This issue tries to define the object which will be returned by getEncryptedMatchKey API.

Relevant reading

https://github.com/patcg-individual-drafts/ipa/blob/main/details/encryption.md

Proposed return value

We have detailed out getEncryptedMatchKey interface and implementation detail in #52 and in this PR, we would like to double-down on its return value, PrivateAttributionEncryptedMatchKey.

dictionary PrivateAttributionHelperShare {
    // This is the identifier for the HPKE key that was used to encrypt. 
    // Since the helper party may have multiple keys, this indicates which one to apply
    uint8 keyId;
    ArrayBuffer encryptedShare;
};


dictionary PrivateAttributionEncryptedMatchKey {
    // The registrable domain of the top-level "site" that the encrypted match key was generated for.
    DOMString site;
    // Epoch during which the encrypted match key was generated
    uint16 epoch;
    // Map from helper to the encrypted bits they get and additional info used to generate those bits
    record<DOMString, PrivateAttributionHelperShare> shares;
};

PrivateAttributionEncryptedMatchKey will consist of

• site: The top-level site for which the encrypted match key was generated (see Should we use sites (i.e. registrable domains) or origins? #51 )
• epoch: The epoch during which the encrypted match keys were generated.
• shares: This will be a map from helper to PrivateAttributionHelperShare which contains the encrypted bits i.e. encryptedShare and additional information which will be needed to decrypt these shares i.e. keyId. keyId is the identifier for the HPKE key that was used to encrypt this share. Helper parties can have multiple keys. In this case, keyId would indicate which one to apply to decrypt this particular share.