@noble/curves - npm Package Compare versions

Comparing version 0.8.2 to 0.8.3

_shortw_utils.d.ts

		@@ -9,3 +9,3 @@ import { randomBytes } from '@noble/hashes/utils';
		};
		declare type CurveDef = Readonly<Omit<CurveType, 'hash' \| 'hmac' \| 'randomBytes'>>;
		type CurveDef = Readonly<Omit<CurveType, 'hash' \| 'hmac' \| 'randomBytes'>>;
		export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonly<{
		@@ -12,0 +12,0 @@ create: (hash: CHash) => import("./abstract/weierstrass.js").CurveFn;

abstract/bls.d.ts

		@@ -19,8 +19,8 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { CurvePointsType, ProjPointType as ProjPointType, CurvePointsRes } from './weierstrass.js';
		declare type Fp = bigint;
		export declare type SignatureCoder<Fp2> = {
		type Fp = bigint;
		export type SignatureCoder<Fp2> = {
		decode(hex: Hex): ProjPointType<Fp2>;
		encode(point: ProjPointType<Fp2>): Uint8Array;
		};
		export declare type CurveType<Fp, Fp2, Fp6, Fp12> = {
		export type CurveType<Fp, Fp2, Fp6, Fp12> = {
		r: bigint;
		@@ -58,3 +58,3 @@ G1: Omit<CurvePointsType<Fp>, 'n'> & {
		};
		export declare type CurveFn<Fp, Fp2, Fp6, Fp12> = {
		export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
		CURVE: CurveType<Fp, Fp2, Fp6, Fp12>;
		@@ -61,0 +61,0 @@ Fr: Field<bigint>;

abstract/curve.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { Field } from './modular.js';
		export declare type AffinePoint<T> = {
		export type AffinePoint<T> = {
		x: T;
		@@ -18,7 +18,7 @@ y: T;
		}
		export declare type GroupConstructor<T> = {
		export type GroupConstructor<T> = {
		BASE: T;
		ZERO: T;
		};
		export declare type Mapper<T> = (i: T[]) => T[];
		export type Mapper<T> = (i: T[]) => T[];
		export declare function wNAF<T extends Group<T>>(c: GroupConstructor<T>, bits: number): {
		@@ -54,3 +54,3 @@ constTimeNegate: (condition: boolean, item: T) => T;
		};
		export declare type BasicCurve<T> = {
		export type BasicCurve<T> = {
		Fp: Field<T>;
		@@ -57,0 +57,0 @@ n: bigint;

abstract/edwards.d.ts

		import * as ut from './utils.js';
		import { FHash, Hex } from './utils.js';
		import { Group, GroupConstructor, BasicCurve, AffinePoint } from './curve.js';
		export declare type CurveType = BasicCurve<bigint> & {
		export type CurveType = BasicCurve<bigint> & {
		a: bigint;
		@@ -60,3 +60,3 @@ d: bigint;
		}
		export declare type CurveFn = {
		export type CurveFn = {
		CURVE: ReturnType<typeof validateOpts>;
		@@ -63,0 +63,0 @@ getPublicKey: (privateKey: Hex) => Uint8Array;

abstract/hash-to-curve.d.ts

		@@ -13,4 +13,4 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		*/
		declare type UnicodeOrBytes = string \| Uint8Array;
		export declare type Opts = {
		type UnicodeOrBytes = string \| Uint8Array;
		export type Opts = {
		DST: UnicodeOrBytes;
		@@ -47,4 +47,4 @@ p: bigint;
		}
		export declare type MapToCurve<T> = (scalar: bigint[]) => AffinePoint<T>;
		export declare type htfBasicOpts = {
		export type MapToCurve<T> = (scalar: bigint[]) => AffinePoint<T>;
		export type htfBasicOpts = {
		DST: UnicodeOrBytes;
		@@ -51,0 +51,0 @@ };

abstract/modular.d.ts

		@@ -54,3 +54,3 @@ export declare function mod(a: bigint, b: bigint): bigint;
		};
		declare type FpField = Field<bigint> & Required<Pick<Field<bigint>, 'isOdd'>>;
		type FpField = Field<bigint> & Required<Pick<Field<bigint>, 'isOdd'>>;
		export declare function Fp(ORDER: bigint, bitLen?: number, isLE?: boolean, redef?: Partial<Field<bigint>>): Readonly<FpField>;
		@@ -57,0 +57,0 @@ export declare function FpSqrtOdd<T>(Fp: Field<T>, elm: T): T;

