@noble/bls12-381
Advanced tools
Comparing version 1.1.1 to 1.1.2
/*! noble-bls12-381 - MIT License (c) Paul Miller (paulmillr.com) */ | ||
import nodeCrypto from 'crypto'; | ||
import { Fp, Fr, Fp2, Fp12, CURVE, ProjectivePoint, map_to_curve_simple_swu_9mod16, isogenyMapG2, millerLoop, psi, psi2, calcPairingPrecomputes, mod } from './math'; | ||
import { Fp, Fr, Fp2, Fp12, CURVE, ProjectivePoint, map_to_curve_simple_swu_9mod16, isogenyMapG2, millerLoop, psi, psi2, calcPairingPrecomputes, mod } from './math.js'; | ||
export { Fp, Fr, Fp2, Fp12, CURVE }; | ||
@@ -5,0 +5,0 @@ const POW_2_381 = 2n ** 381n; |
/*! noble-bls12-381 - MIT License (c) Paul Miller (paulmillr.com) */ | ||
import { Fp, Fr, Fp2, Fp12, CURVE, ProjectivePoint, mod } from './math'; | ||
import { Fp, Fr, Fp2, Fp12, CURVE, ProjectivePoint, mod } from './math.js'; | ||
export { Fp, Fr, Fp2, Fp12, CURVE }; | ||
@@ -4,0 +4,0 @@ declare type Bytes = Uint8Array | string; |
108
lib/index.js
@@ -9,8 +9,8 @@ "use strict"; | ||
const crypto_1 = __importDefault(require("crypto")); | ||
const math_1 = require("./math"); | ||
Object.defineProperty(exports, "Fp", { enumerable: true, get: function () { return math_1.Fp; } }); | ||
Object.defineProperty(exports, "Fr", { enumerable: true, get: function () { return math_1.Fr; } }); | ||
Object.defineProperty(exports, "Fp2", { enumerable: true, get: function () { return math_1.Fp2; } }); | ||
Object.defineProperty(exports, "Fp12", { enumerable: true, get: function () { return math_1.Fp12; } }); | ||
Object.defineProperty(exports, "CURVE", { enumerable: true, get: function () { return math_1.CURVE; } }); | ||
const math_js_1 = require("./math.js"); | ||
Object.defineProperty(exports, "Fp", { enumerable: true, get: function () { return math_js_1.Fp; } }); | ||
Object.defineProperty(exports, "Fr", { enumerable: true, get: function () { return math_js_1.Fr; } }); | ||
Object.defineProperty(exports, "Fp2", { enumerable: true, get: function () { return math_js_1.Fp2; } }); | ||
Object.defineProperty(exports, "Fp12", { enumerable: true, get: function () { return math_js_1.Fp12; } }); | ||
Object.defineProperty(exports, "CURVE", { enumerable: true, get: function () { return math_js_1.CURVE; } }); | ||
const POW_2_381 = 2n ** 381n; | ||
@@ -23,3 +23,3 @@ const POW_2_382 = POW_2_381 * 2n; | ||
DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_NUL_', | ||
p: math_1.CURVE.P, | ||
p: math_js_1.CURVE.P, | ||
m: 2, | ||
@@ -30,3 +30,3 @@ k: 128, | ||
function isWithinCurveOrder(num) { | ||
return 0 < num && num < math_1.CURVE.r; | ||
return 0 < num && num < math_js_1.CURVE.r; | ||
} | ||
@@ -73,3 +73,3 @@ const crypto = { | ||
}, | ||
mod: math_1.mod, | ||
mod: math_js_1.mod, | ||
getDSTLabel() { | ||
@@ -207,3 +207,3 @@ return htfDefaults.DST; | ||
const tv = pseudo_random_bytes.slice(elm_offset, elm_offset + L); | ||
e[j] = (0, math_1.mod)(os2ip(tv), htfOptions.p); | ||
e[j] = (0, math_js_1.mod)(os2ip(tv), htfOptions.p); | ||
} | ||
