> ## Documentation Index
> Fetch the complete documentation index at: https://sdk.umbraprivacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Key Generators & Crypto Operations

> Injectable key generators: KMAC256-based MVK and blinding factor derivers, Poseidon user commitment generators, X25519 keypair generators. Override any derivation step via deps injection.

## Key Derivation Generator Overrides

All cryptographic keys are derived from the master seed via [KMAC256](/sdk/advanced/cryptography/kmac256) or [Poseidon](/sdk/advanced/cryptography/poseidon). Every derivation step is injectable. The following generator types appear as optional `deps` across the functions that use them.

### Master Viewing Key Generators

```typescript theme={null}
type MasterViewingKeyGeneratorFunction = () => Promise<MasterViewingKey>;
type MasterViewingKeyBlindingFactorGeneratorFunction = () => Promise<Bn254FieldElement>;
```

Used by: registration, Stealth Pool Note creation (self-burnable and receiver-burnable), burning.

### Poseidon Private Key Generators

```typescript theme={null}
type PoseidonPrivateKeyGeneratorFunction = () => Promise<Bn254FieldElement>;
type PoseidonBlindingFactorGeneratorFunction = () => Promise<Bn254FieldElement>;
```

Used by: registration, Stealth Pool Note creation, burning.

### X25519 / Curve25519 Keypair Generators

```typescript theme={null}
// User account X25519 key - used for token account encryption
type Curve25519KeypairGeneratorFunction = () => Promise<Curve25519KeypairResult>;

// Per-mint X25519 key - used for Stealth Pool Note ciphertext addressing
type MintX25519KeypairGeneratorFunction = (mint: Address) => Promise<Curve25519KeypairResult>;
```

Used by: registration, Stealth Pool Note creation. Also exposed via `getMintEncryptionKeyRotatorFunction` deps (in `@umbra-privacy/sdk/account`).

### Viewing Key Generators (Poseidon sub-hierarchy)

```typescript theme={null}
type MintViewingKeyGeneratorFunction = (
  mint: Address,
  options?: ViewingKeyGeneratorOptions,
) => Promise<MintViewingKey>;

type YearlyViewingKeyGeneratorFunction = (
  mint: Address,
  year: Year,
  options?: ViewingKeyGeneratorOptions,
) => Promise<YearlyViewingKey>;

type MonthlyViewingKeyGeneratorFunction = (
  mint: Address,
  year: Year,
  month: Month,
  options?: ViewingKeyGeneratorOptions,
) => Promise<MonthlyViewingKey>;

type DailyViewingKeyGeneratorFunction = (
  mint: Address,
  year: Year,
  month: Month,
  day: Day,
  options?: ViewingKeyGeneratorOptions,
) => Promise<DailyViewingKey>;

type SecondViewingKeyGeneratorFunction = (
  mint: Address,
  year: Year,
  month: Month,
  day: Day,
  hour: Hour,
  minute: Minute,
  second: Second,
  options?: ViewingKeyGeneratorOptions,
) => Promise<SecondViewingKey>;
```

Used by: Stealth Pool Note creation (the second viewing key scopes the note ciphertext).

### Commitment Factor Generators

```typescript theme={null}
type RescueEncryptionCommitmentBlindingFactorGeneratorFunction = () => Promise<Bn254FieldElement>;
type RandomFactorForPolynomialCommitmentGeneratorFunction = () => Promise<Curve25519FieldElement>;
type PoseidonKeystreamBlindingFactorGeneratorFunction = () => Promise<Bn254FieldElement>;
```

### Ephemeral Stealth Pool Note key generators

Each note operation uses per-note ephemeral keys parameterised by the on-chain generation index. All are injectable. The TypeScript names retained their V13 spellings (`EphemeralUtxo*`) and the burn-side interfaces re-export them under V18 aliases:

```typescript theme={null}
type EphemeralUtxoMasterViewingKeyDeriverFunction = (offset: U256) => Promise<MasterViewingKey>;
type EphemeralUtxoMasterViewingKeyBlindingFactorDeriverFunction = (offset: U256) => Promise<Bn254FieldElement>;
type EphemeralUtxoPoseidonPrivateKeyDeriverFunction = (offset: U256) => Promise<Bn254FieldElement>;
type EphemeralUtxoPoseidonPrivateKeyBlindingFactorDeriverFunction = (offset: U256) => Promise<Bn254FieldElement>;
type EphemeralUtxoNullifierDeriverFunction = (offset: U256) => Promise<Bn254FieldElement>;
type EphemeralUtxoH2RandomSecretDeriverFunction = (offset: U256) => Promise<Curve25519FieldElement>;
```

Used by: all Stealth Pool Note creation and burner factories.

