Socket
Socket
Sign inDemoInstall

@noble/curves

Package Overview
Dependencies
Maintainers
1
Versions
34
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@noble/curves - npm Package Compare versions

Comparing version 0.3.1 to 0.3.2

7

lib/crypto.js

@@ -1,8 +0,5 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.crypto = void 0;
const nodeCrypto = require("crypto");
exports.crypto = {
import * as nodeCrypto from 'crypto';
export const crypto = {
node: nodeCrypto,
web: undefined,
};

5

lib/cryptoBrowser.js

@@ -1,7 +0,4 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.crypto = void 0;
exports.crypto = {
export const crypto = {
node: undefined,
web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
};

34

lib/definitions/_shortw_utils.d.ts

@@ -1,2 +0,2 @@

import { CurveType, CHash } from '../weierstrass';
import { CurveType, CHash } from '../weierstrass.js';
export declare function getHash(hash: CHash): {

@@ -8,3 +8,3 @@ hash: CHash;

export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonly<{
create: (hash: CHash) => import("../weierstrass").CurveFn;
create: (hash: CHash) => import("../weierstrass.js").CurveFn;
CURVE: Readonly<{

@@ -23,6 +23,6 @@ readonly nBitLength: number;

readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
randomBytes: typeof import("../utils").randomBytes;
randomBytes: typeof import("../utils.js").randomBytes;
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
readonly normalizePrivateKey?: ((key: import("../utils").PrivKey) => import("../utils").PrivKey) | undefined;
readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
readonly endo?: {

@@ -38,14 +38,14 @@ beta: bigint;

}>;
getPublicKey: (privateKey: import("../utils").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
getSharedSecret: (privateA: import("../utils").PrivKey, publicB: import("../weierstrass").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
sign: (msgHash: import("../utils").Hex, privKey: import("../utils").PrivKey, opts?: {
getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
lowS?: boolean | undefined;
extraEntropy?: (true | import("../utils").Hex) | undefined;
} | undefined) => import("../weierstrass").SignatureType;
verify: (signature: import("../utils").Hex | import("../weierstrass").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass").PubKey, opts?: {
extraEntropy?: (true | import("../utils.js").Hex) | undefined;
} | undefined) => import("../weierstrass.js").SignatureType;
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
lowS?: boolean | undefined;
} | undefined) => boolean;
Point: import("../weierstrass").PointConstructor;
JacobianPoint: import("../weierstrass").JacobianPointConstructor;
Signature: import("../weierstrass").SignatureConstructor;
Point: import("../weierstrass.js").PointConstructor;
JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
Signature: import("../weierstrass.js").SignatureConstructor;
utils: {

@@ -56,9 +56,9 @@ mod: (a: bigint, b?: bigint | undefined) => bigint;

_bigintToString: (num: bigint) => string;
_normalizePrivateKey: (key: import("../utils").PrivKey) => bigint;
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => import("../weierstrass").PointType;
_normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
_isWithinCurveOrder: (num: bigint) => boolean;
_isValidFieldElement: (num: bigint) => boolean;
_weierstrassEquation: (x: bigint) => bigint;
isValidPrivateKey(privateKey: import("../utils").PrivKey): boolean;
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array;
isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
randomPrivateKey: () => Uint8Array;

@@ -65,0 +65,0 @@ };

19

lib/definitions/_shortw_utils.js

@@ -1,18 +0,13 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.createCurve = exports.getHash = void 0;
const hmac_1 = require("@noble/hashes/hmac");
const utils_1 = require("@noble/hashes/utils");
const weierstrass_1 = require("../weierstrass");
function getHash(hash) {
import { hmac } from '@noble/hashes/hmac';
import { concatBytes } from '@noble/hashes/utils';
import { weierstrass } from '../weierstrass.js';
export function getHash(hash) {
return {
hash,
hmac: (key, ...msgs) => (0, hmac_1.hmac)(hash, key, (0, utils_1.concatBytes)(...msgs)),
hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),
};
}
exports.getHash = getHash;
function createCurve(curveDef, defHash) {
const create = (hash) => (0, weierstrass_1.weierstrass)({ ...curveDef, ...getHash(hash) });
export function createCurve(curveDef, defHash) {
const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
return Object.freeze({ ...create(defHash), create });
}
exports.createCurve = createCurve;

2

lib/definitions/bn.d.ts

@@ -7,2 +7,2 @@ /**

*/
export declare const bn254: import("../weierstrass").CurveFn;
export declare const bn254: import("../weierstrass.js").CurveFn;

13

lib/definitions/bn.js

@@ -1,8 +0,5 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.bn254 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const weierstrass_1 = require("../weierstrass");
const sha256_1 = require("@noble/hashes/sha256");
const _shortw_utils_js_1 = require("./_shortw_utils.js");
import { weierstrass } from '../weierstrass.js';
import { sha256 } from '@noble/hashes/sha256';
import { getHash } from './_shortw_utils.js';
/**

@@ -14,3 +11,3 @@ * bn254 pairing-friendly curve.

*/
exports.bn254 = (0, weierstrass_1.weierstrass)({
export const bn254 = weierstrass({
a: BigInt(0),

@@ -23,3 +20,3 @@ b: BigInt(3),

h: BigInt(1),
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
...getHash(sha256),
});

12

lib/definitions/ed25519.d.ts

@@ -1,8 +0,8 @@

import { ExtendedPointType } from '../edwards';
import { Hex } from '../utils';
import { ExtendedPointType } from '../edwards.js';
import { Hex } from '../utils.js';
export declare const ED25519_TORSION_SUBGROUP: string[];
export declare const ed25519: import("../edwards").CurveFn;
export declare const ed25519ctx: import("../edwards").CurveFn;
export declare const ed25519ph: import("../edwards").CurveFn;
export declare const x25519: import("../montgomery").CurveFn;
export declare const ed25519: import("../edwards.js").CurveFn;
export declare const ed25519ctx: import("../edwards.js").CurveFn;
export declare const ed25519ph: import("../edwards.js").CurveFn;
export declare const x25519: import("../montgomery.js").CurveFn;
declare type ExtendedPoint = ExtendedPointType;

@@ -9,0 +9,0 @@ /**

120

lib/definitions/ed25519.js

@@ -1,11 +0,8 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RistrettoPoint = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha512_1 = require("@noble/hashes/sha512");
const utils_1 = require("@noble/hashes/utils");
const edwards_1 = require("../edwards");
const montgomery_1 = require("../montgomery");
const modular_1 = require("../modular");
const utils_2 = require("../utils");
import { sha512 } from '@noble/hashes/sha512';
import { concatBytes, utf8ToBytes } from '@noble/hashes/utils';
import { twistedEdwards } from '../edwards.js';
import { montgomery } from '../montgomery.js';
import { mod, pow2, isNegativeLE } from '../modular.js';
import { ensureBytes, equalBytes, bytesToHex, bytesToNumberLE, numberToBytesLE, } from '../utils.js';
/**

@@ -28,12 +25,12 @@ * ed25519 Twisted Edwards curve with following addons:

const b2 = (x2 * x) % P; // x^3, 11
const b4 = ((0, modular_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
const b5 = ((0, modular_1.pow2)(b4, _1n, P) * x) % P; // x^31
const b10 = ((0, modular_1.pow2)(b5, _5n, P) * b5) % P;
const b20 = ((0, modular_1.pow2)(b10, _10n, P) * b10) % P;
const b40 = ((0, modular_1.pow2)(b20, _20n, P) * b20) % P;
const b80 = ((0, modular_1.pow2)(b40, _40n, P) * b40) % P;
const b160 = ((0, modular_1.pow2)(b80, _80n, P) * b80) % P;
const b240 = ((0, modular_1.pow2)(b160, _80n, P) * b80) % P;
const b250 = ((0, modular_1.pow2)(b240, _10n, P) * b10) % P;
const pow_p_5_8 = ((0, modular_1.pow2)(b250, _2n, P) * x) % P;
const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111
const b5 = (pow2(b4, _1n, P) * x) % P; // x^31
const b10 = (pow2(b5, _5n, P) * b5) % P;
const b20 = (pow2(b10, _10n, P) * b10) % P;
const b40 = (pow2(b20, _20n, P) * b20) % P;
const b80 = (pow2(b40, _40n, P) * b40) % P;
const b160 = (pow2(b80, _80n, P) * b80) % P;
const b240 = (pow2(b160, _80n, P) * b80) % P;
const b250 = (pow2(b240, _10n, P) * b10) % P;
const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P;
// ^ To pow to (p+3)/8, multiply it by x.

@@ -58,13 +55,13 @@ return { pow_p_5_8, b2 };

const P = ED25519_P;
const v3 = (0, modular_1.mod)(v * v * v, P); // v³
const v7 = (0, modular_1.mod)(v3 * v3 * v, P); // v⁷
const v3 = mod(v * v * v, P); // v³
const v7 = mod(v3 * v3 * v, P); // v⁷
// (p+3)/8 and (p-5)/8
const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
let x = (0, modular_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
const vx2 = (0, modular_1.mod)(v * x * x, P); // vx²
let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
const vx2 = mod(v * x * x, P); // vx²
const root1 = x; // First root candidate
const root2 = (0, modular_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate
const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate
const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root
const useRoot2 = vx2 === (0, modular_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
const noRoot = vx2 === (0, modular_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
if (useRoot1)

@@ -74,8 +71,8 @@ x = root1;

x = root2; // We return root2 anyway, for const-time
if ((0, modular_1.isNegativeLE)(x, P))
x = (0, modular_1.mod)(-x, P);
if (isNegativeLE(x, P))
x = mod(-x, P);
return { isValid: useRoot1 || useRoot2, value: x };
}
// Just in case
exports.ED25519_TORSION_SUBGROUP = [
export const ED25519_TORSION_SUBGROUP = [
'0100000000000000000000000000000000000000000000000000000000000000',

@@ -106,3 +103,3 @@ 'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',

Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),
hash: sha512_1.sha512,
hash: sha512,
adjustScalarBytes,