abstract/montgomery.d.ts

		@@ -1,3 +0,3 @@
		declare type Hex = string \| Uint8Array;
		export declare type CurveType = {
		type Hex = string \| Uint8Array;
		export type CurveType = {
		P: bigint;
		@@ -14,3 +14,3 @@ nByteLength: number;
		};
		export declare type CurveFn = {
		export type CurveFn = {
		scalarMult: (scalar: Hex, u: Hex) => Uint8Array;
		@@ -17,0 +17,0 @@ scalarMultBase: (scalar: Hex) => Uint8Array;

abstract/poseidon.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { Field } from './modular.js';
		export declare type PoseidonOpts = {
		export type PoseidonOpts = {
		Fp: Field<bigint>;
		@@ -5,0 +5,0 @@ t: number;

abstract/utils.d.ts

		@@ -1,4 +0,4 @@
		export declare type Hex = Uint8Array \| string;
		export declare type PrivKey = Hex \| bigint;
		export declare type CHash = {
		export type Hex = Uint8Array \| string;
		export type PrivKey = Hex \| bigint;
		export type CHash = {
		(message: Uint8Array \| string): Uint8Array;
		@@ -11,3 +11,3 @@ blockLen: number;
		};
		export declare type FHash = (message: Uint8Array \| string) => Uint8Array;
		export type FHash = (message: Uint8Array \| string) => Uint8Array;
		export declare function bytesToHex(bytes: Uint8Array): string;
		@@ -30,3 +30,3 @@ export declare function numberToHexUnpadded(num: number \| bigint): string;
		export declare const bitMask: (n: number) => bigint;
		declare type Pred<T> = (v: Uint8Array) => T \| undefined;
		type Pred<T> = (v: Uint8Array) => T \| undefined;
		/**
		@@ -50,4 +50,4 @@ * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
		};
		declare type Validator = keyof typeof validatorFns;
		declare type ValMap<T extends Record<string, any>> = {
		type Validator = keyof typeof validatorFns;
		type ValMap<T extends Record<string, any>> = {
		[K in keyof T]?: Validator;
		@@ -54,0 +54,0 @@ };

abstract/weierstrass.d.ts

		@@ -7,4 +7,4 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		export type { AffinePoint };
		declare type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
		declare type EndomorphismOpts = {
		type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
		type EndomorphismOpts = {
		beta: bigint;
		@@ -18,3 +18,3 @@ splitScalar: (k: bigint) => {
		};
		export declare type BasicWCurve<T> = BasicCurve<T> & {
		export type BasicWCurve<T> = BasicCurve<T> & {
		a: T;
		@@ -28,4 +28,4 @@ b: T;
		};
		declare type Entropy = Hex \| true;
		export declare type SignOpts = {
		type Entropy = Hex \| true;
		export type SignOpts = {
		lowS?: boolean;
		@@ -35,3 +35,3 @@ extraEntropy?: Entropy;
		};
		export declare type VerOpts = {
		export type VerOpts = {
		lowS?: boolean;
		@@ -84,7 +84,7 @@ prehash?: boolean;
		}
		export declare type CurvePointsType<T> = BasicWCurve<T> & {
		export type CurvePointsType<T> = BasicWCurve<T> & {
		fromBytes: (bytes: Uint8Array) => AffinePoint<T>;
		toBytes: (c: ProjConstructor<T>, point: ProjPointType<T>, compressed: boolean) => Uint8Array;
		};
		export declare type CurvePointsRes<T> = {
		export type CurvePointsRes<T> = {
		ProjectivePoint: ProjConstructor<T>;
		@@ -115,3 +115,3 @@ normPrivateKeyToScalar: (key: PrivKey) => bigint;
		}
		export declare type SignatureConstructor = {
		export type SignatureConstructor = {
		new (r: bigint, s: bigint): SignatureType;
		@@ -121,8 +121,8 @@ fromCompact(hex: Hex): SignatureType;
		};
		declare type SignatureLike = {
		type SignatureLike = {
		r: bigint;
		s: bigint;
		};
		export declare type PubKey = Hex \| ProjPointType<bigint>;
		export declare type CurveType = BasicWCurve<bigint> & {
		export type PubKey = Hex \| ProjPointType<bigint>;
		export type CurveType = BasicWCurve<bigint> & {
		hash: CHash;
		@@ -159,3 +159,3 @@ hmac: HmacFnSync;
		}>;
		export declare type CurveFn = {
		export type CurveFn = {
		CURVE: ReturnType<typeof validateOpts>;
		@@ -162,0 +162,0 @@ getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;

