import { Deserializer } from "../../bcs/deserializer.js";
import { Serializable, Serializer } from "../../bcs/serializer.js";
import { AccountAddress } from "../../core/index.js";
import { AuthenticationKey } from "../../core/authenticationKey.js";
import { Identifier } from "./identifier.js";
import { ModuleId } from "./moduleId.js";
import { EntryFunction, TransactionExecutable } from "./transactionPayload.js";
/** 16-byte decryption nonce for encrypted payloads (aptos-core `DecryptionNonce`). */
export declare const DECRYPTION_NONCE_LENGTH = 16;
/**
 * Optional claim about the entry function inside an encrypted payload (`claimed_entry_fun` in aptos-core).
 * Lets fee payers and multisig co-signers see module and optionally function name without decrypting.
 *
 * BCS: `module: ModuleId` then `function: Option<Identifier>`. The REST API renames the optional field to `name`.
 */
export declare class ClaimedEntryFunction extends Serializable {
    readonly moduleId: ModuleId;
    /** BCS/Rust `function`; JSON API field is `name`. */
    readonly functionName?: Identifier;
    constructor(moduleId: ModuleId, functionName?: Identifier);
    serialize(serializer: Serializer): void;
    static deserialize(deserializer: Deserializer): ClaimedEntryFunction;
    /**
     * @param includeFunctionName - When false, only the module is claimed (`Option::None` for function on wire).
     */
    static fromEntryFunction(entry: EntryFunction, opts?: {
        includeFunctionName?: boolean;
    }): ClaimedEntryFunction;
}
/**
 * BCS-serializable `DecryptedPlaintext`. Built client-side before encrypting; its BCS hash becomes `payload_hash`.
 * Matches Rust: `DecryptedPlaintext { executable, decryption_nonce: [u8; 16] }`.
 */
export declare class DecryptedPlaintext extends Serializable {
    executable: TransactionExecutable;
    decryptionNonce: Uint8Array;
    constructor(executable: TransactionExecutable, decryptionNonce: Uint8Array);
    serialize(serializer: Serializer): void;
    static deserialize(deserializer: Deserializer): DecryptedPlaintext;
    /**
     * Domain-separated BCS crypto hash (`BCSCryptoHash` in aptos-core):
     * SHA3-256( SHA3-256("APTOS::DecryptedPlaintext") || BCS(self) ).
     */
    hash(): Uint8Array;
}
/**
 * One `(AccountAddress, AuthenticationKey)` entry in `PayloadAssociatedData::V1.signer_auth_keys` (aptos-core).
 * @internal
 */
export type SignerAuthKeyPair = {
    address: AccountAddress;
    authenticationKey: AuthenticationKey;
};
/**
 * AAD for batch-encrypted transaction payloads. BCS matches Rust `PayloadAssociatedData::V1`:
 * uleb128 variant | `sender` | `Vec<(AccountAddress, AuthenticationKey)>`.
 */
export declare class PayloadAssociatedData extends Serializable {
    readonly sender: AccountAddress;
    readonly signerAuthKeys: readonly SignerAuthKeyPair[];
    constructor(sender: AccountAddress, signerAuthKeys: readonly SignerAuthKeyPair[]);
    serialize(serializer: Serializer): void;
    static deserialize(deserializer: Deserializer): PayloadAssociatedData;
}
//# sourceMappingURL=encryptedPayload.d.ts.map