Socket
Socket
Sign inDemoInstall

@noble/curves

Package Overview
Dependencies
Maintainers
1
Versions
34
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@noble/curves - npm Package Compare versions

Comparing version 0.6.2 to 0.6.3

14

lib/abstract/curve.d.ts

@@ -29,11 +29,15 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */

* Default window size is set by `utils.precompute()` and is equal to 8.
* Which means we are caching 65536 points: 256 points for every bit from 0 to 256.
* @returns 65K precomputed points, depending on W
* Number of precomputed points depends on the curve size:
* 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
* - 𝑊 is the window size
* - 𝑛 is the bitlength of the curve order.
* For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
* @returns precomputed point tables flattened to a single array
*/
precomputeWindow(elm: T, W: number): Group<T>[];
/**
* Implements w-ary non-adjacent form for calculating ec multiplication.
* Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
* @param W window size
* @param affinePoint optional 2d point to save cached precompute windows on it.
* @param n bits
* @param precomputes precomputed tables
* @param n scalar (we don't check here, but should be less than curve order)
* @returns real and fake (for const-time) points

@@ -40,0 +44,0 @@ */

29

lib/abstract/curve.js

@@ -10,4 +10,13 @@ "use strict";

const _1n = BigInt(1);
// Elliptic curve multiplication of Point by scalar. Complicated and fragile. Uses wNAF method.
// Windowed method is 10% faster, but takes 2x longer to generate & consumes 2x memory.
// Elliptic curve multiplication of Point by scalar. Fragile.
// Scalars should always be less than curve order: this should be checked inside of a curve itself.
// Creates precomputation tables for fast multiplication:
// - private scalar is split by fixed size windows of W bits
// - every window point is collected from window's table & added to accumulator
// - since windows are different, same point inside tables won't be accessed more than once per calc
// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
// - +1 window is neccessary for wNAF
// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow
// windows to be in different memory locations
function wNAF(c, bits) {

@@ -40,4 +49,8 @@ const constTimeNegate = (condition, item) => {

* Default window size is set by `utils.precompute()` and is equal to 8.
* Which means we are caching 65536 points: 256 points for every bit from 0 to 256.
* @returns 65K precomputed points, depending on W
* Number of precomputed points depends on the curve size:
* 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
* - 𝑊 is the window size
* - 𝑛 is the bitlength of the curve order.
* For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
* @returns precomputed point tables flattened to a single array
*/

@@ -62,10 +75,10 @@ precomputeWindow(elm, W) {

/**
* Implements w-ary non-adjacent form for calculating ec multiplication.
* Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
* @param W window size
* @param affinePoint optional 2d point to save cached precompute windows on it.
* @param n bits
* @param precomputes precomputed tables
* @param n scalar (we don't check here, but should be less than curve order)
* @returns real and fake (for const-time) points
*/
wNAF(W, precomputes, n) {
// TODO: maybe check that scalar is less than group order? wNAF will fail otherwise
// TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise
// But need to carefully remove other checks before wNAF. ORDER == bits here

@@ -72,0 +85,0 @@ const { windows, windowSize } = opts(W);

1

lib/abstract/hash-to-curve.d.ts

@@ -14,3 +14,2 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */

};
export declare function validateOpts(opts: Opts): void;
export declare function stringToBytes(str: string): Uint8Array;

@@ -17,0 +16,0 @@ export declare function expand_message_xmd(msg: Uint8Array, DST: Uint8Array, lenInBytes: number, H: CHash): Uint8Array;

27

lib/abstract/hash-to-curve.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.hashToCurve = exports.isogenyMap = exports.hash_to_field = exports.expand_message_xof = exports.expand_message_xmd = exports.stringToBytes = exports.validateOpts = void 0;
exports.hashToCurve = exports.isogenyMap = exports.hash_to_field = exports.expand_message_xof = exports.expand_message_xmd = exports.stringToBytes = void 0;
const modular_js_1 = require("./modular.js");
const utils_js_1 = require("./utils.js");
function validateOpts(opts) {
if (typeof opts.DST !== 'string')
throw new Error('Invalid htf/DST');
if (typeof opts.p !== 'bigint')
throw new Error('Invalid htf/p');
if (typeof opts.m !== 'number')
throw new Error('Invalid htf/m');
if (typeof opts.k !== 'number')
throw new Error('Invalid htf/k');
if (opts.expand !== 'xmd' && opts.expand !== 'xof' && opts.expand !== undefined)
throw new Error('Invalid htf/expand');
if (typeof opts.hash !== 'function' || !Number.isSafeInteger(opts.hash.outputLen))
throw new Error('Invalid htf/hash function');
}
exports.validateOpts = validateOpts;
function stringToBytes(str) {

