@noble/curves

Package Overview

Dependencies

Maintainers

Versions

Alerts

File Explorer

Advanced tools

License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@noble/curves - npm Package Compare versions

Comparing version 0.8.3 to 0.9.0

_shortw_utils.d.ts

		@@ -15,3 +15,3 @@ import { randomBytes } from '@noble/hashes/utils';
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -44,2 +44,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -46,0 +47,0 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;

abstract/bls.d.ts

		@@ -15,3 +15,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { AffinePoint } from './curve.js';
		import { Field } from './modular.js';
		import { IField } from './modular.js';
		import { Hex, PrivKey, CHash } from './utils.js';
		@@ -37,5 +37,5 @@ import * as htf from './hash-to-curve.js';
		x: bigint;
		Fp: Field<Fp>;
		Fr: Field<bigint>;
		Fp2: Field<Fp2> & {
		Fp: IField<Fp>;
		Fr: IField<bigint>;
		Fp2: IField<Fp2> & {
		reim: (num: Fp2) => {
		@@ -48,4 +48,4 @@ re: bigint;
		};
		Fp6: Field<Fp6>;
		Fp12: Field<Fp12> & {
		Fp6: IField<Fp6>;
		Fp12: IField<Fp12> & {
		frobeniusMap(num: Fp12, power: number): Fp12;
		@@ -62,7 +62,7 @@ multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
		CURVE: CurveType<Fp, Fp2, Fp6, Fp12>;
		Fr: Field<bigint>;
		Fp: Field<Fp>;
		Fp2: Field<Fp2>;
		Fp6: Field<Fp6>;
		Fp12: Field<Fp12>;
		Fr: IField<bigint>;
		Fp: IField<Fp>;
		Fp2: IField<Fp2>;
		Fp6: IField<Fp6>;
		Fp12: IField<Fp12>;
		G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
		@@ -69,0 +69,0 @@ G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;

abstract/curve.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { Field } from './modular.js';
		import { IField } from './modular.js';
		export type AffinePoint<T> = {
		@@ -54,3 +54,3 @@ x: T;
		export type BasicCurve<T> = {
		Fp: Field<T>;
		Fp: IField<T>;
		n: bigint;
		@@ -68,3 +68,5 @@ nBitLength?: number;
		readonly nByteLength: number;
		} & BasicCurve<FP> & T>;
		} & BasicCurve<FP> & T & {
		p: bigint;
		}>;
		//# sourceMappingURL=curve.d.ts.map

abstract/curve.js

		@@ -154,5 +154,9 @@ "use strict";
		// Set defaults
		return Object.freeze({ ...(0, modular_js_1.nLength)(curve.n, curve.nBitLength), ...curve });
		return Object.freeze({
		...(0, modular_js_1.nLength)(curve.n, curve.nBitLength),
		...curve,
		...{ p: curve.Fp.ORDER },
		});
		}
		exports.validateBasic = validateBasic;
		//# sourceMappingURL=curve.js.map

abstract/edwards.d.ts

		@@ -21,3 +21,3 @@ import * as ut from './utils.js';
		readonly nByteLength: number;
		readonly Fp: import("./modular.js").Field<bigint>;
		readonly Fp: import("./modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -41,2 +41,3 @@ readonly h: bigint;
		readonly mapToCurve?: ((scalar: bigint[]) => AffinePoint<bigint>) \| undefined;
		readonly p: bigint;
		}>;
		@@ -43,0 +44,0 @@ export interface ExtPointType extends Group<ExtPointType> {

abstract/hash-to-curve.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import type { Group, GroupConstructor, AffinePoint } from './curve.js';
		import { Field } from './modular.js';
		import { IField } from './modular.js';
		import { CHash } from './utils.js';
		@@ -33,3 +33,3 @@ /**
		export declare function hash_to_field(msg: Uint8Array, count: number, options: Opts): bigint[][];
		export declare function isogenyMap<T, F extends Field<T>>(field: F, map: [T[], T[], T[], T[]]): (x: T, y: T) => {
		export declare function isogenyMap<T, F extends IField<T>>(field: F, map: [T[], T[], T[], T[]]): (x: T, y: T) => {
		x: T;
		@@ -36,0 +36,0 @@ y: T;

abstract/modular.d.ts

		@@ -11,6 +11,6 @@ export declare function mod(a: bigint, b: bigint): bigint;
		export declare function invert(number: bigint, modulo: bigint): bigint;
		export declare function tonelliShanks(P: bigint): <T>(Fp: Field<T>, n: T) => T;
		export declare function FpSqrt(P: bigint): <T>(Fp: Field<T>, n: T) => T;
		export declare function tonelliShanks(P: bigint): <T>(Fp: IField<T>, n: T) => T;
		export declare function FpSqrt(P: bigint): <T>(Fp: IField<T>, n: T) => T;
		export declare const isNegativeLE: (num: bigint, modulo: bigint) => boolean;
		export interface Field<T> {
		export interface IField<T> {
		ORDER: bigint;
		@@ -46,7 +46,7 @@ BYTES: number;
		}
		export declare function validateField<T>(field: Field<T>): Field<T>;
		export declare function FpPow<T>(f: Field<T>, num: T, power: bigint): T;
		export declare function FpInvertBatch<T>(f: Field<T>, nums: T[]): T[];
		export declare function FpDiv<T>(f: Field<T>, lhs: T, rhs: T \| bigint): T;
		export declare function FpIsSquare<T>(f: Field<T>): (x: T) => boolean;
		export declare function validateField<T>(field: IField<T>): IField<T>;
		export declare function FpPow<T>(f: IField<T>, num: T, power: bigint): T;
		export declare function FpInvertBatch<T>(f: IField<T>, nums: T[]): T[];
		export declare function FpDiv<T>(f: IField<T>, lhs: T, rhs: T \| bigint): T;
		export declare function FpIsSquare<T>(f: IField<T>): (x: T) => boolean;
		export declare function nLength(n: bigint, nBitLength?: number): {
		@@ -56,7 +56,19 @@ nBitLength: number;
		};
		type FpField = Field<bigint> & Required<Pick<Field<bigint>, 'isOdd'>>;
		export declare function Fp(ORDER: bigint, bitLen?: number, isLE?: boolean, redef?: Partial<Field<bigint>>): Readonly<FpField>;
		export declare function FpSqrtOdd<T>(Fp: Field<T>, elm: T): T;
		export declare function FpSqrtEven<T>(Fp: Field<T>, elm: T): T;
		type FpField = IField<bigint> & Required<Pick<IField<bigint>, 'isOdd'>>;
		/**
		* Initializes a galois field over prime. Non-primes are not supported for now.
		* Do not init in loop: slow. Very fragile: always run a benchmark on change.
		* Major performance gains:
		* a) non-normalized operations like mulN instead of mul
		* b) `Object.freeze`
		* c) Same object shape: never add or remove keys
		* @param ORDER prime positive bigint
		* @param bitLen how many bits the field consumes
		* @param isLE (def: false) if encoding / decoding should be in little-endian
		* @param redef optional faster redefinitions of sqrt and other methods
		*/
		export declare function Field(ORDER: bigint, bitLen?: number, isLE?: boolean, redef?: Partial<IField<bigint>>): Readonly<FpField>;
		export declare function FpSqrtOdd<T>(Fp: IField<T>, elm: T): T;
		export declare function FpSqrtEven<T>(Fp: IField<T>, elm: T): T;
		/**
		* FIPS 186 B.4.1-compliant "constant-time" private key generation utility.
		@@ -63,0 +75,0 @@ * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF

abstract/modular.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.hashToPrivateScalar = exports.FpSqrtEven = exports.FpSqrtOdd = exports.Fp = exports.nLength = exports.FpIsSquare = exports.FpDiv = exports.FpInvertBatch = exports.FpPow = exports.validateField = exports.isNegativeLE = exports.FpSqrt = exports.tonelliShanks = exports.invert = exports.pow2 = exports.pow = exports.mod = void 0;
		exports.hashToPrivateScalar = exports.FpSqrtEven = exports.FpSqrtOdd = exports.Field = exports.nLength = exports.FpIsSquare = exports.FpDiv = exports.FpInvertBatch = exports.FpPow = exports.validateField = exports.isNegativeLE = exports.FpSqrt = exports.tonelliShanks = exports.invert = exports.pow2 = exports.pow = exports.mod = void 0;
		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		@@ -240,2 +240,3 @@ // Utilities for modular arithmetics and finite fields
		exports.FpPow = FpPow;
		// 0 is non-invertible: non-batched version will throw on 0
		function FpInvertBatch(f, nums) {
		@@ -283,3 +284,15 @@ const tmp = new Array(nums.length);
		exports.nLength = nLength;
		function Fp(ORDER, bitLen, isLE = false, redef = {}) {
		/**
		* Initializes a galois field over prime. Non-primes are not supported for now.
		* Do not init in loop: slow. Very fragile: always run a benchmark on change.
		* Major performance gains:
		* a) non-normalized operations like mulN instead of mul
		* b) `Object.freeze`
		* c) Same object shape: never add or remove keys
		* @param ORDER prime positive bigint
		* @param bitLen how many bits the field consumes
		* @param isLE (def: false) if encoding / decoding should be in little-endian
		* @param redef optional faster redefinitions of sqrt and other methods
		*/
		function Field(ORDER, bitLen, isLE = false, redef = {}) {
		if (ORDER <= _0n)
		@@ -334,3 +347,3 @@ throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);
		}
		exports.Fp = Fp;
		exports.Field = Field;
		function FpSqrtOdd(Fp, elm) {
		@@ -337,0 +350,0 @@ if (!Fp.isOdd)

abstract/poseidon.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { Field } from './modular.js';
		import { IField } from './modular.js';
		export type PoseidonOpts = {
		Fp: Field<bigint>;
		Fp: IField<bigint>;
		t: number;
		@@ -18,3 +18,3 @@ roundsFull: number;
		mds: bigint[][];
		Fp: Field<bigint>;
		Fp: IField<bigint>;
		t: number;
		@@ -21,0 +21,0 @@ roundsFull: number;

abstract/weierstrass.d.ts

		@@ -81,4 +81,4 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		export type CurvePointsType<T> = BasicWCurve<T> & {
		fromBytes: (bytes: Uint8Array) => AffinePoint<T>;
		toBytes: (c: ProjConstructor<T>, point: ProjPointType<T>, compressed: boolean) => Uint8Array;
		fromBytes?: (bytes: Uint8Array) => AffinePoint<T>;
		toBytes?: (c: ProjConstructor<T>, point: ProjPointType<T>, isCompressed: boolean) => Uint8Array;
		};
		@@ -92,2 +92,23 @@ export type CurvePointsRes<T> = {
		export declare function weierstrassPoints<T>(opts: CurvePointsType<T>): {
		CURVE: Readonly<{
		readonly nBitLength: number;
		readonly nByteLength: number;
		readonly Fp: mod.IField<T>;
		readonly n: bigint;
		readonly h: bigint;
		readonly hEff?: bigint \| undefined;
		readonly Gx: T;
		readonly Gy: T;
		readonly allowInfinityPoint?: boolean \| undefined;
		readonly a: T;
		readonly b: T;
		readonly allowedPrivateKeyLengths?: readonly number[] \| undefined;
		readonly wrapPrivateKey?: boolean \| undefined;
		readonly endo?: EndomorphismOpts \| undefined;
		readonly isTorsionFree?: ((c: ProjConstructor<T>, point: ProjPointType<T>) => boolean) \| undefined;
		readonly clearCofactor?: ((c: ProjConstructor<T>, point: ProjPointType<T>) => ProjPointType<T>) \| undefined;
		readonly fromBytes?: ((bytes: Uint8Array) => AffinePoint<T>) \| undefined;
		readonly toBytes?: ((c: ProjConstructor<T>, point: ProjPointType<T>, isCompressed: boolean) => Uint8Array) \| undefined;
		readonly p: bigint;
		}>;
		ProjectivePoint: ProjConstructor<T>;
		@@ -133,3 +154,3 @@ normPrivateKeyToScalar: (key: PrivKey) => bigint;
		readonly nByteLength: number;
		readonly Fp: mod.Field<bigint>;
		readonly Fp: mod.IField<bigint>;
		readonly n: bigint;
		@@ -154,2 +175,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -172,7 +194,7 @@ export type CurveFn = {
		export declare function weierstrass(curveDef: CurveType): CurveFn;
		export declare function SWUFpSqrtRatio<T>(Fp: mod.Field<T>, Z: T): (u: T, v: T) => {
		export declare function SWUFpSqrtRatio<T>(Fp: mod.IField<T>, Z: T): (u: T, v: T) => {
		isValid: boolean;
		value: T;
		};
		export declare function mapToCurveSimpleSWU<T>(Fp: mod.Field<T>, opts: {
		export declare function mapToCurveSimpleSWU<T>(Fp: mod.IField<T>, opts: {
		A: T;
		@@ -179,0 +201,0 @@ B: T;