bls12-381.d.ts

		@@ -5,9 +5,9 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		declare const Fp: Readonly<mod.Field<bigint> & Required<Pick<mod.Field<bigint>, "isOdd">>>;
		declare type Fp = bigint;
		declare type BigintTuple = [bigint, bigint];
		declare type Fp2 = {
		type Fp = bigint;
		type BigintTuple = [bigint, bigint];
		type Fp2 = {
		c0: bigint;
		c1: bigint;
		};
		declare type Fp2Utils = {
		type Fp2Utils = {
		fromBigTuple: (tuple: BigintTuple \| bigint[]) => Fp2;
		@@ -23,4 +23,4 @@ reim: (num: Fp2) => {
		declare const Fp2: mod.Field<Fp2> & Fp2Utils;
		declare type BigintSix = [bigint, bigint, bigint, bigint, bigint, bigint];
		declare type Fp6 = {
		type BigintSix = [bigint, bigint, bigint, bigint, bigint, bigint];
		type Fp6 = {
		c0: Fp2;
		@@ -30,3 +30,3 @@ c1: Fp2;
		};
		declare type Fp6Utils = {
		type Fp6Utils = {
		fromBigSix: (tuple: BigintSix) => Fp6;
		@@ -40,7 +40,7 @@ mulByNonresidue: (num: Fp6) => Fp6;
		declare const Fp6: mod.Field<Fp6> & Fp6Utils;
		declare type Fp12 = {
		type Fp12 = {
		c0: Fp6;
		c1: Fp6;
		};
		declare type BigintTwelve = [
		type BigintTwelve = [
		bigint,
		@@ -59,3 +59,3 @@ bigint,
		];
		declare type Fp12Utils = {
		type Fp12Utils = {
		fromBigTwelve: (t: BigintTwelve) => Fp12;
		@@ -62,0 +62,0 @@ frobeniusMap(num: Fp12, power: number): Fp12;

ed25519.d.ts

		@@ -12,3 +12,3 @@ import { ExtPointType } from './abstract/edwards.js';
		export { hashToCurve, encodeToCurve };
		declare type ExtendedPoint = ExtPointType;
		type ExtendedPoint = ExtPointType;
		/**
		@@ -15,0 +15,0 @@ * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be

ed25519.js

		@@ -390,5 +390,5 @@ "use strict";
		}
		exports.RistrettoPoint = RistrettoPoint;
		RistrettoPoint.BASE = new RistrettoPoint(exports.ed25519.ExtendedPoint.BASE);
		RistrettoPoint.ZERO = new RistrettoPoint(exports.ed25519.ExtendedPoint.ZERO);
		exports.RistrettoPoint = RistrettoPoint;
		// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/14/
		@@ -395,0 +395,0 @@ // Appendix B. Hashing to ristretto255

esm/ed25519.js

		@@ -262,3 +262,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		*/
		export class RistrettoPoint {
		class RistrettoPoint {
		// Private property to discourage combining ExtendedPoint + RistrettoPoint
		@@ -389,2 +389,3 @@ // Always use Ristretto encoding/decoding instead.
		RistrettoPoint.ZERO = new RistrettoPoint(ed25519.ExtendedPoint.ZERO);
		export { RistrettoPoint };
		// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/14/
		@@ -391,0 +392,0 @@ // Appendix B. Hashing to ristretto255