@@ -114,15 +111,15 @@ // dom2

};
exports.ed25519 = (0, edwards_1.twistedEdwards)(ED25519_DEF);
export const ed25519 = twistedEdwards(ED25519_DEF);
function ed25519_domain(data, ctx, phflag) {
if (ctx.length > 255)
throw new Error('Context is too big');
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
}
exports.ed25519ctx = (0, edwards_1.twistedEdwards)({ ...ED25519_DEF, domain: ed25519_domain });
exports.ed25519ph = (0, edwards_1.twistedEdwards)({
export const ed25519ctx = twistedEdwards({ ...ED25519_DEF, domain: ed25519_domain });
export const ed25519ph = twistedEdwards({
...ED25519_DEF,
domain: ed25519_domain,
preHash: sha512_1.sha512,
preHash: sha512,
});
exports.x25519 = (0, montgomery_1.montgomery)({
export const x25519 = montgomery({
P: ED25519_P,

@@ -137,3 +134,3 @@ a24: BigInt('121665'),

const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
return (0, modular_1.mod)((0, modular_1.pow2)(pow_p_5_8, BigInt(3), P) * b2, P);
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P);
},

@@ -159,3 +156,3 @@ adjustScalarBytes,

const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
const bytes255ToNumberLE = (bytes) => exports.ed25519.utils.mod((0, utils_2.bytesToNumberLE)(bytes) & MAX_255B);
const bytes255ToNumberLE = (bytes) => ed25519.utils.mod(bytesToNumberLE(bytes) & MAX_255B);
/**

@@ -168,3 +165,3 @@ * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be

*/
class RistrettoPoint {
export class RistrettoPoint {
// Private property to discourage combining ExtendedPoint + RistrettoPoint

@@ -178,4 +175,4 @@ // Always use Ristretto encoding/decoding instead.

static calcElligatorRistrettoMap(r0) {
const { d, P } = exports.ed25519.CURVE;
const { mod } = exports.ed25519.utils;
const { d, P } = ed25519.CURVE;
const { mod } = ed25519.utils;
const r = mod(SQRT_M1 * r0 * r0); // 1

@@ -187,3 +184,3 @@ const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2

let s_ = mod(s * r0); // 6
if (!(0, modular_1.isNegativeLE)(s_, P))
if (!isNegativeLE(s_, P))
s_ = mod(-s_);

@@ -200,3 +197,3 @@ if (!Ns_D_is_sq)

const W3 = mod(_1n + s2); // 13
return new exports.ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
return new ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
}

@@ -211,3 +208,3 @@ /**

static hashToCurve(hex) {
hex = (0, utils_2.ensureBytes)(hex, 64);
hex = ensureBytes(hex, 64);
const r1 = bytes255ToNumberLE(hex.slice(0, 32));

@@ -225,5 +222,5 @@ const R1 = this.calcElligatorRistrettoMap(r1);

static fromHex(hex) {
hex = (0, utils_2.ensureBytes)(hex, 32);
const { a, d, P } = exports.ed25519.CURVE;
const { mod } = exports.ed25519.utils;
hex = ensureBytes(hex, 32);
const { a, d, P } = ed25519.CURVE;
const { mod } = ed25519.utils;
const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint';

@@ -233,3 +230,3 @@ const s = bytes255ToNumberLE(hex);

// 3. Check that s is non-negative, or else abort
if (!(0, utils_2.equalBytes)((0, utils_2.numberToBytesLE)(s, 32), hex) || (0, modular_1.isNegativeLE)(s, P))
if (!equalBytes(numberToBytesLE(s, 32), hex) || isNegativeLE(s, P))
throw new Error(emsg);

@@ -246,9 +243,9 @@ const s2 = mod(s * s);

let x = mod((s + s) * Dx); // 10
if ((0, modular_1.isNegativeLE)(x, P))
if (isNegativeLE(x, P))
x = mod(-x); // 10
const y = mod(u1 * Dy); // 11
const t = mod(x * y); // 12
if (!isValid || (0, modular_1.isNegativeLE)(t, P) || y === _0n)
if (!isValid || isNegativeLE(t, P) || y === _0n)
throw new Error(emsg);
return new RistrettoPoint(new exports.ed25519.ExtendedPoint(x, y, _1n, t));
return new RistrettoPoint(new ed25519.ExtendedPoint(x, y, _1n, t));
}

@@ -261,4 +258,4 @@ /**

let { x, y, z, t } = this.ep;
const { P } = exports.ed25519.CURVE;
const { mod } = exports.ed25519.utils;
const { P } = ed25519.CURVE;
const { mod } = ed25519.utils;
const u1 = mod(mod(z + y) * mod(z - y)); // 1

@@ -273,3 +270,3 @@ const u2 = mod(x * y); // 2

let D; // 7
if ((0, modular_1.isNegativeLE)(t * zInv, P)) {
if (isNegativeLE(t * zInv, P)) {
let _x = mod(y * SQRT_M1);

@@ -284,11 +281,11 @@ let _y = mod(x * SQRT_M1);

}
if ((0, modular_1.isNegativeLE)(x * zInv, P))
if (isNegativeLE(x * zInv, P))
y = mod(-y); // 9
let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a))
if ((0, modular_1.isNegativeLE)(s, P))
if (isNegativeLE(s, P))
s = mod(-s);
return (0, utils_2.numberToBytesLE)(s, 32); // 11
return numberToBytesLE(s, 32); // 11
}
toHex() {
return (0, utils_2.bytesToHex)(this.toRawBytes());
return bytesToHex(this.toRawBytes());
}

@@ -303,3 +300,3 @@ toString() {

const b = other.ep;
const { mod } = exports.ed25519.utils;
const { mod } = ed25519.utils;
// (x1 * y2 == y1 * x2) | (y1 * y2 == x1 * x2)

@@ -325,4 +322,3 @@ const one = mod(a.x * b.y) === mod(a.y * b.x);

}
exports.RistrettoPoint = RistrettoPoint;
RistrettoPoint.BASE = new RistrettoPoint(exports.ed25519.ExtendedPoint.BASE);
RistrettoPoint.ZERO = new RistrettoPoint(exports.ed25519.ExtendedPoint.ZERO);
RistrettoPoint.BASE = new RistrettoPoint(ed25519.ExtendedPoint.BASE);
RistrettoPoint.ZERO = new RistrettoPoint(ed25519.ExtendedPoint.ZERO);

6

lib/definitions/ed448.d.ts

@@ -1,3 +0,3 @@

export declare const ed448: import("../edwards").CurveFn;
export declare const ed448ph: import("../edwards").CurveFn;
export declare const x448: import("../montgomery").CurveFn;
export declare const ed448: import("../edwards.js").CurveFn;
export declare const ed448ph: import("../edwards.js").CurveFn;
export declare const x448: import("../montgomery.js").CurveFn;

63

lib/definitions/ed448.js

@@ -1,10 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.x448 = exports.ed448ph = exports.ed448 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha3_1 = require("@noble/hashes/sha3");
const utils_1 = require("@noble/hashes/utils");
const edwards_1 = require("../edwards");
const modular_1 = require("../modular");
const montgomery_1 = require("../montgomery");
import { shake256 } from '@noble/hashes/sha3';
import { concatBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';
import { twistedEdwards } from '../edwards.js';
import { mod, pow2 } from '../modular.js';
import { montgomery } from '../montgomery.js';
/**

@@ -15,4 +12,4 @@ * Edwards448 (not Ed448-Goldilocks) curve with following addons:

*/
const shake256_114 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 114 }));
const shake256_64 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 64 }));
const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));
const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));
const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');

@@ -29,13 +26,13 @@ // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.

const b3 = (b2 * b2 * x) % P;
const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P;
const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P;
const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P;
const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P;
const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P;
const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P;
const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P;
const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P;
const b222 = ((0, modular_1.pow2)(b220, _2n, P) * b2) % P;
const b223 = ((0, modular_1.pow2)(b222, _1n, P) * x) % P;
return ((0, modular_1.pow2)(b223, _223n, P) * b222) % P;
const b6 = (pow2(b3, _3n, P) * b3) % P;
const b9 = (pow2(b6, _3n, P) * b3) % P;
const b11 = (pow2(b9, _2n, P) * b2) % P;
const b22 = (pow2(b11, _11n, P) * b11) % P;
const b44 = (pow2(b22, _22n, P) * b22) % P;
const b88 = (pow2(b44, _44n, P) * b44) % P;
const b176 = (pow2(b88, _88n, P) * b88) % P;
const b220 = (pow2(b176, _44n, P) * b44) % P;
const b222 = (pow2(b220, _2n, P) * b2) % P;
const b223 = (pow2(b222, _1n, P) * x) % P;
return (pow2(b223, _223n, P) * b222) % P;
}

@@ -74,3 +71,3 @@ function adjustScalarBytes(bytes) {

throw new Error(`Context is too big: ${ctx.length}`);
return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
},

@@ -88,18 +85,18 @@ // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.

// x = (u/v) = u v (u^5 v^3) (mod p)
const u2v = (0, modular_1.mod)(u * u * v, P);
const u3v = (0, modular_1.mod)(u2v * u, P); // u^2v
const u5v3 = (0, modular_1.mod)(u3v * u2v * v, P); // u^5v^3
const u2v = mod(u * u * v, P);
const u3v = mod(u2v * u, P); // u^2v
const u5v3 = mod(u3v * u2v * v, P); // u^5v^3
const root = ed448_pow_Pminus3div4(u5v3);
const x = (0, modular_1.mod)(u3v * root, P);
const x = mod(u3v * root, P);
// Verify that root is exists
const x2 = (0, modular_1.mod)(x * x, P); // x^2
const x2 = mod(x * x, P); // x^2
// If v * x^2 = u, the recovered x-coordinate is x. Otherwise, no
// square root exists, and the decoding fails.
return { isValid: (0, modular_1.mod)(x2 * v, P) === u, value: x };
return { isValid: mod(x2 * v, P) === u, value: x };
},
};
exports.ed448 = (0, edwards_1.twistedEdwards)(ED448_DEF);
export const ed448 = twistedEdwards(ED448_DEF);
// NOTE: there is no ed448ctx, since ed448 supports ctx by default
exports.ed448ph = (0, edwards_1.twistedEdwards)({ ...ED448_DEF, preHash: shake256_64 });
exports.x448 = (0, montgomery_1.montgomery)({
export const ed448ph = twistedEdwards({ ...ED448_DEF, preHash: shake256_64 });
export const x448 = montgomery({
a24: BigInt(39081),

@@ -113,4 +110,4 @@ montgomeryBits: 448,

const Pminus3div4 = ed448_pow_Pminus3div4(x);
const Pminus3 = (0, modular_1.pow2)(Pminus3div4, BigInt(2), P);
return (0, modular_1.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
const Pminus3 = pow2(Pminus3div4, BigInt(2), P);
return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2
},

@@ -117,0 +114,0 @@ adjustScalarBytes,

6

lib/definitions/jubjub.d.ts

@@ -5,4 +5,4 @@ /**

*/
export declare const jubjub: import("../edwards").CurveFn;
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;
export declare const jubjub: import("../edwards.js").CurveFn;
export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType;
export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType;

33

lib/definitions/jubjub.js

@@ -1,9 +0,6 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha256_1 = require("@noble/hashes/sha256");
const utils_1 = require("@noble/hashes/utils");
const edwards_1 = require("../edwards");
const blake2s_1 = require("@noble/hashes/blake2s");
import { sha256 } from '@noble/hashes/sha256';
import { concatBytes, utf8ToBytes } from '@noble/hashes/utils';
import { twistedEdwards } from '../edwards.js';
import { blake2s } from '@noble/hashes/blake2s';
/**

@@ -13,3 +10,3 @@ * jubjub Twisted Edwards curve.