@@ -226,3 +226,3 @@ u[i] = e; | ||
throw new TypeError('Expected valid private key'); | ||
int = (0, math_1.mod)(int, math_1.CURVE.r); | ||
int = (0, math_js_1.mod)(int, math_js_1.CURVE.r); | ||
if (!isWithinCurveOrder(int)) | ||
@@ -236,25 +236,25 @@ throw new Error('Private key must be 0 < key < CURVE.r'); | ||
} | ||
class PointG1 extends math_1.ProjectivePoint { | ||
constructor(x, y, z = math_1.Fp.ONE) { | ||
super(x, y, z, math_1.Fp); | ||
assertType(x, math_1.Fp); | ||
assertType(y, math_1.Fp); | ||
assertType(z, math_1.Fp); | ||
class PointG1 extends math_js_1.ProjectivePoint { | ||
constructor(x, y, z = math_js_1.Fp.ONE) { | ||
super(x, y, z, math_js_1.Fp); | ||
assertType(x, math_js_1.Fp); | ||
assertType(y, math_js_1.Fp); | ||
assertType(z, math_js_1.Fp); | ||
} | ||
static fromHex(bytes) { | ||
bytes = ensureBytes(bytes); | ||
const { P } = math_1.CURVE; | ||
const { P } = math_js_1.CURVE; | ||
let point; | ||
if (bytes.length === 48) { | ||
const compressedValue = bytesToNumberBE(bytes); | ||
const bflag = (0, math_1.mod)(compressedValue, POW_2_383) / POW_2_382; | ||
const bflag = (0, math_js_1.mod)(compressedValue, POW_2_383) / POW_2_382; | ||
if (bflag === 1n) { | ||
return this.ZERO; | ||
} | ||
const x = new math_1.Fp((0, math_1.mod)(compressedValue, POW_2_381)); | ||
const right = x.pow(3n).add(new math_1.Fp(math_1.CURVE.b)); | ||
const x = new math_js_1.Fp((0, math_js_1.mod)(compressedValue, POW_2_381)); | ||
const right = x.pow(3n).add(new math_js_1.Fp(math_js_1.CURVE.b)); | ||
let y = right.sqrt(); | ||
if (!y) | ||
throw new Error('Invalid compressed G1 point'); | ||
const aflag = (0, math_1.mod)(compressedValue, POW_2_382) / POW_2_381; | ||
const aflag = (0, math_js_1.mod)(compressedValue, POW_2_382) / POW_2_381; | ||
if ((y.value * 2n) / P !== aflag) | ||
@@ -269,3 +269,3 @@ y = y.negate(); | ||
const y = bytesToNumberBE(bytes.slice(PUBLIC_KEY_LENGTH)); | ||
point = new PointG1(new math_1.Fp(x), new math_1.Fp(y)); | ||
point = new PointG1(new math_js_1.Fp(x), new math_js_1.Fp(y)); | ||
} | ||
@@ -286,3 +286,3 @@ else { | ||
this.assertValidity(); | ||
const { P } = math_1.CURVE; | ||
const { P } = math_js_1.CURVE; | ||
if (isCompressed) { | ||
@@ -323,9 +323,9 @@ let hex; | ||
millerLoop(P) { | ||
return (0, math_1.millerLoop)(P.pairingPrecomputes(), this.toAffine()); | ||
return (0, math_js_1.millerLoop)(P.pairingPrecomputes(), this.toAffine()); | ||
} | ||
clearCofactor() { | ||
return this.multiplyUnsafe(math_1.CURVE.h); | ||
return this.multiplyUnsafe(math_js_1.CURVE.h); | ||
} | ||
isOnCurve() { | ||
const b = new math_1.Fp(math_1.CURVE.b); | ||
const b = new math_js_1.Fp(math_js_1.CURVE.b); | ||
const { x, y, z } = this; | ||
@@ -353,10 +353,10 @@ const left = y.pow(2n).multiply(z).subtract(x.pow(3n)); | ||
exports.PointG1 = PointG1; | ||
PointG1.BASE = new PointG1(new math_1.Fp(math_1.CURVE.Gx), new math_1.Fp(math_1.CURVE.Gy), math_1.Fp.ONE); | ||
PointG1.ZERO = new PointG1(math_1.Fp.ONE, math_1.Fp.ONE, math_1.Fp.ZERO); | ||