abstract/weierstrass.js

		@@ -15,4 +15,2 @@ "use strict";
		b: 'field',
		fromBytes: 'function',
		toBytes: 'function',
		}, {
		@@ -24,2 +22,4 @@ allowedPrivateKeyLengths: 'array',
		allowInfinityPoint: 'boolean',
		fromBytes: 'function',
		toBytes: 'function',
		});
		@@ -99,2 +99,16 @@ const { endo, Fp, a } = opts;
		const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ
		const toBytes = CURVE.toBytes \|\|
		((c, point, isCompressed) => {
		const a = point.toAffine();
		return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));
		});
		const fromBytes = CURVE.fromBytes \|\|
		((bytes) => {
		// const head = bytes[0];
		const tail = bytes.subarray(1);
		// if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');
		const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
		const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
		return { x, y };
		});
		/**
		@@ -202,3 +216,3 @@ * y² = x³ + ax + b: Short weierstrass curve formula
		static fromHex(hex) {
		const P = Point.fromAffine(CURVE.fromBytes((0, utils_js_1.ensureBytes)('pointHex', hex)));
		const P = Point.fromAffine(fromBytes((0, utils_js_1.ensureBytes)('pointHex', hex)));
		P.assertValidity();
		@@ -484,3 +498,3 @@ return P;
		this.assertValidity();
		return CURVE.toBytes(Point, this, isCompressed);
		return toBytes(Point, this, isCompressed);
		}
		@@ -496,2 +510,3 @@ toHex(isCompressed = true) {
		return {
		CURVE,
		ProjectivePoint: Point,
		@@ -519,4 +534,3 @@ normPrivateKeyToScalar,
		const CURVE = validateOpts(curveDef);
		const CURVE_ORDER = CURVE.n;
		const Fp = CURVE.Fp;
		const { Fp, n: CURVE_ORDER } = CURVE;
		const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32
		@@ -523,0 +537,0 @@ const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32

bls12-381.d.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { CurveFn } from './abstract/bls.js';
		import * as mod from './abstract/modular.js';
		declare const Fp: Readonly<mod.Field<bigint> & Required<Pick<mod.Field<bigint>, "isOdd">>>;
		declare const Fp: Readonly<mod.IField<bigint> & Required<Pick<mod.IField<bigint>, "isOdd">>>;
		type Fp = bigint;
		@@ -21,3 +21,3 @@ type BigintTuple = [bigint, bigint];
		};
		declare const Fp2: mod.Field<Fp2> & Fp2Utils;
		declare const Fp2: mod.IField<Fp2> & Fp2Utils;
		type BigintSix = [bigint, bigint, bigint, bigint, bigint, bigint];
		@@ -37,3 +37,3 @@ type Fp6 = {
		};
		declare const Fp6: mod.Field<Fp6> & Fp6Utils;
		declare const Fp6: mod.IField<Fp6> & Fp6Utils;
		type Fp12 = {
		@@ -67,5 +67,5 @@ c0: Fp6;
		};
		declare const Fp12: mod.Field<Fp12> & Fp12Utils;
		declare const Fp12: mod.IField<Fp12> & Fp12Utils;
		export declare const bls12_381: CurveFn<Fp, Fp2, Fp6, Fp12>;
		export {};
		//# sourceMappingURL=bls12-381.d.ts.map

bls12-381.js

		@@ -59,6 +59,6 @@ "use strict";
		// Finite field over p.
		const Fp = mod.Fp(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn);
		const Fp = mod.Field(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn);
		// Finite field over r.
		// This particular field is not used anywhere in bls12-381, but it is still useful.
		const Fr = mod.Fp(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);
		const Fr = mod.Field(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);
		const Fp2Add = ({ c0, c1 }, { c0: r0, c1: r1 }) => ({
		@@ -65,0 +65,0 @@ c0: Fp.add(c0, r0),

bn.js

		@@ -18,3 +18,3 @@ "use strict";
		b: BigInt(3),
		Fp: (0, modular_js_1.Fp)(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		Fp: (0, modular_js_1.Field)(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		n: BigInt('0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001'),
		@@ -21,0 +21,0 @@ Gx: BigInt(1),

ed25519.js

		@@ -85,3 +85,3 @@ "use strict";
		];
		const Fp = (0, modular_js_1.Fp)(ED25519_P, undefined, true);
		const Fp = (0, modular_js_1.Field)(ED25519_P, undefined, true);
		const ED25519_DEF = {
		@@ -88,0 +88,0 @@ // Param: a

ed448.js

		@@ -52,3 +52,3 @@ "use strict";
		}
		const Fp = (0, modular_js_1.Fp)(ed448P, 456, true);
		const Fp = (0, modular_js_1.Field)(ed448P, 456, true);
		const ED448_DEF = {
		@@ -55,0 +55,0 @@ // Param: a

esm/abstract/curve.js

		@@ -150,4 +150,8 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		// Set defaults
		return Object.freeze({ ...nLength(curve.n, curve.nBitLength), ...curve });
		return Object.freeze({
		...nLength(curve.n, curve.nBitLength),
		...curve,
		...{ p: curve.Fp.ORDER },
		});
		}
		//# sourceMappingURL=curve.js.map

esm/abstract/modular.js

		@@ -228,2 +228,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		}
		// 0 is non-invertible: non-batched version will throw on 0
		export function FpInvertBatch(f, nums) {
		@@ -267,3 +268,15 @@ const tmp = new Array(nums.length);
		}
		export function Fp(ORDER, bitLen, isLE = false, redef = {}) {
		/**
		* Initializes a galois field over prime. Non-primes are not supported for now.
		* Do not init in loop: slow. Very fragile: always run a benchmark on change.
		* Major performance gains:
		* a) non-normalized operations like mulN instead of mul
		* b) `Object.freeze`
		* c) Same object shape: never add or remove keys
		* @param ORDER prime positive bigint
		* @param bitLen how many bits the field consumes
		* @param isLE (def: false) if encoding / decoding should be in little-endian
		* @param redef optional faster redefinitions of sqrt and other methods
		*/
		export function Field(ORDER, bitLen, isLE = false, redef = {}) {
		if (ORDER <= _0n)
		@@ -270,0 +283,0 @@ throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);

esm/abstract/weierstrass.js

		@@ -12,4 +12,2 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		b: 'field',
		fromBytes: 'function',
		toBytes: 'function',
		}, {
		@@ -21,2 +19,4 @@ allowedPrivateKeyLengths: 'array',
		allowInfinityPoint: 'boolean',
		fromBytes: 'function',
		toBytes: 'function',
		});
		@@ -96,2 +96,16 @@ const { endo, Fp, a } = opts;
		const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ
		const toBytes = CURVE.toBytes \|\|
		((c, point, isCompressed) => {
		const a = point.toAffine();
		return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));
		});
		const fromBytes = CURVE.fromBytes \|\|
		((bytes) => {
		// const head = bytes[0];
		const tail = bytes.subarray(1);
		// if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');
		const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
		const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
		return { x, y };
		});
		/**
		@@ -199,3 +213,3 @@ * y² = x³ + ax + b: Short weierstrass curve formula
		static fromHex(hex) {
		const P = Point.fromAffine(CURVE.fromBytes(ensureBytes('pointHex', hex)));
		const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));
		P.assertValidity();
		@@ -481,3 +495,3 @@ return P;
		this.assertValidity();
		return CURVE.toBytes(Point, this, isCompressed);
		return toBytes(Point, this, isCompressed);
		}
		@@ -493,2 +507,3 @@ toHex(isCompressed = true) {
		return {
		CURVE,
		ProjectivePoint: Point,
		@@ -515,4 +530,3 @@ normPrivateKeyToScalar,
		const CURVE = validateOpts(curveDef);
		const CURVE_ORDER = CURVE.n;
		const Fp = CURVE.Fp;
		const { Fp, n: CURVE_ORDER } = CURVE;
		const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32
		@@ -519,0 +533,0 @@ const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32