*/
exports.jubjub = (0, edwards_1.twistedEdwards)({
export const jubjub = twistedEdwards({
// Params: a, d

@@ -28,21 +25,20 @@ a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),

Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
hash: sha256_1.sha256,
hash: sha256,
});
const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
// Returns point at JubJub curve which is prime order and not zero
function groupHash(tag, personalization) {
const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 });
export function groupHash(tag, personalization) {
const h = blake2s.create({ personalization, dkLen: 32 });
h.update(GH_FIRST_BLOCK);
h.update(tag);
// NOTE: returns ExtendedPoint, in case it will be multiplied later
let p = exports.jubjub.ExtendedPoint.fromAffine(exports.jubjub.Point.fromHex(h.digest()));
let p = jubjub.ExtendedPoint.fromAffine(jubjub.Point.fromHex(h.digest()));
// NOTE: cannot replace with isSmallOrder, returns Point*8
p = p.multiply(exports.jubjub.CURVE.h);
if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
p = p.multiply(jubjub.CURVE.h);
if (p.equals(jubjub.ExtendedPoint.ZERO))
throw new Error('Point has small order');
return p;
}
exports.groupHash = groupHash;
function findGroupHash(m, personalization) {
const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
export function findGroupHash(m, personalization) {
const tag = concatBytes(m, new Uint8Array([0]));
for (let i = 0; i < 256; i++) {

@@ -57,2 +53,1 @@ tag[tag.length - 1] = i;

}
exports.findGroupHash = findGroupHash;

13

lib/definitions/p192.js

@@ -1,10 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.secp192r1 = exports.P192 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const sha256_1 = require("@noble/hashes/sha256");
import { createCurve } from './_shortw_utils.js';
import { sha256 } from '@noble/hashes/sha256';
// NIST secp192r1 aka P192
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/secg/secp192r1
exports.P192 = (0, _shortw_utils_js_1.createCurve)({
export const P192 = createCurve({
// Params: a, b

@@ -22,3 +19,3 @@ a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffc'),

lowS: false,
}, sha256_1.sha256);
exports.secp192r1 = exports.P192;
}, sha256);
export const secp192r1 = P192;

13

lib/definitions/p224.js

@@ -1,10 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.secp224r1 = exports.P224 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const sha256_1 = require("@noble/hashes/sha256");
import { createCurve } from './_shortw_utils.js';
import { sha256 } from '@noble/hashes/sha256';
// NIST secp224r1 aka P224
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-224
exports.P224 = (0, _shortw_utils_js_1.createCurve)({
export const P224 = createCurve({
// Params: a, b

@@ -22,4 +19,4 @@ a: BigInt('0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe'),

lowS: false,
}, sha256_1.sha256 // TODO: replace with sha224 when new @noble/hashes released
}, sha256 // TODO: replace with sha224 when new @noble/hashes released
);
exports.secp224r1 = exports.P224;
export const secp224r1 = P224;

13

lib/definitions/p256.js

@@ -1,10 +0,7 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.secp256r1 = exports.P256 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const sha256_1 = require("@noble/hashes/sha256");
import { createCurve } from './_shortw_utils.js';
import { sha256 } from '@noble/hashes/sha256';
// NIST secp256r1 aka P256
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
exports.P256 = (0, _shortw_utils_js_1.createCurve)({
export const P256 = createCurve({
// Params: a, b

@@ -22,3 +19,3 @@ a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),

lowS: false,
}, sha256_1.sha256);
exports.secp256r1 = exports.P256;
}, sha256);
export const secp256r1 = P256;

13

lib/definitions/p384.js

@@ -1,11 +0,8 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.secp384r1 = exports.P384 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const sha512_1 = require("@noble/hashes/sha512");
import { createCurve } from './_shortw_utils.js';
import { sha384 } from '@noble/hashes/sha512';
// NIST secp384r1 aka P384
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384
// prettier-ignore
exports.P384 = (0, _shortw_utils_js_1.createCurve)({
export const P384 = createCurve({
// Params: a, b

@@ -23,3 +20,3 @@ a: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc'),

lowS: false,
}, sha512_1.sha384);
exports.secp384r1 = exports.P384;
}, sha384);
export const secp384r1 = P384;

22

lib/definitions/p521.d.ts

@@ -1,2 +0,2 @@

import { PrivKey } from '../utils';
import { PrivKey } from '../utils.js';
export declare const P521: Readonly<{

@@ -17,3 +17,3 @@ create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;

readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
randomBytes: typeof import("../utils").randomBytes;
randomBytes: typeof import("../utils.js").randomBytes;
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;

@@ -34,7 +34,7 @@ readonly sqrtMod?: ((n: bigint) => bigint) | undefined;

getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
sign: (msgHash: import("../utils").Hex, privKey: PrivKey, opts?: {
sign: (msgHash: import("../utils.js").Hex, privKey: PrivKey, opts?: {
lowS?: boolean | undefined;
extraEntropy?: (true | import("../utils").Hex) | undefined;
extraEntropy?: (true | import("../utils.js").Hex) | undefined;
} | undefined) => import("../weierstrass.js").SignatureType;
verify: (signature: import("../utils").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
lowS?: boolean | undefined;

@@ -56,3 +56,3 @@ } | undefined) => boolean;

isValidPrivateKey(privateKey: PrivKey): boolean;
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array;
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
randomPrivateKey: () => Uint8Array;

@@ -76,3 +76,3 @@ };

readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
randomBytes: typeof import("../utils").randomBytes;
randomBytes: typeof import("../utils.js").randomBytes;
readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;

@@ -93,7 +93,7 @@ readonly sqrtMod?: ((n: bigint) => bigint) | undefined;

getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
sign: (msgHash: import("../utils").Hex, privKey: PrivKey, opts?: {
sign: (msgHash: import("../utils.js").Hex, privKey: PrivKey, opts?: {
lowS?: boolean | undefined;
extraEntropy?: (true | import("../utils").Hex) | undefined;
extraEntropy?: (true | import("../utils.js").Hex) | undefined;
} | undefined) => import("../weierstrass.js").SignatureType;
verify: (signature: import("../utils").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
lowS?: boolean | undefined;

@@ -115,5 +115,5 @@ } | undefined) => boolean;

isValidPrivateKey(privateKey: PrivKey): boolean;
hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array;
hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
randomPrivateKey: () => Uint8Array;
};
}>;

17

lib/definitions/p521.js

@@ -1,8 +0,5 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.secp521r1 = exports.P521 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const sha512_1 = require("@noble/hashes/sha512");
const utils_1 = require("../utils");
import { createCurve } from './_shortw_utils.js';
import { sha512 } from '@noble/hashes/sha512';
import { bytesToHex } from '../utils.js';
// NIST secp521r1 aka P521

@@ -12,3 +9,3 @@ // Note that it's 521, which differs from 512 of its hash function.

// prettier-ignore
exports.P521 = (0, _shortw_utils_js_1.createCurve)({
export const P521 = createCurve({
// Params: a, b

@@ -30,3 +27,3 @@ a: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc'),

if (key instanceof Uint8Array)
key = (0, utils_1.bytesToHex)(key);
key = bytesToHex(key);
if (typeof key !== 'string' || !([130, 131, 132].includes(key.length))) {

@@ -37,3 +34,3 @@ throw new Error('Invalid key');

}
}, sha512_1.sha512);
exports.secp521r1 = exports.P521;
}, sha512);
export const secp521r1 = P521;

4

lib/definitions/pasta.d.ts

@@ -1,2 +0,2 @@

export declare const pallas: import("../weierstrass").CurveFn;
export declare const vesta: import("../weierstrass").CurveFn;
export declare const pallas: import("../weierstrass.js").CurveFn;
export declare const vesta: import("../weierstrass.js").CurveFn;

19

lib/definitions/pasta.js

@@ -1,13 +0,10 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.vesta = exports.pallas = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha256_1 = require("@noble/hashes/sha256");
const weierstrass_1 = require("../weierstrass");
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const mod = require("../modular");
import { sha256 } from '@noble/hashes/sha256';
import { weierstrass } from '../weierstrass.js';
import { getHash } from './_shortw_utils.js';
import * as mod from '../modular.js';
const p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001');
const q = BigInt('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001');
// https://neuromancer.sk/std/other/Pallas
exports.pallas = (0, weierstrass_1.weierstrass)({
export const pallas = weierstrass({
a: BigInt(0),

@@ -20,6 +17,6 @@ b: BigInt(5),

h: BigInt(1),
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
...getHash(sha256),
});
// https://neuromancer.sk/std/other/Vesta
exports.vesta = (0, weierstrass_1.weierstrass)({
export const vesta = weierstrass({
a: BigInt(0),

@@ -32,3 +29,3 @@ b: BigInt(5),

h: BigInt(1),
...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
...getHash(sha256),
});

22

lib/definitions/secp256k1.d.ts

@@ -1,5 +0,5 @@

import { PointType } from '../weierstrass';
import { Hex, PrivKey, randomBytes } from '../utils';
import { PointType } from '../weierstrass.js';
import { Hex, PrivKey, randomBytes } from '../utils.js';
export declare const secp256k1: Readonly<{
create: (hash: import("../weierstrass").CHash) => import("../weierstrass").CurveFn;
create: (hash: import("../weierstrass.js").CHash) => import("../weierstrass.js").CurveFn;
CURVE: Readonly<{

@@ -16,3 +16,3 @@ readonly nBitLength: number;

lowS: boolean;
readonly hash: import("../weierstrass").CHash;
readonly hash: import("../weierstrass.js").CHash;
readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;