package.json

		{
		"name": "@noble/curves",
		"version": "0.8.2",
		"version": "0.8.3",
		"description": "Minimal, auditable JS implementation of elliptic curve cryptography",
		@@ -31,3 +31,3 @@ "files": [
		"dependencies": {
		"@noble/hashes": "1.2.0"
		"@noble/hashes": "1.3.0"
		},
		@@ -37,8 +37,8 @@ "devDependencies": {
		"@scure/bip39": "~1.1.1",
		"@types/node": "18.11.3",
		"@types/node": "18.11.18",
		"fast-check": "3.0.0",
		"micro-bmark": "0.3.1",
		"micro-should": "0.4.0",
		"prettier": "2.8.3",
		"typescript": "4.7.3"
		"prettier": "2.8.4",
		"typescript": "5.0.2"
		},
		@@ -45,0 +45,0 @@ "main": "index.js",

293

README.md

		@@ -12,3 +12,4 @@ # noble-curves
		- 🏎 [Ultra-fast](#speed), hand-optimized for caveats of JS engines
		- 🔍 Unique tests ensure correctness with Wycheproof vectors and [cryptofuzz](https://github.com/guidovranken/cryptofuzz) differential fuzzing
		- 🔍 Unique tests ensure correctness with Wycheproof vectors and
		[cryptofuzz](https://github.com/guidovranken/cryptofuzz) differential fuzzing
		- 🔻 Tree-shaking-friendly: there is no entry point, which ensures small size of your app
		@@ -19,10 +20,16 @@
		1. [Abstract](#abstract-api), zero-dependency EC algorithms
		2. [Implementations](#implementations), utilizing one dependency `@noble/hashes`, providing ready-to-use:
		2. [Implementations](#implementations), utilizing one dependency `@noble/hashes`,
		providing ready-to-use:
		- NIST curves secp256r1/P256, secp384r1/P384, secp521r1/P521
		- SECG curve secp256k1
		- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448 [RFC7748](https://www.rfc-editor.org/rfc/rfc7748) / [RFC8032](https://www.rfc-editor.org/rfc/rfc8032) / [ZIP215](https://zips.z.cash/zip-0215) stuff
		- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448
		implementing
		[RFC7748](https://www.rfc-editor.org/rfc/rfc7748) /
		[RFC8032](https://www.rfc-editor.org/rfc/rfc8032) /
		[ZIP215](https://zips.z.cash/zip-0215) standards
		- pairing-friendly curves bls12-381, bn254

		Check out [Upgrading](#upgrading) if you've previously used single-feature noble packages
		([secp256k1](https://github.com/paulmillr/noble-secp256k1), [ed25519](https://github.com/paulmillr/noble-ed25519)).
		Check out [Upgrading](#upgrading) if you've previously used single-feature noble
		packages ([secp256k1](https://github.com/paulmillr/noble-secp256k1),
		[ed25519](https://github.com/paulmillr/noble-ed25519)).
		See [Resources](#resources) for articles and real-world software that uses curves.
		@@ -46,11 +53,14 @@

		Use NPM for browser / node.js:
		Browser, deno and node.js are supported:

		> npm install @noble/curves

		For [Deno](https://deno.land), use it with [npm specifier](https://deno.land/manual@v1.28.0/node/npm_specifiers). In browser, you could also include the single file from
		For [Deno](https://deno.land), use it with
		[npm specifier](https://deno.land/manual@v1.28.0/node/npm_specifiers).
		In browser, you could also include the single file from
		[GitHub's releases page](https://github.com/paulmillr/noble-curves/releases).

		The library is tree-shaking-friendly and does not expose root entry point as `import * from '@noble/curves'`.
		Instead, you need to import specific primitives. This is done to ensure small size of your apps.
		The library is tree-shaking-friendly and does not expose root entry point as
		`import * from '@noble/curves'`. Instead, you need to import specific primitives.
		This is done to ensure small size of your apps.