class PointG2 extends math_1.ProjectivePoint { | ||
constructor(x, y, z = math_1.Fp2.ONE) { | ||
super(x, y, z, math_1.Fp2); | ||
assertType(x, math_1.Fp2); | ||
assertType(y, math_1.Fp2); | ||
assertType(z, math_1.Fp2); | ||
PointG1.BASE = new PointG1(new math_js_1.Fp(math_js_1.CURVE.Gx), new math_js_1.Fp(math_js_1.CURVE.Gy), math_js_1.Fp.ONE); | ||
PointG1.ZERO = new PointG1(math_js_1.Fp.ONE, math_js_1.Fp.ONE, math_js_1.Fp.ZERO); | ||
class PointG2 extends math_js_1.ProjectivePoint { | ||
constructor(x, y, z = math_js_1.Fp2.ONE) { | ||
super(x, y, z, math_js_1.Fp2); | ||
assertType(x, math_js_1.Fp2); | ||
assertType(y, math_js_1.Fp2); | ||
assertType(z, math_js_1.Fp2); | ||
} | ||
@@ -366,4 +366,4 @@ static async hashToCurve(msg) { | ||
const u = await hash_to_field(msg, 2); | ||
const Q0 = new PointG2(...(0, math_1.isogenyMapG2)((0, math_1.map_to_curve_simple_swu_9mod16)(u[0]))); | ||
const Q1 = new PointG2(...(0, math_1.isogenyMapG2)((0, math_1.map_to_curve_simple_swu_9mod16)(u[1]))); | ||
const Q0 = new PointG2(...(0, math_js_1.isogenyMapG2)((0, math_js_1.map_to_curve_simple_swu_9mod16)(u[0]))); | ||
const Q1 = new PointG2(...(0, math_js_1.isogenyMapG2)((0, math_js_1.map_to_curve_simple_swu_9mod16)(u[1]))); | ||
const R = Q0.add(Q1); | ||
@@ -375,3 +375,3 @@ const P = R.clearCofactor(); | ||
hex = ensureBytes(hex); | ||
const { P } = math_1.CURVE; | ||
const { P } = math_js_1.CURVE; | ||
const half = hex.length / 2; | ||
@@ -382,3 +382,3 @@ if (half !== 48 && half !== 96) | ||
const z2 = bytesToNumberBE(hex.slice(half)); | ||
const bflag1 = (0, math_1.mod)(z1, POW_2_383) / POW_2_382; | ||
const bflag1 = (0, math_js_1.mod)(z1, POW_2_383) / POW_2_382; | ||
if (bflag1 === 1n) | ||
@@ -388,4 +388,4 @@ return this.ZERO; | ||
const x2 = z2; | ||
const x = new math_1.Fp2([x2, x1]); | ||
const y2 = x.pow(3n).add(new math_1.Fp2(math_1.CURVE.b2)); | ||
const x = new math_js_1.Fp2([x2, x1]); | ||
const y2 = x.pow(3n).add(new math_js_1.Fp2(math_js_1.CURVE.b2)); | ||
let y = y2.sqrt(); | ||
@@ -400,3 +400,3 @@ if (!y) | ||
y = y.multiply(-1n); | ||
const point = new PointG2(x, y, math_1.Fp2.ONE); | ||
const point = new PointG2(x, y, math_js_1.Fp2.ONE); | ||
point.assertValidity(); | ||
@@ -419,3 +419,3 @@ return point; | ||
const y0 = bytesToNumberBE(bytes.slice(3 * PUBLIC_KEY_LENGTH)); | ||
point = new PointG2(new math_1.Fp2([x0, x1]), new math_1.Fp2([y0, y1])); | ||
point = new PointG2(new math_js_1.Fp2([x0, x1]), new math_js_1.Fp2([y0, y1])); | ||
} | ||
@@ -438,3 +438,3 @@ else { | ||
const tmp = y1 > 0n ? y1 * 2n : y0 * 2n; | ||
const aflag1 = tmp / math_1.CURVE.P; | ||
const aflag1 = tmp / math_js_1.CURVE.P; | ||
const z1 = x1 + aflag1 * POW_2_381 + POW_2_383; | ||
@@ -473,9 +473,9 @@ const z2 = x0; | ||
psi() { | ||
return this.fromAffineTuple((0, math_1.psi)(...this.toAffine())); | ||
return this.fromAffineTuple((0, math_js_1.psi)(...this.toAffine())); | ||
} | ||
psi2() { | ||