@@ -34,13 +34,13 @@ randomBytes: typeof randomBytes;

getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
getSharedSecret: (privateA: PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
sign: (msgHash: Hex, privKey: PrivKey, opts?: {
lowS?: boolean | undefined;
extraEntropy?: (true | Hex) | undefined;
} | undefined) => import("../weierstrass").SignatureType;
verify: (signature: Hex | import("../weierstrass").SignatureType, msgHash: Hex, publicKey: import("../weierstrass").PubKey, opts?: {
} | undefined) => import("../weierstrass.js").SignatureType;
verify: (signature: Hex | import("../weierstrass.js").SignatureType, msgHash: Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
lowS?: boolean | undefined;
} | undefined) => boolean;
Point: import("../weierstrass").PointConstructor;
JacobianPoint: import("../weierstrass").JacobianPointConstructor;
Signature: import("../weierstrass").SignatureConstructor;
Point: import("../weierstrass.js").PointConstructor;
JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
Signature: import("../weierstrass.js").SignatureConstructor;
utils: {

@@ -52,3 +52,3 @@ mod: (a: bigint, b?: bigint | undefined) => bigint;

_normalizePrivateKey: (key: PrivKey) => bigint;
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => PointType;
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => PointType;
_isWithinCurveOrder: (num: bigint) => boolean;

@@ -55,0 +55,0 @@ _isValidFieldElement: (num: bigint) => boolean;

110

lib/definitions/secp256k1.js

@@ -1,9 +0,6 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.schnorr = exports.taggedHash = exports.secp256k1 = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha256_1 = require("@noble/hashes/sha256");
const modular_1 = require("../modular");
const _shortw_utils_js_1 = require("./_shortw_utils.js");
const utils_1 = require("../utils");
import { sha256 } from '@noble/hashes/sha256';
import { mod, pow2 } from '../modular.js';
import { createCurve } from './_shortw_utils.js';
import { ensureBytes, concatBytes, hexToBytes, bytesToNumberBE, randomBytes, } from '../utils.js';
/**

@@ -38,16 +35,16 @@ * secp256k1 belongs to Koblitz curves: it has

const b3 = (b2 * b2 * y) % P; // x^7
const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P;
const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P;
const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P;
const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P;
const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P;
const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P;
const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P;
const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P;
const b223 = ((0, modular_1.pow2)(b220, _3n, P) * b3) % P;
const t1 = ((0, modular_1.pow2)(b223, _23n, P) * b22) % P;
const t2 = ((0, modular_1.pow2)(t1, _6n, P) * b2) % P;
return (0, modular_1.pow2)(t2, _2n, P);
const b6 = (pow2(b3, _3n, P) * b3) % P;
const b9 = (pow2(b6, _3n, P) * b3) % P;
const b11 = (pow2(b9, _2n, P) * b2) % P;
const b22 = (pow2(b11, _11n, P) * b11) % P;
const b44 = (pow2(b22, _22n, P) * b22) % P;
const b88 = (pow2(b44, _44n, P) * b44) % P;
const b176 = (pow2(b88, _88n, P) * b88) % P;
const b220 = (pow2(b176, _44n, P) * b44) % P;
const b223 = (pow2(b220, _3n, P) * b3) % P;
const t1 = (pow2(b223, _23n, P) * b22) % P;
const t2 = (pow2(t1, _6n, P) * b2) % P;
return pow2(t2, _2n, P);
}
exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
export const secp256k1 = createCurve({
// Params: a, b

@@ -81,4 +78,4 @@ // Seem to be rigid https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975

const c2 = divNearest(-b1 * k, n);
let k1 = (0, modular_1.mod)(k - c1 * a1 - c2 * a2, n);
let k2 = (0, modular_1.mod)(-c1 * b1 - c2 * b2, n);
let k1 = mod(k - c1 * a1 - c2 * a2, n);
let k2 = mod(-c1 * b1 - c2 * b2, n);
const k1neg = k1 > POW_2_128;

@@ -96,11 +93,11 @@ const k2neg = k2 > POW_2_128;

},
}, sha256_1.sha256);
}, sha256);
// Schnorr
const _0n = BigInt(0);
const numTo32b = exports.secp256k1.utils._bigintToBytes;
const numTo32bStr = exports.secp256k1.utils._bigintToString;
const normalizePrivateKey = exports.secp256k1.utils._normalizePrivateKey;
const numTo32b = secp256k1.utils._bigintToBytes;
const numTo32bStr = secp256k1.utils._bigintToString;
const normalizePrivateKey = secp256k1.utils._normalizePrivateKey;
// TODO: export?
function normalizePublicKey(publicKey) {
if (publicKey instanceof exports.secp256k1.Point) {
if (publicKey instanceof secp256k1.Point) {
publicKey.assertValidity();

@@ -110,9 +107,9 @@ return publicKey;

else {
const bytes = (0, utils_1.ensureBytes)(publicKey);
const bytes = ensureBytes(publicKey);
// Schnorr is 32 bytes
if (bytes.length === 32) {
const x = (0, utils_1.bytesToNumberBE)(bytes);
const x = bytesToNumberBE(bytes);
if (!isValidFieldElement(x))
throw new Error('Point is not on curve');
const y2 = exports.secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
const y2 = secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
let y = sqrtMod(y2); // y = y² ^ (p+1)/4

@@ -122,4 +119,4 @@ const isYOdd = (y & _1n) === _1n;

if (isYOdd)
y = (0, modular_1.mod)(-y, exports.secp256k1.CURVE.P);
const point = new exports.secp256k1.Point(x, y);
y = mod(-y, secp256k1.CURVE.P);
const point = new secp256k1.Point(x, y);
point.assertValidity();

@@ -129,7 +126,7 @@ return point;

// Do we need that in schnorr at all?
return exports.secp256k1.Point.fromHex(publicKey);
return secp256k1.Point.fromHex(publicKey);
}
}
const isWithinCurveOrder = exports.secp256k1.utils._isWithinCurveOrder;
const isValidFieldElement = exports.secp256k1.utils._isValidFieldElement;
const isWithinCurveOrder = secp256k1.utils._isWithinCurveOrder;
const isValidFieldElement = secp256k1.utils._isValidFieldElement;
const TAGS = {

@@ -142,12 +139,11 @@ challenge: 'BIP0340/challenge',

const TAGGED_HASH_PREFIXES = {};
function taggedHash(tag, ...messages) {
export function taggedHash(tag, ...messages) {
let tagP = TAGGED_HASH_PREFIXES[tag];
if (tagP === undefined) {
const tagH = (0, sha256_1.sha256)(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
tagP = (0, utils_1.concatBytes)(tagH, tagH);
const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
tagP = concatBytes(tagH, tagH);
TAGGED_HASH_PREFIXES[tag] = tagP;
}
return (0, sha256_1.sha256)((0, utils_1.concatBytes)(tagP, ...messages));
return sha256(concatBytes(tagP, ...messages));
}
exports.taggedHash = taggedHash;
const toRawX = (point) => point.toRawBytes(true).slice(1);

@@ -157,3 +153,3 @@ // Schnorr signatures are superior to ECDSA from above.

function schnorrChallengeFinalize(ch) {
return (0, modular_1.mod)((0, utils_1.bytesToNumberBE)(ch), exports.secp256k1.CURVE.n);
return mod(bytesToNumberBE(ch), secp256k1.CURVE.n);
}

@@ -168,7 +164,7 @@ // Do we need this at all for Schnorr?

static fromHex(hex) {
const bytes = (0, utils_1.ensureBytes)(hex);
const bytes = ensureBytes(hex);
if (bytes.length !== 64)
throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`);
const r = (0, utils_1.bytesToNumberBE)(bytes.subarray(0, 32));
const s = (0, utils_1.bytesToNumberBE)(bytes.subarray(32, 64));
const r = bytesToNumberBE(bytes.subarray(0, 32));
const s = bytesToNumberBE(bytes.subarray(32, 64));
return new SchnorrSignature(r, s);

@@ -185,8 +181,8 @@ }

toRawBytes() {
return (0, utils_1.hexToBytes)(this.toHex());
return hexToBytes(this.toHex());
}
}
function schnorrGetScalar(priv) {
const point = exports.secp256k1.Point.fromPrivateKey(priv);
const scalar = point.hasEvenY() ? priv : exports.secp256k1.CURVE.n - priv;
const point = secp256k1.Point.fromPrivateKey(priv);
const scalar = point.hasEvenY() ? priv : secp256k1.CURVE.n - priv;
return { point, scalar, x: toRawX(point) };

@@ -201,9 +197,9 @@ }

*/
function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)) {
function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
if (message == null)
throw new TypeError(`sign: Expected valid message, not "${message}"`);
const m = (0, utils_1.ensureBytes)(message);
const m = ensureBytes(message);
// checks for isWithinCurveOrder
const { x: px, scalar: d } = schnorrGetScalar(normalizePrivateKey(privateKey));
const rand = (0, utils_1.ensureBytes)(auxRand);
const rand = ensureBytes(auxRand);
if (rand.length !== 32)

@@ -213,5 +209,5 @@ throw new TypeError('sign: Expected 32 bytes of aux randomness');

const t0h = tag(TAGS.aux, rand);
const t = numTo32b(d ^ (0, utils_1.bytesToNumberBE)(t0h));
const t = numTo32b(d ^ bytesToNumberBE(t0h));
const k0h = tag(TAGS.nonce, t, px, m);
const k0 = (0, modular_1.mod)((0, utils_1.bytesToNumberBE)(k0h), exports.secp256k1.CURVE.n);
const k0 = mod(bytesToNumberBE(k0h), secp256k1.CURVE.n);
if (k0 === _0n)

@@ -221,3 +217,3 @@ throw new Error('sign: Creation of signature failed. k is zero');

const e = schnorrChallengeFinalize(tag(TAGS.challenge, rx, px, m));
const sig = new SchnorrSignature(R.x, (0, modular_1.mod)(k + e * d, exports.secp256k1.CURVE.n)).toRawBytes();
const sig = new SchnorrSignature(R.x, mod(k + e * d, secp256k1.CURVE.n)).toRawBytes();
if (!schnorrVerify(sig, m, px))

@@ -237,3 +233,3 @@ throw new Error('sign: Invalid signature produced');

const { r, s } = sig;
const m = (0, utils_1.ensureBytes)(message);
const m = ensureBytes(message);
const P = normalizePublicKey(publicKey);