esm/bls12-381.js

		@@ -56,6 +56,6 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		// Finite field over p.
		const Fp = mod.Fp(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn);
		const Fp = mod.Field(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn);
		// Finite field over r.
		// This particular field is not used anywhere in bls12-381, but it is still useful.
		const Fr = mod.Fp(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);
		const Fr = mod.Field(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);
		const Fp2Add = ({ c0, c1 }, { c0: r0, c1: r1 }) => ({
		@@ -62,0 +62,0 @@ c0: Fp.add(c0, r0),

esm/bn.js

		@@ -5,3 +5,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { getHash } from './_shortw_utils.js';
		import { Fp } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		/**
		@@ -16,3 +16,3 @@ * bn254 pairing-friendly curve.
		b: BigInt(3),
		Fp: Fp(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		Fp: Field(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		n: BigInt('0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001'),
		@@ -19,0 +19,0 @@ Gx: BigInt(1),

esm/ed25519.js

		@@ -6,3 +6,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { montgomery } from './abstract/montgomery.js';
		import { mod, pow2, isNegativeLE, Fp as Field, FpSqrtEven } from './abstract/modular.js';
		import { mod, pow2, isNegativeLE, Field, FpSqrtEven } from './abstract/modular.js';
		import { equalBytes, bytesToHex, bytesToNumberLE, numberToBytesLE, ensureBytes, } from './abstract/utils.js';
		@@ -9,0 +9,0 @@ import * as htf from './abstract/hash-to-curve.js';

esm/ed448.js

		@@ -5,3 +5,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { twistedEdwards } from './abstract/edwards.js';
		import { mod, pow2, Fp as Field } from './abstract/modular.js';
		import { mod, pow2, Field } from './abstract/modular.js';
		import { montgomery } from './abstract/montgomery.js';
		@@ -8,0 +8,0 @@ import * as htf from './abstract/hash-to-curve.js';

esm/jubjub.js

		@@ -6,3 +6,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { blake2s } from '@noble/hashes/blake2s';
		import { Fp } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		/**
		@@ -19,3 +19,3 @@ * jubjub Twisted Edwards curve.
		// Same value as bls12-381 Fr (not Fp)
		Fp: Fp(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		Fp: Field(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		// Subgroup order: how many points curve has
		@@ -22,0 +22,0 @@ n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),

esm/p256.js

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha256 } from '@noble/hashes/sha256';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

esm/p384.js

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha384 } from '@noble/hashes/sha512';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

esm/p521.js

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha512 } from '@noble/hashes/sha512';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

esm/pasta.js

		@@ -12,3 +12,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		b: BigInt(5),
		Fp: mod.Fp(p),
		Fp: mod.Field(p),
		n: q,
		@@ -24,3 +24,3 @@ Gx: mod.mod(BigInt(-1), p),
		b: BigInt(5),
		Fp: mod.Fp(q),
		Fp: mod.Field(q),
		n: p,
		@@ -27,0 +27,0 @@ Gx: mod.mod(BigInt(-1), q),

esm/secp256k1.js

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { sha256 } from '@noble/hashes/sha256';
		import { randomBytes } from '@noble/hashes/utils';
		import { Fp as Field, mod, pow2 } from './abstract/modular.js';
		import { Field, mod, pow2 } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import { bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE } from './abstract/utils.js';

jubjub.js

		@@ -21,3 +21,3 @@ "use strict";
		// Same value as bls12-381 Fr (not Fp)
		Fp: (0, modular_js_1.Fp)(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		Fp: (0, modular_js_1.Field)(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		// Subgroup order: how many points curve has
		@@ -24,0 +24,0 @@ n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),

p256.d.ts

		@@ -7,3 +7,3 @@ import * as htf from './abstract/hash-to-curve.js';
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -36,2 +36,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -59,3 +60,3 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -88,2 +89,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -90,0 +92,0 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;

p256.js

		@@ -13,3 +13,3 @@ "use strict";
		// Field over which we'll do calculations; 2n*224n (2n32n-1n) + 2n192n + 2n**96n-1n
		const Fp = (0, modular_js_1.Fp)(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
		const Fp = (0, modular_js_1.Field)(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
		const CURVE_A = Fp.create(BigInt('-3'));
		@@ -16,0 +16,0 @@ const CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');

p384.d.ts

		@@ -7,3 +7,3 @@ import * as htf from './abstract/hash-to-curve.js';
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -36,2 +36,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -59,3 +60,3 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -88,2 +89,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -90,0 +92,0 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;

p384.js

		@@ -15,3 +15,3 @@ "use strict";
		const P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');
		const Fp = (0, modular_js_1.Fp)(P);
		const Fp = (0, modular_js_1.Field)(P);
		const CURVE_A = Fp.create(BigInt('-3'));
		@@ -18,0 +18,0 @@ // prettier-ignore

p521.d.ts

		@@ -7,3 +7,3 @@ import * as htf from './abstract/hash-to-curve.js';
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -36,2 +36,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -59,3 +60,3 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -88,2 +89,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -90,0 +92,0 @@ getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;

p521.js

		@@ -16,3 +16,3 @@ "use strict";
		const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
		const Fp = (0, modular_js_1.Fp)(P);
		const Fp = (0, modular_js_1.Field)(P);
		const CURVE_A = Fp.create(BigInt('-3'));
		@@ -19,0 +19,0 @@ // prettier-ignore

package.json

		{
		"name": "@noble/curves",
		"version": "0.8.3",
		"description": "Minimal, auditable JS implementation of elliptic curve cryptography",
		"version": "0.9.0",
		"description": "Audited & minimal JS implementation of elliptic curve cryptography",
		"files": [
		@@ -34,4 +34,4 @@ "abstract",
		"devDependencies": {
		"@scure/bip32": "~1.1.5",
		"@scure/bip39": "~1.1.1",
		"@scure/bip32": "~1.2.0",
		"@scure/bip39": "~1.2.0",
		"@types/node": "18.11.18",
		@@ -175,3 +175,3 @@ "fast-check": "3.0.0",
		"bls",
		"nist",
		"noble",
		"ecc",
		@@ -178,0 +178,0 @@ "ecdsa",

pasta.js

		@@ -15,3 +15,3 @@ "use strict";
		b: BigInt(5),
		Fp: mod.Fp(exports.p),
		Fp: mod.Field(exports.p),
		n: exports.q,
		@@ -27,3 +27,3 @@ Gx: mod.mod(BigInt(-1), exports.p),
		b: BigInt(5),
		Fp: mod.Fp(exports.q),
		Fp: mod.Field(exports.q),
		n: exports.p,
		@@ -30,0 +30,0 @@ Gx: mod.mod(BigInt(-1), exports.q),

141

README.md

		# noble-curves

		[Audited](#security) & minimal JS implementation of elliptic curve cryptography.
		Audited & minimal JS implementation of elliptic curve cryptography.