return this.fromAffineTuple((0, math_1.psi2)(...this.toAffine())); | ||
return this.fromAffineTuple((0, math_js_1.psi2)(...this.toAffine())); | ||
} | ||
mulNegX() { | ||
return this.multiplyUnsafe(math_1.CURVE.x).negate(); | ||
return this.multiplyUnsafe(math_js_1.CURVE.x).negate(); | ||
} | ||
@@ -497,3 +497,3 @@ clearCofactor() { | ||
isOnCurve() { | ||
const b = new math_1.Fp2(math_1.CURVE.b2); | ||
const b = new math_js_1.Fp2(math_js_1.CURVE.b2); | ||
const { x, y, z } = this; | ||
@@ -520,3 +520,3 @@ const left = y.pow(2n).multiply(z).subtract(x.pow(3n)); | ||
return this._PPRECOMPUTES; | ||
this._PPRECOMPUTES = (0, math_1.calcPairingPrecomputes)(...this.toAffine()); | ||
this._PPRECOMPUTES = (0, math_js_1.calcPairingPrecomputes)(...this.toAffine()); | ||
return this._PPRECOMPUTES; | ||
@@ -526,4 +526,4 @@ } | ||
exports.PointG2 = PointG2; | ||
PointG2.BASE = new PointG2(new math_1.Fp2(math_1.CURVE.G2x), new math_1.Fp2(math_1.CURVE.G2y), math_1.Fp2.ONE); | ||
PointG2.ZERO = new PointG2(math_1.Fp2.ONE, math_1.Fp2.ONE, math_1.Fp2.ZERO); | ||
PointG2.BASE = new PointG2(new math_js_1.Fp2(math_js_1.CURVE.G2x), new math_js_1.Fp2(math_js_1.CURVE.G2y), math_js_1.Fp2.ONE); | ||
PointG2.ZERO = new PointG2(math_js_1.Fp2.ONE, math_js_1.Fp2.ONE, math_js_1.Fp2.ZERO); | ||
function pairing(P, Q, withFinalExponent = true) { | ||
@@ -570,3 +570,3 @@ if (P.isZero() || Q.isZero()) | ||
const exp = eGS.multiply(ePHm).finalExponentiate(); | ||
return exp.equals(math_1.Fp12.ONE); | ||
return exp.equals(math_js_1.Fp12.ONE); | ||
} | ||
@@ -613,5 +613,5 @@ exports.verify = verify; | ||
paired.push(pairing(PointG1.BASE.negate(), sig, false)); | ||
const product = paired.reduce((a, b) => a.multiply(b), math_1.Fp12.ONE); | ||
const product = paired.reduce((a, b) => a.multiply(b), math_js_1.Fp12.ONE); | ||
const exp = product.finalExponentiate(); | ||
return exp.equals(math_1.Fp12.ONE); | ||
return exp.equals(math_js_1.Fp12.ONE); | ||
} | ||
@@ -618,0 +618,0 @@ catch { |
{ | ||
"name": "@noble/bls12-381", | ||
"version": "1.1.1", | ||
"version": "1.1.2", | ||
"description": "Fastest JS implementation of BLS12-381. Auditable, secure, 0-dependency aggregated signatures & pairings", | ||
@@ -5,0 +5,0 @@ "files": [ |
# noble-bls12-381 ![Node CI](https://github.com/paulmillr/noble-secp256k1/workflows/Node%20CI/badge.svg) [![code style: prettier](https://img.shields.io/badge/code_style-prettier-ff69b4.svg?style=flat-square)](https://github.com/prettier/prettier) | ||
**[Fastest](#speed)** implementation of BLS12-381 in a scripting language. The pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to: | ||
**[Fastest](#speed)** JS implementation of BLS12-381. Auditable, secure, 0-dependency aggregated signatures & pairings. | ||
The pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to: | ||
- Construct [zk-SNARKs](https://z.cash/technology/zksnarks/) at the 128-bit security | ||
@@ -6,0 +8,0 @@ - Use [threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716), |
147314
320