		@@ -62,3 +72,3 @@ ### Implementations
		```ts
		import { secp256k1 } from '@noble/curves/secp256k1'; // ECMAScript Modules (ESM) and Common.js
		import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
		// import { secp256k1 } from 'npm:@noble/curves@1.2.0/secp256k1'; // Deno
		@@ -71,4 +81,5 @@ const priv = secp256k1.utils.randomPrivateKey();

		// hex strings are also supported besides Uint8Arrays:
		const privHex = '46c930bc7bb4db7f55da20798697421b98c4175a52c630294d75a84b9c126236';
		const pub2 = secp256k1.getPublicKey(privHex); // keys & other inputs can be Uint8Array-s or hex strings
		const pub2 = secp256k1.getPublicKey(privHex);
		```
		@@ -98,3 +109,3 @@
		const someonesPub = secp256k1.getPublicKey(secp256k1.utils.randomPrivateKey());
		const shared = secp256k1.getSharedSecret(priv, someonesPub); // ECDH (elliptic curve diffie-hellman)
		const shared = secp256k1.getSharedSecret(priv, someonesPub); // ECDH
		```
		@@ -112,3 +123,2 @@
		const isValid = schnorr.verify(sig, msg, pub);
		console.log(isValid);
		```
		@@ -144,3 +154,3 @@

		ed448 module is basically the same:
		ed448 is similar:

		@@ -150,2 +160,3 @@ ```ts
		import { hashToCurve, encodeToCurve } from '@noble/curves/ed448';
		ed448.getPublicKey(ed448.utils.randomPrivateKey());
		```
		@@ -157,3 +168,4 @@
		[threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716),
		using Boneh-Lynn-Shacham signature scheme.
		using Boneh-Lynn-Shacham signature scheme. Compatible with ETH and others,
		just make sure to provide correct DST (domain separation tag argument).

		@@ -195,6 +207,9 @@ ```ts

		Abstract API allows to define custom curves. All arithmetics is done with JS bigints over finite fields,
		which is defined from `modular` sub-module. For scalar multiplication, we use [precomputed tables with w-ary non-adjacent form (wNAF)](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/).
		Precomputes are enabled for weierstrass and edwards BASE points of a curve. You could precompute any
		other point (e.g. for ECDH) using `utils.precompute()` method: check out examples.
		Abstract API allows to define custom curves. All arithmetics is done with JS
		bigints over finite fields, which is defined from `modular` sub-module. For
		scalar multiplication, we use
		[precomputed tables with w-ary non-adjacent form (wNAF)](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/).
		Precomputes are enabled for weierstrass and edwards BASE points of a curve. You
		could precompute any other point (e.g. for ECDH) using `utils.precompute()`
		method: check out examples.

		@@ -215,10 +230,30 @@ There are following zero-dependency algorithms:
		import { weierstrass } from '@noble/curves/abstract/weierstrass';
		import { Fp } from '@noble/curves/abstract/modular'; // finite field for mod arithmetics
		import { sha256 } from '@noble/hashes/sha256'; // 3rd-party sha256() of type utils.CHash
		import { hmac } from '@noble/hashes/hmac'; // 3rd-party hmac() that will accept sha256()
		import { concatBytes, randomBytes } from '@noble/hashes/utils'; // 3rd-party utilities
		const secq256k1 = weierstrass({
		// secq256k1: cycle of secp256k1 with Fp/N flipped.
		// https://personaelabs.org/posts/spartan-ecdsa
		// https://zcash.github.io/halo2/background/curves.html#cycles-of-curves
		a: 0n,
		b: 7n,
		Fp: Fp(2n ** 256n - 432420386565659656852420866394968145599n),
		n: 2n 256n - 2n 32n - 2n 9n - 2n 8n - 2n 7n - 2n 6n - 2n ** 4n - 1n,
		Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,
		Gy: 32670510020758816978083085130507043184471273380659243275938904335757337482424n,
		hash: sha256,
		hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => hmac(sha256, key, concatBytes(...msgs)),
		randomBytes,
		});
		```

		Short Weierstrass curve's formula is `y² = x³ + ax + b`. `weierstrass` expects arguments `a`, `b`, field `Fp`, curve order `n`, cofactor `h`
		Short Weierstrass curve's formula is `y² = x³ + ax + b`. `weierstrass`
		expects arguments `a`, `b`, field `Fp`, curve order `n`, cofactor `h`
		and coordinates `Gx`, `Gy` of generator point.