@@ -244,3 +240,3 @@ const e = schnorrChallengeFinalize(taggedHash(TAGS.challenge, numTo32b(r), toRawX(P), m));

// -eP == (n-e)P
const R = exports.secp256k1.Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), (0, modular_1.mod)(-e, exports.secp256k1.CURVE.n));
const R = secp256k1.Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), mod(-e, secp256k1.CURVE.n));
if (!R || !R.hasEvenY() || R.x !== r)

@@ -254,8 +250,8 @@ return false;

}
exports.schnorr = {
export const schnorr = {
Signature: SchnorrSignature,
// Schnorr's pubkey is just `x` of Point (BIP340)
getPublicKey: (privateKey) => toRawX(exports.secp256k1.Point.fromPrivateKey(privateKey)),
getPublicKey: (privateKey) => toRawX(secp256k1.Point.fromPrivateKey(privateKey)),
sign: schnorrSign,
verify: schnorrVerify,
};

12

lib/definitions/stark.d.ts

@@ -1,7 +0,7 @@

import { CHash } from '../weierstrass';
import * as cutils from '../utils';
export declare const starkCurve: import("../weierstrass").CurveFn;
import { CHash } from '../weierstrass.js';
import * as cutils from '../utils.js';
export declare const starkCurve: import("../weierstrass.js").CurveFn;
declare function getPublicKey0x(privKey: Hex, isCompressed?: boolean): Uint8Array;
declare function getSharedSecret0x(privKeyA: Hex, pubKeyB: Hex): Uint8Array;
declare function sign0x(msgHash: Hex, privKey: Hex, opts: any): import("../weierstrass").SignatureType;
declare function sign0x(msgHash: Hex, privKey: Hex, opts: any): import("../weierstrass.js").SignatureType;
declare function verify0x(signature: Hex, msgHash: Hex, pubKey: Hex): boolean;

@@ -34,3 +34,3 @@ declare const CURVE: Readonly<{

} | undefined;
}>, Point: import("../weierstrass").PointConstructor, JacobianPoint: import("../weierstrass").JacobianPointConstructor, Signature: import("../weierstrass").SignatureConstructor;
}>, Point: import("../weierstrass.js").PointConstructor, JacobianPoint: import("../weierstrass.js").JacobianPointConstructor, Signature: import("../weierstrass.js").SignatureConstructor;
export declare const utils: {

@@ -42,3 +42,3 @@ mod: (a: bigint, b?: bigint | undefined) => bigint;

_normalizePrivateKey: (key: cutils.PrivKey) => bigint;
_normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => import("../weierstrass").PointType;
_normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
_isWithinCurveOrder: (num: bigint) => boolean;

@@ -45,0 +45,0 @@ _isValidFieldElement: (num: bigint) => boolean;

99

lib/definitions/stark.js

@@ -1,11 +0,8 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.keccak = exports.computeHashOnElements = exports.hashChain = exports.pedersen = exports.getAccountPath = exports.ethSigToPrivate = exports.getStarkKey = exports.grindKey = exports.numberToHexEth = exports.strip0x = exports.bytesToHexEth = exports.verify = exports.sign = exports.getSharedSecret = exports.getPublicKey = exports.JacobianPoint = exports.Signature = exports.Point = exports.CURVE = exports.utils = exports.starkCurve = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
const sha3_1 = require("@noble/hashes/sha3");
const sha256_1 = require("@noble/hashes/sha256");
const hmac_1 = require("@noble/hashes/hmac");
const utils_1 = require("@noble/hashes/utils");
const weierstrass_1 = require("../weierstrass");
const cutils = require("../utils");
import { keccak_256 } from '@noble/hashes/sha3';
import { sha256 } from '@noble/hashes/sha256';
import { hmac } from '@noble/hashes/hmac';
import { concatBytes } from '@noble/hashes/utils';
import { weierstrass } from '../weierstrass.js';
import * as cutils from '../utils.js';
// Stark-friendly elliptic curve

@@ -17,3 +14,3 @@ // https://docs.starkware.co/starkex/stark-curve.html

hash,
hmac: (key, ...msgs) => (0, hmac_1.hmac)(hash, key, (0, utils_1.concatBytes)(...msgs)),
hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),
};

@@ -23,3 +20,3 @@ }

const nBitLength = 252;
exports.starkCurve = (0, weierstrass_1.weierstrass)({
export const starkCurve = weierstrass({
// Params: a, b

@@ -40,3 +37,3 @@ a: BigInt(1),

lowS: false,
...getHash(sha256_1.sha256),
...getHash(sha256),
truncateHash: (hash, truncateOnly = false) => {

@@ -70,3 +67,3 @@ // TODO: cleanup, ugly code

}
hex = (0, exports.strip0x)(hex);
hex = strip0x(hex);
if (hex.length & 1)

@@ -93,3 +90,3 @@ hex = '0' + hex; // padding

// TODO: strip vs no strip?
return BigInt(`0x${(0, exports.strip0x)(hex)}`);
return BigInt(`0x${strip0x(hex)}`);
}

@@ -108,31 +105,21 @@ function bytesToNumber0x(bytes) {

function getPublicKey0x(privKey, isCompressed) {
return exports.starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
return starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
}
exports.getPublicKey = getPublicKey0x;
function getSharedSecret0x(privKeyA, pubKeyB) {
return exports.starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB);
return starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB);
}
exports.getSharedSecret = getSharedSecret0x;
function sign0x(msgHash, privKey, opts) {
return exports.starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts);
return starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts);
}
exports.sign = sign0x;
function verify0x(signature, msgHash, pubKey) {
const sig = signature instanceof Signature ? signature : ensureBytes0x(signature);
return exports.starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey));
return starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey));
}
exports.verify = verify0x;
const { CURVE, Point, JacobianPoint, Signature } = exports.starkCurve;
exports.CURVE = CURVE;
exports.Point = Point;
exports.JacobianPoint = JacobianPoint;
exports.Signature = Signature;
exports.utils = exports.starkCurve.utils;
const { CURVE, Point, JacobianPoint, Signature } = starkCurve;
export const utils = starkCurve.utils;
export { CURVE, Point, Signature, JacobianPoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
const stripLeadingZeros = (s) => s.replace(/^0+/gm, '');
const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`;
exports.bytesToHexEth = bytesToHexEth;
const strip0x = (hex) => hex.replace(/^0x/i, '');
exports.strip0x = strip0x;
const numberToHexEth = (num) => `0x${num.toString(16)}`;
exports.numberToHexEth = numberToHexEth;
export const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`;
export const strip0x = (hex) => hex.replace(/^0x/i, '');
export const numberToHexEth = (num) => `0x${num.toString(16)}`;
// 1. seed generation

@@ -143,8 +130,8 @@ function hashKeyWithIndex(key, index) {

indexHex = '0' + indexHex;
return bytesToNumber0x((0, sha256_1.sha256)(cutils.concatBytes(key, hexToBytes0x(indexHex))));
return bytesToNumber0x(sha256(cutils.concatBytes(key, hexToBytes0x(indexHex))));
}
function grindKey(seed) {
export function grindKey(seed) {
const _seed = ensureBytes0x(seed);
const sha256mask = 2n ** 256n;
const limit = sha256mask - exports.starkCurve.utils.mod(sha256mask, exports.starkCurve.CURVE.n);
const limit = sha256mask - starkCurve.utils.mod(sha256mask, starkCurve.CURVE.n);
for (let i = 0;; i++) {

@@ -154,12 +141,10 @@ const key = hashKeyWithIndex(_seed, i);

if (key < limit)
return exports.starkCurve.utils.mod(key, exports.starkCurve.CURVE.n).toString(16);
return starkCurve.utils.mod(key, starkCurve.CURVE.n).toString(16);
}
}
exports.grindKey = grindKey;
function getStarkKey(privateKey) {
return (0, exports.bytesToHexEth)(getPublicKey0x(privateKey, true).slice(1));
export function getStarkKey(privateKey) {
return bytesToHexEth(getPublicKey0x(privateKey, true).slice(1));
}
exports.getStarkKey = getStarkKey;
function ethSigToPrivate(signature) {
signature = (0, exports.strip0x)(signature.replace(/^0x/, ''));
export function ethSigToPrivate(signature) {
signature = strip0x(signature.replace(/^0x/, ''));
if (signature.length !== 130)

@@ -169,12 +154,10 @@ throw new Error('Wrong ethereum signature');

}
exports.ethSigToPrivate = ethSigToPrivate;
const MASK_31 = 2n ** 31n - 1n;
const int31 = (n) => Number(n & MASK_31);
function getAccountPath(layer, application, ethereumAddress, index) {
const layerNum = int31(bytesToNumber0x((0, sha256_1.sha256)(layer)));
const applicationNum = int31(bytesToNumber0x((0, sha256_1.sha256)(application)));
export function getAccountPath(layer, application, ethereumAddress, index) {
const layerNum = int31(bytesToNumber0x(sha256(layer)));
const applicationNum = int31(bytesToNumber0x(sha256(application)));
const eth = hexToNumber0x(ethereumAddress);
return `m/2645'/${layerNum}'/${applicationNum}'/${int31(eth)}'/${int31(eth >> 31n)}'/${index}`;
}
exports.getAccountPath = getAccountPath;
// https://docs.starkware.co/starkex/pedersen-hash-function.html

@@ -218,3 +201,3 @@ const PEDERSEN_POINTS = [

// [0..Fp)
if (!(0n <= value && value < exports.starkCurve.CURVE.P))
if (!(0n <= value && value < starkCurve.CURVE.P))
throw new Error(`PedersenArg should be 0 <= value < CURVE.P: ${value}`);

@@ -236,14 +219,13 @@ return value;

// shift_point + x_low * P_0 + x_high * P1 + y_low * P2 + y_high * P3
function pedersen(x, y) {
export function pedersen(x, y) {
let point = PEDERSEN_POINTS_JACOBIAN[0];
point = pedersenSingle(point, x, PEDERSEN_POINTS1);
point = pedersenSingle(point, y, PEDERSEN_POINTS2);
return (0, exports.bytesToHexEth)(point.toAffine().toRawBytes(true).slice(1));
return bytesToHexEth(point.toAffine().toRawBytes(true).slice(1));
}
exports.pedersen = pedersen;
function hashChain(data, fn = pedersen) {
export function hashChain(data, fn = pedersen) {
if (!Array.isArray(data) || data.length < 1)
throw new Error('data should be array of at least 1 element');
if (data.length === 1)
return (0, exports.numberToHexEth)(pedersenArg(data[0]));
return numberToHexEth(pedersenArg(data[0]));
return Array.from(data)