		- noble family, zero dependencies
		- Short Weierstrass, Edwards, Montgomery curves
		- ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement
		- 🔒 [Audited](#security) by an independent security firm
		- #️⃣ [hash to curve](#abstracthash-to-curve-hashing-strings-to-curve-points)
		@@ -14,18 +14,4 @@ for encoding or hashing an arbitrary string to an elliptic curve point
		[cryptofuzz](https://github.com/guidovranken/cryptofuzz) differential fuzzing
		- 🔻 Tree-shaking-friendly: there is no entry point, which ensures small size of your app
		- 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included

		Package consists of two parts:

		1. [Abstract](#abstract-api), zero-dependency EC algorithms
		2. [Implementations](#implementations), utilizing one dependency `@noble/hashes`,
		providing ready-to-use:
		- NIST curves secp256r1/P256, secp384r1/P384, secp521r1/P521
		- SECG curve secp256k1
		- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448
		implementing
		[RFC7748](https://www.rfc-editor.org/rfc/rfc7748) /
		[RFC8032](https://www.rfc-editor.org/rfc/rfc8032) /
		[ZIP215](https://zips.z.cash/zip-0215) standards
		- pairing-friendly curves bls12-381, bn254

		Check out [Upgrading](#upgrading) if you've previously used single-feature noble
		@@ -41,3 +27,3 @@ packages ([secp256k1](https://github.com/paulmillr/noble-secp256k1),
		- No dependencies, protection against supply chain attacks
		- Easily auditable TypeScript/JS code
		- Auditable TypeScript / JS code
		- Supported in all major browsers and stable node.js versions
		@@ -47,3 +33,3 @@ - All releases are signed with PGP keys
		[curves](https://github.com/paulmillr/noble-curves)
		([secp256k1](https://github.com/paulmillr/noble-secp256k1),
		(4kb versions [secp256k1](https://github.com/paulmillr/noble-secp256k1),
		[ed25519](https://github.com/paulmillr/noble-ed25519)),
		@@ -67,2 +53,16 @@ [hashes](https://github.com/paulmillr/noble-hashes)

		Package consists of two parts:

		1. [Implementations](#implementations), utilizing one dependency `@noble/hashes`,
		providing ready-to-use:
		- NIST curves secp256r1/P256, secp384r1/P384, secp521r1/P521
		- SECG curve secp256k1
		- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448
		implementing
		[RFC7748](https://www.rfc-editor.org/rfc/rfc7748) /
		[RFC8032](https://www.rfc-editor.org/rfc/rfc8032) /
		[ZIP215](https://zips.z.cash/zip-0215) standards
		- pairing-friendly curves bls12-381, bn254
		2. [Abstract](#abstract-api), zero-dependency EC algorithms

		### Implementations
		@@ -159,2 +159,9 @@

		Every curve has params:

		```ts
		import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
		console.log(secp256k1.CURVE.p, secp256k1.CURVE.n, secp256k1.CURVE.a, secp256k1.CURVE.b);
		```

		BLS12-381 pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to
		@@ -224,3 +231,3 @@ construct [zk-SNARKs](https://z.cash/technology/zksnarks/) at the 128-bit security
		import { weierstrass } from '@noble/curves/abstract/weierstrass';
		import { Fp } from '@noble/curves/abstract/modular'; // finite field for mod arithmetics
		import { Field } from '@noble/curves/abstract/modular'; // finite field for mod arithmetics
		import { sha256 } from '@noble/hashes/sha256'; // 3rd-party sha256() of type utils.CHash
		@@ -235,3 +242,3 @@ import { hmac } from '@noble/hashes/hmac'; // 3rd-party hmac() that will accept sha256()
		b: 7n,
		Fp: Fp(2n ** 256n - 432420386565659656852420866394968145599n),
		Fp: Field(2n ** 256n - 432420386565659656852420866394968145599n),
		n: 2n 256n - 2n 32n - 2n 9n - 2n 8n - 2n 7n - 2n 6n - 2n ** 4n - 1n,
		@@ -244,2 +251,4 @@ Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,
		});

		// weierstrassPoints can also be used if you don't need ECDSA, hash, hmac, randomBytes
		```
		@@ -276,2 +285,3 @@
		```ts
		// `weierstrassPoints()` returns `CURVE` and `ProjectivePoint`
		// `weierstrass()` returns `CurveFn`
		@@ -371,2 +381,3 @@ type SignOpts = { lowS?: boolean; prehash?: boolean; extraEntropy: boolean \| Uint8Array };
		secq256k1.CURVE.n;
		secq256k1.CURVE.p;
		secq256k1.CURVE.Fp.mod();
		@@ -384,11 +395,11 @@ secq256k1.CURVE.hash();
		import { twistedEdwards } from '@noble/curves/abstract/edwards';
		import { Fp } from '@noble/curves/abstract/modular';
		import { Field } from '@noble/curves/abstract/modular';
		import { sha512 } from '@noble/hashes/sha512';
		import { randomBytes } from '@noble/hashes/utils';

		const fp = Fp(2n ** 255n - 19n);
		const Fp = Field(2n ** 255n - 19n);
		const ed25519 = twistedEdwards({
		a: -1n,
		d: fp.div(-121665n, 121666n), // -121665n/121666n mod p
		Fp: fp,
		d: Fp.div(-121665n, 121666n), // -121665n/121666n mod p
		Fp: Fp,
		n: 2n ** 252n + 27742317777372353535851937790883648493n,
		@@ -471,8 +482,8 @@ h: 8n,
		import { montgomery } from '@noble/curves/abstract/montgomery';
		import { Fp } from '@noble/curves/abstract/modular';
		import { Field } from '@noble/curves/abstract/modular';

		const x25519 = montgomery({
		Fp: Fp(2n ** 255n - 19n),
		a: 486662n,
		Gu: 9n,
		Fp: Field(2n ** 255n - 19n),
		montgomeryBits: 255,
		@@ -750,2 +761,9 @@ nByteLength: 32,

		## Contributing & testing

		1. Clone the repository
		2. `npm install` to install build dependencies like TypeScript
		3. `npm run build` to compile TypeScript code
		4. `npm run test` will execute all main tests

		## Resources
		@@ -766,42 +784,49 @@
		- Others
		- All curves demo: Elliptic curve calculator [paulmillr.com/ecc](https://paulmillr.com/ecc)
		- All curves demo: Elliptic curve calculator [paulmillr.com/noble](https://paulmillr.com/noble)
		- [micro-starknet](https://github.com/paulmillr/micro-starknet) for stark-friendly elliptic curve.

		## Upgrading

		If you're coming from single-feature noble packages, the following changes need to be kept in mind:
		Previously, the library was split into single-feature packages
		noble-secp256k1 and noble-ed25519. curves can be thought as a continuation of their
		original work. The libraries now changed their direction towards providing
		minimal 4kb implementations of cryptography and are not as feature-complete.