		`k` generation is done deterministically, following [RFC6979](https://www.rfc-editor.org/rfc/rfc6979).
		For this you will need `hmac` & `hash`, which in our implementations is provided by noble-hashes.
		If you're using different hashing library, make sure to wrap it in the following interface:
		`k` generation is done deterministically, following
		[RFC6979](https://www.rfc-editor.org/rfc/rfc6979). For this you will need
		`hmac` & `hash`, which in our implementations is provided by noble-hashes. If
		you're using different hashing library, make sure to wrap it in the following interface:

		@@ -239,3 +274,4 @@ ```ts
		3. Use complete exception-free formulas for addition and doubling
		4. Can be decoded/encoded from/to Uint8Array / hex strings using `ProjectivePoint.fromHex` and `ProjectivePoint#toRawBytes()`
		4. Can be decoded/encoded from/to Uint8Array / hex strings using
		`ProjectivePoint.fromHex` and `ProjectivePoint#toRawBytes()`
		5. Have `assertValidity()` which checks for being on-curve
		@@ -245,2 +281,25 @@ 6. Have `toAffine()` and `x` / `y` getters which convert to 2d xy affine coordinates
		```ts
		// `weierstrass()` returns `CurveFn`
		type SignOpts = { lowS?: boolean; prehash?: boolean; extraEntropy: boolean \| Uint8Array };
		type CurveFn = {
		CURVE: ReturnType<typeof validateOpts>;
		getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
		getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
		sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => SignatureType;
		verify: (
		signature: Hex \| SignatureType,
		msgHash: Hex,
		publicKey: Hex,
		opts?: { lowS?: boolean; prehash?: boolean }
		) => boolean;
		ProjectivePoint: ProjectivePointConstructor;
		Signature: SignatureConstructor;
		utils: {
		normPrivateKeyToScalar: (key: PrivKey) => bigint;
		isValidPrivateKey(key: PrivKey): boolean;
		randomPrivateKey: () => Uint8Array;
		precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
		};
		};

		// T is usually bigint, but can be something else like complex numbers in BLS curves
		@@ -271,3 +330,4 @@ interface ProjPointType<T> extends Group<ProjPointType<T>> {

		ECDSA signatures are represented by `Signature` instances and can be described by the interface:
		ECDSA signatures are represented by `Signature` instances and can be
		described by the interface:

		@@ -297,24 +357,5 @@ ```ts

		Example implementing [secq256k1](https://personaelabs.org/posts/spartan-ecdsa) (NOT secp256k1)
		[cycle](https://zcash.github.io/halo2/background/curves.html#cycles-of-curves) of secp256k1 with Fp/N flipped.
		More examples:

		```typescript
		import { weierstrass } from '@noble/curves/abstract/weierstrass';
		import { Field } from '@noble/curves/abstract/modular'; // finite field, mod arithmetics done over it
		import { sha256 } from '@noble/hashes/sha256'; // 3rd-party sha256() of type utils.CHash, with blockLen/outputLen
		import { hmac } from '@noble/hashes/hmac'; // 3rd-party hmac() that will accept sha256()
		import { concatBytes, randomBytes } from '@noble/hashes/utils'; // 3rd-party utilities
		const secq256k1 = weierstrass({
		// secq256k1: cycle of secp256k1 with Fp/N flipped.
		a: 0n,
		b: 7n,
		Fp: Field(2n ** 256n - 432420386565659656852420866394968145599n),
		n: 2n 256n - 2n 32n - 2n 9n - 2n 8n - 2n 7n - 2n 6n - 2n ** 4n - 1n,
		Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,
		Gy: 32670510020758816978083085130507043184471273380659243275938904335757337482424n,
		hash: sha256,
		hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => hmac(sha256, key, concatBytes(...msgs)),
		randomBytes,
		});

		// All curves expose same generic interface.
		@@ -345,80 +386,15 @@ const priv = secq256k1.utils.randomPrivateKey();

		`weierstrass()` returns `CurveFn`:

		```ts
		type SignOpts = { lowS?: boolean; prehash?: boolean; extraEntropy: boolean \| Uint8Array };
		type CurveFn = {
		CURVE: ReturnType<typeof validateOpts>;
		getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
		getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
		sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => SignatureType;
		verify: (
		signature: Hex \| SignatureType,
		msgHash: Hex,
		publicKey: Hex,
		opts?: { lowS?: boolean; prehash?: boolean }
		) => boolean;
		ProjectivePoint: ProjectivePointConstructor;
		Signature: SignatureConstructor;
		utils: {
		normPrivateKeyToScalar: (key: PrivKey) => bigint;
		isValidPrivateKey(key: PrivKey): boolean;
		randomPrivateKey: () => Uint8Array;
		precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
		};
		};
		```

		### abstract/edwards: Twisted Edwards curve

		Twisted Edwards curve's formula is `ax² + y² = 1 + dx²y²`. You must specify `a`, `d`, field `Fp`, order `n`, cofactor `h`
		and coordinates `Gx`, `Gy` of generator point.