@@ -146,3 +131,11 @@ if (typeof str !== 'string') {

function hashToCurve(Point, mapToCurve, def) {
validateOpts(def);
(0, utils_js_1.validateObject)(def, {
DST: 'string',
p: 'bigint',
m: 'isSafeInteger',
k: 'isSafeInteger',
hash: 'hash',
});
if (def.expand !== 'xmd' && def.expand !== 'xof' && def.expand !== undefined)
throw new Error('Invalid htf/expand');
if (typeof mapToCurve !== 'function')

@@ -149,0 +142,0 @@ throw new Error('hashToCurve: mapToCurve() has not been defined');

29

lib/esm/abstract/curve.js

@@ -7,4 +7,13 @@ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */

const _1n = BigInt(1);
// Elliptic curve multiplication of Point by scalar. Complicated and fragile. Uses wNAF method.
// Windowed method is 10% faster, but takes 2x longer to generate & consumes 2x memory.
// Elliptic curve multiplication of Point by scalar. Fragile.
// Scalars should always be less than curve order: this should be checked inside of a curve itself.
// Creates precomputation tables for fast multiplication:
// - private scalar is split by fixed size windows of W bits
// - every window point is collected from window's table & added to accumulator
// - since windows are different, same point inside tables won't be accessed more than once per calc
// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
// - +1 window is neccessary for wNAF
// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow
// windows to be in different memory locations
export function wNAF(c, bits) {

@@ -37,4 +46,8 @@ const constTimeNegate = (condition, item) => {

* Default window size is set by `utils.precompute()` and is equal to 8.
* Which means we are caching 65536 points: 256 points for every bit from 0 to 256.
* @returns 65K precomputed points, depending on W
* Number of precomputed points depends on the curve size:
* 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
* - 𝑊 is the window size
* - 𝑛 is the bitlength of the curve order.
* For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
* @returns precomputed point tables flattened to a single array
*/

@@ -59,10 +72,10 @@ precomputeWindow(elm, W) {

/**
* Implements w-ary non-adjacent form for calculating ec multiplication.
* Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
* @param W window size
* @param affinePoint optional 2d point to save cached precompute windows on it.
* @param n bits
* @param precomputes precomputed tables
* @param n scalar (we don't check here, but should be less than curve order)
* @returns real and fake (for const-time) points
*/
wNAF(W, precomputes, n) {
// TODO: maybe check that scalar is less than group order? wNAF will fail otherwise
// TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise
// But need to carefully remove other checks before wNAF. ORDER == bits here

@@ -69,0 +82,0 @@ const { windows, windowSize } = opts(W);

26

lib/esm/abstract/hash-to-curve.js
import { mod } from './modular.js';
import { concatBytes, ensureBytes } from './utils.js';
export function validateOpts(opts) {
if (typeof opts.DST !== 'string')
throw new Error('Invalid htf/DST');
if (typeof opts.p !== 'bigint')
throw new Error('Invalid htf/p');
if (typeof opts.m !== 'number')
throw new Error('Invalid htf/m');
if (typeof opts.k !== 'number')
throw new Error('Invalid htf/k');
if (opts.expand !== 'xmd' && opts.expand !== 'xof' && opts.expand !== undefined)
throw new Error('Invalid htf/expand');
if (typeof opts.hash !== 'function' || !Number.isSafeInteger(opts.hash.outputLen))
throw new Error('Invalid htf/hash function');
}
import { concatBytes, ensureBytes, validateObject } from './utils.js';
export function stringToBytes(str) {

@@ -137,3 +123,11 @@ if (typeof str !== 'string') {

export function hashToCurve(Point, mapToCurve, def) {
validateOpts(def);
validateObject(def, {
DST: 'string',
p: 'bigint',
m: 'isSafeInteger',
k: 'isSafeInteger',
hash: 'hash',
});
if (def.expand !== 'xmd' && def.expand !== 'xof' && def.expand !== undefined)
throw new Error('Invalid htf/expand');
if (typeof mapToCurve !== 'function')

@@ -140,0 +134,0 @@ throw new Error('hashToCurve: mapToCurve() has not been defined');

10

package.json
{
"name": "@noble/curves",
"version": "0.6.2",
"version": "0.6.3",
"description": "Minimal, auditable JS implementation of elliptic curve cryptography",

@@ -24,9 +24,8 @@ "files": [

"dependencies": {
"@noble/hashes": "1.1.5"
"@noble/hashes": "1.2.0"
},
"devDependencies": {
"@rollup/plugin-node-resolve": "13.3.0",
"@scure/base": "~1.1.1",
"@scure/bip32": "~1.1.1",
"@scure/bip39": "~1.1.0",
"@scure/bip32": "~1.1.5",
"@scure/bip39": "~1.1.1",
"@types/node": "18.11.3",

@@ -37,3 +36,2 @@ "fast-check": "3.0.0",

"prettier": "2.8.3",
"rollup": "2.75.5",
"typescript": "4.7.3"

@@ -40,0 +38,0 @@ },

60

README.md

@@ -25,4 +25,3 @@ # noble-curves

([secp256k1](https://github.com/paulmillr/noble-secp256k1),
[ed25519](https://github.com/paulmillr/noble-ed25519),
[bls12-381](https://github.com/paulmillr/noble-bls12-381)),
[ed25519](https://github.com/paulmillr/noble-ed25519)),
which had security audits and were developed from 2019 to 2022.