		- 2d affine (x, y) points have been removed to reduce complexity and improve speed
		- Removed `number` support as a type for private keys, `bigint` is still supported
		- `mod`, `invert` are no longer present in `utils`: use `@noble/curves/abstract/modular`
		Upgrading from [@noble/secp256k1](https://github.com/paulmillr/noble-secp256k1) 1.7:

		Upgrading from @noble/secp256k1 1.7:
		- `getPublicKey`
		- now produce 33-byte compressed signatures by default
		- to use old behavior, which produced 65-byte uncompressed keys, set
		argument `isCompressed` to `false`: `getPublicKey(priv, false)`
		- `sign`
		- is now sync; use `signAsync` for async version
		- now returns `Signature` instance with `{ r, s, recovery }` properties
		- `canonical` option was renamed to `lowS`
		- `recovered` option has been removed because recovery bit is always returned now
		- `der` option has been removed. There are 2 options:
		1. Use compact encoding: `fromCompact`, `toCompactRawBytes`, `toCompactHex`.
		Compact encoding is simply a concatenation of 32-byte r and 32-byte s.
		2. If you must use DER encoding, switch to noble-curves (see above).
		- `verify`
		- `strict` option was renamed to `lowS`
		- `getSharedSecret`
		- now produce 33-byte compressed signatures by default
		- to use old behavior, which produced 65-byte uncompressed keys, set
		argument `isCompressed` to `false`: `getSharedSecret(a, b, false)`
		- `recoverPublicKey(msg, sig, rec)` was changed to `sig.recoverPublicKey(msg)`
		- `number` type for private keys have been removed: use `bigint` instead
		- `Point` (2d xy) has been changed to `ProjectivePoint` (3d xyz)
		- `utils` were split into `utils` (same api as in noble-curves) and
		`etc` (`hmacSha256Sync` and others)

		- Compressed (33-byte) public keys are now returned by default, instead of uncompressed
		- Methods are now synchronous. Setting `secp.utils.hmacSha256` is no longer required
		- `sign()`
		- `der`, `recovered` options were removed
		- `canonical` was renamed to `lowS`
		- Return type is now `{ r: bigint, s: bigint, recovery: number }` instance of `Signature`
		- `verify()`
		- `strict` was renamed to `lowS`
		- `recoverPublicKey()`: moved to sig instance `Signature#recoverPublicKey(msgHash)`
		- `Point` was removed: use `ProjectivePoint` in xyz coordinates
		- `utils`: Many methods were removed, others were moved to `schnorr` namespace
		Upgrading from [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) 1.7:

		Upgrading from @noble/ed25519 1.7:

		- Methods are now synchronous. Setting `secp.utils.hmacSha256` is no longer required
		- ed25519ph, ed25519ctx
		- `Point` was removed: use `ExtendedPoint` in xyzt coordinates
		- `Signature` was removed
		- `getSharedSecret` was removed: use separate x25519 sub-module
		- Methods are now sync by default
		- `bigint` is no longer allowed in `getPublicKey`, `sign`, `verify`. Reason: ed25519 is LE, can lead to bugs
		- `Point` (2d xy) has been changed to `ExtendedPoint` (xyzt)
		- `Signature` was removed: just use raw bytes or hex now
		- `utils` were split into `utils` (same api as in noble-curves) and
		`etc` (`sha512Sync` and others)
		- `getSharedSecret` was moved to `x25519` module

		## Contributing & testing

		1. Clone the repository
		2. `npm install` to install build dependencies like TypeScript
		3. `npm run build` to compile TypeScript code
		4. `npm run test` will execute all main tests

		## License
		@@ -808,0 +833,0 @@

secp256k1.d.ts

		@@ -11,3 +11,3 @@ import { mod } from './abstract/modular.js';
		readonly nByteLength: number;
		readonly Fp: import("./abstract/modular.js").Field<bigint>;
		readonly Fp: import("./abstract/modular.js").IField<bigint>;
		readonly n: bigint;
		@@ -40,2 +40,3 @@ readonly h: bigint;
		readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) \| undefined;
		readonly p: bigint;
		}>;
		@@ -42,0 +43,0 @@ getPublicKey: (privateKey: PrivKey, isCompressed?: boolean \| undefined) => Uint8Array;

secp256k1.js

		@@ -46,3 +46,3 @@ "use strict";
		}
		const Fp = (0, modular_js_1.Fp)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
		const Fp = (0, modular_js_1.Field)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
		exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
		@@ -49,0 +49,0 @@ a: BigInt(0),

src/abstract/bls.ts

		@@ -15,3 +15,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { AffinePoint } from './curve.js';
		import { Field, hashToPrivateScalar } from './modular.js';
		import { IField, hashToPrivateScalar } from './modular.js';
		import { Hex, PrivKey, CHash, bitLen, bitGet, ensureBytes } from './utils.js';
		@@ -45,5 +45,5 @@ import * as htf from './hash-to-curve.js';
		x: bigint;
		Fp: Field<Fp>;
		Fr: Field<bigint>;
		Fp2: Field<Fp2> & {
		Fp: IField<Fp>;
		Fr: IField<bigint>;
		Fp2: IField<Fp2> & {
		reim: (num: Fp2) => { re: bigint; im: bigint };
		@@ -53,4 +53,4 @@ multiplyByB: (num: Fp2) => Fp2;
		};
		Fp6: Field<Fp6>;
		Fp12: Field<Fp12> & {
		Fp6: IField<Fp6>;
		Fp12: IField<Fp12> & {
		frobeniusMap(num: Fp12, power: number): Fp12;
		@@ -68,7 +68,7 @@ multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
		CURVE: CurveType<Fp, Fp2, Fp6, Fp12>;
		Fr: Field<bigint>;
		Fp: Field<Fp>;
		Fp2: Field<Fp2>;
		Fp6: Field<Fp6>;
		Fp12: Field<Fp12>;
		Fr: IField<bigint>;
		Fp: IField<Fp>;
		Fp2: IField<Fp2>;
		Fp6: IField<Fp6>;
		Fp12: IField<Fp12>;
		G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
		@@ -75,0 +75,0 @@ G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;

src/abstract/curve.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		// Abelian group utilities
		import { Field, validateField, nLength } from './modular.js';
		import { IField, validateField, nLength } from './modular.js';
		import { validateObject } from './utils.js';
		@@ -171,3 +171,3 @@ const _0n = BigInt(0);
		export type BasicCurve<T> = {
		Fp: Field<T>; // Field over which we'll do calculations (Fp)
		Fp: IField<T>; // Field over which we'll do calculations (Fp)
		n: bigint; // Curve order, total count of valid points in the field
		@@ -199,3 +199,7 @@ nBitLength?: number; // bit length of curve order
		// Set defaults
		return Object.freeze({ ...nLength(curve.n, curve.nBitLength), ...curve } as const);
		return Object.freeze({
		...nLength(curve.n, curve.nBitLength),
		...curve,
		...{ p: curve.Fp.ORDER },
		} as const);
		}

src/abstract/hash-to-curve.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import type { Group, GroupConstructor, AffinePoint } from './curve.js';
		import { mod, Field } from './modular.js';
		import { mod, IField } from './modular.js';
		import { bytesToNumberBE, CHash, concatBytes, utf8ToBytes, validateObject } from './utils.js';
		@@ -166,3 +166,3 @@