@@ -253,8 +235,5 @@ .reverse()

}
exports.hashChain = hashChain;
// Same as hashChain, but computes hash even for single element and order is not revesed
const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y));
exports.computeHashOnElements = computeHashOnElements;
export const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y));
const MASK_250 = 2n ** 250n - 1n;
const keccak = (data) => bytesToNumber0x((0, sha3_1.keccak_256)(data)) & MASK_250;
exports.keccak = keccak;
export const keccak = (data) => bytesToNumber0x(keccak_256(data)) & MASK_250;

54

lib/edwards.js

@@ -1,6 +0,3 @@

"use strict";
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
// Implementation of Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²
Object.defineProperty(exports, "__esModule", { value: true });
exports.twistedEdwards = void 0;
// Differences from @noble/ed25519 1.7:

@@ -13,5 +10,5 @@ // 1. Different field element lengths in ed448:

// 5. Domain function was no-op for ed25519, but adds some data even with empty context for ed448
const mod = require("./modular.js");
const utils_js_1 = require("./utils.js"); // TODO: import * as u from './utils.js'?
const group_js_1 = require("./group.js");
import * as mod from './modular.js';
import { bytesToHex, concatBytes, ensureBytes, numberToBytesLE, bytesToNumberLE, hashToPrivateScalar, validateOpts as utilOpts, randomBytes as utilRandomBytes, } from './utils.js'; // TODO: import * as u from './utils.js'?
import { wNAF } from './group.js';
// Be friendly to bad ECMAScript parsers by not using bigint literals like 123n

@@ -24,3 +21,3 @@ const _0n = BigInt(0);

function validateOpts(curve) {
const opts = (0, utils_js_1.validateOpts)(curve);
const opts = utilOpts(curve);
if (typeof opts.hash !== 'function' || !Number.isSafeInteger(opts.hash.outputLen))

@@ -39,6 +36,6 @@ throw new Error('Invalid hash function');

// Set defaults
return Object.freeze({ randomBytes: utils_js_1.randomBytes, ...opts });
return Object.freeze({ randomBytes: utilRandomBytes, ...opts });
}
// NOTE: it is not generic twisted curve for now, but ed25519/ed448 generic implementation
function twistedEdwards(curveDef) {
export function twistedEdwards(curveDef) {
const CURVE = validateOpts(curveDef);

@@ -251,3 +248,3 @@ const CURVE_ORDER = CURVE.n;

ExtendedPoint.ZERO = new ExtendedPoint(_0n, _1n, _1n, _0n);
const wnaf = (0, group_js_1.wNAF)(ExtendedPoint, groupLen * 8);
const wnaf = wNAF(ExtendedPoint, groupLen * 8);
function assertExtPoint(other) {

@@ -276,3 +273,3 @@ if (!(other instanceof ExtendedPoint))

const { d, P, a } = CURVE;
hex = (0, utils_js_1.ensureBytes)(hex, fieldLen);
hex = ensureBytes(hex, fieldLen);
// 1. First, interpret the string as an integer in little-endian

@@ -286,3 +283,3 @@ // representation. Bit 255 of this number is the least significant

normed[fieldLen - 1] = lastByte & ~0x80;
const y = (0, utils_js_1.bytesToNumberLE)(normed);
const y = bytesToNumberLE(normed);
if (strict && y >= P)

@@ -323,3 +320,3 @@ throw new Error('Expected 0 < hex < P');

toRawBytes() {
const bytes = (0, utils_js_1.numberToBytesLE)(this.y, fieldLen);
const bytes = numberToBytesLE(this.y, fieldLen);
bytes[fieldLen - 1] |= this.x & _1n ? 0x80 : 0;

@@ -330,3 +327,3 @@ return bytes;

toHex() {
return (0, utils_js_1.bytesToHex)(this.toRawBytes());
return bytesToHex(this.toRawBytes());
}

@@ -378,5 +375,5 @@ isTorsionFree() {

static fromHex(hex) {
const bytes = (0, utils_js_1.ensureBytes)(hex, 2 * fieldLen);
const bytes = ensureBytes(hex, 2 * fieldLen);
const r = Point.fromHex(bytes.slice(0, fieldLen), false);
const s = (0, utils_js_1.bytesToNumberLE)(bytes.slice(fieldLen, 2 * fieldLen));
const s = bytesToNumberLE(bytes.slice(fieldLen, 2 * fieldLen));
return new Signature(r, s);

@@ -393,6 +390,6 @@ }

toRawBytes() {
return (0, utils_js_1.concatBytes)(this.r.toRawBytes(), (0, utils_js_1.numberToBytesLE)(this.s, fieldLen));
return concatBytes(this.r.toRawBytes(), numberToBytesLE(this.s, fieldLen));
}
toHex() {
return (0, utils_js_1.bytesToHex)(this.toRawBytes());
return bytesToHex(this.toRawBytes());
}

@@ -402,3 +399,3 @@ }

function modlLE(hash) {
return mod.mod((0, utils_js_1.bytesToNumberLE)(hash), CURVE_ORDER);
return mod.mod(bytesToNumberLE(hash), CURVE_ORDER);
}

@@ -432,4 +429,4 @@ /**

typeof key === 'bigint' || typeof key === 'number'
? (0, utils_js_1.numberToBytesLE)(normalizeScalar(key, maxGroupElement), groupLen)
: (0, utils_js_1.ensureBytes)(key);
? numberToBytesLE(normalizeScalar(key, maxGroupElement), groupLen)
: ensureBytes(key);
if (key.length !== groupLen)

@@ -467,3 +464,3 @@ throw new Error(`Expected ${groupLen} bytes, got ${key.length}`);

function hashDomainToScalar(message, context = EMPTY) {
context = (0, utils_js_1.ensureBytes)(context);
context = ensureBytes(context);
return modlLE(CURVE.hash(domain(message, context, !!CURVE.preHash)));

@@ -473,9 +470,9 @@ }

function sign(message, privateKey, context) {
message = (0, utils_js_1.ensureBytes)(message);
message = ensureBytes(message);
if (CURVE.preHash)
message = CURVE.preHash(message);
const { prefix, scalar, pointBytes } = getExtendedPublicKey(privateKey);
const r = hashDomainToScalar((0, utils_js_1.concatBytes)(prefix, message), context);
const r = hashDomainToScalar(concatBytes(prefix, message), context);
const R = Point.BASE.multiply(r); // R = rG
const k = hashDomainToScalar((0, utils_js_1.concatBytes)(R.toRawBytes(), pointBytes, message), context); // k = hash(R+P+msg)
const k = hashDomainToScalar(concatBytes(R.toRawBytes(), pointBytes, message), context); // k = hash(R+P+msg)
const s = mod.mod(r + k * scalar, CURVE_ORDER); // s = r + kp

@@ -494,3 +491,3 @@ return new Signature(R, s).toRawBytes();

function verify(sig, message, publicKey, context) {
message = (0, utils_js_1.ensureBytes)(message);
message = ensureBytes(message);
if (CURVE.preHash)

@@ -520,3 +517,3 @@ message = CURVE.preHash(message);

const SB = ExtendedPoint.BASE.multiplyUnsafe(s);
const k = hashDomainToScalar((0, utils_js_1.concatBytes)(r.toRawBytes(), publicKey.toRawBytes(), message), context);
const k = hashDomainToScalar(concatBytes(r.toRawBytes(), publicKey.toRawBytes(), message), context);
const kA = ExtendedPoint.fromAffine(publicKey).multiplyUnsafe(k);

@@ -536,3 +533,3 @@ const RkA = ExtendedPoint.fromAffine(r).add(kA);

*/
hashToPrivateScalar: (hash) => (0, utils_js_1.hashToPrivateScalar)(hash, CURVE_ORDER, true),
hashToPrivateScalar: (hash) => hashToPrivateScalar(hash, CURVE_ORDER, true),
/**

@@ -567,2 +564,1 @@ * ed25519 private keys are uniform 32-bit strings. We do not need to check for

}
exports.twistedEdwards = twistedEdwards;

6

lib/group.js

@@ -1,4 +0,1 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.wNAF = void 0;
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */

@@ -9,3 +6,3 @@ // Default group related functions

// Not big, but pretty complex and it is easy to break stuff. To avoid too much copy paste
function wNAF(c, bits) {
export function wNAF(c, bits) {
const constTimeNegate = (condition, item) => {

@@ -112,2 +109,1 @@ const neg = item.negate();

}
exports.wNAF = wNAF;

30

lib/modular.js

@@ -1,5 +0,2 @@

"use strict";
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
Object.defineProperty(exports, "__esModule", { value: true });
exports.isNegativeLE = exports.sqrt = exports.legendre = exports.invertBatch = exports.div = exports.invert = exports.pow2 = exports.pow = exports.mod = void 0;
// Utilities for modular arithmetics

@@ -10,7 +7,6 @@ const _0n = BigInt(0);

// Calculates a modulo b
function mod(a, b) {
export function mod(a, b) {
const result = a % b;
return result >= _0n ? result : b + result;
}
exports.mod = mod;
/**

@@ -22,3 +18,3 @@ * Efficiently exponentiate num to power and do modular division.

*/
function pow(num, power, modulo) {
export function pow(num, power, modulo) {
if (modulo <= _0n || power < _0n)

@@ -37,5 +33,4 @@ throw new Error('Expected power/modulo > 0');

}
exports.pow = pow;
// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)
function pow2(x, power, modulo) {
export function pow2(x, power, modulo) {
let res = x;

@@ -48,5 +43,4 @@ while (power-- > _0n) {

}
exports.pow2 = pow2;
// Inverses number over modulo
function invert(number, modulo) {
export function invert(number, modulo) {
if (number === _0n || modulo <= _0n) {

@@ -73,3 +67,2 @@ throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);

}
exports.invert = invert;
/**

@@ -79,3 +72,3 @@ * Division over finite field.

*/
function div(numerator, denominator, modulo) {
export function div(numerator, denominator, modulo) {
const num = mod(numerator, modulo);

@@ -85,3 +78,2 @@ const iden = invert(denominator, modulo);

}
exports.div = div;
/**

@@ -96,3 +88,3 @@ * Takes a list of numbers, efficiently inverts all of them.