***

## Cryptographic Operation Overrides

Beyond key generation, the low-level cryptographic operations themselves are injectable.

### Rescue Cipher (RC) - Encryption and Decryption

The [Rescue cipher](/sdk/advanced/cryptography/rescue-cipher) is used to encrypt Stealth Pool Note payloads and EncryptedTokenAccount balances.

```typescript theme={null}
type RcEncryptorFunction = (
  plaintext: readonly RcPlaintext[],
) => Promise<{ ciphertexts: RcCiphertext[]; nonce: RcEncryptionNonce }>;

type RcEncryptorWithNonceFunction = (
  plaintext: readonly RcPlaintext[],
  nonce: RcEncryptionNonce,
) => Promise<RcCiphertext[]>;

type RcDecryptorFunction = (
  ciphertext: readonly RcCiphertext[],
  nonce: RcEncryptionNonce,
) => Promise<RcPlaintext[]>;

type RcKeyGeneratorFunction = (
  counters: readonly RcCounter[],
  nonce: RcEncryptionNonce,
) => Promise<RcKey[]>;
```

* `getRcEncryptor` and `getRcKeyGenerator` appear in: registration, Stealth Pool Note creation deps.
* `rcDecryptor` appears in: `getEncryptedBalanceQuerierFunction` deps — override to provide a custom decryption backend.

### AES Encryption

[AES-GCM](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf) is used for symmetric encryption of Stealth Pool Note commitment payloads.

```typescript theme={null}
type AesEncryptorFunction = (
  key: AesKey,
  plaintext: AesPlaintext,
) => Promise<AesCiphertextWithMetadata>;

type AesDecryptorFunction = (
  key: AesKey,
  ciphertext: AesCiphertextWithMetadata,
) => Promise<AesPlaintext>;
```

Used by: Stealth Pool Note creator factories.

### Poseidon Hash, Encryption, and Keystream

See [Poseidon](/sdk/advanced/cryptography/poseidon) for the hash construction and security properties.

```typescript theme={null}
type PoseidonHashFunction = (
  dataPoints: readonly Bn254FieldElement[],
) => Promise<Bn254FieldElement>;

type PoseidonAggregatorHashFunction = (
  dataPoints: readonly Bn254FieldElement[],
) => Promise<PoseidonHash>;

type PoseidonEncryptorFunction = (
  plaintext: readonly PoseidonPlaintext[],
  key: PoseidonKey,
) => Promise<PoseidonCiphertext[]>;

type PoseidonKeystreamGeneratorFunction = (
  counters: readonly PoseidonCounter[],
  key: PoseidonKey,
) => Promise<Map<PoseidonCounter, PoseidonKeystream>>;

type KeystreamCommitmentFunction = (
  keystream: Bn254FieldElement,
  blindingFactor: Bn254FieldElement,
) => Promise<Bn254FieldElement>;
```

Used by: registration, Stealth Pool Note creation, burning.

### Fiat-Shamir Challenge and Polynomial Evaluation

```typescript theme={null}
type FiatShamirChallengeGeneratorFunction = (
  input: Uint8Array,
) => Curve25519FieldElement;

type ChallengePowersFunction = (
  challenge: Curve25519FieldElement,
  maxPower: number,
) => Curve25519FieldElement[];

type PolynomialEvaluatorFunction = (
  coefficients: Curve25519FieldElement[],
  point: Curve25519FieldElement,
) => Curve25519FieldElement;
```

Used by: registration, Stealth Pool Note creation. Override to run evaluation in a [Web Worker](https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Using_web_workers) or swap in a WASM implementation.

### User Commitment Generator

```typescript theme={null}
type UserCommitmentGeneratorFunction = (
  masterViewingKey: Bn254FieldElement,
  masterViewingKeyBlindingFactor: Bn254FieldElement,
  poseidonPrivateKey: Bn254FieldElement,
  poseidonBlindingFactor: Bn254FieldElement,
) => Promise<Bn254FieldElement>;
```

Used by: registration, Stealth Pool Note creation.