		export function isogenyMap<T, F extends Field<T>>(field: F, map: [T[], T[], T[], T[]]) {
		export function isogenyMap<T, F extends IField<T>>(field: F, map: [T[], T[], T[], T[]]) {
		// Make same order as in spec
		@@ -169,0 +169,0 @@ const COEFF = map.map((i) => Array.from(i).reverse());

src/abstract/modular.ts

		@@ -100,3 +100,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		const p1div4 = (P + _1n) / _4n;
		return function tonelliFast<T>(Fp: Field<T>, n: T) {
		return function tonelliFast<T>(Fp: IField<T>, n: T) {
		const root = Fp.pow(n, p1div4);
		@@ -110,3 +110,3 @@ if (!Fp.eql(Fp.sqr(root), n)) throw new Error('Cannot find square root');
		const Q1div2 = (Q + _1n) / _2n;
		return function tonelliSlow<T>(Fp: Field<T>, n: T): T {
		return function tonelliSlow<T>(Fp: IField<T>, n: T): T {
		// Step 0: Check that n is indeed a square: (n \| p) should not be ≡ -1
		@@ -151,3 +151,3 @@ if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE)) throw new Error('Cannot find square root');
		const p1div4 = (P + _1n) / _4n;
		return function sqrt3mod4<T>(Fp: Field<T>, n: T) {
		return function sqrt3mod4<T>(Fp: IField<T>, n: T) {
		const root = Fp.pow(n, p1div4);
		@@ -163,3 +163,3 @@ // Throw if root**2 != n
		const c1 = (P - _5n) / _8n;
		return function sqrt5mod8<T>(Fp: Field<T>, n: T) {
		return function sqrt5mod8<T>(Fp: IField<T>, n: T) {
		const n2 = Fp.mul(n, _2n);
		@@ -210,3 +210,3 @@ const v = Fp.pow(n2, c1);
		// Field is not always over prime, Fp2 for example has ORDER(q)=p^m
		export interface Field<T> {
		export interface IField<T> {
		ORDER: bigint;
		@@ -257,3 +257,3 @@ BYTES: number;
		] as const;
		export function validateField<T>(field: Field<T>) {
		export function validateField<T>(field: IField<T>) {
		const initial = {
		@@ -273,3 +273,3 @@ ORDER: 'bigint',
		// Generic field functions
		export function FpPow<T>(f: Field<T>, num: T, power: bigint): T {
		export function FpPow<T>(f: IField<T>, num: T, power: bigint): T {
		// Should have same speed as pow for bigints
		@@ -290,3 +290,4 @@ // TODO: benchmark!

		export function FpInvertBatch<T>(f: Field<T>, nums: T[]): T[] {
		// 0 is non-invertible: non-batched version will throw on 0
		export function FpInvertBatch<T>(f: IField<T>, nums: T[]): T[] {
		const tmp = new Array(nums.length);
		@@ -310,3 +311,3 @@ // Walk from first to last, multiply them by each other MOD p

		export function FpDiv<T>(f: Field<T>, lhs: T, rhs: T \| bigint): T {
		export function FpDiv<T>(f: IField<T>, lhs: T, rhs: T \| bigint): T {
		return f.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, f.ORDER) : f.inv(rhs));
		@@ -316,3 +317,3 @@ }
		// This function returns True whenever the value x is a square in the field F.
		export function FpIsSquare<T>(f: Field<T>) {
		export function FpIsSquare<T>(f: IField<T>) {
		const legendreConst = (f.ORDER - _1n) / _2n; // Integer arithmetic
		@@ -333,12 +334,20 @@ return (x: T): boolean => {

		// NOTE: very fragile, always bench. Major performance points:
		// - NonNormalized ops
		// - Object.freeze
		// - same shape of object (don't add/remove keys)
		type FpField = Field<bigint> & Required<Pick<Field<bigint>, 'isOdd'>>;
		export function Fp(
		type FpField = IField<bigint> & Required<Pick<IField<bigint>, 'isOdd'>>;
		/**
		* Initializes a galois field over prime. Non-primes are not supported for now.
		* Do not init in loop: slow. Very fragile: always run a benchmark on change.
		* Major performance gains:
		* a) non-normalized operations like mulN instead of mul
		* b) `Object.freeze`
		* c) Same object shape: never add or remove keys
		* @param ORDER prime positive bigint
		* @param bitLen how many bits the field consumes
		* @param isLE (def: false) if encoding / decoding should be in little-endian
		* @param redef optional faster redefinitions of sqrt and other methods
		*/
		export function Field(
		ORDER: bigint,
		bitLen?: number,
		isLE = false,
		redef: Partial<Field<bigint>> = {}
		redef: Partial<IField<bigint>> = {}
		): Readonly<FpField> {
		@@ -396,3 +405,3 @@ if (ORDER <= _0n) throw new Error(`Expected Fp ORDER > 0, got ${ORDER}`);

		export function FpSqrtOdd<T>(Fp: Field<T>, elm: T) {
		export function FpSqrtOdd<T>(Fp: IField<T>, elm: T) {
		if (!Fp.isOdd) throw new Error(`Field doesn't have isOdd`);
		@@ -403,3 +412,3 @@ const root = Fp.sqrt(elm);

		export function FpSqrtEven<T>(Fp: Field<T>, elm: T) {
		export function FpSqrtEven<T>(Fp: IField<T>, elm: T) {
		if (!Fp.isOdd) throw new Error(`Field doesn't have isOdd`);
		@@ -406,0 +415,0 @@ const root = Fp.sqrt(elm);

src/abstract/poseidon.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		// Poseidon Hash: https://eprint.iacr.org/2019/458.pdf, https://www.poseidon-hash.info
		import { Field, FpPow, validateField } from './modular.js';
		import { IField, FpPow, validateField } from './modular.js';
		// We don't provide any constants, since different implementations use different constants.
		// For reference constants see './test/poseidon.test.js'.
		export type PoseidonOpts = {
		Fp: Field<bigint>;
		Fp: IField<bigint>;
		t: number;
		@@ -9,0 +9,0 @@ roundsFull: number;

src/abstract/weierstrass.ts

		@@ -85,4 +85,4 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		// Bytes
		fromBytes: (bytes: Uint8Array) => AffinePoint<T>;
		toBytes: (c: ProjConstructor<T>, point: ProjPointType<T>, compressed: boolean) => Uint8Array;
		fromBytes?: (bytes: Uint8Array) => AffinePoint<T>;
		toBytes?: (c: ProjConstructor<T>, point: ProjPointType<T>, isCompressed: boolean) => Uint8Array;
		};
		@@ -97,4 +97,2 @@
		b: 'field',
		fromBytes: 'function',
		toBytes: 'function',
		},
		@@ -107,2 +105,4 @@ {
		allowInfinityPoint: 'boolean',
		fromBytes: 'function',
		toBytes: 'function',
		}
		@@ -190,2 +190,19 @@ );

		const toBytes =
		CURVE.toBytes \|\|
		((c: ProjConstructor<T>, point: ProjPointType<T>, isCompressed: boolean) => {
		const a = point.toAffine();
		return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));
		});
		const fromBytes =
		CURVE.fromBytes \|\|
		((bytes: Uint8Array) => {
		// const head = bytes[0];
		const tail = bytes.subarray(1);
		// if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');
		const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
		const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
		return { x, y };
		});