		For EdDSA signatures, `hash` param required. `adjustScalarBytes` which instructs how to change private scalars could be specified.

		Edwards points:

		1. Exported as `ExtendedPoint`
		2. Represented in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z)
		3. Use complete exception-free formulas for addition and doubling
		4. Can be decoded/encoded from/to Uint8Array / hex strings using `ExtendedPoint.fromHex` and `ExtendedPoint#toRawBytes()`
		5. Have `assertValidity()` which checks for being on-curve
		6. Have `toAffine()` and `x` / `y` getters which convert to 2d xy affine coordinates
		7. Have `isTorsionFree()`, `clearCofactor()` and `isSmallOrder()` utilities to handle torsions

		```ts
		interface ExtPointType extends Group<ExtPointType> {
		readonly ex: bigint;
		readonly ey: bigint;
		readonly ez: bigint;
		readonly et: bigint;
		assertValidity(): void;
		multiply(scalar: bigint): ExtPointType;
		multiplyUnsafe(scalar: bigint): ExtPointType;
		isSmallOrder(): boolean;
		isTorsionFree(): boolean;
		clearCofactor(): ExtPointType;
		toAffine(iz?: bigint): AffinePoint<bigint>;
		}
		// Static methods of Extended Point with coordinates in X, Y, Z, T
		interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
		new (x: bigint, y: bigint, z: bigint, t: bigint): ExtPointType;
		fromAffine(p: AffinePoint<bigint>): ExtPointType;
		fromHex(hex: Hex): ExtPointType;
		fromPrivateKey(privateKey: Hex): ExtPointType;
		}
		```

		Example implementing edwards25519:

		```ts
		import { twistedEdwards } from '@noble/curves/abstract/edwards';
		import { Field, div } from '@noble/curves/abstract/modular';
		import { Fp } from '@noble/curves/abstract/modular';
		import { sha512 } from '@noble/hashes/sha512';
		import { randomBytes } from '@noble/hashes/utils';

		const Fp = Field(2n ** 255n - 19n);
		const fp = Fp(2n ** 255n - 19n);
		const ed25519 = twistedEdwards({
		a: -1n,
		d: Fp.div(-121665n, 121666n), // -121665n/121666n mod p
		Fp,
		d: fp.div(-121665n, 121666n), // -121665n/121666n mod p
		Fp: fp,
		n: 2n ** 252n + 27742317777372353535851937790883648493n,
		@@ -440,5 +416,19 @@ h: 8n,

		`twistedEdwards()` returns `CurveFn` of following type:
		Twisted Edwards curve's formula is `ax² + y² = 1 + dx²y²`. You must specify `a`, `d`, field `Fp`, order `n`, cofactor `h`
		and coordinates `Gx`, `Gy` of generator point.

		For EdDSA signatures, `hash` param required. `adjustScalarBytes` which instructs how to change private scalars could be specified.

		Edwards points:

		1. Exported as `ExtendedPoint`
		2. Represented in extended coordinates: (x, y, z, t) ∋ (x=x/z, y=y/z)
		3. Use complete exception-free formulas for addition and doubling
		4. Can be decoded/encoded from/to Uint8Array / hex strings using `ExtendedPoint.fromHex` and `ExtendedPoint#toRawBytes()`
		5. Have `assertValidity()` which checks for being on-curve
		6. Have `toAffine()` and `x` / `y` getters which convert to 2d xy affine coordinates
		7. Have `isTorsionFree()`, `clearCofactor()` and `isSmallOrder()` utilities to handle torsions

