nucypher · piotr-roslaniec · Jun 27, 2023 · Jun 19, 2023 · Jun 27, 2023 · Jun 27, 2023
diff --git a/abi/Coordinator.json b/abi/Coordinator.json
diff --git a/package.json b/package.json
@@ -52,7 +52,7 @@
  "prebuild": "yarn typechain"
  },
  "dependencies": {
- "@nucypher/nucypher-core": "^0.9.0",
+ "@nucypher/nucypher-core": "^0.10.0",
  "axios": "^0.21.1",
  "deep-equal": "^2.2.1",
  "ethers": "^5.4.1",

diff --git a/src/agents/contracts.ts b/src/agents/contracts.ts
@@ -12,7 +12,7 @@ const POLYGON: Contracts = {
 
 const MUMBAI: Contracts = {
  SUBSCRIPTION_MANAGER: '0xb9015d7b35ce7c81dde38ef7136baa3b1044f313',
- COORDINATOR: undefined,
+ COORDINATOR: '0x0f019Ade1D34399D946CF2f161386362655Dd1A4',
 };
 
 const GOERLI: Contracts = {

diff --git a/src/agents/coordinator.ts b/src/agents/coordinator.ts
@@ -1,10 +1,12 @@
+import { SessionStaticKey } from '@nucypher/nucypher-core';
 import { ethers } from 'ethers';
 
 import {
  Coordinator,
  Coordinator__factory,
 } from '../../types/ethers-contracts';
 import { BLS12381 } from '../../types/ethers-contracts/Coordinator';
+import { fromHexString } from '../utils';
 
 import { getContract } from './contracts';
 
@@ -19,26 +21,37 @@ export interface CoordinatorRitual {
  aggregatedTranscript: string;
 }
 
-export type DkgParticipant = Coordinator.ParticipantStructOutput;
+export type DkgParticipant = {
+ provider: string;
+ aggregated: boolean;
+ decryptionRequestStaticKey: SessionStaticKey;
+};
 
 export class DkgCoordinatorAgent {
  public static async getParticipants(
  provider: ethers.providers.Provider,
  ritualId: number
  ): Promise<DkgParticipant[]> {
  const Coordinator = await this.connectReadOnly(provider);
- // TODO: Remove `as unknown` cast after regenerating the contract types: https://github.com/nucypher/nucypher-contracts/pull/77
- return (await Coordinator.getParticipants(
- ritualId
- )) as unknown as DkgParticipant[];
+ const participants = await Coordinator.getParticipants(ritualId);
+
+ return participants.map((participant) => {
+ return {
+ provider: participant.provider,
+ aggregated: participant.aggregated,
+ decryptionRequestStaticKey: SessionStaticKey.fromBytes(
+ fromHexString(participant.decryptionRequestStaticKey)
+ ),
+ };
+ });
  }
 
  public static async getRitual(
  provider: ethers.providers.Provider,
  ritualId: number
  ): Promise<CoordinatorRitual> {
  const Coordinator = await this.connectReadOnly(provider);
- return await Coordinator.rituals(ritualId);
+ return Coordinator.rituals(ritualId);
  }
 
  private static async connectReadOnly(provider: ethers.providers.Provider) {

diff --git a/src/characters/cbd-recipient.ts b/src/characters/cbd-recipient.ts
@@ -4,11 +4,9 @@ import {
  DecryptionSharePrecomputed,
  DecryptionShareSimple,
  decryptWithSharedSecret,
- DkgPublicParameters,
  EncryptedThresholdDecryptionRequest,
  EncryptedThresholdDecryptionResponse,
  SessionSharedSecret,
- SessionStaticKey,
  SessionStaticSecret,
  ThresholdDecryptionRequest,
 } from '@nucypher/nucypher-core';
@@ -18,17 +16,17 @@ import { DkgCoordinatorAgent, DkgParticipant } from '../agents/coordinator';
 import { ConditionExpression } from '../conditions';
 import {
  DkgRitual,
+ FerveoVariant,
  getCombineDecryptionSharesFunction,
  getVariantClass,
 } from '../dkg';
-import { fromHexString, fromJSON, toJSON } from '../utils';
+import { fromJSON, toJSON } from '../utils';
 
 import { Porter } from './porter';
 
 export type CbdTDecDecrypterJSON = {
  porterUri: string;
  ritualId: number;
- dkgPublicParams: Uint8Array;
  threshold: number;
 };
 