		/**
		@@ -287,3 +304,3 @@ * y² = x³ + ax + b: Short weierstrass curve formula
		static fromHex(hex: Hex): Point {
		const P = Point.fromAffine(CURVE.fromBytes(ensureBytes('pointHex', hex)));
		const P = Point.fromAffine(fromBytes(ensureBytes('pointHex', hex)));
		P.assertValidity();
		@@ -571,3 +588,3 @@ return P;
		this.assertValidity();
		return CURVE.toBytes(Point, this, isCompressed);
		return toBytes(Point, this, isCompressed);
		}
		@@ -583,2 +600,3 @@
		return {
		CURVE,
		ProjectivePoint: Point as ProjConstructor<T>,
		@@ -662,4 +680,3 @@ normPrivateKeyToScalar,
		const CURVE = validateOpts(curveDef) as ReturnType<typeof validateOpts>;
		const CURVE_ORDER = CURVE.n;
		const Fp = CURVE.Fp;
		const { Fp, n: CURVE_ORDER } = CURVE;
		const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32
		@@ -1066,7 +1083,6 @@ const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32
		// Implementation of the Shallue and van de Woestijne method for any Weierstrass curve

		// TODO: check if there is a way to merge this with uvRatio in Edwards && move to modular?
		// b = True and y = sqrt(u / v) if (u / v) is square in F, and
		// b = False and y = sqrt(Z * (u / v)) otherwise.
		export function SWUFpSqrtRatio<T>(Fp: mod.Field<T>, Z: T) {
		export function SWUFpSqrtRatio<T>(Fp: mod.IField<T>, Z: T) {
		// Generic implementation
		@@ -1136,3 +1152,3 @@ const q = Fp.ORDER;
		export function mapToCurveSimpleSWU<T>(
		Fp: mod.Field<T>,
		Fp: mod.IField<T>,
		opts: {
		@@ -1139,0 +1155,0 @@ A: T;

src/bls12-381.ts

		@@ -75,3 +75,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		const Fp =
		mod.Fp(
		mod.Field(
		0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn
		@@ -82,3 +82,3 @@ );
		// This particular field is not used anywhere in bls12-381, but it is still useful.
		const Fr = mod.Fp(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);
		const Fr = mod.Field(0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001n);

		@@ -129,3 +129,3 @@ // Fp₂ over complex plane

		const Fp2: mod.Field<Fp2> & Fp2Utils = {
		const Fp2: mod.IField<Fp2> & Fp2Utils = {
		ORDER: FP2_ORDER,
		@@ -339,3 +339,3 @@ BITS: bitLen(FP2_ORDER),

		const Fp6: mod.Field<Fp6> & Fp6Utils = {
		const Fp6: mod.IField<Fp6> & Fp6Utils = {
		ORDER: Fp2.ORDER, // TODO: unused, but need to verify
		@@ -552,3 +552,3 @@ BITS: 3 * Fp2.BITS,

		const Fp12: mod.Field<Fp12> & Fp12Utils = {
		const Fp12: mod.IField<Fp12> & Fp12Utils = {
		ORDER: Fp2.ORDER, // TODO: unused, but need to verify
		@@ -555,0 +555,0 @@ BITS: 2 * Fp2.BITS,

src/bn.ts

		@@ -5,3 +5,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { getHash } from './_shortw_utils.js';
		import { Fp } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		/**
		@@ -16,3 +16,3 @@ * bn254 pairing-friendly curve.
		b: BigInt(3),
		Fp: Fp(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		Fp: Field(BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47')),
		n: BigInt('0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001'),
		@@ -19,0 +19,0 @@ Gx: BigInt(1),

src/ed25519.ts

		@@ -6,3 +6,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { montgomery } from './abstract/montgomery.js';
		import { mod, pow2, isNegativeLE, Fp as Field, FpSqrtEven } from './abstract/modular.js';
		import { mod, pow2, isNegativeLE, Field, FpSqrtEven } from './abstract/modular.js';
		import {
		@@ -9,0 +9,0 @@ equalBytes,

src/ed448.ts

		@@ -5,3 +5,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { twistedEdwards } from './abstract/edwards.js';
		import { mod, pow2, Fp as Field } from './abstract/modular.js';
		import { mod, pow2, Field } from './abstract/modular.js';
		import { montgomery } from './abstract/montgomery.js';
		@@ -8,0 +8,0 @@ import * as htf from './abstract/hash-to-curve.js';

src/jubjub.ts

		@@ -6,3 +6,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { blake2s } from '@noble/hashes/blake2s';
		import { Fp } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';

		@@ -21,3 +21,3 @@ /**
		// Same value as bls12-381 Fr (not Fp)
		Fp: Fp(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		Fp: Field(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
		// Subgroup order: how many points curve has
		@@ -24,0 +24,0 @@ n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),

src/p256.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha256 } from '@noble/hashes/sha256';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

src/p384.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha384 } from '@noble/hashes/sha512';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

src/p521.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { createCurve } from './_shortw_utils.js';
		import { sha512 } from '@noble/hashes/sha512';
		import { Fp as Field } from './abstract/modular.js';
		import { Field } from './abstract/modular.js';
		import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -6,0 +6,0 @@ import * as htf from './abstract/hash-to-curve.js';

src/pasta.ts

		@@ -14,3 +14,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		b: BigInt(5),
		Fp: mod.Fp(p),
		Fp: mod.Field(p),
		n: q,
		@@ -26,3 +26,3 @@ Gx: mod.mod(BigInt(-1), p),
		b: BigInt(5),
		Fp: mod.Fp(q),
		Fp: mod.Field(q),
		n: p,
		@@ -29,0 +29,0 @@ Gx: mod.mod(BigInt(-1), q),

src/secp256k1.ts

		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import { sha256 } from '@noble/hashes/sha256';
		import { randomBytes } from '@noble/hashes/utils';
		import { Fp as Field, mod, pow2 } from './abstract/modular.js';
		import { Field, mod, pow2 } from './abstract/modular.js';
		import { ProjPointType as PointType, mapToCurveSimpleSWU } from './abstract/weierstrass.js';
		@@ -46,3 +46,2 @@ import type { Hex, PrivKey } from './abstract/utils.js';
		const Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
		type Fp = bigint;

		@@ -249,3 +248,3 @@ export const secp256k1 = createCurve(
		],
		].map((i) => i.map((j) => BigInt(j))) as [Fp[], Fp[], Fp[], Fp[]]
		].map((i) => i.map((j) => BigInt(j))) as [bigint[], bigint[], bigint[], bigint[]]
		);
		@@ -252,0 +251,0 @@ const mapSWU = mapToCurveSimpleSWU(Fp, {

_shortw_utils.d.ts.map