		```ts
		// `twistedEdwards()` returns `CurveFn` of following type:
		type CurveFn = {
		@@ -461,2 +451,23 @@ CURVE: ReturnType<typeof validateOpts>;
		};

		interface ExtPointType extends Group<ExtPointType> {
		readonly ex: bigint;
		readonly ey: bigint;
		readonly ez: bigint;
		readonly et: bigint;
		assertValidity(): void;
		multiply(scalar: bigint): ExtPointType;
		multiplyUnsafe(scalar: bigint): ExtPointType;
		isSmallOrder(): boolean;
		isTorsionFree(): boolean;
		clearCofactor(): ExtPointType;
		toAffine(iz?: bigint): AffinePoint<bigint>;
		}
		// Static methods of Extended Point with coordinates in X, Y, Z, T
		interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
		new (x: bigint, y: bigint, z: bigint, t: bigint): ExtPointType;
		fromAffine(p: AffinePoint<bigint>): ExtPointType;
		fromHex(hex: Hex): ExtPointType;
		fromPrivateKey(privateKey: Hex): ExtPointType;
		}
		```
		@@ -466,11 +477,8 @@

		The module contains methods for x-only ECDH on Curve25519 / Curve448 from RFC7748. Proper Elliptic Curve Points are not implemented yet.

		You must specify curve params `Fp`, `a`, `Gu` coordinate of u, `montgomeryBits` and `nByteLength`.

		```typescript
		import { montgomery } from '@noble/curves/abstract/montgomery';
		import { Fp } from '@noble/curves/abstract/modular';

		const x25519 = montgomery({
		Fp: Field(2n ** 255n - 19n),
		Fp: Fp(2n ** 255n - 19n),
		a: 486662n,
		@@ -490,2 +498,7 @@ Gu: 9n,

		The module contains methods for x-only ECDH on Curve25519 / Curve448 from RFC7748.
		Proper Elliptic Curve Points are not implemented yet.

		You must specify curve params `Fp`, `a`, `Gu` coordinate of u, `montgomeryBits` and `nByteLength`.

		### abstract/hash-to-curve: Hashing strings to curve points
		@@ -531,15 +544,33 @@

		`hash_to_field(msg, count, options)` [(spec)](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3)
		`hash_to_field(msg, count, options)`
		[(spec)](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3)
		hashes arbitrary-length byte strings to a list of one or more elements of a finite field F.

		- `msg` a byte string containing the message to hash
		- `count` the number of elements of F to output
		- `options` `{DST: string, p: bigint, m: number, k: number, expand: 'xmd' \| 'xof', hash: H}`.
		- `p` is field prime, m=field extension (1 for prime fields)
		- `k` is security target in bits (e.g. 128).
		- `expand` should be `xmd` for SHA2, SHA3, BLAKE; `xof` for SHAKE, BLAKE-XOF
		- `hash` conforming to `utils.CHash` interface, with `outputLen` / `blockLen` props
		- Returns `[u_0, ..., u_(count - 1)]`, a list of field elements.
		```ts
		/**
		* * `DST` is a domain separation tag, defined in section 2.2.5
		* * `p` characteristic of F, where F is a finite field of characteristic p and order q = p^m
		* * `m` is extension degree (1 for prime fields)
		* * `k` is the target security target in bits (e.g. 128), from section 5.1
		* * `expand` is `xmd` (SHA2, SHA3, BLAKE) or `xof` (SHAKE, BLAKE-XOF)
		* * `hash` conforming to `utils.CHash` interface, with `outputLen` / `blockLen` props
		*/
		type UnicodeOrBytes = string \| Uint8Array;
		type Opts = {
		DST: UnicodeOrBytes;
		p: bigint;
		m: number;
		k: number;
		expand?: 'xmd' \| 'xof';
		hash: CHash;
		};

		```ts
		/**
		* Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F
		* https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3
		* @param msg a byte string containing the message to hash
		* @param count the number of elements of F to output
		* @param options `{DST: string, p: bigint, m: number, k: number, expand: 'xmd' \| 'xof', hash: H}`, see above
		* @returns [u_0, ..., u_(count - 1)], a list of field elements.
		*/
		function hash_to_field(msg: Uint8Array, count: number, options: Opts): bigint[][];
		@@ -546,0 +577,0 @@ ```

_shortw_utils.d.ts.map