@@ -38,27 +36,24 @@ export class CbdTDecDecrypter {
  private constructor(
  private readonly porter: Porter,
  private readonly ritualId: number,
- private readonly dkgPublicParams: DkgPublicParameters,
  private readonly threshold: number
  ) {}
 
  public static create(porterUri: string, dkgRitual: DkgRitual) {
  return new CbdTDecDecrypter(
  new Porter(porterUri),
  dkgRitual.id,
- dkgRitual.dkgPublicParams,
  dkgRitual.threshold
  );
  }
 
- // Retrieve and decrypt ciphertext using provider and condition set
+ // Retrieve and decrypt ciphertext using provider and condition expression
  public async retrieveAndDecrypt(
  provider: ethers.providers.Web3Provider,
  conditionExpr: ConditionExpression,
- variant: number,
- ciphertext: Ciphertext,
- aad: Uint8Array
- ): Promise<readonly Uint8Array[]> {
+ variant: FerveoVariant,
+ ciphertext: Ciphertext
+ ): Promise<Uint8Array> {
  const decryptionShares = await this.retrieve(
  provider,
  conditionExpr,
@@ -69,14 +64,11 @@ export class CbdTDecDecrypter {
  const combineDecryptionSharesFn =
  getCombineDecryptionSharesFunction(variant);
  const sharedSecret = combineDecryptionSharesFn(decryptionShares);
-
- const plaintext = decryptWithSharedSecret(
+ return decryptWithSharedSecret(
  ciphertext,
- aad,
- sharedSecret,
- this.dkgPublicParams
+ conditionExpr.asAad(),
+ sharedSecret
  );
- return [plaintext];
  }
 
  // Retrieve decryption shares
@@ -90,21 +82,25 @@ export class CbdTDecDecrypter {
  provider,
  this.ritualId
  );
+ // We only need the `threshold` participants
+ const sufficientDkgParticipants = dkgParticipants.slice(0, this.threshold);
  const contextStr = await conditionExpr.buildContext(provider).toJson();
  const { sharedSecrets, encryptedRequests } = this.makeDecryptionRequests(
  this.ritualId,
  variant,
  ciphertext,
  conditionExpr,
  contextStr,
- dkgParticipants
+ sufficientDkgParticipants
  );
 
  const { encryptedResponses, errors } = await this.porter.cbdDecrypt(
  encryptedRequests,
  this.threshold
  );
+
  // TODO: How many errors are acceptable? Less than (threshold - shares)?
+ // TODO: If Porter accepts only `threshold` decryption requests, then we may not have any errors
  if (Object.keys(errors).length > 0) {
  throw new Error(
  `CBD decryption failed with errors: ${JSON.stringify(errors)}`
@@ -124,9 +120,14 @@ export class CbdTDecDecrypter {
  variant: number,
  expectedRitualId: number
  ) {
- const decryptedResponses = Object.entries(encryptedResponses).map(
- ([ursula, encryptedResponse]) =>
- encryptedResponse.decrypt(sessionSharedSecret[ursula])
+ const decryptedResponses = Object.entries(sessionSharedSecret).map(
+ ([ursula, sharedSecret]) => {
+ const encryptedResponse = encryptedResponses[ursula];
+ if (!encryptedResponse) {
+ throw new Error(`Missing encrypted response from ${ursula}`);
+ }
+ return encryptedResponse.decrypt(sharedSecret);
+ }
  );
 
  const ritualIds = decryptedResponses.map(({ ritualId }) => ritualId);
@@ -171,10 +172,9 @@ export class CbdTDecDecrypter {
  const sharedSecrets: Record<string, SessionSharedSecret> =
  Object.fromEntries(
  dkgParticipants.map(({ provider, decryptionRequestStaticKey }) => {
- const decKey = SessionStaticKey.fromBytes(
- fromHexString(decryptionRequestStaticKey)
+ const sharedSecret = ephemeralSessionKey.deriveSharedSecret(
+ decryptionRequestStaticKey
  );
- const sharedSecret = ephemeralSessionKey.deriveSharedSecret(decKey);
  return [provider, sharedSecret];
  })
  );
@@ -205,7 +205,6 @@ export class CbdTDecDecrypter {
  return {
  porterUri: this.porter.porterUrl.toString(),
  ritualId: this.ritualId,
- dkgPublicParams: this.dkgPublicParams.toBytes(),
  threshold: this.threshold,
  };
  }
@@ -217,15 +216,9 @@ export class CbdTDecDecrypter {
  public static fromObj({
  porterUri,
  ritualId,
- dkgPublicParams,
  threshold,
  }: CbdTDecDecrypterJSON) {
- return new CbdTDecDecrypter(
- new Porter(porterUri),
- ritualId,
- DkgPublicParameters.fromBytes(dkgPublicParams),
- threshold
- );
+ return new CbdTDecDecrypter(new Porter(porterUri), ritualId, threshold);
  }
 
  public static fromJSON(json: string) {

diff --git a/src/characters/enrico.ts b/src/characters/enrico.ts
@@ -57,11 +57,15 @@ export class Enrico {
  withConditions = this.conditions;
  }
 
