAQ,CAAC,MAAkB,EAAE,CAAS;IAC7C,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CACzB,MAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,qBAAqB,CAAC,8BAA8B,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,MAAM,GAAG,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,qBAAqB,CAAC,uCAAuC,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QACjB,MAAM,IAAI,qBAAqB,CAAC,iCAAiC,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,MAAM,MAAM,GAAkB,EAAE,CAAC;IAEjC,+BAA+B;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChC,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,sEAAsE;IACtE,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC;QACrD,2DAA2D;QAC3D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;QACzC,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAE5B,MAAM,IAAI,GAAG,WAAW,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,CAAC;QAED,oCAAoC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,SAAS,CAAC,MAAM,CAAC,CAAC;QAClB,SAAS,CAAC,IAAI,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,MAAqB,EACrB,SAAiB;IAEjB,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,qBAAqB,CAAC,iBAAiB,SAAS,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,wCAAwC;IACxC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAExC,kCAAkC;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACzC,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAC7B,MAAM,IAAI,qBAAqB,CAAC,iEAAiE,CAAC,CAAC;IACrG,CAAC;IAED,8DAA8D;IAC9D,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,EAAE,KAAK,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,qBAAqB,CAAC,iDAAiD,CAAC,CAAC;QACrF,CAAC;QACD,IAAI,KAAK,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC;YACnB,MAAM,IAAI,qBAAqB,CAAC,mDAAmD,CAAC,CAAC;QACvF,CAAC;IACH,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;IACtC,KAAK,MAAM,KAAK,IAAI,IAAI,EAAE,CAAC;QACzB,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACpC,MAAM,IAAI,qBAAqB,CAAC,mEAAmE,CAAC,CAAC;QACvG,CAAC;IACH,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IAEzC,yDAAyD;IACzD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC;QACrD,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEjC,kEAAkE;YAClE,2CAA2C;YAC3C,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK,CAAC;oBAAE,SAAS;gBACtB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtB,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,CAAC;YAED,KAAK,GAAG,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC;IAC1B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,KAAkB;IAC7C,0BAA0B;IAC1B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC;IACpB,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAEzB,0EAA0E;IAC1E,yEAAyE;IACzE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,WAAW,GAAG,CAAC,CAAC;IAEpB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,sFAAsF;QACtF,WAAW,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gCAAgC;QACjF,IAAI,IAAI,CAAC,CAAC;QACV,OAAO,IAAI,IAAI,EAAE,EAAE,CAAC;YAClB,IAAI,IAAI,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;YAClC,WAAW,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,iDAAiD;QACnF,CAAC;IACH,CAAC;IAED,+DAA+D;IAC/D,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,KAAe;IAC1C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,qBAAqB,CAAC,+BAA+B,CAAC,CAAC;IACzF,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,qBAAqB,CAAC,kCAAkC,CAAC,CAAC;IACtE,CAAC;IAED,kCAAkC;IAClC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACvD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,qBAAqB,CAAC,yBAAyB,IAAI,GAAG,CAAC,CAAC;QAClF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IAED,8DAA8D;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAE7C,iEAAiE;IACjE,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,oFAAoF;QACpF,WAAW,GAAG,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,gCAAgC;QACnF,IAAI,IAAI,EAAE,CAAC;QACX,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,CAAC;YACV,QAAQ,CAAC,IAAI,CAAC,CAAC,WAAW,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;YAC7C,WAAW,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,uBAAuB;QACzD,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAE7C,4CAA4C;IAC5C,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,qBAAqB,CAAC,6DAA6D,CAAC,CAAC;IACjG,CAAC;IAED,2CAA2C;IAC3C,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,qBAAqB,CAAC,6DAA6D,CAAC,CAAC;IACjG,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAE7C,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACtB,CAAC"}