*/
function invertBatch(nums, modulo) {
export function invertBatch(nums, modulo) {
const scratch = new Array(nums.length);

@@ -117,3 +109,2 @@ // Walk from first to last, multiply them by each other MOD p

}
exports.invertBatch = invertBatch;
/**

@@ -125,10 +116,9 @@ * Calculates Legendre symbol (a | p), which denotes the value of a^((p-1)/2) (mod p).

*/
function legendre(num, P) {
export function legendre(num, P) {
return pow(num, (P - _1n) / _2n, P);
}
exports.legendre = legendre;
/**
* Calculates square root of a number in a finite field.
*/
function sqrt(number, modulo) {
export function sqrt(number, modulo) {
// prettier-ignore

@@ -183,6 +173,4 @@ const _3n = BigInt(3), _4n = BigInt(4), _5n = BigInt(5), _8n = BigInt(8);

}
exports.sqrt = sqrt;
// Little-endian check for first LE bit (last BE bit);
const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;
exports.isNegativeLE = isNegativeLE;
export const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;
// An idea on modular arithmetic for bls12-381:

@@ -189,0 +177,0 @@ // const FIELD = {add, pow, sqrt, mul};

22

lib/montgomery.js

@@ -1,6 +0,5 @@

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.montgomery = void 0;
const mod = require("./modular.js");
const utils_js_1 = require("./utils.js");
import * as mod from './modular.js';
import { ensureBytes, numberToBytesLE, bytesToNumberLE,
// nLength,
} from './utils.js';
const _0n = BigInt(0);

@@ -37,3 +36,3 @@ const _1n = BigInt(1);

// Uses only one coordinate instead of two
function montgomery(curveDef) {
export function montgomery(curveDef) {
const CURVE = validateOpts(curveDef);

@@ -149,6 +148,6 @@ const { P } = CURVE;

function encodeUCoordinate(u) {
return (0, utils_js_1.numberToBytesLE)(modP(u), montgomeryBytes);
return numberToBytesLE(modP(u), montgomeryBytes);
}
function decodeUCoordinate(uEnc) {
const u = (0, utils_js_1.ensureBytes)(uEnc, montgomeryBytes);
const u = ensureBytes(uEnc, montgomeryBytes);
// Section 5: When receiving such an array, implementations of X25519

@@ -159,9 +158,9 @@ // MUST mask the most significant bit in the final byte.

u[fieldLen - 1] &= 127; // 0b0111_1111
return (0, utils_js_1.bytesToNumberLE)(u);
return bytesToNumberLE(u);
}
function decodeScalar(n) {
const bytes = (0, utils_js_1.ensureBytes)(n);
const bytes = ensureBytes(n);
if (bytes.length !== montgomeryBytes && bytes.length !== fieldLen)
throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${bytes.length}`);
return (0, utils_js_1.bytesToNumberLE)(adjustScalarBytes(bytes));
return bytesToNumberLE(adjustScalarBytes(bytes));
}

@@ -194,2 +193,1 @@ // Multiply point u by scalar

}
exports.montgomery = montgomery;

60

lib/utils.js

@@ -1,9 +0,6 @@

"use strict";
/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
Object.defineProperty(exports, "__esModule", { value: true });
exports.randomBytes = exports.equalBytes = exports.hashToPrivateScalar = exports.nLength = exports.concatBytes = exports.ensureBytes = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.validateOpts = void 0;
// The import here is via the package name. This is to ensure
// that exports mapping/resolution does fall into place.
const crypto_1 = require("@noble/curves/crypto");
function validateOpts(curve) {
import { crypto } from './crypto.js';
export function validateOpts(curve) {
for (const i of ['P', 'n', 'h', 'Gx', 'Gy']) {

@@ -22,6 +19,5 @@ if (typeof curve[i] !== 'bigint')

}
exports.validateOpts = validateOpts;
const mod = require("./modular.js");
import * as mod from './modular.js';
const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
function bytesToHex(uint8a) {
export function bytesToHex(uint8a) {
if (!(uint8a instanceof Uint8Array))

@@ -36,9 +32,7 @@ throw new Error('Expected Uint8Array');

}
exports.bytesToHex = bytesToHex;
function numberToHexUnpadded(num) {
export function numberToHexUnpadded(num) {
const hex = num.toString(16);
return hex.length & 1 ? `0${hex}` : hex;
}
exports.numberToHexUnpadded = numberToHexUnpadded;
function hexToNumber(hex) {
export function hexToNumber(hex) {
if (typeof hex !== 'string') {

@@ -50,5 +44,4 @@ throw new TypeError('hexToNumber: expected string, got ' + typeof hex);

}
exports.hexToNumber = hexToNumber;
// Caching slows it down 2-3x
function hexToBytes(hex) {
export function hexToBytes(hex) {
if (typeof hex !== 'string') {

@@ -70,9 +63,7 @@ throw new TypeError('hexToBytes: expected string, got ' + typeof hex);

}
exports.hexToBytes = hexToBytes;
// Big Endian
function bytesToNumberBE(bytes) {
export function bytesToNumberBE(bytes) {
return hexToNumber(bytesToHex(bytes));
}
exports.bytesToNumberBE = bytesToNumberBE;
function bytesToNumberLE(uint8a) {
export function bytesToNumberLE(uint8a) {
if (!(uint8a instanceof Uint8Array))

@@ -82,8 +73,5 @@ throw new Error('Expected Uint8Array');

}
exports.bytesToNumberLE = bytesToNumberLE;
const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0'));
exports.numberToBytesBE = numberToBytesBE;
const numberToBytesLE = (n, len) => (0, exports.numberToBytesBE)(n, len).reverse();
exports.numberToBytesLE = numberToBytesLE;
function ensureBytes(hex, expectedLength) {
export const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0'));
export const numberToBytesLE = (n, len) => numberToBytesBE(n, len).reverse();
export function ensureBytes(hex, expectedLength) {
// Uint8Array.from() instead of hash.slice() because node.js Buffer

@@ -96,5 +84,4 @@ // is instance of Uint8Array, and its slice() creates **mutable** copy

}
exports.ensureBytes = ensureBytes;
// Copies several Uint8Arrays into one.
function concatBytes(...arrays) {
export function concatBytes(...arrays) {
if (!arrays.every((b) => b instanceof Uint8Array))

@@ -113,5 +100,4 @@ throw new Error('Uint8Array list expected');

}
exports.concatBytes = concatBytes;
// CURVE.n lengths
function nLength(n, nBitLength) {
export function nLength(n, nBitLength) {
// Bit size, byte size of CURVE.n

@@ -122,3 +108,2 @@ const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;

}
exports.nLength = nLength;
/**

@@ -133,3 +118,3 @@ * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF

const _1n = BigInt(1);
function hashToPrivateScalar(hash, CURVE_ORDER, isLE = false) {
export function hashToPrivateScalar(hash, CURVE_ORDER, isLE = false) {
hash = ensureBytes(hash);

@@ -143,4 +128,3 @@ const orderLen = nLength(CURVE_ORDER).nByteLength;

}
exports.hashToPrivateScalar = hashToPrivateScalar;
function equalBytes(b1, b2) {
export function equalBytes(b1, b2) {
// We don't care about timing attacks here

@@ -154,12 +138,11 @@ if (b1.length !== b2.length)

}
exports.equalBytes = equalBytes;
/**
* Cryptographically secure PRNG
*/
function randomBytes(bytesLength = 32) {
if (crypto_1.crypto.web) {
return crypto_1.crypto.web.getRandomValues(new Uint8Array(bytesLength));
export function randomBytes(bytesLength = 32) {
if (crypto.web) {
return crypto.web.getRandomValues(new Uint8Array(bytesLength));
}
else if (crypto_1.crypto.node) {
return new Uint8Array(crypto_1.crypto.node.randomBytes(bytesLength).buffer);
else if (crypto.node) {
return new Uint8Array(crypto.node.randomBytes(bytesLength).buffer);
}

@@ -170,2 +153,1 @@ else {

}
exports.randomBytes = randomBytes;

80

lib/weierstrass.js

@@ -1,6 +0,3 @@

"use strict";
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
// Implementation of Short Weierstrass curve. The formula is: y² = x³ + ax + b
Object.defineProperty(exports, "__esModule", { value: true });
exports.weierstrass = void 0;
// TODO: sync vs async naming

@@ -13,8 +10,8 @@ // TODO: default randomBytes

// 4. DRBG supports outputLen bigger than outputLen of hmac
const mod = require("./modular.js");
const utils_js_1 = require("./utils.js");
const group_js_1 = require("./group.js");
import * as mod from './modular.js';
import { bytesToHex, bytesToNumberBE, concatBytes, ensureBytes, hexToBytes, hexToNumber, numberToHexUnpadded, hashToPrivateScalar, validateOpts as utilOpts, randomBytes as utilRandomBytes, } from './utils.js';
import { wNAF } from './group.js';
// Should be separate from overrides, since overrides can use information about curve (for example nBits)
function validateOpts(curve) {
const opts = (0, utils_js_1.validateOpts)(curve);
const opts = utilOpts(curve);
for (const i of ['a', 'b']) {

@@ -48,3 +45,3 @@ if (typeof opts[i] !== 'bigint')

// Set defaults
return Object.freeze({ lowS: true, randomBytes: utils_js_1.randomBytes, ...opts });
return Object.freeze({ lowS: true, randomBytes: utilRandomBytes, ...opts });
}

@@ -65,3 +62,3 @@ // TODO: convert bits to bytes aligned to 32 bits? (224 for example)

if (data.length < 2 || data[0] !== 0x02) {
throw new DERError(`Invalid signature integer tag: ${(0, utils_js_1.bytesToHex)(data)}`);
throw new DERError(`Invalid signature integer tag: ${bytesToHex(data)}`);
}

@@ -77,7 +74,7 @@ const len = data[1];

}
return { data: (0, utils_js_1.bytesToNumberBE)(res), left: data.subarray(len + 2) };
return { data: bytesToNumberBE(res), left: data.subarray(len + 2) };
}
function parseDERSignature(data) {
if (data.length < 2 || data[0] != 0x30) {
throw new DERError(`Invalid signature tag: ${(0, utils_js_1.bytesToHex)(data)}`);
throw new DERError(`Invalid signature tag: ${bytesToHex(data)}`);
}

@@ -90,3 +87,3 @@ if (data[1] !== data.length - 2) {

if (rBytesLeft.length) {
throw new DERError(`Invalid signature: left bytes after parsing: ${(0, utils_js_1.bytesToHex)(rBytesLeft)}`);
throw new DERError(`Invalid signature: left bytes after parsing: ${bytesToHex(rBytesLeft)}`);
}