+ if (!withConditions) {
+ throw new Error('Conditions are required for CBD encryption.');
+ }
+
  if (!(this.encryptingKey instanceof DkgPublicKey)) {
  throw new Error('Wrong key type. Use encryptMessagePre instead.');
  }
 
- const aad = toBytes(withConditions?.toJson() ?? '');
+ const aad = withConditions.asAad();
  const ciphertext = ferveoEncrypt(
  plaintext instanceof Uint8Array ? plaintext : toBytes(plaintext),
  aad,

diff --git a/src/characters/porter.ts b/src/characters/porter.ts
@@ -14,6 +14,7 @@ import { Base64EncodedBytes, ChecksumAddress, HexEncodedBytes } from '../types';
 import { fromBase64, fromHexString, toBase64, toHexString } from '../utils';
 
 // /get_ursulas
+
 export type Ursula = {
  readonly checksumAddress: ChecksumAddress;
  readonly uri: string;
@@ -40,6 +41,7 @@ export type GetUrsulasResult = {
 };
 
 // /retrieve_cfrags
+
 type PostRetrieveCFragsRequest = {
  readonly treasure_map: Base64EncodedBytes;
  readonly retrieval_kits: readonly Base64EncodedBytes[];
@@ -79,8 +81,15 @@ type PostCbdDecryptRequest = {
 };
 
 type PostCbdDecryptResponse = {
- encrypted_decryption_responses: Record<ChecksumAddress, Base64EncodedBytes>;
- errors: Record<ChecksumAddress, string>;
+ result: {
+ decryption_results: {
+ encrypted_decryption_responses: Record<
+ ChecksumAddress,
+ Base64EncodedBytes
+ >;
+ errors: Record<ChecksumAddress, string>;
+ };
+ };
 };
 
 export type CbdDecryptResult = {
@@ -174,8 +183,12 @@ export class Porter {
  new URL('/cbd_decrypt', this.porterUrl).toString(),
  data
  );
+
+ const { encrypted_decryption_responses, errors } =
+ resp.data.result.decryption_results;
+
  const decryptionResponses = Object.entries(
- resp.data.encrypted_decryption_responses
+ encrypted_decryption_responses
  ).map(([address, encryptedResponseBase64]) => {
  const encryptedResponse = EncryptedThresholdDecryptionResponse.fromBytes(
  fromBase64(encryptedResponseBase64)
@@ -186,6 +199,6 @@ export class Porter {
  string,
  EncryptedThresholdDecryptionResponse
  > = Object.fromEntries(decryptionResponses);
- return { encryptedResponses, errors: resp.data.errors };
+ return { encryptedResponses, errors };
  }
 }
diff --git a/src/conditions/compound-condition.ts b/src/conditions/compound-condition.ts
@@ -1,6 +1,6 @@
 import Joi from 'joi';
 
-import { Condition } from './base/condition';
+import { Condition } from './base';
 import { contractConditionSchema } from './base/contract';
 import { rpcConditionSchema } from './base/rpc';
 import { timeConditionSchema } from './base/time';

diff --git a/src/conditions/condition-expr.ts b/src/conditions/condition-expr.ts
@@ -2,7 +2,7 @@ import { Conditions as WASMConditions } from '@nucypher/nucypher-core';
 import { ethers } from 'ethers';
 import { SemVer } from 'semver';
 
-import { objectEquals, toJSON } from '../utils';
+import { objectEquals, toBytes, toJSON } from '../utils';
 
 import {
  Condition,
@@ -90,6 +90,10 @@ export class ConditionExpression {
  return new ConditionContext([this.condition], provider);
  }
 
+ public asAad(): Uint8Array {
+ return toBytes(this.toJson());
+ }
+
  public equals(other: ConditionExpression): boolean {
  return (
  this.version === other.version &&

diff --git a/src/conditions/context/context.ts b/src/conditions/context/context.ts
@@ -2,7 +2,7 @@ import { Conditions as WASMConditions } from '@nucypher/nucypher-core';
 import { ethers } from 'ethers';
 
 import { fromJSON, toJSON } from '../../utils';
-import { Condition } from '../base/condition';
+import { Condition } from '../base';
 import { USER_ADDRESS_PARAM } from '../const';
 
 import { TypedSignature, WalletAuthenticationProvider } from './providers';