@@ -35,3 +34,3 @@ Check out [Upgrading](#upgrading) section if you've used them before.

- Minimal dependencies, small files
- Protection against supply chain attacks
- Easily auditable TypeScript/JS code

@@ -41,5 +40,5 @@ - Supported in all major browsers and stable node.js versions

- Check out [homepage](https://paulmillr.com/noble/) & all libraries:
[curves](https://github.com/paulmillr/noble-curves) ([secp256k1](https://github.com/paulmillr/noble-secp256k1),
[ed25519](https://github.com/paulmillr/noble-ed25519),
[bls12-381](https://github.com/paulmillr/noble-bls12-381)),
[curves](https://github.com/paulmillr/noble-curves)
([secp256k1](https://github.com/paulmillr/noble-secp256k1),
[ed25519](https://github.com/paulmillr/noble-ed25519)),
[hashes](https://github.com/paulmillr/noble-hashes)

@@ -54,22 +53,6 @@

The library does not have an entry point. It allows you to select specific primitives and drop everything else. If you only want to use secp256k1, just use the library with rollup or other bundlers. This is done to make your bundles tiny.
The library does not have an entry point. It allows you to select specific primitives and drop everything else. If you only want to use secp256k1, just use the library with rollup or other bundlers. This is done to make your bundles tiny. All curves:
```ts
// Common.js and ECMAScript Modules (ESM)
import { secp256k1 } from '@noble/curves/secp256k1';
const key = secp256k1.utils.randomPrivateKey();
const pub = secp256k1.getPublicKey(key);
const msg = new Uint8Array(32).fill(1);
const sig = secp256k1.sign(msg, key);
secp256k1.verify(sig, msg, pub) === true;
sig.recoverPublicKey(msg) === pub;
const someonesPub = secp256k1.getPublicKey(secp256k1.utils.randomPrivateKey());
const shared = secp256k1.getSharedSecret(key, someonesPub);
```
All curves:
```ts
import { secp256k1 } from '@noble/curves/secp256k1';
import { ed25519, ed25519ph, ed25519ctx, x25519, RistrettoPoint } from '@noble/curves/ed25519';

@@ -87,4 +70,22 @@ import { ed448, ed448ph, ed448ctx, x448 } from '@noble/curves/ed448';

To define a custom curve, check out API below.
Every curve can be used in the following way:
```ts
import { secp256k1 } from '@noble/curves/secp256k1'; // Common.js and ECMAScript Modules (ESM)
const key = secp256k1.utils.randomPrivateKey();
const pub = secp256k1.getPublicKey(key);
const msg = new Uint8Array(32).fill(1);
const sig = secp256k1.sign(msg, key);
// weierstrass curves should use extraEntropy: https://moderncrypto.org/mail-archive/curves/2017/000925.html
const sigImprovedSecurity = secp256k1.sign(msg, key, { extraEntropy: true });
secp256k1.verify(sig, msg, pub) === true;
// secp, p*, pasta curves allow pub recovery
sig.recoverPublicKey(msg) === pub;
const someonesPub = secp256k1.getPublicKey(secp256k1.utils.randomPrivateKey());
const shared = secp256k1.getSharedSecret(key, someonesPub);
```
To define a custom curve, check out docs below.
## API

@@ -117,3 +118,3 @@

```ts
import { Fp } from '@noble/curves/abstract/modular';
import { Field } from '@noble/curves/abstract/modular';
import { weierstrass } from '@noble/curves/abstract/weierstrass';

@@ -124,7 +125,10 @@ import { hmac } from '@noble/hashes/hmac';

const secp256k1 = weierstrass({
// secq (NOT secp) 256k1: cycle of secp256k1 with Fp/N flipped.
// https://zcash.github.io/halo2/background/curves.html#cycles-of-curves
// https://personaelabs.org/posts/spartan-ecdsa
const secq256k1 = weierstrass({
a: 0n,
b: 7n,
Fp: Fp(2n ** 256n - 2n ** 32n - 2n ** 9n - 2n ** 8n - 2n ** 7n - 2n ** 6n - 2n ** 4n - 1n),
n: 2n ** 256n - 432420386565659656852420866394968145599n,
Fp: Field(2n ** 256n - 432420386565659656852420866394968145599n),
n: 2n ** 256n - 2n ** 32n - 2n ** 9n - 2n ** 8n - 2n ** 7n - 2n ** 6n - 2n ** 4n - 1n,
Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,

@@ -131,0 +135,0 @@ Gy: 32670510020758816978083085130507043184471273380659243275938904335757337482424n,

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc