@noble/curves - npm Package Compare versions

Comparing version 1.3.0 to 1.4.0

src/package.json

abstract/bls.d.ts

		@@ -72,8 +72,8 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		sign: {
		(message: Hex, privateKey: PrivKey): Uint8Array;
		(message: ProjPointType<Fp2>, privateKey: PrivKey): ProjPointType<Fp2>;
		(message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
		(message: ProjPointType<Fp2>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp2>;
		};
		signShortSignature: {
		(message: Hex, privateKey: PrivKey): Uint8Array;
		(message: ProjPointType<Fp>, privateKey: PrivKey): ProjPointType<Fp>;
		(message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
		(message: ProjPointType<Fp>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp>;
		};
		@@ -80,0 +80,0 @@ verify: (signature: Hex \| ProjPointType<Fp2>, message: Hex \| ProjPointType<Fp2>, publicKey: Hex \| ProjPointType<Fp>, htfOpts?: htfBasicOpts) => boolean;

abstract/hash-to-curve.js

		@@ -6,9 +6,2 @@ "use strict";
		const utils_js_1 = require("./utils.js");
		function validateDST(dst) {
		if ((0, utils_js_1.isBytes)(dst))
		return dst;
		if (typeof dst === 'string')
		return (0, utils_js_1.utf8ToBytes)(dst);
		throw new Error('DST must be Uint8Array or string');
		}
		// Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
		@@ -35,7 +28,3 @@ const os2ip = utils_js_1.bytesToNumberBE;
		}
		function abytes(item) {
		if (!(0, utils_js_1.isBytes)(item))
		throw new Error('Uint8Array expected');
		}
		function isNum(item) {
		function anum(item) {
		if (!Number.isSafeInteger(item))
		@@ -47,5 +36,5 @@ throw new Error('number expected');
		function expand_message_xmd(msg, DST, lenInBytes, H) {
		abytes(msg);
		abytes(DST);
		isNum(lenInBytes);
		(0, utils_js_1.abytes)(msg);
		(0, utils_js_1.abytes)(DST);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -78,5 +67,5 @@ if (DST.length > 255)
		function expand_message_xof(msg, DST, lenInBytes, k, H) {
		abytes(msg);
		abytes(DST);
		isNum(lenInBytes);
		(0, utils_js_1.abytes)(msg);
		(0, utils_js_1.abytes)(DST);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -116,5 +105,5 @@ // DST = H('H2C-OVERSIZE-DST-' \|\| a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
		const { p, k, m, hash, expand, DST: _DST } = options;
		abytes(msg);
		isNum(count);
		const DST = validateDST(_DST);
		(0, utils_js_1.abytes)(msg);
		anum(count);
		const DST = typeof _DST === 'string' ? (0, utils_js_1.utf8ToBytes)(_DST) : _DST;
		const log2p = p.toString(2).length;
		@@ -121,0 +110,0 @@ const L = Math.ceil((log2p + k) / 8); // section 5.1 of ietf draft link above

abstract/utils.d.ts

		@@ -13,2 +13,3 @@ export type Hex = Uint8Array \| string;
		export declare function isBytes(a: unknown): a is Uint8Array;
		export declare function abytes(item: unknown): void;
		/**
		@@ -62,3 +63,3 @@ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
		*/
		export declare const bitSet: (n: bigint, pos: number, value: boolean) => bigint;
		export declare function bitSet(n: bigint, pos: number, value: boolean): bigint;
		/**
		@@ -65,0 +66,0 @@ * Calculate mask for N bits. Not using ** operator with bigints because of old engines.

abstract/utils.js

		"use strict";
		Object.defineProperty(exports, "__esModule", { value: true });
		exports.validateObject = exports.createHmacDrbg = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.utf8ToBytes = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.isBytes = void 0;
		exports.validateObject = exports.createHmacDrbg = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.utf8ToBytes = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.abytes = exports.isBytes = void 0;
		/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		@@ -17,2 +17,7 @@ // 100 lines of code in the file are duplicated from noble-hashes (utils).
		exports.isBytes = isBytes;
		function abytes(item) {
		if (!isBytes(item))
		throw new Error('Uint8Array expected');
		}
		exports.abytes = abytes;
		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -24,4 +29,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
		function bytesToHex(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		abytes(bytes);
		// pre-caching improves the speed 6x
		@@ -87,4 +91,3 @@ let hex = '';
		function bytesToNumberLE(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		abytes(bytes);
		return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
		@@ -146,9 +149,7 @@ }
		const a = arrays[i];
		if (!isBytes(a))
		throw new Error('Uint8Array expected');
		abytes(a);
		sum += a.length;
		}
		let res = new Uint8Array(sum);
		let pad = 0;
		for (let i = 0; i < arrays.length; i++) {
		const res = new Uint8Array(sum);
		for (let i = 0, pad = 0; i < arrays.length; i++) {
		const a = arrays[i];
		@@ -204,5 +205,5 @@ res.set(a, pad);
		*/
		const bitSet = (n, pos, value) => {
		function bitSet(n, pos, value) {
		return n \| ((value ? _1n : _0n) << BigInt(pos));
		};
		}
		exports.bitSet = bitSet;
		@@ -209,0 +210,0 @@ /**

abstract/weierstrass.d.ts

		@@ -26,3 +26,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		};
		type Entropy = Hex \| true;
		type Entropy = Hex \| boolean;
		export type SignOpts = {
		@@ -29,0 +29,0 @@ lowS?: boolean;

abstract/weierstrass.js

		@@ -68,4 +68,3 @@ "use strict";
		const data = typeof hex === 'string' ? h2b(hex) : hex;
		if (!ut.isBytes(data))
		throw new Error('ui8a expected');
		ut.abytes(data);
		let l = data.length;
		@@ -579,3 +578,10 @@ if (l < 2 \|\| data[0] != 0x30)
		const y2 = weierstrassEquation(x); // y² = x³ + ax + b
		let y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		let y;
		try {
		y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		}
		catch (sqrtError) {
		const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
		throw new Error('Point is not on curve' + suffix);
		}
		const isYOdd = (y & _1n) === _1n;
		@@ -807,3 +813,3 @@ // ECDSA
		// extraEntropy. RFC6979 3.6: additional k' (optional).
		if (ent != null) {
		if (ent != null && ent !== false) {
		// K = HMAC_K(V \|\| 0x00 \|\| int2octets(x) \|\| bits2octets(h1) \|\| k')
		@@ -810,0 +816,0 @@ const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is

bls12-381.js

		@@ -1186,3 +1186,3 @@ "use strict";
		const P = Fp.ORDER;
		const half = hex.length / 2;
		const half = value.length / 2;
		if (half !== 48 && half !== 96)
		@@ -1189,0 +1189,0 @@ throw new Error('Invalid compressed signature length, must be 96 or 192');

esm/abstract/hash-to-curve.js

		import { mod } from './modular.js';
		import { bytesToNumberBE, isBytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
		function validateDST(dst) {
		if (isBytes(dst))
		return dst;
		if (typeof dst === 'string')
		return utf8ToBytes(dst);
		throw new Error('DST must be Uint8Array or string');
		}
		import { bytesToNumberBE, abytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
		// Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
		@@ -31,7 +24,3 @@ const os2ip = bytesToNumberBE;
		}
		function abytes(item) {
		if (!isBytes(item))
		throw new Error('Uint8Array expected');
		}
		function isNum(item) {
		function anum(item) {
		if (!Number.isSafeInteger(item))
		@@ -45,3 +34,3 @@ throw new Error('number expected');
		abytes(DST);
		isNum(lenInBytes);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -75,3 +64,3 @@ if (DST.length > 255)
		abytes(DST);
		isNum(lenInBytes);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -111,4 +100,4 @@ // DST = H('H2C-OVERSIZE-DST-' \|\| a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
		abytes(msg);
		isNum(count);
		const DST = validateDST(_DST);
		anum(count);
		const DST = typeof _DST === 'string' ? utf8ToBytes(_DST) : _DST;
		const log2p = p.toString(2).length;
		@@ -115,0 +104,0 @@ const L = Math.ceil((log2p + k) / 8); // section 5.1 of ietf draft link above

esm/abstract/utils.js

		@@ -13,2 +13,6 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		}
		export function abytes(item) {
		if (!isBytes(item))
		throw new Error('Uint8Array expected');
		}
		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -20,4 +24,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
		export function bytesToHex(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		abytes(bytes);
		// pre-caching improves the speed 6x
		@@ -78,4 +81,3 @@ let hex = '';
		export function bytesToNumberLE(bytes) {
		if (!isBytes(bytes))
		throw new Error('Uint8Array expected');
		abytes(bytes);
		return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
		@@ -132,9 +134,7 @@ }
		const a = arrays[i];
		if (!isBytes(a))
		throw new Error('Uint8Array expected');
		abytes(a);
		sum += a.length;
		}
		let res = new Uint8Array(sum);
		let pad = 0;
		for (let i = 0; i < arrays.length; i++) {
		const res = new Uint8Array(sum);
		for (let i = 0, pad = 0; i < arrays.length; i++) {
		const a = arrays[i];
		@@ -185,5 +185,5 @@ res.set(a, pad);
		*/
		export const bitSet = (n, pos, value) => {
		export function bitSet(n, pos, value) {
		return n \| ((value ? _1n : _0n) << BigInt(pos));
		};
		}
		/**
		@@ -190,0 +190,0 @@ * Calculate mask for N bits. Not using ** operator with bigints because of old engines.

esm/abstract/weierstrass.js

		@@ -65,4 +65,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		const data = typeof hex === 'string' ? h2b(hex) : hex;
		if (!ut.isBytes(data))
		throw new Error('ui8a expected');
		ut.abytes(data);
		let l = data.length;
		@@ -575,3 +574,10 @@ if (l < 2 \|\| data[0] != 0x30)
		const y2 = weierstrassEquation(x); // y² = x³ + ax + b
		let y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		let y;
		try {
		y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		}
		catch (sqrtError) {
		const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
		throw new Error('Point is not on curve' + suffix);
		}
		const isYOdd = (y & _1n) === _1n;
		@@ -803,3 +809,3 @@ // ECDSA
		// extraEntropy. RFC6979 3.6: additional k' (optional).
		if (ent != null) {
		if (ent != null && ent !== false) {
		// K = HMAC_K(V \|\| 0x00 \|\| int2octets(x) \|\| bits2octets(h1) \|\| k')
		@@ -806,0 +812,0 @@ const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is

esm/bls12-381.js

		@@ -1183,3 +1183,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		const P = Fp.ORDER;
		const half = hex.length / 2;
		const half = value.length / 2;
		if (half !== 48 && half !== 96)
		@@ -1186,0 +1186,0 @@ throw new Error('Invalid compressed signature length, must be 96 or 192');

esm/index.js

		@@ -1,3 +0,3 @@
		"use strict";
		throw new Error('Incorrect usage. Import submodules instead');
		export {};
		//# sourceMappingURL=index.js.map

package.json

		{
		"name": "@noble/curves",
		"version": "1.3.0",
		"version": "1.4.0",
		"description": "Audited & minimal JS implementation of elliptic curve cryptography",
		@@ -17,3 +17,3 @@ "files": [
		"build": "tsc && tsc -p tsconfig.esm.json",
		"build:release": "cd build; npm install && npm run build",
		"build:release": "cd build && npm i && npm run build",
		"build:clean": "rm .{js,d.ts,d.ts.map,js.map} esm/.{js,d.ts,d.ts.map,js.map} 2> /dev/null",
		@@ -28,7 +28,7 @@ "lint": "prettier --check 'src/*/.{js,ts}' 'test/*.js'",
		"type": "git",
		"url": "https://github.com/paulmillr/noble-curves.git"
		"url": "git+https://github.com/paulmillr/noble-curves.git"
		},
		"license": "MIT",
		"dependencies": {
		"@noble/hashes": "1.3.3"
		"@noble/hashes": "1.4.0"
		},
		@@ -183,2 +183,2 @@ "devDependencies": {
		"funding": "https://paulmillr.com/funding/"
		}
		}

README.md

		@@ -10,11 +10,15 @@ # noble-curves
		- ➰ Short Weierstrass, Edwards, Montgomery curves
		- ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement
		- ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement, hashing to curves
		- 🔖 SUF-CMA, SBS (non-repudiation), ZIP215 (consensus friendliness) features for ed25519
		- #️⃣ hash-to-curve for encoding or hashing an arbitrary string to an elliptic curve point
		- 🧜‍♂️ Poseidon ZK-friendly hash
		- 🪶 178KB for everything, 25KB for single-curve build

		### This library belongs to _noble_ crypto
		For discussions, questions and support, visit
		[GitHub Discussions](https://github.com/paulmillr/noble-curves/discussions)
		section of the repository.

		> noble-crypto — high-security, easily auditable set of contained cryptographic libraries and tools.
		### This library belongs to _noble_ cryptography

		> noble cryptography — high-security, easily auditable set of contained cryptographic libraries and tools.

		- Zero or minimal dependencies
		@@ -26,3 +30,6 @@ - Highly readable TypeScript / JS code
		[curves](https://github.com/paulmillr/noble-curves),
		[hashes](https://github.com/paulmillr/noble-hashes)
		[hashes](https://github.com/paulmillr/noble-hashes),
		[post-quantum](https://github.com/paulmillr/noble-post-quantum),
		4kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
		[ed25519](https://github.com/paulmillr/noble-ed25519)
		- [Check out homepage](https://paulmillr.com/noble/)
		@@ -43,3 +50,3 @@ for reading resources, documentation and apps built with noble
		import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
		// import { secp256k1 } from 'npm:@noble/curves@1.2.0/secp256k1'; // Deno
		// import { secp256k1 } from 'npm:@noble/curves@1.4.0/secp256k1'; // Deno
		```
		@@ -95,2 +102,4 @@

		We support P256 (secp256r1), P384 (secp384r1), P521 (secp521r1).

		#### ECDSA public key recovery & extra entropy
		@@ -244,3 +253,3 @@

		See [abstract/bls](#abstractbls-barreto-lynn-scott-curves).
		See [abstract/bls](#bls-barreto-lynn-scott-curves).

		@@ -612,2 +621,8 @@ #### All available imports

		// Use custom DST, e.g. for Ethereum consensus layer
		const htfEthereum = {DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_'};
		const signatureEth = bls.sign(message, privateKey, htfEthereum);
		const isValidEth = bls.verify(signature, message, publicKey, htfEthereum);
		console.log({ signatureEth, isValidEth });

		// Sign 1 msg with 3 keys
		@@ -765,3 +780,3 @@ const privateKeys = [
		`hashToPrivateScalar()` that hashes to private key was created for this purpose.
		Use [abstract/hash-to-curve](#abstracthash-to-curve-hashing-strings-to-curve-points)
		Use [abstract/hash-to-curve](#hash-to-curve-hashing-strings-to-curve-points)
		if you need to hash to public key.
		@@ -768,0 +783,0 @@

src/abstract/bls.ts

		@@ -86,8 +86,8 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		sign: {
		(message: Hex, privateKey: PrivKey): Uint8Array;
		(message: ProjPointType<Fp2>, privateKey: PrivKey): ProjPointType<Fp2>;
		(message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
		(message: ProjPointType<Fp2>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp2>;
		};
		signShortSignature: {
		(message: Hex, privateKey: PrivKey): Uint8Array;
		(message: ProjPointType<Fp>, privateKey: PrivKey): ProjPointType<Fp>;
		(message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
		(message: ProjPointType<Fp>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp>;
		};
		@@ -94,0 +94,0 @@ verify: (

src/abstract/hash-to-curve.ts

		@@ -5,3 +5,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		import type { CHash } from './utils.js';
		import { bytesToNumberBE, isBytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';
		import { bytesToNumberBE, abytes, concatBytes, utf8ToBytes, validateObject } from './utils.js';

		@@ -26,8 +26,2 @@ /**

		function validateDST(dst: UnicodeOrBytes): Uint8Array {
		if (isBytes(dst)) return dst;
		if (typeof dst === 'string') return utf8ToBytes(dst);
		throw new Error('DST must be Uint8Array or string');
		}

		// Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
		@@ -57,6 +51,3 @@ const os2ip = bytesToNumberBE;

		function abytes(item: unknown): void {
		if (!isBytes(item)) throw new Error('Uint8Array expected');
		}
		function isNum(item: unknown): void {
		function anum(item: unknown): void {
		if (!Number.isSafeInteger(item)) throw new Error('number expected');
		@@ -75,3 +66,3 @@ }
		abytes(DST);
		isNum(lenInBytes);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -110,3 +101,3 @@ if (DST.length > 255) DST = H(concatBytes(utf8ToBytes('H2C-OVERSIZE-DST-'), DST));
		abytes(DST);
		isNum(lenInBytes);
		anum(lenInBytes);
		// https://www.rfc-editor.org/rfc/rfc9380#section-5.3.3
		@@ -149,4 +140,4 @@ // DST = H('H2C-OVERSIZE-DST-' \|\| a_very_long_DST, Math.ceil((lenInBytes * k) / 8));
		abytes(msg);
		isNum(count);
		const DST = validateDST(_DST);
		anum(count);
		const DST = typeof _DST === 'string' ? utf8ToBytes(_DST) : _DST;
		const log2p = p.toString(2).length;
		@@ -153,0 +144,0 @@ const L = Math.ceil((log2p + k) / 8); // section 5.1 of ietf draft link above

src/abstract/utils.ts

		@@ -26,2 +26,6 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /

		export function abytes(item: unknown): void {
		if (!isBytes(item)) throw new Error('Uint8Array expected');
		}

		// Array where index 0xf0 (240) is mapped to string 'f0'
		@@ -35,3 +39,3 @@ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>
		export function bytesToHex(bytes: Uint8Array): string {
		if (!isBytes(bytes)) throw new Error('Uint8Array expected');
		abytes(bytes);
		// pre-caching improves the speed 6x
		@@ -91,3 +95,3 @@ let hex = '';
		export function bytesToNumberLE(bytes: Uint8Array): bigint {
		if (!isBytes(bytes)) throw new Error('Uint8Array expected');
		abytes(bytes);
		return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
		@@ -144,8 +148,7 @@ }
		const a = arrays[i];
		if (!isBytes(a)) throw new Error('Uint8Array expected');
		abytes(a);
		sum += a.length;
		}
		let res = new Uint8Array(sum);
		let pad = 0;
		for (let i = 0; i < arrays.length; i++) {
		const res = new Uint8Array(sum);
		for (let i = 0, pad = 0; i < arrays.length; i++) {
		const a = arrays[i];
		@@ -202,5 +205,5 @@ res.set(a, pad);
		*/
		export const bitSet = (n: bigint, pos: number, value: boolean) => {
		export function bitSet(n: bigint, pos: number, value: boolean) {
		return n \| ((value ? _1n : _0n) << BigInt(pos));
		};
		}

		@@ -207,0 +210,0 @@ /**

src/abstract/weierstrass.ts

		@@ -30,3 +30,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /

		type Entropy = Hex \| true;
		type Entropy = Hex \| boolean;
		export type SignOpts = { lowS?: boolean; extraEntropy?: Entropy; prehash?: boolean };
		@@ -162,3 +162,3 @@ export type VerOpts = { lowS?: boolean; prehash?: boolean };
		const data = typeof hex === 'string' ? h2b(hex) : hex;
		if (!ut.isBytes(data)) throw new Error('ui8a expected');
		ut.abytes(data);
		let l = data.length;
		@@ -738,3 +738,9 @@ if (l < 2 \|\| data[0] != 0x30) throw new E('Invalid signature tag');
		const y2 = weierstrassEquation(x); // y² = x³ + ax + b
		let y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		let y: bigint;
		try {
		y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
		} catch (sqrtError) {
		const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
		throw new Error('Point is not on curve' + suffix);
		}
		const isYOdd = (y & _1n) === _1n;
		@@ -977,3 +983,3 @@ // ECDSA
		// extraEntropy. RFC6979 3.6: additional k' (optional).
		if (ent != null) {
		if (ent != null && ent !== false) {
		// K = HMAC_K(V \|\| 0x00 \|\| int2octets(x) \|\| bits2octets(h1) \|\| k')
		@@ -980,0 +986,0 @@ const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is

src/bls12-381.ts

		@@ -1367,3 +1367,3 @@ /! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /
		const P = Fp.ORDER;
		const half = hex.length / 2;
		const half = value.length / 2;
		if (half !== 48 && half !== 96)
		@@ -1370,0 +1370,0 @@ throw new Error('Invalid compressed signature length, must be 96 or 192');

abstract/bls.d.ts.map