@@ -148,7 +145,7 @@ return { r, s };

}
return (0, utils_js_1.concatBytes)(...out);
return concatBytes(...out);
}
}
// Use only input from curveOpts!
function weierstrass(curveDef) {
export function weierstrass(curveDef) {
const CURVE = validateOpts(curveDef);

@@ -175,3 +172,3 @@ const CURVE_ORDER = CURVE.n;

function numToField(num) {
const b = (0, utils_js_1.hexToBytes)(numToFieldStr(num));
const b = hexToBytes(numToFieldStr(num));
if (b.length !== fieldLen)

@@ -214,3 +211,3 @@ throw new Error(`Error: expected ${fieldLen} bytes`);

throw new Error(`Expected ${groupLen} bytes of private key`);
num = (0, utils_js_1.hexToNumber)(key);
num = hexToNumber(key);
}

@@ -220,3 +217,3 @@ else if (key instanceof Uint8Array) {

throw new Error(`Expected ${groupLen} bytes of private key`);
num = (0, utils_js_1.bytesToNumberBE)(key);
num = bytesToNumberBE(key);
}

@@ -265,3 +262,3 @@ else {

const delta = byteLength * 8 - nBitLength; // size of curve.n (252 bits)
let h = (0, utils_js_1.bytesToNumberBE)(hash);
let h = bytesToNumberBE(hash);
if (delta > 0)

@@ -512,3 +509,3 @@ h = h >> BigInt(delta);

JacobianPoint.ZERO = new JacobianPoint(_0n, _1n, _0n);
const wnaf = (0, group_js_1.wNAF)(JacobianPoint, CURVE.endo ? CURVE.nBitLength / 2 : CURVE.nBitLength);
const wnaf = wNAF(JacobianPoint, CURVE.endo ? CURVE.nBitLength / 2 : CURVE.nBitLength);
// Stores precomputed values for points.

@@ -539,3 +536,3 @@ const pointPrecomputes = new WeakMap();

const P = CURVE.P;
const x = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(1));
const x = bytesToNumberBE(bytes.subarray(1));
if (!isValidFieldElement(x))

@@ -555,4 +552,4 @@ throw new Error('Point is not on curve');

static fromUncompressedHex(bytes) {
const x = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(1, fieldLen + 1));
const y = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(fieldLen + 1, 2 * fieldLen + 1));
const x = bytesToNumberBE(bytes.subarray(1, fieldLen + 1));
const y = bytesToNumberBE(bytes.subarray(fieldLen + 1, 2 * fieldLen + 1));
const point = new Point(x, y);

@@ -567,3 +564,3 @@ point.assertValidity();

static fromHex(hex) {
const bytes = (0, utils_js_1.ensureBytes)(hex);
const bytes = ensureBytes(hex);
const len = bytes.length;

@@ -583,3 +580,3 @@ const header = bytes[0];

toRawBytes(isCompressed = false) {
return (0, utils_js_1.hexToBytes)(this.toHex(isCompressed));
return hexToBytes(this.toHex(isCompressed));
}

@@ -670,6 +667,6 @@ toHex(isCompressed = false) {

throw new TypeError(`${name}: Expected string or Uint8Array`);
const str = arr ? (0, utils_js_1.bytesToHex)(hex) : hex;
const str = arr ? bytesToHex(hex) : hex;
if (str.length !== 128)
throw new Error(`${name}: Expected 64-byte hex`);
return new Signature((0, utils_js_1.hexToNumber)(str.slice(0, 64)), (0, utils_js_1.hexToNumber)(str.slice(64, 128)));
return new Signature(hexToNumber(str.slice(0, 64)), hexToNumber(str.slice(64, 128)));
}

@@ -682,3 +679,3 @@ // DER encoded ECDSA signature

throw new TypeError(`Signature.fromDER: Expected string or Uint8Array`);
const { r, s } = parseDERSignature(arr ? hex : (0, utils_js_1.hexToBytes)(hex));
const { r, s } = parseDERSignature(arr ? hex : hexToBytes(hex));
return new Signature(r, s);

@@ -716,3 +713,3 @@ }

throw new Error('Cannot recover: invalid recovery bit');
const h = truncateHash((0, utils_js_1.ensureBytes)(msgHash));
const h = truncateHash(ensureBytes(msgHash));
const { n } = CURVE;

@@ -746,12 +743,12 @@ const rinv = mod.invert(r, n);

toDERRawBytes(isCompressed = false) {
return (0, utils_js_1.hexToBytes)(this.toDERHex(isCompressed));
return hexToBytes(this.toDERHex(isCompressed));
}
toDERHex(isCompressed = false) {
const sHex = sliceDER((0, utils_js_1.numberToHexUnpadded)(this.s));
const sHex = sliceDER(numberToHexUnpadded(this.s));
if (isCompressed)
return sHex;
const rHex = sliceDER((0, utils_js_1.numberToHexUnpadded)(this.r));
const rLen = (0, utils_js_1.numberToHexUnpadded)(rHex.length / 2);
const sLen = (0, utils_js_1.numberToHexUnpadded)(sHex.length / 2);
const length = (0, utils_js_1.numberToHexUnpadded)(rHex.length / 2 + sHex.length / 2 + 4);
const rHex = sliceDER(numberToHexUnpadded(this.r));
const rLen = numberToHexUnpadded(rHex.length / 2);
const sLen = numberToHexUnpadded(sHex.length / 2);
const length = numberToHexUnpadded(rHex.length / 2 + sHex.length / 2 + 4);
return `30${length}02${rLen}${rHex}02${sLen}${sHex}`;

@@ -761,3 +758,3 @@ }

toCompactRawBytes() {
return (0, utils_js_1.hexToBytes)(this.toCompactHex());
return hexToBytes(this.toCompactHex());
}

@@ -790,3 +787,3 @@ toCompactHex() {

*/
hashToPrivateKey: (hash) => numToField((0, utils_js_1.hashToPrivateScalar)(hash, CURVE_ORDER)),
hashToPrivateKey: (hash) => numToField(hashToPrivateScalar(hash, CURVE_ORDER)),
/**

@@ -857,3 +854,3 @@ * Produces cryptographically secure private key from random of size (nBitLength+64)

const slice = bytes.length > fieldLen ? bytes.slice(0, fieldLen) : bytes;
return (0, utils_js_1.bytesToNumberBE)(slice);
return bytesToNumberBE(slice);
}

@@ -874,3 +871,3 @@ function bits2octets(bytes) {

// Step A is ignored, since we already provide hash instead of msg
const h1 = numToField(truncateHash((0, utils_js_1.ensureBytes)(msgHash)));
const h1 = numToField(truncateHash(ensureBytes(msgHash)));
const d = normalizePrivateKey(privateKey);

@@ -883,3 +880,3 @@ // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')

extraEntropy = CURVE.randomBytes(fieldLen);
const e = (0, utils_js_1.ensureBytes)(extraEntropy);
const e = ensureBytes(extraEntropy);
if (e.length !== fieldLen)

@@ -892,3 +889,3 @@ throw new Error(`sign: Expected ${fieldLen} bytes of extra data`);

// V, 0x00 are done in HmacDRBG constructor.
const seed = (0, utils_js_1.concatBytes)(...seedArgs);
const seed = concatBytes(...seedArgs);
const m = bits2int(h1);

@@ -976,3 +973,3 @@ return { seed, m, d };

}
msgHash = (0, utils_js_1.ensureBytes)(msgHash);
msgHash = ensureBytes(msgHash);
}

@@ -1018,2 +1015,1 @@ catch (error) {

}
exports.weierstrass = weierstrass;

54

package.json
{
"name": "@noble/curves",
"version": "0.3.1",
"version": "0.3.2",
"description": "Minimal, zero-dependency JS implementation of elliptic curve cryptography",

@@ -40,53 +40,9 @@ "files": [

},
"main": "index.js",
"exports": {
"./crypto": {
"types": "./lib/crypto.d.ts",
"browser": {
"import": "./lib/esm/cryptoBrowser.js",
"default": "./lib/cryptoBrowser.js"
},
"import": "./lib/esm/crypto.js",
"default": "./lib/crypto.js"
},
"./edwards": {
"types": "./lib/edwards.d.ts",
"import": "./lib/esm/edwards.js",
"default": "./lib/edwards.js"
},
"./modular": {
"types": "./lib/modular.d.ts",
"import": "./lib/esm/modular.js",
"default": "./lib/modular.js"
},
"./montgomery": {
"types": "./lib/montgomery.d.ts",
"import": "./lib/esm/montgomery.js",
"default": "./lib/montgomery.js"
},
"./weierstrass": {
"types": "./lib/weierstrass.d.ts",
"import": "./lib/esm/weierstrass.js",
"default": "./lib/weierstrass.js"
},
"./utils": {
"types": "./lib/utils.d.ts",
"import": "./lib/esm/utils.js",
"default": "./lib/utils.js"
},
"./definitions/secp256k1": {
"types": "./lib/definitions/secp256k1.d.ts",
"import": "./lib/esm/definitions/secp256k1.js",
"default": "./lib/definitions/secp256k1.js"
},
"./definitions/ed25519": {
"types": "./lib/definitions/ed25519.d.ts",
"import": "./lib/esm/definitions/ed25519.js",
"default": "./lib/definitions/ed25519.js"
}
},
"main": "lib/index.js",
"module": "lib/index.js",
"browser": {
"crypto": false,
"./crypto": "./cryptoBrowser.js"
"./crypto": "./lib/cryptoBrowser.js"
},
"type": "module",
"keywords": [

@@ -93,0 +49,0 @@ "elliptic",

lib/esm/crypto.js
lib/esm/cryptoBrowser.js
lib/esm/definitions/_shortw_utils.js
lib/esm/definitions/bn.js
lib/esm/definitions/ed25519.js
lib/esm/definitions/ed448.js
lib/esm/definitions/index.js
lib/esm/definitions/jubjub.js
lib/esm/definitions/p192.js
lib/esm/definitions/p224.js
lib/esm/definitions/p256.js
lib/esm/definitions/p384.js
lib/esm/definitions/p521.js
lib/esm/definitions/pasta.js
lib/esm/definitions/secp256k1.js
lib/esm/definitions/stark.js
lib/esm/edwards.js
lib/esm/group.js
lib/esm/modular.js
lib/esm/montgomery.js
lib/esm/package.json
lib/esm/utils.js
lib/esm/weierstrass.js
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc